Security Engineering Flashcards
What is one the fundamental concepts of a security model?
Focus on defining interactions between subjects and objects at a particular moment in time.
In a security model, what is a subject?
A subject in an active entity (users).
In a security model, what is an object?
An object in a passive entity (data).
_______ and _______ properties descibe what a subject can do to an object.
Star and Simple
Star [*] and SImple properties imply what?
Star implies “write”
Simple implies “read”
The goal of the Bell-LaPadula security model is what?
Confidentiality
The goal of the Biba security model is what?
Integrtiy
Name some types of well-known security models?
- State Machine Model
- Multilevel Lattice Models
- Noninterference Model
- Matrix-based Models
- Information Flow Models
Provide a simple explanation of a ‘State Machine Model’.
Describes a system at a point in time and describes the behaviour of a system as it moves from one state to another and from one moment to another.
Provide a simple explanation of a ‘Multilevel Lattice Model’.
A multilevel security model that describes strict layers of subjects and objects and defines clear rules that allow or disallow interactions between them based on the layers they are in. For example - Secret, Confidential and Unclassified.
The clearance of the subject is compared with the classification of the data to determine access and also look at what the subject is trying to do to determine whether access should be allowed.
Provide a simple explanation of a ‘Matrix-based Models’.
Matrix-based models focus on one-to-one relationships between subjects and objects. An access control matrix is a two-dimensional table that allows for individual subjects and objects to be related to each other - subjects down the left-hand side and all resources and functions across the top
What type of security model is Bell-LaPadula and Biba?
Lattice-based Security Model
Can you define ‘Integrity’ from the CIA triad in InfoSec?
In information security, data integrity means maintaining and assuring the accuracy and completeness of data over its entire life-cycle.
Can you define ‘Availability’ from the CIA triad in InfoSec?
For any information system to serve its purpose, the information must be available when it is needed.
Can you define ‘Confidentiality’ from the CIA triad in InfoSec?
In information security, confidentiality “is the property, that information is not made available or disclosed to unauthorized individuals, entities, or processes”
The CIA triad of confidentiality, integrity, and availability is at the heart of information security. What other principles could be included to extend this classic trio?
Accountability and Non-repudiation
In law, non-repudiation implies one’s intention to fulfil their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction.
What are the Simple and Star rules for the Bell-LaPadula model?
- Simple - No read up
- A subject cannot read data at a higher security level. - Star - No write down
- A subject cannot write information to a lower security level
What are the Simple and Star rules for the Biba model?
- Simple - No read down
- A subject cannot read data at a lower security level. - Star - No write up
- A subject cannot write information to a higher security level
What is the ISO 15288 standard?
The ISO/IEC 15288 is a Systems Engineering standard covering processes and lifecycle stages.
In the ISO 15288 standard defines processes divided into four categories. What are they?
- Agreement
- Organisational Project Enabling
- Technical Management and Design
- Enterprise
What is the NIST SP 800-14?
Generally Accepted Principles and Practices for Securing Information Technology Systems.
What is the ISO 15408?
The standard for ‘The Common Criteria’
What is ‘The Common Criteria’ certification all about?
It is about the verification and validation of the claims that the vendor is making with regards to the security capabilities of their product.
What is the NIST SP 800-27?
Engineering Principles for IT Security (A Baseline for Achieving Security).
What are the five lifecycle planning phases in NIST SP 800-27?
- Initiation
- Development Acquisition
- Implementation
- Operation and Maintenance
- Disposal
What is the ISO 2187:2008?
System Security Engineering Capability Maturing Model Standard (SSE-CMM).
What is the difference between multitasking and multithreading?
Multitasking is the ability for a system to engage in more than one activity. Multithreading is a CPUs ability to process more than one request at the same time.
Name four things the system kernel is responsible for?
- Loads and runs binary programs.
- Schedules task swapping
- Allocates memory
- Tracks physical location of files on the hard drive
Can you list some security frameworks that cover security architecture?
- Zachman Framework
- a framework that allows us to understand how to do security architecture and security design. It is an enterprise ontology and is a fundamental structure for Enterprise Architecture which provides a formal and structured way of viewing and defining an enterprise. - SABSA (Sherwood Applied Business Security Architecture)
- a framework and methodology for enterprise security architecture and service management. It was developed independently from the Zachman Framework, but has a similar structure. - TOGAF (The Open Group Architecture Framework)
- a framework for enterprise architecture that provides an approach for designing, planning, implementing, and governing an enterprise information technology architecture. TOGAF is a high-level approach to design. It is typically modelled at four levels: Business, Application, Data, and Technology. It relies heavily on modularization, standardization, and already existing, proven technologies and products.
