Information Security - Midterm 1
Bell-LaPadual Model (Categories, Levels)
(A, C) dom (A', C') iff A' <= A and C' is subset of C.
Man-in-the-middle Attack (Name threat.)
(Type: Deception) The intruder reads message from sender and sends versions to recipient.
One-time Pad
- Alice and bob share a random secret bit string k of length n. - Alice wants to send a message m of length n - Encryption: c = bit-wise XOR of m and k - Decryption: m = bit-wise XOR of c and k
HMAC Properties
- Collision resistant - One-way (If attacker knows k, it cannot compute proper HMAC(k, x) even if it sees arbitrary (y, HMAC(k, y)).
What is ACL?
- Columns of access control matrix (Access Control Lists) Ex: file1 : { ( Andy, rx ) ( Betty, rwxo ) ( Charlie, rx ) }
"Random" of the Cryptographic Hash Algorithm
- Each hash value should have about 1/2 the bits on: 0110 1001 0011 - 2 outputs should be uncorrelated, regardless of how closely related the inputs.
Indirection
- Each object has entry in a global object table. - Names in capabilities name the entry, not the object. - To revoke, zap the entry in the table. - Multiple entries for a single object to allow control of different sets of rights and/or groups of users for each object.
Block Cipher (Properties)
- Fixed-length input/output/key - Input size == output size - Secret key cryptographic systems take a reasonable-length key, generate a one-to-one mapping that looks completely random to someone who doesn't know the key. - Key-dependent permutation table
How to revoke access rights when Capability list is used?
- Indirection
Bell-LaPadula Model (Reading Info)
- Information flows up, not down; can't "read up", but can "read down" - Simple Security Condition: L(o) <= L(s) and s has permission to read o
Bell-LaPadula Model (Categories, Reading Info)
- Information flows up, not down; can't "read up", but can "read down" - Simple Security Condition: L(s) dom L(o) and s has permission to read o
Bell-LaPadula Model (Categories, Writing Info)
- Information flows up, not down; can't "write down", but can "write up" - *-Property: L(o) dom L(s) and s has permission to write o
Bell-LaPaula Model (Writing Info)
- Information flows up, now down; can't "write down", but can "write up" - *-Property: L(s) <= L(o) and s has permission to write o
Padding
- Padding must be reversible. - At least 1 byte of padding is added to each message. - You can append 1000...0 or append n bytes each with value n (where n denotes the number of bytes needed to pad)
RSA Key Generation
- Pick 2 large primes p and q - Calculate n = pq (the length of n is the key length) - Compute phi(n) = phi(p)phi(q) = (p-1)(q-1) - Pick an integer e which is relatively prime to phi(n) - Determine d as d = e^(-1) mod phi(n) - Public key: (e, n); Private key: (d, n)
HMAC Authentication
- Receiver receives m, h = HMACk(m) - Receiver computes h' = HMACk(m) over the received message m using his own copy of key k, and compares h' with the received h
What is C-List?
- Rows of access control matrix (Capability Lists) Ex: Andy: { ( file1, rx ) ( file2, r ) ( file3, rwo ) }
Secret Key Crypto vs Public Key Crypto
- Secret Key Crypto: efficient in computation, many keys needed - Public Key Crypto: less keys needed, supporting digital signature, but inefficient in computation.
How to revoke access rights when ACL is used?
- To remove subject's right to file, owner deletes subject's entries from ACL. - To revoke access rights of a subject to all objects, you must delete the subject from all objects' ACLs. - It's easy to revoke all access to an object; however, it is difficult to revoke the subject's access to all objects.
Advantages of RBAC
- When a user joins the system, the system only needs to assign the user to a small number of roles, instead of assigning him to a large number of objects which is costly. - When an object is added to the system, the system only needs to link a small number of roles to the object, instead of linking many subjects to it, which also saves cost.
Know the abbreviation form of ACL in Unix system and its disadvantage.
- rwxrwxrwx (Owner - Group - Rest) - You have 1 class for all users, but actually, you might want to differentiate other users. You want to have fine controls on those users.
List common threats (4).
1. Disclosure 2. Deception 3. Disruption 4. Usurpation
Cryptographic Hash Algorithm (Properties)
1. Given message m, it is easy to compute H(m). 2. One-way: it is computationally hard to compute m from H(m) unless trying all possible values of m. 3. Collision-resistant: Computationally infeasible to find two messages such that H(m1) = H(m2).
The block size and key size of DES
64-bit input block, 64-bit output block, 56-bit key
Cryptographic Hash Algorithm (Definition)
A mathematical transformation that takes arbitrary sized input, and generates a fixed size output (output is random).
Well-formed transaction in Clark-Wilson Model
A series of operations that transition the system from 1 consistent state to another.
Hash Chain (Know the property of hash chain: which direction you can go and which not)
A successive application of cryptographic hash function H to a message m. - H^0(m) = m - H^1(m) = H(m) - H^2(m) = H(H(m)) - H^n(m) = H(..H(m))
Definition: A widely used, standardized symmetric key encryption algorithm.
AES
What is Deception?
Acceptance of false data.
Given an object, what subjects can access it, and how?
