Domain 3 - Security Engineering
waiting
"waiting for a resource" -process is ready for continued execution but is waiting for a device or access request
Asymmetric Cryptography
(Based on solving complete match problem) -Sender and receiver have public and private keys. -Public to encrypt a message, private to decrypt -Slower than symmetric, secret key (100 to 1000) Public Key Algorithms: RSA - (Rivest, Shamir, & Adleman) works with one way math with large prime numbers (aka trap door functions). Can be used for encryption, key exchange and digital signatures) Diffie Hellman Key exchange - about exchanging secret keys over an insecure medium without exposing the keys el Gamal - works with discrete logarithms, based on Diffie Hellman <<<<<DSA Digital Signature Algorithm - the US Government Equivalent of the RSA algorithm>>>>>> ECC - Elliptic Curve Cryptosystem - mathematical properties of elliptical curves, IT REQUIRES FEWER RESOURCES THAN RSA. Used in low power systems (mobile phones etc.) BOTH a hashing and an asymmetric key algorithm; MD5 & ECC
Interface
- API - Physical - Virtual
Cross site forgery aka CSRF, XSRF, Seasurf
- Auto log off (website). - Prevent HTTP Get requests. - Re-architect web app.
Symmetric Cryptography
- Both the receiver and the sender share a common secret key. - Larger key size is safer > 128 - Can be time-stamped (to counter replay attacks) - Does not provide mechanisms for authentication and non-repudiation DES (data Encryption Standard) comes from IBM - DEA Data Encryption Algorithm x3.92, using 64 block size and 56bit key with 8bits parity - 16-rounds of substitution and transposition cryptosystem - Adds confusion(conceals statistical connect between cipher text and plaintext) and Diffusion (spread the influence of plaintext characters over many cipher text characters by means of transposition like HIDE IHED) - Triple des = three times encrypted DES, preferably with 3 different keys = DES-EE3. Actual key length = 168 bits. Uses 48 rounds of computations (3x16) - Replaced by AES Advanced Encryption Standard AES Advanced Encryption Standard - - one of the most popular symmetric encryption algorithms - NIST selected it as a standard replacement for the older Data Encryption Standard (DES) in 2001. - BitLocker (a full disk encryption application used with a Trusted Platform Module) uses AES - Microsoft Encrypting File System (EFS) uses AES for file and folder encryption - AES supports key sizes of 128 bits, 192 bits, and 256 bits, and the US government has approved its use to protect classified data up to top secret - Larger key sizes add additional security, making it more difficult for unauthorized personnel to decrypt the data. - Keys are 128, 192, and 256 bits, blocks 128 bits. Rijndael Block Cipher Algorithm - for speed, simplicity and resistance against known attacks. Variable block length and variable key lengths (128,192 and 256 bits) Not selected for AES were: - RC5 - variable algorithm up 0 to 2048 bits key size - Rivest Cipher 5, or RC5, is a symmetric algorithm patented by Rivest, Shamir, and Adleman (RSA) Data Security, the people who developed the RSA asymmetric algorithm. - RC5 is a block cipher of variable block sizes (32, 64, or 128 bits) that uses key sizes between 0 (zero) length and 2,040 bits. - IDEA - International Data Encryption Algorithm 64 bit plaintext and 128 key length with confusion and diffusion used in PGP software patented requires licenses fees/free noncom. - Two fish - key lengths 256 bits blocks of 128 in 16rounds (BEAT OUT BY Rijndal for AES, based on Blowfish) Blowfish - by Bruce Schneider key lengths 32 to 448 bits, used on Linux systems that use bcrypt (DES alternative - Key exchange between two people: 1. Out of band exchange: Mail, face to face. 2. In-band exchange: Diffie Hellman (uses prime factorization) like elliptic curve.
Interfaces (Unintended )
- Covert Channels: Allow backdoor communication. 1. Covert Storage Channels - IMCP Echo Request 2. Covert Timing Channals - Port Knocking
Security Monitoring
- Reference Monitor and security kernel are used to determine whether a user should be allowed to access an object - "complete mediation" means that all subjects must be authenticated and their access rights verified before they can access any object
High Availability (HA)
- Use multiple systems to protect against some system failure
ISO/IEC 21827:2008 SSE-CMM (Maturity Model)
BIGGEST JUMP IN MATURITY MODEL? 2 - 3. FROM REACTIVE TO PROACTIVE
direct addressing
CPU is provided with an actual address of the memory location to access -must be located on the same memory page as the instruction being executed -more flexible than immediate addr
register addressing
CPU uses this to access register content to complete an operation
Local Cache
Cache poisoning attacks: Insert false records into local cache.
Certification and Accreditation
Certification - is evaluation of security features and safeguards if it meets requirements. Certification is the comprehensive evaluation of the technical and nontechnical security features of an IT system and other safeguards made in support of the accreditation process to establish the extent to which a particular design and implementation meets a set of specified security requirements. Done internally by technical team (please note that "verification" is an extension of this but it's performed by a 3rd party). Accreditation - the formal declaration by the designated approving authority (DAA) that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk. Once accreditation is performed, management can formally accept the adequacy of the overall security performance of an evaluated system. System accreditation - a major application or general support system is evaluated. Site accreditation - the applications and systems at a specific, self-contained location are evaluated. Type accreditation - an application or system that is distributed to a number of different locations is evaluated. Accreditation: Authorization to Operate (ATO) Interim Authorization to Operate (IATO) Interim Authorization to Test (IATT) Denial of Authorization to Operate (DATO)
Code vs. Cipher
Code - subs in one word for another, provides secrecy. Cipher - Uses math to encrypt and decrypt messages.
Systems Engineering & Modeling (194)
Common Criteria ISO 15408 - Structured methodology for documenting security requirements, documenting and validating **** A SECURITY PRODUCT MAY BE CERTIFIED Defines a protection profile that specifies the security requirements and protections of a product that is to be evaluated. Organized around TCB entities. Evaluation Assurance Levels (EAL) - EAL0 -Inadequate assurance - EAL1 -Functionally tested - EAL2 -Structurally tested - EAL3 -Methodically tested and checked - EAL4 -Methodically designed, tested and reviewed - EAL5 -Semi formally designed and tested - EAL6 -Semi formally verified design and tested - EAL7 -Formally verified design and tested Target of Evaluation (TOE): the product Protection Profile (PP): set of security requirements for a category of products that meet specific consumer security needs Security Target (ST): identifies the security properties of TOE Security Functional Requirements (SFRs): Specific individual security functions
Goals of Cryptography
Confidentiality Integrity Proof of origin Non-repudiation Protect data at rest Protect data in transit
Techniques for Ensuring CIA
Confinement - to restrict the actions of a program. Simply put, process confinement allows a process to read from and write to only certain memory locations and resources. This is also known as sandboxing. Bounds - a process consist of limits set on the memory addresses and resources it can access. The bounds state the area within which a process is confined or contained. Isolation - When a process is confined through enforcing access bounds that process runs in isolation. Process isolation ensures that any behavior will affect only the memory and resources associated with the isolated process.
Control Frameworks (223)
Consider the overall control framework or structure of the security solution desired by the organization. COBIT - Control Objectives for Information and Related Technology, is a documented set of best IT security practices crafted by the Information Systems Audit and Control Association (ISACA). It prescribes goals and requirements for security controls and encourages the mapping of IT security ideals to business objectives. COBIT 5 - is based on five key principles for governance and management of enterprise IT: Principle 1: Meeting Stakeholder Needs Principle 2: Covering the Enterprise End-to-End Principle 3: Applying a Single, Integrated Framework Principle 4: Enabling a Holistic Approach Principle 5: Separating Governance from Management. COBIT is used not only to plan the IT security of an organization but also as a guideline for auditors.
Digital Certificates
Contain specific identifying information and their construction is governed by international standard (X.509), creation and validation of digital certificates. Who signs a digital certificate - someone vouching for person not the person. CRLs - Certificate Revocation Lists are maintained by the various certificate authorities and contain the serial numbers of certificates that have been issued by a CA and have been revoked along with the date and time the revocation went into effect. - Online certificate status protocol (OCSP) -.CSR contains public key and identity info.
full qualified domain name
FQDN
Certificate and Key Storage
For two-key-pair applications, where the encryption key pair and the corresponding public key certificate are created by the CA, the encryption public key certificates are most often placed in the subscriber's Directory entry and also in the PKI/CA database. Copies of the decryption private key and the encryption public key certificate will be securely sent to the subscriber and will be stored on the subscriber's machine on the disk or HSM. Decryption private keys should never be published, but they should be backed up. In a two-key-pair PKI, the subscriber generates the signing key on its machine and securely stores the signing private key on the disk or HSM. It sends only the verification public key to the CA in a secure manner. The signing private key is not sent to the CA, and it is never backed up in the CA's database. When the CA receives the verification public key, it generates a verification public key certificate. A copy of this certificate is stored in the CA database, and is also sent to the subscriber. Often, when the PKI subscriber sends a signed message to any recipient, it attaches the verification certificate to it. So, a relying party does not have to access the directory to retrieve this certificate, which is required for signature verification. For one-key-pair applications, a dual-usage key pair is generated on the subscriber's machine and stored on the disk or HSM. A copy of the dual-usage private and public key will be sent to the CA. The private key will be stored in the CA database. The CA will use the public key to generate a dual-usage public key certificate and will put it in the user's Directory entry. A copy of this certificate will be stored in the CA database. It will be also sent to the subscriber and will be stored on its machine on the disk or HSM. In summary, there are several places where certificates and public and private keys are stored: PKI/CA database, Directory server, and subscriber's machine. The specifics are highly dependent on PKI implementation and CPS directives.
Key escrow
Government access to keys (in 1990s, Gov. tried with Clipper Chip and failed)
NoSQL
Keys and values. DynamoDB permissions: - All items -> full db access - Get Item -> Retrieve single item - BatchGetItem ->Retrieve many items. - PutItem ->Store a single item. - BatchWriteItems ->Store many items. - DeleteItem ->Remove - UpdateItem ->Modify - Query - Search
OS Kernel ()
Loads & runs binary programs, schedules task swapping, allocates memory & tracks physical location of files on computers hard disk, manages IO/OP requests from software, & translates them into instructions for CPU
Tempest
Shielding and other emanations-reducing mechanism, a technology that allows the electronic emanations that every monitor produces (known as Van Eck radiation) to be read from a distance (this process is known as Van Eck phreaking) White noise - broadcasting false traffic at all times to mask and hide the presence of real emanations. Faraday cage - a box, mobile room, or entire building designed with an external metal skin, often a wire mesh that fully surrounds an area on all sides (in other words, front, back, left, right, top, and bottom). This metal skin acts as an EMI absorbing capacitor Control zone - the implementation of either a Faraday cage or white noise generation or both to protect a specific area in an environment
Cloud Service Models (241)
Original service models - SaaS, PaaS; original deployment model- community & hybrid PaaS - Platform-as-a-Service is the concept of providing a computing platform and software solution stack as a virtual or cloud-based service. Essentially, this type of cloud solution provides all the aspects of a platform (that is, the operating system and complete solution package). The primary attraction of PaaS is the avoidance of having to purchase and maintain high-end hardware and software locally. Customer supplies application code that the vendor then executes on its own infrastructure SaaS - Software-as-a-Service, is a derivative of PaaS. SaaS provides on-demand online access to specific software applications or suites without the need for local installation. In many cases, there are few local hardware and OS limitations. IaaS - Infrastructure-as-a-Service, takes the PaaS model yet anotherm step forward and provides not just on-demand operating solutions but complete outsourcing options. This can include utility or metered computing services, administrative task automation, dynamic scaling, virtualization services, policy implementation and management services, and managed/ filtered Internet connectivity. Deployment Models, parent organization still responsible for patching OS of virtual hosts, CaaS - not a TERM! - Private; cloud-based assets for a single organization. Organizations can create and host private clouds using their own resources. - Community; provides cloud-based assets to two or more organizations. Maintenance responsibilities are shared based on who is hosting the assets and the service models. - Public; model includes assets available for any consumers to rent or lease and is hosted by an external CSP. Service level agreements can be effective at ensuring the CSP provides the cloud-based services at a level acceptable to the organization. Hybrid - mix of public and private
ring 1
Other temporary OS components and operations
PKI Registration
PKI consists of many components: Technical Infrastructure, Policies, Procedures, and People [PKIREGAG]. Initial registration of subscribers (either users, or organizations, or hardware, or software) for a PKI service has many facets, pertaining to almost every one of the PKI components. There are many steps between the moment when a subscriber applies for a PKI certificate and the final state, when keys have been generated and certificates have been signed and placed in the appropriate locations in the system. These steps are described either explicitly or implicitly in the PKI CPS. 1. How the subject proves its organizational entity. 2. How the person, acting on behalf of the subject, authenticates himself in the process of requesting a certificate. 3. How the certificate issuer can be sure that the subject, whose name is in the certificate request, is really in possession of the private key, to which the public key is presented in the certificate request along with the subject's name. Organization certs are used for: Organizational certificates are usually issued to the subscribing organization's devices, services, or individuals within the organization. These certificates support authentication, encryption, data integrity, and other PKI-enabled functionality when relying parties communicate. Among organizational devices and services may be, ■ Web servers with enabled TLS, which support the server's authentication and encryption ■ Web services security gateways, which support SOAP messages' authentication and signatures' verification, encryption, and decryption ■ Services and devices, signing content (software codes, documents, etc.) on behalf of the organization ■ VPN gateways ■ Devices, services, and applications supporting authentication, integrity, and encryption of Electronic Data Interchange (EDI), B2B, or B2C transactions ■ Smart cards for end user authentication Among procedures enforced within applying organizations (before a certificate request to an external CA is issued) are the following: ■ An authority inside the organization should approve the certificate request. ■ The authority should verify that the subject is who he or she claims to be. ■ After that, an authorized person (authorized submitter) within the organization will submit a certificate application on behalf of the organization. ■ The organizational certificate application will be submitted for authentication of the organizational identity. ■ Depending on the purpose of the certificate, an external certificate issuer will try to authenticate the applying organization, which may include some but not all of the following steps, as in the following example [VeriSignCPS]: ¤ Verify that the organization exists. ¤ Verify that the certificate applicant is the owner of the domain name, which is the subject of the certificate. ■ Verify employment of the certificate applicant and if the organization authorized the applicant to represent the organization. Authentication requirements in the process of registration with PKI depend on relations between the CA and the organization, the nature of an applying End Entity (EE) and CP, which is stating the purpose of the certificate. Thus, the organization may have its internal CA or may use a commercial CA to serve its all certificates needs.
