Auburn COMP5370 Computer and Network Security Exams 1, 2, 3 material

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Overly Complicated Ballots

Misunderstand and no-vote races Misunderstand and double-vote races¡ ...questionably...structured ballots Unclear Intent: circle? check? fill in? etc.

RSA Trapdoor Function

Modular Exponentiation -Multiply a value by itself enough times over a finite field and it becomes itself again -(m^d)^e mod n = m

ARP spoofing/poisoning

More commonly known as ARP poisoning, this involves the MAC (Media Access Control) address of the data being faked. -a set of techniques used to confuse the switch and mis-route traffic. -Malicious actor on local network -Can be used to: --DoS another client --Cause network to thrash --Intercept traffic

Defending against ARP attacks

More intelligent switching -"Sticky" MACs: 1 physical port = 1 MAC addr --once you see an ARP announcement, that physical port is attached to that mac. If the switch sees the MAC change... it will turn off the port -802.1X: Authenticate physical port access -<many more> More intelligent topology -Network partitioning -Reduce the "blast radius" of an attack

Usage: Building Block

Most commonly a component on motherboard Software treats as black-box operations -Hardened interface

Firewall Usage

Most networked devices in 2020 have some sort of built-in firewall -Including most consumer-grade equipment Most, but not all, routers have some sort of coarse-grained traffic management

Firewall Inception

Most networked devices in 2020 have some sort of firewall built-in or readily add-able -Including consumer-grade equipment Most, but not all, routers have some sort of coarse-grained traffic management Most end-devices in 2020 have a built-in firewall via the OS -Linux = iptables, macOS = Firewall, Windows = Firewall - Exception is IoT and embedded devices

Example CPU Instructions

Move a value to a register -mov eax, 0x34 Add a value to a register -add eax, 10 Change execution path -jmp 0x12345678 #can't return -call 0x12345678 #can return -ret #return from call instr. -leave does 2 actions --> mov esp, ebp --> pop ebp

Paper as a Defense (when voting)

Paper is slow and expensive to tally -Verified by voter Memory Card is fast and cheap to tally -Unverified *Move away from DREs

What is one of the most popular forms of authentication?

Passwords -Original and most ubiquitous form of authentication -Relatively weak mechanism -Many well-known and widely exploited problems

Cookies

Third-Party Cookies are mechanism by which websites allow arbitrary actors to track their users across the Internet.

Cipher Block Chaining (CBC)

"A process in which each block of plaintext is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES or AES algorithm." Block of plaintext combined (XOR) with IV goes through block cypher (AES algorithm) and outputs ciphertext. That ciphertext is now the "IV" of the next block. It is combined (XOR) with the next block of plaintext which goes through the block cypher (AES algorithm) outputting a ciphertext. The cycle repeats. -IV is the previous block's CT -Pad last block in a deterministic way --AES-128 (16-byte block) with 24-byte message BAD -why bad? Side Channels CBC mode usually vulnerable to padding oracle attacks due to the difficulty of handling the padded block --Extremely easy to leak internal cipher state --Writing safe software is hard || Writing safe security-related software is really, really hard --Writing safe crypto-software is one of the many reasons we don't roll our own crypto

Replay Attack

"A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network." Mallory makes a copy of Bob's transmission for later use -can send that copied message to Alice anytime (pretending to be Bob) -message/transmission can be valid -this means you don't have sender authenticity

Electoral Systems

"First Past the Post" -Majority-post -Plurality-post Rank-Choice Single-Winner Multi-Winner -Single vote -Multi-vote

Cryptographic Doom Principle

"If you have to perform any cryptographic operation before verifying the MAC on a message you've received, it will somehow inevitably lead to doom"

Degrees of Malware

"Potentially Unwanted Apps" (PUPs) "Potentially Harmful Apps" (PHAs)

Cryptojacking

(sometimes referred to as "crypto-miners" with context) uses victim's resources to generate revenue for controller. -Often injected via JS and run in browser -Miner "pools" make it profitable even with limited computation

Characteristics of TLS Protocol

-Content agnostic -One or both endpoints can be authenticated -Well-studied and iteratively improved --SSL v1, v2, v3 --TLS v1.0, 1.1, 1.2, 1.3 Client -> HTTP -> TLS -> TCP -> Internet (CipherText) Internet(CipherText) <- TCP <- TLS -< HTTP <- Server

Web of Trust

-A decentralized model used for sharing certificates without the need for a centralized CA. -a simple trust model that relies on each user creating and signing their own certificate. -"I know Alice, this is her key Bob! Here ya go!"

Certificate Chaining

-A process that combines all certificates within a trust model. It includes all the certificates in the trust chain from the root CA down to the certificate issued to the end user. --Linking several certificates together to establish trust between all the certificates involved.

SSL Stripping

-A specific type of man-in-the-middle attack against SSL -network-level technique that prevents clients from upgrading to HTTPS by blocking the redirect response. -Mallory sits in the middle of the client and the server and takes the client's HTTP request & blocking the redirect request to HTTPS In order to "strip" the SSL, an attacker intervenes in the redirection of the HTTP to the secure HTTPS protocol and intercepts a request from the user to the server. The attacker will then continue to establish an HTTPS connection between himself and the server, and an unsecured HTTP connection with the user, acting as a "bridge" between them.

Return Oriented Programming (ROP)

-Arbitrary instructions via ROP "gadgets" -IDEA: Return-to-libc w/o functions

Superfish

-Came pre-installed on Lenovo laptops -Was an ad-supported visual search startup -Actively MitM traffic for ad injection -Injected root CA -SAME PRIVATE KEY ON EVERY SINGLE INSTALL

Adaptions to Kerckoff's Principle

-Ciphertext must be realistically secure at a minimum but provably secure if possible. -Implementation shouldn't rely on its own secrecy for to remain secure. -Don't make unrealistic assumptions about the abilities or competence of the humans who use/operate the system. (humans are the weakest link in security) -Key material must be easy to transfer, store, change, and verify. --Static keys are bad (keys used for a long time), Key rotation is good. --Also, knowing that you're using the right key is more important than people realize. -Interoperate with existing infrastructures, topologies, and protocols at higher and lower levels. --Ideally, a system should be 100% transparent to existing infrastructure. --Systems with dependability issues don't get deployed. (Can work over any network protocols, hardware, software, etc.) -Should be generic and reusable across many different hardware and software platforms. --Reusable and re-implementable. --Over customization for a single use-case reduces ability to be leveraged for others

Client Write KEX

-Client generates random secret -Encrypts to server's public key -Server decrypts to recover shared secret instead of sharing, the client picks the key and sends it to the server BAD -removed entirely in TLSv1.3 -it is NOT a forward secret KEX!!! Client -> c = ENCRYPTcert(r) send c Server then does r = DECRYPTpriv(c)

Onion Routing

-Connections transverse "circuit" to destination. Entry Node --> Middle Node(s) --> Exit Node. -Can transverse many or few middle nodes, but default is 3. -Uses telescoping encryption. -Circuits are created and destroyed automatically -Anonymous services are available

How U2F Works (Google)

-Currently, U2F devices are usually small USB devices that you insert in your computer's USB port -When you insert it into your computer's USB port or tap it against your phone, the browser on your computer can communicate with the USB security key using secure encryption technology and provide the correct response that lets you log into a website. -Because this runs as part of the browser itself, this gives you some nice security improvements over typical two-factor authentication -First, the browser checks to ensure it's communicating with the real website using encryption, so users won't be tricked into entering their two-factor codes into fake phishing websites. -Second, the browser sends the code directly to the website, so an attacker sitting in between can't capture the temporary two-factor code and enter it on the real website to gain access to your account

ROP Concepts

-Execute existing code instructions -Each gadget is very small amount of logic -Gadget ends with ret instruction -Wide array of gadgets in normal applications -Can used linked libs for more gadgets & more stable gadgets -Logic is "messy" --Lots of side-effects

4 Good Practices For Users when dealing with Authentication

-High-entropy password generation -Enable MFA wherever possible -Never reuse passwords -Identify and account for pivotable services and credentials

MFA- Push Authentication

-In-context verification via separate channel -Relies on security of device & service -Can be Phished -Can be Stolen maybe (depends on device) Effectiveness- Good, not great ex. Auburn Duo Push (when logging in) ex. someone can have a push sent to your phone to login to your account

MFA- Universal 2nd Factor Authentication (U2F)

-Keypairs generated on the devices -Private key never leaves the device -Challenge-Response protocol to ensure freshness -Internal keypairs -Cannot be Phished -Can be Stolen maybe (depends on config) -Effectiveness= Very Good -Pure Crypto -These tokens can use USB, NFC, or Bluetooth to provide two-factor authentication across a variety of services.

Asymmetric Tradeoffs

-Low cost for attacker to do -High cost for defender to stop/prevent

Credential Pivoting Attack

-Many different services attackers can pivot through --Email, phone, storage, etc Idea: -Use access to service A to obtain access to service B --Gain read-access to email --Request password reset from service --Read reset link/code from email --Use link/code to log into new service

MFA- One Time Code

-Out-of-Band, single-use secret transmission -Usually implemented as SMS or voice call -Can be Phished -Can be Stolen -Effectiveness= Better than Nothing ex. Google 2FA code sent to phone when logging in

MFA- One Time Password

-Password calculated via shared secret --HOTP: secret, counter --TOTP: secret, time -Can be Phished -Can be Stolen (locally) -Effectiveness= Better, not by much (compared to one time code) -HOTP --The first is the secret key, called the "seed", which is known only by the token and the server that validates submitted OTP codes. The second piece of information is the moving factor which, in event-based OTP, is a counter. The counter is stored in the token and on the server. The counter in the token increments when the button on the token is pressed, while the counter on the server is incremented only when an OTP is successfully validated. -TOTP --based on HOTP but where the moving factor is time instead of the counter. TOTP uses time in increments called the timestep, which is usually 30 or 60 seconds. This means that each OTP is valid for the duration of the timestep. ex. Microsoft authentication code that is time based, you only have 30 seconds to input the code before another is generated

Generating Strong Passwords

-Remove the human as much as possible -Automated generation -Physical generation ("diceware") --Roll dice to generate entropy --Use wordlist to improve usability and memorability

What is a Bug? What is a Weakness? What is a Vulnerability? What is an Exploit? What is an Attack?

