CyberSecurity Midterm Review

Root Certificate

A certificate that is trusted without being signed (often hard-coded into a browser or OS)

Chain of Trust

A chain of signed CAs, each verifying the next, starting with a Root CA.

Netcat

A command-line tool used to connect to remote systems.

Proxies

A computer application that accesses data on a different computer system or network. It controls the access of authorised users to data and allows the operation of the system to be isolated from control by external users.

Hash Collision Attack

A hash function takes a variable-length digital input and coverts it into a fixed-length random hash value. This random hash received is used to fingerprint the sent input file. But this method may not be free from vulnerabilities. In general two types of attacks have been found prevalent in hashing. These attacks are: Preimage attack Collision attack In a preimage attack, an attacker tries to guess the input message from which a hash function produces a particular output. In a collision attack an attacker finds two messages with the same hashed output and sends the incorrect one to the receiver. Problem: Turns out it is actually possible to generate two hashes that collide! The math is a whole PhD thesis, but it can be done Different inputs that map to one output MD5 and SHA1 are considered "broken" because attackers can generate collisions Most common now is SHA256

IP address

A number assigned to any item that is connected to the Internet.

Adversary

A potential attacker

Internal Network

A private LAN, with a unique network ID, that resides behind a router.

Threat Modeling

A process by which developers can understand security threats to a system, determine risks from those threats, and establish appropriate mitigations.

Diffie-Helmann

Alice and Bob would like to communicate with each other using a session key but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?

Alice's private key

Alice's private key Alice would like to send a message to Bob using a digital signature. What cryptographic key does Alice use to create the digital signature?

MD5 Length Extension Attacks

An application is susceptible to a hash length extension attack if it prepends a secret value to a string, hashes it with a vulnerable algorithm, and entrusts the attacker with both the string and the hash, but not the secret. Then, the server relies on the secret to decide whether or not the data returned later is the same as the original data. It turns out, even though the attacker doesn't know the value of the prepended secret, he can still generate a valid hash for {secret || data || attacker_controlled_data}! This is done by simply picking up where the hashing algorithm left off; it turns out, 100% of the state needed to continue a hash is in the output of most hashing algorithms! We simply load that state into the appropriate hash structure and continue hashing. TL;DR: given a hash that is composed of a string with an unknown prefix, an attacker can append to the string and produce a new hash that still has the unknown prefix. let secret = "secret" let data = "data" let H = md5() let signature = hash(secret || data) = 6036708eba0d11f6ef52ad44e8b74d5b let append = "append"

Man-in-the-middle (MITM) attack

An attack that relies on intercepted transmissions. It can take one of several forms, but in all cases a person redirects or captures secure data traffic while in transit.

MFA (Multifactor Authentication)

An authentication scheme that requires the user to present at least two different factors as credentials, from something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as 2FA.

Certificate Authority

An online service which verifies the signers of Digital Certificate Topic 2 : netowrk security fundamentals Normally associated with one or more domain names (e.g. *.google.com) Can be revoked if the private key is leaked or stolen Given an expiration date Companies can use internal CAs to secure their own devices Requires installing an additional root cert Easy if the organization provides hardware

Wireshark

Application that captures and analyzes network packets

Alice's public key

Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?

CIA Triad

Confidentiality, Integrity, Availability

Self-Signed Certificates

Digital Certificates that were not verified by a Certificate Authority Still allow encryption, but the owner cannot be verified

Threat Modeling

Framework for reducing risk and securing a system Considers potential adversaries, threats, and trust boundaries to calculate risk End goal: Secure the system as much as possible Step 1: Understand the system and its trust boundaries Step 2: Identify adversaries and threats Step 3: Determine risks for each threat Step 4: Determine appropriate mitigations for each risk Mitigation: Safeguard to reduce risk (Passwords, recovery email, rate-limiting, anti-cheat, etc) Process to lower risk Understand the system Brainstorm threats Determine risk Determine mitigations

Integrity

Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?

port (networking)

In networking, the number used to identify the requested service (such as SMTP or FTP) when connecting to a TCP/IP host. Examples: 80 (http), 443 (HTTPS), 21 (FTP), 23 (Telnet), 25 (SMTP), 110 (POP3), 143 (IMAP), and 3389 (RDP).

Integrity

Information is accurate and complete Examples: Entering your PIN at an ATM Video game cheat detection

Availability

Information is available Examples: Setting up a recovery email Storing documents in the cloud

Confidentiality

Information is only available to authorized parties Examples: Entering a password to see your grades Sharing a Google Doc with someone

HMAC

It contains cryptographic hash functions and a secret cryptographic key. HMAC is capable of verifying data integrity and authentication of a message at the same time. Generally, the cryptographic strength depends on the cryptographic strength of the underlying hash function, size of the hash output and the size and quality of the key. The secret key helps to find the inner and outer keys. In other words, the first pass of the algorithm generates an internal hash derived from the message and the inner key. Furthermore, the second pass generates the final code obtained from the inner hash result and the outer key. Used to prevent length extension attacks.

ACLs (access control lists)

Lists of rules used by routers and stateless firewalls. These devices use the ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols.

