Domain 3. Security Architecture and Engineering Flash Cards
What four factors are necessary to provide strong cryptography?
- A strong algorithm - A secret key - A lengthy key - Sound key management practices Many people think that strong cryptography only requires a strong algorithm. There are several pieces involved with cryptography—a strong algorithm is just one of the requirements. The strength of different cryptographic methods comes from the algorithm, secrecy of the key, length of the key, and the key management practices. The larger the keyspace, the more random the actual bits that make up the key can be.
Define the following terms: cipher, cryptanalysis, cryptographic algorithm, and cryptology.
- Cipher: A cryptographic transformation that operates on bytes or bits. It is another name for algorithm. - Cryptanalysis: The science of studying and breaking the secrecy of encryption process, compromising authentication schemes, and reverse-engineering algorithms and keys. - Cryptographic algorithm: A procedure that enciphers plaintext and deciphers ciphertext. - Cryptology: The study of cryptology and cryptanalysis. -A cipher is another word for an algorithm. -Cryptanalysis is an important piece of cryptography and cryptology. -Cryptographic algorithms provide the underlying tools to most security protocols used in today's infrastructures. The algorithms work off of mathematical functions and provide various types of functionality and levels of security. -Cryptology is the practice and study of hiding information.
Cryptosystems provide various services within the information security world. Name these five services.
- Confidentiality - Integrity - Authentication - Authorization - Nonrepudiation Cryptoservices can provide the following services: -Confidentiality to render the information unintelligible except to authorized entities. -Integrity to ensure that data has not been altered in an unauthorized manner, because it was created, transmitted, and stored properly. -Authentication to verify the identity of the user or system that created and/or sent the information. -Authorization, which, upon proving someone's identity, provides an individual with the key or password that enables access to some resource. -Nonrepudiation, which ensures that the sender cannot deny sending the message.
3DES is a widely used encryption algorithm. What are the four variants of 3DES?
- DES-EEE3 - DES-EDE3 - DES-EEE2 - DES-EDE2 3DES uses 48 rounds in its computation, which makes it highly resistant to differential cryptanalysis; however, because of the extra work 3DES performs, there is a heavy performance hit. It can take up to three times longer than DES to perform encryption and decryption. 3DES can work in different modes, and the mode chosen dictates the number of keys used and what functions are carried out: -DES-EEE3: Uses three different keys for encryption, and the data is encrypted, encrypted, encrypted. -DES-EDE3: Uses three different keys for encryption, and the data is encrypted, decrypted, and encrypted. -DES-EEE2: The same as DES-EEE3, but uses only two keys, and the first and third encryption processes use the same key. -DES-EDE2: The same as DES-EDE3, but uses only two keys, and the first and third encryption processes use the same key.
List at least five symmetric algorithms.
-Data Encryption Standard (DES) -3DES (Triple DES) -Blowfish -Twofish -IDEA (International Data Encryption Algorithm) -RC4, RC5, RC6 -AES -SAFER -Serpent
Describe the scalar and superscalar architecture processor models.
-Scalar processor: A single processor that executes one instruction at a time. Typically operates on one or two data items at a time. -Superscalar processor: A single processor that enables concurrent execution of multiple instructions. Typically operates on more data items simultaneously.
Describe the three goals of integrity when assessing the assurance levels of operating systems.
-The data is protected from modification by unauthorized users. -The data is protected from unauthorized modification by authorized users. -The data is internally and externally consistent—for example, the data held in a database must balance internally and must correspond to the external, real-world situation. The integrity levels are implemented by different controls depending upon the access control model being used (Biba, Clark-Wilson, etc.). The controls enforce the necessary integrity outlined by the operating system or application security policy.
Provide examples of each level in the Generation Language (GL) scheme?
1 GL: A computer's machine language 2 GL: An assembly language 3 GL: FORTRAN, BASIC, PL/1, and C languages 4 GL: Database query languages 5 GL: Artificial intelligence languages (Prolog, LISP) that process symbols or implement predicate logic
What is the difference between a closed and an open system?