-Something that fails in unintended ways -A bug that may be able to harm S & P -Weakness that can be intentionally triggered -Way to leverage vulnerability -Intentional exploit for attacker's gain & victim's loss

Poor Client-Side Validation

-Straight up Accidents in validating SSL Certs --code bugs/mess ups -Validating an SSL Cert in a non-browser software --Often, unlike in a browser, there is no user to show a dialog to. "Cert is broken, Proceed: yes/no"

HSTS (HTTP Strict Transport Security)

-Strict Transport Security. -HTTP header indicating always send HTTPS -Prevents downgrade attacks -Protects all sessions after the first -Preload lists can protect the first policy allows web servers to instruct client to always talk HTTPS for a set amount of time. -Sent via HTTP header -Time is n seconds until try HTTP -As long as client can communicate with the server once, will be safe for n seconds ISSUE -Trust on first use mechanism

HTTPS Redirect

-Uses 3XX "redirect" status codes -Instructs the client to try again using the HTTPS protocol instead of HTTP -shows redirect location in the status (from response)

Injected Root CA

-attacker is intentionally man in the middling HTTPS "for security" and injecting their own Root CA into the client's browser If an adversary would be able to inject a root certificate, the victim could be susceptible to eavesdropping or hidden malicious software. Malicious software is checked for by virus scanners, and has to be active on the infected computer. Usually virus scanners do not verify root certificates, because there is no simple way of distinguish a legitimate root certificate from its malicious counterpart.

True Randomness

-cannot be created, can only be measured from external process ("in the wild") -ex. vegas casino -must be measured in secret -is extremely slow and scarce (makes fast computers slow)

Kerckoff's Principle

A cryptosystem should remain secure even if 100% of the system is public-knowledge except the key material.

Pseudo-randomness

-data that mimics randomness but is actually deterministic -starts with little randomness -less trustworthy than true randomness but more achievable than true randomness (b/c computers are very good at doing very tedious things very quickly)

SSL Certificate (Pre 2014)

-enormous pain to deal with. -Incredibly complicated configuration --One mistake and 100% vulnerable -Manually verify with CAs via admin@, hostmaster@, webmaster@, ... addresses -Cost $70 -$400 per year -Start over every time a new TLS vulnerability is found or crypto is broken

Random Data

-unpredictable bits to an attacker without a pattern -any bit has the same chance -> 50% to be 1 or 0 -computers are really bad at randomness

TLS 1.3

-~100ms latency -Single round-trip required by default --May require additional -Able to create connection and pass content with zero round-trips --0RTT

Malware Installed via Exploitation

0-Day Vulnerability -Brand-new to vendor, defenders, and users -Find, exploit, & install N-Day Vulnerability -Patch exists but is not applied to host -Old =!= Ineffective -Google, exploit, & install Perma-Vuln (∞-day) -Worse version of n-day -Will never be patched Password Guessing -Default creds are scary -Repeatedly try until successful or blocked -Gain access & install Drive-by-Download -Clients are largely not arbitrarily accessible -Get client to interact w/attacker & hijack -Get interaction, profile, select, & install

Problems with DREs

1. Attacker infects memory card containing ballot programming files. 2. When officials place the card into the machine, it becomes infected. -AccuVote TS-X can be infected through: ●Unauthenticated software update mechanism; ●Buffer overflows in code that reads ballot design; or ●Interpreted programming language(AccuBasic) used to print result tape. 3. Malware running on the machine can arbitrarily change electronic records and printouts.

2010 D.C. System

100% Compromise with very little effort Acquire administrator credentials Replace all existing ballots Add ballots for voters who didn't vote De-anonymize ballots Hide all evidence in logs *100% REAL-WORLD COMPROMISE*

Linux File Permissions

3 normal permission bits per object (RWX) -Each object has an "owner" and a group -Only owner can change the permissions or group rwx rwx rwx Owner Group Others

2017 Google Phishing Worm

A "wormed" phishing attack via misleading UI and poor defenses Clicking link to you to a real Google Doc Granting permissions gave access to email

What is a Hash Collision?

A Hash Collision Attack is an attempt to find two input strings of a hash function that produce the same hash result. Because hash functions have infinite input length and a predefined output length, there is inevitably going to be the possibility of two different inputs that produce the same output hash. If two separate inputs produce the same hash output, it is called a collision

AES (Advanced Encryption Standard)

A block cypher created in the late 1990s that uses a 128-bit block size and a 128-, 129-, or 256-bit key size. -Bigger key == same algorithm with more rounds Good to use AES256- approved by CNSA -replaces DES -invertible s-boxes (obscures key from ciphertext) --same used for both encrypt & decrypt, this is why its invertible because it can be used to encrypt & reversed to decrypt

Trusted Platform Module (TPM)

A chip on the motherboard of the computer that provides cryptographic services. OR is additional built-in, self-contained ASIC that provides a central "root of trust" for a device.

Trusted Computing Base (TCB)

A collection of all the hardware, software, and firmware components within a system that provide security and enforce the system's security policy. OR is the collection of all components within a system critical to providing security properties.

Hardware Security Module (HSM)

A device that can safely store and manage encryption keys. This can be used in servers, data transmission, protecting log files, etc. OR a special-purpose add-on component that securely stores cryptographic keys and performs cryptographic operations. -High-performance operations -Restricted logic --Most commonly used for signing operations -Commonly available "in the cloud" for use with AWS/GCP/...

Certificate Transparency

A fix to Root CA leak -When issued, domain --> fingerprint published --Browsers require inclusion in multiple DBs -Allows real-time and historical monitoring -List of what Root CA signed what & when 3 Goals: 1. Make it impossible (or at least very difficult) for a CA to issue a SSL certificate for a domain without the certificate being visible to the owner of that domain. 2. Provide an open auditing and monitoring system that lets any domain owner or CA determine whether certificates have been mistakenly or maliciously issued. 3. Protect users (as much as possible) from being duped by certificates that were mistakenly or maliciously issued."

Trapdoor Function

A function that is easy to compute in one direction, yet believed to be difficult to compute in the opposite direction (finding its inverse) -can be inverted only with knowledge of private key F(pk, m) = v -> computationally easy F^-1(sk, v) = m -> computationally easy F^-1(v) = m -> computationally difficult

The Onion Routing (Tor) Network

A privacy- and anonymity-centic, volunteer-run communications network. -Started by DoD's Naval Research Lab. -"Low-latency" overlay network. -Used by both "good" and "bad" actors (researchers, intelligence agents, regular people, activists, and journalists but also drug dealers, pedophiles, and terrorists).

CPU Registers (32 bit)

General Purpose Registers -EAX, EBX, ECX, EDX Semi-General Purpose Registers -EDI, ESI Special Purpose Registers: -EIP, ESP, EBP

URL (Uniform Resource Locator)

A location or address identifying where documents can be found on the Internet; a Web address -A way of encoding an enormous amount of data in machine handle-able way -Sometimes called "Universal Resource Identifiers" (URIs) -encode all the info the web needs in one string -protocol, location, etc.

What is a secure channel & what 3 properties must it have?

A secure channel is a mechanism for which Alice & Bob can communicate securely. It must have: Confidentiality Message Integrity Send Authenticity

Cross-Site Request Forgery (CSRF)

A method of attacking a system by sending malicious input to the system and relying upon the parsers and execution elements to perform the requested actions, thus instantiating the attack. XSRF exploits the trust a site has in the user's browser. OR a class of attacks that extends XSS to maliciously use client-side credentials. -XSS which makes requests from the client's browser to an authenticated API

Galois/Counter Mode (GCM)

A mode that starts with CTR mode, but adds a special data type known as a Galois field to add integrity. GOOD-- (problem if key-unique IV was ever compromised) -CTR mode with built-in integrity checking -Key-unique IV -Relatively new but is being adopted widely --2007 NIST approval -Makes protocols much easier to implement Like in CTR, blocks are numbered sequentially, and then this block number is combined with an IV and encrypted with a block cipher E, usually AES. The result of this encryption is then XORed with the plaintext to produce the ciphertext --like other counter modes, its essentially a stream cipher

Security Archetype

A named actor that is used as a representative of a nuanced actor and their capabilities/intentions Ex. "foo", "bar", "baz" ... also Alice, Bob, Mallory, Eve

Cipher Suite

A named combination of the encryption, authentication, and message authentication code (MAC) algorithms that are used with SSL and TLS. ex. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Spear Phishing

A phishing attack that targets only specific users. OR an expansion of standard phishing techniques which is custom-built for specific people. -Relies on knowledge of the victim -Is crafted for the best-possible chance of the victim falling for it

Virus

A piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data OR type of malware that copies itself to other local applications. -A single bad-app creates many bad-apps -Often have the ability to "mutate" own code to be harder to detect --Polymorphic: Uses encrypted payload and each copy generates a new key --Metamorphic: Rewrites self each time it replicates but maintains all functionality

Principle of Least Privilege

A security discipline that requires that a particular user, system, or application be given no more privilege than necessary to perform its function or job. OR access to data & resources is limited those who need for routine, authorized purposes. -Specific apps can only start w/ specific users

TLS (Transport Layer Security)

A security protocol that uses certificates and public key cryptography for mutual authentication and data encryption over a TCP/IP connection. Used to protect most of the common Internet protocols -HTTP --> HTTPS -FTP --> FTPS SMTP --> SMTPS -Some VPNs -Many, many more -SSH uses its own, unrelated protocol

Rootkit

A set of software tools used by an attacker to hide the actions or presence of other types of malicious software. OR program that hides in a computer and allows someone from a remote location to take full control of the computer OR a type of malware that strives to hide itself and other various components. -Hook system calls to: --Remove certain results --Add certain results -Persistence and stealth are the hallmarks

Side-Channels

A side-channel is anything A) measurable by an ignorant actor and B) dependent on otherwise unknown information. Side-channels are not required to be perfect nor straight-forward = Is Toomer's Corner rolled after the game? = Is person happy or sad when leaving exam? Types: Timing Cache Heat Power Sound Error-code RF-Emissions Heap-allocation SSH Password Side-Channels Keystrokes to log-in Word-length Inter-key timing Packet timing Packet timing via light

Message Authentication Code (MAC)

A small block of data that is generated using a secret key and then appended to the message. This attempts to provide message integrity -a tag = a short piece of information used to authenticate a message in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed

IDS (Intrusion Detection System)

A software and/ or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress. "network monitoring component that is able to watch for signs of maliciousness." Capable of granular and complex rules -Beyond L2/L3 (IP/TCP) headers -"Deep Packet Inspection" (DPI) Capable of pattern/regex matching Capable of searching for multi-flow patterns

Virtual Machines

A software implementation of a computer system, allowing one physical computer to run several "virtual computers", each with their own independent operating system and application software. Completely separate OS installations -Similar to dual-boot but simultaneous A "hypervisor" coordinates hardware access OSes are isolated (Linux VM on Windows)

Adware

A software program that delivers advertising content in a manner that is unexpected and unwanted by the user. OR software that interferes with standard advertising to generate revenue for the malware's controller.

