Auburn COMP5370 Computer and Network Security Exams 1, 2, 3 material
Overly Complicated Ballots
Misunderstand and no-vote races Misunderstand and double-vote races¡ ...questionably...structured ballots Unclear Intent: circle? check? fill in? etc.
RSA Trapdoor Function
Modular Exponentiation -Multiply a value by itself enough times over a finite field and it becomes itself again -(m^d)^e mod n = m
ARP spoofing/poisoning
More commonly known as ARP poisoning, this involves the MAC (Media Access Control) address of the data being faked. -a set of techniques used to confuse the switch and mis-route traffic. -Malicious actor on local network -Can be used to: --DoS another client --Cause network to thrash --Intercept traffic
Defending against ARP attacks
More intelligent switching -"Sticky" MACs: 1 physical port = 1 MAC addr --once you see an ARP announcement, that physical port is attached to that mac. If the switch sees the MAC change... it will turn off the port -802.1X: Authenticate physical port access -<many more> More intelligent topology -Network partitioning -Reduce the "blast radius" of an attack
Usage: Building Block
Most commonly a component on motherboard Software treats as black-box operations -Hardened interface
Firewall Usage
Most networked devices in 2020 have some sort of built-in firewall -Including most consumer-grade equipment Most, but not all, routers have some sort of coarse-grained traffic management
Firewall Inception
Most networked devices in 2020 have some sort of firewall built-in or readily add-able -Including consumer-grade equipment Most, but not all, routers have some sort of coarse-grained traffic management Most end-devices in 2020 have a built-in firewall via the OS -Linux = iptables, macOS = Firewall, Windows = Firewall - Exception is IoT and embedded devices
Example CPU Instructions
Move a value to a register -mov eax, 0x34 Add a value to a register -add eax, 10 Change execution path -jmp 0x12345678 #can't return -call 0x12345678 #can return -ret #return from call instr. -leave does 2 actions --> mov esp, ebp --> pop ebp
Paper as a Defense (when voting)
Paper is slow and expensive to tally -Verified by voter Memory Card is fast and cheap to tally -Unverified *Move away from DREs
What is one of the most popular forms of authentication?
Passwords -Original and most ubiquitous form of authentication -Relatively weak mechanism -Many well-known and widely exploited problems
Cookies
Third-Party Cookies are mechanism by which websites allow arbitrary actors to track their users across the Internet.
Cipher Block Chaining (CBC)
"A process in which each block of plaintext is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES or AES algorithm." Block of plaintext combined (XOR) with IV goes through block cypher (AES algorithm) and outputs ciphertext. That ciphertext is now the "IV" of the next block. It is combined (XOR) with the next block of plaintext which goes through the block cypher (AES algorithm) outputting a ciphertext. The cycle repeats. -IV is the previous block's CT -Pad last block in a deterministic way --AES-128 (16-byte block) with 24-byte message BAD -why bad? Side Channels CBC mode usually vulnerable to padding oracle attacks due to the difficulty of handling the padded block --Extremely easy to leak internal cipher state --Writing safe software is hard || Writing safe security-related software is really, really hard --Writing safe crypto-software is one of the many reasons we don't roll our own crypto
Replay Attack
"A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network." Mallory makes a copy of Bob's transmission for later use -can send that copied message to Alice anytime (pretending to be Bob) -message/transmission can be valid -this means you don't have sender authenticity
Electoral Systems
"First Past the Post" -Majority-post -Plurality-post Rank-Choice Single-Winner Multi-Winner -Single vote -Multi-vote
Cryptographic Doom Principle
"If you have to perform any cryptographic operation before verifying the MAC on a message you've received, it will somehow inevitably lead to doom"
Degrees of Malware
"Potentially Unwanted Apps" (PUPs) "Potentially Harmful Apps" (PHAs)
Cryptojacking
(sometimes referred to as "crypto-miners" with context) uses victim's resources to generate revenue for controller. -Often injected via JS and run in browser -Miner "pools" make it profitable even with limited computation
Characteristics of TLS Protocol
-Content agnostic -One or both endpoints can be authenticated -Well-studied and iteratively improved --SSL v1, v2, v3 --TLS v1.0, 1.1, 1.2, 1.3 Client -> HTTP -> TLS -> TCP -> Internet (CipherText) Internet(CipherText) <- TCP <- TLS -< HTTP <- Server
Web of Trust
-A decentralized model used for sharing certificates without the need for a centralized CA. -a simple trust model that relies on each user creating and signing their own certificate. -"I know Alice, this is her key Bob! Here ya go!"
Certificate Chaining
-A process that combines all certificates within a trust model. It includes all the certificates in the trust chain from the root CA down to the certificate issued to the end user. --Linking several certificates together to establish trust between all the certificates involved.
SSL Stripping
-A specific type of man-in-the-middle attack against SSL -network-level technique that prevents clients from upgrading to HTTPS by blocking the redirect response. -Mallory sits in the middle of the client and the server and takes the client's HTTP request & blocking the redirect request to HTTPS In order to "strip" the SSL, an attacker intervenes in the redirection of the HTTP to the secure HTTPS protocol and intercepts a request from the user to the server. The attacker will then continue to establish an HTTPS connection between himself and the server, and an unsecured HTTP connection with the user, acting as a "bridge" between them.
Return Oriented Programming (ROP)
-Arbitrary instructions via ROP "gadgets" -IDEA: Return-to-libc w/o functions
Superfish
-Came pre-installed on Lenovo laptops -Was an ad-supported visual search startup -Actively MitM traffic for ad injection -Injected root CA -SAME PRIVATE KEY ON EVERY SINGLE INSTALL
Adaptions to Kerckoff's Principle
-Ciphertext must be realistically secure at a minimum but provably secure if possible. -Implementation shouldn't rely on its own secrecy for to remain secure. -Don't make unrealistic assumptions about the abilities or competence of the humans who use/operate the system. (humans are the weakest link in security) -Key material must be easy to transfer, store, change, and verify. --Static keys are bad (keys used for a long time), Key rotation is good. --Also, knowing that you're using the right key is more important than people realize. -Interoperate with existing infrastructures, topologies, and protocols at higher and lower levels. --Ideally, a system should be 100% transparent to existing infrastructure. --Systems with dependability issues don't get deployed. (Can work over any network protocols, hardware, software, etc.) -Should be generic and reusable across many different hardware and software platforms. --Reusable and re-implementable. --Over customization for a single use-case reduces ability to be leveraged for others
Client Write KEX
-Client generates random secret -Encrypts to server's public key -Server decrypts to recover shared secret instead of sharing, the client picks the key and sends it to the server BAD -removed entirely in TLSv1.3 -it is NOT a forward secret KEX!!! Client -> c = ENCRYPTcert(r) send c Server then does r = DECRYPTpriv(c)
Onion Routing
-Connections transverse "circuit" to destination. Entry Node --> Middle Node(s) --> Exit Node. -Can transverse many or few middle nodes, but default is 3. -Uses telescoping encryption. -Circuits are created and destroyed automatically -Anonymous services are available
How U2F Works (Google)
-Currently, U2F devices are usually small USB devices that you insert in your computer's USB port -When you insert it into your computer's USB port or tap it against your phone, the browser on your computer can communicate with the USB security key using secure encryption technology and provide the correct response that lets you log into a website. -Because this runs as part of the browser itself, this gives you some nice security improvements over typical two-factor authentication -First, the browser checks to ensure it's communicating with the real website using encryption, so users won't be tricked into entering their two-factor codes into fake phishing websites. -Second, the browser sends the code directly to the website, so an attacker sitting in between can't capture the temporary two-factor code and enter it on the real website to gain access to your account
ROP Concepts
-Execute existing code instructions -Each gadget is very small amount of logic -Gadget ends with ret instruction -Wide array of gadgets in normal applications -Can used linked libs for more gadgets & more stable gadgets -Logic is "messy" --Lots of side-effects
4 Good Practices For Users when dealing with Authentication
-High-entropy password generation -Enable MFA wherever possible -Never reuse passwords -Identify and account for pivotable services and credentials
MFA- Push Authentication
-In-context verification via separate channel -Relies on security of device & service -Can be Phished -Can be Stolen maybe (depends on device) Effectiveness- Good, not great ex. Auburn Duo Push (when logging in) ex. someone can have a push sent to your phone to login to your account
MFA- Universal 2nd Factor Authentication (U2F)
-Keypairs generated on the devices -Private key never leaves the device -Challenge-Response protocol to ensure freshness -Internal keypairs -Cannot be Phished -Can be Stolen maybe (depends on config) -Effectiveness= Very Good -Pure Crypto -These tokens can use USB, NFC, or Bluetooth to provide two-factor authentication across a variety of services.
Asymmetric Tradeoffs
-Low cost for attacker to do -High cost for defender to stop/prevent
Credential Pivoting Attack
-Many different services attackers can pivot through --Email, phone, storage, etc Idea: -Use access to service A to obtain access to service B --Gain read-access to email --Request password reset from service --Read reset link/code from email --Use link/code to log into new service
MFA- One Time Code
-Out-of-Band, single-use secret transmission -Usually implemented as SMS or voice call -Can be Phished -Can be Stolen -Effectiveness= Better than Nothing ex. Google 2FA code sent to phone when logging in
MFA- One Time Password
-Password calculated via shared secret --HOTP: secret, counter --TOTP: secret, time -Can be Phished -Can be Stolen (locally) -Effectiveness= Better, not by much (compared to one time code) -HOTP --The first is the secret key, called the "seed", which is known only by the token and the server that validates submitted OTP codes. The second piece of information is the moving factor which, in event-based OTP, is a counter. The counter is stored in the token and on the server. The counter in the token increments when the button on the token is pressed, while the counter on the server is incremented only when an OTP is successfully validated. -TOTP --based on HOTP but where the moving factor is time instead of the counter. TOTP uses time in increments called the timestep, which is usually 30 or 60 seconds. This means that each OTP is valid for the duration of the timestep. ex. Microsoft authentication code that is time based, you only have 30 seconds to input the code before another is generated
Generating Strong Passwords
-Remove the human as much as possible -Automated generation -Physical generation ("diceware") --Roll dice to generate entropy --Use wordlist to improve usability and memorability
What is a Bug? What is a Weakness? What is a Vulnerability? What is an Exploit? What is an Attack?