A closed system is proprietary to a specific vendor or group, and the specific operations are not disclosed. An open system has published functions and code that is verifiable by the public.
In the context of cryptography, what is a cryptovariable?
A cryptovariable is another name for a key. A cryptovariable (or key) is the data used by a cryptographic algorithm to encipher plaintext or decipher encrypted data. It should remain secret between the parties exchanging the encrypted communication.
What is meant when a system is described as a multiprocessing system?
A multiprocessing system has more than one CPU. Multiprocessing requires an operating system capable of addressing more than one processor. Multiprocessing can be done either symmetrically, where CPU processing is doled out in a load-balancing fashion between the processors, or asymmetrically, where individual processors can be dedicated to a specific application or process.
What encryption scheme requires an amount of random data the same size as the data to be encrypted?
A one-time pad, also known as a Vernam cipher. The one-time pad is a key sequence based on random numbers used only one time and then destroyed. It has to be the same length as the data to be encrypted (typically in an exclusive OR [XOR] process) to encrypt each bit. The key values are distributed following an independent and uniform distribution over the key span. A one-time pad is a perfect encryption scheme because it is considered unbreakable if implemented properly. It was invented by Gilbert Vernam in 1917, so sometimes it is referred to as the Vernam cipher.
What is a reference monitor within an operating system model?
A reference monitor is an abstract machine that mediates all access subjects to objects, both to ensure that the subjects have the necessary access rights and to protect the objects from unauthorized access and destructive modification.
Describe the ring architecture in operating systems and computer processors.
A ring architecture is a hierarchical model in which concentric rings provide strict boundaries for what processes will work and which operations can be executed within them. Operating systems vary in the number of protection rings they use, but for all, the numbers increase and trust decreases as you move toward the outer bounds of the model. Processes in the innermost rings are the most privileged or trusted and allow the most direct access with the central processor or hardware. These exist in a privileged or supervisor mode. Processes in the outermost rings are the least privileged and allow the least direct access to the central processor or hardware. These processes execute in user mode.
What type of key is dynamically generated and destroyed after each use?
A session key Most data encryption takes place through the use of symmetric keys. A static key is used over and over again because it is usually computed from a password derived by a user. Because a session key is dynamic and destroyed after it is used, it provides more protection than a static key because there is a smaller window for the bad guy to identify it.
In the context of cryptography, what is a symmetric algorithm?
A symmetric algorithm is one in which the same key is used to both encrypt and decrypt data. In a cryptosystem that uses symmetric cryptography, the sender and receiver use two instances of the same key for encryption and decryption. So the key has dual functionality; it can carry out both encryption and decryption processes. Symmetric keys are also called secret keys because this type of encryption relies on each user to keep the key a secret and properly protected. If an intruder were to get this key, she could decrypt any intercepted message encrypted with it.
What is a trusted system?
A trusted computer system is one that employs the necessary hardware and software assurance mechanisms to enable processing of multiple levels of classified or sensitive information and meeting specified requirements for reliability and security. This includes all protection mechanisms within a system that enforce the security policy and provide an environment that will behave in a manner expected of it.
What is a trusted path?
A trusted path is a communication channel between the user, or program, and the kernel. The Trusted Computing Base TCB provides protection resources to ensure this channel cannot be compromised in any way.
In terms of cryptography, what is an algorithm?
An algorithm is a set of mathematical and logical rules that dictates how enciphering and deciphering take place. Many of the mathematical algorithms used in computer systems today are publicly known. Therefore, these algorithms require some private data, known as a key, to encipher and decipher information.
What is an operating system and its different common components?
An operating system is the collection of applications that control the resources and operations of a computer. Operating systems perform process management, memory management, system file management, I/O management, and operation of the user interface.
What are two basic methods (ciphers) for transforming plaintext into ciphertext?
Block ciphers and stream ciphers. When a block cipher is used for encryption and decryption purposes, the message is divided into blocks of bits. These blocks are then put through mathematical functions, one block at a time. A stream cipher, on the other hand, does not divide a message into blocks. Instead, a stream cipher treats the message as a stream of bits and performs mathematical functions on each bit individually.
