Information assets
Data, device or component that supports information related activities. Need to be protected from illicit access, use, disclosure, alteration, destruction and theft.
Types of Assets
1. Property
- Physical assets e.g. buildings and contents
- Hardware
- Software (OS, apps, support systems)
- Data
2. People
- Employees
- Contractors
- Customers/Clients
3. Procedures
Information security
Preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.
Information Security Event
An identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of safeguards, or a previously unknown situation that may be security relevant.
Information Security Incident
A single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security.
Asset States
1. Storage
- electronic, physical, human
2. Transmission
- physical or electronic
3. Processing (use)
- physical or electronic
Cyber crime
a) Technology is the target e.g. hacking, computer viruses, DOS.
b) Technology used as tools to enable the offence e.g. Phishing, identity theft, spam.
Ransomware
Malware that encrypts users computer files and demands a payment to permit decryption e.g. Breaking Bad computer ransomware demanded $1000 to decrypt files it infects.
3 Information security goals
1. Confidentiality
2. Integrity
3. Availability
Confidentiality
Prevent unauthorized DISCLOSURE of information.
Integrity
Prevent unauthorized MODIFICATION or DESTRUCTION of information.
Availability
Ensure resources ACCESSIBLE when required by authorized user.
Authentication
Verifying a claimed identity or source of information.
2 types of Authentication
1. Entity Authentication
2. Data origin authentication
Entity Authentication
Verify claimed identity.
Data Origin Authentication
Verify source and integrity of message.
Non-repudiation
Create evidence that action has occurred, so user cannot falsely deny the action later.
2 Types of Attacks
1. Passive
2. Active
Active Attacks
- Goal is to modify, replicate of fabricate.
- Can detect and try to recover
e.g. phishing, DOS, Main-in-the-middle
Passive Attacks
- Goal is to obtain information
- Difficult to detect
e.g. eavesdropping, shoulder surfing.
3 Types of Countermeasures
1. Preventative controls
2. Detective controls
3. Corrective controls
Example of Preventative controls
Encryption of files
Example of Detective controls
Use checksum/MAC to detect data corruption.
Example of Corrective controls
Restore apps to last known good image to bring corrupted system back online.
What are the 3 sides of the Security Model? What is on each side?
1. Information States (top)
. Transmission
. Storage
. Processing
2. Critical Information Security Services (left)
. Confidentiality
. Integrity
. Availability
3. Security Measures (right)
. Technology
. Policy & Practices
. Education, Training and Awaren
[1.2] What do researchers claim to be able to do to the Jeep Cherokee?
Take over the vehicle remotely, control entertainment system, climate control, driving controls via wireless connection.
[1.2] Which information asset was targeted when researchers attacked Jeep Cherokee?
Communications between the cellular network, the car, the entertainment system software and the other control systems for the vehicle.
[1.2] Which of security goals are compromised if the attacks described in the article are performed on a Jeep?
- Confidentiality: cellular network traffic reveals vulnerable vehicle, track GPS, trace route over time, measure speed, monitor in car systems etc.
- Integrity: changes made to firmware to insert the code that allows for the remote control.
- Availabilit
[1.2] Data state of Jeep Cherokee?
Transmission (initially) of information related to Uconnect.
[1.2] How can you address the security problems of Jeep Cherokee example?
- Software patches to address the vulnerability
- During dev. implement a policy re: separate critical vehicle systems from entertainment/phone systems.
- Education/training/awareness
[1.2] Were the Jeep Cherokee attacks active or passive?
Active attacks: constructed code and deliberately inserted it into system.
[1.3] Why is the continued use of Windows XP after April 2014 considered a vulnerability?
- Software will no longer be patched = no repair of code errors.
- Flaws identified by criminals can be used to attack system.
[1.4] What is the full name of the organization known as AusCERT?
Australian Computer Emergency Response Team.
[1.4] One of the services provided by AusCERT is a Security Bulletins Service. What sort of information assets do the Security Bulletins relate to?
Software. There are descriptions of vulnerabilities in particular software, sometimes reports that these have been exploited 'in the wild', and some bulletins advise on control measures available.
Threats
Set of circumstances with potential to cause harm to an information asset by compromising stated information security goals.
Source of threats
1. External: unauthorized entities outside organisation.
2. Internal: authoris
Breach of Confidentiality
Information is disclosed to unauthorised entities.
Breach of Integrity
Information assets have been modified or destroyed by unauthorised entity.
Breach of Availability
Information assets are not accessible when required by an authorised entity.
External Source
Source that lies outside the organisation. Not authorized to use information system.
Internal Source
Source of threat lies within the organisation. Authorized to use information system.
Types of threats
Natural Events
Human action
- Deliberate: fraud, sabotage, theft
- Accidental: negligence, errors, omissions
Malware
Malicious software deliberately designed to breach security of computer based information systems. Can affect CIA depending on payload action.
Viruses
Programs with the ability to replicate.
Spreads by copying itself into other files (infecting) and is activated when these files are open or executables are run.
Worms
Programs with the ability to self replicate.
Spread from computer to computer without human interaction.
Trojan horses
Programs with known desirable properties and hidden undesirable property.
Vulnerabilities
Weaknesses in a system that could cause harm to information assets.
