Security Mechanisms: Cryptography, Authentication, and More

Questions and Answers

Which of the following best describes a security mechanism?

• A system for monitoring network traffic for malicious activity.
• A set of rules governing the behavior of users on a network.
• A method, technique, or tool used to protect computer systems and networks from cyber threats. (correct)
• A protocol for secure communication between two parties.

Which of the following is NOT a primary goal of a security mechanism?

• Maintaining the integrity of data.
• Protecting the confidentiality of data.
• Maximizing processing speed. (correct)
• Ensuring the availability of data.

What is the primary function of cryptology?

• Managing user authentication and authorization.
• The science of making and breaking secret codes. (correct)
• Protecting information so only the intended recipient can read or process it.
• The art of designing communication networks.

What is the role of cryptography in cybersecurity?

To protect information so only the intended recipient can read or process it. (A)

Which process transforms plaintext into ciphertext?

Encryption (B)

In cryptography, what is the term for the original message or data before encryption?

Plaintext (B)

What is the purpose of a 'key' in cryptography?

To be the string of characters used within an encryption algorithm. (D)

What distinguishes symmetric encryption from asymmetric encryption?

Symmetric encryption uses one key for both encryption and decryption, while asymmetric encryption uses a pair of keys. (B)

In asymmetric encryption, which key is used by the sender to encrypt a message?

The recipient's public key (D)

What is the primary advantage of using symmetric encryption?

Efficiency and speed in encrypting large amounts of data. (C)

How many keys are used in the process of encrypting and decrypting data using asymmetric encryption?

One key for encryption and a different key for decryption. (B)

In the context of cryptography, what is a 'cipher'?

A set of instructions designed to perform a specific task. (B)

Which of the following is a characteristic of the Caesar Cipher?

It is a type of substitution cipher. (C)

What is a primary disadvantage of the Caesar Cipher?

It is easily broken due to its simplicity. (C)

What is the core principle behind a transposition cipher?

Rearranging the order of the letters to create a ciphertext. (D)

What is the purpose of using a 'keyword' in columnar transposition ciphers?

To define the number of columns for encryption. (D)

If a columnar transposition cipher uses the keyword 'KEY', what determines the order in which columns are read during encryption?

The alphabetical order of its letters. (D)

What does the 'x' character represent in a columnar transposition cipher?

A character for a vacant slot. (B)

What is the primary goal of using double transposition in the context of cipher techniques?

To mitigate against frequency analysis attacks. (A)

In the context of data security, what is the purpose of 'AAA'?

To prevent unauthorized access. (D)

What are the three security services that form the basis of AAA?

Authentication, Authorization, and Accountability (C)

What is the primary purpose of authentication in information security?

Verifying a user's identity. (B)

In the context of authentication, what does 'something you know' refer to?

A password or PIN. (A)

Which of the following is an example of 'something you have' as an authentication method?

Smartcard (A)

Which of the following authentication methods relies on unique biological characteristics?

Biometrics (B)

What is the difference between identification and verification in the context of authentication?

Identification claims an identity, while verification proves you are who you claim to be. (C)

What is the purpose of multi-factor authentication (MFA)?

To increase the cost of breaking security. (C)

What is the main purpose of the Kerberos protocol?

To provide client-server authentication. (C)

Which cryptographic technique is utilized by Kerberos for authentication?

Secret-key cryptography. (A)

In the Kerberos protocol, what is the role of the Key Distribution Center (KDC)?

To manage and distribute keys and tickets for authentication. (D)

Which of the following defines 'data security'?

It is the practice to protect data from unauthorized access, corruption, theft, or loss. (B)

What is the primary function of a firewall in data security?

Filtering network traffic based on predetermined security rules. (B)

Which of the following is a goal of a firewall?

Allow only authorized traffic to pass and be immune to penetration. (B)

Which capability does a firewall provide for monitoring network activity?

Location for monitoring security-related events. (B)

What is the key function of packet filtering in a firewall?

Applying a set of rules to each incoming and outgoing IP packet. (D)

How does stateful inspection enhance firewall capabilities?

By monitoring the state of active connections. (A)

What is the main function of an application-level gateway firewall?

To forward information across the gateway and prevent direct connection between external and internal networks. (B)

What layer of the OSI model does a circuit-level gateway primarily monitor?

Session Layer. (A)

What characterizes a 'bastion host' in firewall configurations?