Access Control Lists
How do you avoid Man-in-the-Middle attacks with D-H?
Add digital signatures so when Alice sends T(A) to Bob, it is signed with Alice's private key. Once signatures are verified, they are able to compute on the shared secret key.
Public key cryptography
Asymmetric Cryptography - 2 keys per user: private key d and public key e - E: c = Ee(m); D: p = Dd(c)
Detection
Attacks can't be prevented, but can indicate the effectiveness of preventative measures. Goal: Determine that an attack is under way/occurred and report it. Ex. Warning user of 3 incorrect password attempts
Prevention
Attacks will fail. Implementation of mechanisms that users cannot override and trusted to be implemented in a correct, unalterable way. Ex. Passwords
Compare Biba and Clark-Wilson
Biba - No notion of certification rules; trusted subjects ensure actions obey rules - Untrusted data examined before being made trusted Clark-Wilson - Explicit requirements that actions must meet Trusted entity must certify method to upgrade untrusted data (and not certify the data itself)
Given a subject, what objects can it access, and how?
Capability Lists
How does CBC work?
Cipher Block Chaining - Encryption: ci = Ek(mi XOR c(i-1) ), c0 = IV - IV (random) is XOR with M1 and Encrypted to C1. - C1 is XOR with M2 and Encrypted to C2... - IV is transmitted along with ciphertexts. - Decryption: mi = Dk(ci) XOR c(i-1), c0 = IV - C1 is Decrypted and XOR with IV to M1. - C2 is Decrypted and XOR with C1 to M2.
Collision Resistance (Hash)
Computationally infeasible to find 2 messages m1 and m2 such that H(m1) = H(m2).
Bell-LaPadula Model
Confidentiality Policy Security Levels: 1. Top Secret 2. Secret 3. Confidential 4. Unclassified - Levels consist of security clearance L(s); objects have security classification L(o)
Definition: A way of constructing a stream cipher, given a block cipher
Counter mode
Know the key advantage of Counter mode over CBC mode
Counter mode can decrypt an arbitrary block (useful for random access file encryption)
Differences between DAC and MAC.
DAC: - Access policy defined by users. - Users can pass rights to other subjects and programs. MAC: - Access policy defined by system. - Subjects and their programs can't pass rights.
What are some well-known symmetric key cryptography algorithms?
DES, AES
Replay (Threat)
Definition: Eve can reopen a channel to replay older messages because you have Alice's digital signature. This affects the way messages are authenticated.
Discard (Threat)
Definition: Even can block communication to Bob from Alice.
Access Control (Definition)
Determines what rights an entity has over a set of objects. 1. Subject 2. Object 3. Access right
RSA Encryption/Decryption
Encryption: c = m^e mod n Decryption: m = c^d mod n
How does CTR work?
Encryption: ci = Ek(IV + i) XOR mi Decryption: mi = Ek(IV + i) XOR ci
What is origin integrity (authentication)?
Ensure message is from claimed receiver.
(T/F): An attraction of public key cryptography is that, if implemented properly, the algorithm generally runs must faster than those for symmetric key cryptography.
False
(T/F): Properly used, a MAC provides both confidentiality and integrity.
False
Keyed-hash message authentication code (HMAC) (Formula)
HMAC(k, m) = H( k | H( k | m ) ) - Think about the little box within the big box.
Role-based Access Control (RBAC)
Hybrid Policy - Access depends on function or role, not identity - Role, active role, authorized roles
Chinese-Wall Model
Hybrid Policy - Organize entities into "COI" classes - Control subject access to each class - Control writing to all classes to ensure info is not passed along in violation of rules - Allow sanitized data to be viewed by everyone - Objects, company datasets (CD), conflict of interest class (COI) STUDY THE SLIDES
Definition: A value used in symmetric key cryptography to ensure that a new session that transmits the same text as a previous session does not result in identical ciphertext.
IV
Separation of Duty (Clark-Wilson Model)
If 2+ steps are required to perform a critical function, at least 2 different people should perform steps. - Forbids an entity from completing the transaction on its own. Ex: If there is a bug in a program, the bug is most likely better caught with a second pair of eyes separate from the developer. If the programmer wish to intentionally place the bug in the program, the certifier must not detect the bug or must be in league with the programmer.
What stage of the project should security be considered?
In the design phase, and not to an already implemented/deployed system.
Discretionary Access Control
Individual user sets access control mechanism to allow or deny access to an object.
What is data integrity (integrity)?
Information can't be modified by unauthorized parties.
Clark-Wilson Model
Integrity Model - Integrity is defined by constraints - CDIs (constrained data items), UDIs (unconstrained data items), IVPs (integrity verification procedures), TPs (transaction procedures) - Separation of Duty and transactions
Biba Model
Integrity Policy - Subjects, objects, and integrity levels - s can read o iff i(s) <= i(o) - s can write o iff i(o) <= i(s) - s1 can execute s2 iff i(s2) <= i(s1) - Multi-level integrity
What is Disruption?
Interrupting or prevention of correct operation.
One-way property (Hash)
It is computational hard to invert H() - Given H(m), hard to know m unless trying all possible values of m.