-Something that fails in unintended ways -A bug that may be able to harm S & P -Weakness that can be intentionally triggered -Way to leverage vulnerability -Intentional exploit for attacker's gain & victim's loss
Poor Client-Side Validation
-Straight up Accidents in validating SSL Certs --code bugs/mess ups -Validating an SSL Cert in a non-browser software --Often, unlike in a browser, there is no user to show a dialog to. "Cert is broken, Proceed: yes/no"
HSTS (HTTP Strict Transport Security)
-Strict Transport Security. -HTTP header indicating always send HTTPS -Prevents downgrade attacks -Protects all sessions after the first -Preload lists can protect the first policy allows web servers to instruct client to always talk HTTPS for a set amount of time. -Sent via HTTP header -Time is n seconds until try HTTP -As long as client can communicate with the server once, will be safe for n seconds ISSUE -Trust on first use mechanism
HTTPS Redirect
-Uses 3XX "redirect" status codes -Instructs the client to try again using the HTTPS protocol instead of HTTP -shows redirect location in the status (from response)
Injected Root CA
-attacker is intentionally man in the middling HTTPS "for security" and injecting their own Root CA into the client's browser If an adversary would be able to inject a root certificate, the victim could be susceptible to eavesdropping or hidden malicious software. Malicious software is checked for by virus scanners, and has to be active on the infected computer. Usually virus scanners do not verify root certificates, because there is no simple way of distinguish a legitimate root certificate from its malicious counterpart.
True Randomness
-cannot be created, can only be measured from external process ("in the wild") -ex. vegas casino -must be measured in secret -is extremely slow and scarce (makes fast computers slow)
Kerckoff's Principle
A cryptosystem should remain secure even if 100% of the system is public-knowledge except the key material.
Pseudo-randomness
-data that mimics randomness but is actually deterministic -starts with little randomness -less trustworthy than true randomness but more achievable than true randomness (b/c computers are very good at doing very tedious things very quickly)
SSL Certificate (Pre 2014)
-enormous pain to deal with. -Incredibly complicated configuration --One mistake and 100% vulnerable -Manually verify with CAs via admin@, hostmaster@, webmaster@, ... addresses -Cost $70 -$400 per year -Start over every time a new TLS vulnerability is found or crypto is broken
Random Data
-unpredictable bits to an attacker without a pattern -any bit has the same chance -> 50% to be 1 or 0 -computers are really bad at randomness
TLS 1.3
-~100ms latency -Single round-trip required by default --May require additional -Able to create connection and pass content with zero round-trips --0RTT
Malware Installed via Exploitation
0-Day Vulnerability -Brand-new to vendor, defenders, and users -Find, exploit, & install N-Day Vulnerability -Patch exists but is not applied to host -Old =!= Ineffective -Google, exploit, & install Perma-Vuln (∞-day) -Worse version of n-day -Will never be patched Password Guessing -Default creds are scary -Repeatedly try until successful or blocked -Gain access & install Drive-by-Download -Clients are largely not arbitrarily accessible -Get client to interact w/attacker & hijack -Get interaction, profile, select, & install
Problems with DREs
1. Attacker infects memory card containing ballot programming files. 2. When officials place the card into the machine, it becomes infected. -AccuVote TS-X can be infected through: ●Unauthenticated software update mechanism; ●Buffer overflows in code that reads ballot design; or ●Interpreted programming language(AccuBasic) used to print result tape. 3. Malware running on the machine can arbitrarily change electronic records and printouts.
2010 D.C. System
100% Compromise with very little effort Acquire administrator credentials Replace all existing ballots Add ballots for voters who didn't vote De-anonymize ballots Hide all evidence in logs *100% REAL-WORLD COMPROMISE*
Linux File Permissions
3 normal permission bits per object (RWX) -Each object has an "owner" and a group -Only owner can change the permissions or group rwx rwx rwx Owner Group Others
2017 Google Phishing Worm
A "wormed" phishing attack via misleading UI and poor defenses Clicking link to you to a real Google Doc Granting permissions gave access to email
What is a Hash Collision?
A Hash Collision Attack is an attempt to find two input strings of a hash function that produce the same hash result. Because hash functions have infinite input length and a predefined output length, there is inevitably going to be the possibility of two different inputs that produce the same output hash. If two separate inputs produce the same hash output, it is called a collision
AES (Advanced Encryption Standard)
A block cypher created in the late 1990s that uses a 128-bit block size and a 128-, 129-, or 256-bit key size. -Bigger key == same algorithm with more rounds Good to use AES256- approved by CNSA -replaces DES -invertible s-boxes (obscures key from ciphertext) --same used for both encrypt & decrypt, this is why its invertible because it can be used to encrypt & reversed to decrypt
Trusted Platform Module (TPM)
A chip on the motherboard of the computer that provides cryptographic services. OR is additional built-in, self-contained ASIC that provides a central "root of trust" for a device.
Trusted Computing Base (TCB)
A collection of all the hardware, software, and firmware components within a system that provide security and enforce the system's security policy. OR is the collection of all components within a system critical to providing security properties.
Hardware Security Module (HSM)
A device that can safely store and manage encryption keys. This can be used in servers, data transmission, protecting log files, etc. OR a special-purpose add-on component that securely stores cryptographic keys and performs cryptographic operations. -High-performance operations -Restricted logic --Most commonly used for signing operations -Commonly available "in the cloud" for use with AWS/GCP/...
Certificate Transparency
A fix to Root CA leak -When issued, domain --> fingerprint published --Browsers require inclusion in multiple DBs -Allows real-time and historical monitoring -List of what Root CA signed what & when 3 Goals: 1. Make it impossible (or at least very difficult) for a CA to issue a SSL certificate for a domain without the certificate being visible to the owner of that domain. 2. Provide an open auditing and monitoring system that lets any domain owner or CA determine whether certificates have been mistakenly or maliciously issued. 3. Protect users (as much as possible) from being duped by certificates that were mistakenly or maliciously issued."
Trapdoor Function
A function that is easy to compute in one direction, yet believed to be difficult to compute in the opposite direction (finding its inverse) -can be inverted only with knowledge of private key F(pk, m) = v -> computationally easy F^-1(sk, v) = m -> computationally easy F^-1(v) = m -> computationally difficult
The Onion Routing (Tor) Network
A privacy- and anonymity-centic, volunteer-run communications network. -Started by DoD's Naval Research Lab. -"Low-latency" overlay network. -Used by both "good" and "bad" actors (researchers, intelligence agents, regular people, activists, and journalists but also drug dealers, pedophiles, and terrorists).
CPU Registers (32 bit)
General Purpose Registers -EAX, EBX, ECX, EDX Semi-General Purpose Registers -EDI, ESI Special Purpose Registers: -EIP, ESP, EBP
URL (Uniform Resource Locator)
A location or address identifying where documents can be found on the Internet; a Web address -A way of encoding an enormous amount of data in machine handle-able way -Sometimes called "Universal Resource Identifiers" (URIs) -encode all the info the web needs in one string -protocol, location, etc.
What is a secure channel & what 3 properties must it have?
A secure channel is a mechanism for which Alice & Bob can communicate securely. It must have: Confidentiality Message Integrity Send Authenticity
Cross-Site Request Forgery (CSRF)
A method of attacking a system by sending malicious input to the system and relying upon the parsers and execution elements to perform the requested actions, thus instantiating the attack. XSRF exploits the trust a site has in the user's browser. OR a class of attacks that extends XSS to maliciously use client-side credentials. -XSS which makes requests from the client's browser to an authenticated API
Galois/Counter Mode (GCM)
A mode that starts with CTR mode, but adds a special data type known as a Galois field to add integrity. GOOD-- (problem if key-unique IV was ever compromised) -CTR mode with built-in integrity checking -Key-unique IV -Relatively new but is being adopted widely --2007 NIST approval -Makes protocols much easier to implement Like in CTR, blocks are numbered sequentially, and then this block number is combined with an IV and encrypted with a block cipher E, usually AES. The result of this encryption is then XORed with the plaintext to produce the ciphertext --like other counter modes, its essentially a stream cipher
Security Archetype
A named actor that is used as a representative of a nuanced actor and their capabilities/intentions Ex. "foo", "bar", "baz" ... also Alice, Bob, Mallory, Eve
Cipher Suite
A named combination of the encryption, authentication, and message authentication code (MAC) algorithms that are used with SSL and TLS. ex. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Spear Phishing
A phishing attack that targets only specific users. OR an expansion of standard phishing techniques which is custom-built for specific people. -Relies on knowledge of the victim -Is crafted for the best-possible chance of the victim falling for it
Virus
A piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data OR type of malware that copies itself to other local applications. -A single bad-app creates many bad-apps -Often have the ability to "mutate" own code to be harder to detect --Polymorphic: Uses encrypted payload and each copy generates a new key --Metamorphic: Rewrites self each time it replicates but maintains all functionality
Principle of Least Privilege
A security discipline that requires that a particular user, system, or application be given no more privilege than necessary to perform its function or job. OR access to data & resources is limited those who need for routine, authorized purposes. -Specific apps can only start w/ specific users
TLS (Transport Layer Security)
A security protocol that uses certificates and public key cryptography for mutual authentication and data encryption over a TCP/IP connection. Used to protect most of the common Internet protocols -HTTP --> HTTPS -FTP --> FTPS SMTP --> SMTPS -Some VPNs -Many, many more -SSH uses its own, unrelated protocol
Rootkit
A set of software tools used by an attacker to hide the actions or presence of other types of malicious software. OR program that hides in a computer and allows someone from a remote location to take full control of the computer OR a type of malware that strives to hide itself and other various components. -Hook system calls to: --Remove certain results --Add certain results -Persistence and stealth are the hallmarks
Side-Channels
A side-channel is anything A) measurable by an ignorant actor and B) dependent on otherwise unknown information. Side-channels are not required to be perfect nor straight-forward = Is Toomer's Corner rolled after the game? = Is person happy or sad when leaving exam? Types: Timing Cache Heat Power Sound Error-code RF-Emissions Heap-allocation SSH Password Side-Channels Keystrokes to log-in Word-length Inter-key timing Packet timing Packet timing via light
Message Authentication Code (MAC)
A small block of data that is generated using a secret key and then appended to the message. This attempts to provide message integrity -a tag = a short piece of information used to authenticate a message in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed
IDS (Intrusion Detection System)
A software and/ or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress. "network monitoring component that is able to watch for signs of maliciousness." Capable of granular and complex rules -Beyond L2/L3 (IP/TCP) headers -"Deep Packet Inspection" (DPI) Capable of pattern/regex matching Capable of searching for multi-flow patterns
Virtual Machines
A software implementation of a computer system, allowing one physical computer to run several "virtual computers", each with their own independent operating system and application software. Completely separate OS installations -Similar to dual-boot but simultaneous A "hypervisor" coordinates hardware access OSes are isolated (Linux VM on Windows)
Adware
A software program that delivers advertising content in a manner that is unexpected and unwanted by the user. OR software that interferes with standard advertising to generate revenue for the malware's controller.
