Infosec Combined PDF PDF
Document Details
Uploaded by AttractiveQuasar6261
Charles P. Pfleeger, et al
Tags
Related
Summary
This document is a chapter from a book on security in computing. It defines computer security and basic terms, including vulnerabilities, threats, and attacks. It also introduces the C-I-A Triad (confidentiality, integrity, availability).
Full Transcript
1 SECURITY IN COMPUTING, FIFTH EDITION Chapter 1: Introduction From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. ...
1 SECURITY IN COMPUTING, FIFTH EDITION Chapter 1: Introduction From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 2 Objectives for Chapter 1 Define computer security as well as basic computer security terms Introduce the C-I-A Triad Introduce basic access control terminology Explain basic threats, vulnerabilities, and attacks Show how controls map to threats From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 3 What Is Information Security? Information security protects sensitive information from unauthorized activities, including inspection, modification, recording, and any disruption or destruction. The goal is to ensure the safety and privacy of critical data such as customer account details, financial data or intellectual property. 4 What Is Computer Security? The protection of the assets of a computer system Hardware Software Data From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 5 Assets Hardware: Software: Data: Computer Operating system Documents Devices (disk Utilities (antivirus) Photos drives, memory, Commercial Music, videos printer) applications (word Email Network gear processing, photo Class projects editing) Individual applications From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 6 Values of Assets Off the shelf; easily replaceable Hardware: Software: Data: Computer Operating system Documents Devices (disk Utilities (antivirus) Photos drives, memory, Commercial Music, videos printer) applications (word Email Network gear processing, photo Class projects editing) Individual Unique; irreplaceable applications From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 7 Basic Terms Vulnerability Threat Attack Countermeasure or control From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Vulnerabilities, Threats, Attacks, Controls Vulnerability is a weakness in the security system (i.e., in procedures, design, or implementation), that might be exploited to cause loss or harm. Threat to a computing system is a set of circumstances that has the potential to cause loss or harm. a potential violation of security A human (criminal) who exploits a vulnerability perpetrates an attack on the system. How do we address these problems? We use a control as a protective measure. That is, a control is an action, device, procedure, or technique that removes or reduces a vulnerability. 9 Threat and Vulnerability Relationship among threats, controls, and vulnerabilities: A threat is blocked by control of a vulnerability. To devise controls, we must know as much about threats as possible. The fact that the violation might occur means that the actions that might cause it should be guarder against. From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 10 C-I-A Triad Confidentiality Integrity Availability Sometimes two other desirable characteristics: Authentication the process or action of proving or showing something to be true, genuine, or valid. Nonrepudiation is the assurance that someone cannot deny something. i.e. nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Security Goals When we talk about computer security, we mean that we are addressing three important aspects of any computer-related system: confidentiality, integrity, & availability (CIA) Confidentiality ensures that computer-related assets are accessed only by authorized parties. i.e. reading, viewing, printing, or even knowing their existence Secrecy or privacy Integrity means that assets can be modified only by authorized parties or only in authorized ways. i.e. writing, changing, deleting, creating Availability means that assets are accessible to authorized parties at appropriate times. i.e. often, availability is known by its opposite, denial of service. 12 Access Control Policy: Who + What + How = Yes/No Object Mode of access (what) Subject (how) (who) From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 13 Types of Threats Threats Natural Human causes causes Examples: Fire, Benign Malicious power failure intent intent Example: Human error Random Directed Example: Malicious Example: code on a general Impersonation web site From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 14 Advanced Persistent Threat (APT) Organized Directed Well financed Patient Silent From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 15 Types of Attackers Terrorist Criminal- Hacker for-hire Loosely Individual connected group Organized crime member Organized crime groups are discovering that computer crime can be lucrative. From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 16 Types of Harm Interception Interruption Modification Fabrication From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Threats In an interception means that some unauthorized party has gained access to an asset. In an interruption, an asset of the system becomes lost, unavailable, or unusable. If an unauthorized party not only accesses but tampers (forges) with an asset, the threat is a modification. Finally, an unauthorized party might create a fabrication of counterfeit objects on a computing system. 