A host deliberately exposed on a public network. (C)

What is unique about a distributed firewall configuration?

It involves standalone and host-based firewalls under a central administrative control. (A)

What is the purpose of a cybersecurity risk management?

To identify, analyze, and address risks to prevent cyberattacks and cyberthreats. (B)

Which of the following is a key step in cybersecurity risk management?

Identifying and assessing potential risks. (D)

What does 'Risk Avoidance' mean in cybersecurity risk management?

Completely eliminating the risk by changing plans or behaviors. (D)

What is 'Risk Transfer' in the context of cybersecurity risk management?

Shifting the financial or legal burden of a risk to a third party. (A)

Flashcards

Security Mechanism

Specific methods, techniques, or tools used to protect computer systems and networks from cyber threats and attacks.

Cryptology

The science of making and breaking secret codes.

Cryptography

The art of protecting information, ensuring only intended recipients can read or process it.

Plaintext

The original message or clear text data in a readable format.

Ciphertext

The encrypted message or meaningless text data in a non-readable format.

Cryptanalysis

The study of secret code systems in order to obtain the information.

Cryptosystem

The set of specific algorithm for specific task.

Algorithm

A set of instructions designed to perform a specific task, called cipher.

Key

A string of characters used within an encryption algorithm.

Symmetric Encryption

Uses the same pre-shared key to encrypt and decrypt data.

Asymmetric Encryption

Uses one key to encrypt data and a different key to decrypt data.

Substitution Cipher

A method where letters are replaced by other letters to create the ciphertext.

Transposition Cipher

A method where the order of letters is rearranged to create a ciphertext.

Single Transposition Cipher

Known as Columnar Transposition Cipher. The number of columns are defined by the keyword.

Double Transposition Cipher

Transposes the column twice. Run the ciphertext from single transposition algorithm to create more difficult ciphertext.

AAA concept

An authentication concept involving confidentiality, integrity, and availability of data.

Authentication

Refers to the process of recognizing a user's identity.

Authorization

Refers to the process of giving a user the ability to access the system, either granting or denying access.

Accountability

Refers to the process of keeping track of a user's activity while accessing resources.

Identification

The process that identifies a user based upon comparison of a current sample against a previously collected sample.

Verification

The process of proving that you are who you claim to be.

Kerberos

Client-server authentication protocol that enables mutual authentication. It uses secret-key cryptography.

Data Security

Refers to the practices, technologies, and measures used to protect data from unauthorized access, corruption, theft, or loss.

Firewall

System that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Packet filtering

Applies a set of rules to each incoming and outgoing IP packet.

Stateful inspection

Monitors the state of active connections and uses it to determine which network packets to allow through firewall.

Application level gateway

Runs proxies that copy and forward information across the gateway and preventing any direct connection between a trusted server or client and an untrusted host.

Circuit level gateway

Monitors TCP handshaking between packets to determine whether requested session is legitimate.

Bastion Host

Deliberately exposed a host on a public network.

Individual Host-Based Bastion

Secure an individual host by filtering and restricting the flow of packets.

Personal Firewall

Protect only on the installed computer by controlling the flow of network traffic (stand-alone).

Distributed Firewall

Involves stand-alone firewall with host-based firewall under a central administrative control.

Cybersecurity risk management

A process of identifying, analyzing, and addressing an organization's IT security risks to prevent ongoing and future cyberattacks and cyberthreats.

Risk Avoidance

Preventing the risk by changing plans or behaviors. Example: Avoid opening suspicious emails.

Risk Reduction

Minimizing the changes or impact of a risk. Example: Installing antivirus software, applying security patches.

Risk Transfer

Shifting the risk to another party, for example purchasing cybersecurity insurance.

Risk Acceptance

Deciding to accept the risk if the impact is low and manageable.

Study Notes

Topic 7: Security Mechanism

• Security mechanism is a specific method, technique, or tool for protecting a computer system or network from cyber threats and attacks.

Learning Objectives

• Cryptography involves encryption concepts and operations
• Authentication covers security services like authentication, authorization, and accountability
• Data Security focuses on safeguarding data using tools and systems
• Risk Management includes identifying, assessing, and controlling risks

Definition of Security Mechanism

• A security mechanism protects a computer system and network for digital data from cyber threats and attacks, using specific methods, techniques, or tools.

Goals of Security Mechanism

• To maintain confidentiality, data is accessible only to authorized persons
• To maintain integrity, data must remain unaltered
• To maintain availability, data must be reliable in a timely manner and uninterrupted.