Memory Protection
Segmentation - dividing a computer's memory into segments. Protection Keying - Numerical values, Divides physical memory up into particular sized blocks, each of which has an associated numerical value called a protection key. Paging - divides memory address space into even size blocks called pages. To emulate that we have more RAM than we have. SYSTEM KERNAL KNOWS THE LOCATION OF THE PAGE FILE DEP, Data Execution Prevention - a system-level memory protection feature that is built into the OS DEP prevents code from being run from data pages such as the default heap, stacks, and memory pools.
Virtualization (229)
Used to host one or more operating systems within the memory of a single host computer. Such an OS is also known as a guest operating system. From the perspective that there is an original or host OS installed directly on the computer hardware, the additional operating systems hosted by the hypervisor system are guests. - Virtual machine - simulated environment created by the OS to provide a safe and efficient place for programs to execute. - Virtual SAN - software-defined shared storage system is a virtual re-creation of a SAN on top of a virtualized network or an SDN.
Hybrid Cryptography (266)
Uses both asymmetrical and symmetrical encryption - asymmetrical for key exchange - symmetrical for the bulk - thus it is fast - example: SSL, PGP, IPSEC S/MIME Message Digest - summaries of a message's content (not unlike a file checksum) produced by a hashing algorithm, checksum? MAC - Message Authentication Code (cryptographic checksum, small block of data generated by using the secret key then appended to the message).
Elliptic Curve cryptography (ECC)
a 160-bit ECC key is equivalent to a 1,088 RSA key -based on elliptic curve math -uses prime numbers
multiprocessing
a multiple processor computing system (has multiple CPU's) uses multiple CPU's to complete the execution of a single app. -ex, a db server may have 6 or more processors which allows it to handle multiple queries simultaneously
ready state
a process is ready to resume/begin processing as soon as it is scheduled for execution.
symmetric multiprocessing (SMP)
a single computer contains multiple processors that are treated equally and controlled by a single OS
state machine model
a system that is always secure no matter what state it is in -based on CS defintion of a finite state machine (FSM)
Biba Model
-address integrity and not confidentiality/availability -based on Bell-LaPadula -built on a state machine concept, based on info flow, and is multilevel -more common for commercial security models than Bell-LaPadula -focuses on 3 integrity issues: 1) prevent modification of obj's by unauth sub's 2) prevent unauth modification of obj's by authorized sub's 3) protect internal and external obj consistency
device firmware
-commonly contained in printers and modems that store "mini" OS's
multiprogramming
-considered relatively obsolete and rarely found today -involves the pseudo-simultaneous execution of two tasks on a single processor coordinated by the OS -way to serialize multiple processes so that when one process stops to wait on a peripheral, its state is saved and the next process in line begins
memory protection
-core sec component that must be designed and implemented into an OS -otherwise instability, integrity violations, DoS, disclosure are likely results -prevents an active process from interacting with an area of memory that was not specifically assigned/allocated to it
MD2 (Message Digest 2)
-created by Ronald Rivest in 1992 -created to provide secure hash fn for 8-bit processors -pads the msg so its length is a multiple of 16 bytes -16-byte checksum then computed and appended to end of msg -produces 128-bit msg digest -no longer used bc collisions occur, and not a one way fn
TCSEC (Trusted Computer System Evaluation Criteria)
-created by US DoD in 1980's -became known as the "rainbow series" -created to impose sec standards for the systems the DoD purchased and used -replaced by the international Common Criteria -focuses entirely on confidentiality
Brewer and Nash Model (aka Chinese Wall)
-created to permit access controls to change dynamically based on a user's previous activity (making it a kind of state machine model) -applies to a single integrated database -known as Chinese Wall bc it creates a class of data that defines which sec domains are potentially in conflict and prevents any sub with access to one domain that belongs to a specific conflict class from accessing any other domain that belongs to the same conflict class. -i.e, puts wall around each conflict class
Clark-Wilson Model
-designed specifically for the commercial environment -does not define a formal state machine, but instead defines each data item and allows modifications through only a small set of programs -does not require a lattice structure, but instead a three part relationship of sub/program/obj known as a triple or an access control triple -sub's do not have direct access to obj's -obj's can only be accessed thru programs -uses sec labels to grant access to obj's, but only thru a restricted interface model
dedicated mode
-eq to single state systems -each user must have 1) a sec clearance that permits access to all info processed by sys 2) access approval 3) need to know
certification
-first phase in total eval process -i.e, sec capabilities are tested and documented -comprehensive eval of the technical and non-technical sec features of an IT system and other safeguards made in support of the accreditation process -only valid for a system in a specific environment and config. any changes could invalidate cert -"internal verification of sec"
Graham-Denning Model
-focused on the secure creation and deletion of both subj's and obj's -collection of 8 primary protection rules: 1-4) securely create/delete an obj/sub; 5-8) securely provide the read, grant, delete, transfer access right -usually the specific abilities/perm's of a sub over obj's is defined in a ACM
information flow model
-focuses on the flow of info -based on a state machine model -designed to prevent unauthorized, insecure, or restricted info flow, often b/t different levels of sec -dictates the transformation of an obj from one state in time to another state in time
accreditation
-formal declaration by the designated approving authority (DAA) that an IT system is approved to operate in a particular sec mode using a prescribed set of safeguards at an acceptable risk level -often performed by 3rd party -iterative process, and common to request changes -act of mgmt formally accepting an evaluating system, not evaluating the system itself
EAL-7
-formally verified, designed, and tested -used only for the highest risk situations or where high value assets are involved
EAL-1
-functionally tested -some confidence in correct operation is required but sec threats are not obvious
Common Criteria
-global effort to create common sec eval process for computer products -objective is to make eval's: a) eliminate duplicates b) more efficient c) adhere to high standards d) increase availability of evaluated, rated IT products e) eval the functionality and assurance of TOE *using CC to choose a vendor allows clients to request exactly what they need for sec rather than having to use statically fixed sec levels*
SHA (Secure Hash Algorithm)
-govt standards developed by NIST and specified in FIPS 180
multitasking
-handling multiple tasks simultaneously -in reality most systems do not truly multitask, they rely on the OS to simulate this
administrative sec controls
-include facility construction/selection, site mgmt, personnel controls, awareness training, emergency response and procedures
electronic access control (EAC) lock
-incorporates 3 elements: 1) electromagnet to keep the door closed 2) credential reader 3) sensor to re-engage the electromagnet when door is closed
ITSEC (Information Technology Security Evaluation Criteria)
-initial attempt to create sec eval criteria in Europe, and created as an alt to the TCSEC -a system's functionality is a measurement of the system's utility value for users. -refers to any system being eval'd as a Target of Evaluation (TOE) -uses two scales to rate functionality and assurance -functionality is rated from F-D to F-B3 -assurance is rated from E0 to E6 -addresses confidentiality, integrity, and availability -does not rely on the concept of a TCB
Sutherland Model
-integrity model -focuses on preventing interference in support of integrity -base on state machine model and info flow -does not directly indicate specific mechanisms for protection of integrity -defines a set of system states, initial states, and state transitions. thru the use of only these predetermined secure states is integrity maintained and interference prohibited -ex: prevent a covert channel from being used to influence the outcome of a process or activity
Goguen-Meseguer Model
-integrity model, but not as well known as others -said to be foundation of noninterference conceptual theories -based on predetermining the set or domain- which is a list of obj's that a sub can access. -based on automation theory and domain separation -sub's are allowed only to perform predetermined actions against predetermined obj's -sub's are unable to interfere with each other's activities
part 1 of CC
-introduction and General Model -describes concepts used to eval the TOE
non-interference model
-loosely based on the info flow model -concerned with how the actions of a sub at a higher sec level affect the system state or the actions of a sub at a lower sec level -i.e, the actions of sub A (high sec) should not affect the actions of sub B (low sec) or even be noticed
EAL-4
-methodically designed, tested, and reviewed -rigorous, positive sec engineering and good commercial dev practices are used
EAL-3
-methodically tested and checked -sec engineering begins at the design stage and is carried through w/o substantial alteration
multithreading
-permits multiple concurrent tasks to be performed within a single process. -a thread is a self-contained sequence of instructions that can execute in parallel with other threads that are part of the same parent process. -ex: opening multiple documents on Word -> each doc is treated as a single thread within a single Word process, and the sw chooses which thread it works on at any moment
SHA-1
-produces 160-bit message digest -processes a msg in 512-bit blocks -if msg is not a multiple of 512, the algo pads the msg with additional data until the length reaches the next multiple of 512 -proven to have weaknesses
SHA-224
-produces 224-bit msg digest -uses 512 block size
SHA-256
-produces 256 bit msg digest -uses 512 block size
RSA
-public key system created in 1977 -depends on difficulty in factoring large prime numbers
EAL-5
-semi-formally designed and tested -uses rigorous sec engineering and commercial dev practices, including specialist sec engineering technique's
EAL-6
-semi-formally verified, designed, and tested -uses direct, rigorous sec eng techniques at all phases of design, dev, and testing to produce a premium TOE
multilevel mode
-some users do not have a valid sec clearance for all info
trusted platform module (TPM)
-specification for a cryptoprocessor chip on a mainboard and the general name for implementation of the specification. -used to store and process crypto keys to support a hardware implemented hard drive enc system. -if hard drive is removed from its original system, it cannot be decrypted -example of a HSM
Digital Signature Standard (DSS)
-specifies the digital signature algo's acceptable for govt use -aka FIPS 186-4 -states all approved dig sig algo's must use SHA-2
EAL-2
-structurally tested -delivery of design info and test results are in keeping with good commercial practices
MD4
-supports 32-bit processors -first pads msg to ensure msg is 64 bits smaller than a multiple of 512 bits -then processes 512 bit blocks of the msg in 3 rounds of computation -produces 128-bit msg digest -found to produce collisions and not secure
Interrupt (IRQ, or "interrupt request")
-technique for assigning specific signal lines to specific devices thru a special interrupt controller
read only memory (ROM)
-the memory the PC can read but can't change -main advantage is that it can not be modified
data diddling
-type of incremental attack when an attacker gains access and makes small, random, or incremental changes to data rather than large, obvious changes -protected by file enc and hashing -often performed more by insiders than outsiders
replay attack
-used against systems that do not use temporal protections -attacker intercepts an enc'd msg and 'replays' the msg to open a new session. -can be defeated by incorporting a time stamp and expiration period
virtualization
-used to host multiple OS's within the memory of a single host computer
gas discharge systems
-usually more effective than water discharge systems -should not be used in locations where people are located -work by removing oxygen from the air
keyboard security
-vuln to TEMPEST -keyloggers -bluetooth radio signals can be intercepted
ideal environmental settings for comp equipment
1) 60-75 deg F (15-23 deg C) 2) 40-60% humidity (too low causes static discharges; too high causes corrosion)
local cache sec issues
1) ARP poisoning 2) man-in-the-middle attacks (MITM) 3) DNS cache poisoning
govt approved standard enc algo's
1) Digital signature algo (DSA) 2) RSA 3) Elliptic curve DSA (ECDSA)
DNS poisoning attacks (5)
1) HOSTS poisoning (static file that has references for domain names and their IP's) 2) authorized DNS server attacks 3) caching DNS server attacks 4) DNS lookup address changing 5) DNS query spoofing
physical sec control categories
1) administrative 2) technical 3) physical
2 techniques to verify the authenticity of cert's?