What is ITIL?
IT Infrastructure Library
- a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business.
What are the five volumes of ITIL?
- Service Strategy: understands organizational objectives and customer needs.
- Service Design: turns the service strategy into a plan for delivering the business objectives.
- Service Transition: develops and improves capabilities for introducing new services into supported environments.
- Service Operation: manages services in supported environments.
- Continual Service Improvement: achieves services incremental and large-scale improvements.
Which security model is a combination of Bell LaPadula and Biba models but includes the idea of job functions or roles in novel way to protect both confidentiality and integrity?
Lipner Model
The Clark-Wilson Integrity Model improves on the Biba security model by addressing the three major goal of integrity. What are they and what does TLC refer to?
- Preventing unauthorised users from making modifications to data and programs.
- Preventing authorised users from making improper or unauthorised modifications.
- Maintaining internal and external consistency of data and programs.
TLC stands for…
- Tampered
- Logged
- Consistency
What does the acronym TCSEC stand for, and what is it commonly referred to?
Trusted Computer System Evaluation Criteria. Also commonly referred to as the “Orange Book”. This sets the basic standards for the implementation of security protections in computing systems.
Can you list some security evaluation models?
- Information Technology Security Evaluation Criteria (ITSEC)
- The Common Criteria
- ISO/IEC 27001 and 27002 Security Standards.
- Control objects for Information and Related Technology (COBIT)
- Payment Card Industry Data Security Standard (PCI-DSS)
PCI-DSS is a law specific to each country. True or False?
False. It is an information security standard for organizations that handle branded credit cards from the major card schemes.
At a high-level, step-by-step process of identity access?
Identify –> Authenticate –> Authorise
What are the two distinct access control states of the CPU?
- Supervisory state - often referred to as kernel mode.
2. Problem state - often referred to as user mode.
What is a state attack or race condition?
Attacks that take advantage of how a system is able to process or handle multiple requests.
What is white space, or slack space, on a hard drive?
This is the area of the hard drive we can store information but is not available to the file system.
What are the 5 essential characteristics of Cloud Computing?
- On-demand Self-service
- Broad Network Access
- Resource Pooling
- Rapid Elasticity
- Measured Service
Do you have an understanding of what Kerckhoffs’s principle is?
A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
In cryptography, define what “key clustering” is?
Different encryption keys generate the same ciphertext from the same plaintext message.
This is bad! It could allow an attacker to find patterns that could lead to discovering one or more keys.
Can you define “Synchronous” encryption?
Synchronous encryption is where the encrypt and decrypt functions are being performed immediately.
Can you define “Asynchronous” encryption?
Asynchronous encryption is where the encrypt and decrypt requests are processed in queues.
What is a “hash” function?
A hash function is a one-way mathematical operation that reduces a message or data file into a smaller fixed length output, or hash value.
Hashing is about providing data integrity, NOT confidentiality!
What are digital signatures?
A message is input into a hash function. Then the hash value is encrypted using the private key of the sender. The result of these two steps yields a digital signature.
Digital signatures provide authentication of a sender and integrity of a sender’s message.
What does “Moore’s Law” state?
Moore’s Law is the observation that the number of transistors in a dense integrated circuit doubles approximately every two years.
What is “Symmetric” encryption?
Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext (private key).
What is “Asymmetric” encryption?
Public key cryptography, or asymmetrical cryptography, is any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. This accomplishes two functions: authentication, which is when the public key is used to verify that a holder of the paired private key sent the message, and encryption, whereby only the holder of the paired private key can decrypt the message encrypted with the public key.
What is a digital certificate?
A digital certificate is used to identify the certificate holder when conducting electronic transactions.
What is a certificate authority (CA)?
A CA is an entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates.
In the context of hashing, what is a collision and is this a good or bad outcome?
Collisions occur when a hash function generates the same output for different inputs.
Not good.
In cryptography, what is an “initialisation vector” (IV)?
In cryptography, an initialization vector (IV) or starting variable (SV) is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom.
What are the two types of encryption solutions typcially used?
- Block based ciphers
2. Stream based ciphers
There are a number cipher modes, but what is Electronic Code Book (ECB) cipher mode?
The simplest of the encryption modes is the Electronic Codebook (ECB) mode (named after conventional physical Codebooks). The message is divided into blocks, and each block is encrypted separately.
What is the purpose of cipher modes?
The purpose of cipher modes is to mask patterns which exist in encrypted data.
What is the disadvantage of the ECB cipher mode?