18 Method—Opportunity—Motive (MOM) Opportunity Motive Method From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Method, Opportunity, and Motive A malicious attacker must have three things (MOM): Method(HOW): the skills, knowledge, tools, and other things with which to be able to pull off the attack Knowledge of systems are widely available Opportunity(When): the time and access to accomplish the attack Systems available to the public are accessible to them Motive(Why): a reason want to perform this attack against this system 20 Controls/Countermeasures Kind of Threat ot t ot no /n /n us d/ an te io um c ic ire al H D Physical M Procedural Confidentiality Technical Protects Integrity e yp Availability lT n tro Co From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 21 Physical controls stop or block an attack by using something tangible too, such as walls and fences – locks – (human) guards – sprinklers and other fire extinguishers Procedural or administrative controls use a command or agreement that – requires or advises people how to act; for example, – laws, regulations – policies, procedures, guidelines – copyrights, patents – contracts, agreements From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 22 Technical controls counter threats with technology (hardware or software), including – passwords – program or operating system access controls – network protocols – firewalls, intrusion detection systems – encryption – network traffic flow regulators From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Relationship between Confidentiality Integrity and Availability In fact, these three characteristics can be independent, can overlap, and can even be mutually exclusive. Confidentiality Secure Integrity Availability Slide #1-24 Goals of Security Prevention Prevent attackers from violating security policy Detection Detect attackers’ violation of security policy Recovery Stop attack, assess and repair damage Continue to function correctly even if attack succeeds Slide #1-25 Trust and Assumptions Trust underlies all aspects of security Policies Unambiguously partition system states Correctly capture security requirements Mechanisms Assumed to enforce policy Support mechanisms work correctly 26 Different Types of Controls Security professionals balance the cost and effectiveness of controls with the likelihood and severity of harm. From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Controls Available Encryption We take data in their normal, unscrambled state, called: cleartext or plaintext, and transform them so that they are unintelligible to the outside observer; the transformed data are called enciphered text or ciphertext. Encryption clearly addresses the need for confidentiality of data. Additionally, it can be used to ensure integrity; data that cannot be read generally cannot easily be changed in a meaningful manner. Controls Available Encryption does not solve all computer security problems, and other tools must complement its use. if encryption is not used properly, it may have no effect on security or could even degrade the performance of the entire system. Weak encryption can actually be worse than no encryption at all, because it gives users an unwarranted sense of protection. Therefore, we must understand those situations in which encryption is most useful as well as ways to use it effectively. Controls Available Software/Program Controls Programs must be secure enough to prevent outside attack They must also be developed and maintained so that we can be confident of the programs' dependability. Program controls include the following: Internal program controls: parts of the program that enforce security restrictions, i.e. access limitations in a database management program Operating system and network system controls: limitations enforced by the operating system or network to protect each user from all other users i.e. chmod on UNIX: (Read, Write, Execute) vs. (Owner, Group, Other) Independent control programs: application programs, i.e. password checkers, intrusion detection utilities, or virus scanners, that protect against certain types of vulnerabilities Controls Available Development controls: quality standards under which a program is designed, coded (implementation), tested, and maintained to prevent software faults from becoming exploitable vulnerabilities i.e. Penetration testing (pen testing or ethical hacking), is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Software controls frequently affect users directly ? i.e. when the user is interrupted and asked for a password before being given access to a program or data. Because they influence the usability of the system, software controls must be carefully designed. Ease of use and capabilities are often competing goals in the design of a collection of software controls. Controls Available Hardware Controls Numerous hardware devices have been created to assist in providing computer security. These devices include a variety of means, such as hardware or smart card implementations of encryption locks or cables limiting access or deterring theft devices to verify users' identities firewalls intrusion detection systems circuit boards that control access to storage media Controls Available Policies and Procedures Sometimes, we can rely on agreed-on procedures or policies among users rather than enforcing security through hardware or software means i.e. frequent changes of passwords We must not forget the value of community standards and expectations when we consider how to enforce security. Physical Controls i.e. locks on doors, guards at entry points, backup copies of important software and data, and physical site planning that reduces the risk of natural disasters. Effectiveness of Controls Awareness of Problem People using controls must be convinced of the need for security. That is, people will willingly cooperate with security requirements only if they understand why security is appropriate in a given situation. Effectiveness of Controls Likelihood of Use Of course, no control is effective unless it is used Principle of Effectiveness: Controls must be