CyberSecurity Midterm Review
Root Certificate
A certificate that is trusted without being signed (often hard-coded into a browser or OS)
Chain of Trust
A chain of signed CAs, each verifying the next, starting with a Root CA.
Netcat
A command-line tool used to connect to remote systems.
Proxies
A computer application that accesses data on a different computer system or network. It controls the access of authorised users to data and allows the operation of the system to be isolated from control by external users.
Hash Collision Attack
A hash function takes a variable-length digital input and coverts it into a fixed-length random hash value. This random hash received is used to fingerprint the sent input file. But this method may not be free from vulnerabilities. In general two types of attacks have been found prevalent in hashing. These attacks are: Preimage attack Collision attack In a preimage attack, an attacker tries to guess the input message from which a hash function produces a particular output. In a collision attack an attacker finds two messages with the same hashed output and sends the incorrect one to the receiver. Problem: Turns out it is actually possible to generate two hashes that collide! The math is a whole PhD thesis, but it can be done Different inputs that map to one output MD5 and SHA1 are considered "broken" because attackers can generate collisions Most common now is SHA256
IP address
A number assigned to any item that is connected to the Internet.
Adversary
A potential attacker
Internal Network
A private LAN, with a unique network ID, that resides behind a router.
Threat Modeling
A process by which developers can understand security threats to a system, determine risks from those threats, and establish appropriate mitigations.
Diffie-Helmann
Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?
Alice's private key
Alice's private key Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?
MD5 Length Extension Attacks
An application is susceptible to a hash length extension attack if it prepends a secret value to a string, hashes it with a vulnerable algorithm, and entrusts the attacker with both the string and the hash, but not the secret. Then, the server relies on the secret to decide whether or not the data returned later is the same as the original data. It turns out, even though the attacker doesn't know the value of the prepended secret, he can still generate a valid hash for {secret || data || attacker_controlled_data}! This is done by simply picking up where the hashing algorithm left off; it turns out, 100% of the state needed to continue a hash is in the output of most hashing algorithms! We simply load that state into the appropriate hash structure and continue hashing. TL;DR: given a hash that is composed of a string with an unknown prefix, an attacker can append to the string and produce a new hash that still has the unknown prefix. let secret = "secret" let data = "data" let H = md5() let signature = hash(secret || data) = 6036708eba0d11f6ef52ad44e8b74d5b let append = "append"
Man-in-the-middle (MITM) attack
An attack that relies on intercepted transmissions. It can take one of several forms, but in all cases a person redirects or captures secure data traffic while in transit.
MFA (Multifactor Authentication)
An authentication scheme that requires the user to present at least two different factors as credentials, from something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as 2FA.
Certificate Authority
An online service which verifies the signers of Digital Certificate Topic 2 : netowrk security fundamentals Normally associated with one or more domain names (e.g. *.google.com) Can be revoked if the private key is leaked or stolen Given an expiration date Companies can use internal CAs to secure their own devices Requires installing an additional root cert Easy if the organization provides hardware
Wireshark
Application that captures and analyzes network packets
Alice's public key
Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?
CIA Triad
Confidentiality, Integrity, Availability
Self-Signed Certificates
Digital Certificates that were not verified by a Certificate Authority Still allow encryption, but the owner cannot be verified
Threat Modeling
Framework for reducing risk and securing a system Considers potential adversaries, threats, and trust boundaries to calculate risk End goal: Secure the system as much as possible Step 1: Understand the system and its trust boundaries Step 2: Identify adversaries and threats Step 3: Determine risks for each threat Step 4: Determine appropriate mitigations for each risk Mitigation: Safeguard to reduce risk (Passwords, recovery email, rate-limiting, anti-cheat, etc) Process to lower risk Understand the system Brainstorm threats Determine risk Determine mitigations
Integrity
Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?
port (networking)
In networking, the number used to identify the requested service (such as SMTP or FTP) when connecting to a TCP/IP host. Examples: 80 (http), 443 (HTTPS), 21 (FTP), 23 (Telnet), 25 (SMTP), 110 (POP3), 143 (IMAP), and 3389 (RDP).
Integrity
Information is accurate and complete Examples: Entering your PIN at an ATM Video game cheat detection
Availability
Information is available Examples: Setting up a recovery email Storing documents in the cloud
Confidentiality
Information is only available to authorized parties Examples: Entering a password to see your grades Sharing a Google Doc with someone
HMAC
It contains cryptographic hash functions and a secret cryptographic key. HMAC is capable of verifying data integrity and authentication of a message at the same time. Generally, the cryptographic strength depends on the cryptographic strength of the underlying hash function, size of the hash output and the size and quality of the key. The secret key helps to find the inner and outer keys. In other words, the first pass of the algorithm generates an internal hash derived from the message and the inner key. Furthermore, the second pass generates the final code obtained from the inner hash result and the outer key. Used to prevent length extension attacks.
ACLs (access control lists)
Lists of rules used by routers and stateless firewalls. These devices use the ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols.
