IST 451
Block Cipher
-Processes the input on block of elements at a time -Produces an output block for each input block -can re-use keys (more common)
Digital Envelopes:
-Protects a message without needing to first arrange for sender and receiver to have the same secret key -Equates to some thing as a sealed envelope containing an unsigned letter -Uses random symmetric key one time use, and public key of receiver to encrypt the message
Message Authentication
-Protects against attacks -Verifies received message is authentic (no altering, authentic source, timely and in correct sequence) -Can use conventional encryption
Role-Based Access Control (RBAC)
-RBAC eases administrative burden and provides security -Create and delete roles, define permissions for a role, assign and cancel assignment of users to roles
Asymmetric Encryption
-RSA: First public key scheme -Diffie-Hellman Key exchange -Digital Signature Standard (DSS) -Elliptic Curve Cryptography (ECC)
Pseudo-random Numbers
-Sequences produced that satisfy statistical randomness tests -Likely to be predictable
Structured Query Language (SQL)
-Standardized Language to define a schema, manipulate, and query data in a relational database -Several similar versions of ANSI/ISO standard -All follow the same basic syntax and schematics
Database Management System (DBMS)
-Suite of programs for constructing and maintaining the database -Offers ad hoc query facilities to multiple users and applications
Inference Detection and Query Time
-This approach seeks to eliminate an inference channel violation during a query or series of queries. -If an inference channel is detected, the query is denied or altered.
Primary key
-Uniquely identifies a row -Consists of one or more column names
Digital Signatures:
-Used for authenticating both source and data integrity -Created by encrypting hash code with private key -Does not provide confidentiality
Public Key Encryption:
-Uses two separate keys -public and private -public is made public for others to use
Best Way to Mitigate SQL Injection
-Validate inputs.
What happens every time you visit a SSL encrypted Website?
-We are using AES and RSA algorithms for encryption.
Stream Cipher
-processes the input elements continuously -produces output one element at a time --Advantage: almost always faster and use less code than Block Ciphers -Unpredictable without any knowledge of the input key
Triple DES
1985 Plaintext block size: 64 Ciphertext block size: 64 Key size: 112 or 168
Digital signatures and key management are the two most important applications of __________ encryption. A) public-key B) private-key C) pre-image resistant D) advanced
A
The ______ attacks the ability of a network server to respond to TCP connection requests by overflowing the tables used to manage such connections. A) SYN spoofing attack B) Basic flooding attack C) DNS amplification attack D) ARP poison reverse attack
A
The best defense against broadcast amplification attacks relies on ______ to block directed broadcasts. A) all network providers B) attacker network providers C) no one D) victim network providers
A
Transmitted data stored locally are referred to as __________ . A) data at rest B) ECC C) DES D) ciphertext
A
Cloud Auditor:
A party that can conduct independent assessment of cloud services, information system operations, performance, and security of the cloud implementation.
Threat
A potential for violation of security
Countermeasure
An action, device, procedure, or technique that reduces a threat a vulnerability or an attack by eliminating or preventing it by minimizing the harm it can cause or by discovering and reporting it so that corrective action can be take
Attack
An assault on system security that derives from an intelligent threat; that is an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system
Adversary (threat agent)
An entity that attacks, or is a threat to a system
Cloud Broker
An entity that manages the use, performance and delivery of cloud services, and negotiates relationships between CPs and cloud consumers.
Risk
An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result
Cloud Carrier
An intermediary that provides connectivity and transport of cloud services from CPs to cloud consumers.
Registration Authority (RA):
Applicant applies to RA to become a subscriber of a credential service provider (CSP)
The __________ is when the virus function is performed. A) dormant phase B) execution phase C) trigger phase D) propagation phase
C
__________ is the first function in the propagation phase for a network worm. A) Spear phishing B) Propagating C) Fingerprinting D) Keylogging
C
Credential Service Provider (CSP):
CSP engages in an exchange with the subscriber, then if all is normal issues some sort of electronic credential to the subscriber
Database Encryption
Can be applied to the entire database, at the record level, attribute level, or level of the individual field -Disadvantages: (1)Key management; users must have access to the decryption key for the data for which they have access. (2) Inflexibility: when part or all of the DB is encrypted it becomes more difficult to perform record searching
Relying Party (RP):
Can use the authenticated information provided by the verifier to make access control or authorization decisions.