7.1 Cryptography

• Cryptology is the science of making and breaking secret codes.
• Cryptography is the art of protecting information so only the intended recipient can read or process it.

7.1.1 Encryption: Concepts and Operations

• Encryption is the process of transforming plaintext to ciphertext
• Decryption is the process of transforming ciphertext to plaintext.

Terminology used in Cryptography

• Plaintext: The original message, or clear text data or readable format data.
• Ciphertext: The encrypted message, or meaningless text data or non-readable format data
• Cryptanalysis: The study of secret code systems to obtain information
• Cryptosystem: The set of specific algorithm
• Algorithm: a set of instructions designed to perform a specific task, called cipher
• Key: The string of characters used within an encryption algorithm

7.1.2 Encryption Types

• Techniques include Symmetric and Asymmetric methods

Symmetric Encryption

• The same pre-shared key is used to encrypt and decrypt data.
• Process:
  • The sender creates a ciphertext message by encrypting the plaintext message with a symmetric encryption algorithm and a shared key
  • The sender sends the ciphertext message to the recipient
  • The recipient decrypts the ciphertext message back into plaintext with a shared key

Asymmetric Encryption

• Different keys are used to encrypt and decrypt data
• Process:
  • The sender creates a ciphertext message by encrypting the plaintext message with an asymmetric encryption algorithm and the recipient's public key.
  • The sender sends the ciphertext message to the recipient
  • The recipient decrypts the ciphertext message back into plaintext using the private key that corresponds to the public key

Methods of creating ciphertext

• Includes Substitution Cipher and Transposition Cipher

Substitution Cipher

• Letters are replaced by another letter to create ciphertext, applying a technique shift of key
• Easy to perform, but easily broken

Caesar Cipher technique shift of 3 example

• Plaintext: POCKET ROCKET MAN
• Ciphertext: SRFNHW URFNHW PDQ

Caesar Cipher technique shift of 4 example

• Ciphertext: VEHMS WTIGXVYQ MR JVIUYIRGC
• Ciphertext: radio spectrum in frequency

Transposition Cipher

• Letters are rearranged to create a ciphertext
• Plaintext is arranged in a number of columns
• Provides secure encryption when using a keyword

Single Transposition Cipher (Columnar Transposition Cipher)

• The number of columns is defined by the keyword
• × character for vacant slot

Single Transposition Cipher Steps

• Build the column by defining the number of keyword's character
• Set index order based on alphabetical
• Insert the plaintext into column by row, from left to right
• Extract the ciphertext column by column, start from column no.1 until complete

Single Transposition Cipher Example

• Plaintext: POCKET ROCKET MAN
• Keyword: TRACKS
• Ciphertext: CCN KKX EEX OOA TTX PRM

Double Transposition Cipher

• Transposes the column twice
• Runs the ciphertext from a single transposition algorithm for more difficult ciphertext.

Double Transposition Cipher Steps

• Ensure the built table and index order are the same
• Insert the single transposition ciphertext into column by row, from left to right
• Extract the new ciphertext column by column, start from column no.1 until complete

7.2 Authentication

• AAA Concept involves three security services in order to maintain Confidentiality, Integrity, and Availability (CIA) of data: Authentication, Authorization and Accountability
• AAA aims to provide security services to prevent unauthorized access

Authentication

• Refers to the process of recognizing a user's identity
• Authentication methods include: Something you know, Something you have, and Something you are

Authorization

• Refers to the process of giving a user the ability to access the system (either granting or denying).
• Authorization methods include Multi-Factor Authorization (MFA), Access Control Lists (ACLs), and Role-Based Access Control (RBAC).

Accountability

• Refers to the process of keeping track of a user's activity while accessing resources
• Accountability Methods: Access Control, Incident Response Plans, and Audit Trails and Logging.

