INFORMATION SECURITY

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

SSL(Secure Sockets Layer)

"___ provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that prevents eavesdropping, tampering, or message forgery." Goals: Confidentiality, integrity and mutual authentication Supported by all browsers, all common servers ___3.0 was the basis for TLS1.0

Stream Cipher Cons

-2 time pad attacks -Malleable(possible to change the contents of the message m without decrypting)

Chaums Online eCash Protocol Drawbacks

-All transactions must be online -If not online, customer could otherwise spend the same coin multiple times

Popular word construction

-Append all possible one, two, three characters strings to common passwords and dictionary words -Prepend all possible one, two, three character strings to common passwords and dictionary words. -Combine a + b

Hash Function Uses

-Authenticity, -Integrity -Digital signatures -Password databases -Proof of work computation(Blockchain)

How are passwords cracked?

-Brute force -Common passwords(only passwords that are longer than 6 chars.) -Apply popular word construction rules to common passwords and dictionary words

Overloading Methods

-Consume too much bandwidth -Create too many requests -Create time consuming requests -Make the service hard to reach by overloading a nearby router with bogus requests.

Applications of Block Ciphers

-Encryption schemes -Hash functions -Stream ciphers (CTR mode) -Message Authentication Codes -Pseudorandom bit generators

How to build a botnet

-Find a widespread vulnerability -Exploit it, install your malicious code and turn it into a bot -Let bots make more vulnerable machines into more bots

Popular Hash Functions

-MD5(now considered broken)(128 bit hash values) -SHA1(broken too, 160 bit hash values) -SHA2 family( SHA224, SHA256, SHA384, SHA512) -SHA3 family(SHA3-224, SHA3-256, SHA3-384, SHA3-512)

Protecting against Active Data Upload

-Put any uploads outside of the path to the document root to prevent the attacker from directly accessing the file. File should be streamed on request rather than executed. -Create a new, unpredictable filename.

Defences against CSFR

-Server cannot distinguish whether browser is making a request on user or attacks behalf -Valid requests for critical state changes(money transfers) must include unpredictable tokens. This can be done with challenge response mechanisms.

Brute-forcing methods

-Short passwords: Go through all possible character strings of length 1 through 6 -Lowercase passwords: of length 7 or 8. -Uppercase passwords: of length 7 or 8.

Active Data Upload Attack

-Site allows data to be uploaded eg. img giles -Attacker discovers site uses PHP, Java.. -Uploads an active file eg. myload.php -Server saves it -Attacker runs mysite.com/uploads/myload.php

SQL Injection uses

-Steal contents of databases(passwords, credit cards, user data(CONFIDENTIALITY BREACH) -Modify contents of database(delete all contents) BREACHES INTEGRITY -Get unauthorised access to resources.

RC4(Rivest Cipher 4)

-Used in WEP, WPA and SSL/TLS -Very efficient and simple, but has some security flaws

Defenses against XSS

-User input must be securely handled in both client and server side code. -Secure and reflected XSS and countered by the same defense mechanisms.

CSFR(Cross-site Request Forgery)

-User/victim is authenticated to server and in a session with a server. -User clicks link or resource provided by an attacker. Browser interprets this as the provided resource and connects to server. -Server cannot distinguish between malicious and genuine request as both are received in the same browser. -____ purpose is to cause a state change as attacker cannot directly observe an outcome.

public key cryptography uses

-secure distribution of keys -forms of authentication and non-repudiation -digital signatures

Validating an X.509 certificate

1) Certificate recipient authentically obtains a public key of CA that signed the certificate 2)Recipient validates certificate by computing hash of non signature fields and checking it matches the signed hash. 3) Recipient checks the validity period to ensure certificate has not expired

Certificate Parameters

1) Issuer 2) Expiration Date 3) Purpose of the public key

Chaum's Ecash

1)Not transferable 2)Unforgeable 3)Anonymous(for honest users...) 4)Untraceable 5)Transactions can be made offline 6)Centralized system

Common Hacking Tactics

1)Social Engineering 2)Physical access to systems 3)Application vulnerabilities 4)Flawed communication protocols 5) Hardware level vulnerabilities 6)Broken crypto primitives 7)Mathematical breakthrough

Bitcoin

1)Transferable 2)Unforgeable 3)Anonymous 4)Not traceable 5)Transactions not avaliable offline 6)Distributed System

How does a rainbow table work?