Threats
Capable of exploiting vulnerabilities
Categories of Vulnerabilities
Corrupted (loss of integrity), Leaky (loss of confidentiality, Unavailable or very slow (loss of availability)
A _______ is a person or organization that maintains a business relationship with cloud providers. A) cloud broker B) cloud auditor C) cloud carrier D) cloud consumer
D
The purpose of a __________ is to produce a "fingerprint" of a file, message, or other block of data. A) secret key B) digital signature C) keystream D) hash function
D
System Resource (asset)
Data contained in an information system; or a service provided by a system; or a system capability
DES:
Data encryption Standard (DUMB): 1977 Plain text block size (bits): 64 Cipher text block size (bits): 64 Key size: 56
Keylogging is a form of host attack. A) True B) False
False or B
Memory cards store and process data. A) True B) False
False or B
Depending on the details of the overall authentication system, the registration authority issues some sort of electronic credential to the subscriber. A) True B) False
False or B (THE CSP ISSUES THESE NOT RA)
Assets of a computer system:
Hardware, Software, Data, Communication facilities and networks
The purpose of a _________ is to produce a "fingerprint" of a file, message, or other block of data
Hash Function
Four Levels of Assurance
Level 1: Little or no confidence in the asserted identity's validity Level 2: Some confidence in the asserted identity's validity Level 3: High confidence Level 4: Very high confidence
Levels of Impact:
Low: Significant, Moderate: Severe, High: Major/Sever Damage
AES
NIST 1997 Advanced Encryption Standard; Plaintext block size: 128 CIphertext block size: 128 Key size: 128, 192, 256
Attacks:
Passive: attempt to learn or make use of information from the system that does not affect system resources; Two Types: release of message contents, traffic analysis Active: attempt to alter system resource or affect their operation; four categories (1) Replay (2) Masquerade (3) Modification of Messages (4) Denial of service Insider: initiated by an entity inside the security parameter Outsider: initiated from outside the parameter
Crypt-analytic Attacks
Rely on: Nature of algorithm, some knowledge of the general characteristics of the plaintext, some sample plaintext ciphertext pairs
View/Virtual Table:
Result of a query that returns selected rows and columns from one or more tables
SHA:
Secure Hash Algorithm: -Most widely used hash algorithm -By NIST in 1993 -Hash lengths of 256, 384, 512 bits
Security Policy
Set of rules and practices that specify or regulate how a system or organization provides security services to protec sensitive and critical system resources
Databases:
Structure collection of data stored for use by one or more applications
Hybrid Cloud
The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
Public Cloud:
The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. The cloud provider is responsible both for the cloud infrastructure and for the control of data and operations within the cloud.
Private Cloud:
The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. The cloud provider is responsible only for the infrastructure and not for the control.
Community Cloud:
The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.
User Authentication Definition: (as per RFC 4949)
The process of verifying an identity claimed by or for a system entity.
Inference Detection at Database Design:
This approach removes an inference channel by altering the database structure or by changing the access control regime to prevent inference.
Depending on the application, user authentication on a biometric system involves either verification or identification. A) True B) False
True or A
Identification is the means of establishing the validity of a claimed identity provided by a user. A) True B) False
True or A
Brute Force attacks:
Try all possible keys on some cipher text until an intelligible translation into plain text is obtained (on average half of all possible keys must be tried to achieve success)
Symmetric Encryption
Universal technique for providing confidentiality for transmitted or stored data; Single key or Conventional Encryption
Only way to counter brute force attacks
User longer keys
Verifier:
Verifies that the claimant is the subscriber named in the corresponding credential and passes on the assertion about the identity of the subscriber to the relying party (RP)
Three Security Objectives:
confidentiality, integrity, and availability
Assurance Level:
describes an organization's degree of certainty that a user has presented a credential that refers to his or her identity.