Push & Pop
Add elements: push instruction -push 0x00000000 #adds 4 null-bytes on top (of stack) -push eax #copies adds EAX register value on top (of stack) Remove elements: pop XXXinstructions -pop eax #stores removed value in EAX register and de-allocates 4-bytes push 0x0a push 0x6c push 0xff pop eax #0xff pop eax #0x6c push 0x88 push eax #0x6c
Fuzzing
A technique used to discover flaws and vulnerabilities in software. OR a technique of penetration testing that can include providing unexpected values as input to an application to make it crash -Automatically generate and test inputs --Random, patterns, mutations, etc -Process input and see if program crashed --If so, input as something to be investigated --If not, try again -Code coverage measurements used to explore different generation paths
Three-Way Handshake
A three-step process in which Transport layer protocols establish a connection between nodes. The three steps are: -Node A issues a SYN packet to node B -node B responds with SYN-ACK -then node A responds with ACK.
Tracking Pixel
A transparent image that provides information about a specific user. For instance, can send a signal once a user has opened a specific email.
Spyware
A type of Malware that locates and saves data from users without them knowing about it. OR software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive. OR type of malware that provides remote access to local information such as activity, sensors, and other information. -Key loggers, screen captures, data exfiltration, GPS/microphone/camera data -Some examples are obvious base on their by their users and capabilities --Law Enforcement --Intelligence Orgs --...the like... -Often sold openly -Sometimes used in less-than-ideal situations
Security CPU Instructions
AES-NI -Perform specific AES operation in HW --Encrypt/Decrypt round --Generate round key RDRAND -Read random value from HW and store in given register
Malware Installed via Third Party
Added to benign SW by developer -Leverage existing userbase & trust -Change of control -Explicitly for Revenue Added by attacker via supply-chain access -Unknown to developer -External dependencies -Distribution mechanism "Owner" adds for compliance/policy -Bossware, mobile device management (MDM) -Proctoring Software? Preinstalled w/ device -May not be obvious -May be force-installed
Completely Secure Channel
Alice -->g^a, sig keyshare (keyshare = g^a mod p) Bob <--g^b, sig keyshare (keyshare = g^b mod p) Alice -->AES256_GCM_SIV(g^ba, What's 1+1? Include the bytes ABCD), IV, sig IV ||CT Bob <-- AES256_GCM_SIV(g^ab, ABCD || 2), IV, sig IV || CT Alice needs Bob's public key to verify Signature & vice versa
Security Archetypes used in this course
Alice & Bob - passive, send messages back and forth Eve - passive, malicious actor who can read messages; however, cannot modify, delay, discard, etc Mallory - active, malicious actor who can read, modify, delay, discard messages. Man in the middle attack
Merkle Trees
Allow a large number of arbitrary, unrelated elements to be validated in a structured way. Iterative hashing of values Distribute Merkle Root for integrity checking Structure allows use of efficient Inclusion Proofs That's 80% of Cryptocurrency FX "ledger" or 'blockchain" — Merkle tree "transaction" — leaf-nodes of Merkle tree "proof of work" — solve via brute-force: root(current) || nonce = root(next) W/hardness "hardness" — restrictions on root(next)
Enclave Logic
Allow arbitrary logic from developers Extremely small TEE standard library Statically compile against TEE standard library & dependencies
Rowhammer
Allows arbitrary process to flip bits in memory
HTTPS (Hypertext Transfer Protocol Secure)
An encrypted version of HTTP. (It uses port 443) Solution to HTTP -HTTP inside of TLS -Often incorrectly called "SSL" (really old version) -Various "upgrade" mechanisms
IPS (Intrusion Prevention System)
An active, inline security device that monitors suspicious network and/ or system traffic and reacts in real time to block it Also called a Network Intrusion Prevention System (NIPS). type of IDS which is able to actively block maliciousness when found -Capable of granular and complex rules --Beyond L2/L3 (IP/TCP) headers --"Deep Packet Inspection" (DPI) -Capable of pattern/regex matching -Capable of searching for multi-flow patterns
Elliptic Curve Cryptography (ECC)
An algorithm that uses elliptic curves instead of prime numbers to compute keys. -public-key scheme that provides the same operations via a different mechanism. -Widely used curves are named and their names may/may not be meaningful
Amplification Attack
An attack instigated using small, simple requests that trigger very large responses from the target. DNS, NTP, ICMP, and SNMP lend themselves to being used in these kinds of attacks. -An attack that increases the amount of bandwidth sent to a victim. OR type of reflection attacks where the victim receives more traffic than the attacker sends. -Obvious asymmetry -DNS is a common vector for them --Request: 10s of bytes --Response: 100s of bytes
Phishing
An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information OR an attack technique which attempts to trick the user into willingly surrendering information
Port Scanning
An attack were an attacker scans your systems to see which ports are listening in an attempt to find a way to gain unauthorized access OR reconnaissance technique that is used by attackers to gain information to aid them in their attacks
Distributed Denial of Service (DDoS)
An attack where a firm's computer systems are flooded with thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site's use. DDoS attacks are often performed via botnets. OR An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests. OR is a type of DoS attack where the "source" of the attack is distributed across the Internet. -Often accomplished via botnets -Each bot under the attacker's control contributes negligible amount of traffic but the sum is non-negligible
Concept of Freshness in Communication
An important aspect of S&P is ensuring not only sender authenticity, but also freshness of the messages being exchanged Knowing who you're talking with Knowing when you're talking with them (Making sure you aren't a victim of a replay attack) *add nonce
Anti-Virus
Anti-Virus and "host-based defense systems" are very ... complicated... Good-They can quarantine and alert you when there's known malware. Maybe-They can only tell you about known malware and the naïve versions Bad-They love to quarantine dev-tools and are incredibly privacy-invasive Worse-They have to touch everything
Hash Function
Any function that can be used to map data of arbitrary size to fixed-size values. H(x) = y Function[H] that is 100% public & deterministic Input[x] with arbitrary length Output[y] - fixed-length "digest" The values returned by a hash function are called hash values, hash codes, digests, or simply hashes
Vulnerabilities are Inevitable
Any non-trivial software will have bugs Some non-zero percent are controllable Some non-zero percent are exploitable Humans can be the vulnerability
TEE Operation
App loads enclave blob via OS driver App can make function calls into the enclave Enclave executes outside the influence of OS, apps, etc
TCP/IP Model
Application (Message to Transit), Transport(Make it Cohesive), Internet(Get to Final Destination), Link(Get to Next Hop) The TCP/IP Model is way of thinking about and conceptualizing the various protocols used in network communications. -Reduced "OSI Model" -Specifics differ greatly based on the source, time, and writer -Is NOT a perfect representation of the real-thing
Short-Cutting TCB with TEEs
Applications, OS, network, cloud, etc removed from TCB Enclave-to-enclave secure channels are available DoS attacks prevalent but known
"Turtles All The Way Down"
Attack surface is exponentially larger b/c malicious lower-levels Level N bug means levels >=N are untrustworthy Bugs and vulns mimic each other due to abstraction
RC4 stream cipher
BAD -Extremely fast PRNG (originally a "trade secret") -why bad? biased output at beginning & after few GBs It is used to encrypt the data as it is transmitted through the air.
Ballot Secrecy
Ballot Secrecy means that a vote can not be meaningfully attributed to a voter by anyone. Weak Secrecy - Can't correlate vote + voter Strong Secrecy - Can't sell vote reliably
DRE Systems
Ballots are recorded via the device Ballots are stored on the devices At the end, of the election, output the device's tally and add *DREs are just old computers
AWS EC2
Bash Environment SSH protocol design SSH app architecture SSH app logic Crypto math Crypto impl. TCP protocol design TCP implementation OS implementation HW components SoC design/impl. CPU design/arch Silicon traces
DES (Data Encryption Standard)
Block Cipher A shared-key encryption algorithm that uses a 56-bit encryption key to encode data in 64-bit blocks. BAD -1977 -Standardized by NIST -Software implementation is very slow -Often implemented in hardware -why bad? 1998 -EFF DES Cracker built (brute force attack on key) PS before it was broken, 1990 -Differential cryptanalysis discovered -General technique against block ciphers
Branch Prediction
BranchPredictionisa formofspeculativeexecutionusedbyCPUstoimproveperformancebypre-executinginstructions.Basedonmanythingsbutmoststraight-forwardisthelasttimeitran thecodeIfpredictright:freeexecutiontimeIfpredictwrong:abandonandignore=Keepstrackofwhatvaluesdependon check
What would be examples of "low hanging fruit" when attacking?
Brute Force Enter and Stay Ask for access
Cyber-kneecapping: Bug-doors
Bug-doors are an especially scary type of back door in software implementation that grants access to anyone who knows of them Intentionally added errors Easily attributed to benign mistake Impossible to attribute to a malicious actor
HTTP details
CLIENT -Methods (often referred to as "verbs") -GET: Fetch content from a web server -POST: Send content to a web server -others exist but are largely used in similar ways in 2020 SERVER -Passes information via a "body" and arbitrary "headers" describing the body -CR/LF ("\r\n") separated key-value pairs
Censorship Avoidance
Censorship avoidance is intentionally designing, building, using, and maintaining systems whose goal is explicitly to give users ability to bypass local censorship. Attempts to modify the censor's trade-off =Increase the negative impacts of blocking =Decrease the user-effort to avoid
Censorship
Censorship is the suppression of access to information that is deemed harmful for the perceived advancement of the greater good. Can be performed by many parties Governments censor citizen-access Companies censore mployee-access Corporations censor customer-access Schools censor student-access User-Side Compliance: Software installed on user device to block content Infrastructure Compliance: Require ISP and telco-providers to censor traffic = Censor creates requirements and delegates responsibility to enforce Solution: Manually configure DNS to non-censored server directly Retaliation: DNS injection Retaliation solution: Wrap DNS in TLS channel
Usage: Attestation
Challenge-Response protocol using keys Allows 3rd parties to verify device state Often registered at the factory -May use CA-like chain -May be unique values
CSRF Example
Client (POST) -> Login: username & password cookie: name=BankAuth, value= 39f2097fasc <- Server Client (GET) -> Accounts: , Cookie (tries to access account, sends cookie back) <- Server Client (POST) -> Transfer (makes a transfer, sends cookie with) <- Server
Sender Authenticity
Messages can't be created by a non-1st party (1P)
Cryptographic Hash Function Resistances (assumed hardness)
Collision Resistance- it is hard to find x1 & x2 such that H(x1) == H(x2) Preimage Resistance- Given H(x), hard to find x 2nd Preimage Resistance- Given x1, it is hard to find x2 such that H(x1) == H(x2) Change Propogation- Small input changes make big output changes
Ballot Marking Device
Combination of DRE and optical-scan -Vote via electronics -Print ballot for voter Ballot is paper Ballot is scanned into completely separate device for tally Problem: Voters implicitly trust BMDs, voters need to check their ballots *Computers can be hacked
Contact Chaining
Contact Chaining is a technique in which digital metadata allows recovery of social-graph Useful in locating cliques and hidden members of groups =Alice, Bob, Charlie call eachother a lot
Safe Finite-Field DH Parameters
Correctly generated 2048-bit group -Thought to be safe -Widely used in the real-world Correctly generated 3072-bit group -Thought to be safe -Relatively rare in the real-world -CNSA approved
Safe RSA Parameters
Correctly generated 2048-bit parameters (modulus n size) -Thought to be safe -Widely used in the real-world Correctly generated 3072-bit parameters (modulus n size) -Thought to be safe -Relatively rare in the real-world -CNSA approved
Other Important Properties
Cost Effectiveness Accessibility Convenience Intelligibility
Access Control Policy
Create a logical representation of who has access to what file. -Enumerate users -Enumerate files -Give specific users specific access to specific files -Default: no-access
What should you implement in a system design?