1) check the CRL - A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted. 2) online certificate status protocol (OCSP) - OCSP (Online Certificate Status Protocol) removes many of the disadvantages of CRL by allowing the client to check the certificate status for a single certificate.
SSL comm between client/server steps
1) client's browser retrieves server's cert and extracts the public key 2) browser creates a random symm key, uses server's public key to encrypt it, then sends the encrypted symm key to the server 3) server decrypts the symm key using its private key, and the 2 systems exchange all future msg's using the symm enc key
2 types of electromagnetic interference
1) common mode noise 2) traverse mode noise
common architecture sec flaws
1) covert channels 2) coding flaws (back doors, sql injection, XSS) 3) initialization and failure states (vuln's when a system shuts down/recovers 4) input and parameter checking (buffer overflow) 5) maintenance hooks-entry points into a system that are known only by the devs (aka back doors) 6) incremental attacks- occur in slow, gradual increments rather than obvious attempts. 2 forms
BYOD policy should address:
1) data ownership 2) support ownership 3) patch mgmt 4) antivirus mgmt 5) forensics 6) privacy 7) on boarding/off-boarding 8) adherence to corporate policies 9) user acceptance 10) user acceptance 11) architecture/infrastructure considerations 12) legal concerns 13) acceptable use policy 14) on board camera/video
storage media security problems (4)
1) data remanance 2) zero wipe is ineffective for SSD's 3) prone to theft 4) securing these requires enc technologies
physical sec functional order
1) deterrence 2) denial 3) detection 4) delay
digital signature
1) enforce non-repudiation by assuring recipient that the msg truly came from the claimed sender 2) assure recipient that the msg was not altered while in transit -these rely on public key crypto and hashing fn's
fire detection system types
1) fixed-temperature-trigger fire suppression when a specific temp is reached 2) rate-of-rise: trigger suppression when the speed at white the temp changes reaches a specific level 3) flame-actuated: trigger suppression based on infrared energy of flames 4) smoke-actuated: use photoelectric/radioactive ionization sensors as triggers
mobile device security options
1) full device enc 2) remote wiping 3) lockout 4) screen locks 5) GPS (to track device) 6) app control (limits which apps can be downloaded) 7) storage segmentation (compartmentalize data being stored) 8) asset tracking 9) inventory control 10) mobile device mgmt 11) device access control 12) removable storage 13) disabling unused features 14) app security 15) key mgmt- create good keys! 16) credential mgmt 17) good authentication 18) geotagging 19) encryption 20) app whitelisting- prohibits unauthorized sw from being able to execute ("deny by default" or implicit deny)
requirements for a hash function
1) input can be of any length 2) output has a fixed length 3) hash fn is relatively easy to computer for any input 4) hash fn is one-way 5) hash fn is collision free
technical sec mechanisms
1) layering 2) abstraction 3) data hiding 4) process isolation 5) hardware segmentation
2 types of enc techniques to protect data traveling over networks?
1) link encryption: protects entire comm circuits by creating a secure tunnel between 2 points that enc's all traffic going in and dec's all traffic leaving. all data ( inc the header, trailer, address, and routing data) is also encrypted. moves slower than end-to-end enc b/c of frequent enc/dec cycles 2) end-to-end encryption: protects comm bt 2 parties and is performed independently of link enc.
methods of securing embedded/static systems
1) network segmentation 2) security layers 3) app firewalls 4) manual updates 5) firmware version control 6) wrappers- used to combine a benign host with a malicious payload 7) control redundancy and diversity
alarm system (IDS) weaknesses
1) power source 2) means of comm
fire training
1) proper personnel awareness training 2) employees should be aware of at least 2 evacuation routes from their primary workplace 3) trained in the location and use of fire ext's -CPR training, emergency shutdown procedures, rendezvous location can be included
digital signature receiving process
1) receiver decrypts digital signature using sender's public key 2) receiver creates hash of plaintext msg received from sender 3) receiver compares the decrypted hash with the one the sender set. if they are the same, then he can be guaranteed the true sender sent it
digital signature sending process
1) sender produces hash of msg 2) sender encrypts the hash with sender's private key. this is the digital signature 3) sender appends the signed hash to the plaintext msg 4) sender transmits appended msg to receiver
process to formally evaluate high level software controls
1) technical eval is done to make sure system's sec capabilites meet criteria 2) system is subjected to a comparison b/t its criteria and its actual capabilites and performance
Data flow control
1. Controlling bandwidth consumption -Network devices and server operating systems. 2. Understanding sensitive data flow -Data flow maps to apply controls appropriately.
Key Life Cycle
1. Preoperation Phase 2. Operational Phase 3. Postoperation Phase 4. Key destruction
Locks
1. Preset locks 2. Cipher locks - User must enter the correct combo on pad. 3.Biometric locks - Physical characters 4. card reader lock - magnetic strip or permit access.
Cryptographic life cycle
1. initiation 2. development 3. implementation and assessment 4. Operations/Maintaince
static voltages and damages
40V - sensitive circuits destroyed 1,000V- scrambling of monitor displays 1,500V- hard drive data destroyed 2,000V- abrupt system shutdown 4,000V- printer jam or component damage 17,000V- permanent circuit damage
Humidity
<40% static electricity up to 20.000 volts NORMAL 40-60% up to 4000 volts >60% corrosion max temp = 80 degrees (max accept beofre smachi
intrusion detection systems (IDS)
automated or manual systems designed to detect attempted intrusions, breaches, or attacks, use of an unauthorized entry point, or the occurrence of a abnormal event -can include guards, automated access controls, motion detectors, alarms -only useful if it is connected to an intrusion alarm
MTTR (mean time to repair)
average length of time required to perform a repair on the device
S/MIME (Secure multipurpose internal mail extensions)
de facto standard for encrypted email -uses RSA for enc -relies on X.509 cert's for exchanging keys
assurance
degree of confidence in satisfaction of security needs -must be continually maintained, updated, and reverified
closed system
designed to work well with a narrow range of other systems, generally all from the same manufacturer and proprietary -harder to integrate with unlike systems, but they can be more secure
open system
designed using agreed upon industry standards. -much easier to integrate with systems from different manufacturers that support the same standards
SSL
developed by Netscape to provide client/server enc for web traffic -relies on exchange of server dig cert's to negotiate enc/dec parameters between client and server -depends on symm and asymm crypto -HTTPS uses port 443
cyber-physical systems
devices that offer a means to control something in the physical world ex: Internet of Things (IoT) collection of devices that can comm with each other to affect and monitor the real world
primary purpose of lighting?
discourage casual intruders, trespassers, prowlers. -form of perimeter sec control -should not illuminate the positions of guards, dogs, patrol posts, or other sec elements. -should illuminate critical areas with 2 candle feet of power -i.e, if lighted area is 40 feet in diameter, poles should be 40 feet apart
mantrap
double set of doors that is often protected by a guard that prevents piggybacking -if a subject is not authorized, both doors remain locked/closed until an escort removes person from property (called "delay feature")
system call
driver or handler request to access a lower ring's privileges
certificate path validation (CPV)
each cert in a cert path from the original start or root of trust down to the server/client in question is valid and legit
secure state machine
each possible state transition results in another secure state
Take-Grant model
employs a directed graph to dictate how rights can be passed from one sub to another or from a sub to an obj. -i.e, a sub with the grant right can grant another sub or obj any other right they possess. -a sub with the take right can take a right from another sub -may adopt a create rule and remove rule to generate or delete rights
content scrambling system (CSS)
enc scheme that enforces playback and region restrictions on DVD's -broken with tool called DeCSS
primary goal of access controls (RBAC, MAC, and DAC)
ensure the confidentiality and integrity of data by disallowing unauthorized access by authorized or unauthorized subjects
MTBF (mean time between failures)
estimation of the time between the first and any subsequent failures
EAL
evaluation assurance levels -labeled from 1 to 7
running (aka problem state, "problem being solved")
executes on the CPU and keeps going until it finishes or is blocked.
MTTF (mean time to failure)
expected typical functional lifetime of the device given a specific operating environment
composition theories
explain how outputs from one system relate to inputs to another system. 3 types: a) cascading- input for one sys comes from the output of another sys b) feedback- one sys provides input to another sys, which reciprocates by reversing those roles c) hookup- one system sends input to another system but also sends input to external entities
statistical attack
exploits statistical weaknesses, such as floating point errors and inability to produce truly random numbers
implementation attack
exploits weaknesses in the implementation of a cryptosystem
El Gamal
extends Diffie-Hellman algo to support an entire public key system -released into public domain and not patented -biggest disadvantage is that the algo doubles the length of any message it encrypts -> consumes more bandwidth
piggybacking
following someone through a secured doorway w/o being authorized personally
turnstile
form of gate that prevents more than one person at a time from gaining entry and often restricts movement in one direction -used to gain entry, but not exit
salami attack
form of incremental attack where very small amounts are deducted gradually i.e, the movie Office Space scam
grid computing
form of parallel distributed processing that loosely groups a significant number of processing nodes to work toward a specific processing goal. -grid members can join the grid only when their systems are available -content of each work packet is potentially exposed to the world
class A fire ext
fuel: common combustibles suppression material: water, soda acid
class C fire ext
fuel: electrical suppression material: CO2, halon
class B fire ext
fuel: liquids suppression material: CO2, halon, soda acid
class D fire ext
fuel: metal suppression material: dry powder
common mode noise
generated by a difference in power between the hot and ground wires of a power source or operating electrical equipment
traverse mode noise
generated by a difference in power between the hot and neutral wires of a power source or operating electrical equipment
privileged mode
gives OS access to the full range of instructions supported by the CPU
ISO (International Organization for Standardization)
global standards setting group of rep's from various nations -defines standards for industrial and commercial equipment, sw, protocols, mgmt, etc
massively parallel processing (MPP)
house hundreds/thousands of processors, each with its own OS and memory/bus resources -when there is a computationally intensive task, it goes to a single processor, which then sends it to other cpu's -these cpu's send results to the central processor -very powerful and very expensive
transitive trust
if A trusts B and B trusts C, then A inherits trust of C i.e, if a=b and b=c, then a=c
security perimeter
imaginary boundary that separates the TCB from the rest of the system -ensures that no insecure comm/interactions occur between the TCB and the other elements of the computer system
control zone
implementation of either a Faraday cage or white noise generation or both to protect an area
WPA (wifi protected access)
implements TKIP (temporal key integrity protocol) to improve over WEP -WPA2 adds AES -only provides enc for traffic b/t a computer and the wireless access point
technical sec controls
include access controls, intrusion detection, alarms, CCTV, monitoring, HVAC, power supplies, fire detection/prevention
physical sec controls
include fencing, lighting, locks, construction materials, mantraps, dogs, guards
inrush
initial surge of power usually associated with connecting to a power source
digital signature goals?
integrity, authentication, and non-repudiation
package
intermediate grouping of sec requirement components that can be added or removed from a TOE (like option packages)
X.509
international standard specifying dig certificates. contains: 1) serial number 2) sig algo identifier 3) issuer name 4) validity period 5) subject's name 6) subjects public key
sandbox
isolates code objects from the rest of the OS and enforces strict rules about the resources those obj's can access
most important goal of any sec or protection system?
keeping people from harm
passive audio motion detector
listens for abnormal sounds
shimming
lock picking
memory cards
machine readable ID cards with a magnetic strip. -can function as two-factor auth with its PIN
secondary memory
magnetic, optical, or flash based media that contains data not immediately available to the CPU
capabilities list
maintains a row of sec attributes for each controlled object
phlashing
malicious code embedded into BIOS or firmware -frequently used to remote control
deterrent alarms
may engage locks, shut doors, etc. -goal is to make further intrusion more difficult
storage volatility
measure of how likely it is to lose its data when power is turned off
covert channel
method used to pass info over a path that is not normally used for comm -provides a means to violate, bypass, or circumvent a sec policy undetected
ActiveX controls
microsoft's verion of Java applets -use proprietary microsoft tech; -not subject to the sandbox restrictions Java applets have -these have full access to the Windows OS
covert timing channel
modifies a system component by modifying the resources timing. -usually a method to secretly transfer data, very difficult to detect
spike
momentary high voltage
electric fault
momentary loss of power
sag
momentary low voltage
accountability
monitors activity and interactions with a system and records data on log files.
