CH 01: Security and Cryptography Concepts
What are the cybersecurity subsets?
Information Security Network Security
Firewall:
A hardware and/or software capability that limits access between a network and a device attached to the network, in accordance with a specific security policy. The firewall acts as a filter that permits or denies data traffic, both incoming and outgoing, based on a set of rules based on traffic content and/or traffic pattern.
Security Mechanisms: Authentication Exchange
A mechanism intended to ensure the identity of an entity by means of information exchange.
Security Mechanism:
A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack.
Masquerade Attack
Takes place when one entity pretends to be a different entity. A masquerade attack usually includes one of the other forms of active attack. For example, authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges.
Access Control Service
The ability to limit and control the access to host systems and applications via communications links. To achieve this, each entity trying to gain access must first be identified, or authenticated, so that access rights can be tailored to the individual.
Release of message contents:
The act of an adversary in successfully eavesdropping on a communication, such as a telephone conversation, an electronic mail message, or a transferred file.
Security Attack:
Any action that compromises security of information owned by an organization.
Security Service:
A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization.
PKI architecture atisfies the following requirements:
- Any participant can read a certificate to determine the name and public key of the certificate's owner. - Any participant can verify that the certificate originated from the certification authority and is not counterfeit. - Only the certification authority can create and update certificates. - Any participant can verify that the certificate is currently valid.
Challenges of Information Security (Pt 2):
- Information and network security are essentially a battle of wits between a perpetrator who tries to find holes and a designer or an administrator who tries to close them. The great advantage that the attacker has is that he or she needs to find only a single weakness, while the designer must find and eliminate all weaknesses to achieve perfect security. - There is a natural tendency on the part of users and system managers to perceive little benefit from security investment until a security failure occurs. - Security requires regular, even constant, monitoring, and this is difficult in today's short-term, overloaded environment. - Security is still too often an afterthought to be incorporated into a system after the design is complete rather than being an integral part of the design process. - Many users and even security administrators view strong security as an impediment to efficient and user-friendly operation of an information system or use of information.
Challenges of Information Security (Pt 1):
- Security is not as simple as it might appear to the novice - In developing a particular security mechanism or algorithm, designers must always consider potential attacks on those security features. - Procedures used to provide particular services are often counterintuitive. - Having designed various security mechanisms, it is necessary to decide where to use them, both in terms of physical placement and in a logical sense. - Security mechanisms typically involve more than a particular algorithm or protocol and also require that participants be in possession of some secret information.
Implementation Consideration for Cryptography (within an organization)
- Selecting design and implementation standards - Deciding between hardware, software, and firmware implementations - Managing keys - Security of cryptographic modules
Data Integrity Service
A connection-oriented integrity service—one that deals with a stream of messages—ensures that messages are received as sent, with no duplication, insertion, modification, reordering, or replays. The destruction of data is also covered under this service. Thus, the connection-oriented integrity service addresses both message stream modification and denial of service. On the other hand, a connectionless integrity service—one that deals with individual messages without regard to any larger context— generally provides protection against message modification only.
Security Mechanisms: Routing Control
A control that enables selection of particular physically or logically secure routes for certain data and allows routing changes, especially when a breach of security is suspected.
What is PKI?
A public-key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and each verify the identity of the other party. A PKI is used to bind public keys to entities, enable other entities to verify public key bindings, revoke such bindings, and provide other services that are critical to managing public keys.
What is a public-key certificate?
A set of data that uniquely identifies an entity. The certificate contains the entity's public key and other data and is digitally signed by a trusted party, called a certification authority, thereby binding the public key to the entity. The certificate contains the entity's public key and other data and is digitally signed by a trusted party, called a certification authority, thereby binding the public key to the entity. Public-key certificates are designed to provide a solution to the problem of public-key distribution
Traffic analysis:
A subtler type of passive attack that involves looking at the contents of messages. Assume masking the contents of messages or other information traffic so that adversaries, even if they captured the message, could not extract the information from the message.
Availability Service
A system or a system resource is accessible and usable upon demand by an authorized system entity, according to performance specifications for the system; that is, a system is available if it provides services according to the system design whenever users request them. A variety of attacks can result in loss of or reduction in availability. Some of these attacks are amenable to automated countermeasures, such as authentication and encryption, whereas others require some sort of physical action to prevent or recover from loss of availability of elements of a distributed system
Security Mechanisms: Access Control
A variety of mechanisms that enforce access rights to resources.
Cryptographic Algorithm:
A well-defined computational procedure, pertaining to cryptography, that takes variable inputs, often including a cryptographic key, and produces an output.
Confidentiality
AKA data confidentiality; the property that information is not made available or disclosed to unauthorized individuals, entities, or processes. A loss of confidentiality is the unauthorized disclosure of information.
What are the additional security concepts outside of the CIA trail that needed to present a complete picture of general security objectives?
Accountability and Authenticity
Symmetric Encryption:
Also referred to as secret-key encryption, is a cryptographic scheme in which encryption and decryption are performed using the same key. A symmetric encryption scheme has five ingredients.