The disadvantage of the ECB cipher mode is that identical plaintext blocks are encrypted into identical ciphertext blocks; thus, it does not hide data patterns well. In some senses, it doesn’t provide serious message confidentiality, and it is not recommended for use in cryptographic protocols at all.
What is Cipher Block Chaining (CBC) mode encryption?
In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to that point. To make each message unique, an initialization vector must be used in the first block.
Ehrsam, Meyer, Smith and Tuchman invented the Cipher Block Chaining (CBC) mode of operation in 1976.
N.B. This method can potentially create an avalanche effect because the any error in the encryption could potentially propergate all the way through the system.
What is Cipher Feedback (CFB) mode encryption?
In CFB mode, the cipher is used as a key-stream generator rather than for confidentiality. Each block of keystream comes from encrypting the previous block of ciphertext.
The CFB mode, a close relative of CBC, makes a block cipher into a self-synchronizing stream cipher. Operation is very similar; in particular, CFB decryption is almost identical to CBC encryption performed in reverse.
What is Output Feedback (OFB) mode encryption?
In OFB mode, the keystream is generated indenpendently of the message.
The Output Feedback (OFB) mode makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext.
Just as with other stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the plaintext at the same location. This property allows many error correcting codes to function normally even when applied before encryption.
What is Counter (CTR) mode encryption?
Like OFB, Counter mode turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a “counter”.
CTR the formaula Encrypt (Base+N) as a keystream generator, where Base is the starting 64-bit number and N is a simple incrementing function.
Other than “block” and “stream” based ciphers, what other cipher types are there?
Null, Substitution and Transposition ciphers.
Is symmetric encrption typicaly fast or slow?
Answer: Fast
Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. This requirement that both parties have access to the secret key is one of the main drawbacks of symmetric key encryption.
Name some symmetric algorithms?
DES, 3DES (Triple DES), Blowflish, RC2 (2 to 6), AES (Advanced Encryption Standard)
What are popular encryption key lengths?
56 (DSE), 64, 128, 192, 256 bit keys
What is Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) and where is it used.
CCMP is an authentication protocol and encryption solution that is used in 802.11i wireless standards.
What is “Asymmetric” encryption?
Public key cryptography, or asymmetrical cryptography, is any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. This accomplishes two functions: authentication, which is when the public key is used to verify that a holder of the paired private key sent the message, and encryption, whereby only the holder of the paired private key can decrypt the message encrypted with the public key.
What is the major problem with asymmetric encryption?
A large amount of computation is required, and therefore the amount of time taken, to encrypt and decrypt a message compard to symmetric ciphers.
What are the two types of secure FTP?
- SFTP (Secure FTP over SSH)
2. FTPS (FTP over SSL/TLS)
What is Secure Authentication Markup Language (SAML)?
SAML is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. Beyond what its name suggests, SAML is each of the following:
- An XML-based markup language (for assertions etc.)
- A set of XML-based protocol messages
- A set of protocol message bindings
- A set of profiles (utilizing all of the above)
What is SAML mainly used for?
The single most important use case that SAML addresses is web browser single sign-on (SSO).
What are the three primary purposes of the Public Key Infrastructure (PKI)?
- Publish public keys/certificates
- Certify that a key is tied to an individual or entity
- Provide verification of the validity of a public key
What is the CA hierarchy of PKI?
A Root CA at the top and then an intermediate and subordinate CA below allows the Root CA to be isolated from the rest of the network.
Can you think of any problems with the Public Key Infrastructue?
- Compromised root CA (hacked)
- Fraudulently issued certificate
- Certificate revocation (CRL or OCSP)
- Key Managment, such as key backu and secure storage
What are the different stages of the key lifecycle?
- Creation
- Distribution
- Installation
- Storage
- Renewal
- Secure
- Disposal
What does XML stand for and what is it?
XML (Extensible Markup Language) is a flexible data framework thsat allows applications to communicate on the internet. It is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable through use of tags that can be created and defined by users.
The design goals of XML emphasize simplicity, generality, and usability across the Internet.
It is a textual data format with strong support via Unicode for different human languages. Although the design of XML focuses on documents, the language is widely used for the representation of arbitrary data structures such as those used in web services.
What is XML Key Management Specification 2.0 (XKMS)?
A specification that defines protocols for distributing and registering public keys, suitable for use in conjunction with XML Digital Signatures and XML Encryption.
What is a digital signature?
A digital signature is a block of data (a pattern of bits, usually a hash) that is based on the contents of the message sent.
A digital signature is a mathematical scheme for demonstrating the authenticity of digital messages or documents. A valid digital signature gives a recipient reason to believe that the message was created by a known sender (authentication), that the sender cannot deny having sent the message (non-repudiation), and that the message was not altered in transit (integrity).