1. Check table for hash 0x1135 2. Apply reduce function. R(0x1135)=h4x0rz(maps hash values back to strings of characters that are likely to occur in actual passwords) 3.Apply hash function. H(h4x0rz)=0xDEAD 4. Check table for 0xDEAD. Find possibilities and try both hash chains. 5. Apply R and H to find the password. Save space by computing hash chains. Storing only the first and last elements in a chain.

Password Authentication

1. Find Alice in DB 2. Read password hash 3. Compute supplied hash 4. Compare hash values

Threat agent

1. Identify relevant threat agents: e.g., External attacker vs inside attacker, Script kiddies vs organised criminals, Competitors vs nation-states, Accidental vs Intentional actors. 2. Identify threat agents' skills and motives 3. Identify threat agents' opportunity and group size

Problems with RC4

1. It was discovered that some bytes of the output are biased. 2. First few bytes of output sometimes leak some information about the key TLDR: dont use RC4

Constructing a MAC

1. Some ___ are secure even if the adversary is not computationally bound. These constructions are not practical in the same way as OTP. 2.___ can also be constructed from hash functions eg. NMAC, HMAC 3. ___ can be constructed from block ciphers eg. CBC-MAC

One Time Pad disadvantages

1. The key has to be as long as the message. |C| == |M| 2. It is very difficult to generate truly random strings. 3. The key cannot be reused.

Formal Definition of MAC Scheme

A ___ scheme is a pair of algorithms(tag, vrfy) where Tag: K x M → T Verify: K x M x T → {true, false} tag is called a tagging alg vrfy is a verification alg K is set of Keys M is set of plaintxts T is set of tags

Hash Functions

A ____ ________ maps a string of arbitrary length(message) to a string of fixed length(message digest/hash)

Block Cipher Notation

A _____ _____- with key length k and block size n consists of two sets of efficiently computable bijections: EK: {0,1}n --> {0,1}n and DK: {0,1}n --> {0,1}n such that DK is the inverse of EK for any K in {0,1}k

Rainbow Tables

A _______ _____ is a database that is used to gain authentication by cracking the password hash. It is a precomputed dictionary of plaintext passwords and their corresponding hash values that can be used to find out what plaintext password produces a particular hash

Certificates

A _________ is a data structure that binds an identity and a purpose to a key.

one-time pad (OTP)

A ________________ involves combining plaintext with a random key to create ciphertext that cannot be broken mathematically.​

Pre-Image Resistance

A characteristic of a strong hash function in which it is infeasible to generate a plaintext value based on its hash.

Vulnerability

A characteristic of a system that can be exploited by a threat.

Public Key Infrastructure (PKI)

A digital certificate binds an identity and purpose to a public key. A ___ is a set of policies and procedures to manage digital signatures. Can be based on: 1) Certificate Authorities 2)Web of Trust 3)Blockchain

Digital Signatures

A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.

Risk

A function of loss associated with an event and probability that event occurs. Working definition for risk associated with vulnerabilities: rish = (impact to asset from exploit of vulnerability) x (probability of occurrence) .

Collision resistance

A hash function H is ________ _________ if it is hard to find two inputs that hash to the same output.

Hybrid Encryption

A method of encryption that makes use of both symmetric and asymmetric encryption by encrypting a symmetric key with public key encryption.

Prime Numbers

A natural number p 6= 1 is a prime number , or simply a prime, if 1 and p are the only divisors of p.

pseudorandom number generator

A program element that performs calculations to produce a series of numbers in seemingly random order.

Establishing Secure Channels

A secure channel provides confidentiality and authenticity, so we need both encryption and authentication.

Certificate Authority (CA)

A trusted third-party agency that is responsible for issuing digital certificates.

Reflected DoS attack

A type of DoS attack that uses a forged source IP address when sending requests to a large number of computers. This causes those systems to send a reply to the target system causing a DoS condition.