Push & Pop

Add elements: push instruction -push 0x00000000 #adds 4 null-bytes on top (of stack) -push eax #copies adds EAX register value on top (of stack) Remove elements: pop XXXinstructions -pop eax #stores removed value in EAX register and de-allocates 4-bytes push 0x0a push 0x6c push 0xff pop eax #0xff pop eax #0x6c push 0x88 push eax #0x6c

Fuzzing

A technique used to discover flaws and vulnerabilities in software. OR a technique of penetration testing that can include providing unexpected values as input to an application to make it crash -Automatically generate and test inputs --Random, patterns, mutations, etc -Process input and see if program crashed --If so, input as something to be investigated --If not, try again -Code coverage measurements used to explore different generation paths

Three-Way Handshake

A three-step process in which Transport layer protocols establish a connection between nodes. The three steps are: -Node A issues a SYN packet to node B -node B responds with SYN-ACK -then node A responds with ACK.

Tracking Pixel

A transparent image that provides information about a specific user. For instance, can send a signal once a user has opened a specific email.

Spyware

A type of Malware that locates and saves data from users without them knowing about it. OR software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive. OR type of malware that provides remote access to local information such as activity, sensors, and other information. -Key loggers, screen captures, data exfiltration, GPS/microphone/camera data -Some examples are obvious base on their by their users and capabilities --Law Enforcement --Intelligence Orgs --...the like... -Often sold openly -Sometimes used in less-than-ideal situations

Security CPU Instructions

AES-NI -Perform specific AES operation in HW --Encrypt/Decrypt round --Generate round key RDRAND -Read random value from HW and store in given register

Malware Installed via Third Party

Added to benign SW by developer -Leverage existing userbase & trust -Change of control -Explicitly for Revenue Added by attacker via supply-chain access -Unknown to developer -External dependencies -Distribution mechanism "Owner" adds for compliance/policy -Bossware, mobile device management (MDM) -Proctoring Software? Preinstalled w/ device -May not be obvious -May be force-installed

Completely Secure Channel

Alice -->g^a, sig keyshare (keyshare = g^a mod p) Bob <--g^b, sig keyshare (keyshare = g^b mod p) Alice -->AES256_GCM_SIV(g^ba, What's 1+1? Include the bytes ABCD), IV, sig IV ||CT Bob <-- AES256_GCM_SIV(g^ab, ABCD || 2), IV, sig IV || CT Alice needs Bob's public key to verify Signature & vice versa

Security Archetypes used in this course

Alice & Bob - passive, send messages back and forth Eve - passive, malicious actor who can read messages; however, cannot modify, delay, discard, etc Mallory - active, malicious actor who can read, modify, delay, discard messages. Man in the middle attack

Merkle Trees

Allow a large number of arbitrary, unrelated elements to be validated in a structured way. Iterative hashing of values Distribute Merkle Root for integrity checking Structure allows use of efficient Inclusion Proofs That's 80% of Cryptocurrency FX "ledger" or 'blockchain" — Merkle tree "transaction" — leaf-nodes of Merkle tree "proof of work" — solve via brute-force: root(current) || nonce = root(next) W/hardness "hardness" — restrictions on root(next)

Enclave Logic

Allow arbitrary logic from developers Extremely small TEE standard library Statically compile against TEE standard library & dependencies

Rowhammer

Allows arbitrary process to flip bits in memory

HTTPS (Hypertext Transfer Protocol Secure)

An encrypted version of HTTP. (It uses port 443) Solution to HTTP -HTTP inside of TLS -Often incorrectly called "SSL" (really old version) -Various "upgrade" mechanisms

IPS (Intrusion Prevention System)

An active, inline security device that monitors suspicious network and/ or system traffic and reacts in real time to block it Also called a Network Intrusion Prevention System (NIPS). type of IDS which is able to actively block maliciousness when found -Capable of granular and complex rules --Beyond L2/L3 (IP/TCP) headers --"Deep Packet Inspection" (DPI) -Capable of pattern/regex matching -Capable of searching for multi-flow patterns

Elliptic Curve Cryptography (ECC)

An algorithm that uses elliptic curves instead of prime numbers to compute keys. -public-key scheme that provides the same operations via a different mechanism. -Widely used curves are named and their names may/may not be meaningful

Amplification Attack

An attack instigated using small, simple requests that trigger very large responses from the target. DNS, NTP, ICMP, and SNMP lend themselves to being used in these kinds of attacks. -An attack that increases the amount of bandwidth sent to a victim. OR type of reflection attacks where the victim receives more traffic than the attacker sends. -Obvious asymmetry -DNS is a common vector for them --Request: 10s of bytes --Response: 100s of bytes

Phishing

An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information OR an attack technique which attempts to trick the user into willingly surrendering information

Port Scanning

An attack were an attacker scans your systems to see which ports are listening in an attempt to find a way to gain unauthorized access OR reconnaissance technique that is used by attackers to gain information to aid them in their attacks

Distributed Denial of Service (DDoS)

An attack where a firm's computer systems are flooded with thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site's use. DDoS attacks are often performed via botnets. OR An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests. OR is a type of DoS attack where the "source" of the attack is distributed across the Internet. -Often accomplished via botnets -Each bot under the attacker's control contributes negligible amount of traffic but the sum is non-negligible

Concept of Freshness in Communication

An important aspect of S&P is ensuring not only sender authenticity, but also freshness of the messages being exchanged Knowing who you're talking with Knowing when you're talking with them (Making sure you aren't a victim of a replay attack) *add nonce

Anti-Virus

Anti-Virus and "host-based defense systems" are very ... complicated... Good-They can quarantine and alert you when there's known malware. Maybe-They can only tell you about known malware and the naïve versions Bad-They love to quarantine dev-tools and are incredibly privacy-invasive Worse-They have to touch everything

Hash Function

Any function that can be used to map data of arbitrary size to fixed-size values. H(x) = y Function[H] that is 100% public & deterministic Input[x] with arbitrary length Output[y] - fixed-length "digest" The values returned by a hash function are called hash values, hash codes, digests, or simply hashes

Vulnerabilities are Inevitable

Any non-trivial software will have bugs Some non-zero percent are controllable Some non-zero percent are exploitable Humans can be the vulnerability

TEE Operation

App loads enclave blob via OS driver App can make function calls into the enclave Enclave executes outside the influence of OS, apps, etc

TCP/IP Model

Application (Message to Transit), Transport(Make it Cohesive), Internet(Get to Final Destination), Link(Get to Next Hop) The TCP/IP Model is way of thinking about and conceptualizing the various protocols used in network communications. -Reduced "OSI Model" -Specifics differ greatly based on the source, time, and writer -Is NOT a perfect representation of the real-thing

Short-Cutting TCB with TEEs

Applications, OS, network, cloud, etc removed from TCB Enclave-to-enclave secure channels are available DoS attacks prevalent but known

"Turtles All The Way Down"

Attack surface is exponentially larger b/c malicious lower-levels Level N bug means levels >=N are untrustworthy Bugs and vulns mimic each other due to abstraction

RC4 stream cipher

BAD -Extremely fast PRNG (originally a "trade secret") -why bad? biased output at beginning & after few GBs It is used to encrypt the data as it is transmitted through the air.

Ballot Secrecy

Ballot Secrecy means that a vote can not be meaningfully attributed to a voter by anyone. Weak Secrecy - Can't correlate vote + voter Strong Secrecy - Can't sell vote reliably

DRE Systems

Ballots are recorded via the device Ballots are stored on the devices At the end, of the election, output the device's tally and add *DREs are just old computers

AWS EC2

Bash Environment SSH protocol design SSH app architecture SSH app logic Crypto math Crypto impl. TCP protocol design TCP implementation OS implementation HW components SoC design/impl. CPU design/arch Silicon traces

DES (Data Encryption Standard)

Block Cipher A shared-key encryption algorithm that uses a 56-bit encryption key to encode data in 64-bit blocks. BAD -1977 -Standardized by NIST -Software implementation is very slow -Often implemented in hardware -why bad? 1998 -EFF DES Cracker built (brute force attack on key) PS before it was broken, 1990 -Differential cryptanalysis discovered -General technique against block ciphers

Branch Prediction

BranchPredictionisa formofspeculativeexecutionusedbyCPUstoimproveperformancebypre-executinginstructions.Basedonmanythingsbutmoststraight-forwardisthelasttimeitran thecodeIfpredictright:freeexecutiontimeIfpredictwrong:abandonandignore=Keepstrackofwhatvaluesdependon check

What would be examples of "low hanging fruit" when attacking?

Brute Force Enter and Stay Ask for access

Cyber-kneecapping: Bug-doors

Bug-doors are an especially scary type of back door in software implementation that grants access to anyone who knows of them Intentionally added errors Easily attributed to benign mistake Impossible to attribute to a malicious actor

HTTP details

CLIENT -Methods (often referred to as "verbs") -GET: Fetch content from a web server -POST: Send content to a web server -others exist but are largely used in similar ways in 2020 SERVER -Passes information via a "body" and arbitrary "headers" describing the body -CR/LF ("\r\n") separated key-value pairs

Censorship Avoidance

Censorship avoidance is intentionally designing, building, using, and maintaining systems whose goal is explicitly to give users ability to bypass local censorship. Attempts to modify the censor's trade-off =Increase the negative impacts of blocking =Decrease the user-effort to avoid

Censorship

Censorship is the suppression of access to information that is deemed harmful for the perceived advancement of the greater good. Can be performed by many parties Governments censor citizen-access Companies censore mployee-access Corporations censor customer-access Schools censor student-access User-Side Compliance: Software installed on user device to block content Infrastructure Compliance: Require ISP and telco-providers to censor traffic = Censor creates requirements and delegates responsibility to enforce Solution: Manually configure DNS to non-censored server directly Retaliation: DNS injection Retaliation solution: Wrap DNS in TLS channel

Usage: Attestation

Challenge-Response protocol using keys Allows 3rd parties to verify device state Often registered at the factory -May use CA-like chain -May be unique values

CSRF Example

Client (POST) -> Login: username & password cookie: name=BankAuth, value= 39f2097fasc <- Server Client (GET) -> Accounts: , Cookie (tries to access account, sends cookie back) <- Server Client (POST) -> Transfer (makes a transfer, sends cookie with) <- Server

Sender Authenticity

Messages can't be created by a non-1st party (1P)

Cryptographic Hash Function Resistances (assumed hardness)

Collision Resistance- it is hard to find x1 & x2 such that H(x1) == H(x2) Preimage Resistance- Given H(x), hard to find x 2nd Preimage Resistance- Given x1, it is hard to find x2 such that H(x1) == H(x2) Change Propogation- Small input changes make big output changes

Ballot Marking Device

Combination of DRE and optical-scan -Vote via electronics -Print ballot for voter Ballot is paper Ballot is scanned into completely separate device for tally Problem: Voters implicitly trust BMDs, voters need to check their ballots *Computers can be hacked

Contact Chaining

Contact Chaining is a technique in which digital metadata allows recovery of social-graph Useful in locating cliques and hidden members of groups =Alice, Bob, Charlie call eachother a lot

Safe Finite-Field DH Parameters

Correctly generated 2048-bit group -Thought to be safe -Widely used in the real-world Correctly generated 3072-bit group -Thought to be safe -Relatively rare in the real-world -CNSA approved

Safe RSA Parameters

Correctly generated 2048-bit parameters (modulus n size) -Thought to be safe -Widely used in the real-world Correctly generated 3072-bit parameters (modulus n size) -Thought to be safe -Relatively rare in the real-world -CNSA approved

Other Important Properties

Cost Effectiveness Accessibility Convenience Intelligibility

Access Control Policy

Create a logical representation of who has access to what file. -Enumerate users -Enumerate files -Give specific users specific access to specific files -Default: no-access

What should you implement in a system design?

