Intro to Cybersecurity Flashcards
4 types of assets
- hardware
- software
- data
- communication links
7 steps of the design process
1) ID assets
2) ID stakeholders
3) ID adversaries
4) define attack surface
5) research each path of attack surface
6) design solutions for each path
7) analyze the proposed solution (effectiveness and whether its worthwhile)
5 components of the NICE Framework
- Identify
- Protect
- Detect
- Respond
- Recover
NICE Framework - Identify
ID your situation (id assets, stakeholders, adversaries, and attack surface)
NICE Framework - Protect
design, analyze, implement and pen test solutions
NICE Framework - Detect
constantly monitor both external and internal signals to allow for timely detection
NICE Framework - Respond
what is the response protocol (what actions do you take) when something is detected
NICE Framework - Recovery
- contain the damage
- assess the damage
- follow a recovery strategy
Equation for Caesar’s Cipher and number of possible keys
c = (m + k) mod 26
26 possible keys
brute force cost for breaking cipher
[#of possible keys * (cost per decryption attempt + cost of verification)] / parallelization factor
Affine Cipher equation and number of possible keys
c = am + b
m = (c-b) * a**-1 mod 26
26 x 12 = 312 because phi(26) = 12 so then there are 26 possible values for b and 12 possible values for a
Shannon’s Principles (3)
- define the objective in a rigorous manner
- determine your assumptions
- prove that your methods satisfy the objective given the stated assumptions
equation and assumptions for one-time pad
c = m (XOR) k
- m and k are encoded in binary
- k is never recycled
- the key is sampled from a uniform random distribution (its truly random)
DES specifications
key size: 56 bits
message size: 64 bit blocks
# of rounds: 16
key size is TOO small susceptible to brute forcing
Meet-in-the-middle attack
for a double DES with keys k1 and k2.
A brute force decryption of m for all possible k1 is done in parallel to a brute force decrpytion of c for all possible k2.
adversary then can verify by looking for where Enc(m, k1) = Dec(c, k2)
Since the encrpytion and decryption are done in parallel, we only get 257 bits of security (2 * 256)
Breaking Triple DES
assume the output of DES #1 is z1 and the output of DES #2 is z2
Do a brute force encryption of m for all k1 to obtain all possible z1 and brute force decryption of c for all k3 to get all possible z2 (2**57)
Then for each of the 2**56 z1 we have to a do a brute force encryption for all k2. (done in series with the brute forcing to obtain all z1)
257 * 256 = 2**113
AES specifications
key size: 256 bits
block size: 128 bits
rounds: 14
How to encrypt with CBC
IV (XOR) b1 then encrypt to produce c1.
c1 (XOR) b2 then encrypt to produce c2
and so on
how to decrypt CBC
decrypt c2 and then
c2 (XOR) c1 to get b2
in parallel
decrypt c1 and then
c1 (XOR) IV to get b1
how to encypt in Counter mode
Enc(IV) (XOR) b1 = c1
Enc(IV + 1) (XOR) b2 = c2
decrypt in Counter mode
Enc(IV) (XOR) c1 = b1`
Enc(IV + 1) (XOR) c2 = b2
2 Downsides of CBC
- encryption is done in series which makes it MUCH slower
- errors propagate through
1 Downside of counter mode
-since blocks are encrypted in parallel, the sender and receiver of the message need to be synchronized. Without synchronization there is no way to ensure that encrypted blocks are received in the correct order
3 benefits of Counter mode
- only need 1 function to encrypt and decrypt (because they are done the same way)
- parallel encryption prevents the propagation of errors
- all of the values Enc(IV + i) can be pre-computed!
what is a stream cipher?
produce a “stream” of bits from a PRNG using a true random seed (denoted tr) (each bit from the PRNG is denoted as pr) and do
c= m (XOR) pr
THEY ARE SUPER FAST
How to do CBC Mac
do CBC as with encryption but only keep the last ci that is generated as the tag
what is the Merkle-Damgard approach?