XSS(Cross Site Scripting)

A type of injection attack in which malicious scripts are injected into trusted websites and then executed in the victims browser. Attacked can steal cookies and credentials, spy on the user and modify the webpage content to preform the phishing attacks.

DDos/IP spoofing

A type of spoofing whereby an intruder uses another site's IP address as if it were that other site

NTP Amplification Attack

A volumetric DDoS attack that takes advantage of a vulnerability in NTP protocol, with a goal of flooding a server with UDP traffic.

Same Origin Policy

A web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin

Modular Arithmetic

A/B=Q remainder R A is the dividend B is the divisor Q is the quotient R is the remainder Using the same A, B, Q, and R as above, we would have: A mod B = R EXAMPLE 13/5 = 2 remainder 3 13 mod 5 = 3

Best Block Cipher

AES -widely supported -special hardware instructions available on modern CPUs

Security of Hashed Passwords

Against malicious system admins(active adversary)? -No!! E.g. Key loggers, modified log-in code... Against curious (eavesdropping) system administrators and leaked password databases? - A hash function is a 1-way function, which means that it can't be decrypted.

RSA Generation

Alice generates her ___ keys by selecting two primes: p=11 and q=13 The ___ modulus is n=p*q=143 The totient is n ϕ(n)=(p−1)x(q−1)=120 She chooses 7 for ___ public key E and calculates her ___private key using extended euclidean alg giving her 103.

Injections Attack Conclusion

Allowing any form of user input(SQL queries, forms, GET/POST variables, data uploads) makes your application vulnerable to injection attacks.

chosen plaintext attack

Allows manipulation of a cryptosystem by choosing a block of plaintext, and getting the ciphertext as output to see how things are enciphered.

certificate chain

Also known as the certification path, is a list of certificates used to authenticate an entity. It begins with the certificate of the entity and ends with the root CA certificate.

DDoS (Distributed Denial of Service)

An attack on a computer or network device in which multiple computers send data and requests to the device in an attempt to overwhelm it so that it cannot perform normal operations. Frequently carried out by botnets by instructing bots to request a service from the victim.

SQL Injection

An attack that targets SQL servers by injecting commands to be manipulated by the database.

Efficient Algorithm

An efficient algorithm is an algorithm whose running time is bounded by a polynomial in the size of its input

Perfect Secrecy

An encryption scheme is perfectly secret if the adversary learns no additional information about the plaintext after observing the ciphertext.

Encryption Scheme

An encryption scheme(or cipher) is a pair of algorithms(Enc, Dec) where: Enc: K × M → C Dec: K × C → M Enc is called the encryption algorithm, Dec is called a decryption algorithm, K is the set of keys, M the set of plaintexts, C the set of ciphertexts.

DoS(Denial Of Service)

Attack the availability of the service. 2 options to attack availability: -Break the service -Overload the service/starve it of a resource

DoS/Overloading the service

Attacker makes services unavailable to legitimate users by overloading the service or starving it of a resource with bogus requests so legitimate ones cannot be serviced.

congruence modulo

A≡B(mod C) This says that A is congruent to B modulo C. 1. ≡ is the symbol for congruence, which means the values A and B are in the same equivalence class. 2.(mod C) tells us what operation we applied to A and B. 3.when we have both of these, we call ≡" congruence modulo C. 26 mod 5=1 so it is in the equivalence class for 1, 11 mod 5 = 1 so it is in the equivalence class for 1, as well.

Chaum's Online eCash: Withdrawl

Bank RSA pub.key:(e,n) Bank RSA priv.key(d,n) Create random coin number: c, Blinding factor: r User→c*r^e mod n → Bank: Debit £1 from acc, Sign blinded coin User← c^d*r mod n ← Bank User then unblinds coin no. by dividing by r This is called a blind signature

Security of AES

Best known attack: Biclique attack

RSA decryption

Bob can simply: 1. Compute m as: 2. m = c^d (mod n) 3. Convert m into Alice's message

public key cryptography example

Bob has key pair(sk,pk) and Alice wants to encrypt msg m for Bob. Like everyone, Alice knows Bob's public key pk . She computes ciphertxt c = E(pk, m) by applying the encryption function E with Bob's public key pk. Encrypting with fixed key pk by Epk, i.e., Epk(m) := E(pk, m) The scheme can only be secure if it's infeasible to compute m from c = Epk(m).