Create a system that is capable of being defended. Maintain the mechanism for defending it. Train & Educate in order to reduce the overall burden on non-malicious actors

Deep Packet Inspection (DPI)

Deep Packet Inspection (DPI) is a network monitoring component that is able to watch for signs of deemed-harmful content. DPI is an IDS specifically for censorship Use VPN to defeat

Cipher Mode

Defined method that determines how a plaintext block is input and changed to produce ciphertext. Examples include: Electronic Code Book (ECB) mode, Cipher Block Chaining (CBC) mode, and more. -a way to use a fixed-size block cipher with arbitrary-sized data -AES-256 is using the 256-bit key -Not needed for stream ciphers b/c XOR the message-length number of bytes

Usefulness of the TCP/IP Model

Delegate responsibilities Spiral development cycle Improved interoperability Tractable mental model

Online Attacker Motivations?

Different attackers use different attacks in order to achieve their goal. -Passive eavesdropping isn't very useful for standard attackers -DoS isn't very useful for stealing credit card and/or social security numbers -Reconnaissance is hard and takes a lot of skill to do correctly

Differential Privacy

Differential Privacy is a technique in which a data set can contain partially incorrect data on an individual but it is simultaneously: Guaranteed to be correct as-a-whole Impossible to attribute to an individual

Metadata

Digital meta data is any information about a digital artifact/object but is explicitly not the artifact/object itself.

RSA Cryptosystem

Discovered in 1973 by Clifford Cocks Published in 1978 by Ron Rivest, Adi Shamir, and Leonard Adleman First public key cryptosystem-asymmetric Generate two large primes p & q -Calculate modulus n from p & q (n = p * q) -Select relatively prime public exponent e (Usually 3 or 65,537) -Find a private exponent d so that (e * d) mod lcm((p-1) * (q-1)) = 1 -Priv-Key = (d, n) && Pub-Key = (e, n)

Diffie-Hellman's security is based off of 2 Mathematical Assumptions

Discrete Logarithm Problem -Given g^a mod p, it is hard to find a Decisional Discrete Logarithm Problem -Given g^a mod p && g^b mod p, it is hard to find g^ab mod p

What are potential options when defending a system?

Do Nothing Complete Overhaul Defense in Depth

Domain Fronting

Domain Fronting is a censorship avoidance technique which relies on protocol implementations being independent.

What's rule number 1 of Cryptography?

Don't roll your own crypto There are experts that do this for a living, it is not something you can just pick up on and do yourself over night. It isn't reliable unless an expert created it and other experts reviewed it.

How to Prevent Content Injection

Don't use user-provided data...ever -Create/store server-side and give client DB key Protected data stored client-side with a server-only secret used to validate -AES-GCM(keyserver-only, "Bob") -"Bob" + HMAC(keyserver-only, "Bob") Validate *everything*about client supplied data every time you touch it -re.search("^[a-zA-Z]{2,}]$", data)

Dark Patterns

Done out in the open. Manipulate the user. Example: Link to sign up for email notifications to receive a 15% off coupon and the "no" option says "I'd rather pay full price... :'("

Availability

Endpoints and/or data can always be accessed by authorized parties

Confidentiality

Messages can't be read by a 3rd party (3P)

Browser Fingerprinting

Each browser keeps some information about the elements it encounters on a given webpage to differentiate between users. For instance, a browser will keep information on a text font so that the next time that font is encountered on a webpage, the information can be reproduced more easily. Because each of these saved elements have been accessed at different times and in different orders, each instance of a browser is to some extent unique. Tracking users using this kind of technology continues to become more prevalent.

Desired Attributes of a MAC

Easy to compute and verify for Alice & Bob Hard for not-Alice/-Bob to create Doesn't grow with message length

Election Availability

Election Availability is that the system is available when needed and performs reasonably. Accepts Votes - Not overly burdensome Timely Results - Waiting months is not ideal

Election Integrity

Election Integrity is the property that the outcome matches voter intent. Cast as Intended - Choice, Competence Counted as Cast - Didn't get changed/ignored

TEE Application

Enclave logic is compiled and signed with enclave key Enclave blob compiled into application binary Application binary behaves as normal

Virtual Private Network (VPN)

Encrypt all content from self to cloud =Protection against local actors only =VPN service sees all traffic and can act Known instances of some being malicious

Example: Sealed Data

Encrypt data such that it can only be decrypted by self Arbitrary logic based on internal state and sealed metadata -Creation date -Version number

Toolbox of Exploitation Techniques

Every vulnerability is different -Some are not exploitable at all Sometime it takes multiple bugs to create a working exploit ("Bug Chains") -Buffer over-read (get canary) + Buffer overflow (exploit)

Local TCB

Everything needed to run the application safely Each layer relies on the layers below it to behave correctly Debugging difficulty going down the stack

Evil Maid Attacks

EvilMaidAttackiswhereanattackergainsphysicalaccesstothetarget'sdeviceforlongenoughtogainaccess,exploit,orotherwiseleveragethatphysicalaccess.ImagestorageforfutureforensicsCompletelyreplaceandproxyinteractionInstallfirmware-levelmalwareInstall/replaceHWwithcustomaccess

Anonymized Data

Ex: Post months of search queries but erase user identities, but can piece together who someone is based on what they're searching.

De-Identified Data

Ex: Publish pick-up/drop-off locations of cabs, hashes of taxi IDs, number of passengers.

Cryptography

Extremely high Math Fundamental aspect of S & P (security & privacy) A tool to have when making a secure system

Phase 3: Authenticate & Verify

GOAL: Ensure that: -Endpoints are who they claim to be -Both endpoint saw the same transcript Client authentication is optional in the TLS protocol Hash/sign handshake messages sign key exchange -good b/c only you have priv-key to sign with & they can verify with pub-key

GDPR

General Data Protection Regulation EU-only

Access Control Model

Formal Models -Discretionary Access Control (DAC) -Mandatory Access Control (MAC) -Role-based Access Control (RBAC) -Bell-LaPadula -<many, many more> The real-world is a mixture of all. Subjects- Users Permissions- Read/Write Objects- "Files"(data, binary, device) | Hierarchies- (multiple files)

Phase 2: Shared Secret

GOAL: Create a shared secret known only to endpoints Derive session keys used for content protection Options: -Diffie-Hellman -Client-Write

Phase 1: Parameter Negotiation

GOAL: Determine how endpoints will communicate -Symmetric Cipher -Signature Algorithm -KEX method Arbitrary extensions -Many are generic -Some are specific to underlying protocol Client -> Support Params (Client Hello gives cipher suites) Selected Params <- Server (Server Hello gives the selected cipher suite)

Length Extension Attack

Given a message we can compute the hash for a longer message. The vulnerable hashing functions work by -taking the input message -use it to transform an internal state. -After all of the input has been processed, the hash digest is generated by outputting the internal state of the function. It is possible to reconstruct the internal state from the hash digest, which can then be used to process the new data. In this way, one may extend the message and compute the hash that is a valid signature for the new message. an attacker can use Hash(message1) and the length of message1 to calculate Hash(message1 ‖ message2) for an attacker-controlled message2, without needing to know the content of message1.

Integer Overflow

Going past the integer's range by adding to the maximum, or subtracting from the minimum OR When arithmetic operations attempt to create a numeric value that is too big for the available memory space. OR A condition that occurs when a very large integer exceeds its storage capacity -Buffer Overflows usually rely on unsafe functions (gets(), strcpy(), etc) -Best Practice is to track size and compare -IDEA: Math tricks to avoid size checks

HSTS Preload

HSTS Preload is another patch for HTTP where the browser consults a list of domains to always talk HTTPS to. (way around trust on first use mechanism) -Any website can be added to list @ hstspreload.org -Can't be easily reverted if added --don't break certificate ... if you do and you use HSTS then you pretty much just told every they can't communicate with you (b/c can only use HSTS if you have a valid cert)

HMAC

Hashed Message Authentication Code Cannot use SHA256 with MAC b/c it is easy for 3P to create ... use HMAC instead Function[HMAC] - Slight modification of a standard hash function Key[k] - Is a secret only known to 1P actors Input[x] - Arbitrary length data Output[y] - Fixed-length "digest" HMAC(k,x) = y Any Hash can be turned into an HMAC using a simple construction HMAC-SHA256 == HMAC using SHA-256 Using an HMAC-SHA256 with your message can give you message integrity, 3P cannot create it or get the key used - HMAC-SHA256(key,m)

Diffie-Hellman recap

How Finite-Field DH Works: Each actor selects a secret (a,b) =» Create/Send "keyshares" based on secret =Use secret and others' key share to create a shared secret only known to actors DH's security is based on the hardness of two mathematical problems: Discrete Logarithm Problem = Given g^x mod P, hard to find x. Decisional Discrete Logarithm Problem = given g^a mod p and g^b mod p, it is hard to find g^ab mod p Safe Finite-Field DH Parameters =Correctly generated 2048-bit group -- Thought to be safe. Widely used in the real-world =Correctly generated 3072-bit group -- Thought to be safe. Relatively rare in the real-world. CNSA approved

Buffer Over-Read

Humans are bad at safely extracting data from buffers similar to being bad at safely inserting data into buffers Buffer overflow bugs in reverse IDEA: Read off the end of a buffer

Public Key Crypto Example

If a teacher wants our HW encrypted to send to him, he will give his public key. We encrypt our HW with his public key and send it. The teacher decrypts it with his private key (only way). -he and only he has his private key When he sends back the HW, he signs it using his private key and we can verify it with the public key.