Create a system that is capable of being defended. Maintain the mechanism for defending it. Train & Educate in order to reduce the overall burden on non-malicious actors
Deep Packet Inspection (DPI)
Deep Packet Inspection (DPI) is a network monitoring component that is able to watch for signs of deemed-harmful content. DPI is an IDS specifically for censorship Use VPN to defeat
Cipher Mode
Defined method that determines how a plaintext block is input and changed to produce ciphertext. Examples include: Electronic Code Book (ECB) mode, Cipher Block Chaining (CBC) mode, and more. -a way to use a fixed-size block cipher with arbitrary-sized data -AES-256 is using the 256-bit key -Not needed for stream ciphers b/c XOR the message-length number of bytes
Usefulness of the TCP/IP Model
Delegate responsibilities Spiral development cycle Improved interoperability Tractable mental model
Online Attacker Motivations?
Different attackers use different attacks in order to achieve their goal. -Passive eavesdropping isn't very useful for standard attackers -DoS isn't very useful for stealing credit card and/or social security numbers -Reconnaissance is hard and takes a lot of skill to do correctly
Differential Privacy
Differential Privacy is a technique in which a data set can contain partially incorrect data on an individual but it is simultaneously: Guaranteed to be correct as-a-whole Impossible to attribute to an individual
Metadata
Digital meta data is any information about a digital artifact/object but is explicitly not the artifact/object itself.
RSA Cryptosystem
Discovered in 1973 by Clifford Cocks Published in 1978 by Ron Rivest, Adi Shamir, and Leonard Adleman First public key cryptosystem-asymmetric Generate two large primes p & q -Calculate modulus n from p & q (n = p * q) -Select relatively prime public exponent e (Usually 3 or 65,537) -Find a private exponent d so that (e * d) mod lcm((p-1) * (q-1)) = 1 -Priv-Key = (d, n) && Pub-Key = (e, n)
Diffie-Hellman's security is based off of 2 Mathematical Assumptions
Discrete Logarithm Problem -Given g^a mod p, it is hard to find a Decisional Discrete Logarithm Problem -Given g^a mod p && g^b mod p, it is hard to find g^ab mod p
What are potential options when defending a system?
Do Nothing Complete Overhaul Defense in Depth
Domain Fronting
Domain Fronting is a censorship avoidance technique which relies on protocol implementations being independent.
What's rule number 1 of Cryptography?
Don't roll your own crypto There are experts that do this for a living, it is not something you can just pick up on and do yourself over night. It isn't reliable unless an expert created it and other experts reviewed it.
How to Prevent Content Injection
Don't use user-provided data...ever -Create/store server-side and give client DB key Protected data stored client-side with a server-only secret used to validate -AES-GCM(keyserver-only, "Bob") -"Bob" + HMAC(keyserver-only, "Bob") Validate *everything*about client supplied data every time you touch it -re.search("^[a-zA-Z]{2,}]$", data)
Dark Patterns
Done out in the open. Manipulate the user. Example: Link to sign up for email notifications to receive a 15% off coupon and the "no" option says "I'd rather pay full price... :'("
Availability
Endpoints and/or data can always be accessed by authorized parties
Confidentiality
Messages can't be read by a 3rd party (3P)
Browser Fingerprinting
Each browser keeps some information about the elements it encounters on a given webpage to differentiate between users. For instance, a browser will keep information on a text font so that the next time that font is encountered on a webpage, the information can be reproduced more easily. Because each of these saved elements have been accessed at different times and in different orders, each instance of a browser is to some extent unique. Tracking users using this kind of technology continues to become more prevalent.
Desired Attributes of a MAC
Easy to compute and verify for Alice & Bob Hard for not-Alice/-Bob to create Doesn't grow with message length
Election Availability
Election Availability is that the system is available when needed and performs reasonably. Accepts Votes - Not overly burdensome Timely Results - Waiting months is not ideal
Election Integrity
Election Integrity is the property that the outcome matches voter intent. Cast as Intended - Choice, Competence Counted as Cast - Didn't get changed/ignored
TEE Application
Enclave logic is compiled and signed with enclave key Enclave blob compiled into application binary Application binary behaves as normal
Virtual Private Network (VPN)
Encrypt all content from self to cloud =Protection against local actors only =VPN service sees all traffic and can act Known instances of some being malicious
Example: Sealed Data
Encrypt data such that it can only be decrypted by self Arbitrary logic based on internal state and sealed metadata -Creation date -Version number
Toolbox of Exploitation Techniques
Every vulnerability is different -Some are not exploitable at all Sometime it takes multiple bugs to create a working exploit ("Bug Chains") -Buffer over-read (get canary) + Buffer overflow (exploit)
Local TCB
Everything needed to run the application safely Each layer relies on the layers below it to behave correctly Debugging difficulty going down the stack
Evil Maid Attacks
EvilMaidAttackiswhereanattackergainsphysicalaccesstothetarget'sdeviceforlongenoughtogainaccess,exploit,orotherwiseleveragethatphysicalaccess.ImagestorageforfutureforensicsCompletelyreplaceandproxyinteractionInstallfirmware-levelmalwareInstall/replaceHWwithcustomaccess
Anonymized Data
Ex: Post months of search queries but erase user identities, but can piece together who someone is based on what they're searching.
De-Identified Data
Ex: Publish pick-up/drop-off locations of cabs, hashes of taxi IDs, number of passengers.
Cryptography
Extremely high Math Fundamental aspect of S & P (security & privacy) A tool to have when making a secure system
Phase 3: Authenticate & Verify
GOAL: Ensure that: -Endpoints are who they claim to be -Both endpoint saw the same transcript Client authentication is optional in the TLS protocol Hash/sign handshake messages sign key exchange -good b/c only you have priv-key to sign with & they can verify with pub-key
GDPR
General Data Protection Regulation EU-only
Access Control Model
Formal Models -Discretionary Access Control (DAC) -Mandatory Access Control (MAC) -Role-based Access Control (RBAC) -Bell-LaPadula -<many, many more> The real-world is a mixture of all. Subjects- Users Permissions- Read/Write Objects- "Files"(data, binary, device) | Hierarchies- (multiple files)
Phase 2: Shared Secret
GOAL: Create a shared secret known only to endpoints Derive session keys used for content protection Options: -Diffie-Hellman -Client-Write
Phase 1: Parameter Negotiation
GOAL: Determine how endpoints will communicate -Symmetric Cipher -Signature Algorithm -KEX method Arbitrary extensions -Many are generic -Some are specific to underlying protocol Client -> Support Params (Client Hello gives cipher suites) Selected Params <- Server (Server Hello gives the selected cipher suite)
Length Extension Attack
Given a message we can compute the hash for a longer message. The vulnerable hashing functions work by -taking the input message -use it to transform an internal state. -After all of the input has been processed, the hash digest is generated by outputting the internal state of the function. It is possible to reconstruct the internal state from the hash digest, which can then be used to process the new data. In this way, one may extend the message and compute the hash that is a valid signature for the new message. an attacker can use Hash(message1) and the length of message1 to calculate Hash(message1 ‖ message2) for an attacker-controlled message2, without needing to know the content of message1.
Integer Overflow
Going past the integer's range by adding to the maximum, or subtracting from the minimum OR When arithmetic operations attempt to create a numeric value that is too big for the available memory space. OR A condition that occurs when a very large integer exceeds its storage capacity -Buffer Overflows usually rely on unsafe functions (gets(), strcpy(), etc) -Best Practice is to track size and compare -IDEA: Math tricks to avoid size checks
HSTS Preload
HSTS Preload is another patch for HTTP where the browser consults a list of domains to always talk HTTPS to. (way around trust on first use mechanism) -Any website can be added to list @ hstspreload.org -Can't be easily reverted if added --don't break certificate ... if you do and you use HSTS then you pretty much just told every they can't communicate with you (b/c can only use HSTS if you have a valid cert)
HMAC
Hashed Message Authentication Code Cannot use SHA256 with MAC b/c it is easy for 3P to create ... use HMAC instead Function[HMAC] - Slight modification of a standard hash function Key[k] - Is a secret only known to 1P actors Input[x] - Arbitrary length data Output[y] - Fixed-length "digest" HMAC(k,x) = y Any Hash can be turned into an HMAC using a simple construction HMAC-SHA256 == HMAC using SHA-256 Using an HMAC-SHA256 with your message can give you message integrity, 3P cannot create it or get the key used - HMAC-SHA256(key,m)
Diffie-Hellman recap
How Finite-Field DH Works: Each actor selects a secret (a,b) =» Create/Send "keyshares" based on secret =Use secret and others' key share to create a shared secret only known to actors DH's security is based on the hardness of two mathematical problems: Discrete Logarithm Problem = Given g^x mod P, hard to find x. Decisional Discrete Logarithm Problem = given g^a mod p and g^b mod p, it is hard to find g^ab mod p Safe Finite-Field DH Parameters =Correctly generated 2048-bit group -- Thought to be safe. Widely used in the real-world =Correctly generated 3072-bit group -- Thought to be safe. Relatively rare in the real-world. CNSA approved
Buffer Over-Read
Humans are bad at safely extracting data from buffers similar to being bad at safely inserting data into buffers Buffer overflow bugs in reverse IDEA: Read off the end of a buffer
Public Key Crypto Example
If a teacher wants our HW encrypted to send to him, he will give his public key. We encrypt our HW with his public key and send it. The teacher decrypts it with his private key (only way). -he and only he has his private key When he sends back the HW, he signs it using his private key and we can verify it with the public key.