data flow
movement of data between processes, devices, networks, or over comm channels
local alarm system
must broadcast an audible (up to 120 db) alarm that can be heard up to 400 feet away. -must be protected from tampering and disablement -there must be a guard nearby to respond to be effective
peer-to-peer
networking and distributed app solutions that share tasks and workloads among peers -similar to grid computing, but there are no central mgmt system -ex: VoIP, BitTorrent, spotify
clean
nonfluctuating pure power
flash memory
nonvolatile form of storage media that can be electronically erased and rewritten -can be erased and written in blocks/pages
transition
occurs when accepting input or producing output -always results in a new state (state transition)
interrupt conflict
occurs when two or more devices are assigned the same IRQ number and is best recognized by an inability to access all affected devices
certificate authority (CA)
offer notarization services for dig cert's -certificates issued are only as good as the trust placed in the CA that issued them
notification alarms
often silent alarms and record data about the incident and notify admin's
IPsec transport mode
only the packet payload is encrypted -designed for peer-to-peer comm
protection rings
organize code and components in an OS into concentric rings. -the deeper inside the circle you go, the higher the privilege level associated with the code that occupies a specific ring -most modern OS's use a 4-ring model (0 -> 3) -essence of ring model lies in priority, privilege, and memory segmentation
secure facility plan
outlines the sec needs of your org and emphasizes methods to employ to provide sec
message digest
output value from a hashing function -usually 128 bits or larger -longer values mean more reliable integrity verification
reference monitor
part of the TCB that validates access to every resource prior to grating access requests -i.e, the access control enforcer for the TCB
memory-mapped I/O
part of the address space that the CPU manages functions to provide access to some kind of device thru a series of mapped memory locations -only one device maps into a specific mem address range and that the range is used for no other purpose than to handle device I/O
key length
perhaps the most important sec parameter that can be set at the discretion of the sec admin
PKI hierarchy of trust
permit combining asymmetric crypto with symmetric crypto along with hashing and dig sig, giving us hybrid crypto
cert and accred system phases (4)
phase 1- definition: involves the assignment of appropriate project personnel, documentation of sys need, registration, negotiation, and creation of SSAA (Sys Sec Auth Agreement), which guides the cert and accred process phase 2- verification: refinement of SSAA, sys dev activities, and a cert analysis phase 3- validation: further refinement of SSAA, cert eval of the integrated system phase 4- post accreditation: maintenance of SSAA, sys operation, change mgmt, and compliance validation.
computer architecture
physical design of computers from various components
wet pipe system (aka closed head system)
pipe that is always full of water. water discharges immediately
multilevel sec policies
prevent info flow from higher sec levels to lower sec levels
zeroization
procedure that erases data by replacing it with meaningless data such as zeroes
integrity verification procedure (IVP) (clark wilson)
procedure that scans data items and confirms their identity
verification
process similar to certification, but goes further by involving a third party service and compiling results that may be trusted by many org's.
MD5
processes 512-bit blocks of the msg, using 4 rounds of computation to produce 128-bit msg digest -msg length must be 64 bits less than 512 bits -prone to collisions
mediated-access model
processes that run in higher numbered rings must generally ask a handler or a driver in a lower numbered ring for services they need.
SHA-384
produces 384-bit msg digest -uses 1,024 bit block size
SHA-512
produces 512-bit msg digest -uses 1,024 block size
surge
prolonged high voltage
brownout
prolonged low voltage
privacy
protecting personal info from disclosure to any unauthorized entity
advanced access content system (AACS)
protects the content stored on blu-ray and HD DVD media. -been proved uneffective
digital certificates
provide parties with the assurance the the people they are communicating with are who they claim to be -basically endorsed copies of someones public key
WEP (Wired equivalent privacy)
provides 64 and 128-bit enc options to protect wireless comm -described in IEEE 802.11 -reuses RSA keys and is NOT secure
ISAKMP (Internet security association and key management protocol)
provides background sec support services for IPsec by managing sec associations.
IEEE 802.1x
provides flexible framework for auth and key mgmt in wired and wireless networks -client runs a supplicant, which comm's with the auth server
infrastructure-as-a-service (IaaS)
provides on demand computing solutions and complete outsourcing options -can include utility or metered computing services, admin task automation, dynamic scaling, virtualization services, policy implementation/mgmt, internet connectivity. -allows an enterprise to scale up new software via cloud systems quickly w/o need to install hardware locally
software-as-a-service (SaaS)
provides on demand online access to software apps w/o need for local installs. -can be subscription service, pay as you go, or free
platform-as-a-service (PaaS)
providing a computing platform and software solution stack virtually. -provides all aspects of computing (OS, etc) -allows customers to avoid having to purchase high end computing locally
enrollment
proving your identity to the CA
random access memory (RAM)
readable and writable mem that contains info a computer users during processing -retains content only when power is supplied to it
critical path analysis
systematic effort to identify relationships b/t mission critical app's, processes, ops, and all the necessary supporting elements. -a complete picture of the interdependencies and interactions necessary to sustain the org is produced -the results produced serve as a list of items to secure
access control matrix (ACM)
table of subjects and objects that indicates the actions/functions that each sub can perform on each obj. -each column is an access control list (ACL) -each row is a capabilities list
hash function
take a potentially long message and generate a unique output value derived from the content of the message
cache RAM
takes data from slower devices and temporarily storing it in faster devices when repeated use is likely
premises wire distribution room (aka wiring closet)
telecomm cables are kept and connected to other network equipment -max cable run length is 100m for copper based twisted pair cabling
authority level
tells the OS what the process is allowed to do -tells the OS how to set the bounds for a process
technology convergence
tendency for various tech's to evolve and merge over time. -frequently resulting in multiple systems performing similar tasks or one system taking over the feature and abilities of another
IPsec tunnel mode
the entire packet is encrypted -designed for gateway-to-gateway comm
indirect addressing
the memory address contains another memory address -CPU reads the indirect address to learn the address where the desired data resides
transformation procedures (TP) (clark wilson)
the only procedures that are allowed to modify a Constrained Data Item (CDI).
time slice
the processing time allotted to a process
discretionary access controls (DAC)
the subject has some ability to define the objects to access
ground
the wire in an electrical circuit that is grounded
access control list (ACL)
tied to the obj -it lists valid actions each sub can perform
responsibility of OS and compilers
translate high level programming languages into simple assembly language instructions that a CPU understands
wave pattern motion detector
transmits a consistent ultrasonic or high microwave frequency signal into a monitored area and monitors for significant or meaningful changes
deluge system
type of dry pipe system that uses larger pipes and therefore delivers a significantly larger volume of water. -inappropriate for electrical environments
uninterruptible power supply (UPS)
type of self-charging battery that can be used to supply consistent clean power to sensitive equipment
real memory (aka main mem or primary mem)
typically the largest RAM storage available to a computer
data dictionary
used for storing critical info about data, including usage, type, sources, relationships, formats.d
UEFI (unified extensible firmware interface)
used to replace BIOS -more advanced interface between hardware and the OS -maintains support for legacy BIOS systems
supervisory
used when the process must perform an action that requires privileges that are greater than the problem state set of privileges.
ring 3
user level app's and programs
subject
user/process that makes a request to access a resource
compartmented mode workstations (CMW)
users with the necessary clearances can process multiple compartments of data at the same time -require two forms of sec labels: 1) sensitivity levels 2) info labels
trusted computing base (TCB)
uses a combination of hardware, software, and controls that work together to form a trusted base to enforce the sec policy
static RAM
uses a logical device called a flip-flop which to all intents and purposes is simply an on/off switch that must be moved from one position to another
base + offset addressing
uses a value stored in one of the CPU's registers as the base location from which to begin counting.
control
uses access rules to limit the access of a subject to an object
restricted interface model (clark wilson)
uses classification-based restrictions to offer only subject-specific authorized info and functions
electronically erasable PROM (EEPROM)
uses electric voltages delivered to the pins of the ROM chip to force erasure. -can be erased w/o removing them from computer -can store BIOS software
Digital Rights Management
uses encryption to enforce copyright restrictions on digital media. serves to bring U.S. copyright law into compliance with terms of two World Intellectual Property Organization (WIPO) treaties. The first major provision of the DMCA is the prohibition of attempts to circumvent copyright protection mechanisms placed on a protected work by the copyright holder. Skip - s a distribution protocol RC4 - is a stream cipher RC5 and RC6 are block cipher FIPS 140 hardware and software requirements
IPsec
uses public key crypto to provide enc, access control, non-repudiation, and msg authentication, all using IP-based protocols. -primarily designed for VPN's -operates in transport or tunnel mode -commonly paired with L2TP as L2TP/IPsec has 2 main components: 1) authentication header (AH) provides assurances of msg integrity and non-repudiation. also provides auth and access control and prevents replay attacks 2) encapsulating security payload (ESP) provides confidentiality and integrity of packet contents. provides enc and limited auth, prevents replay attacks.
rule-based access control (RBAC)
uses rules to determine if a subject is allowed to access an object
dynamic RAM
uses series of capacitors to store data
steganography
using crypto techniques to embed secret msg's within another msg -makes changes to the least significant bits that make up image files -digital watermarks protect intellectual property this way
masquerading
using someone else's sec ID to gain entry into a facility
security label
usually a permanent part of the object to which its attached -the permanence of it provides security that tokens and capabilities lists cannot offer -tied to the subject -lists valid actions that can be taken on each obj
central station system
usually silent locally, but offsite monitoring agents are notified so they can respond -a proprietary system is similar, but the host org has its own sec staff
repellant alarms
usually sound a siren/bell and turn on lights -discourages intruders from continuing
process states (aka operating states)
various forms of execution in which a process may run -can be in 2 modes: supervisor (all access) mode and problem state (user mode)
program executive (process scheduler)
waiting in memory so that when a process state transition must occur, it can step in and handle the mechanics
compartmented mode
weaken sec requirements a bit more -users do not necessarily have access approval for all the info on the system
stopped
when a process finishes/terminates/errorred or not sufficient resources
isolation
when a process is confined through enforcing access bounds -ensures that any behavior will affect only the memory and resources associated with the isolated process -used to protect the operating environment, the kernel, and other apps
direct memory access (DMA)
works as a channel with two signal lines -one line is a DMA request (DMQ) line -other line is a DMA acknowledgement (DACK) line -devices that exchange data directly with RAM w/o using the CPU use this to manage access
covert storage channel
writes data to a common storage area where another process can read it
Key Encryption Concepts and Definitions 1
Purpose: protect transmitted information from being read and understood except by the intended recipient Substitution -(change the letters in a message) like shifting and rotating alphabets, can be broken by statistical looking at repeating characters or repeats Vernam - cipher (one time pad): - key of a random set of non-repeating characters Information Theory - Claude Elmwood Shannon Transposition - (rearrange the characters in a message) Permutation is used, meaning that letters are scrambled. The key determines positions that the characters are moved to, for example vertical instead of horizontal Null Cipher - used in cases where the use of encryption is not necessary but yet the fact that no encryption is needed must be configured in order for the system to work. Ex. Testing, stenography Key Length - use with each algorithm based on the sensitivity of information transmitted, longer key the better! Key space - is the range of values that are valid for use as a key for a specific algorithm. A key space is defined by its bit size. Bit size is nothing more than the number of binary bits (0s and 1s) in the key. The key space is the range between the key that has all 0s and the key that has all 1s. Key space doubles each time you add a bit to key length, which makes cryptanalysis more difficult. Key Clustering - when different encryption keys generate the same ciphertext from the same plaintext message BAD Synchronous - each encryption or decryption request is performed immediately Asynchronous - encrypt/decrypt request are processed in queues. Hash Function - one-way mathematical operation that reduces a message or data file into a smaller fixed length output. Encrypted using private key of sender. Registration Authority - performs certificate registration services on behalf of a CA. RA verifies user credentials Certificate Authority - PKI, entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates. Key Space - represents the total number of possible values of keys in a cryptographic algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance. HOW HARD TO BRUTE FORCE Transposition/permutation - process of reordering plaintext to hide the message rambo = ombar SP-network - process described by Claude Shannon used in most block ciphers to increase their strength Confusion - mixing the key values during repeated rounds of encryption, make the relationship between ciphertext and key as complex as possible Diffusion - mix location of plaintext throughout ciphertext, change of a single bit should drastically change hash, dissipate pattern Meet in the Middle - Attackers might use a meet-in-the-middle attack to defeat encryption algorithms that use two rounds of encryption. This attack is the reason that Double DES (2DES) was quickly discarded as a viable enhancement to the DES encryption (it was replaced by Triple DES (3DES, TDES, EEE, EDE).
primary memory (primary storage)
RAM a computer uses to keep necessary info readily available to the CPU
ROM vs. RAM
ROM contents can't be changed by apps or O/S unlike RAM.
erasable PROM (EPROM)
ROM is cleared with a special ultraviolet light, and then users can write to the ROM
Security Bolt-on
Rarely works at the end of a project.