(Property) Physical assets require
Suitable location
Physical security mechanisms (gate etc.)
Maintenance
Monitoring and logging
(Property) ICT hardware and software need to consider
- Reliability and robustness
- Redundancy
- Source of software : authorised, legit, supported
- Testing
- Configuration/misconfiguration
- Unprotected com channels : wired/wireless
People need to consider
- Recruiting
- Monitoring
- Education
Processes need to consider
- Access control and privilege management
- Backup of files & systems
- Business of continuity plans
- Communications
- Checks and balances
- Processes for staff leaving/joining
- Software mngt processes and auditing
Attacks
Occur when vulnerabilities are deliberately exploited.
Denial of Service (DoS) Attack
Objective is to make an information asset or resource unavailable to authorised user.
Methods of DoS Attacks
- Overload the resource so it cannot respond to legitimate requests.
- Damage the resource so it cannot be used.
- Deliberately interrupt communications between users and resource so it cannot be accessed.
Defense against DDos
- Cloud hosting
- Coordination with upstream providers.
Masquerade/Spoofing
Where one entity pretends to be another in order to deceive others.
Email address spoofing
Altering the sender information on email to trick recipients into thinking the message if from another source.
Webpage spoofing
Creating a fake webpage that looks like the page for a legitimate business to trick users.
Phishing
Attempts to gain credentials to enable access to other resources by masquerading as a legitimate organisation. Usually involves spoofing and social engineering.
Targeted spear phishing email
Target at specific individual, may have background research etc. so know a Douglas a lecturer in info sec and pretend to be looking for a Phd supervisor.
Man-in-the-Middle Attack (MITM)
Attacker positions self between two entities.
MITM Interception
Unauthorized MITM observes the info and transmits it.
MITM Interruption
Unauthorized MITM prevents transmission.
MITM Modification
MITM modifies the information then sends it.
MITM Fabrication
MITM creates information and sends it claiming to be someone else.
Social Engineering
- Active attack
Use social skills to convince people to reveal information or permit access to resources.
Replay attack
Valid data transmission is recorded and retransmitted at a later date.
Dwell time
How long each key is pressed on keyboard
Gap time
How long between each key press
Attacker
Person who deliberately attempts to exploit a vulnerability to gain unauthorized access or perform unauthorized actions.
[3.1] Difference vulnerabilities and threats
- Vulnerabilities = weaknesses in system protecting asset.
- Threats = anything with potential to cause harm.
[3.1] Relationship btwn threats, vulnerabilities and attacks
Vulnerabilities can be deliberately exploited by threats and results in an attack on the information asset.
[3.1] Difference between passive and active attacks
- Passive do not require an attacker, difficult to detect.
- Active = attacker takes some action to interact with asset, if you monitor you can detect.
[3.3] What sort of information is included in AusCERT security bulletin?
- ASB or ESB (AusCERT or External)
- ID number
- [tag] with affected systems
- Product name
- Most sever impact if exploited.
[3.4] An organization sells their used photocopier at auction without first
removing the stored data from the hard drive. Which information security goal will potentially be breached if this data is exposed?
Breach of confidentiality. The original assets are presumably retained by the company. The material on the hard drive is a copy of the originals, but if exposed the information is no longer confidential.
[3.4] Is disposing of the used photocopier considered a threat, vulnerability or an attack?
Leaves organisation vulnerable. Threat that unauthorized person can access data. If they gain access then confidentiality breached and security incident occurs. Lack of knowledge and failure in policy of asset disposal = vulnerabilities.
[3.4] Describe a threat to multi-functional printers.
- Files sent to printer can be viewed, copied, redirected, modified and re-transmitted.
- Confidentiality breach may occur
- Integrity breach may occur.
- Possible to cancel or delete files before printed.
[3.4] Name things attackers can do to multi-functional photocopiers.
- Execute unauthorised code.
- DoS attacks
Attacker requires remote unauthenticated access.
[3.6] Employee finds USB in foyer and accesses it. Outline likely threats.
Content is potentially malicous
[3.6] Employee finds USB in foyer and accesses it. Vulnerabilities?
Technology: may not be effective AVS.
People: lack education or process for handling unknown usb
Process: process for handling or lost property?
Access control
Controlloing or restricting the use of information assets and/or resouces.
Why is access control used?
1. To prevent unauthorized users from gaining access to resources.
2. To prevent authorised users from misusing resources.
Why is access control important
Fundamental aspect of information security because unauthorised access to resources or authorised users misuing resources can compromise CIA (Confidentiality, Integrity, Availability).
Subjects
Active entities in the system (for example users, processes, other computers), that cause information to flow among objects or change the system state.
Objects
Passive entities in the system that contain or receive information. Objects are repositories of information such as disks, files and datasets. Objects are the resources being accessed.
For effective access control what do you need to consider?
- Resources
- Sensitivity
- Who/what should have access to each resource?
- Permissions (Authorisations)
- How will access control decisions be made?
- Policy implementation
AS/NZS 27002:2006 Clause 7 Asset management:
7.1 Responsibility of Assets.
Standard.