Compromised Root CA - The Harm
If an attacker has a Root CA, they can sign anything & the web automatically trusts whatever they signed -ex. DigiNotar Hack --They got hacked, private key got stolen, hacker made their own certificates for whatever & people's browsers automatically trusted them. --How to fix? --revoke their CA .... now everything they signed is invalid ... what a pain .... clients now have to update their browser to know that the CA is invalid (this means it could take weeks or longer to fix a Root CA leak)
Access Control Mechanism
Implement the policy in the real-world. -Users assigned user id -Users can masquerade as other users ¡Users assigned to groups for simplicity (logic/mgmt) -Groups are meta-users in some but not all aspects
Data Encapsulation
In networking, encapsulation is a method of designing modular communication protocols in which logically separate functions in the network are abstracted from their underlying structures by inclusion or information hiding within higher level objects.
DNS Request
In the Domain Name System (DNS), a message sent by a DNS client to a DNS server, listing a hostname or fully qualified domain name (FQDN), asking the server to discover and reply with the IP address associated with that hostname or FQDN.
TMP Internals
Includes suite of crypto primitives -RNG -Algorithm implementations -Secure storage Arbitrary control logic -Timers, persistent counters, etc
Security of RSA based off 2 Mathematical Assumptions
Integer Factorization Problem -Given n, it is hard to recover p & q RSA Problem -Given only the pub-key, it is hard to perform a priv-key operation
Natural Entropy
Internal state is rarely 100% predictable -Call depth moves stack frames -Compilers aren't 100% clones of each other
Voting Systems
Internet Voting Direct Recording Electronic (DRE) Optical Scan Punch/Chad Mechanical -Brass Ball Drop -Tokens/"Stones in Jars" -Levers/Buttons/Analogs
2 Parts to Public Key Cryptography
Key Generation Algorithm Trapdoor Function
Why would you use ECC?
Keys are significantly smaller -256-bit vs. 3072-bit for 128-bit security Signatures are significantly smaller Attacks against ECC aren't as mature as those against RSA -"as mature", eventually more and more people will attack it and come up with newer and faster attacks for it Significantly faster than RSA
/dev/urandom /dev/random
Kinda random source of bytes always generates data even if they're not really random really fast really random source of bytes blocks if it cannot safely generate (really random) data at current time
SSL Certificate (Post 2014)
LET'S ENCRYPT -Let's Encrypt is an automated service that issues browser-trusted SSL certificates based on proof-of-ownership of the domain. -Run a couple of bash commands -Cost $0 and takes 5-minutes total -NO REASON FOR A WEBSITE NOT TO BE HTTPS Also have Caddy or Caddy 2 -sets up SSL cert, TLS config, website, etc.
Should We Vote Online?
LOL No. At this time, safe, secure, and trustworthy Internet voting system is out of reach given the current technology and science. -Too many unsolved CS problems -Too many unsolved security problems -Unknown long-term cryptographic promises -Many of the problems with known solutions rely on technical experts' assertions --"you trust us don't you?"
Cyber-kneecapping: Legal restrictions
Legal restrictions are a mechanism to ensure that nation-states have low-cost access to cryptographic defeats. Many different ways of writing the law Has trended towards the "nerd harder" variety as opposed to the prescriptive EXPORT control-style
Process Isolation
Logical control that attempts to prevent one process from interfering with another. OR A form of data hiding which protects running threads of execution from using each other's memory Isolated memory via virtual memory Managed via OS scheduler Extremely efficient but very little protection
CPU instructions
Low-level commands passed to CPU Carried out via physical gates -AND, OR, NOT, etc -Latches, Counters, Adders, etc
Malware Distribution
Malware is distributed via almost every imaginable technique and vector. -Installed via Exploitation -Installed via Third Party -Installed via User
Message Integrity
Messages can't be unknowingly modified by 3P
Unsafe libc Functions
Many commonly-used functions are nearly impossible to use safely (no dest length) -strcpy(char *dest, const char *src) -strcat(char *dest, const char *src) -gets(char *s) -scanf(const char *format, ... )
Merkle-Damgård
Many hash functions use this type of construction - Break message into constant-size blocks - Static internal-state and output size - Pad the last block block-length used to build Collision resistance hash functions
Why is Public Key Cryptography Useful?
Many-to-1 encryption -Encrypt with the public key -Decrypt with the private key Digital Signature
Common Hash Functions
Md5- bad/broken (can collide easily) Sha1- bad/broken (can collide with some effort) Sha2- will break eventually Sha256- widely used, still relatively safe Sha384- CNSA approved
Data v Code Clarity
No execute bit (NX bit) -Hardware support for marking non-code pages Data Execution Prevention (DEP) -Windows OS-level implementation Write XOR Execute (W^X) -Read/write (stack/heap) -Executable (.text/code segments) IDEA: Know what's code & what's data
Side Channel
Non-Intrusive Attack that uses information (timing, power consumption) that has been gathered to uncover sensitive data or processing functions. Often tries to figure out how a component works without trying to compromise any type of flaw or weakness. -uses internal state
Stack Canaries
Non-executable segments defends against shellcode in data segments Doesn't defend against the root problem -Ability to modify the return address IDEA: If defender can't prevent buffer overwrites, at least fail-safe when they happen.
Port Scan to Explore
Once you find a host, what is that host servicing itself?
Ways for key distribution and the Issues
Out-of-Band- "something else handles it" --ex. calling someone over the phone & reading out your key to them or mailing your key to them or even meeting up IRL and exchanging them Relayed introductions- very sketchy, Alice got Bob's key from Bob then proceeds to give that key to Charlie --smaller scope of out-of-band distribution --If Charlie talks to Bob, Bob won't know it's charlie --Also, if Alice gives the wrong key then Charlie wouldn't know if he is talking to Bob or not Unpredictable needs are unpredictable- Bob and Charlie don't know they need to talk (Charlie got the key from Alice) Managing keys is an enormous pain and easy to mess-up -if I have a phone with a key and I give that to all of my friends, but one day I drop my phone and it breaks... I get a new phone but now I have to restart and re-distribute my key to all my friends
Out-of-order execution
Out-of-OrderExecutioniswhenthingsaren'tactuallyexecutedinalogicalorder.Compilersre-arrangewhenvaluesareloadedtoshareacrosscode-pathsCPUpipelinesre-arrangeinstructionstominimizeL1-3cachevs.RAMlatencyAsingleCPUcorewillexecuteinstructionsconcurrentlytouseinternalcomponentsatfull-capacity
Air Gap Hardware
Physically separated systems/networks No logical interaction across boundary Physical data transfer across boundary
What are four problems when dealing with passwords?
Poor Entropy -humans are the weakest link ... they are so bad at randomness --commonly used passwords, reusing passwords, patterns (incrementing numbers, repeated words, etc) Phishing -humans are poor choices in character --Users predictably give passwords to attackers without knowing they did so Reuse -Humans reuse passwords due to relatively small storage capacity --In 2020, nearly everything requires a login --Important and unimportant services Credential Pivoting -Humans fail to account for implicit trust and reset mechanisms --Few services are willing (or able) to bind userdata to passwords --Would rather treat passwords as a policy protection and allow overriding --Provide automated "password reset" mechanisms usually through email
Canonical DH Vulnerabilities
Poor randomness when selecting a or b -If can recover one, g^ab mod p is trivial Poor selection of p -Pohlig-Hellman Algorithm -Non-trivial sub-group with different generator Computation over-match -Discrete Log Record: 795-bit in ~100 days
Canonical RSA Vulnerabilities
Poor randomness when selecting p & q -If can recover one, other is trivial Insecure strategy for generating p & q -Vulnerable example: p = prime(n), q= prime(n+1)¡ Brute-force computation overmatch -Can factor 512-bit non EC2 for ~$75 -$100M of special-purpose ASICs Algorithmic advances -Pre-Quantum: Number Field Sieve (NFS) -Post-Quantum: Shor's algorithm
Return-to-libc
Reuse code from vulnerable binary -Already loaded into memory -Already marked as executable IDEA: Setup a ret so it acts as a call
Cloud Provider TCB
SaaS: Software -Amazon WorkMail PaaS: Platform -Elastic Container Service IaaS: Infrastructure -EC2 Instances <many more layers of internal services> All on top of Local TCB
Accelerator Usage
Primitive-Level Variant -Offload actions -Software provides: --Action-specific input - CT/PT/data/sig+data --Instance-specific secret -Accelerator provides --Primitive algorithms --Action-specific output Protocol-Level Variant -Offload layers -Software provides: --Configuration --Long-term secrets -Accelerator provides: --Protocols negotiation --Primitive algorithms --Short-term secrets --Plaintext messages
Security Design is not a Product, it's a
Process Can't be added later on It's an on-going effort throughout the lifecycle *Security is not a checkbox to hit on the way to releasing a product
SELinux/App Armor
Process Isolation + OS-level sandboxing HEAVILY patched set of kernel modules "Know what an application is suppose to do and don't let it do anything else." -ls doesn't need network access -Print driver doesn't need keystrokes
Linux Process Model
Processes permissions are nearly identical with a slightly different security mechanism. -Process inherits user permissions (default) -Have an Effective User ID (EUID) and Effective Group ID (GUID) -EUID/GUID can be set in various ways: --sudo, setuid, sg, ... --Requires root user
UDP (User Datagram Protocol)
Protocol that operates instead of TCP in applications where delivery speed is important and quality can be sacrificed. -Extremely simple connectionless protocol -16-bit checksum is only functionality -Often used when: --Dropped packets are OK (streaming video) --Want to handle recovery at application layer (no ACK, SYN/ACK, etc. ... just sends packets regardless of whether they make it or not)
Textbook RSA Operations
Sign(m)[using priv-key] -sig= H(m)^d mod n Verify(m)[using pub-key] -(sig)^e mod n =?= H(m) Encrypt(m) [using pub-key] -ct= m^e mod n Decrypt(m) [using priv-key] -m = ct^d mod n
Why use TLS?
Provides generic, secure channel with very little overhead Getting the details correct for a secure channel is very difficult The network is evil!! -Government surveillance -ISP tracking / ad injection -Compromised Wi-Fi routers -used to get your info/message across securely
Risk limiting Audits
Random sample of ballots are manually reviewed Even with relatively small sample size, can gain high confidence
Refraction Networking
Refraction Networking is a censorship avoidance technique which relies on mimicking multiple protocols simultaneously in a way that only a secret can extract inner.
ASLR (Address Space Layout Randomization)
Requires many changes to compilation and/or loading -Code must be "relocatable" or "position independent" -<Details are out-of-scope> IDEA: Make it impossible to predict addrs
HTTP Response
Response to client's get/post request -Has status, headers, body -new content defined with \r\n -end of header defined with just a \r\n -if status is ... --200s = server got what you wanted --300s = redirect --400s = error (invalid, can't find, etc) --500s = something went terribly wrong, server crash, etc.