its a paradigm used to create collision resistant hash functions
h represents a compression function (take two inputs and output something that is the length of one of the inputs)
h(IV, m1) = z1 and then
h(z1, m2) = z2
h(z2, (m2 || padding)) = hash function digest
HMAC equation
H’(k0 || H(m || ki))
- H & H’ are cryptographic hash functions
- k0 and ki are two keys derived from k (typically 256-bits) that have been XOR with two carefully selected prime numbers that are constants
3 different ways to combine encryption and integrity
- MAC then Enc (generate tag from plaintext and then encrypt m || t and send only the ciphertext)
- Enc then MAC (generate tag from ciphertext and send ciphertext and tag)
- Enc and MAC in parallel (generate tag from plaintext and send off tag and ciphertext)
What is the benefit of encrypt then MAC?
The system receiving the message does not perform decrpytion until the message has been verified. As a result, we stop the chosen ciphertext adversary because if they try to feed some ciphertext into our system (to see the decrpyted output) the verification will fail (because they cannot generate a valid tag) and they will not be able to see the resulting decryption. This elevates the confidentiality of our system
How does Kerberos key exchange work?
Person A sends a request to the KDC (it include a random nonce N)
the KDC (using a master key that both it and A have denoted ka) replies back with Enc[ka](ks, N, Enc[kb](IDb, ks)) ks = the session key generated by the KDC N = the nonce sent to the KDC by A (prevents a replay attack) kb = the master key of Person B IDb = the ID of person B Enc[kb](IDb, ks) = the "ticket"
Person A sends the ticket to Person B. Person B can use their master key kb to decrypt the ticket and get the session key ks. Since B is able to decrypt the ticket, B knows that it must have come from the KDC.
Person B sends Encks to Person A. If person A is able to decrpyt this message, then A knows that it must have come from B because encrypting with the proper ks implies that the sender has kb (i.e. decrpyted the ticket)
Then communication continues using ks
What is the discrete logarithm?
k = log[a]b mod N
given a, b and N, find k
what is Diffie-Hellman?
a “key exchange” method in which both side derive the key independently
A and B have secret values xa and xb respectively. Assume there are two agreed upon prime numbers P and G such that xa < P and xb < P
A and B also have public values Ya and Yb such that
Ya = gxa mod P and Yb = gxb mod P
A and B then exchange their public values with one another.
A can derive a secret key k = Ybxa
B can derive the same secret key k = Yaxb
Ybxa = Yaxb
Issues with diffie-hellman?
- it relies on the assumption that the discrete logarithm is a difficult problem (it is not always difficult)
- the communication channel between A and B does not have any form of authentication making it succeptible to man-in-the-middle attacks
RSA setup
- pick two prime numbers p and q
- generate N = pq (where N is at least 2048 bits in size)
- phi(N) = (p-1)(q-1)
- e is a number coprime with phi(N) (aka the only prime number that both are divisible by is 1) (e is normlly 65537)
- define d such that (e*d) mod phi(N) = 1
Enc(m) = m**e mod N = c Dec(c) = m**d mod N = m
public key (e, N) private key (d, N)
4 issues with RSA
- integer factorization is not diffiucult for quantum computers [has O(n) complexity]
- the performance is terrible because m**e is a HUGE number and then mod N (which is also huge) is also an expensive operation
- since encryption is done in parallel the ordering of the block is difficult to manage
- having to frequently call the PRNG for OAEP padding drains the entropy pool
Concept of digital signatures using RSA
what if I could show that I am the sender of a given message in way that my signature is completely unique to me but anyone can verify that it is in fact my signature.
In other words a valid signature (denoted sigma)-message pair should only be able to generated if my RSA private key value d is known
Equation for generating digital signatures
Sign Message
sigma = H(m)**d mod N
Verify Signature
sigma**e mod N = H(m)
3 authentication types
What you know = passwords
What you have = some object
Who you are = biometrics