Cryptographic Algorithm: Single Key
An algorithm in which the result of a transformation is a function of the input data and a single key, known as a secret key. These cryptographic algorithms depend on the use of a secret key. This key may be known to a single user; for example, this is the case when protecting stored data that is only going to be access by the data creator. Commonly, two parties share the secret key so that communication between the two parties is protected. For certain applications, more than two users may share the same secret key. In this case, the algorithm protects data from those outside the group who share the key. Another form of this cryptographic algorithm is the message authentication code (MAC). A MAC is a data element associated with a data block or message. The MAC is generated by a cryptographic transformation involving a secret key and, typically, a cryptographic hash function of the message. The MAC is designed so that someone in possession of the secret key can verify the integrity of the message.
Cryptographic Algorithm: Two Key
An algorithm in which, at various stages of the calculation, two different but related keys are used, referred to as the private key and the public key. These algorithms involve the use of two related keys. A private key is known only to a single user or entity, whereas the corresponding public key is made available to a number of users.
Cryptographic Algorithm: Keyless
An algorithm that does not use any keys during cryptographic transformations. One important type of keyless algorithm is the cryptographic hash function. A hash function turns a variable amount of text into a small, fixed-length value called a hash value, hash code, or digest. A cryptographic hash function has additional properties that make it useful as part of another cryptographic algorithm, such as a message authentication code or a digital signature. A pseudorandom number generator produces a deterministic sequence of numbers or bits that has the appearance of being a truly random sequence. Although the sequence appears to lack any definite pattern, it will repeat after a certain sequence length. Nevertheless, for some cryptographic purposes, this apparently random sequence is sufficient.
Certification Authority (CA)
An authority trusted by one or more users to create and assign public-key certificates. Optionally the certification authority may create the subjects' keys. A CA digitally signs a public-key certificate, which effectively binds the subject name to the public key. CAs are also responsible for issuing certificate revocation lists (CRLs). - A CRL identifies certificates previously issued by the CA that are revoked before their expiration date. A certificate could be revoked because the user's private key is assumed to be compromised, the user is no longer certified by this CA, or the certificate is assumed to be compromised.
End entity:
An end user, a device (such as a router or server), a process, or any item that can be identified in the subject name of a public-key certificate. End entities can also be consumers of PKI-related services and, in some cases, providers of PKI-related services. For example, a registration authority is considered to be an end entity from the point of view of the certification authority.
Registration Authority (RA)
An optional component that can be used to offload many of the administrative functions that a CA ordinarily assumes. The RA is normally associated with the end entity registration process. This includes the verification of the identity of the end entity attempting to register with the PKI and obtain a certificate for its public key.
Threat:
Any circumstance or event that has the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Attack:
Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.
Repository
Any method for storing and retrieving PKI-related information, such as public-key certificates and CRLs. A repository can be an X.500-based directory with client access via Lightweight Directory Access Protocol (LDAP). It also can be something simple, such as a means for retrieval of a flat file on a remote server via File Transfer Protocol (FTP) or Hypertext Transfer Protocol (HTTP).
Relying Party
Any user or agent that relies on the data in a certificate in making decisions.
Passive Attacks: aka Side Channel Attack
Are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the attacker is to obtain information that is being transmitted. - Harder to detect
Encryption algorithms that use two keys are referred to as __________________ encryption algorithms.
Asymmetric
Security Mechanisms: Digital Signature
Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.
Name 6 types of security services:
Authentication Access Control Data Confidentiality Nonrepudiation Availability
What are the general security objectives? aka the CIA triad
Availability Integrity, which may include data authenticity and non-repudiation Confidentiality
Organization and user's assets include:
Connected computing devices, personnel, infrastructure, applications, services, telecommunication systems, totality of transmitted/stored info in the cyberspace environment
The Most Important Security Mechanisms Include:
Cryptographic algorithms Data integrity Digital signature Authentication Exchange Traffic padding Routing control Notarization Access control
Integrity
Data integrity ensures that data (both stored and in transmitted packets) and programs are changed only in a specified and authorized manner. A loss of data integrity is the unauthorized modification or destruction of information. System integrity ensures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Essential components of the PKI Architecture are:
End entity Certification Authority (CA) Registration Authority (RA) Repository Relying Party
Availability
Ensures that the system works promptly and that service is not denied to authorized users. A loss of availability is the disruption of access to or use of information or an information system.
What are the three types of device security (that are noteworthy)?
Firewall Intrusion detection Intrusion prevention
Intrusion prevention:
Hardware or software products designed to detect intrusive activity and attempt to stop the activity, ideally before it reaches its target.
Intrusion detection:
Hardware or software products that gather and analyze information from various areas within a computer or a network for the purpose of finding and providing real-time or near-real-time warning of attempts to access system resources in an unauthorized manner.