Compromised Root CA - The Harm

If an attacker has a Root CA, they can sign anything & the web automatically trusts whatever they signed -ex. DigiNotar Hack --They got hacked, private key got stolen, hacker made their own certificates for whatever & people's browsers automatically trusted them. --How to fix? --revoke their CA .... now everything they signed is invalid ... what a pain .... clients now have to update their browser to know that the CA is invalid (this means it could take weeks or longer to fix a Root CA leak)

Access Control Mechanism

Implement the policy in the real-world. -Users assigned user id -Users can masquerade as other users ¡Users assigned to groups for simplicity (logic/mgmt) -Groups are meta-users in some but not all aspects

Data Encapsulation

In networking, encapsulation is a method of designing modular communication protocols in which logically separate functions in the network are abstracted from their underlying structures by inclusion or information hiding within higher level objects.

DNS Request

In the Domain Name System (DNS), a message sent by a DNS client to a DNS server, listing a hostname or fully qualified domain name (FQDN), asking the server to discover and reply with the IP address associated with that hostname or FQDN.

TMP Internals

Includes suite of crypto primitives -RNG -Algorithm implementations -Secure storage Arbitrary control logic -Timers, persistent counters, etc

Security of RSA based off 2 Mathematical Assumptions

Integer Factorization Problem -Given n, it is hard to recover p & q RSA Problem -Given only the pub-key, it is hard to perform a priv-key operation

Natural Entropy

Internal state is rarely 100% predictable -Call depth moves stack frames -Compilers aren't 100% clones of each other

Voting Systems

Internet Voting Direct Recording Electronic (DRE) Optical Scan Punch/Chad Mechanical -Brass Ball Drop -Tokens/"Stones in Jars" -Levers/Buttons/Analogs

2 Parts to Public Key Cryptography

Key Generation Algorithm Trapdoor Function

Why would you use ECC?

Keys are significantly smaller -256-bit vs. 3072-bit for 128-bit security Signatures are significantly smaller Attacks against ECC aren't as mature as those against RSA -"as mature", eventually more and more people will attack it and come up with newer and faster attacks for it Significantly faster than RSA

/dev/urandom /dev/random

Kinda random source of bytes always generates data even if they're not really random really fast really random source of bytes blocks if it cannot safely generate (really random) data at current time

SSL Certificate (Post 2014)

LET'S ENCRYPT -Let's Encrypt is an automated service that issues browser-trusted SSL certificates based on proof-of-ownership of the domain. -Run a couple of bash commands -Cost $0 and takes 5-minutes total -NO REASON FOR A WEBSITE NOT TO BE HTTPS Also have Caddy or Caddy 2 -sets up SSL cert, TLS config, website, etc.

Should We Vote Online?

LOL No. At this time, safe, secure, and trustworthy Internet voting system is out of reach given the current technology and science. -Too many unsolved CS problems -Too many unsolved security problems -Unknown long-term cryptographic promises -Many of the problems with known solutions rely on technical experts' assertions --"you trust us don't you?"

Cyber-kneecapping: Legal restrictions

Legal restrictions are a mechanism to ensure that nation-states have low-cost access to cryptographic defeats. Many different ways of writing the law Has trended towards the "nerd harder" variety as opposed to the prescriptive EXPORT control-style

Process Isolation

Logical control that attempts to prevent one process from interfering with another. OR A form of data hiding which protects running threads of execution from using each other's memory Isolated memory via virtual memory Managed via OS scheduler Extremely efficient but very little protection

CPU instructions

Low-level commands passed to CPU Carried out via physical gates -AND, OR, NOT, etc -Latches, Counters, Adders, etc

Malware Distribution

Malware is distributed via almost every imaginable technique and vector. -Installed via Exploitation -Installed via Third Party -Installed via User

Message Integrity

Messages can't be unknowingly modified by 3P

Unsafe libc Functions

Many commonly-used functions are nearly impossible to use safely (no dest length) -strcpy(char *dest, const char *src) -strcat(char *dest, const char *src) -gets(char *s) -scanf(const char *format, ... )

Merkle-Damgård

Many hash functions use this type of construction - Break message into constant-size blocks - Static internal-state and output size - Pad the last block block-length used to build Collision resistance hash functions

Why is Public Key Cryptography Useful?

Many-to-1 encryption -Encrypt with the public key -Decrypt with the private key Digital Signature

Common Hash Functions

Md5- bad/broken (can collide easily) Sha1- bad/broken (can collide with some effort) Sha2- will break eventually Sha256- widely used, still relatively safe Sha384- CNSA approved

Data v Code Clarity

No execute bit (NX bit) -Hardware support for marking non-code pages Data Execution Prevention (DEP) -Windows OS-level implementation Write XOR Execute (W^X) -Read/write (stack/heap) -Executable (.text/code segments) IDEA: Know what's code & what's data

Side Channel

Non-Intrusive Attack that uses information (timing, power consumption) that has been gathered to uncover sensitive data or processing functions. Often tries to figure out how a component works without trying to compromise any type of flaw or weakness. -uses internal state

Stack Canaries

Non-executable segments defends against shellcode in data segments Doesn't defend against the root problem -Ability to modify the return address IDEA: If defender can't prevent buffer overwrites, at least fail-safe when they happen.

Port Scan to Explore

Once you find a host, what is that host servicing itself?

Ways for key distribution and the Issues

Out-of-Band- "something else handles it" --ex. calling someone over the phone & reading out your key to them or mailing your key to them or even meeting up IRL and exchanging them Relayed introductions- very sketchy, Alice got Bob's key from Bob then proceeds to give that key to Charlie --smaller scope of out-of-band distribution --If Charlie talks to Bob, Bob won't know it's charlie --Also, if Alice gives the wrong key then Charlie wouldn't know if he is talking to Bob or not Unpredictable needs are unpredictable- Bob and Charlie don't know they need to talk (Charlie got the key from Alice) Managing keys is an enormous pain and easy to mess-up -if I have a phone with a key and I give that to all of my friends, but one day I drop my phone and it breaks... I get a new phone but now I have to restart and re-distribute my key to all my friends

Out-of-order execution

Out-of-OrderExecutioniswhenthingsaren'tactuallyexecutedinalogicalorder.Compilersre-arrangewhenvaluesareloadedtoshareacrosscode-pathsCPUpipelinesre-arrangeinstructionstominimizeL1-3cachevs.RAMlatencyAsingleCPUcorewillexecuteinstructionsconcurrentlytouseinternalcomponentsatfull-capacity

Air Gap Hardware

Physically separated systems/networks No logical interaction across boundary Physical data transfer across boundary

What are four problems when dealing with passwords?

Poor Entropy -humans are the weakest link ... they are so bad at randomness --commonly used passwords, reusing passwords, patterns (incrementing numbers, repeated words, etc) Phishing -humans are poor choices in character --Users predictably give passwords to attackers without knowing they did so Reuse -Humans reuse passwords due to relatively small storage capacity --In 2020, nearly everything requires a login --Important and unimportant services Credential Pivoting -Humans fail to account for implicit trust and reset mechanisms --Few services are willing (or able) to bind userdata to passwords --Would rather treat passwords as a policy protection and allow overriding --Provide automated "password reset" mechanisms usually through email

Canonical DH Vulnerabilities

Poor randomness when selecting a or b -If can recover one, g^ab mod p is trivial Poor selection of p -Pohlig-Hellman Algorithm -Non-trivial sub-group with different generator Computation over-match -Discrete Log Record: 795-bit in ~100 days

Canonical RSA Vulnerabilities

Poor randomness when selecting p & q -If can recover one, other is trivial Insecure strategy for generating p & q -Vulnerable example: p = prime(n), q= prime(n+1)¡ Brute-force computation overmatch -Can factor 512-bit non EC2 for ~$75 -$100M of special-purpose ASICs Algorithmic advances -Pre-Quantum: Number Field Sieve (NFS) -Post-Quantum: Shor's algorithm

Return-to-libc

Reuse code from vulnerable binary -Already loaded into memory -Already marked as executable IDEA: Setup a ret so it acts as a call

Cloud Provider TCB

SaaS: Software -Amazon WorkMail PaaS: Platform -Elastic Container Service IaaS: Infrastructure -EC2 Instances <many more layers of internal services> All on top of Local TCB

Accelerator Usage

Primitive-Level Variant -Offload actions -Software provides: --Action-specific input - CT/PT/data/sig+data --Instance-specific secret -Accelerator provides --Primitive algorithms --Action-specific output Protocol-Level Variant -Offload layers -Software provides: --Configuration --Long-term secrets -Accelerator provides: --Protocols negotiation --Primitive algorithms --Short-term secrets --Plaintext messages

Security Design is not a Product, it's a

Process Can't be added later on It's an on-going effort throughout the lifecycle *Security is not a checkbox to hit on the way to releasing a product

SELinux/App Armor

Process Isolation + OS-level sandboxing HEAVILY patched set of kernel modules "Know what an application is suppose to do and don't let it do anything else." -ls doesn't need network access -Print driver doesn't need keystrokes

Linux Process Model

Processes permissions are nearly identical with a slightly different security mechanism. -Process inherits user permissions (default) -Have an Effective User ID (EUID) and Effective Group ID (GUID) -EUID/GUID can be set in various ways: --sudo, setuid, sg, ... --Requires root user

UDP (User Datagram Protocol)

Protocol that operates instead of TCP in applications where delivery speed is important and quality can be sacrificed. -Extremely simple connectionless protocol -16-bit checksum is only functionality -Often used when: --Dropped packets are OK (streaming video) --Want to handle recovery at application layer (no ACK, SYN/ACK, etc. ... just sends packets regardless of whether they make it or not)

Textbook RSA Operations

Sign(m)[using priv-key] -sig= H(m)^d mod n Verify(m)[using pub-key] -(sig)^e mod n =?= H(m) Encrypt(m) [using pub-key] -ct= m^e mod n Decrypt(m) [using priv-key] -m = ct^d mod n

Why use TLS?

Provides generic, secure channel with very little overhead Getting the details correct for a secure channel is very difficult The network is evil!! -Government surveillance -ISP tracking / ad injection -Compromised Wi-Fi routers -used to get your info/message across securely

Risk limiting Audits

Random sample of ballots are manually reviewed Even with relatively small sample size, can gain high confidence

Refraction Networking

Refraction Networking is a censorship avoidance technique which relies on mimicking multiple protocols simultaneously in a way that only a secret can extract inner.

ASLR (Address Space Layout Randomization)

Requires many changes to compilation and/or loading -Code must be "relocatable" or "position independent" -<Details are out-of-scope> IDEA: Make it impossible to predict addrs

HTTP Response

Response to client's get/post request -Has status, headers, body -new content defined with \r\n -end of header defined with just a \r\n -if status is ... --200s = server got what you wanted --300s = redirect --400s = error (invalid, can't find, etc) --500s = something went terribly wrong, server crash, etc.