List the three different components of a memory architecture in modern computing systems.
Cache memory, random access memory (RAM), and secondary memory Memory architecture is organized in layers differentiated by size, speed, and cost. Closer to the CPU, cache memory stores data and instructions used by the CPU. Random access memory (RAM) stores user and process data managed by the computer. Secondary memory stores user data, applications, and (in special circumstances) virtual address space for the memory manager.
Describe the Clark-Wilson integrity model.
Clark-Wilson model enforces the three goals of integrity by using access triples (subject, software, object), separation of duties, and auditing. This model enforces integrity by using well-formed transactions (through access triples) and separation of user duties. The Clark-Wilson model dictates that subjects can only access objects through applications. This model also illustrates how to provide functionality for separation of duties and requires auditing tasks within software.
Define cryptography and explain why it is useful in information security.
Cryptography is a method of storing and transmitting data in a form that only those it is intended for can read and process. The goals of cryptography and its attendant mechanism are to hide information unauthorized individuals. With enough time, resources, and motivation, hackers can break most algorithms and reveal the encoded information. So a more realistic goal of cryptography is to make obtaining the information too work-intensive or time-consuming to be worthwhile to the attacker.
What is the difference between volatile and nonvolatile memory?
Data stored in volatile memory is wiped out, or lost, when the system loses power. Random access memory (RAM) is a type of volatile memory. Nonvolatile memory can persist even while the power is off and enables the storage of data in a more long-term fashion. A PC hard disk drive is an example of nonvolatile storage.
What asymmetric algorithm would be ideal to employ within cell phones or PDAs?
ECC (Elliptic Curve Cryptosystem) ECC provides services similar to the RSA algorithm, but requires much less processing power. Thus, it is an ideal choice for cell phone and small wireless electronic devices. ECC's mathematics are much more simple compared to other asymmetric algorithms, thus it uses less resources. It is being used more and more in devices with a smaller amount of processing resources.
What two operations make up an execution cycle?
Fetch and execute Each instruction execution cycle consists of a fetch and an execute operation. In the fetch phase, the CPU retrieves the instruction from memory. An instruction typically consists of an operation and operands. In the execute phase, the retrieved instruction is executed and the result is stored in the accumulator.
What is the most common attack against simple substitution and transposition ciphers?
Frequency analysis In every language, some letters are used more often than others. For instance, in the English language, the most commonly used letter is E. An attacker would look for the most frequently repeated pattern of the bits that make up E. It is the frequency in a specific vocabulary that allows attackers to identify frequencies in ciphertext.
What security services are provided by an HMAC?
HMAC provides data origin authentication and data integrity. A hashed message authentication code (HMAC) is created when a symmetric key is combined with the message, and then that result is put through a hashing algorithm. The result is an HMAC value.
What is meant when a system is described as a multiprogramming system?
In a multiprogramming system, more than one program (or process) can be loaded into memory at the same time. Multiprogramming enables you to run your antivirus software, word processor, personal firewall, and email client application simultaneously.
In the context of cryptography, what is an asymmetric algorithm?
In an asymmetric key cryptographic operation, the sender and receiver use two different but mathematically related keys. The sender and receiver in an asymmetric key cryptographic operation use a public/private key combination. In this scheme, the message is encrypted using the public key of the key pair. The message can be decrypted using only the private key in the key pair. The public and private keys are related mathematically, and the private key cannot be derived from the public key.
What is the difference between programmed I/O and direct memory access (DMA)?
In programmed I/O, the CPU manages the execution of I/O operations (secondary stage access, network access, printer access, and so on). Direct memory access (DMA) allows other subsystems to access memory independent of the CPU. The drawback of programmed I/O is that while the I/O operation is executing, the CPU cannot service another process. Direct memory access (DMA) reduces strain on the CPU.
Describe a cryptographic hybrid system.