IP Spoofing
Modify the source IP address of packets Q #1: Why not spoof the destination IP as well? Goes to the wrong place Q #2: How could this cause harm? Response gets sent to a third party Reflected DoS attack: Attackers spoof their IP, sending responses to the wrong server Power depends on ratio of request / response size
Vulnerability Lifecycle
N-day: how long since the patch was released. Vulnerability lifecycle Discovery > maybe exploitation > patch Zero-day: Vulnerability with no patch Responsible disclosure
Risk
Probability * Severity High Medium Low Informational
Authentication
Proving who a party is Based on some kind of shared secret Common examples: Passwords, public keys Authentication (AuthN): Proves identity Things only you know Things only you have Things only you are Multi-factor Authentication (MFA): Requiring multiple AuthN factors to log in Recovery methods: Allowing one AuthN to bypass another
PKI
Public Key Infrastructure. Group of technologies used to request, create, manage, store, distribute, and revoke digital certificates. Certificates are an important part of asymmetric encryption. Certificates include public keys along with details on the owner of the certificate and on the CA that issued the certificate. Certificate owners share their public key by sharing a copy of their certificate.
Ransomware
Software that encrypts programs and data until a ransom is paid to remove it.
Adversarial Thinking
The ability to embody the technological capabilities, the unconventional perspectives, and the strategic reasoning of hackers.
External Network
The public network that a NAT device connects to with a single public IP address.
DNS
The service that translates URLs to IP addresses.
TLS
Transport Layer Security. Used to encrypt traffic on the wire. TLS is the replacement for SSL and like SSL, it uses certificates issued by CAs. PEAP-TLS uses TLS to encrypt the authentication process and PEAP-TLS requires a CA to issue certificates.
Trust
Trust: Confidence in a system to protect CIA triad Trust varies between different systems
True Random Number Generator (TRNG)
Uses a non-deterministic source to produce randomness
Authentication Methods
What you know What you have Who you are Where you are
Authorization
Whether or not a user has permission to perform an action Access Control List (ACL): Maps users to permissions. Role-based Access Control (RBAC): Maps user roles to permissions. Requires a map of users to roles.
Symmetric Encryption (AES)
a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic information
Hostname
a way to identify a networking device
Salting the Hash
adding random values to the original hash to make it harder to crack. prevents the use of rainbow tables. (lookups)
Pseudo-random Number Generation
an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. Picking numbers that appear random, but are deterministic is often a deterministic operation starting with an original "seed" value
Password Hashes
created when a password is passed from a user to a hashing function, which returns a fixed-size password hash (digest) and is then stored with the corresponding username and other account information; only pw hash is stored, not the pw itself
Asymmetric Encryption (RSA)
encrypts and decrypts the data using two separate yet mathematically connected cryptographic keys. These keys are known as a 'Public Key' and a 'Private Key. Upside: Can send messages without needing a pre-shared key Downside: Relatively slow (creating a key can take minutes) Solution: Use once to send a symmetric key, and use that key from there For some numbers N and E (Encrypt), it is possible to compute another number D (Decrypt) such that: (xe)d ≡ x (mod n) We can encrypt with E: xe mod n = ? And decrypt with D: ?d mod n = x
Private Key Authentication
every public key matches to only one private key. Together, they are used to encrypt and decrypt messages. If you encode a message using a person's public key, they can only decode it using their matching private key.
MAC
is a tag or a piece of information that helps to authenticate a message a small piece of information that helps to authenticate a message. Moreover, it ensures that the message came from the stated sender. The value protects both a message's data integrity as well as its authenticity. It helps to figure out any changes to the message content. First, there is a key generation algorithm that selects a key from the keyspace uniformly at random. There is also a signing algorithm that returns a tag given the key and message. Finally, there is a verifying algorithm that helps to authenticate a message that is given the key and the tag.
Hashes
passing some data through a formula that produces a result is usually a string of characters and the objects generated by a formula are always the same length, regardless of how much data you feed into it. For example, the MD5 formula always produces 32 character-long objects Message Hash: Fixed-length string computed from the message, similar to a hashtable Common algorithms: MD5, SHA1, SHA256 Message: Transfer $30 to Carol MD5(message): 78adcbc2cf8d0c67b9eb75f3c93ded18 Different messages should never have the same hash Changing the input should greatly change the output MD5("Test1"): fa029a7f2a3ca5a03fe682d3b77c7f0d MD5("Test2"): 856babf68edfd13e2fd019df330e11c5
Digital Signatures
s a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.
Firewall
software that runs on servers (often routers) that only allows traffic through according to some set of security rules.
2FA
two factor authentication; allows us to add other factors besides "something I know" to authenticate
VPN
using the public internet to build a secure, private network connecting distant locations
Client-side Trust
when a server receives a command from a player's client, it is regarded as the truth. If, somehow, a fake command is sent from a client (say, "Player A shot Player B on the other side of the map and did a million damage"), the server trusts this command as a true and accurate command, updates the game state, then relays the state to each player's client. The result to Player B would be that they just suddenly were killed by Player A. This is obviously a problem.