7.1.1 Inventory of assets - type, format, location, backup info, license info and business value of all assets
7.1.2 Ownership of assets
7.1.3 Acceptable use of assets - rules for email + internet use, guidelines for use of mobile devices.
AS/NZS 27002:2006 Clause 7 Asset management:
7.2 Information Classification
Standard.
7.2.1 Classification guidelines
- classify based on value, legal reqs., sensitivity, criticality
- need for sharing/restricted info and assoc. business impact.
- classification varies over time = review + reclassify.
7.2.2 Information handling a
Blacklists
Access generally permitted unless expressly forbidden.
- If your name is on the list you will be denied access.
- the sites you are not permitted to visit
Whitelist
Access is generally forbidden unless expressly permitted.
- if your name is on the list you will be granted access
- the only sites you are permitted to visit.
Principle of least privilege
- Access is generally restricted to the minimum resources and authorisations required for an entity to perform their day-to-day function.
- Intended to limit lvl of damage if a security incident occurs.
Need to know principle
Principle of least privilege in the case that the resource is information : only given info you need to perform your job.
Separation of duties (privileges)
- divide task up into series of steps
- ensure steps performed by different entities
- MOre than one entity is required to complete the task
Benefit of separation of duties
- no single entity is authorised to complete all steps in a critical task
- Minimises error
- harder for insiders to abuse
Possible access permissions that could be implemented?
- read (observe)
- write (observe and alter)
- execute (neither observe nor alter)
- append (alter)
- search
Discretionary Access Control (DAC)
Access at the discretion of some individual, possibly the information asset owner.
- Popular OS use DAC
- Often implemented access control lists or matrices.
Mandatory access control (MAC)
System wide set of rules applied. Central authority assigns attributes to objects and to subjects.
- Subjects assigned clearance levels
- Objects assigned classification levels
Role-based access control (RBAC)
Access permissions based on the role of the individual rather than the subject's identity (user, admin, student etc.)
Role
Collection of procedures or jobs that the subject performs.
What are the steps for implementing access control?
1. Identify the subject (who are you claiming to be?)
2. Authenticate the subject (evidence)
3. Verify that the subject is authorized for the requested mode of access before allowing access
What are the major access control approaches?
- Discretionary Access Control (DAC)
- Mandatory Access Control (MAC)
- Role Based Access Control (RBAC)
Can use a combination.
Benefit of combining MAC and DAC?
- No owner can make sensitive info available to unauthorised users
- 'Need to know' can be applied to limit access that would otherwise be granted under mandatory rules
What are the two phases of implementing access control?
1. Policy definition phase: where privilege is allocated and administered
a) Authorise subject by defining the AC policy
b) Distribute access credentials/token to subject
c) Change/revoke authorisation whenever necessary
2. Policy enforcement (grant acces
[4.1] Resource Owners
Have responsibility for the resource objects, control them, give access privileges and implement access control mechanisms.
[4.3] Describe what is meant by need to know principle and separation of duties.
- Need to know = access restricted to those who need to know information to complete job.
- Separation = break tasks into multiple components, each performed by different entity.
[4.3] To what extent can mandatory access control (MAC) be used to implement the need to know principle?
- Limited ability to implement need to know.
- Typical MAC rules use user clearances and object classification based on hierarchical levels. A user who fits such a rule will have access regardless of whether that user has a current need to access the data
[4.3] Explain how role-based access control (RBAC) can be used to implement separation of duties.
- User can only take one role at a time.
- Require users in 2 different roles to complete task, set access permissions of different roles to force separation.
[4.4] Policy enforcement phase. Explain these three steps in the order they must occur.
1. Identification (requester claims an identity)
2. Authentication (verify requester)
3. Verification authorisation (check identity authorised)
[4.4] Policy enforcement phase. Why is the order of steps important?
Doesn't make sense to check if subject authorised unless you are satisfied if request is made from right subject.
[4.6] Google drive etc. Does the system use discretionary, mandatory, or role-based access control, or a combination of these?
- DAC.
Identification
Entity requesting access presents an identifier to the system
Authenticator Categories
1. Knowledge-Based (something yo know)
2. Object-based (something yo do)
3. ID-based (something yo are)
4. Location-based (somewhere yo are)
Multi-factor authentication
Combines multiple authenticator categories
Salt
Random but not secret information, different for each user.
Tokens
Physical key, swipe card, ID badge etc.
Can generate sequence of one-time passwords.
Clock-based tokens
Clock time used as input algorithm. Token and Host clock must be synced.
TOTP
Time-based One-Time Password. Clock based token.
Disadvantages of clock based
- Requires synchronization
- Need to allow for network delays if for network usage = attacker could copy password then log in as user.
C-R token systems
Challenge Response systems.
- User request access
- System sends challenge
- User types challenge in device
- User sends display response to host
Password checking strategies
- Reactive password checking
- Proactive password checking (as they create it)
Advantages of Knowledge-based authentication mechanisms e.g. passwords
- Readily accepted by users
- Low cost implementation
Biometrics - Enrolment
Biometrics - Verification
Biometrics - Identification
[5.1] Briefly describe the problems associated with reusable passwords.
1. Easy to share
2. Easy to forget
3. Users choose easy to guess passwords
4. Can't be written down
5. Don't provide non-repudiation
[5.2] List four basic properties of hash functions.
H1: The message can be any length but the hash value is always a fixed length.