In the hybrid approach, symmetric and asymmetric algorithms are used in a complementary manner, with each performing a different function. A symmetric algorithm creates keys used for encrypting bulk data, and an asymmetric algorithm creates keys used for automated key distribution. In a hybrid system, the asymmetric key is used to encrypt the symmetric key, and the symmetric key is used to encrypt the message.
What are the three main rules of the Biba model of security?
Integrity axiom ("no write up"), simple integrity axiom ("no read down"), and invocation property The Biba model is a state machine model that enforces levels of integrity that are outlined in the software's security policy. The Biba model uses a lattice of integrity levels. If implemented and enforced properly, the Biba model prevents data from any integrity level from flowing to a higher integrity level. Biba has three main rules to provide this type of protection: -Integrity axiom: A subject cannot write data to an object at a higher integrity level. -Simple integrity axiom: A subject cannot read data from a lower integrity level. -Invocation property: A subject cannot request service (invoke) from subjects of higher integrity.
What type of encryption would be considered the most secure method across a single MAN or WAN link?
Link encryption Link encryption will encrypt all data along a physical path between two endpoints and provides higher security and performance for the encryption services. Headers, trailers, data payload, and routing data would all be encrypted. Link encryption requires a physical link encryptor and decryptor at both ends of the physical link.
What is meant when a system is described as a multitasking system?
Multitasking is the capability of a computer system to carry out several different functions simultaneously. In reality, the CPU executes instructions one at a time, but it executes instructions from different processes and applications in such rapid succession that the net effect is that all the processes or applications are operating simultaneously.
What is meant by pipelining?
Pipelining is the interweaving of various fetch and execute instruction cycles to allow for faster response times.
In the context of encryption, describe the term plaintext.
Plaintext is data that is readable in its current form and can be understood without further processing. Plaintext is in a form that can be understood either by a person (a document) or by a computer (executable code). When it is transformed into ciphertext, neither human nor machine can properly process it until it is decrypted.
In the context of encryption, what is ciphertext and how does it differ from plaintext?
Plaintext is in a form that can be understood either by a person (a document) or by a computer (executable code). After it is transformed into ciphertext, neither human nor machine can properly process it until it is decrypted. Ciphertext is a product of encryption that enables the transmission of confidential information over insecure channels without unauthorized disclosure. Plaintext is the readable version of a message. After an encryption process, the resulting text is referred to as ciphertext.
Describe process isolation.
Process isolation is a technique designed to control the interaction between different executing processes within a computer. Process isolation is a critical component of the security model of a computer operating system. It ensures that processes do not conflict with one another, communicate in an insecure manner, or negatively affect each other.
What is the difference between public key cryptography and public key infrastructure?
Public key cryptography is the use of an asymmetric algorithm. Public Key Infrastructure (PKI) is not an algorithm, a protocol, or an application; it is the implementation of the requirements for creating and distributing digital certificates, a common application of public key cryptography. Public key cryptography is another name for asymmetric cryptography. Examples of asymmetric algorithms are RSA, elliptic curve cryptosystem (ECC), Diffie-Hellman, El Gamal, LUC, and Knapsack. These algorithms create public/private key pairs, perform key exchange or agreement, and generate and verify digital signatures. Public key infrastructure (PKI) is an arrangement that simplifies the use of public key cryptography.
What is the most popular asymmetric or public key algorithm?
RSA RSA is a worldwide de facto standard and can be used for digital signatures, key exchange, and encryption. The security of this algorithm comes from the difficulty of factoring large numbers into their original prime numbers. The public and private keys are functions of a pair of large prime numbers, and the necessary activity required to decrypt a message from ciphertext to plaintext using a private key is comparable to factoring a product into two prime numbers.
What is the difference between RAM and ROM?
Random access memory (RAM) is a volatile and fast type of memory that is used closest to the processor in the computer system. Read-only memory (ROM) is nonvolatile memory that retains information even if power is removed. RAM takes the same amount of time to retrieve information from any address. ROM is typically used to load and store firmware. An example of ROM is erasable programmable read-only memory (EPROM).