Morris Worm

Robert Morris, grad student at Cornell, created a program to copy a message to systems on the Internet He wasn't as careful as he should have been with limiting the propagation Brought the Internet to near collapse for several days in 1988 First Denial of Service attack -Infected 10% of the Internet -Repeatedly infected machine -First CFAA prosecution

Preventing XSS

Same as before (don't/protect/validate) Avoid dangerous patterns -dom_ele.innerHTML= untrusted_data -eval(validate(untrusted_data)) Escape user-provided data -"<" -> "&lt;" (still renders as "<") Content Security Policy (CSP) -Server explicitly indicates what domains content will be fetched from in HTTP response

Example: Drive Encryption

Sealed decryption key stored on-disk TPM validates user password and any other logic TPM releases drive decryption key to OS

TMP Keys

Secrets are either generated on-board or injected Uses internal "fuses" to make permanent Derive many secrets from single root secret w/ validation

Why use ECDH?

Secrets are significantly smaller -384-bit vs. 3072-bit for 128-bit security -Keyshares are significantly smaller -Attacks against ECDH aren't as mature as those against Finite-Field DH -Significantly faster than Finite-Field -Significantly harder to break curves compared to prime-order cyclical groups

Oversimplified Descriptions

Security CPU Instructions -Trusted actions in standard hardware Crypto Accelerator -Fast, trusted actions in add-on hardware Trusted Platform Module -Trusted actions in built-in hardware w/ keys Hardware Security Module -Fast, trusted actions in add-on hardware w/ keys Trusted Execution Environment -Fast(ish), trusted logic in common hardware w/ keys

Over-simplified descriptions of security hardware

Security CPU Instructions = Trusted actions in standard hardware Crypto Accelerator = Fast, trusted actions in add-on hardware Trusted Platform Module = Trusted actions in built-in hardware w/keys Hardware Security Module = Fast, trusted actions in add-on hardware w/keys Trusted Execution Environment = Fast(ish), trusted logic in common hardware w/keys

Applying Principles

Security Model-An abstraction to subjects, permissions, and objects to allow reasoning about S&P properties. Security Policy-The mapping of subjects, permissions, and objects to implement the security model. Security Mechanism-The technical measure that enforces the security policy.

Link Tracking

Send Alice-specific URL via email and connects email with cookies

Common Content Injection SRC

Server relayed content -Attacker uploads data to a website that the victim later loads, fetches, and renders -Forums were a bad idea (TM) URLs -Attacker convinces victim to click on link -HINT: Project 2, Problem 2 Cookies

Thread Sandbox

Shared memory + isolated concurrency Threads interact via memory & IPCs Tainted threads can be killed and restarted -"Do one thing and do it safely" -A "policy engine" can blindly enforce data interactions and data exchanges -Very useful for web browsers --Request content, run JS, render image, etc are *very* different things with predictable inputs and outputs -Better than nothing but is exceptionally hard to get correct on non-trivial logic

Counter Mode (CTR)

Similar to OFB mode, but instead of using a random IV value CTR mode increments an IV counter for each plaintext block. GOOD -- key-unique nonce, if key is known then CTR is compromised -Key-unique nonce || counter to avoid ECB mode inter-block leak -No padding because used as stream cipher --CT = Encrypt(key, IV) XOR block || = concatenation Nonce || Counter combined with key into block cipher and that output is XORed with a block of plaintext resulting in CT The counter is incremented for use in the next block cipher

Malware Installed via User

Social Engineering -User is tricked into installing themselves -Can be last-resort of drive-by-download Freeware/Shareware -Cheap, low-effort applications as bait -Packed w/ arbitrary libs -If you can't figure out what the product is... it's probably you. Untrusted sources -Even if it works 100% the same, it's most likely not -SIDE-LOAD APKs are extremely dangerous "Cracked" software -Promise of free-version of paid software -Often actually are "key-hacked" version -WaReZ, Torrents, P2P "Bundled" software -Installs the software you want to install -Also install its friends

Problems with MFA

Something you know = something you can forget Something you have = something you can lose Something you are = something that you can mimic or cease to be

DoS Defenses

Standard DoS attacks are relatively easy to defend against via standard defenses. -Over Provisioning-Infrastructure is built for more load than is expected -Active Defenses -IPS automatically blocks abnormally high-traffic clients -Puzzles-When under duress, server requires client to solve CAPTCHA Advanced DoS attacks require specialized defenses and custom infrastructure. -use of cloudflare and others to help network huge amounts traffic --traffic goes through cloudflare --someone contacts your website, their request goes to cloudflare instead of to your website. Cloudflare requests it from your website. If someone comes again, cloudflare already has a copy of that request. This help against botnets flooding a server.

Surveillance

Surveillance is the act of monitoring a person, place, or group for explicit purpose of gathering information on their activities. HUMINT: Human Intelligence =Alice says Bob is at work right now GEOINT: Geospatial Intelligence =Imagery says Bob is at work right now SIGINT: Signals Intelligence =ELINT: Bob's phone is at his work right now =COMINT: Bob texted his wife that he was at work

3DES (Triple DES)

Symmetric Key Algorithm, Applies DES three times (to each data block), 168-bit key BAD -1995 -A "hot patch" for DES via RFC -Exact same algorithm -Encrypt -> decrypt -> encrypt why bad? -Vulnerable to "meet-in-the-middle" attacks (brute force), only gives 112 bits of security since 56 bits was already broken (DES) 168-56 = 112 -2016 -Practical collision attack (Sweet32)

TLS vs SSH

TLS: -Usually anonymous client (server-auth) -Almost always PKI for auth (CAs + SSL certs) -Lots of optimization for static(ish) content -Large number of connections to large number of hosts -Minimal/Optimized setup SSH: -Forced Bi-directional authentication -Almost always auth via manual-config + TOFU -Focused on real-time & bi-directional data -Small number of connections to small number of hosts -Very verbose setup

Usage: Out-of-Band Secret

TPM available over removable USB Explicit trust boundary Greatly improved usability with strong security properties

Example: Secure Boot

TPM validates firmware signature before booting If invalid, refuse to launch bootloader Used as foundational trust for validating higher-level software

What is the Web?

The "web" is an array of protocols, standards, and un-written conventions for providing content via the Internet. -Javascript, HTML, HTTP,HTTPS, URL, ... -More "frameworks" than should ever exist in the history of the universe *The web was built to serve cat pictures* NOT SECURE

ARP protocol

The Address Resolution Protocol (ARP)allows hosts to map IP addresses to MAC addresses in a peer-to-peer manner. -Local table of IP <-> MAC addr for local IPs -ARP Probe --"What MAC is associated with 1.1.1.1?" -ARP Announcements --"Have IP 1.1.1.1 and my MAC is XX:X...X:XX" --"I am the gateway to the Internet at XX:X...X:XX" "Default gateway" is path to the Internet

IPv4

The Internet Protocol version 4 is the dominant protocol for routing traffic on the Internet, specifying "to" and "from" addresses using a dotted decimal such as "122.45.255.0". -Commonly used for client-side addressing -4-byte address (232total == ~4 billion) --172.19.144.53 -Commonly referenced in "CIDR notation" --1.1.1.0/24 --> 1.1.1.0 -1.1.1.255 (first 24 bits are frozen)

IPv6

The Internet Protocol version 6 provides a large number of new addresses to route Internet traffic, using "from" and "to" addresses written as colon-hexadecimal notation, such as "fe80::42:acff:feaa:1bf0". -Sometimes used for server-side addressing -16-byte address (264total == ~18 quintillion) --2001:0db8:0000:0000:0000:ff00:0042:8329 -Will be the standard in 1999, 2004, 2008, 2013, 2016, 2017, 2020, 2025? Who knows....

Mirai botnet

The Mirai Botnet was mostly comprised of IoT/embedded devices breached via default usernames/passwords. -~600k bots generating 600GB -1TB of flood traffic towards victim -Took down DynDNSfor ~2 hours in 2016 (Major provider for US)

Physical Layer

The OSI layer provides the means for transmitting data bits over a physical medium (electrical engineering stuff). The actual encoding mechanism used to represent bits in a physical form. Lots of different ways to modulate signals -AM/FM, QPSK, PWM, ... Lots of ways to transit signals -RF, electrical impulse, blinking lights Mostly handled by EE not CS

Secure Shell (SSH)

The Secure Channel (SSH) protocol is another widely-used secure channel optimized for terminal-access and administration. -Similar but significantly different messages. -Bi-directional public keys for authentication -Uses "PEM" encoding, not X509 -Structured trust dependencies are very rare

Call Stack

The call stack is all of the call frames of the currently executing function calls (e.g. the main function call and all of its helper functions). These call frames are arranged in a stack, with the original function up top, and the most recent function call at the bottom. If the current function calls a helper function, you add a new frame to the bottom. When a helper function completes, you remove the call frame from the stack. -Starts at 0xffffffff -Grows toward 0x00000000 Bottom of stack is highest address and top is lowest address -ESP ( ) points to top-of-stack --"Stack Pointer" -EBP ( ) points to bottom of current frame --"Base Pointer" / "Frame Pointer"

Hash Collision Attack

The collision attack lets us generate two messages with the same MD5 hash and any chosen(identical) prefix. Due to MD5's Merkle-Damgård construction, we can append any suffix to both messages and know that the longer messages will also collide. This lets us construct files that differ only in a binary "blob" in the middle and have the same MD5 hash, i.e.prefix‖blobA‖suffix and prefix‖blobB‖suffix have the same MD5 hash

TLS Protocol

The foundation of many/most (but not all) client traffic protection on the internet. It isn't secure? The solution is probably TLS. -FTP --> FTPS (file transfer) -IMAP/POP3 --> IMAPS/POP3S (client-to-server email) -SMTP --> SMTPS (server-to-server email)

Root-of-Trust

The fundamental secrets that are used for achieving the three fundamental properties (confidentiality, message integrity, sender authenticity)

Application Layer

The highest-layer protocol and handles the logical interactions between endpoints. ex. HTTP, SMTP, DNS, etc.

Authentication

The mechanism by which parties prove their identity to the others

Root Certificate

The original digital certificate issued by a Certification Authority.

Electronic Codebook Mode (ECB)

This means to encrypt each block independently, using the same key for each. It is rarely used. -The message is divided into blocks, and each block is encrypted separately. -Blocks of plaintext combined with key through the block cipher encryption give a Cipher text output, this is done independently for every block of plaintext -Pad last block to correct length -Each block of plaintext fed through cipher -Embarrassingly parallel, random access BAD -why bad? --Because ECB encrypts identical plaintext blocks into identical ciphertext blocks, it does not hide data patterns well. || every block of plaintext has same cipher text value & vice versa, doesn't change --Lack of Diffusion: What is Diffusion? -if we change a single bit of the plaintext, then (statistically) half of the bits in the ciphertext should change. Also, if we change one bit of the ciphertext, then approximately one half of the plaintext bits should change.