Morris Worm
Robert Morris, grad student at Cornell, created a program to copy a message to systems on the Internet He wasn't as careful as he should have been with limiting the propagation Brought the Internet to near collapse for several days in 1988 First Denial of Service attack -Infected 10% of the Internet -Repeatedly infected machine -First CFAA prosecution
Preventing XSS
Same as before (don't/protect/validate) Avoid dangerous patterns -dom_ele.innerHTML= untrusted_data -eval(validate(untrusted_data)) Escape user-provided data -"<" -> "<" (still renders as "<") Content Security Policy (CSP) -Server explicitly indicates what domains content will be fetched from in HTTP response
Example: Drive Encryption
Sealed decryption key stored on-disk TPM validates user password and any other logic TPM releases drive decryption key to OS
TMP Keys
Secrets are either generated on-board or injected Uses internal "fuses" to make permanent Derive many secrets from single root secret w/ validation
Why use ECDH?
Secrets are significantly smaller -384-bit vs. 3072-bit for 128-bit security -Keyshares are significantly smaller -Attacks against ECDH aren't as mature as those against Finite-Field DH -Significantly faster than Finite-Field -Significantly harder to break curves compared to prime-order cyclical groups
Oversimplified Descriptions
Security CPU Instructions -Trusted actions in standard hardware Crypto Accelerator -Fast, trusted actions in add-on hardware Trusted Platform Module -Trusted actions in built-in hardware w/ keys Hardware Security Module -Fast, trusted actions in add-on hardware w/ keys Trusted Execution Environment -Fast(ish), trusted logic in common hardware w/ keys
Over-simplified descriptions of security hardware
Security CPU Instructions = Trusted actions in standard hardware Crypto Accelerator = Fast, trusted actions in add-on hardware Trusted Platform Module = Trusted actions in built-in hardware w/keys Hardware Security Module = Fast, trusted actions in add-on hardware w/keys Trusted Execution Environment = Fast(ish), trusted logic in common hardware w/keys
Applying Principles
Security Model-An abstraction to subjects, permissions, and objects to allow reasoning about S&P properties. Security Policy-The mapping of subjects, permissions, and objects to implement the security model. Security Mechanism-The technical measure that enforces the security policy.
Link Tracking
Send Alice-specific URL via email and connects email with cookies
Common Content Injection SRC
Server relayed content -Attacker uploads data to a website that the victim later loads, fetches, and renders -Forums were a bad idea (TM) URLs -Attacker convinces victim to click on link -HINT: Project 2, Problem 2 Cookies
Thread Sandbox
Shared memory + isolated concurrency Threads interact via memory & IPCs Tainted threads can be killed and restarted -"Do one thing and do it safely" -A "policy engine" can blindly enforce data interactions and data exchanges -Very useful for web browsers --Request content, run JS, render image, etc are *very* different things with predictable inputs and outputs -Better than nothing but is exceptionally hard to get correct on non-trivial logic
Counter Mode (CTR)
Similar to OFB mode, but instead of using a random IV value CTR mode increments an IV counter for each plaintext block. GOOD -- key-unique nonce, if key is known then CTR is compromised -Key-unique nonce || counter to avoid ECB mode inter-block leak -No padding because used as stream cipher --CT = Encrypt(key, IV) XOR block || = concatenation Nonce || Counter combined with key into block cipher and that output is XORed with a block of plaintext resulting in CT The counter is incremented for use in the next block cipher
Malware Installed via User
Social Engineering -User is tricked into installing themselves -Can be last-resort of drive-by-download Freeware/Shareware -Cheap, low-effort applications as bait -Packed w/ arbitrary libs -If you can't figure out what the product is... it's probably you. Untrusted sources -Even if it works 100% the same, it's most likely not -SIDE-LOAD APKs are extremely dangerous "Cracked" software -Promise of free-version of paid software -Often actually are "key-hacked" version -WaReZ, Torrents, P2P "Bundled" software -Installs the software you want to install -Also install its friends
Problems with MFA
Something you know = something you can forget Something you have = something you can lose Something you are = something that you can mimic or cease to be
DoS Defenses
Standard DoS attacks are relatively easy to defend against via standard defenses. -Over Provisioning-Infrastructure is built for more load than is expected -Active Defenses -IPS automatically blocks abnormally high-traffic clients -Puzzles-When under duress, server requires client to solve CAPTCHA Advanced DoS attacks require specialized defenses and custom infrastructure. -use of cloudflare and others to help network huge amounts traffic --traffic goes through cloudflare --someone contacts your website, their request goes to cloudflare instead of to your website. Cloudflare requests it from your website. If someone comes again, cloudflare already has a copy of that request. This help against botnets flooding a server.
Surveillance
Surveillance is the act of monitoring a person, place, or group for explicit purpose of gathering information on their activities. HUMINT: Human Intelligence =Alice says Bob is at work right now GEOINT: Geospatial Intelligence =Imagery says Bob is at work right now SIGINT: Signals Intelligence =ELINT: Bob's phone is at his work right now =COMINT: Bob texted his wife that he was at work
3DES (Triple DES)
Symmetric Key Algorithm, Applies DES three times (to each data block), 168-bit key BAD -1995 -A "hot patch" for DES via RFC -Exact same algorithm -Encrypt -> decrypt -> encrypt why bad? -Vulnerable to "meet-in-the-middle" attacks (brute force), only gives 112 bits of security since 56 bits was already broken (DES) 168-56 = 112 -2016 -Practical collision attack (Sweet32)
TLS vs SSH
TLS: -Usually anonymous client (server-auth) -Almost always PKI for auth (CAs + SSL certs) -Lots of optimization for static(ish) content -Large number of connections to large number of hosts -Minimal/Optimized setup SSH: -Forced Bi-directional authentication -Almost always auth via manual-config + TOFU -Focused on real-time & bi-directional data -Small number of connections to small number of hosts -Very verbose setup
Usage: Out-of-Band Secret
TPM available over removable USB Explicit trust boundary Greatly improved usability with strong security properties
Example: Secure Boot
TPM validates firmware signature before booting If invalid, refuse to launch bootloader Used as foundational trust for validating higher-level software
What is the Web?
The "web" is an array of protocols, standards, and un-written conventions for providing content via the Internet. -Javascript, HTML, HTTP,HTTPS, URL, ... -More "frameworks" than should ever exist in the history of the universe *The web was built to serve cat pictures* NOT SECURE
ARP protocol
The Address Resolution Protocol (ARP)allows hosts to map IP addresses to MAC addresses in a peer-to-peer manner. -Local table of IP <-> MAC addr for local IPs -ARP Probe --"What MAC is associated with 1.1.1.1?" -ARP Announcements --"Have IP 1.1.1.1 and my MAC is XX:X...X:XX" --"I am the gateway to the Internet at XX:X...X:XX" "Default gateway" is path to the Internet
IPv4
The Internet Protocol version 4 is the dominant protocol for routing traffic on the Internet, specifying "to" and "from" addresses using a dotted decimal such as "122.45.255.0". -Commonly used for client-side addressing -4-byte address (232total == ~4 billion) --172.19.144.53 -Commonly referenced in "CIDR notation" --1.1.1.0/24 --> 1.1.1.0 -1.1.1.255 (first 24 bits are frozen)
IPv6
The Internet Protocol version 6 provides a large number of new addresses to route Internet traffic, using "from" and "to" addresses written as colon-hexadecimal notation, such as "fe80::42:acff:feaa:1bf0". -Sometimes used for server-side addressing -16-byte address (264total == ~18 quintillion) --2001:0db8:0000:0000:0000:ff00:0042:8329 -Will be the standard in 1999, 2004, 2008, 2013, 2016, 2017, 2020, 2025? Who knows....
Mirai botnet
The Mirai Botnet was mostly comprised of IoT/embedded devices breached via default usernames/passwords. -~600k bots generating 600GB -1TB of flood traffic towards victim -Took down DynDNSfor ~2 hours in 2016 (Major provider for US)
Physical Layer
The OSI layer provides the means for transmitting data bits over a physical medium (electrical engineering stuff). The actual encoding mechanism used to represent bits in a physical form. Lots of different ways to modulate signals -AM/FM, QPSK, PWM, ... Lots of ways to transit signals -RF, electrical impulse, blinking lights Mostly handled by EE not CS
Secure Shell (SSH)
The Secure Channel (SSH) protocol is another widely-used secure channel optimized for terminal-access and administration. -Similar but significantly different messages. -Bi-directional public keys for authentication -Uses "PEM" encoding, not X509 -Structured trust dependencies are very rare
Call Stack
The call stack is all of the call frames of the currently executing function calls (e.g. the main function call and all of its helper functions). These call frames are arranged in a stack, with the original function up top, and the most recent function call at the bottom. If the current function calls a helper function, you add a new frame to the bottom. When a helper function completes, you remove the call frame from the stack. -Starts at 0xffffffff -Grows toward 0x00000000 Bottom of stack is highest address and top is lowest address -ESP ( ) points to top-of-stack --"Stack Pointer" -EBP ( ) points to bottom of current frame --"Base Pointer" / "Frame Pointer"
Hash Collision Attack
The collision attack lets us generate two messages with the same MD5 hash and any chosen(identical) prefix. Due to MD5's Merkle-Damgård construction, we can append any suffix to both messages and know that the longer messages will also collide. This lets us construct files that differ only in a binary "blob" in the middle and have the same MD5 hash, i.e.prefix‖blobA‖suffix and prefix‖blobB‖suffix have the same MD5 hash
TLS Protocol
The foundation of many/most (but not all) client traffic protection on the internet. It isn't secure? The solution is probably TLS. -FTP --> FTPS (file transfer) -IMAP/POP3 --> IMAPS/POP3S (client-to-server email) -SMTP --> SMTPS (server-to-server email)
Root-of-Trust
The fundamental secrets that are used for achieving the three fundamental properties (confidentiality, message integrity, sender authenticity)
Application Layer
The highest-layer protocol and handles the logical interactions between endpoints. ex. HTTP, SMTP, DNS, etc.
Authentication
The mechanism by which parties prove their identity to the others
Root Certificate
The original digital certificate issued by a Certification Authority.
Electronic Codebook Mode (ECB)
This means to encrypt each block independently, using the same key for each. It is rarely used. -The message is divided into blocks, and each block is encrypted separately. -Blocks of plaintext combined with key through the block cipher encryption give a Cipher text output, this is done independently for every block of plaintext -Pad last block to correct length -Each block of plaintext fed through cipher -Embarrassingly parallel, random access BAD -why bad? --Because ECB encrypts identical plaintext blocks into identical ciphertext blocks, it does not hide data patterns well. || every block of plaintext has same cipher text value & vice versa, doesn't change --Lack of Diffusion: What is Diffusion? -if we change a single bit of the plaintext, then (statistically) half of the bits in the ciphertext should change. Also, if we change one bit of the ciphertext, then approximately one half of the plaintext bits should change.