A digital signature scheme typically consists of 3 algorithms. What are they?
- A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key.
- A signing algorithm that, given a message and a private key, produces a signature.
- A signature verifying algorithm that, given the message, public key and signature, either accepts or rejects the message’s claim to authenticity.
A hash code is the same as a message digest? True/False?
True
Please list some common hashing algorithms?
MD5, SHA1, SH2, SHA3, HAVAL, Tiger
What is primary purpose of hashing?
Hashing provides integrity by being unique, like a fingerprint.
What is hashing typically used for?
Message Digest, Storing Passwords, Data Integrity Check, Digital Signatures, Message Authentication Code (HMAC and CBC-MAC).
What is a Hash-based Message Authentication Code?
In cryptography, a keyed-hash message authentication code (HMAC) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic (symmetric) key. It may be used to simultaneously verify both the data integrity and the authentication of a message, as with any MAC.
List the three main bock ciphers?
DES, 3DES and AES (Advanced Encryption Standard)
List some other block ciphers?
IDEA, Blowfish, RC5, RC6, Skipjack Twofish, CAST.
What is the block size and key size of DES (Data Encryption Standard)?
Block size: 64 bits
Key Size: 56 bits
What is the block size and key size of 3DES (Data Encryption Standard)?
Block size: 64 bits
Key Size: variable key sizes (can use 2/3 keys)
How many rounds of substitution and diffusion does 3DES go through?
3DES goes through 48 rounds of substitution and diffusion.
What is the block size and key size of AES (Advanced Encryption Standard)?
Block size: 128 bits
Key size: variable key sizes (128/192/256)
How many rounds of substitution and diffusion does AES go through?
AES goes through 10/12/14 rounds of substitution and diffusion.
What algorithm does AES use?
Rijndael Algorithm
Define what a cipher is?
A cipher is a technique or set of rules that transforms cleartext (plaintext) into an unreadable form (ciphertext or cryptogram) and back to cleartext.
A key, or _____________, is a value used with an algorithm.
Cryptovariable
In cryptography, what is a keyspace?
A keyspace is the number of possible key combinations.
Can you list four asymmetric algorithms?
- Diffe-Hellman-Merke
- RSA (Rivest, Shamir-Adleman
- El Gamel
- ECC (Elliptic Curve Cryptography)
ECC is the current U.S. Government standard
Can you describe what types of encryption are being used when using a hybrid system? Use the scenario where Bob wants to send Alice a secure message, but they are geographically distant from each other.
A message is sent from Bob to Alice using a symmetric cipher (which is this case is a “session key”) which encrypts the message. To decrypt, the same session key has to be used.
The challenge is getting the session key to Alice securely.
Bob uses an asymmetric cipher AND Alice’s public key to encrypt the session key. Alice then uses her private key to decrypt the session key, which she then uses to decrypt the original message.
For the Secure Hash Algorithm (SHA) what are included in the SHA-2 family?
SHA-224, SHA-256, SHA-384 and SHA-512
Which hashing algorithms have been shown to be subject to collision attacks?
MD5, SHA-1 and Haval
What is a “salt” in the context of hashing?
A “salt” is a process that adds a random string to what is being hashed before the hashing process. It makes the hash value harder to crack.
Digital signatures require two algorithms. What are they?
- Hashing Algorithm (SHA-x)
2. Digital signature function, such as RSA or DSA (Digital Signature Algorithm)
A message can be “hashed”, which provides for __________.
integrity
A message can be “digitally signed”, which provides for __________ and __________.
nonrepudiation and integrity
A message can be “encrypted”, which provides for __________.
confidentiality
A message can be “encrypted” and “digitally signed”, which provides for __________.
confidentiality, nonrepudiation and integrity
What is a “digital certificate”?
A digital certificate is an electronic “passport” that identifies a person, device, organisation, or publisher (code).
What is x.509 v3?
Digital certificate standard
What is the role of the Certificate Authority (CA)?
The role of the CA is to issue and revoke certificates.
The Registration Authority (RA) is ____________.
Administrative
Which type of certificate “enforces” both CRL and OCSP?
Extended Validation (EV) Certificates
Information flow is vulnerable to eavesdropping and packet capture, which is a violation of ___________.
Confidentiality
Information flow is vulnerable to tampering, which is a violation of ___________.
Integrity
Information flow is vulnerable to spoofing and misrepresentation, which is a violation of ___________.
Authentication, integrity and availability.
What is encrypted when deploying link encryption?
All control information (headers, trailers and routing information) is encrypted along with the payload.