Describe the difference between S-HTTP and HTTPS.
S-HTTP provides protection for each message sent between two computers, but not the actual link. HTTPS protects the communication channel. HTTPS is HTTP that uses SSL for security purposes. HTTP is a protocol that works at the application layer within the OSI model. SSL is a protocol that works at the transport layer. HTTPS is a very common combination; it is the most used protection mechanism when moving data over transmission lines for ecommerce. S-HTTP was an early attempt to secure HTTP that was never widely adopted.
What is secondary storage?
Secondary storage consists of various nonvolatile memory storage media, such as hard drives, jump drives, or CD-ROMs. When RAM utilizes secondary storage to extend memory capacity beyond what the volatile memory can hold, it is called virtual memory.
Describe sequential memory.
Sequential memory gets its name because the contents are stored sequentially and must be read or retrieved sequentially, or in a linear fashion. An example of sequential memory is the use of magnetic tapes for data storage. Retrieving information requires searching from the beginning until the target data is located.
What are the three security rules of the Bell-LaPadula model?
Simple security ("no read up"), the *-property rule ("no write down"), the strong star property rule. The Bell-LaPadula model is a confidentiality model that describes the allowable information flow and formalizes the military security policy. It is the first mathematical model of a multilevel security policy that defines the concept of a secure state and necessary modes of access. Bell-LaPadula three security rules are: -The simple security rule: A subject cannot read data at a higher security level (no read up). -The *-property rule: A subject cannot write data to an object at a lower security level (no write down). -The strong star property rule: A subject can perform read and write functions only to the objects at its same security level.
What is steganography?
Steganography is a method of hiding data in another media type so the very existence of the data is concealed. Steganography is mainly accomplished by hiding messages in graphic images. This practice does not affect the graphic enough to be detected. Steganography does not use algorithms or keys to encrypt information. This is a process to hide data within another object so that no one can detect its presence.
What are the two basic types of symmetric encryption ciphers?
Substitution and transposition (or permutation). The substitution cipher replaces bits, characters, or blocks of characters with different bits, characters, or blocks. A substitution cipher uses a key to dictate how the substitution should be carried out. The transposition cipher does not replace the original text with different text, but rather moves the original values around. It rearranges the bits, characters, or blocks of characters to hide the original meaning. The key determines the positions the values are moved to.
Describe the Brewer-Nash model.
The Brewer-Nash model allows for dynamically changing access controls that protect against conflicts of interest. The Brewer-Nash model is also known as the Chinese wall model. The Brewer-Nash model is another information flow model. No information can flow between subjects and objects in a way that would result in a conflict of interest. The model states that a subject can write to an object if, and only if, the subject cannot read another object that is in a different dataset.
What is the function of the central processing unit (CPU) in a computer?
The CPU is basically the brain of a computer. The CPU is composed of an arithmetic logic unit (ALU) that is responsible for executing arithmetic and logical instructions, an instruction register, a program counter, and other general-purpose registers. The CPU is connected to other components of the computer by buses.
What type of ancient encryption method utilized paper wrapped around a wooden rod?
The Scytale cipher The Scytale cipher was employed by the Spartans in 400 B.C. and consisted of a type of paper wrapped around a wooden rod. The message to be encrypted was written lengthwise down the paper. The rod was then discarded and the paper was delivered to the intended recipient who would need to get a rod of the same diameter, rewind the paper around the new rod, and read the message. For people intercepting the paper and attempting to read the message without the proper rod, the letters would not match up; thus, it was not an understandable message.
What is the Trusted Computing Base (TCB)?
The TCB is defined as the total combination of protection mechanisms within a computer system. The TCB includes hardware, software, and firmware. Hardware, software, and firmware are part of the TCB because the system is sure these components will enforce the security policy and not violate it.
Which service in a PKI will vouch for the identity of an individual or company?
The certificate authority A certificate authority (CA) generates a digital certificate, which binds the public key to the individual or company's identity. The CA vouches for the identification of the owner of the certificate. The digital certificate is used to authenticate individuals or companies to each other.