used properly to be effective. They must be efficient, easy to use, and appropriate. This principle implies that computer security controls must be efficient enough, in terms of time, memory space, human activity, or other resources used, using the control does not seriously affect the task being protected. Controls should be selective so that they do not exclude legitimate accesses. Effectiveness of Controls Overlapping Controls Several different controls may apply to address a single vulnerability. Periodic Review Just when the security specialist finds a way to secure assets against certain kinds of attacks, the opposition doubles its efforts in an attempt to defeat the security mechanisms. Thus, judging the effectiveness of a control is an ongoing task. Principle of Weakest Link Security can be no stronger than its weakest link !!! Whether it is the power supply that powers the firewall or the operating system under the security application or the human who plans, implements, and administers controls, a failure of any control can lead to a security failure. 37 Summary Vulnerabilities are weaknesses in a system; threats exploit those weaknesses; controls protect those weaknesses from exploitation Confidentiality, integrity, and availability are the three basic security primitives Different attackers pose different kinds of threats based on their capabilities and motivations Different controls address different threats; controls come in many flavors and can exist at various points in the system From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 20 Malware Programs planted by an agent with malicious intent to cause unanticipated or undesired effects Virus A program that can replicate itself and pass on malicious code to other nonmalicious programs by modifying them Worm A program that spreads copies of itself through a network Bots (scan web traffic and report back) Trojan horse Code that, in addition to its stated effect, has a second, nonobvious, malicious effect From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 21 Types of Malware From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 22 Types of Malware (cont.) From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 23 History of Malware From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 24 History of Malware (cont.) From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 25 Harm from Malicious Code Harm to users and systems: Sending email to user contacts Deleting or encrypting files Modifying system information, such as the Windows registry Stealing sensitive information, such as passwords Attaching to critical system files Hide copies of malware in multiple complementary locations Harm to the world: Some malware has been known to infect millions of systems, growing at a geometric rate Infected systems often become staging areas for new infections From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 26 Transmission and Propagation Setup and installer program (setup.exe) Attached file (grade.pdfx) Document viruses (homework_solutions.pdf) Autorun Using nonmalicious programs: Appended viruses Viruses that surround a program Integrated viruses and replacements From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 27 Malware Activation One-time execution (implanting) Boot sector viruses Memory-resident viruses Application files Code libraries From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 28 Virus Effects Virus Effect How It Is Caused Attach to executable Modify file directory program Write to executable program file Attach to data or Modify directory control file Rewrite data Append to data Append data to self Remain in memory Intercept interrupt by modifying interrupt handler address table Load self in non-transient memory area Infect disks Intercept interrupt Intercept operating system call (to format disk, for example) Modify system file Modify ordinary executable program Conceal self Intercept system calls that would reveal self and falsify result Classify self as “hidden” file Spread infection Infect boot sector Infect systems program Infect ordinary program Infect data ordinary program reads to control its execution Prevent deactivation Activate before deactivating program and block deactivation Store copy to reinfect after deactivation From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 29 Countermeasures for Users Use software acquired from reliable sources Test software in an isolated environment Only open attachments when you know them to be safe Treat every website as potentially harmful Create and maintain backups From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 30 Virus Detection Virus scanners look for signs of malicious code infection using signatures in program files and memory Traditional virus scanners have trouble keeping up with new malware—detect about 45% of infections Detection mechanisms: Known string patterns in files or memory Execution patterns Storage patterns From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 31 Virus Signatures IF (--) Attached Recognizable JUMP Virus Code signature elements Original Program Original Program Separate Virus Module From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 32 Countermeasures for Developers Modular code: Each code module should be Single-purpose Small Simple Independent Encapsulation Information hiding Mutual Suspicion Confinement Genetic diversity From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 33 Code Testing Unit testing Integration testing Function testing Performance testing Acceptance testing Installation testing Regression testing Penetration testing From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 34 Design Principles for Security Least privilege Economy of mechanism Open design Complete mediation Permission based Separation of privilege