Configurated, Delegated CA

CAs whose public keys are configured in a system can authorise other CAs to act as delegated CAs Both kinds of CA are completely trusted to issue both certificates and recommend delegates as trustworthy CAs. (Certificate chains) Pros: Competitive pricing, convenience of local CAs, systems need to be configured with all certificates. Cons: As before, Compromise of any CA suffices to forge fraudulent certificates. Systems certificate can be manipulated by adding attackers keys,

MAC-then-Encrypt

Ciphertext integrity not protected May be vulnerable to padding oracle attacks Used in SSL/TLS t: Tag^k2(m) and c:=Enc^k1(m||t) send(c,)

Stored Server XSS

Classic XSS attack. Malicious user input is stored on the target server. Client receives the stored data from the server without the data being made safe to render in the browser.

CIA properties

Confidentiality, Integrity, Availability

Encrypt-and-MAC

Considered bad design as it may reveal information about the plaintext. Used in SSH. c: = Enc^k1(m) and t: Tag^k2(m), send(c,t)

Encrypt-then-MAC

Considered stronger than the 2 alternative methods But not foolproof! Used in IPsec, extensions of TLS and SSH c:=Enc^k1(m) and t:=Tag^k2(c) send (c,t)

chosen ciphertext attack

Cryptanalysis attack where the attacker chooses a ciphertext and obtains its decryption under an unknown key.

DNS Amplification Attack

DDoS attack is a reflection-based volumetric distributed denial-of-service (DDoS) attack in which an attacker leverages the functionality of open DNS resolvers in order to overwhelm a target server or network with an amplified amount of traffic.

Multiple CAs

Each system needs a set of CA public keys. Pros: Local CAs more convenient, competition prevents abusive pricing. Cons: Less secure than the single CA model Compromise of any CA suffices to forge fraudulent certificates. Systems certificate store can be manipulated by adding attacker's keys.

Encryption Scheme: Correctness Condition

Enc and Dec satisfy the following correctness condition: for every k in K: Dec(k,Enc(k,m)) = m.

Formal Definition of One-Time Pad

Enck(m) = k ⊕ m Deck(c) = k ⊕ c t - a parameter K = M = C = {0,1}t bit strings of length t ⊕: Bitwise XOR

Encryption Scheme Notation

Enck(m) and Deck(c) for Enc(k,m) and Dec(k,c), respectively

Chaum's Online eCash: Payment

Encrypt vendor ID, hash of payment specification and the signed coin number: c^d mod n with banks public key {IDuser,h(spec),c^d mod n}pk(bank) payment spec contains the payment specification, e.g., date, time, items purchased, and a nonce.

Block Ciphers

Encrypts and decrypts blocks of bits, encryption is done with a key.

RSA Encryption

From Alice to Bob: 1. Looks up Bob's public key 2. Convert the message into an integer: m 3. Compute the ciphertext c as: c = m^e (mod n) 4. Send c to Bob

Diffie-Hellman key exchange

G group g generator of G Random a Random b

Pre-Image Resistance Notation

Given H(m) is hard to find so m' so that H(m)=H(m')

second preimage resistant

Given m it is hard to find m'!=m so that H(m)=H(m')

Constructing MACs from Hash Functions(HMAC)

HMACk(m) = H((k xor opad)|| H(k xor ipad|| m)) For example: HMAC-SHA256k(m) = SHA256((k xor opad)|| SHA256(k xor ipad|| m))

composite number

If a number n ∈ N is not prime, it is called composite A number with more than two factors.

X.509 Format

Issuer Name: CA Name Serial Number: Unique for each CA Algorithm: Identifier for alg used to sign certificate Subject name: User who's public key is certified Subject public-key info: Identifies alg and user public key Signature: Hash of the other fields, signed with CA's signing key

Collision Resistant Notation

It's hard to find any pair(m,m') such that H(m)=H(m')

DES(Data Encryption Standard)

Key Length: 56 bits Block Length: 64 bits Outputs a 64 bit cryptogram.