In a client-server SSL connection, which party creates the session key?
The client After a server authenticates to a client, when setting up an SSL connection, the client creates a session key that will be used by both the client and the server for bulk encryption. The client encrypts the session key with the server's public key and sends it. Only the server can decrypt it, because only the server is supposed to have the corresponding private key.
What is the equation to calculate the number of symmetric keys needed among N parties?
The correct equation to use to determine how many symmetric keys are needed is N(N - 1)/2. For example, if 10 people need to communicate via symmetric encryption processes, then 10(10-1)/2 or 45 keys are needed. Each pair of users who want to exchange data using symmetric key encryption must have two instances of the same key.
What is the common use of the Diffie-Hellman asymmetric algorithm?
The distribution of symmetric keys The Diffie-Hellman algorithm enables two systems to receive a symmetric key securely without requiring a previous relationship or prior arrangements. The algorithm enables for key distribution, but does not provide encryption or digital signature functionality. The algorithm is based on the difficulty of calculating discrete logarithms in a finite field. The Diffie-Hellman algorithm is vulnerable to a man-in-the-middle attack because no authentication occurs before public keys are exchanged.
What binary mathematical function is used in the one-time pad encryption scheme?
The exclusive OR process. The exclusive OR process is a Boolean operation that essentially performs binary addition without carrying on the input bits. For two inputs that are equal, a 0 (false) is the result. For two inputs where the values are not equal, the result is a 1 (true). Exclusive OR is usually abbreviated as XOR. It is an operation that is applied to two bits and is a function commonly used in binary mathematics and encryption methods. When combining the bits, if both values are the same, the result is 0 (1 XOR 1 = 0; 0 XOR 0 = 0). If the bits are different from each other, the result is 1 (1 XOR 0 = 1; 0 XOR 1 = 1).
Describe the information flow model.
The information flow model is a model in which information is restricted in its flow to only go to and from entities in a way that does not negate the security policy. In the information flow model, data is thought of as being held in individual and discrete compartments. Examples of information flow models are Bell-LaPadula and Biba. The Bell-LaPadula model focuses on preventing information from flowing from a high security level to a low security level. The Biba model focuses on preventing information from flowing from a low integrity level to a high integrity level.
Describe RISC and CISC.
The reduced instruction set computer (RISC) is a CPU that executes only a limited collection of instructions and usually requires fewer clock cycles to execute. The complex instruction set computer (CISC) is a more robust collection of instructions that require additional processing time.
What is the security perimeter when discussing an operating system and its protection mechanisms?
The security perimeter is a boundary that divides the trusted from the untrusted processes within an operating system. Processes and resources inside the security perimeter fall within the Trusted Computing Base (TCB), and anything beyond the security perimeter is inherently untrusted. For example, a resource that is within the boundary of the TCB, or security perimeter, must not allow less trusted components access to critical system resources. The processes within the TCB must also be careful about the commands and information they accept from less trusted resources. These limitations and restrictions are built into the interfaces that permit this type of communication to take place and are the mechanisms that enforce the security perimeter.
Describe virtual memory.
Virtual memory is when a portion of secondary memory is used to emulate and extend RAM. The operating system memory manager operates by loading process data into main memory (RAM). When there is not enough space in memory to load a new process, operating systems that support virtual memory addressing can extend the addressable memory space by referencing program data that is stored in secondary memory. When a reference is made to data in the virtual address space, the memory manager removes a portion of a running process from main memory to load the portion of the requested process into main memory.
In the context of encryption, define the term work factor as it relates to a given cryptographic algorithm.
Work factor is an estimate of the effort and resources it would take for an attacker to penetrate a cryptosystem. When designing an encryption method, the goal is to make compromising it prohibitively expensive or time-consuming. Work factor is another name for cryptography strength. In asymmetric algorithms, the work factor relates to the difference in time and effort that carrying out a one-way function in the easy direction takes compared to carrying out a one-way function in the hard direction.