Memory Components
Register - CPU also includes a limited amount of onboard memory, known as registers, that provide it with directly accessible memory locations that the brain of the CPU, the arithmetic-logical unit (ALU), uses when performing calculations or processing instructions, small memory locations directly in the CPU. Stack Memory Segment - used by processors to communicate instructions and data to each other Monolithic Operating System Architecture - all of the code working in kernel mode/system mode in an ad hoc and non-modularized OS Memory Addressing - When using memory resources, the processor must have some means of referring to various locations in memory. The solution to this problem is known as addressing (5 different types): - Register Addressing - When the CPU needs information from one of its registers to complete an operation, it uses a register address (for example, "register 1") to access its contents. - Immediate Addressing - is not a memory addressing scheme per se but rather a way of referring to data that is supplied to the CPU as part of an instruction. For example, the CPU might process the command "Add 2 to the value in register 1." This command uses two addressing schemes. The first is immediate addressing— the CPU is being told to add the value 2 and does not need to retrieve that value from a memory location— it's supplied as part of the command. The second is register addressing; it's instructed to retrieve the value from register 1. - Direct Addressing - In direct addressing, the CPU is provided with an actual address of the memory location to access. The address must be located on the same memory page as the instruction being executed. Direct addressing is more flexible than immediate addressing since the contents of the memory location can be changed more readily than reprogramming the immediate addressing's hard-coded data. Indirect Addressing - Indirect addressing - uses a scheme similar to direct addressing. However, the memory address supplied to the CPU as part of the instruction doesn't contain the actual value that the CPU is to use as an operand. Instead, the memory address contains another memory address (perhaps located on a different page). The CPU reads the indirect address to learn the address where the desired data resides and then retrieves the actual operand from that address. - Base + Offset Addressing - uses a value stored in one of the CPU's registers as the base location from which to begin counting. The CPU then adds the offset supplied with the instruction to that base address and retrieves the operand from that computed memory location
TCSEC
Replaced Common Criteria for unified evaluate process.
Key Revocation
Revoking a key that's been compromised. Key revocation applies both to symmetric and asymmetric keys and the process should be formally described in the Key Management Policy.
noise (electric)
steady interfering power disturbance or fluctuation
Methods of Cryptography (247)
Stream-based Ciphers - operate on one character or bit of a message (or data stream) at a time. The Caesar cipher is an example of a stream and shift cipher. The one-time pad is also a stream cipher because the algorithm operates on each letter of the plaintext message independently. SUBSTITUTION, real-time -Advantage - bit by bit substitution with XOR & keystream. - Emulates one time pad - No size difference between plaintext and ciphertext - Disadvantage - Can be difficult to implement correctly - Generally weaker than block mode cipher - Difficult to generate a truly random unbiased keystream - Wireless - Stream Cipher Uses - WEP, WPA - use WEP if you have nothing else - RC4 - Audio Visual Block-based Ciphers - ciphers operate on "chunks," or blocks, of a message and apply the encryption algorithm to an entire message block at the same time. The transposition ciphers are examples of block ciphers. SUBSTITUTION & TRANSPOSITION No longer common/effective attack on wireless networks
Timing (233)
TOCTTOU attack - race condition exploits, and communication disconnects are known as state attacks because they attack timing, data flow control, and transition between one system state to another. RACE - two or more processes require access to the same resource and must complete their tasks in the proper order for normal functions
Security Capabilities of Information Systems
TPM - Trusted Platform Module is both a specification for a cryptoprocessor chip on a mainboard and the general name for implementation of the specification. A TPM chip is used to store and process cryptographic keys for the purposes of a hardware supported/ implemented hard drive encryption system. Generally, a hardware implementation, rather than a software-only implementation of hard drive encryption, is considered to be more secure. Constrained or restricted interface - is implemented within an application to restrict what users can do or see based on their privileges.
part 2 of CC
-Security Functional Requirements -describes functional requirements -covers complete range of sec fn's in CC eval process
Multi-level Security
-Systems operate at different levels simultaneously while enforcing confidentiality and integrity constraints between security levels.
immediate addressing
-a way of referring to data that is supplied to the CPU as part of an instruction. -provides immediate info for an operation
data storage devices
store info that may be used by a computer any time after it is written.
Digital signatures
- no modifications allowed - identity can be derived - Works with a one-way hash (message digest), like SHA-1 (512 bit blocks) or MD5 (128 bits digest) or HMAC that uses a key - Acceptable encryption algorithms choices - DSA, RSA, ECDSA HASH it and ENCRYPT message digest Correct way to create and use a digital signature - hash the document, encrypt only the hash with the sender's private key, send both the plain text document and the encrypted hash to recipient. Use private key and has on message, others use hash and your private key to decrypt message (reverse) A digital signature scheme contains the following elements: ■ Cryptographic hash function: Hashing is done by the sending and receiving parties to determine integrity of the message. ■ Key generation algorithm: Key generation produces a private key for signing and a public key for distribution to parties who will verify the digital signature. ■ Signing algorithm: Signing produces a digital signature output using the private key and message. ■ Verification algorithm: Verification uses the public key and digital signature to determine authenticity of the message.
ITSEC
- refers to any system being evaluated as a target of evaluation (TOE). - does not rely on the notion of a TCB, and it doesn't require that a system's security components be isolated within a TCB. - includes coverage for maintaining targets of evaluation after changes occur without requiring a new formal evaluation.
Hashing
-Collision resistant, can't be reversed or failed. ATTACK HASH BY BRUTE FORCE and dictionary CRYPTANALYSIS Basic Technique - BRUTE Force will win with no constraints input of any length and generate a fixed length output Hash algorithms (Message Digests) Requirements for HASH - works on non-fixed length input - must be relatively easy to compute for any input - function must be one way - function must be one way Most used are MD5 (message Digest 128 bits) and SHA1 (signature hashing algorithm 160 bits) MD5 - hashing algorithm. It also processes 512-bit blocks of the message, but it uses four distinct rounds of computation to produce a digest of the same length as the MD2 and MD4 algorithms (128 bits). MD5 has the same padding requirements as MD4— the message length must be 64 bits less than a multiple of 512 bits. MD5 implements additional security features that reduce the speed of message digest production significantly. Unfortunately, recent cryptanalytic attacks demonstrated that the MD5 protocol is subject to collisions, preventing its use for ensuring message integrity. it is possible to create two digital certificates from different public keys that have the same MD5 hash. CRL's of a PKI environment holds serial numbers SHA1 - (160 bit hash value)was designed by NIST and NSA to be used in digital signatures Standard is SHA3 most still use SHA2 root Certificate Authority (CA) must certify its own public key pair cross certification does not check authenticity of the certificates in the certificates path; MD5 not good for securing passwords Traffic analysis - inference of information from analysis of traffic Traffic padding - generation of spurious data units Collision - Same message digest as a result of hashing. Cryptographic Attacks Ciphertext Only - attacker sees only the ciphertext, one of the most difficult Known Plaintext - attacker knowns both cipher and plaintext Chosen Plaintext - offline attack (attacker prepares list of plaintexts) -lunch box attack Online attack - (attacker chooses the plaintext based on the ciphertext already received) Chosen ciphertext - attacker chooses both the plaintext values and the ciphertext values, cherry picking, feed info and based on what you learned get key Birthday Attack - Collisions appear much fasters, birthdays match POODLE - (Padding Oracle on Downgraded Legacy Encryption) attack helped force the movement from SSL 3.0 to TLS because it allowed attackers to easily access SSL encrypted messages. CRIME/BEAST - earlier attacks against SSL STUXNET - worm aimed at Iranian nuclear capability
Bell-LaPadula Model
-DoD created this in the 1970's -prevents the leaking/transfer of classified info to less secure clearance levels -accomplished by blocking lower classified sub's from accessing higher classified objects -maintains confidentiality of obj's, but not integrity or availability -first mathematical model of a multilevel sec policy -doesn't support many modern networking features
Threats
-Natural environment threats (earthquakes floods, tornadoes). -Supply system threats (power communications water gas) -Manmade threats (vandalism, fraud, theft) Politically motivated threats (terroristic attacks, riots bombings) Life safety takes precedence!! Layered defense model: all physical controls should be work together in a tiered architecture (stacked layers) Vulnerability=weakness threat = someone will identify the weakness and use it against you and becomes the threat agent Risk analysis-->Acceptable risk level -->baseline>implement countermeasures Major sources: Temperature, Gases, Liquids Organism: viruses, bacteria Projectiles: cars, trucks, bullets Movement: Collapse, earthquakes Energy: radio, radiation
govt standards in place for cert and accred of computing systems
-RMF (Risk Management Framework) which replaced DIACAP -> DoD standard -CNSSP (Committee on National Sec Systems Policy) -> other govt std
security of SHA implementations
-SHA-1 is not secure -SHA-2 considered secure, but theoretically suffers from same weakness as SHA-1 -SHA-3 in draft form
part 3 of CC
-Security Assurance -covers assurance requirements for TOE's, and protects profiles as envisioned in the CC eval process
cryptanalytic attack
A skillful cryptanalyst can sometimes decipher encrypted text without even knowing the encryption algorithm. A cryptanalytic attack can have two possible goals. The cryptanalyst might have ciphertext and want to discover the plaintext, or might have ciphertext and want to discover the encryption key that was used to encrypt it. (These goals are similar but not quite the same.) The following attacks are commonly used when the encryption algorithm is known, and these may be applied to encrypted files or Internet traffic: Known plaintext attack In this type of attack, the cryptanalyst has a block of plaintext and a corresponding block of ciphertext. Although this may seem an unlikely occurrence, it is actually quite common when cryptography is used to protect electronic mail (with standard headers at the beginning of each message), standard forms, or hard disks (with known structures at predetermined locations on the disk). The goal of a known plaintext attack is to determine the cryptographic key (and possibly the algorithm), which can then be used to decrypt other messages. Chosen plaintext attack In this type of attack, the cryptanalyst has the subject of the attack (unknowingly) encrypt chosen blocks of data, creating a result that the cryptanalyst can then analyze. Chosen plaintext attacks are simpler to carry out than they might appear. (For example, the subject of the attack might be a radio link that encrypts and retransmits messages received by telephone.) The goal of a chosen plaintext attack is to determine the cryptographic key, which can then be used to decrypt other messages. Differential cryptanalysis This attack, which is a form of chosen plaintext attack, involves encrypting many texts that are only slightly different from one another and comparing the results. Differential fault analysis This attack works against cryptographic systems that are built in hardware. The device is subjected to environmental factors (heat, stress, radiation) designed to coax the device into making mistakes during the encryption or decryption operation. These faults can be analyzed, and from them the device's internal state, including the encryption key or algorithm, can possibly be learned. Differential power analysis This is another attack against cryptographic hardware?in particular, smart cards. By observing the power that a smart card uses to encrypt a chosen block of data, it is possible to learn a little bit of information about the structure of the secret key. By subjecting the smart card to a number of specially chosen data blocks and carefully monitoring the power used, it is possible to determine the secret key. Differential timing analysis This attack is similar to differential power analysis, except that the attacker carefully monitors the time that the smart card takes to perform the requested encryption operations.
Database Security (237)
Aggregation - SQL provides a number of functions that combine records from one or more tables to produce potentially useful information. Aggregation is not without its security vulnerabilities. Aggregation attacks are used to collect numerous low-level security items and combine them to create something of a higher security level or value. Inference - involve combining several pieces of non-sensitive information to gain access to information that should be classified at a higher level. However, inference makes use of the human mind's deductive capacity rather than the raw mathematical ability of modern database platforms. Data Warehousing - large databases, store large amounts of information from a variety of databases for use with specialized analysis techniques. Data Mining - technique allow analysts to comb through data warehouses and look for potential correlated information. Data dictionary - commonly used for storing critical information about data, including usage, type, sources, DBMS software reads the data
Service Provisioning Markup Language (SPML)
Allow platforms to generate and respond to provisioning requests It is a newer framework based on XML but specifically designed for exchanging user information for federated identity single sign-on purposes. It is based on the Directory Service Markup Language (DSML), which can display LDAP-based directory service information in an XML format.