Vulnerability
flaw or weakness in a system design, implementation or operation and management that could be exploited to violate the systems security policy
Secret key
input to the encryption algorithm
Random Numbers:
-Keys for public key algorithms -Stream key for symmetric stream cipher -Symmetric key for use as a temporary session key or in creating a digital envelope -Handshaking to prevent replay attacks -Session key
Foreign Key
-Links one table to attributes of another
Rainbow Table Attacks
-Pre-compute tables of hash values for all salts -A mammoth table of hash values -Can be countered by using a sufficiently large salt value and a sufficiently large hash length
Relational Database Elements:
-Primary key -Foreign Key -View/Virtual Table
SQL injection attacks (SQLi)
-One of the most prevalent and dangerous network-based security threats -Designed to exploit the nature of we application pages -Sends malicious SQL commands to database server -Most common attack goal is bulk extraction of data -can also be used to modify or delete data, execute arbitrary operating system commands, launch DoS attacks
John the Ripper
-Open-source password cracker first developed in in 1996 -Uses a combination of brute-force and dictionary techniques
Three concepts for Risk Assessment for user authentication:
(1) Assurance Level (2) Potential Impact (3) Areas of Risk
SQLi Countermeasures:
(1) Defense Coding: Manual defensive coding practices, parameterized query insertion, SQL DOM (2) Detection: Signature based, anomaly based, code analysis (3) Run-time prevention: Check queries at runtime to see if they conform to a model of expected queries
Hash Function Requirements
(1) H can be applied to any size block of data (2) H produces a fixed output length (3) H(x) is relatively easy to compute for any given (x) (4) One-way or pre-image resistant (5) computationally infeasible to find y=x such that H(y) =H(x) (6) Collision resistant or strong resistance
Steps of SQLi Attack:
(1) Hacker finds vulnerability and injects SQL command to database by sending it to the web server. Command is accepted by firewall (2) Server receives code and sends it to the web application server (3)Code is then sent to database (4)Database servers executes code on the database, database then returns data from credit card table (targeted table) (5)The web application server generates a page with data including credit card details from database (6) Web server sends the credit card details to the hacker
Two Requirements for secure use:
(1) Need a strong encryption algorithm (2) Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure
Four Means of Authentication
(1) Something the individual knows; password, pin, answer to questions (2) Something the individual possesses; smartcard, keycard, key (3) Something the individual is; fingerprint, retina/face scan (4) Something the individual does; voice pattern, handwriting, typing rhythm
Password Selection Strategies
(1)User Education (2) Computer Generated PWs (3) Reactive PW checking: System runs its own password cracker to find guessable passwords (4) Complex Password Policy
AES Key Lengths
-128 bit -192 bit -256 bit
Reasonable Size for Block Cipher
-128 bit block size -4 bits per character -32 characters
DES Key Size
-2^56
DES Block Size
-64 bit
Cipher-Block Chaining (CBC)
-A mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key then that entire ciphertext is applied to the entire block). -Better encryption method.
Replay Attack
-An attack sending an already captured user message.
Four Lines of Defense for DoS Attacks
-Attack prevention and preemption -Attack detection and filtering -Attack source traceback and identification -Attack reaction
Slowloris
-Attempts to monopolize by sending HTTP requests that never complete -Eventually consumes Web server's connection capacity -Utilizes legitimate HTTP traffic -Signature based IDS' wont notice it.
Remote User Authentication
-Authentication over a network, the internet, or a communications link is more complex -Uses challenge response protocols -Additional Security threats: Eavesdropping
SQL Statements can be used to:
-Create tables -Insert and delete data in tables -create views- retrieve data with query statements
Dictionary attacks
-Develop a large dictionary of possible passwords and try each against the password file -password must be hashed using each salt value and then compared to stored hash values
Virus Phases
-Dormant -Triggering -Propogation -Execution
Electronic Codebooking (ECB)
-Each block of plain text is encrypted using the same key -Way of using single key block encryption to encrypt block by block. -Most common and safe way to decrypt
Generic Decryption (GD)
-Enables the anti-virus program to easily detect complex polymorphic viruses and other malware while maintaining fast scanning speeds -Executable files are run through a GD scanner which contains the following elements: -CPU emulator -Virus signature scanner -Emulation control module
Authentication Process:
-Identification Step: Presenting an identifier to the security system -Verification Step: Presenting or generating authentication information that corroborates the binding between the entity and the identifier
Responding to a DoS Attack
-Identify type of attack -Have ISP trace packet flow back to source. -Implement contingency plan. -Update incident response plan.
Two Approaches to Inference Detection
-Inference Detection during Database Design -Inference Detection at Query Time