Least common mechanism Ease of use From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 35 Other Countermeasures Good Proofs of program correctness—where possible Defensive programming Design by contract Bad Penetrate-and-patch Security by obscurity From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 36 Summary Buffer overflow attacks can take advantage of the fact that code and data are stored in the same memory in order to maliciously modify executing programs Programs can have a number of other types of vulnerabilities, including off-by-one errors, incomplete mediation, and race conditions Malware can have a variety of harmful effects depending on its characteristics, including resource usage, infection vector, and payload Developers can use a variety of techniques for writing and testing code for security From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. BCSE317L Information Security Lecture 5 29-07-2024 Program Security Program Security 1. Buffer Overflow 2. Incomplete Mediation 3. Time-of-Check to Time-of-Use 4. Undocumented Access Point 5. Off-by-One Error 6. Integer Overflow 7. Unterminated Null-Terminated String 8. Parameter Length, Type, and Number 9. Unsafe Utility Program 10. Race Condition The Stack after Procedure Calls Procedure B Stack Procedure A P3 call C P2 call B P1 Prog Ctr Stack Ptr Procedure C P2 P1 Prog Ctr Stack Ptr When procedure A calls procedure B, procedure B gets added to the stack along with a pointer back to procedure A. In this way, when procedure B is finished running, it can get popped off the stack, and procedure A will just continue executing where it left off. 4 Compromised Stack Procedure B Stack Procedure A P3 call C P2 call B P1 Prog Ctr Stack Ptr Procedure C code code Prog Ctr Stack Ptr Instead of pointing at procedure B in this case, the program counter is pointing at code that’s been placed on the stack because of an overflow. 5 Overwriting Memory for Execution Overwrite the program counter stored in the stack Overwrite part of the code in low memory, substituting new instructions Overwrite the program counter and data in the stack so that the program counter points to the stack 6 Harm from Buffer Overflows Overwrite: Another piece of your program’s data An instruction in your program Data or code belonging to another program Data or code belonging to the operating system Overwriting a program’s instructions gives attackers that program’s execution privileges Overwriting operating system instructions gives attackers the operating system’s execution privileges Also can be used a form of DOS 7 2. Incomplete Mediation Verifying that the subject is authorized to perform the operation on an object is called mediation. http://www.somesite.com/subpage/userinput.asp? parm1=(808)555-1212&parm2=2015Jan17 URL contains web address and two parameters Parameters parm1 and parm2 look like a telephone number and a date, respectively. if parm2 is 1800Min01, the system would fail with a routine’s failing on a data type error as it tried to handle a month named “Min” or a year (like 1800) that was out of expected range. Validate All Input Incomplete Mediation Users make errors from ignorance, misunderstanding, distraction; user errors should not cause program failures. http://www.things.com/order.asp?custID=101&part=555A &qy=20&price=10&ship=boat&shipcost=5&total=205 Malicious tampering: A malicious attacker may exploit this by supplying $205 instead of $25, reducing the price The attacker could have ordered objects from things.com in any quantity at any price. solution is complete mediation. 3. Time-of-Check to Time-of-Use (TOCTOU) To improve efficiency, modern processors and OS usually change the order in which instructions and procedures are executed. Instructions that appear to be adjacent may not actually be executed immediately after each other, either because of intentionally changed order or because of the effects of other processes in concurrent execution. Between access check and use, data must be protected against change. Time-of-Check to Time-of-Use (TOCTOU) e.g., consider a person’s buying a sculpture that costs $100. The buyer takes out five $20, counts them in front of the seller, and lays them on the table. While the seller turns to write receipt, the buyer takes back one $20. When the seller turns around, the buyer hands over the money, takes the receipt, and leaves with the sculpture. Between the time the security was checked (counting) and the access occurred (exchanging the sculpture for the money), a condition changed: What was checked is no longer valid when the object (that is, the sculpture) is accessed. Time-of-Check to Time-of-Use Suppose a request to access a file is presented as a data structure, with the name of the file and the mode of access in the structure. While the mediator is checking access rights for the file my_file, the user could change the file name descriptor to your_file Exploits the delay between the two actions: check and use. i.e., between the time the access was checked and the time the result of the check was used, a change occurred, invalidating the result of the check. Time-of-Check to Time-of-Use Countermeasures The access-checking software must own the request data until the requested action is complete. Another protection technique is to ensure serial integrity, that is, to allow no interruption (loss of control) during the validation. 