H2: H(M) is one-way - you can compute the hash value from the input message but you can't compute the input message from the hash value
H3: H(M) is collision resistant - it's h
[5.2] Explain how how authentication is performed for hashed passwords.
1. User sends UserID and password
2. Server computes hash value of received password
3. Look up record for that UserID,
a. Compare computed hash value with stored hash value
b. If they match, access is permitted
[5.2] Explain the problem with stored hash
values that can be addressed by including a random but known salt value.
The limitation with using straight hash values is that where the passwords are the same, the hash values will be also. Using salted hashes, where the salt is a random number and different for every user, is a better option because it disguises the repetit
[5.3] Give an example of a situation in which S/KEY could be used.
Use for authenticating to a system from an untrusted public computer (Internet caf�?). Don't want to use a reusable password which may be captured and replayed later.
[5.3] Explain the basic operation of S/KEY in terms of what is computed and stored on the client side.
To set up the system, begin with the secret w (key) and apply the hash function repeatedly. After the setup Hn(w) is stored on the server.
[5.3] Explain the basic operation of S/KEY in terms of what is computed and stored on the server side.
To authenticate the first time, the client sends Hn-1(w). The server computes the hash of this value and compares it with the stored Hn(w). If it matches, authentication of the client is complete.
[5.3] Explain the basic operation of S/KEY in terms of what is sent each time the protocol is run.
The server then discards Hn(w) and stores Hn-1(w).
[5.3] Which property of cryptographic hash functions is required in order for S/KEY
to be secure?
Knowing any one-time password does not give away the next one-time password. The next password when hashed gives the current password. Hash function must satisfy the one-way property (difficulty inverting them).
[5.4] The synchronised one-time password generator is one method to provide user authentication. Describe the operation of the synchronised password generator method using clock-based tokens.
i. The user enters PIN which is used together with clock on token to
produce the current value.
ii. The value changes for each time period. The user sends the
current value to the host.
iii. The host computes the same value using the algorithm with
inputs
[5.4] Briefly explain the operation of a token-based challenge-response system.
i. A challenge is sent in response to an access request. The challenge is generally a number.
ii. A legitimate user can respond to the challenge by performing a task which requires use of information only available to the user (and possibly the host).
� T
[5.4] Describe one major advantage and one major disadvantage for hardware
tokens, when compared to standard user-selected passwords.
Advantage: single use (one time) password is secure against password guessing or replay: reusable passwords are not.
Disadvantage: problems if synchronisation between token and host is lost, also
security issues around possible loss or theft of token.
[5.4] Compare the two token-based methods (clock based or counter based). What is a possible advantage of each compared with the other?
Clock-based tokens do not require interaction with the host before authentication takes place.
Challenged-based tokens do not require a synchronized clock.
[5.6] Briefly define biometric
Automated method of verifying the identity or recognising someone based on physiological or behavioural characteristic.
[5.6] Describe 4 main biometric modules
1. Sensor module: capturs biometric signal e.g. fingerprint scanner.
2. Feature extraction module: processes signal and extracts discriminatory features e.g. position of ridges on fingers.
3. Matcher module: compares against stored templates to generated
[5.6] Which is faster at returning results Verfication mode or identification mode? (biometrics)
Verification is faster. It only requires 1-to-1 comparison.
Identification has to search entire database (n-to-1 comparison).
[5.7] In order to be used for biometrics a characteristic must meet 4 requirements.
1. Universality: each person should have the characteristic.
2. Distinctiveness: characteristic should be significantly different between each person.
3. Permanence: characteristic should be sufficiently invariant over a period of time.
4. Collectability:
[5.7] Describe the 3 practical aspects that need to be considered for implementing a biometric system.
1. Performance: accuracy + speed
2. Acceptability: extent people accept the use of the biometric identifier.
3. Circumvention: how easily system is fooled using fraudulent efforts.
[5.8] What does False Match Rate (FMR) mean?
Rate at which biometric measurements from two different persons are incorrectly declared to be from the same person.
[5.8] What does False Non-Match Rate (FNMR) mean?
Rate at which two biometric measurements from the same person are incorrectly declared to be from two different persons.
[5.8] How can you reduce FMR?
Increase threshold.
[5.8] How can you reduce FNMR?
Reduce threshold.
[5.8] Can you think of an example where it is more important that the false match
rate must be very low?
High security where critical only authorized user allowed. Better to lock out authorized than allow unauthorized.
List the privacy legislation in Australia
Federal
- Commonwealth Privacy Act 1988
- Privacy Ammendment (Private Sector) Act 2000
- Privacy Amendment (Enhancing Privacy Protection) Act 2012
State
- Information Privacy Act 2009 (QLD)
Who is the Commonwealth Privacy Act 1988 applied to?
Commonwealth and ACT government agencies
Who is the Commonwealth Privacy Act 1988 NOT applied to?
- State or Northern Territory government agencies
- Non-government organisations.
Privacy Amendment (Enhancing Privacy Protection) Act 2012 has 13 Privacy Principles grouped into 5 parts. What are they?