IP Spoofing

Modify the source IP address of packets Q #1: Why not spoof the destination IP as well? Goes to the wrong place Q #2: How could this cause harm? Response gets sent to a third party Reflected DoS attack: Attackers spoof their IP, sending responses to the wrong server Power depends on ratio of request / response size

Vulnerability Lifecycle

N-day: how long since the patch was released. Vulnerability lifecycle Discovery > maybe exploitation > patch Zero-day: Vulnerability with no patch Responsible disclosure

Risk

Probability * Severity High Medium Low Informational

Authentication

Proving who a party is Based on some kind of shared secret Common examples: Passwords, public keys Authentication (AuthN): Proves identity Things only you know Things only you have Things only you are Multi-factor Authentication (MFA): Requiring multiple AuthN factors to log in Recovery methods: Allowing one AuthN to bypass another

PKI

Public Key Infrastructure. Group of technologies used to request, create, manage, store, distribute, and revoke digital certificates. Certificates are an important part of asymmetric encryption. Certificates include public keys along with details on the owner of the certificate and on the CA that issued the certificate. Certificate owners share their public key by sharing a copy of their certificate.

Ransomware

Software that encrypts programs and data until a ransom is paid to remove it.

Adversarial Thinking

The ability to embody the technological capabilities, the unconventional perspectives, and the strategic reasoning of hackers.

External Network

The public network that a NAT device connects to with a single public IP address.

DNS

The service that translates URLs to IP addresses.

TLS

Transport Layer Security. Used to encrypt traffic on the wire. TLS is the replacement for SSL and like SSL, it uses certificates issued by CAs. PEAP-TLS uses TLS to encrypt the authentication process and PEAP-TLS requires a CA to issue certificates.

Trust

Trust: Confidence in a system to protect CIA triad Trust varies between different systems

True Random Number Generator (TRNG)

Uses a non-deterministic source to produce randomness

Authentication Methods

What you know What you have Who you are Where you are

Authorization

Whether or not a user has permission to perform an action Access Control List (ACL): Maps users to permissions. Role-based Access Control (RBAC): Maps user roles to permissions. Requires a map of users to roles.

Symmetric Encryption (AES)

a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic information

Hostname

a way to identify a networking device

Salting the Hash

adding random values to the original hash to make it harder to crack. prevents the use of rainbow tables. (lookups)

Pseudo-random Number Generation

an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. Picking numbers that appear random, but are deterministic is often a deterministic operation starting with an original "seed" value

Password Hashes

created when a password is passed from a user to a hashing function, which returns a fixed-size password hash (digest) and is then stored with the corresponding username and other account information; only pw hash is stored, not the pw itself

Asymmetric Encryption (RSA)

encrypts and decrypts the data using two separate yet mathematically connected cryptographic keys. These keys are known as a 'Public Key' and a 'Private Key. Upside: Can send messages without needing a pre-shared key Downside: Relatively slow (creating a key can take minutes) Solution: Use once to send a symmetric key, and use that key from there For some numbers N and E (Encrypt), it is possible to compute another number D (Decrypt) such that: (xe)d ≡ x (mod n) We can encrypt with E: xe mod n = ? And decrypt with D: ?d mod n = x

Private Key Authentication

every public key matches to only one private key. Together, they are used to encrypt and decrypt messages. If you encode a message using a person's public key, they can only decode it using their matching private key.

MAC

is a tag or a piece of information that helps to authenticate a message a small piece of information that helps to authenticate a message. Moreover, it ensures that the message came from the stated sender. The value protects both a message's data integrity as well as its authenticity. It helps to figure out any changes to the message content. First, there is a key generation algorithm that selects a key from the keyspace uniformly at random. There is also a signing algorithm that returns a tag given the key and message. Finally, there is a verifying algorithm that helps to authenticate a message that is given the key and the tag.

Hashes

passing some data through a formula that produces a result is usually a string of characters and the objects generated by a formula are always the same length, regardless of how much data you feed into it. For example, the MD5 formula always produces 32 character-long objects Message Hash: Fixed-length string computed from the message, similar to a hashtable Common algorithms: MD5, SHA1, SHA256 Message: Transfer $30 to Carol MD5(message): 78adcbc2cf8d0c67b9eb75f3c93ded18 Different messages should never have the same hash Changing the input should greatly change the output MD5("Test1"): fa029a7f2a3ca5a03fe682d3b77c7f0d MD5("Test2"): 856babf68edfd13e2fd019df330e11c5

Digital Signatures

s a mathematical technique used to validate the authenticity and integrity of a message, software or digital document.

Firewall

software that runs on servers (often routers) that only allows traffic through according to some set of security rules.

2FA

two factor authentication; allows us to add other factors besides "something I know" to authenticate

VPN

using the public internet to build a secure, private network connecting distant locations

Client-side Trust

when a server receives a command from a player's client, it is regarded as the truth. If, somehow, a fake command is sent from a client (say, "Player A shot Player B on the other side of the map and did a million damage"), the server trusts this command as a true and accurate command, updates the game state, then relays the state to each player's client. The result to Player B would be that they just suddenly were killed by Player A. This is obviously a problem.