What is encrypted when deploying end-to-end encryption?
Only the payload is encrypted as the packets may route over a public network (internet).
List some common cryptographic protocols?
SSL/TLS, HTTPS, FTPS, SSH, SFTP, S/MIME (Secure email communications)
What is IPsec?
IPsec is a suite of protocols that use cryptographic security services to protect communications over the Internet Protocol (IP) networks.
What are the characteristics of IPsec?
- Native to IPv6
- Supports authentication, message integrity, encryption and nonrepudiation
- Operates in transport mode (end-to-end) or tunnel mode (link)
What are the different components of IPsec?
- Authentication Header (AH)
- Encapsulating Security Payload (ESP)
- Internet Key Exchange (IKE)
- Security Association (SA)
- Security Parameter Index (SPI)
What is the function of the AH component of IPsec?
The Authentication Header (AH) provides integrity, origin authentication, and protects from replay attacks using HMAC.
What is the function of the IKE component of IPsec?
Device Authentication and establishing Security Association.
What is the function of the SA component of IPsec?
A negotiation that includes the algorithms that will be used (hashing and encryption), key length and key information.
In Cryptanalysis, how is “workfactor” calculated?
time + effort = workfactor
List some common cryptanalytic attacks?
- Ciphertext-only
- Known Plaintext
- Chosen Plaintext
- Chosen Ciphertext
What are the two primary ways to attack hash functions?
- Collision (Brute force)
2. Rainbow (Cryptanalysis - comparing hashes with precomputed hashes)
What are the common key attacks?
- Brute Force
- Dictionary
- Frequency
- Differential
What is a “frequency” key attack?
In a frequency key attack, an attacker is looking for patterns to reveal the key.
What is a “differential” key attack?
in a differential key attack, an attacker measures execution time and processing power. The work factor for this type of attack is significant.
With database integrity, when do concurrency issues arise?
When a database is simultaneously accessed by subjects and other objects.
What are the ACID characteristics for online transaction processing (OLTP)?
OLTP is generally used when databases are clustered to provide fault tolerance and real-time performance.
- Atomicity
- Consistency
- Isolation
- Durability
What does “atomicity” mean in relation to the ACID characteristics?
Transactions must be implemented in their entirety, or they must be completely rolled back.
What does “isolation” mean in relation to the ACID characteristics?
Transactions must not interact with other transactions until completed.
List the three transaction recovery characteristics for database availability?
- Rollback
- operation that ends the a corrupt or invalid transaction, cancels the changes to the database, and logs the error - Checkpoint
- known good point from which the database can recover using the transaction log - Savepoints
- temporary backup files
There are confidentiality concerns with database access controls. Some are quite generic to file system access controls, such as:
- Need-to-know
- Least Privilege
- Content Access Control
- Context Access Control
But what are the two characteristics that are specific to databases?
- Cell Suppression
- technique used to hide specific cells - Database Views
- technique used to control viewing of specific fields or records
What are the four privacy concerns of databases?
- Data Warehousing
- Data Mining
- Aggregation
- Inference
Can you define an database injection attack?
Injection is the failure to properly validate input from the client or environment.
What is the origin of the “no read down, no write up” model?
a. This is the Bell-LaPadula model used to maintain integrity
b. This is the Biba model used to maintain integrity
c. This is the Biba model used to maintain confidentiality
d. This is the Bell-LaPadula model used to maintain confidentiality
Answer: b
This is the Biba model used to maintain integrity
- and Simple properties describe what a subject can do to an object,
a. * = modify, simple = write
b. * = delete, simple = write
c. * = write, simple = read
d. * = read, simple = write
Answer: c
- = write, simple = read
Which of the following statements in incorrect?
a. The objective of Brewer Nash is to reduce conflict of interest
b. The objective of Bell-LaPadula is confidentiality
c. The objective of Biba is confidentiality
d. The objective of Clark Wilson is availability
Answer: d
The objective of Clark Wilson is availability
Which of the following is not a true statement?
a. The strength of a cryptosystem is a combination of the algorithm, the length of the key, and the public knowledge of the key.
b. Work factor is the time and effort it takes to break a cryptosystem.
c. Longer keys are harder to break.
d. Keyspace is the number of possible crypto-variable combinations.
Answer: a
The strength of a cryptosystem is a combination of the algorithm, the length of the key, and the public knowledge of the key.
The key should always be kept secret!!
Which statement best describes the cryptographic objectives of substitution and transposition?
a. Secrecy and block chaining
b. Confusion and diffusion
c. Initialisation and workfactor
d. Padding and randomisation
Answer: b
Confusion and diffusion