1. Consideration of personal information privacy
2. Collection of personal information
3. Dealing with personal information
4. Integrity of personal information
5. Access to, and correction of, personal information
Privacy Amendment (Enhancing Privacy Protection) Act 2012 applies to:
� Australian federal government agencies,
� ACT and Norfolk Island government agencies,
� Private-?sector businesses with annual
turnover > $3million
� Private sector health service providers
[6.1] What sort of privacy is the Australian Privacy Act 1988 concerned with?
Information or data privacy.
[6.1] Which organisations does the Australian Privacy Act 1988 apply to?
Australian Federal government agencies and ACT government agencies
[6.1] According to Section 6 of the Australian Privacy Act 1988, what does 'personal information' mean?
Information or an opinion, whether true or not, and whether recorded in material form or not, about an individual whose identity is apparent, or can reasonably be ascertained from information or opinion.
[6.1] According to Section 6 of the Australian Privacy Act 1988, what does 'record' mean?
Document or database or photograph or other pictorial representation of a person.
[6.1] According to Section 6 of the Australian Privacy Act 1988, what does 'sensitive information' mean?
Information or opinion about an individuals:
- racial/ethnic origin
- political opinion/membership
- religion
- philosophic beliefs
- membership of trade union/professional assoc.
- sexual preference
- criminal record
- health info
- genetic info
[6.1] According to Section 6 of the Australian Privacy Act 1988, what is not a record?
A generally available publication or anything kept in library, art gallery, museum for purposes of reference, study or exhibition. Records in care of National Archives of Aust., documents in Aust. War Memorial collection, letters/articles in transmission
[6.2] In 2000 the Aust. Privacy Act 1988 was amended to include what?
National Privacy Principles
[6.2] What was the purpose of amending (National Privacy Principles) the Aust. Privacy Act 1988?
Extend coverage of the Privacy Act to the private sector (with some exemptions)
Protocol
A set of rules governing the exchange of data between two or more entities.
IETF Internet Protocol Suite layers
Link layer
Physical communication layer. Local. Protocol operations:
- Ethernet
- WLAN (WEP)
- ADSL
- 3G etc.
Internet (network) layer
Addressing and routing. Global.
- IPv4, IPv6
- ICMP : control
- IPsec : security
Transport layer
Establishes basic data channels for applications. Uses ports to distinguish between different applications on the same host.
TCP (Transmission Control Protocol)
Ensure what sent arrives reliably and in order.
UDP (User Datagram Protocol)
Application layer
Secure Shell (SSH)
Used for remote login, file transfer and limited VPN service.
Provides public key authentication of servers and clients and encrypted communication.
Transport Layer Security (TLS)
Adds encryption to application protocols.
Used extensively on the web and is often referred to in privacy policies as a means of providing confidential web connections. Network security protocol.
IP Security (IPsec) - Internet layer
Provides security services at the IP level and is used to provide Virtual Private Network (VPN) services. Network security protocol.
WiFi security (WEP, WPA) - Link layer
Provides security services at the link layer for wireless communication. Network security protocol.
SSH security properties
- Message confidentiality
- Message integrity
- Message Replay protection: money transfer example.
- Peer Authentication.
SSL (Secure Sockets Layer)
Now called TLS (Transport Layer Security)
Certificate
Assertion by a trusted third party that a particular public key belongs to a particular entity.
Certificate authority
[7.1] Explain how SSH provides server-to-client authentication and client-to-server
authentication.
Client authentication:
- Public keys, harder to guess
- Can associate several keys with single account/computers.
[7.1] What TCP port is reserved for SSH connections?
Port 22
[7.1] SSH. What are the benefits of using client public key authentication
instead of password authentication? What are the drawbacks?
...
[7.2] What port is reserved for HTTP over TLS? What is the prefix for a URL that
describes a resource accessible by HTTP over TLS?
443.
https://
[7.2] TLS is designed to secure reliable end-to-end services over TCP. Briefly describe where TLS operates in the IETF protocol stack.
...
[7.2] Briefly explain the purpose of the TLS Handshake protocol.
Set up communication
[7.2] Identify the security services provided to TLS connections by the TLS Record
Protocol.
...
[7.2] How are the TLS Handshake Protocol and the TLS Record protocol connected?
...
[7.2] As part of the Handshake Protocol the client and server negotiate which 'cipher suite' to use. In what circumstances is this negotiation useful? Why can this negotiation lead to potential security weaknesses?
...
Symmetric---------------------------------------------------------
--------------------------------------------------------------
Cryptography
Transforming messages into an unintelligible from and recovering them using secret knowledge
Cryptanalysis
Analysis of cryptographic systems, inputs and outputs to derive confidential information, usually without using secret knowledge.
Plaintext (P)
Original message or data
Encryption (E)
Transforming the plaintext into another form so that the meaning is not obvious, using an algorithm and some secret knowledge
Cryptographic Key (K)
Secret knowledge
Ciphertext (C)
Encrypted plaintext, transformed so the message is now 'hidden'
Decryption (D)
Transforming the ciphertext back to the original plaintext, using an algorithm and key
Caesar Cipher
Encryption = step forward n places in the alphabet.
Decryption = step back n places in the alphabet.
Secret key = n
Encoding
Transforming data from one form to another using an encoding algorithm. (NO secret key)
Encryption
Transforming data from one form to another using an encryption algorithm and secret key.