Long & Tedious Ballots
Too many races to make informed decisions on all Give up and not make it to the end of ballot Forget to flip it over for races on the back
Onion Routing
Tor is an option for protecting against network-level attacks =Strictly better S&P b/c no single-point of failure for single actor
Preventing CSRF
Use SameSite cookie attribute -Cookie will only be sent on requests that originate from the original sender Secret HTML tokens -Website adds random tokens to its form-inputs and ensures that they are returned Referer Validation -The server checks the contents of the "referer" header in order to validate request's origin
Stream Cipher
Use a keystream generator and encrypt a message one bit at a time, usually implemented in hardware -Shared key known by all participants -Key is "expanded" to the length of the message (using PRG). This helps with our problem in One-time Pads. -Infinite length One-Time Pad Plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, this gives a digit of the ciphertext stream. In practice, a digit is a bit and the combining operation is XOR.
Multi-factor authentication
Use of several authentication techniques together -Something you know --Password, PIN, pattern -Something you have --Phone, security token, ID card -Something you are --Biometrics
Telescoping Encryption
Used in Onion Routing. -As connections traverse "circuit" to destination, layers of encryption are removed one-by-one at each node -At the exit node, message is not encrypted -As connection traverses "circuit" back, layers of encryption are added back. Example: -At entry node: Encrypt1(Encrypt2(Encrypt3(message))) -At first middle node: Encrypt2(Encrypt3(message)) -At second middle node: Encrypt3(message) -At exit node: message -Back to second middle node: Encrypt3(message) -Back to first middle node: Encrypt2(Encrypt3(message)) -Back to entry node: Encrypt1(Encrypt2(Encrypt3(message)))
Elliptic Curve Diffie-Hellman (ECDH)
Uses elliptic curve cryptography instead of prime numbers in its computation -Operates on elliptic curves over prime-order finite-fields -Widely used curves are named and their names may/may not be meaningful
How Diffie-Hellman Functions
Very Similar to RSA BUT not identical -Uses a prime modulus p instead of a composite modulus n -Uses a generator, g, instead of a message m -Modular Exponentiation w/ Prime Modulus --Multiply a value by itself enough times over a prime-order finite field and you can't figure out how many times you multiplied it -Each actor selects a secret (a, b) -Create/Send "keyshares" based on secret -Use secret and others' keyshare to create a shared secret only known to actors -standard generator g -prime modulus p Alice -> g^a mod p Bob -> g^b mod p How it works is ... g^ab mod p == g^ba mod p
Cyber-kneecapping: Backdoors
are a mechanisms used to surreptitiously weaken what is thought to be strong defenses. Most obvious is a password or interaction sequence that allows access
Voter Authentication
Voter Authentication is that votes are cast only by eligible voters and within the rules of the election. Eligible Voters - Rules differ greatly Number of Votes - Usually 1x but not always
Voter Enfranchisement
Voter Enfranchisement is that all voters are given the opportunity to vote. Inclusive Reasonable
Optical Scan Systems
Votes are marked on hard-copy paper ballots Ballots stored on-device & on-paper Running-count maintained and outputted at the end
What to do instead of internet voting?
We continue educating people on election security issues -Citizens, election officials, politicians, etc We keep trying to solve very hard problems -Usability, Attestation, Cryptography, etc We do the best we can with what we have
Why are URL's ineffective/unusable?
Were originally built to be readable and understandable but are not anymore -Were a replacement for BBS & AOL Keywords (dominant in 1990s) -You can't trick users into looking at them and web security is built around users noticing that they are malicious --why phishing is so prominent, no one checks their URL
Explicit Assumption
What are the creator's intentions? Who does the creator rely on?
What are questions that a defender should be asking?
What assets am I trying/needing to protect? Who am I trying to defend against? Who am I willing to let succeed? What am i willing to trade for security? (Cost v Benefits)
What questions should an attacker consider?
What is the easiest way in/gain access? What is assumed about the system? What did the defenders forget to consider?
Example of one way secure channel
What's 1+1? Include ABCD --> <-- AES256_GCM_SIV(key, ABCD || 2), IV, sig IV || CT AES256_GCM_SIV is your block cipher(AES), nonce reuse resistant using GCM with your key and a nonce ABCD(given by alice) concatenated with the message (2) Then you have your initialization vector It is then signed using the IV concatenated with your cipher text *Alice needs Bob's public key to decrypt/verify signature
TCP (Transmission Control Protocol)
Works at both ends of most Internet communication to ensure a perfect copy of a message is sent. -Complicated connection-oriented protocol -Usually the default for communications -Handles many different aspects --Dropped packets, congestion control, etc
Binary Whitelist
a common technique in enterprise networks used to restrict what applications can be run by the user. -Administrators make a list of approved binaries and OS blocks everything else -Prevents user from running arbitrary code -Major effort to keep updated
Denial of Service Attack
a cyber attack in which an attacker sends a flood of data packets to the target computer, with the aim of overloading its resources OR type of attack which desires to prevent legitimate users from accessing a service. -Come in many different varieties -Usually based on an "asymmetric" tradeoff that favors the attacker --Attacker's cost is very small but defender's cost is very high
Botnet Zombies
a device that has been infected with malware that causes it to participate in a botnet. -Contribute DDoS traffic -Act as a "jump-box" for arbitrary maliciousness -Whatever the owner wants to rent it for
Trusted Execution Environment (TEE)
a general computation environment that provides additional security properties such as access to keys, memory encryption, etc.
Postal Voting
a generic systems where an empty ballot is physically sent to the voter, filled-out remotely, and returned to a central tally location. -Absentee voting, vote-by-mail, mail-in voting, vote via mail -Naïve way provides near-zero protection
NOP Sleds & Repeats
a hacker sends a large number of NOP instructions into the buffer, appending command code instruction at the end. -NOP: "no operation" (i.e. do nothing) -"Sled" consists of many NOPs before desired first instruction --If execution begins anywhere in the sled, then effectively starts where desired -"Repeats" are multiple attempts at overwriting a target value
Digital Signature
a means of electronically signing a document with data that cannot be forged a cryptographic value that represents the private key holder's recognition of the data being signed -Sign data with the private key -Verify data with the public key
Block Cipher
a method of encryption that processes blocks of data rather than streams -manipulates an entire block of plaintext at one time -fixed-size input & output -really fast -Substitutions from secret internal state ("S-Boxes") -Multiple "rounds" to increase substitutions Take a block of plaintext with a key and put it through a rounded function - R(k,m) Do this for however many blocks of plaintext you have
Digital Certificate
a notice that guarantees a user or a website is legitimate
Firewalls
a part of a computer system or network that is designed to block unauthorized access while permitting outward communication. "generic name for a network component that blindly applies a rule-based policy to allow/drop network traffic" Logically, the rules are straight-forward --DO allow port 80 (HTTP) --DON'T allow port 22 (SSH) --DON'T allow port 21 (FTP) UNLESS from remote office
Trojan Horse
a program that appears desirable but actually contains something harmful OR generic type of malware that gains access to the device by claiming to be useful to victim. -Social engineering attacks -Fake anti-virus -Re-packages apps
Forward Secrecy
a property of any key exchange system that ensures that if one key is compromised, subsequent keys will not also be compromised OR property that traffic can not be decrypted by compromising either endpoint after the channel has been destroyed. -Content is protection against future compromises not current/previous --protects past sessions against future compromises of keys/passwords -generate unique session key for every session a user initiates
Stack Frame
a section of the runtime stack holding the values of all variables for one invocation of a procedure. OR A stack frame is a logical area of the call stack which is associated with a single function's execution instance. -Local variable are self-contained -Locally-used heap variables pointers -Record-keeping elements stored in-between
HTTP Cookies
a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. OR small data chunks that the client stores and returns to the server with requests. -Many, many uses: --Personalization info --Client-specific state --Session authentication -They are really bad when it comes to S&P
Password Manager
a software application that stores and organizes encrypted passwords for a user and is accessed using a single, strong master password -Greatly improves best practice usability -User only has to remember single secret -Can integrate MFA *Not all password managers are created equal
Worm
a software program capable of reproducing itself that can spread from one computer to the next over a network OR a virus that has the ability to spread itself to other devices automatically. -Most commonly via vulnerable network services and network clients -Technique can be re-used for other types of attacks and combined for more impact
Ethernet Protocol
a software program commonly used to connect computers to create a LAN -Media Access Control (MAC) addresses --DE:AD:BE:EF:4D:AD --"MAC address" is different from a "MAC" -Originally "globally unique" addresses --3-byte manufacturer + 3-byte device ID --No longer the case
Diffie-Hellman key exchange
a symmetric standard for exchanging keys. primarily used to send private keys over public networks. It is a construction through which two parties can safely create a shared secret in the presence of a passive attacker -can be used for signatures... but rare -used for exchanging keys (obviously)
Internet/Online Voting
a system where votes are cast via the Internet and often is compared to vote-by-mail in terms of security.