Identification vs. Verification

• Identification is the process that identifies a user based upon comparison of a current sample against a previous collected sample, identifying them using a unique identifier.
• Verification verifies if a user is the person they claim to be, proving that person's identity

Implementation Techniques

• Includes Passwords & Smart Cards, Biometric, Kerberos

Passwords

• A secret word or expression used by authorized persons to prove their rights to access

Smart Cards

• Cards containing an embedded microchip that can be programmed to store info onto it

Characteristic of Good Password

• Combines letters, numbers, and symbols while using Upper/lowercase, is at least 8-12 characters long, is hard to predict, and is frequently changed

Characteristics of Smart Cards

• Contact Smart Cards require physical contact with a card reader (MyKad, Debit Cards, and Credit Cards).
• Contactless Smart Cards communicate with the reader using radio frequency without direct contact (RFID Cards)

Biometric

• An electronic identification of an individual on the basis of unique biological or physiological characteristics

Biometric Types

• Fingerprint is a biological characteristic using a fingerprint scanner that is used to recognize human fingerprints in various applications (counter banking system).
• Hand Geometry is used to recognize/verify human palm geometry to in high-security workplaces
• Retinal patterns uses the iris scanner in national identification systems
• Facial Features involves facial recognition systems in buildings
• Voice uses voice recognition systems in resident systems
• Signature uses signature recognition scanner in financial systems

Kerberos

• A client-server authentication protocol that enables mutual authentication
• Utilizes secret-key cryptography
• Named after the Greek Myth - three-headed dog

Elements of Kerberos

• Client: Represents a computer or user or software
• Target Server: Provides the service the client wants to access
• Key Distribution Center (KDC): Handles the distribution of keys and tickets

Steps in Kerberos Ticketing Exchange

• Client request ticket from KDC Authentication Service (AS), KDC either Provides ticket or denies (if it can decrypt)
• Client gives TGT to the KDC Ticket-Granting Service (TGS), and request the service ticket
• KDC TGS provide the service ticket to the client
• Client send Service Ticket and authentication request to the server
• Server checks the clients Service Ticket and initiates the Client-Server session

7.3 Data Security

• Refers to the practices, technologies, and measures used to protect data from unauthorized access, corruption, theft, or loss
• Maintains privacy, compliance with legal regulations, and integrity of an organization's data

Firewall

• System monitors and controls incoming/outgoing network traffic based on predetermined security rules
• Can be either software (program installed) or hardware (equipment installed)

Goals of Firewall

• All traffic must pass through the firewall authentication
• Only authorized traffic must be allowed to pass
• Immune to penetration

Capabilities of Firewall

• Prevent unauthorized entry into the protected network
• Prohibit vulnerable services from entering or leaving the network
• Provide protection from various kinds of IP spoofing and routing attacks
• Provide a location for monitoring security-related events
• Serve as a platform for Internet functions that are not security related
• Serve as the platform for IPsec

Types of Firewalls

• Packet filtering: Applying a set of rules to each incoming and outgoing IP packet
• Stateful inspection: Monitoring the state of active connections to determine which network packets to allow through the firewall
• Application level gateway: Runs proxies that copy and forward information across the gateway, preventing direct connection between a trusted server/client and an untrusted host
• Circuit level gateway: Monitors TCP handshaking between packets to determine whether requested session is legitimate

The Packet Filtering Firewall

• The external network uses a router to send a packet from external network to internal network
• Internal network contains the firewall to filter packets for internal network

Firewall Configuration

• Bastion Host: Deliberately exposes a host on a public network
• Individual Host-Based Bastion: Secures an individual host by filtering and restricting the flow of packets
• Personal Firewall: Protects only the installed computer by controlling the flow of network traffic (stand-alone)
• Distributed Firewall: Involves stand-alone firewall with host-based firewall under a central administrative control

7.4 Risk Management

• Cybersecurity risk management identifies, analyzes, and addresses an organization's IT security risks to prevent ongoing and future cyberattacks and cyberthreats
• Adheres strictly to relevant guidelines, standards, and best practices

Why does cybersecurity risk management matter?

• Mitigates cyberattacks and the damage associated with cyber risks
• Reduce operational costs
• Protect business assets and revenue
• Improve organizational reputation

Keys Steps in Cybersecurity Risk Management

• Identifying Risks which involves listing which systems/data could be attacked such as customer data and financial records
• Assessing Risks which involves determining the chances of a threat happening, and the potential impact if the threat occurs
• Managing Risks involves deciding how to handle each risk (reduce, transfer, avoid, or accept it).

Cybersecurity Risk Management Strategies

• Risk Avoidance: Prevent threat by changing plans or behavior (Avoid opening suspicious emails)
• Risk Reduction: Reduces chances or impact of a risk (Installing antivirus software and applying security patches)
• Risk Transfer: Shifting the risk to another party by purchasing cybersecurity insurance
• Risk Acceptance: Deciding to accept the risk if the impact is low and manageable