Communication Security
Implemented primarily using network protocols. A network protocol consists of the format and procedures that govern the transmission and receipt of data between points in a network. A protocol defines the structure of the individual data units (e.g., packets) and the control commands that manage the data transfer. - In the context of network security, communications security deals with the protection of communications through the network, including measures to protect against both passive and active attacks
Device Security
In addition to communications security, the other aspect of network security is the protection of network devices, such as routers and switches, and end systems connected to the network, such as client systems and servers. The primary security concerns are intruders gaining access to the system to perform unauthorized actions, insert malicious software (malware), or overwhelm system resources to diminish availability.
Active Attacks:
Involve some modification of stored or transmitted data or the creation of false data. There are four categories of active attacks: replay, masquerade, modification of messages, and denial of service.
Replay Attack
Involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect
Digital Signature Algorithm
Is a value computed with a cryptographic algorithm and associated with a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity. Typically, the signer of a data object uses the signer's private key to generate the signature, and anyone in possession of the corresponding public key can verify the validity of that signature.
Authentication Service
Is concerned with ensuring that a communication is authentic. In the case of a single message, such as a warning or an alarm signal, the function of the authentication service is to ensure the recipient that the message is from the source that it claims to be from. In the case of an ongoing interaction, such as the connection of a client to a server, two aspects are involved. First, at the time of connection initiation, the service ensures that the two entities are authentic—that is, that each is the entity that it claims to be. Second, the service must ensure that the connection is not interfered with in such a way that a third party can masquerade as one of the two legitimate parties for the purpose of unauthorized transmission or reception
Data Confidentiality Service
Is the protection of transmitted data from passive attacks. With respect to the content of a data transmission, several levels of protection can be identified. The broadest service protects all user data transmitted between two users over a period of time. For example, when a logical network connection is set up between two systems, this broad protection prevents the release of any user data transmitted over the connection. The other aspect of confidentiality is the protection of traffic flow from analysis. This requires that an attacker not be able to observe the source and destination, frequency, length, or other characteristics of the traffic on a communications facility.
What does the PKI architecture define?
It defines the organization and interrelationships among CAs and PKI users.
Asymmetric algorithms can be used in two other important applications:
Key exchange is the process of securely distributing a symmetric key to two or more parties. User authentication is the process of authenticating that a user attempting to access an application or a service is genuine and, similarly, that the application or service is genuine. These concepts are explained in detail in subsequent chapters.
What are the three categories cryptographic algorithms can be divided into:
Keyless Single-Key Two Key
What are the four categories of active attacks:
Masquerade Replay Data Modification Denial of Service
What are the two specific authentication services:
Peer entity authentication Data origin authentication
The fire ingredients for symmetric encryption scheme:
Plaintext: The original message or data block that is fed into the algorithm as input. Encryption algorithm: The algorithm that performs various substitutions and transformations on the plaintext. Secret key: An input to the encryption algorithm. The exact substitutions and transformations performed by the algorithm depend on the key. Ciphertext: The scrambled message produced as output. It depends on the plaintext and the secret key. For a given data block, two different keys will produce two different ciphertexts. Decryption algorithm: The inverse of the encryption algorithm. It uses the ciphertext and the secret key to produce the original plaintext.
Information Security
Preservation of confidentiality, integrity, and availability of information. In addition, other properties, such as authenticity, accountability, nonrepudiation, and reliability, can also be involved.
Non-repudiation Service
Prevents either a sender or a receiver from denying a transmitted message. Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the message. Similarly, when a message is received, the sender can prove that the alleged receiver in fact received the message.
Denial-of-service Attack
Prevents or inhibits the normal use or management of communication facilities. It's easier to detect active attacks.
Network Security
Protection of networks and their networks and their services from unauthorized modification, destruction, or disclosure and provision of assurance that the networks perform their critical function correctly, wit a particular hout harmful side effects.
Peer Entity Authentication Service
Provides for the corroboration of the identity of a peer entity in an association. Two entities are considered peers if they implement the same protocol in different systems. Peer entity authentication is provided for use at the establishment of, or at times during the data transfer phase of, a connection. It attempts to provide confidence that an entity is not performing either a masquerade or an unauthorized replay of a previous connection.
Data Origin Authentication Service
Provides for the corroboration of the source of a data unit. It does not provide protection against the duplication or modification of data units. This type of service supports applications like electronic mail, where there are no ongoing interactions between the communicating entities.
What are the two types of passive attacks?
Release of message contents Traffic analysis
Data Modification Attack
Simply means that some portion of a legitimate message is altered or that messages are delayed or reordered to produce an unauthorized effect.
Security Mechanisms: Traffic Padding
The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
Authenticity
The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or a message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source. - This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source
Accountability
The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. Because truly secure systems are not yet an achievable goal, it must be possible to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.
Security Mechanisms: Notarization
The use of a trusted third party to ensure certain properties of a data exchange.
Security Mechanisms: Data Integrity
This category covers a variety of mechanisms used to ensure the integrity of a data unit or stream of data units.
Cybersecurity also
strives to ensure the attainment and maintenance of the security properties of the organization and user's assets against relevant security risks in the cyber space environment.
"Cybersecurity is...
the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyberspace environment and organization and user's assets".