Applets
Applets - these code objects are sent from a server to a client to perform some action. In fact, applets are actually self-contained miniature programs that execute independently of the server that sent them. Java applets - are simply short Java programs transmitted over the Internet to perform operations on a remote system. ActiveX - controls are Microsoft's answer to Sun's Java applets. Operate in a similar fashion, but they are implemented using a variety of languages(C, C + +, Java). Two key distinctions between Java applets and ActiveX controls. First, ActiveX controls use proprietary Microsoft technology and, therefore, can execute only on systems running Microsoft browsers. Second, ActiveX controls are not subject to the sandbox restrictions placed on Java applets. They have full access to the Windows operating environment and can perform a number of privileged actions.
Trust Models
Asymmetric - Don't need to share private key,use public key key to share and no eavesdropping protection needed (Diffie Hillman) Symmetric - Need Diffie Hellman for eavesdropping protection for in-band method. Doing things in person for keys is cumbersome or via mail. Web of Trust (WOT) - People vouch for each other, 3rd, 4th, 5th party. Decentalized. High barrier to entry. Technical knowledge. Public Key Encryption (PKI) - Fixes WOT issues by introducing certificate authorities (CA). CAs identify identity info and public key.
brute force
attempt every possible combo for a key and pw a) rainbow tables- provide precomputed values for crypto hashes b) high powered computing systems make this more powerful
Key Encryption Concepts and Definitions 2
Block Cipher - segregating plaintext into blocks and applying identical encryption algorithm and key Cipher - cryptographically transformation that operates on characters or bits. DES, word scramble, shift letters Cipher text or Cryptogram - unintelligible message, encrypt text Clustering - situation wherein plain text messages generates identical cipher text messages using the same algorithm but with different crypto-variables or keys Codes - cryptographic transformation that operates at the level of words or phrases, one by land, two by sea Cryptanalysis - breaking the cipher text, Cryptographic Algorithm - Step by step procedure to encipher plaintext and decipher cipher text Cryptography - the art and science of hiding the meaning of communications from unintended recipients. (Greek: kryptos=hidden, graphein=to write) Cryptology: cryptography + cryptanalysis Cryptosystem - set of transformations from a message space to cipher space Decipher - To make the message readable, undo encipherment process Encipher - make message unintelligible End-to-end encryption - Encrypted information that is sent from point of origin to destination. In symmetric encryption this means both having the same identical key for the session Exclusive OR - Boolean operation that performs binary addition Key or Crypto variable - Information or sequence that controls the enciphering and deciphering of messages Link encryption - stacked encryption using different keys to encrypt each time One Time Pad - encipher each character with its own unique key that is used only once, unbreakable supposedly PGP (GPG) - encrypt attached files (uses random generated keys then re-encrypts with recipient's public key. Plaintext - message in clear text readable form Steganography - secret communications where the existence of a message is hidden (inside images for example) Dumpster Diving - of going through someone's trash to find useful or confidential info -it is legal but unethical in nature Phishing - act of sending spoofed messages that pretend to originate from a source the user trusts (like a bank) Social Engineering - act of tricking someone into giving sensitive or confidential info that may be used against the company Script kiddie - someone with moderate hacking skills, gets code from the Internet. Red boxing - pay phones cracking Black Boxing - manipulates toll-free line voltage to phone for free Blue Boxing - tone simulation that mimics telephone co. system and allows long distance call authorization White box - dual tone, multifrequency generator to control phone system Phreakers - hackers who commit crimes against phone companies Salami - removal of a small amount of money otherwise known as skimming
Issuing certs to those acting on behalf of subject
Individual certificates may serve different purposes, for example: for e-mail signing and encryption, and for user authentication when they are connecting to servers (Web, directory, etc.) to obtain information or for establishing a VPN encryption channel. These kinds of certificates, according to their policy, may be issued to anybody who is listed as a member of a group (for example, an employee of an organization) in the group's directory and who can authenticate itself. An additional authorization for an organizational person may or may not be required for PKI registration. Online Certificate Request without Explicit Authentication: In the process of submitting the certificate request to the CA, the keys are generated on the user's computer, and initial data for a certificate request, entered by the user (user name and e-mail address) is encrypted with a newly generated private key. It is all sent to the CA. Soon the user receives by e-mail his or her PIN number and the URL of a secure Web page to enter that PIN in order to complete the process of issuing the user's certificate. Authentication of an Organizational Person: In addition to corporate e-mail and domain controllers, an organization's HR database, directory servers, or databases can be used for the user's authentication and authorization for PKI registration. Individual Authentication: In the broader case, a PKI registration will require a person to authenticate potentially with any authentication databases defined in accordance with CPS. Dedicated Authentication Bases: In rare cases, when a PKI CPS requires user authentication that cannot be satisfied by the existing authentication bases, a dedicated authentication database may be created to meet all CPS requirements. Face-to-Face: The most reliable, but most expensive method to authenticate an EE for PKI registration is face-to-face authentication. It is applied when the issued certificate will secure either high risk and responsibility transactions (certificates for VPN gateways, CA and RA administrators) or transactions of high value, especially when the subscriber will authenticate and sign transactions on behalf of an organization. To obtain this type of certificate, the individual must personally present and show his or her government-issued ID or badge and other valid identifications to the dedicated corporate registration security office and sign a document, obliging use of the certificate only for assigned purposes. All the procedures and sets of ID and documents that must be presented before an authentication authority are described in CPS. Proof of Possession: A group of the key PKIX-CMP messages, sent by the EE in the process of initial registration, includes "Initialization Request," "Certification Request," and "PKCS10 Certification Request" messages. The full structure of these messages is described in [CRMF] 62 and [PKCS10] 63 . Certificate request messages, among other information, include "Public Key" and "Subject" name attributes. The EE has authenticated itself out-of-band with the registration authority (RA) on the initialization phase of initial registration. Now an additional proof, that the EE, or the "subject," is in possession of a private key, which is a counterpart of the "public key" in the certificate request message, is required. It is a proof of binding, or so-called "Proof of Possession", or POP, which the EE submits to the RA.
Interference
Individuals can figure out sensitive info from facts available to them.
Types of Security Models
Defining allowed interactions between subjects (active parties) and objects (passive parties) at a particular moment in time. State Machine Model - describes a system that is always secure no matter what state it is in. If all aspects of a state meet the requirements of the security policy, that state is considered secure. A transition occurs when accepting input or producing output. A transition always results in a new state (also called a state transition). A secure state machine model system always boots into a secure state, maintains a secure state across all transitions, and allows subjects to access resources only in a secure manner compliant with the security policy. Information Flow Model - focuses on the flow of information. Information flow models are based on a state machine model. The Bell-LaPadula and Biba models are both information flow models. Information flow models don't necessarily deal with only the direction of information flow; they can also address the type of flow. Information flow models are designed to prevent unauthorized, insecure, or restricted information flow, often between different levels of security (these are often referred to as multilevel models). The information flow model also addresses covert channels by specifically excluding all non-defined flow pathways. Noninterference Model - is loosely based on the information flow model. However, instead of being concerned about the flow of information, the noninterference model is concerned with how the actions of a subject at a higher security level affect the system state or the actions of a subject at a lower security level. Basically, the actions of subject A (high) should not affect the actions of subject B (low) or even be noticed by subject B. The noninterference model can be imposed to provide a form of protection against damage caused by malicious programs such as Trojan horses. Southerland Model
Load Balancing
Different than (HA), this spreads demand across systems.
History of Crypto
Hieroglyphics - sacred carvings Scythe - wound papyrus around a wooden rod to see message Substitution character- shifting 3 character (C3) for example in the one (mono-alphabet) alphabet system Cipher disks - 2 rotating disks with an alphabet around it Jefferson disks - 26 disks that cipher text using an alignment bar Unix - uses rot 13 rotate 13 places in the alphabet Hagelin machine (M-209) - mechanical cryptographic machine Enigma - poly-alphabetic substitution cipher machine SABSA - Sherwood Applied business security architecture chain of traceability, 6 layers (contextual, conceptual, logical, physical, component and operational). TOGAF - method step by step process and framework. These are the tools to go forward FRAMEWORK AND METHOD Zachman Framework - common context to understand a complex architecture, communication and collaboration
ring 2
I/O drivers, protocols, etc -can access peripheral devices, special files
security association (SA)
IPsec session created at runtime -represents the comm session and records any config and status info about the connection. -simplex connection
Security Standards (222)
ISO 27001 - focused on the standardization and certification of an organization's information security management system (ISMS), security governance, a standard; ISMS. Info security minimum systems ISO 27002 - (inspired from ISO 17799) - a guideline which lists security control objectives and recommends a range of specific security controls; more granular than 27001. 14 areas BOTH INSPIRED FROM BS7799
XSS Prevention
Input validation
Electrical Power
Interference Clean=no interference Line noise: can be EMI or RFI Transient: short duration of noise Counter: voltage regulators, grounding/shielding and line conditioners EMI (Electromagnetic Interference) (Monitor for it $$$ expensive) COMMON mode noise: difference between hot and ground Traverse mode noise: difference between hot and neutral HINT: common--grounds Excesses SPIKE: short high voltage SURGE: long high voltage Counter: surge protector Losses FAULT: short outage BLACKOUT: long outage Counter: Backup power Long term: Backup Power generator Short term: UPS -Online uses ac line voltage to charge batteries, power always though UPS -Standby UPS, inactive till power down Degradation SAG/DIP: short low voltage BROWNOUT: long low voltage Counter: constant voltage transformers Other Inrush Surge: surge of current required to power on devices Common-mode noise: radiation from hot and ground wires Traverse-mode noise: radiation from hot and neutral wires. Static charge 40 volts sensitive circuits 1000 scramble monitor display 1500 disk drive data loss 2000 system shutdown 4000 Printer Jam 17000 Permanent chip damage
Cryptographic Concepts
Key Clustering - when different encryption keys generate the same ciphertext from the same plaintext message Work Factor - time and effort required to break a protective measure Kirchhoff's Principle - all but key, secure Synchronous and self-synchronous Random Number Generators (RNGs) Vigenere Cipher - uses key words and numerous rows (traditionally 26), each one of which is offset by one.
Key Escrow
Key is delivered to a third person to keepand to be returned to the delivering entity under certain proof of conditions.
Models
MATRIX - Provides access rights to subjects for objects - Access rights are read, write and execute - Columns are ACL's - Rows are capability lists - Supports discretionary access control BELL-LAPADULA = MAC SUBJECTS/OBJECTS/CLEARANCES/ - Confidentiality model - developed by DOD, thus classification - Cannot read up (simple e=read security rule) - Cannot write down (* property rule AKA CONFINEMENT PROPERTY). Exception is a trusted subject. - Uses access matrix to specify discretionary access control - Use need to know principle - Strong star rule: read and write capabilities at the same level - First mathematical model defined - tranquility principle in Bell-LaPadula prevents security level of subjects from being changed once they are created - Bell-LaPadula is concerned with preventing information flow from a high security level to a low security level. BIBA - MAC "if I in it INTEGRITY MODEL" - Integrity model - Cannot read down (simple e=read integrity rule) - Simple integrity property - cannot write up (* integrity) - lattice based (least upper bound, greatest lower bound, flow policy) - subject at one level of integrity cant invoke subject at a higher level of integrity - Biba is concerned with preventing information flow from a low security level to a high security level. - Focus on protecting objects from external threat CLARK WILSON - integrity model - Cannot be tampered, logged, and consistency - Enforces segregation of duty - Requires auditing - Commercial use - Works with SCI Constrained Data items, data item whose integrity is to be preserved - Access to objects only through programs - An integrity verification procedure (IVP) is a procedure that scans data items and confirms their integrity. Information flow model - Each object is assigned a security class and value, and information is constrained to flow in the directions that are permitted by the security policy. Thus flow of information from one security level to another. (Bell & Biba) Brewer and Nash - The Chinese Wall model provides a dynamic access control depending on user's previous actions. This model prevents conflict of interests from members of the same organization to look at information that creates a conflict of another member of that organization. Lipner Model - Confidentiality and Integrity, BLP + Biba. 1 st Commercial Model. Graham-Denning - focused on relationship between subjects and objects Harrison-Ruzzo-Ullman - similar to Graham, focuses on situations where a subject should be restricted from gaining particular privileges. TAKE-GRANT - uses a direct graph to specify the rights that subjects can transfer to objects or that subjects can take from other subjects - Uses STATES and STATE TRANSTIONS Take Rule: Allow a subject to take rights over an object. Grant Rule: Allows a subject to grant rights to an object. Create Rule: Allows a subject to create new rights. Remove Rule. Allows a subject to remove rights it has.