Steganography
- NOT cryptography
- Used to hide information within a document or image so the presence of the message is not detected.
- Some techniques make use of crypto
Cryptography is used for which CIA?
Confidentiality
Integrity
Authenticity
[CRYPTO] What type of measure is implemented to ensure message is confidential?
Preventative
[CRYPTO] What type of measure if implemented to ensure message maintains integrity?
Detective. You can't prevent it being altered but can check if it has been.
Ciphers used for confidentiality
In storage: Microsoft's Encrypting File System, BitLocker
Being transmitted: SSL/TLS, IPSec, WEP, WPA
Processing: Crypto not good for hiding information when it is being processed.
Symmetric Cryptography (Secret Key)
Encryption and Decryption Keys are the SAME.
Key (K) must be kept secret = has to be distributed or stored securely.
Threat of confidentiality breach of key.
Asymmetric Cryptography (Public Key)
Encryption and Decryption Keys are DIFFERENT. and disclosing one does not compromise the other.
Symmetric Cipher (Secret Key Cipher)
Encryption key IS THE SAME AS decryption key (or one key can be easily deduced from the other)
Asymmetric Ciphers (Public Key Cipher)
- Encryption key DOES NOT EQUAL decryption key
- Computationally infeasible to derive one key from the other
Stream Ciphers
- Plaintext & ciphertext are streams of characters
Process:
- Plaintext encrypted one character at a time by combining with a keystream
- Ciphertext decrypted one character at a time by combining with the same keystream used for encryption
Binary Additive Stream Cipher
Plaintext, keystream and ciphertext are all streams of bits, combining operation is just XOR (addition modulo 2).
- Do NOT provide integrity protection
Binary Additive One-time pad (Vernam OTP)
- Plaintext is a stream of bits
- Key is a stream of bits
- XOR of plaintext and key to produce ciphertext
- XOR of ciphertext and key to recover plaintext
- Can not reuse or repeat keys, each message requires a NEW random key.
What criteria must the key of a Vernam OTP meet?
Must be:
1. TRULY Random
2. Same length as message
3. Used only once
Keystream
Time-varying function of a key.
Process of enctyption for Vernam OTP
1. Plaintext encrypted character by character.
2. t converted to ascii 8-bit binary string (encoding).
3. Encryption key for the first character is 8-bit secret string. Encryption algorithm is XOR.
8-bit ciphertext string also = ASCII symbol
Process of decryption for Vernam OTP
- Each character = 8bit string
- The decryption key = encryption key.
- Decryption algorithm is XOR.
- Each character has different 8 bit string (key portion)
- For whole message, key length must = length of plaintext.
RANDOMNESS is what provides the secu
Would you use Vernam OTP to ensure C,I or A?
Confidentiality.
- attacker can try all possible keystreams to recover all possible plaintext but has no way to know which is correct.
Why would you not use Vernam OTP?
Key Management.
- Same keystream is required to encrypt and decrypt and you can't reuse keys. Must be able to distribute and store key securely. If you can do this securely you may as well send/store the original message securely.
What is an alternative to using Vername OTP?
Binary additive stream ciphers that don't use TRULY random binary sequence and instead use KEYSTREAM GENERATOR.
Binary Additive Stream Encryption
Binary Additive Stream Decryption
RC4 Algorithm
- "Ron's Cipher #4"
- Keystream generator for binary additive stream cipher
- Input: key length up to 2048 bits
- Output: pseudorandom binary sequence produced 8 bits
- Only a few lines of code (~20)
- Fast in software
Uses of RC4
Communications:
- SSL/TLS for internet traffic
- Wireless networks
- IEEE 802.11 Wired Equivalent Privacy (WEP)
- IEEE 802.11i WiFi Protected Access (WPA & WPA2)
Issues with Binary Additive Stream Ciphers
1. Synchronisation: encryption keystream must be synchronised with encryption keystream.
2. Bitflip error: one bit will be decrypted incorrectly
3. Inserted/deleted bit: loss of synchronisation = message can't be recovered from insertion/deletion point.
Synchronisation
Same keystream used in same position with respect to plaintext/ciphertext
How can you recover from loss of synchronization?
[RECEIVER] Try keystream offsets or request retransmission
Known Initialisation Vector (IV)**
- Is public
- Prevents repetition of data
Two inputs used for most modern stream ciphers
1. Secret key
2. IV (Known Initialisation Vector)
What are Stream ciphers used for?
Real-time applications where time delays are unacceptable. (They are fast)
E.g.
1. Communications, including internet traffic - RC4
2. Mobile telephony - A5/1 and A5/2 in GSM standard
3. Video (pay TV) - Digital Video Broadcasting (DVB) uses Common Scramb
What are block ciphers?
- Symmetric ciphers
- Encrypted/Decrypted one block at a time
- Blocks commonly 64-bits or 128-bits
Types of Block ciphers
1. Electronic Code Book mode (ECB)
a. Data Encryption Standard (DES)
b. Advanced Encryption Standard (AES)
2. Cipher Block Chaining (CBC)
3. Output Feedback (OFB)
4. Cipher Feedback (CFB)
5. Galois Counter Mode (GCM)
There are 12. We are concerned with EC
Electronic Code Book mode (ECB) Encryption
Electronic Code Book mode (ECB) Decryption
--------------------------------INCOMPLETE (slide 42)
----------------------------------------------
Diffie-Hellman Key Agreement Algorithm
Method for securely exchanging cryptographic keys over a public channel.