4. Undocumented Access Point Poor programming practice During program development and testing, the programmer might create an undocumented entry point. Sometimes, the programmer forgets to remove these entry points when the program moves from development to product. Or the programmer decides to leave them to facilitate program maintenance later; believing that nobody will find the entry. An undocumented access point is called a backdoor or trapdoor. Such an entry can transfer control to any point with any privileges the programmer wanted. First, being undocumented, these entry points will not be clearly labeled in source code or any of the development documentation. Second, such backdoors are often added after ordinary code development, during testing or even maintenance, so even the scrutiny of skilled reviewers will not find them. 5. Off-by-One Error Miscalculating the condition to end a loop (repeat while i< = n or in?) or overlooking that an array of A through A[n] contains n+1 elements. Control against these errors is correct programming: always check to ensure that a container is large enough for the amount of data it is to contain. 6. Integer Overflow Integer overflow occurs because a storage location is of fixed, finite size and can contain only integers up to a certain limit. The overflow depends on whether the data values are signed (that is, whether one bit is reserved for indicating whether the number is positive or negative). Integer Overflow When a computation causes a value to exceed the limit, the extra data does not spill over to affect adjacent data items. That’s because the arithmetic is performed in a hardware register of the processor, not in memory. Instead, either a hardware program exception or fault condition is signaled, which causes transfer to an error handling routine, or the excess digits on the most significant end of the data item are lost. Thus, with 8-bit unsigned integers, 255 + 1 = 0. If a program uses an 8-bit unsigned integer for a loop counter and the stopping condition is count = 256, then the condition will never be true. Checking for this type of overflow is difficult, because only when a result overflows can the program determine an overflow. 7. Unterminated Null-Terminated String In case (c): Suppose an erroneous process happens to overwrite the end of the string and its terminating null character, the application reading the string will continue reading memory Different types of Variable-Length String until a null byte happens to Representations appear, at any distance a) Basic and Java beyond the end of the string. b) Pascal c) C Thus, the application can read 100 to 100,000 extra bytes or more until it encounters a null. 8. Parameter Length, Type, and Number Procedure parameters are sources of data-length errors: Wrong output type or size. A calling and called procedure need to agree on the type and size of data values exchanged. If the caller provides space for a two-byte integer but the called routine produces a four-byte result, those extra two bytes will go somewhere. Too-long string. A procedure can receive as input a string longer than it can handle, or it can produce a too-long string on output, each of which will also cause an overflow condition. 9. Unsafe Utility Program Programming languages(e.g., C) provide a library of utility routines to assist with common activities, such as moving and copying strings. In C the function strcpy(dest, src) copies a string from src to dest, stopping on a null, with the potential to overrun allocated memory. A safer function is strncpy(dest, src, max), which copies up to the null delimiter or max characters, whichever comes first. 10. Race Condition Race condition occurs when two processes are competing within the same time interval, and the race affects the integrity or correctness of the computing tasks. e..g, two devices may submit competing requests to the operating system for a given chunk of memory at the same time. In the two- step request process, each device first asks if the size chunk is available, and if the answer is yes, then reserves that chunk for itself. Depending on the timing of the steps, the first device could ask for the chunk, get a “yes” answer, but then not get the chunk because it has already been assigned to the second device. In cases like this, the two requesters “race” to obtain a resource. Unsynchronized Activity In a race condition or serialization flaw two processes execute concurrently, and the outcome of the computation depends on the order in which instructions of the processes execute. Steps 1,2,3 of John’s transaction; followed by Mac’s transaction before line 4 (update) Because A has not completed the transaction before the system gets a request from B, the system tells B that the seat is available. If the system is not designed properly, both agents can complete their transactions, and two passengers will be confirmed for that one seat (which will be uncomfortable, to say the least). Reference Module 1 – Reference: Charles P. Pfleeger, Shari Lawrence Pfleeger, Jonathan Margulies, Security in Computing, 2018, Fifth Edition, Pearson, New York. 8/29/2024 1 SECURITY IN COMPUTING, FIFTH EDITION Chapter 2: Toolbox: Authentication, Access Control, and Cryptography 8/29/2024 2 Authentication and Identification Identification is the act of asserting who a person is. Authentication is the act of proving that asserted identity: that the person is who she says she is. Identification is asserting who a person is. Authentication is proving that asserted identity. 8/29/2024 3 Identification Versus Authentication Identities are often well known, predictable, or guessable. If you send email to someone, you implicitly send along your email account ID so the other person can reply to you. In an online discussion you may post comments under a screen name as a way of linking your various postings. Your bank account number is printed on checks you write; your debit card account number is shown on your card, and so on. In each of these cases you reveal a part of your identity. Some account IDs are not hard to guess. With too many accounts to remember, you may welcome places that identify you by something you know well because you use it often. But using it often also means other people can know or guess it as well. For these reasons, many people could easily, although falsely, claim to be you by presenting one of your known identifiers. 