Long & Tedious Ballots

Too many races to make informed decisions on all Give up and not make it to the end of ballot Forget to flip it over for races on the back

Onion Routing

Tor is an option for protecting against network-level attacks =Strictly better S&P b/c no single-point of failure for single actor

Preventing CSRF

Use SameSite cookie attribute -Cookie will only be sent on requests that originate from the original sender Secret HTML tokens -Website adds random tokens to its form-inputs and ensures that they are returned Referer Validation -The server checks the contents of the "referer" header in order to validate request's origin

Stream Cipher

Use a keystream generator and encrypt a message one bit at a time, usually implemented in hardware -Shared key known by all participants -Key is "expanded" to the length of the message (using PRG). This helps with our problem in One-time Pads. -Infinite length One-Time Pad Plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, this gives a digit of the ciphertext stream. In practice, a digit is a bit and the combining operation is XOR.

Multi-factor authentication

Use of several authentication techniques together -Something you know --Password, PIN, pattern -Something you have --Phone, security token, ID card -Something you are --Biometrics

Telescoping Encryption

Used in Onion Routing. -As connections traverse "circuit" to destination, layers of encryption are removed one-by-one at each node -At the exit node, message is not encrypted -As connection traverses "circuit" back, layers of encryption are added back. Example: -At entry node: Encrypt1(Encrypt2(Encrypt3(message))) -At first middle node: Encrypt2(Encrypt3(message)) -At second middle node: Encrypt3(message) -At exit node: message -Back to second middle node: Encrypt3(message) -Back to first middle node: Encrypt2(Encrypt3(message)) -Back to entry node: Encrypt1(Encrypt2(Encrypt3(message)))

Elliptic Curve Diffie-Hellman (ECDH)

Uses elliptic curve cryptography instead of prime numbers in its computation -Operates on elliptic curves over prime-order finite-fields -Widely used curves are named and their names may/may not be meaningful

How Diffie-Hellman Functions

Very Similar to RSA BUT not identical -Uses a prime modulus p instead of a composite modulus n -Uses a generator, g, instead of a message m -Modular Exponentiation w/ Prime Modulus --Multiply a value by itself enough times over a prime-order finite field and you can't figure out how many times you multiplied it -Each actor selects a secret (a, b) -Create/Send "keyshares" based on secret -Use secret and others' keyshare to create a shared secret only known to actors -standard generator g -prime modulus p Alice -> g^a mod p Bob -> g^b mod p How it works is ... g^ab mod p == g^ba mod p

Cyber-kneecapping: Backdoors

are a mechanisms used to surreptitiously weaken what is thought to be strong defenses. Most obvious is a password or interaction sequence that allows access

Voter Authentication

Voter Authentication is that votes are cast only by eligible voters and within the rules of the election. Eligible Voters - Rules differ greatly Number of Votes - Usually 1x but not always

Voter Enfranchisement

Voter Enfranchisement is that all voters are given the opportunity to vote. Inclusive Reasonable

Optical Scan Systems

Votes are marked on hard-copy paper ballots Ballots stored on-device & on-paper Running-count maintained and outputted at the end

What to do instead of internet voting?

We continue educating people on election security issues -Citizens, election officials, politicians, etc We keep trying to solve very hard problems -Usability, Attestation, Cryptography, etc We do the best we can with what we have

Why are URL's ineffective/unusable?

Were originally built to be readable and understandable but are not anymore -Were a replacement for BBS & AOL Keywords (dominant in 1990s) -You can't trick users into looking at them and web security is built around users noticing that they are malicious --why phishing is so prominent, no one checks their URL

Explicit Assumption

What are the creator's intentions? Who does the creator rely on?

What are questions that a defender should be asking?

What assets am I trying/needing to protect? Who am I trying to defend against? Who am I willing to let succeed? What am i willing to trade for security? (Cost v Benefits)

What questions should an attacker consider?

What is the easiest way in/gain access? What is assumed about the system? What did the defenders forget to consider?

Example of one way secure channel

What's 1+1? Include ABCD --> <-- AES256_GCM_SIV(key, ABCD || 2), IV, sig IV || CT AES256_GCM_SIV is your block cipher(AES), nonce reuse resistant using GCM with your key and a nonce ABCD(given by alice) concatenated with the message (2) Then you have your initialization vector It is then signed using the IV concatenated with your cipher text *Alice needs Bob's public key to decrypt/verify signature

TCP (Transmission Control Protocol)

Works at both ends of most Internet communication to ensure a perfect copy of a message is sent. -Complicated connection-oriented protocol -Usually the default for communications -Handles many different aspects --Dropped packets, congestion control, etc

Binary Whitelist

a common technique in enterprise networks used to restrict what applications can be run by the user. -Administrators make a list of approved binaries and OS blocks everything else -Prevents user from running arbitrary code -Major effort to keep updated

Denial of Service Attack

a cyber attack in which an attacker sends a flood of data packets to the target computer, with the aim of overloading its resources OR type of attack which desires to prevent legitimate users from accessing a service. -Come in many different varieties -Usually based on an "asymmetric" tradeoff that favors the attacker --Attacker's cost is very small but defender's cost is very high

Botnet Zombies

a device that has been infected with malware that causes it to participate in a botnet. -Contribute DDoS traffic -Act as a "jump-box" for arbitrary maliciousness -Whatever the owner wants to rent it for

Trusted Execution Environment (TEE)

a general computation environment that provides additional security properties such as access to keys, memory encryption, etc.

Postal Voting

a generic systems where an empty ballot is physically sent to the voter, filled-out remotely, and returned to a central tally location. -Absentee voting, vote-by-mail, mail-in voting, vote via mail -Naïve way provides near-zero protection

NOP Sleds & Repeats

a hacker sends a large number of NOP instructions into the buffer, appending command code instruction at the end. -NOP: "no operation" (i.e. do nothing) -"Sled" consists of many NOPs before desired first instruction --If execution begins anywhere in the sled, then effectively starts where desired -"Repeats" are multiple attempts at overwriting a target value

Digital Signature

a means of electronically signing a document with data that cannot be forged a cryptographic value that represents the private key holder's recognition of the data being signed -Sign data with the private key -Verify data with the public key

Block Cipher

a method of encryption that processes blocks of data rather than streams -manipulates an entire block of plaintext at one time -fixed-size input & output -really fast -Substitutions from secret internal state ("S-Boxes") -Multiple "rounds" to increase substitutions Take a block of plaintext with a key and put it through a rounded function - R(k,m) Do this for however many blocks of plaintext you have

Digital Certificate

a notice that guarantees a user or a website is legitimate

Firewalls

a part of a computer system or network that is designed to block unauthorized access while permitting outward communication. "generic name for a network component that blindly applies a rule-based policy to allow/drop network traffic" Logically, the rules are straight-forward --DO allow port 80 (HTTP) --DON'T allow port 22 (SSH) --DON'T allow port 21 (FTP) UNLESS from remote office

Trojan Horse

a program that appears desirable but actually contains something harmful OR generic type of malware that gains access to the device by claiming to be useful to victim. -Social engineering attacks -Fake anti-virus -Re-packages apps

Forward Secrecy

a property of any key exchange system that ensures that if one key is compromised, subsequent keys will not also be compromised OR property that traffic can not be decrypted by compromising either endpoint after the channel has been destroyed. -Content is protection against future compromises not current/previous --protects past sessions against future compromises of keys/passwords -generate unique session key for every session a user initiates

Stack Frame

a section of the runtime stack holding the values of all variables for one invocation of a procedure. OR A stack frame is a logical area of the call stack which is associated with a single function's execution instance. -Local variable are self-contained -Locally-used heap variables pointers -Record-keeping elements stored in-between

HTTP Cookies

a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. OR small data chunks that the client stores and returns to the server with requests. -Many, many uses: --Personalization info --Client-specific state --Session authentication -They are really bad when it comes to S&P

Password Manager

a software application that stores and organizes encrypted passwords for a user and is accessed using a single, strong master password -Greatly improves best practice usability -User only has to remember single secret -Can integrate MFA *Not all password managers are created equal

Worm

a software program capable of reproducing itself that can spread from one computer to the next over a network OR a virus that has the ability to spread itself to other devices automatically. -Most commonly via vulnerable network services and network clients -Technique can be re-used for other types of attacks and combined for more impact

Ethernet Protocol

a software program commonly used to connect computers to create a LAN -Media Access Control (MAC) addresses --DE:AD:BE:EF:4D:AD --"MAC address" is different from a "MAC" -Originally "globally unique" addresses --3-byte manufacturer + 3-byte device ID --No longer the case

Diffie-Hellman key exchange

a symmetric standard for exchanging keys. primarily used to send private keys over public networks. It is a construction through which two parties can safely create a shared secret in the presence of a passive attacker -can be used for signatures... but rare -used for exchanging keys (obviously)

Internet/Online Voting

a system where votes are cast via the Internet and often is compared to vote-by-mail in terms of security.

Code Signing

a technique that uses an architecture similar to TLS CAs to ensure the provenance of code. -Similar to binary whitelisting but much more broad and flexible -Attackers can identify correctly signed but weak binaries and use them as loaders

Cross-Site Scripting (XSS)

a technique used to compromise database data in which web page scripting is injected into the server OR An attack that injects scripts into a Web application server to direct attacks at clients OR a class of attacks which extends Content Injection to execute JavaScript in the victim's browser. -Content injection attack with JS injected -Often use "polyglots" to test websites

Obfuscation

a technique which "munges" messages in a way that can be reversed with trivial effort

Containers

a type of virtualization that allows for shared operating systems for more resource savings and faster execution Shared kernel w/ isolated perspective -Each container thinks it's the only thing running on the entire computer Managed via a OS-level "engine"

Key Distribution

actors obtaining cryptographic values (secret or not) in a trustworthy manner Symmetric - both parties need access to a shared secret Asymmetric - Verifier needs to obtain signer's public key

Double-Envelope Approach

allows security properties to be implemented with reasonable trade-offs. -Outer: Identity/verify info -Inner: Ballot w/o info -After accepted, the outer is discarded

Cryptography Accelerator

an add-on component that allows software to leverage custom ASICs for improved performance. Operations are often well-defined and repetitive -14-rounds for AES256 -Trial-and-error for bitcoin mining -Standardized protocols ASIC allows optimized pipelines for specific behavior

PRNG (Pseudo Random Number Generator)

an algorithm that generates a sequence of numbers that seems random but is actually completely predictable maps k-bit random input to an n-bit pseudo random output (n>k) -small amount of randomness turns into a large amount of kinda randomness -use a secret "seed" (s) for unpredictability -not safe for generating keys -safe for some cryptographic uses

Nonce

an arbitrary number that can be used just once in a cryptographic communication -pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks

Credential Stuffing Attack

an attacker reusing known username-password combinations from one breach on a separate service -Relies on: --Ubiquity of accounts --Static email addresses --Password reuse --Laziness

HTTPS Spoofing

an attacker uses a domain that looks very similar to that of the target website. With this tactic, also known as "homograph attack", the characters in the target domain are replaced with other non-ASCII characters that are very similar in appearance. The unsuspecting user is very unlikely to notice the difference and is rest assured by the browser's secure connection indication. This is after they inject their own root CA into the client's browser and that's why it has the secure connection indicator Looks very similar to Phishing

One-time pad

an example of perfect (unbreakable, proven, guaranteed) encryption -achieved by using, only once, a random key that is as long the message itself. -really fast, really simple -uses XOR -key has to be as long as message which results in a problem ... if your message is 10Gb then your key must be 10Gb ... that's a lot of space taken CT[i] = Msg[i] XOR Key[i] ex. Plaintext 011010101101001100 Key XOR 110101010101101011 CipherText 101111111000100111 Decrypt by XORing key with CT to get plaintext The key must be truly random. The key must be at least as long as the plaintext. The key must never be reused in whole or in part The key must be kept completely secret

SOL-Injection Attacks

are a technique that exploits mechanical database queries to gain full-access to an SQL database. Conceptually similar to injecting shellcode, XSS, and "shell injection" techniques = Exploits data vs. code confusion = "Escape" data element via built-in syntax Very common in web applications Example: Expects: '123' SELECT * FROM Users WHERE id = 123; Gets: '1 OR 1=1' SELECT * FROM Users WHERE id = 1 OR 1=1; Evenworse: '1; DROP TABLE Users'" SELECT * FROM Users WHERE id=1; DROP TABLE Users;

Cyber-kneecapping: Cryptographic backdoors

are ones who allow the holder of a secret to compromise the cryptography involved.

Cyber-kneecapping: Permitted weaknesses

are those which a nation-state has awareness of but chooses not to disclose of their existence.

Return-to-Shellcode

binary exploitation technique in which the attacker injects and executes pre-compiled instructions. -Insert instructions into buffer -Change EIP to point to own instructions -Achieve "remote code execution"

Authenticated Encryption with Associated Data (AEAD) Cipher Modes

cipher modes provide confidentiality and message integrity simultaneously -does not provide sender authenticity -Commonly use seal() and unseal() instead of encrypt() and decrypt()

Ransomeware

encrypts" the victims files and then tries to sell the decryption key. -Usually encrypts files with random secret and then encrypts that secret with pub-key -The attacker will decrypt the local encryption key once they're paid. -...sometimes...

How TCP handles dropped Packets

ex. Server can't send a full picture over the internet; therefore, they send 1/2 the pic instead. Client send an ACK saying they got it and to send more. The server send the other 1/2 ... the client sends ACK saying it got it. Secure packet transfer ... BUT What if the first 1/2 of the picture was dropped, the server sent the second 1/2 after the first. Client says "hey I only got part 2 of the pic". Sever sends the first part again and TCP rearranges the packets in the correct order (first 1/2, second 1/2).

Modify-On-Scan Attack

ex. Unclear Ballot seamlessly moves marks to the attacker's preferred candidate while preserving the voter's marking style. It is effective for a wide variety of marks and ballot designs. In the examples above, original ballot scans are shown on the left and manipulated images on the right.

Binary Exploitation

general name for techniques used to intentionally trigger bugs in a way meaningful to the attacker. -Not all buffer overflows are controllable -Even if controllable, may not be exploitable -Even if exploitable, may not be predictable -Even if predictable, may not be useful

Key Generation Algorithm

generates a related key pair simultaneously

Content Injection

generic name for attacks that are reliant on the web servers incorrectly trusting user-generated data. -inject arbitrary text into the website in order to change what is displayed to the viewer.

Spam

generic name for mass, untargeted advertising via the Internet. -Email, chat messages, SMS, robocolls -Goal is fraud and not credentials

Link Layer

handles all the physical details of interfacing with the cable, including the network interface card and a device driver. responsible for addressing and switch for intra-network endpoints -Switches dispatch to next switch based on physical port tables -"Talking among friends" -Everything inside a single router's scope

Principle of Complete Mediation

having a trusted entity validate any privilege use to ensure its validity. -OS checks if user X can run app Y

URL Example

https://example.com/about.html?src=home -Protocol: HTTPS -Host: example.com's IP address -Port: 443 (implicit via HTTPS) -Page to Display: About -Format of Page: HTML -Where came from: Home-page ("src")

Padding

includes adding data to the beginning, middle, or end of a message prior to encryption. In classical cryptography, padding may include adding nonsense phrases to a message to obscure the fact that many messages end in predictable ways

Network Input Buffer Overflow

int getField(intsocket, char* field) { intfieldLen= 0; read(socket, &fieldLen, 4); read(socket, field, fieldLen); return fieldLen; } int read(int socket_to_read,char* dest_buf,size_tlen_to_read);

Adversary

intelligent actor (person, group, organization) not restricted by expectations has own capabilities, motivations, intentions

Advanced Persistent Threat (APT)

is a class of actors with special characteristics. Advanced: Access to or able to develop special-purpose tools and techniques Persistent: Predefined targets and leverage continued/long-term access Threat: Intelligent and coordinated action across entire spectrum of operation

K-Anonymity

is a less-awful way to anonymize data that generalizes it until no longer re-identifiable to a chosen degree.

Global Passive Adversary

is a type of nation-state behavior that is able to monitor nearly-all traffic on the Internet. Do not have full control or insight but effectively do Think of a "Super Eve"

Shelling-Out

is a very common technique that involves calling a bash command from an application to perform canonical actions. Commonly used to do complicated but common and self-contained operations -File operations, start/stop other processes, etc Is unsafe when using untrusted input -Usually ends in "shell injection" vulnerabilities

Initialization Vector (IV)

is an arbitrary number that can be used along with a secret key for data encryption. This number, also called a nonce, is employed only one time in any session. -Basically it is a block of bits used to randomize the encryption & to produce distinct ciphertexts even if the same plaintext is encrypted multiple times (without the need for a slower re-keying process) Technically: "A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment."

Cryptographically Secure Pseudorandom Number Generator (CSPRNG)

maps a k-bit random input to arbitrary-length pseudorandom outputs -similar to PRNG but more more complicated (also slower and harder to implement) AKA better but slower -safe for generating keys & all other randomness needed for cryptography - it is the only trustworthy way to generate arbitrary amounts of randomness from a seed

AES-GCM-SIV

mode of operation for the Advanced Encryption Standard which provides similar performance to Galois/Counter Mode as well as misuse resistance in the event of the reuse of a cryptographic nonce -SIV = Synthetic Initialization Vector -2019-- very new -nonce resistance version of GCM -still provides confidentiality & message integrity even if the nonce is reused.

Buffer Overflow

occurs when a program tries to place more information into a memory location than it can handle. OR lass of memory corruption bugs where a program inserts to put too-much data into a too-small memory allocation. void print_name(char** argv) { char buf[10]; strcpy(buf, argv[0]); printf("Running: %s", buf); }

Pseudo Random Function (PRF)

output mimics randomness regardless of input -output always "looks" random -Inputs are kept secret so attacker must guess what the output is -sounds like hash functions but isn't -using hash as PRF doesn't make it more random -using a HMAC as PRF is better HMAC(seed, x) = y seed is k & y is n

Internet Layer

responsible for addressing, packaging, and routing messages on the Internet. responsible for addressing and routing for inter-network communications. -Routers dispatch to next router based on destination groups -"Talking between organizations" --Logically grouped into "Autonomous Systems" (ASes)

Transport Layer

responsible for providing communication with the application by acknowledging and sequencing the packets to and from the application. (responsible for ensuring that the data is processed in an orderly manner.) Usually uses "ports" to indicate which program sent or should handle a message Lost message recovery Congestion control

ROP Gadgets

ret ==0xc3 -Could be part of another instruction -Could be part of an address X86 uses "variable length instructions" -The instructions' bytes are interpreted based on where decoding starts (EIP location) Any 0xc3byte is a valid ROP gadget

Malware

software that is intended to damage or disable computers and computer systems. -Operate in a non-obvious manner -Cause S&P harm in some form or fashion

Authentication in Securtiy

the act of confirming whether or not a piece of data claimed true by an entity is actually true -Often used in relation to an identity --Website authenticates user's identity via username and password --Phone authenticates user's identity via fingerprint, facial features, or PIN/password

Reflection Attack

the attacker sends packets to a known service on the intermediary with a spoofed source address of the actual target system. When the intermediary responds, the response is sent to the target. OR type of network attack where the traffic is "bounced" through a third-party in order to hide its source. -Usually relies on forging the source IP --Causes the 3P to send traffic to the victim -Victim can block the "source" but attacker can simply change the "source"

HTTP (Hypertext Transfer Protocol)

the protocol used for transmitting web pages over the Internet; base-protocol through which web servers and web clients communicate. -Idea is extremely simple -Implementation is extremely complicated

Public Key Infrastructure (PKI)

the system for issuing pairs of public and private keys and corresponding digital certificates OR is a complex system of actors, rules, and procedures intended to instill trust in the true owner of a given public key. Major Models: -Web of Trust -Distributed peer-to-peer network -Certificate Authorities -Trusted 3rd party network

HTML (Hypertext Markup Language)

the written code that creates Web pages and links; a language all computers can read -root mechanism for all web content BUT In 2020, almost no one builds websites in HTML anymore due to time/skill required. -Frameworks are almost universally used for building -ColdFusion, NodeJS,TrueForms, ASP.NETLaravel, Django, PHP, Ruby on Rails, Flask -WORDPRESS SHOULD DIE IN A FIRE People need to start using HTML for their websites, there are so many mistakes that can me made when you use prebuilt websites/website builders, etc. ... plus there's so much you can do with HTML

Implicit Assumption

think "outside the box"

Shellcode

transfer control to a user command-line interpreter, which gives access to any program available on the system with the privileges of the attacked program. OR small piece of code used as the payload in the exploitation of a software vulnerability -Compile your own code to be executed -Inject into the binary -Jump to your binary instructions void injected_function() { spin_target: goto spin_target; }

Public Key Cryptography

uses two keys: A public key the sender uses to create encrypted messages. (pub-key ... pk) A mathematically-related private key that the receiver can use to decrypt messages encrypted by that public key. (priv-key ... sk) asymmetric- Not a single shared secret between all parties (b/c one has pub key and other has priv key)

Control Flow Hijacking

when the attack gains the ability to maliciously influence the program's execution path. -End-goal of most binary exploitation attacks and technique *If you control EIP, you control the world.*


Kaugnay na mga set ng pag-aaral

Geometry 2nd 6 weeks Exam Review

View Set