Code Signing
a technique that uses an architecture similar to TLS CAs to ensure the provenance of code. -Similar to binary whitelisting but much more broad and flexible -Attackers can identify correctly signed but weak binaries and use them as loaders
Cross-Site Scripting (XSS)
a technique used to compromise database data in which web page scripting is injected into the server OR An attack that injects scripts into a Web application server to direct attacks at clients OR a class of attacks which extends Content Injection to execute JavaScript in the victim's browser. -Content injection attack with JS injected -Often use "polyglots" to test websites
Obfuscation
a technique which "munges" messages in a way that can be reversed with trivial effort
Containers
a type of virtualization that allows for shared operating systems for more resource savings and faster execution Shared kernel w/ isolated perspective -Each container thinks it's the only thing running on the entire computer Managed via a OS-level "engine"
Key Distribution
actors obtaining cryptographic values (secret or not) in a trustworthy manner Symmetric - both parties need access to a shared secret Asymmetric - Verifier needs to obtain signer's public key
Double-Envelope Approach
allows security properties to be implemented with reasonable trade-offs. -Outer: Identity/verify info -Inner: Ballot w/o info -After accepted, the outer is discarded
Cryptography Accelerator
an add-on component that allows software to leverage custom ASICs for improved performance. Operations are often well-defined and repetitive -14-rounds for AES256 -Trial-and-error for bitcoin mining -Standardized protocols ASIC allows optimized pipelines for specific behavior
PRNG (Pseudo Random Number Generator)
an algorithm that generates a sequence of numbers that seems random but is actually completely predictable maps k-bit random input to an n-bit pseudo random output (n>k) -small amount of randomness turns into a large amount of kinda randomness -use a secret "seed" (s) for unpredictability -not safe for generating keys -safe for some cryptographic uses
Nonce
an arbitrary number that can be used just once in a cryptographic communication -pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks
Credential Stuffing Attack
an attacker reusing known username-password combinations from one breach on a separate service -Relies on: --Ubiquity of accounts --Static email addresses --Password reuse --Laziness
HTTPS Spoofing
an attacker uses a domain that looks very similar to that of the target website. With this tactic, also known as "homograph attack", the characters in the target domain are replaced with other non-ASCII characters that are very similar in appearance. The unsuspecting user is very unlikely to notice the difference and is rest assured by the browser's secure connection indication. This is after they inject their own root CA into the client's browser and that's why it has the secure connection indicator Looks very similar to Phishing
One-time pad
an example of perfect (unbreakable, proven, guaranteed) encryption -achieved by using, only once, a random key that is as long the message itself. -really fast, really simple -uses XOR -key has to be as long as message which results in a problem ... if your message is 10Gb then your key must be 10Gb ... that's a lot of space taken CT[i] = Msg[i] XOR Key[i] ex. Plaintext 011010101101001100 Key XOR 110101010101101011 CipherText 101111111000100111 Decrypt by XORing key with CT to get plaintext The key must be truly random. The key must be at least as long as the plaintext. The key must never be reused in whole or in part The key must be kept completely secret
SOL-Injection Attacks
are a technique that exploits mechanical database queries to gain full-access to an SQL database. Conceptually similar to injecting shellcode, XSS, and "shell injection" techniques = Exploits data vs. code confusion = "Escape" data element via built-in syntax Very common in web applications Example: Expects: '123' SELECT * FROM Users WHERE id = 123; Gets: '1 OR 1=1' SELECT * FROM Users WHERE id = 1 OR 1=1; Evenworse: '1; DROP TABLE Users'" SELECT * FROM Users WHERE id=1; DROP TABLE Users;
Cyber-kneecapping: Cryptographic backdoors
are ones who allow the holder of a secret to compromise the cryptography involved.
Cyber-kneecapping: Permitted weaknesses
are those which a nation-state has awareness of but chooses not to disclose of their existence.
Return-to-Shellcode
binary exploitation technique in which the attacker injects and executes pre-compiled instructions. -Insert instructions into buffer -Change EIP to point to own instructions -Achieve "remote code execution"
Authenticated Encryption with Associated Data (AEAD) Cipher Modes
cipher modes provide confidentiality and message integrity simultaneously -does not provide sender authenticity -Commonly use seal() and unseal() instead of encrypt() and decrypt()
Ransomeware
encrypts" the victims files and then tries to sell the decryption key. -Usually encrypts files with random secret and then encrypts that secret with pub-key -The attacker will decrypt the local encryption key once they're paid. -...sometimes...
How TCP handles dropped Packets
ex. Server can't send a full picture over the internet; therefore, they send 1/2 the pic instead. Client send an ACK saying they got it and to send more. The server send the other 1/2 ... the client sends ACK saying it got it. Secure packet transfer ... BUT What if the first 1/2 of the picture was dropped, the server sent the second 1/2 after the first. Client says "hey I only got part 2 of the pic". Sever sends the first part again and TCP rearranges the packets in the correct order (first 1/2, second 1/2).
Modify-On-Scan Attack
ex. Unclear Ballot seamlessly moves marks to the attacker's preferred candidate while preserving the voter's marking style. It is effective for a wide variety of marks and ballot designs. In the examples above, original ballot scans are shown on the left and manipulated images on the right.
Binary Exploitation
general name for techniques used to intentionally trigger bugs in a way meaningful to the attacker. -Not all buffer overflows are controllable -Even if controllable, may not be exploitable -Even if exploitable, may not be predictable -Even if predictable, may not be useful
Key Generation Algorithm
generates a related key pair simultaneously
Content Injection
generic name for attacks that are reliant on the web servers incorrectly trusting user-generated data. -inject arbitrary text into the website in order to change what is displayed to the viewer.
Spam
generic name for mass, untargeted advertising via the Internet. -Email, chat messages, SMS, robocolls -Goal is fraud and not credentials
Link Layer
handles all the physical details of interfacing with the cable, including the network interface card and a device driver. responsible for addressing and switch for intra-network endpoints -Switches dispatch to next switch based on physical port tables -"Talking among friends" -Everything inside a single router's scope
Principle of Complete Mediation
having a trusted entity validate any privilege use to ensure its validity. -OS checks if user X can run app Y
URL Example
https://example.com/about.html?src=home -Protocol: HTTPS -Host: example.com's IP address -Port: 443 (implicit via HTTPS) -Page to Display: About -Format of Page: HTML -Where came from: Home-page ("src")
Padding
includes adding data to the beginning, middle, or end of a message prior to encryption. In classical cryptography, padding may include adding nonsense phrases to a message to obscure the fact that many messages end in predictable ways
Network Input Buffer Overflow
int getField(intsocket, char* field) { intfieldLen= 0; read(socket, &fieldLen, 4); read(socket, field, fieldLen); return fieldLen; } int read(int socket_to_read,char* dest_buf,size_tlen_to_read);
Adversary
intelligent actor (person, group, organization) not restricted by expectations has own capabilities, motivations, intentions
Advanced Persistent Threat (APT)
is a class of actors with special characteristics. Advanced: Access to or able to develop special-purpose tools and techniques Persistent: Predefined targets and leverage continued/long-term access Threat: Intelligent and coordinated action across entire spectrum of operation
K-Anonymity
is a less-awful way to anonymize data that generalizes it until no longer re-identifiable to a chosen degree.
Global Passive Adversary
is a type of nation-state behavior that is able to monitor nearly-all traffic on the Internet. Do not have full control or insight but effectively do Think of a "Super Eve"
Shelling-Out
is a very common technique that involves calling a bash command from an application to perform canonical actions. Commonly used to do complicated but common and self-contained operations -File operations, start/stop other processes, etc Is unsafe when using untrusted input -Usually ends in "shell injection" vulnerabilities
Initialization Vector (IV)
is an arbitrary number that can be used along with a secret key for data encryption. This number, also called a nonce, is employed only one time in any session. -Basically it is a block of bits used to randomize the encryption & to produce distinct ciphertexts even if the same plaintext is encrypted multiple times (without the need for a slower re-keying process) Technically: "A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment."
Cryptographically Secure Pseudorandom Number Generator (CSPRNG)
maps a k-bit random input to arbitrary-length pseudorandom outputs -similar to PRNG but more more complicated (also slower and harder to implement) AKA better but slower -safe for generating keys & all other randomness needed for cryptography - it is the only trustworthy way to generate arbitrary amounts of randomness from a seed
AES-GCM-SIV
mode of operation for the Advanced Encryption Standard which provides similar performance to Galois/Counter Mode as well as misuse resistance in the event of the reuse of a cryptographic nonce -SIV = Synthetic Initialization Vector -2019-- very new -nonce resistance version of GCM -still provides confidentiality & message integrity even if the nonce is reused.
Buffer Overflow
occurs when a program tries to place more information into a memory location than it can handle. OR lass of memory corruption bugs where a program inserts to put too-much data into a too-small memory allocation. void print_name(char** argv) { char buf[10]; strcpy(buf, argv[0]); printf("Running: %s", buf); }
Pseudo Random Function (PRF)
output mimics randomness regardless of input -output always "looks" random -Inputs are kept secret so attacker must guess what the output is -sounds like hash functions but isn't -using hash as PRF doesn't make it more random -using a HMAC as PRF is better HMAC(seed, x) = y seed is k & y is n
Internet Layer
responsible for addressing, packaging, and routing messages on the Internet. responsible for addressing and routing for inter-network communications. -Routers dispatch to next router based on destination groups -"Talking between organizations" --Logically grouped into "Autonomous Systems" (ASes)
Transport Layer
responsible for providing communication with the application by acknowledging and sequencing the packets to and from the application. (responsible for ensuring that the data is processed in an orderly manner.) Usually uses "ports" to indicate which program sent or should handle a message Lost message recovery Congestion control
ROP Gadgets
ret ==0xc3 -Could be part of another instruction -Could be part of an address X86 uses "variable length instructions" -The instructions' bytes are interpreted based on where decoding starts (EIP location) Any 0xc3byte is a valid ROP gadget
Malware
software that is intended to damage or disable computers and computer systems. -Operate in a non-obvious manner -Cause S&P harm in some form or fashion
Authentication in Securtiy
the act of confirming whether or not a piece of data claimed true by an entity is actually true -Often used in relation to an identity --Website authenticates user's identity via username and password --Phone authenticates user's identity via fingerprint, facial features, or PIN/password
Reflection Attack
the attacker sends packets to a known service on the intermediary with a spoofed source address of the actual target system. When the intermediary responds, the response is sent to the target. OR type of network attack where the traffic is "bounced" through a third-party in order to hide its source. -Usually relies on forging the source IP --Causes the 3P to send traffic to the victim -Victim can block the "source" but attacker can simply change the "source"
HTTP (Hypertext Transfer Protocol)
the protocol used for transmitting web pages over the Internet; base-protocol through which web servers and web clients communicate. -Idea is extremely simple -Implementation is extremely complicated
Public Key Infrastructure (PKI)
the system for issuing pairs of public and private keys and corresponding digital certificates OR is a complex system of actors, rules, and procedures intended to instill trust in the true owner of a given public key. Major Models: -Web of Trust -Distributed peer-to-peer network -Certificate Authorities -Trusted 3rd party network
HTML (Hypertext Markup Language)
the written code that creates Web pages and links; a language all computers can read -root mechanism for all web content BUT In 2020, almost no one builds websites in HTML anymore due to time/skill required. -Frameworks are almost universally used for building -ColdFusion, NodeJS,TrueForms, ASP.NETLaravel, Django, PHP, Ruby on Rails, Flask -WORDPRESS SHOULD DIE IN A FIRE People need to start using HTML for their websites, there are so many mistakes that can me made when you use prebuilt websites/website builders, etc. ... plus there's so much you can do with HTML
Implicit Assumption
think "outside the box"
Shellcode
transfer control to a user command-line interpreter, which gives access to any program available on the system with the privileges of the attacked program. OR small piece of code used as the payload in the exploitation of a software vulnerability -Compile your own code to be executed -Inject into the binary -Jump to your binary instructions void injected_function() { spin_target: goto spin_target; }
Public Key Cryptography
uses two keys: A public key the sender uses to create encrypted messages. (pub-key ... pk) A mathematically-related private key that the receiver can use to decrypt messages encrypted by that public key. (priv-key ... sk) asymmetric- Not a single shared secret between all parties (b/c one has pub key and other has priv key)
Control Flow Hijacking
when the attack gains the ability to maliciously influence the program's execution path. -End-goal of most binary exploitation attacks and technique *If you control EIP, you control the world.*