Fault Tolerance (FT)
Make single system resilient against technical failures: - Power supplies - Multiple power sources - RAID RAID 0 (Disk striping): RAID 0 splits data across any number of disks allowing higher data throughput. Minimum 2 disks. RAID 1 (Disk Mirroring): Identical Disks. No stripe or parity. Minimum 2 disks. RAID 5 (Striping with parity): Minimum 3 disks. Blocks striped, distributed parity. RAID 6 (Striping with double parity): ... RAID 10 (Striping + Mirroring): Minimum 4 disks. Blocks striped and mirrored.
Memory
Mgmt. - Track, grant, free Protection - Restrict access to memory segments. Segmentation fault - Unauthorized segment requested. Memory Leak - acculumate memory and fail to release it (firefox style :) )
Components of Modern Cryptography
Modern electronic cryptosystems use complex mathematical algorithms and other techniques and mechanisms to provide network and information security. Cryptography-based security technologies commonly use one or more of the following basic components to provide security functions: - Encryption algorithms - Message digest functions - Hashed Message Authentication Code (HMAC) functions - Secret key exchange algorithms - Digital signatures
Engineering Principles for IT Security
NIST SP 800-27 Initiation; need expressed, purpose documented, impact assessment Development/Acquisition; system designed, purchased, programmed, developed or constructed. Implementation; system tested and installed, certification and accreditation. Operation/Maintenance; performs function, security operations, audits. Disposal; disposition of information, HW and SW. Physical controls are your first line of defense, and people are your last
ring 0
OS kernel/memory -highest level of privilege, can access any resource
Other things to know
Objects of sensitivity labels are: single classification and component set 'dominate' in access control means access to higher or equal access class Security perimeter = line between TCB and outside Validating TCB = formal for system integrity
Fire
Prevention Training construction, supplies, reach ability Detection Manual: pull boxes Automatic dial- up: Fire department, aka Auxiliary station alarm Detectors: - Smoke activated, - Heat activated, - Flame activated(infrared) Classes A Common WATER, SODA ACID (take away temp) B Liquids----GAS/CO2, SODA ACID (takes away fuel) C Electrical-----GAS/CO2 (displace O2) D Metals----DRY POWDER WATER suppress temperature SODA ACID reduces fuel supply CO2 reduces oxygen HALON chemical reaction Fire distinguishers should be 50 feet from equipment and toward the door Heat Computer hardware 175F (80c) Magnetic storage 100F (37c) Paper 350F (176c) Sprinklers Wet pipe always contains water, fuse nozzle melts at 165F Dry pipe water in tank until clapper valve releases it - only begins to fill when triggered by excessive heat Douches, large amounts of water/foam Pre-action (MOST RECOMMENDED) water in tanks, first water in pipes when air is lost when heat is detected, then thermal link in nozzle melts to release water HALON 1211 = portable 1301 = flooding FM-200 most common replacement (others: CEA, NAF, FE-13 Argon INERGEN Low Pressure Water) RESISTANCE Walls: 1 hour fire rating and adjacent room with aper 2 hours
Common System Components (198)
Primary Storage - is a temporary storage area for data entering and leaving the CPU Random Access Memory (RAM) - is a temporary holding place for data used by the operating systems. It is volatile; meaning if it is turned off the data will be lost. Two types of RAM are dynamic and static. Dynamic RAM needs to be refreshed from time to time or the data will be lost. Static RAM does not need to be refreshed. Read-Only Memory (ROM) - is non-volatile, which means when a computer is turned off the data is not lost; for the most part ROM cannot be altered. ROM is sometimes referred to as firmware. Erasable and Programmable Read-Only Memory (EPROM) is non-volatile like ROM, however EPROM can be altered. Process states: - Stopped; process finishes or must be terminated - Waiting; the process is ready for continued execution but is waiting for a device or access request - Running; executes on the CPU and keeps going until it finishes, its time slice expires, or it is blocked - Ready; process prepared to execute when CPU ready Multitasking - execute more than one task at the same time Multiprocessing - more than one CPU is involved. Multi-Threading: execute different parts of a program simultaneously Single state machine - operates in the security environment at the highest level of classification of the information within the computer. In other words, all users on that system must have clearance to access the info on that system. Multi-state machine - can offer several security levels without risk of compromising the system's integrity. CICS - complex instructions. Many operations per instruction. Less number of fetches RISC - reduced instructions. Simpler operations per instruction. More fetches. Software 1 GL: machine language (used directly by a computer) 2GL: assembler 3GL: FORTRAN. Basic pl/1 and C++ 4GL: Natural / focus and SQL 5GL: Prolog, lisp artificial intelligence languages based on logic
Email Security
S/Mime - Confidentiality (encryption) Integrity (using PKCS X.509 PKI) and non-rep through signed message digests PEM - Privacy Enhanced Email Encryption (AES) PKI X.509 and RSA Message Security protocol - Military X.400. Sign, Encrypt, Hash Pretty Good Privacy - uses IDEA and RSA instead
Security Assertion Markup Language (SAML)
SAML is an XML-based convention for the organization and exchange of communication authentication and authorization details between security domains, often over web protocols. SAML is often used to provide a web-based SSO (single sign-on) solution. If an attacker can falsify SAML communications or steal a visitor's access token, they may be able to bypass authentication and gain access. SAML is a common protocol used for SSO on the Internet. *Best choice to support a federated identity management system, *Does not have a security mode and relies on TLS and digital signatures If home organization offline implement a cloud based system User training about SSO directs a good idea
Nice to Know
SMSD - Switched Multimegabit Data Service, a connectionless packet-switching technology. Often, SMDS is used to connect multiple LANs to form a metropolitan area network (MAN) or a WAN. SMDS was often a preferred connection mechanism for linking remote LANs that communicate infrequently, a forerunner to ATM because of the similar technologies used. DHCP Snooping - used to shield networks from unauthenticated DHCP clients ICS - industrial control system is a form of computer-management device that controls industrial processes and machines. ICSs are used across a wide range of industries, including manufacturing, fabrication, electricity generation and distribution, water distribution, sewage processing, and oil refining. There are several forms of ICS, including distributed control systems (DCSs), programmable logic controllers (PLCs), and (SCADA). SCADA - supervisory control and data acquisition Kerchoff principle - a cryptographic system should be secure even if everything about the system, except the key, is public knowledge. Input and Parameter Checking - limit how much data can be proffered as input. Proper data validation is the only way to do away with buffer overflows. Side-channel attack - is a passive, noninvasive attack intended to observe the operation of a device. When the attack is successful, the attacker is able to learn valuable information contained within the smartcard, such as an encryption key.
secondary memory (secondary storage)
SSD's, hard drives, tapes, CD's, DVD's, flash memory devices
ITIL
The ITIL Core includes five publications addressing the overall life cycle of systems. ITIL as a whole identifies best practices that an organization can adopt to increase overall availability, and the Service Transition publication addresses configuration management and change management processes. - Service Strategy - Service Design - Service Transition - Service Operations - Continuous Service Improvement
SQL Injection Protection
Single quotes are critical to SQL attack. -Input validation -parameterized SQL
Cyber-Physical Systems (CPS)
Smart networked systems with embedded sensors, processors, and actuators that are designed to sense and interact with the physical world.
Symmetric algorithms
Some examples of popular symmetric algorithms (symmetric-key algorithms): AES/Rijndael - Block cipher - 128-256 bits (Standard, people note AES-512 is another design) Blowfish - Block cipher - up to 448 bits (strong but being phased out) CAST5 - Block cipher - 40. 64, 128 and 256 bits (default cipher in some versions of GPG and PGP, arrived before AES was around) DES - Block cipher - 56 bits (not recommended) IDEA - Block cipher - 128 bits (strong but being phased out) RC6 - Block cipher - 28-256 bits (strong, not adopted by community) Serpent - Block cipher - 128-256 bits (strong, not adopted by community) Triple DES - Block cipher - 3 DES keys (56x3) (strong but being phased out) Twofish - Block cipher - Up to 256 bits (strong, not adopted by community) Block cipher: Encryption algorithm that encrypts a fixed size of n-bits of data - known as a block - at one time. The usual sizes of each block are 64 bits, 128 bits, and 256 bits. So for example, a 64-bit block cipher will take in 64 bits of plaintext and encrypt it into 64 bits of ciphertext. In cases where bits of plaintext is shorter than the block size, padding schemes are called into play. Majority of the symmetric ciphers used today are actually block ciphers. DES, Triple DES, AES, IDEA, and Blowfish are some of the commonly used encryption algorithms that fall under this group. Stream cipher: Encryption algorithm that encrypts 1 bit or byte of plaintext at a time. It uses an infinite stream of pseudorandom bits as the key. For a stream cipher implementation to remain secure, its pseudorandom generator should be unpredictable and the key should never be reused. Stream ciphers are designed to approximate an idealized cipher, known as the One-Time Pad. RC4 - Stream Cipher - 1-2048 bits (most popular issues identified, being phased out) One-Time Pad: Which is supposed to employ a purely random key, can potentially achieve "perfect secrecy". That is, it's supposed to be fully immune to brute force attacks. The problem with the one-time pad is that, in order to create such a cipher, its key should be as long or even longer than the plaintext. In other words, if you have 500 MegaByte video file that you would like to encrypt, you would need a key that's at least 4 Gigabits long. Clearly, while Top Secret information or matters of national security may warrant the use of a one-time pad, such a cipher would just be too impractical for day-to-day public use. The key of a stream cipher is no longer as long as the original message. Hence, it can no longer guarantee "perfect secrecy". However, it can still achieve a strong level of security.
Composition Theories
Some other models that fall into the information flow category build on the notion of how inputs and outputs between multiple systems relate to one another— which follows how information flows between systems rather than within an individual system. These are called composition theories because they explain how outputs from one system relate to inputs to another system. There are three recognized types of composition theories: - Cascading: Input for one system comes from the output of another system. - Feedback: One system provides input to another system, which reciprocates by reversing those roles (so that system A first provides input for system B and then system B provides input to system A). - Hookup: One system sends input to another system but also sends input to external entities. MAC - Subjects are labelled as to their level of clearance. Objects are labelled as to their level of classification or sensitivity. Subjects - Users(perform work task), Data Owners(protect data), and Data Custodians (classify and protect data)
Symmetric Steam Ciphers
Steam and Block: Use same key to encrypt and decrypt
Trust - ()
Transitive Trust - Transitive trust is the concept that if A trusts B and B trusts C, then A inherits trust of C through the transitive property— which works like it would in a mathematical equation: if a = b, and b = c, then a = c. A transitive trust extends the trust relationship between the two security domains to all of their subdomains. Within the context of least privilege, it's important to examine these trust relationships. Nontransitive trust - exists between two security domains, which could be within the same organization or between different organizations. It allows subjects in one domain to access objects in the other domain. A nontransitive trust enforces the principle of least privilege and grants the trust to a single domain at a time.
Product Evaluation Models
Trusted Computer System Evaluation Criteria TCSEC: (Orange book) From the U.S. DoD, it evaluates operating systems, application and systems. It doesn't touch the network part. It only addresses confidentiality! ITSEC || TCSEC || Explanation 1 D minimal protection, any systems that fails higher levels 2 || C1 || DAC; (identification, authentication, resource protection). 3 ||C2 || DAC; Controlled access protection (object reuse, protect audit trail). 4 || B1 || MAC; (security labels) based on Bell LaPadula security model. Labeled security (process isolation, devices 5 || B2 || MAC; Structured protection (trusted path, covert channel analysis). Separate operator/admin roles. Configuration management 6 || B3 || MAC; security domain (trusted recovery, Monitor event and notification). 7 || A || MAC; Formal, verified protection Operational assurance requirements for TCSEC are: - System Architecture - System Integrity - Covert Channel analysis - Trusted Facility Management - Trusted recovery Rainbow series: Red = trusted network, Orange = TCSEC evaluation Brown = trusted facilities management dcsmmmTan = audit, Aqua = glossary. Green = password management Information Technology Security Evaluation Criteria: ITSEC: it is used in Europe only, not USA. Addresses CIA. Unlike TCSEC it evaluates functionality and assurance separately. Assurance from E0 to E6 (highest) and F1 to F10 (highest). Therefore a system can provide low assurance and high functionality or vice-versa.
security mode
US govt created 4 sec modes for sys's that process classified info 1) dedicated mode 2) system high mode 3) compartmented mode 4) multilevel mode
PKI
Understand the public key infrastructure (PKI). In the public key infrastructure, certificate authorities (CAs) generate digital certificates containing the public keys of system users. Users then distribute these certificates to people with whom they want to communicate. Certificate recipients verify a certificate using the CA's public key. X.509 standard = PKI . Serial number, owner, issuer name Integrity (hash code and message digest), access control, confidentiality (by encryption), authentication (digital certificates) and non-repudiation (digital signatures) issuer signs a certificate If you only want to check if a mail is not altered: use digital signature! Proves that the signature was provided by the intended signer trust anchor = public key that has been verified and that's trusted
Other
Use wrapper as control when can't patch a system. Update firmware. Segment network.