- Uses modular exponentiation
- Relies on difficulty of discrete logarithms for security
(g^b)^a = g^(ab) mod p
(g^a)^b = g^(ab) mod p
If you use Diffie-Hellman Key Agreement alg. do you have to worry about an attack?
Yes. An attacker can still eavesdrop because their is no authentication. When they establish the key they don't have assurances of who they are communicating with.
ASYMMETRIC---------------------------------------------
----------------------------------------------
What does the security of asymmetric cryptographic system depend on?
1. Strength of the algorithm
2. Key Size
3. Confidentiality of the private key (K_priv)
Is key distribution an issue for asymmetric cryptography?
Key distribution is not an issue. Anyone may know the public key and everyone has their own private key.
How many keys are required in asymmetric cryptography?
If there are n participants then you need a total of n key pairs.
How are public keys distributed?
1. Provided directly e.g. in email signature
2. On a website
3. Public keyserver
How do Asymmetric ciphers for confidentiality work?
1. Each user creates a public key / private key pair.
2. Public key shared with everyone.
3. Sender uses receivers public key to encrypt message.
4. Ciphertext sent to receiver.
5. Receiver decrypts ciphertext using their private key.
What is C = E(P,Kpub)?
Notation for asymmetric encryption.
Ciphertext = Encryption (Plaintext, Public Key)
What is P = D(C,Kpriv)?
Notation for asymmetric decryption.
Plaintext = Decryption (Ciphertext, Private Key)
ElGamal Cryptosystem
- Relies on difficulty of discrete logarithms for security
- Used for encryption
Ciphertext is:
- twice length of plaintext --> C = 2P
- randomised = multiple encryptions of same plaintext to produce different ciphertexts
How does ElGamal Cryptosystem work?
RSA Cryptosystem
- Rivest-Shamir-Adleman cryptosystem
- Use for encryption and digital signature scheme
- Based on factorising large integers
Elliptic Curve Cryptography
- Uses algebraic group defined on a set of points on an elliptic curve
What are the advantages of Elliptic Curve Cryptography over other asymmetric cryptographies?
1. Smaller key size and smaller ciphertext size than RSA
2. Provides same level of security with smaller keys
How do the key lengths of AES, RSA and Elliptic Curve compare?
Hybrid Cryptosystems
Cryptosystems can be combined
1. Use asymmetric cipher to provide confidentiality for a particular short message:
a randomly chosen shared secret key.
2. Symmetric cipher is uses shared secret key for encrypting the bulk data.
Which is faster: Symmetric or Asymmetric ciphers?
Symmetric ciphers are much faster because they are less computationally expensive.
Which is better for key distribution: Symmetric or Asymmetric ciphers?
Asymmetric ciphers. Anyone may know the public key and everyone has their own private key whereas there is only one shared key for symmetric ciphers.
How do Asymmetric ciphers for integrity work?
Private key = digital signature for a particular message or file.
Public key used to verify digital signature on message:
- Provides authentication of sender
- Since only signer knows private key they are only one who can generate digital signature
Digital Signatures
- Unique to signer
- Verifiable
- Legally binding
- Different for every document
- Must be produced and verified by a machine
Completely different to digitized signature
What are the most common digital signature schemes?
1. RSA
2. DSA
3. ECDSA
RSA Signatures
- Key generated same way as RSA encryption
Digital Signature Algorithm (DSA)
- Also called Digital Signature Standard (DSS)
- Based on discrete log problem
Elliptic Curve Digital Signature Algorithm (ECDSA)
...
What are the benefits of digital signatures?
- Authentication of message sender
- Some assurance of message integrity
- Non-repudiation (third party can decide if a specific party signed a message)
[9.1] How many keys are required for two people to communicate confidentially using symmetric cipher?
One shared key is required.
[9.1] How many keys are required for five people to communicate confidentially using a symmetric cipher, such that any two can communicate securely?
10.
Person A needs 4 keys to communicate with the others. There are 5 people --> 5 x 4 = 20. But the key Person B uses to communicate with Person A is the same so --> 20/2 = 10.
[9.1] Before encrypted messages can be sent, each communicating party must have a copy of the secret key. How can this key be distributed securely if asymmetric ciphers are NOT used?
- Over a different secure channel
- Through a trusted 3rd party = role of key server
[9.2] What sort of mathematics is required to perform Diffie-Hellman key agreement?
Modular exponentiation: integer exponentiation over a finite set of integers. The modulus is a prime number.
[9.2] One problem with Diffie-Hellman key agreement is that each entity has no assurance about the identity of the entity they are communicating with. What sort of attack is possible as a result of this problem and what impact does this have on the securi
No authentication means Man-In-the-Middle (MIM) attack is possible.
- MIM can establish keys with sender and receiver and send messages pretending to be either of them.
- Communications aren't really secure: Attacker can view and modify communications so
[9.3] Alice wants to send a confidential message to Bob. They do not have an existing shared secret key. Suppose that Alice and Bob agree to use an asymmetric cipher (RSA). Bob has a public key K_(Bpub) and the associated private key K(Bpriv).