Definition: A symmetric-key algorithm for ensuring that a message has not been tampered with.
MAC
What are some well-known hash algorithms (3)?
MD5, SHA-1, SHA-2
Definition: The security goal of ensuring that a communication arrives at the recipient in a form identical to what the sender transmitted.
Message Integrity
Understand the principle of publishing cipher algorithm and keeping keys secret for security.
Most commercial algorithms are published; most military algorithms are not. Essentially, the bad guys will learn your algorithm anyway.
For CBC mode, know whether IV can be a constant and why.
No, because a message change can be observed from ciphertext.
Perfect Forward Secrecy
Prevents someone from deciphering a conversation even if the attacker breaks into both parties after it ends (or if private key is escrowed). - Generate a key for a session that doesn't affect past or future sessions.
In public key cryptography, which keys to use for providing integrity (via digital signature)?
Private Key
How 3DES works
Purpose: expand key size from 56 bits to >80 bits. Encryption: c = EK3( DK2 EK1 (m) ) ) Decryption: m = DK1 ( EK2 ( DK3 (c) ) )
Definition: An algorithm for digitally signing data with a private key such that anyone with possession of the corresponding public key can verify the signature.
RSA
What are some well-known public key cryptography algorithms?
RSA, ECC
Mitigation
Reduce impact of attack.
Recovery
Require resumption of correct operation. Ex. System continues to function correctly during attack.
Definition: A widely used, standardized cryptographic hash function.
SHA256
Symmetric key cryptography
Secret Key Cryptography - Use the same key for enccrypting and decrypting. - E: c = Ek(m); D: p = Dk(c)
What is the relation between security policies and security mechanisms?
Security policies define what is and what isn't allowed (statement of what is, and what is not allowed). Security mechanisms enforce these policies (method, tool, or procedure for enforcing a security policy).
In public key cryptography, which keys to use for providing confidentiality (via encrypting/decrypting)?
Sender's public to encrypt and, receiver's private to decrypt
Diffie-Hellman (Step by Step)
Setup: Alice and Bob agree on a prime number p and a base g (p and g are public). 1. Alice picks a value a ( < p-1 ), and Bob picks a value b ( < p-1 ). 2. Alice computes public key = g ^ a % p. Bob computes public key = g ^ b % p. 3. Alice computes the secret key: k = (TB) ^ a % p = g ^ (ab) % p Alice computes the secret key: k = (TA) ^ b % p = g ^ (ab) % p
RSA Signature Generation/Verification
Sign message with sender's private key: s = m^d mod n Verify with public key: m = s^e mod n
Restrictions on size of message for RSA
Size of the message to be encrypted/signed cannot exceed the size of modulus n.
What happens if you have a small public key e?
Small constant e does not weaken RSA's security, but it makes encryption and signature verification much more efficient.
Requirements for public key component e and private key component d.
Small constant e doesn't weaken RSA's security! It makes encryption and signature verification more efficient; Small private key d is NOT secure!
Mandatory Access Control
System mechanism controls access to object, and individual cannot alter that access.
What is availability?
The ability to use information or resource desired.
What is confidentiality?
The concealment of information of resources; keeping data and resources hidden from unauthorized parties. Ex. File can only be viewed by authorized parties.
Understand CBC‐MAC and why it can work as message authentication code
The last ciphertext block under CBC mode is used as the MAC. Encryption: ci = Ek(mi XOR c(i-1) ), c0 = IV
Understand how key size affects security level.
To increase security, increase the key length.
(T/F): If Alice has a message to send to Bob and she wants to encrypt the message using asymmetric cryptography so that no one other than Bob can read it, she does so by using Bob's public key.
True
What is integrity?
Trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or unauthorized change. 2 types: Data and Origin
Denial of receipt
Type: Deception (2) Definition: False denial that an entity receives some information or message. Countered: Integrity (mechanisms) and Availability (mechanisms)
Repudiation of Origin
Type: Deception (2) Definition: False denial that an entity sent/created something Countered: Integrity (mechanisms)
Modification/Alteration
Type: Deception (2) or Disruption (3) or Usurpation (4) Definition: Unauthorized change of info Ex: Active wiretapping is when data moving across the network is altered. Countered: Integrity
Masquerading/Spoofing
Type: Deception (2) or Usurpation (4) Definition: An impersonation of one entity by another. Ex: Passive (when user doesn't attempt to authenticate but access) or Active (Masquerader issues responses to mislead user) Countered: Integrity (authentication services)
Snooping/Eavesdropping
Type: Disclosure (1) Definition: It is the unauthorized interception of information. Ex: Wiretapping over a monitored network is passive. Countered: Confidentiality
Delay (Threat)
Type: Usurpation (4) Definition: Temporary inhibition of a service.
What is Disclosure?
Unauthorized access to information.
What is Usurpation?
Unauthorized control of some part of a system.
Understand the statistical attack against substitution cipher.
You have 26! possible mappings of of letters, and it takes 1 microsecond to try each mapping would take you 10 trillion years; but using statistical analysis (certain letters and letter combinations are more common than others) easily breaks it. - e, t, a, o are the most common letters.