RAID
Used for availability not backup!! RAID 0 (Disk striping): RAID 0 splits data across any number of disks allowing higher data throughput. Minimum 2 disks. RAID 1 (Disk Mirroring): Identical Disks. No stripe or parity. Minimum 2 disks. RAID 5 (Striping with parity): Minimum 3 disks. Blocks striped, distributed parity. RAID 6 (Striping with double parity): ... RAID 10 (Striping + Mirroring): Minimum 4 disks. Blocks striped and mirrored. https://en.wikipedia.org/wiki/Standard_RAID_levels
registration authorities (RA)
assist CA's with the burden of verifying users identities prior to issuing dig cert's
Merkle-Hellman
asymmetric algo based on difficulty of factoring operations -relies on a component of set theory called super-increasing sets rather than large prime numbers -proven ineffective in 1984
known plaintext attack
attacker has a copy of the encrypted msg along with the plaintext msg used to generate the ciphertext.
chosen ciphertext attack
attacker has ability to decrypt chosen portions of the ciphertext msg and use the decrypted portion of the msg to discover the key
chosen plaintext attack
attacker has ability to encrypt plaintext msg's of their choosing and can then analyze the ciphertext output of the enc algo
time of check to time of use (TOCTTOU)
attacker races with the legitimate process to replace the object before it is used. -relies on timing between time to check and time to use
man in the middle
attacker sits b/t 2 parties, impersonating each and intercepts traffic . -difficult to achieve because attacker must impersonate both parties
fence
any perimeter defining device -used to clearly differentiate areas that are under a specific level of sec protection and those that aren't
local cache
anything that is temporarily stored on the client for future use
fault tolerance
ability of a system to suffer a fault and continue to operate -achieved by adding redundant components, such as disks (RAID) or servers within a failover clustered config
analytic attack
algebraic manipulation that attacks the logic of the algo
HMAC (Hashed Message Authentication Code)
algo that implements a partial digital signature -guarantees integrity of a msg during transmission, but not non-repudiation -can be combined with any standard msg digest algo by using a shared secret key
trusted system
all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment
random access storage
allow an OS to read (sometimes write) immediately from any point within the device -nearly always random access devices
data mining
allow analysts to comb thru data and look for correlated info -results in dev of data models that can predict future activity -produces metadata (info about data), which can be stored in the data mart
modem security
allow users to create uncontrolled access points into your network -legacy equipment, not common today -must be connected to an operational telephone land line
programmable ROM (PROM)
allows a user to burn in data once
TEMPEST
allows the electronic emanations that every monitor produces (Van Eck radiation) to be read from a distance (aka Van Eck phreaking)
unconstrained data item (clark wilson model)
any data item that is NOT controlled by the sec model
constrained data item (clark wilson model)
any data item whose integrity is protected by the sec model
gate
controlled exit and entry point in a fence -deterrent level of a gate must be equivalent to the deterrent level of the fence to sustain the effectiveness of the fence as a whole
frequency analysis and ciphertext only attack
counting the freq. of chars to find a pattern
sec locks
crude form of identification and authorization mechanism -key based locks are known as preset locks
crime prevention through environmental design (CPTED)
structure the physical environment and surroundings to influence individual decisions that potential offenders make before committing criminal acts.
user mode
basic mode used by the CPU when executing user apps -VM or virtual subsystem machine are often executed in this mode
BYOD
bring your own device -improves employee morale, but poses sec problems
white noise
broadcasting false traffic at all times to mask and hide the presence of real emanations -most effective when created around the perimeter of an area and broadcasted outward to protect the internal area where emanations may be needed for normal ops. Alternative is "Faraday Cage".
hardware security module (HSM)
cryptoprocessor used to manage/store digital enc keys, accelerate crypto operations, support faster digital signatures, and improve authentication. -provide an accelerated solution for large (2048+ bit) asymm enc and a secure vault for key storage.
registers
small amount of memory onboard the CPU -provide CPU with directly accessible memory locations that the brain of the CPU, the arithmetic logical unit (ALU) uses when performing calculations -this memory type operates in lockstep with the CPU at CPU speeds
state
snapshot of a system at a specific moment in time -if all aspects of a state meet the requirements of the sec policy, this is considered secure
confinement
software concept that allows a process to read from and write to only certain memory locations and resources -restricts actions of a program
parallel data systems (parallel computing)
computation system designed to perform numerous calculations simultaneously
industrial control system (ICS)
computer mgmt device that controls industrial processes
cloud computing
computer processing/storage performed over a network rather than locally.
bounds
consist of limits set on the memory addresses and resources it can access
dry pipe system
contains compressed air -once triggered, air escapes, opening a water valve that causes the pipes to fill and discharge water
BIOS (basic input/output system)
contains the OS-independent primitive instructions that a computer needs to start up and load the OS from disk. -"flashing the BIOS" -> updating the BIOS
auxiliary station
can be added to either local or centralized alarm systems
meet in the middle
can be used to defeat systems that use 2 rounds of enc (2DES) -attacker uses a plaintext msg, and encrypted with every possible key, and the ciphertext is dec'd with all possible keys -generally takes only double the amount of time needed to break a single round of enc
multistate
capable of implementing a much higher level of sec. -certified to handle multiple sec levels simultaneously by using specialized sec mechanisms, which are designed to prevent info from crossing sec levels -not common in practice due to expense
TCSEC protection levels
category A: verified protection. highest level of sec category B: mandatory protection category C: discretionary protection category D: minimal protection.
ARP cache poisoning
caused by an attack responding to ARP broadcast queries in cache -sends back false replies -another form is to create static ARP entries
verification
checking the CA's dig sig using the CA's public key -done after receiving a dig cert -then check to make sure the cert is not on a cert revocation list (CRL)
SLA (service level agreement)
clearly defines the response time a vendor will provide in the event of an equipment failure emergency
applets
code objects that are sent from a server to a client to perform an action -self contained mini-programs that execute independently of the server that sent them -can allow the processing burden to be placed on client and not server
security kernel
collection of components in the TCB that work together to implement reference monitor functions -purpose is to launch appropriate components to enforce reference monitor functionality and resist all known attacks
PCI-DSS (Payment card industry- data security standard)
collection of requirements for improving the sec of electronic payment transactions -defines requirements for sec mgmt, policies, procedures, network architecture, sw design, etc.
big data
collections of data that has become so large that traditional means of analysis are inefficient. -involves numerous difficult challenges like collection, storage, analysis, mining, transfer, etc. -requires hi-perf computing systems
preaction system
combination of dry/wet pipe systems -pipes are dry, then fills w/ water when the initial stages of a fire are detected, then requires a sprinkler head heat activation before dispensing water -*most appropriate water-based system for environments that house both computers and humans together* -most common cause of failure for water based systems is human error from turning off the system or triggering water release when there is no fire
inference
combines several pieces of nonsensitive info to gain access to info that should be classified at a higher level -i.e, sensitive info a user would not be permitted to access directly -defense is to maintain vigilance over the perm's granted to users; blurring data (data rounded off)
PGP (Pretty Good Privacy)
combines the CA hierarchy with the 'web of trust' concept -available in commercial (RSA for key exchange, IDEA for enc/dec, and MD5 for hashing) and freeware (diffie-hellman for key exchange, Carlisle Adams/Stafford Tavares (CAST) for enc/dec, and SHA-1 for hashing) versions
aggregation
combining records from db tables to produce potentially useful info -used to collect numerous low level sec items and combine them to create something of higher value -db admin's should control access to aggregate functions
defense in depth
common sec strategy used to provide a protective multilayer barrier against attacks
blackout
complete loss of power
firmware (aka microcode)
software on a ROM chip -very rare to change the software -drives the basic operation of computers -2 types: a) BIOS b) internal/external device firmware
digital rights management (DRM)
software that uses enc to enforce copyright restrictions on digital media
radio frequency interference (RFI)
source of noise/interference that can affect many of the same systems as EMI. many electrical appliances generate this
protection profiles (PP's)
specify for a Target of Evaluation (TOE) the sec requirements and protections -i.e, the "I want" from a customer, or security desires
security targets (ST's)
specify the claims of sec from the vendor that are built into a TOE -i.e, the "I will provide"
4 fire stages?
stage 1: incipient stage- only air ionization stage 2: smoke stage- smoke is visible stage 3: flame stage- visible flames stage 4: heat stage- after time, fire generates intense heat buildup
access rules
state which objects are valid for each subject
* (star) integrity property (biba)
states that a sub cannot modify an obj at a higher integrity level -no write-up -write down allowed
simple integrity property (biba)
states that a sub cannot read an obj at a lower integrity level -no read-down -read up allowed
simple security property (bell LaPadula)
states that a sub may not read info at a higher sensitivity level -no read up -read down allowed
* (star) security property (bell LaPadula)
states that a sub may not write info to an obj at a lower sensitivity level -aka the Confinement Property -exception: a "trusted subject" is not constrained by this property -no write down -write up allowed
multi-level security policy
states that a sub with any level of clearance can access resource at or below its clearance level
discretionary security property (bell LaPadula)
states that the system uses an access matrix to enforce discretionary access control
certificate practice statement (CPS)
states the practices a CA employs when issuing/managing cert's
memory addressing
referring to various locations used in memory -has 5 different types
TLS
replacement for SSL -POODLE attack demonstrated flaws in SSL -uses port 443
sequential storage devices
require that you read all the data physically stored prior to the desired location. -operate much slower than random access storage -can hold massive data amounts for very cheap ex- magnetic tape drive
single state
require the use of policy mechanisms to mange info at different levels -sec admin's approve a processor and system to handle only one sec level at a time ex: a system labeled secret can only allow approved users to handle it
separation of privilege
requires the use of granular access perms -i.e, different perms for each type of privileged operation
object
resource a user/process wants to access ("file")
Key stretching
salt and hash address
trusted paths
secure channels to allow TCB to comm with the rest of the system -channel established with strict standards to allow necessary comm to occur w/o exposing the TCB to sec vulnerabilities -also protects system users
birthday attack (aka collision attack)
seeks to find collisions in hashing algo's
capacitance motion detector
senses changes in the electrical/magnetic field
photoelectric motion detector
senses changes in visible light levels for the monitored area -usually deployed in black rooms
security token
separate object that is associated with a resource and describes its security attributes. -can communicate sec info about an object prior to requesting access to the object
transient
short duration of line noise disturbance
greatest risk to monitor security
shoulder surfing or telephoto lenses
system high mode
similar to dedicated mode, but all users do not necessarily have a need to know for all info processed on a system high mode
mandatory access controls (MAC)
static attributes of the subject and the object are considered to determine the permissibility of an access
Cipher Modes
■ Electronic Code Book (ECB) Mode: The least complex mode; each block is operated on independently, and an IV is not used. Because identical plaintext blocks result in identical ciphertext, this mode is not useful for providing message confidentiality. ECB may be useful for short transmissions such as key exchange. ECB is commonly, and erroneously, implemented by vendors for bulk data encryption. This contradicts NIST guidance and puts customer data at grave risk. ■ Cipher Block Chaining (CBC) Mode: Adds an IV and uses a chaining method such that results of the encryption of previous blocks are fed back into the encryption of the current block. This makes CBC useful for message confidentiality. ■ Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR) Mode: These modes are capable of producing unique ciphertext given identical plaintext blocks, and are useful for message confidentiality. Because these modes employ a block cipher as a keystream generator, they can operate as a stream cipher. This may be desirable in applications that require low latency between the arrival of plaintext and the output of the corresponding ciphertext. - Output Feedback OFB - stream cipher that generates the key but XOR-ing the plaintext with a key stream. No errors will propagate - Counter (CTR) - secure long messages See 111000111000 it's XOR