AES(Advanced Encryption Standard)

Key sizes: 128, 192 or 256 bit, Block size: 128 bits ___ is new official standard

What makes systems insecure?

Limited Resources -Developments cost time/money -Must balance the cost of security with the potential loss Changing environment Enormous complexity in software

Injection Attacks

Malicious data is sent to an interpreter as part of a query or command.

Reflected Server XSS

Malicious user input is received by the target server and sent back to the browser(eg. Error/confirmation msg) Client receives data from the server without that data being made safe to render within the browser.

Stored Client XSS

Malicious user input stored in the client's browser. Data may not be sent to server

Countermeasure

Means to detect, deter or deny attacks to threatened assets

DOS/Permanent DoS

Method of breaking the service. Exploit security flaw to replace a devices firmware with non functional firmware

DOS/Ping of Death

Method of breaking the service. Send a malformed packet to crash the service

Do stream ciphers practice perfect secrecy?

NO!! Why? Keys in K are smaller than the messages in M

Threat

Potential cause of an unwanted event that may harm assets

Integrity

Property of accuracy and completeness

Availability

Property of being accessible and usable upon demand by an authorised entry.

Confidentiality

Property that information is not made available or disclosed to unauthorised.

TLS(Transport Layer Security)

Provides end-to-end communications security over networks and is widely used for internet communications and online translations. Used to prevent eavesdropping, tampering and message forgery. Common applications that employ TLS include web browsers, IM, email and (VoIP) voice over IP.

Examples of Injection Attacks

SQL, OS, LDAP injections Related: Buffer and heap overflow attacks, XXS

How to defend against SQL injections

Separate code and data Using prepared statements -Create a 'template' statement -Insert the data -Then do the statement Using stored procedures -Store a collection of statements in the database -These can be executed and return a result -Language independent -Can result in reduced network traffic

Why is brute forcing feasible?

Short Salt Values -Attack: Collect all hashes using the same salt and attack largest collection first with dictionary attack -Solution: Long salt values Fast Hash Functions: High ends graphics cards(GPU) and custom hardware can compute billions of hashes per second, so dictionary attacks are still effective.

Why are rainbow tables effective?

Since more than one text can produce the same hash, it's not important to know what the original password really was, as long as it produces the same hash.

4 types of XSS

Stored Server ___ Stored Client ___ Reflected Server ___ Reflected Client ___

If H is collision resistant

THEN H is second preimage resistant

Does one time pad provide perfect secrecy?

The One-Time-Pad provides perfect secrecy (the ciphertext conveys no information about the content of the plaintext. |M| = |C|) But: • The key must be chosen uniformly at random from the set of keys K. • The key must not be reused.

Kerckhoff's Principle

The design of a security mechanism should be made public; and not reply on obscurity. The system should remain secure even if your adversary knows exactly what kind of encryption system you are employing, as long as your key remains secure

Security of DES

The main weakness are • the short key (brute-force attacks are possible) • and the block length is too small.

X.509

The most widely accepted format for digital certificates and certificate validation as defined by the International Telecommunication Union (ITU). Used in IPSec, SSL/TLS, SSH

public key cryptography

The principle idea of _________ is public keys. In a _________ encryption scheme, the communication partners do not share a secret key. Each person's key is separated into 2 parts: -public key(pk) for encryption available to everyone -secret key(sk) for decryption kept secret by owner

Stream Cipher

They are called this because their output is an "infinite" stream of bits. _____ _______ generate keystreams from a key seed using a pseudorandom generator. Each plaintext digit is encrypted one at a time with the corresponding digit of the keystream to give a digit of the ciphertext.

Hash functions suitable for password hashing

They use slow, CPU intensive hashing mechanisms. A password hash should be inefficient with an adjustable work parameter. Require large amounts of memory to prevent parallelised attacks. Examples: bcrypt, scrypt, PBKDF2, Argon2

How MACs work?