What should
Bob should keep his private key K_(Bpriv) secret and make is public key K_(Bpub) public.
[9.3] Alice wants to send a confidential message to Bob. They do not have an existing shared secret key. Suppose that Alice and Bob agree to use an asymmetric cipher (RSA). Bob has a public key K_(Bpub) and the associated private key K(Bpriv).
Outline the
Encrypt:
1. Prepare message M - may include coding it as an integer
2. Encrypt message using agreed asymmetric cipher encryption algorithm (RSA) and the key K_(Bpub) to produce ciphertext C where C=E(M,K_(Bpub))
3. Transmit ciphtertext C to Bob
[9.3] Alice wants to send a confidential message to Bob. They do not have an existing shared secret key. Suppose that Alice and Bob agree to use an asymmetric cipher (RSA). Bob has a public key K_(Bpub) and the associated private key K(Bpriv).
Outline the
Decrypt:
1. Receive ciphertext C
2. Decrypt ciphertext using agreed asymmetric cipher decryption algorithm (RSA) and the key K_(Bpriv) to recover message M where M=D(C, K_(Bpriv))
3. Decode message (if necessary)
[9.4] Alice wants to send a message and an associated digital signature to Bob. Alice has a public key K_(Apub) and the associated private key K_(Apriv). Similarly, Bob has a public key and associated private key. Explain the cryptographic steps necessary
Alice's signature generation:
i. Alice prepares message M (may include encoding the message).
ii. Alice inputs the message and Alice's private key to the signature creation algorithm to obtain SigA(M).
iii. Alice sends SigA(M) and M to Bob
[9.4] Alice wants to send a message and an associated digital signature to Bob. Alice has a public key K_(Apub) and the associated private key K_(Apriv). Similarly, Bob has a public key and associated private key. Explain the cryptographic steps necessary
Bob performing signature verification:
i. Bob receives message M and claimed signature SigA(M).
ii. Bob inputs SigA(M), M and Alice's public key into signature verification algorithm.
iii. If output = Yes then SigA(M) = signature on message M formed by Al
[9.4] Alice wants to send a message and an associated digital signature to Bob. Alice has a public key K_(Apub) and the associated private key K_(Apriv). Similarly, Bob has a public key and associated private key. Explain the cryptographic steps necessary
Alice's signature generation:
i. Alice prepares message M (hashes the message).
ii. Alice inputs the hashed message and Alice's private key to the signature creation algorithm to obtain SigA(M).
iii. Alice sends SigA(M) and M to Bob
Bob performing signatu
[9.4] What is non-repudiation?
Security service that ensures that users cannot falsely deny an action has occurred.
[9.4] Why is non-repudiation important for e-commerce?
Useful for resolving a dispute about some action that has occurred. Example: whether a contract was signed or a transaction authorised. Digital signatures provide authentication of the message sender, integrity and non-repudiation, so that is useful for e
[9.4] Why is symmetric cryptography alone unable to provide non-repudiation?
Message authentication using a MAC only shows that one of the parties who knows the shared secret key formed the MAC (for example shopper and merchant), and a third party (judge) will not be able to decide
which of those two parties performed the action.
[9.6] Ransomware such as CryptoLocker uses encryption to encrypt the files on a victim's computer, then demands that they pay a random to be able to decrypt their files.
Explain what happens after the CryptoLocker malware is installed.
1. Malware contacts a control server which generates a 2048-bit RSA public/private key pair.
2. Control server sends public key to victims computer and keeps private key.
3. Malware encrypts files on computer using public key.
4. When enough files are enc
[9.6] Ransomware such as CryptoLocker uses encryption to encrypt the files on a victim's computer, then demands that they pay a random to be able to decrypt their files.
Why does the design of the system make it impossible for users to decrypt the files o
RSA public key was generated by the control server and the RSA private key was never copied to the user's computer, so the user does not have access to the private key to decrypt the files.
[9.6] Ransomware such as CryptoLocker uses encryption to encrypt the files on a victim's computer, then demands that they pay a random to be able to decrypt their files.
It is likely that CryptoLocker used hybrid encryption. Explain how it may have done s
It is likely CryptoLocker used RSA and AES together in a hybrid encryption, since RSA public key encryption is much slower than symmetric ciphers.
[9.6] Ransomware such as CryptoLocker uses encryption to encrypt the files on a victim's computer, then demands that they pay a random to be able to decrypt their files.
According to the "Takedown and recovery of files" investigators were able to takeover
An IT security firm gained access to the database of RSA private keys that the CryptoLocker operators had stored, and made available a tool to help victims decrypt their files. (Note that this decryption service is no longer in operation.)
For each file t
[Q9.1] The main difference between symmetric and asymmetric ciphers is:
[Q9.2] Alice wants to send a message M1 to Bob in an encrypted form to provide confidentiality. Alice uses the RSA asymmetric cipher to prepare the corresponding ciphertext message C and then sends C to Bob. Let E and D represent encryption and decryption
[Q9.3] Alice wishes to digitally sign a message M2 and send the message and the corresponding digital signature to Bob. Which of the following methods can be used to prepare Alice's digital signature Sig_A (M2) on message M2?
[Q9.4] Match