To establish the ___ process, the sender and receiver share a symmetric key K. The sender uses some publicly known ___ algorithm, inputs the message and the secret key K and produces a ___ value. Similar to hash, ___ function also compresses an arbitrary long input into a fixed length output. The major difference between hash and ___ is that ___ uses secret key during the compression. The sender forwards the message along with the ___. We assume that the message is sent in the clear, as we are concerned of providing message origin authentication, not confidentiality. If confidentiality is required then the message needs encryption. Receipt of the message and the ___, the receiver feeds the received message and the shared secret key K into the ___ algorithm and re-computes the ___ value. The receiver now checks equality of freshly computed ___ with the ___ received from the sender. If they match, then the receiver accepts the message and assures himself that the message has been sent by the intended sender. If the computed ___ does not match the ___ sent by the sender, the receiver cannot determine whether it is the message that has been altered or it is the origin that has been falsified. As a bottom-line, a receiver safely assumes that the message is not genuine.

MAC(Message Authentication Code)

Used to preserve message integrity and provide authentication . Essentially an encrypted checksum generated on the underlying message that is send along with a message to ensure message authentication.

Symmetric Cryptography

Uses the same secret key k to encrypt and decrypt a message

Risk Assessment

What are we protecting? (asset) Who is the attacker? (threat agent) What are the threats? What are the vulnerabilities? What are effective defence mechanisms?

known plaintext attack

When an attacker has both a known plaintext and the ciphertext, they can sometimes derive the key itself.

MAC Correctness Condition

Where tag and verify satisfy the following correctness condition: for every k in K, m in M: vrfy(k,m,tag(k,m)) = true tag is called a tagging alg vrfy is a verification alg K is set of Keys M is set of plaintxts T is set of tags

RSA Security

___ derives its security from the difficulty of factoring large integers that are the product of two large prime numbers. Multiplying these two numbers is easy, but determining the original prime numbers from the total/factoring is considered infeasible due to the time it would take.

RSA(Rivest, Shamir, and Adleman)

___ is the most common internet encryption and authentication system. The system used an algorithm that involves multiplying two large prime integers to generate a public key, used to encrypt data and decrypt an authentication, and a private key, used to decrypt the data and encrypt an authentication.

XSS vs CSFR

___: Browser executes malicious injected code ____: Server receives malicious request from browser and acts on it

Single CA

_____ CA for the entire world. All systems configured with CA's public key. All certificates obtained from the CA directory, Pros: Simple setup, no need for trust recommendations. Cons: No organisation is universally trusted Debatable where CS should be located, inconvenient and insecure for distant organisations to obtain certification CA has monopoly, can charge excessive prices.

Chaums eCash Offline Protocol

_______ keeps customers anonymous as long as the customer is honest and spends each coin only once. If customer spends a coin more than once, bank will be able to identify the customer. This is achieved by splitting the coin into several parts and embedding the customer's ID to these parts.

ElGamal Encryption Scheme

_______ uses asymmetric key encryption, based on the Diffie-Hellman key exchange for communicating between 2 parties and encrpyting the message. Based on finding the discrete logarithm in a cyclic group.

Properties of digital signatures

________ are: 1)Publicly verifiable 2) Transferable 3)Provide non repudiation MACs have none of these properties

A hash function used to protect passwords must be...

collision resistant and preimage resistant.

|n|

e size of n ∈ N is equal to b log^2 (n)c+ 1.3 n is a an element of N

Popular Stream Ciphers

• RC4 used, e.g., to encrypt WiFi communication(WEP, WPA) and SSL/TLS communication Based on linear feedback shift registers: • A5/1 and A5/2 used to encrypt mobile phone (GSM) communication. • Content Scramble System (CSS) encryption used to encrypt Movies on DVDs.

Chaum's Online eCash: Redemption

→IDuser, h(spec)→ →{IDuser, h(spec), c^d mod n}pk(Bank)→ Verify IDuser,h(spec) are recordeed in the encryption that the signature on c is correct that c has not been spent. Record c in a database as spent. ← OK/NOT OK ←


Kaugnay na mga set ng pag-aaral

Anthropology Chp 22: Politics, Power, War, & Peace

View Set

Medical insurance billing chapter 10

View Set

Preposiciones: a, hasta, de, del, en, por...

View Set

Jensen Ch.30: Head-to-Toe Assessment of the Adult

View Set