8/29/2024 4 Identification Versus Authentication Authentication, on the other hand, should be reliable. If identification asserts your identity, authentication confirms that you are who you purport to be. Although identifiers may be widely known or easily determined, authentication should be private. However, if the authentication process is not strong enough, it will not be secure. Identities are typically public or well known. Authentication should be private. Authentication mechanisms use any of three qualities to confirm a user’s identity: Something the user knows Something the user is Something the user has Authentication is based on something you know, are, or have. 8/29/2024 5 Authentication The act of proving that a user is who she says she is Methods: 1. Something the user knows 2. Something the user is 3. Something user have 4. Location Factors 5. Behavioral Factors 8/29/2024 6 1. Something You Know The use of passwords is fairly straightforward. Even though passwords are widely used, they suffer from some difficulties of use: Use. Supplying a password for each access to an object can be inconvenient and time consuming. Disclosure. If a user discloses a password to an unauthorized individual, the object becomes immediately accessible. If the user then changes the password to re-protect the object, the user must inform any other legitimate users of the new password because their old password will fail. Revocation. To revoke one user’s access right to an object, someone must change the password, thereby causing the same problems as disclosure. Loss. Depending on how the passwords are implemented, it may be impossible to retrieve a lost or forgotten password. The operators or system administrators can certainly intervene and provide a new password, but often they cannot determine what password a user had chosen previously. If the user loses (or forgets) the password, administrators must assign a new one. 8/29/2024 7 Attacking and Protecting Passwords How secure are passwords themselves? Passwords are somewhat limited as protection devices because of the relatively small number of bits of information they contain. Knight and Hartley [KNI98] list, in order, 12 steps an attacker might try in order to determine a password. These steps are in increasing degree of difficulty (number of guesses), and so they indicate the amount of work to which the attacker must go in order to derive a password. Here are their password guessing steps: no password the same as the user ID is, or is derived from, the user’s name on a common word list (for example, password, secret, private) plus common names and patterns (for example, qwerty, aaaaaa) contained in a short college dictionary contained in a complete English word list contained in common non-English-language dictionaries contained in a short college dictionary with capitalizations (PaSsWorD) or substitutions (digit 0 for letter O, and so forth) contained in a complete English dictionary with capitalizations or substitutions contained in common non-English dictionaries with capitalization or substitutions obtained by brute force, trying all possible combinations of alphabetic characters obtained by brute force, trying all possible combinations from the full character set 8/29/2024 8 Passwords Every password can be guessed; password strength is determined by how many guesses are required. Operating systems store passwords in hidden (encrypted) form so that compromising the id–password list does not give immediate access to all user accounts. Converting a password to its concealment form is simple, but going the other way (starting with a concealed version and deriving the corresponding password) is effectively impossible. (For this reason, on some websites if you forget your password, the system can reset your password to a new, random value, but it cannot tell you what your forgotten password was.) People often use one of a few predictable passwords. The interceptor can create what is called a rainbow table, a list of the concealed forms of the common passwords. Assume that that Pat and Roz both chose the same password. Both copies will have the same concealed value, so someone who intercepts the table can learn that users Pat and Roz have the same password. Knowing that, the interceptor can also guess that Pat and Roz both chose common passwords, and start trying the usual ones; when one works, the other will, too. 8/29/2024 9 Passwords To counter both these threats, some systems use an extra piece called the salt. A salt is an extra data field different for each user, perhaps the date the account was created or a part of the user’s name. The salt value is joined to the password before the combination is transformed by concealment. In this way, Pat+aaaaaa has a different concealment value from Roz+aaaaaa. Also, an attacker cannot build a rainbow table because the common passwords now all have a unique component, too. Salt: user-specific component joined to an encrypted password to distinguish identical passwords 8/29/2024 10 Good Passwords Use characters other than just a–z. If passwords are chosen from the letters a–z, there are only 26 possibilities for each character. Adding digits expands the number of possibilities to 36. Using both uppercase and lowercase letters plus digits expands the number of possible characters to 62. Choose long passwords. The combinatorial explosion of password guessing difficulty begins around length 4 or 5. Choosing longer passwords makes it less likely that a password will be uncovered. Avoid actual names or words. Theoretically, there are 266, or about 300 million 6- letter “words” (meaning any combination of letters), but there are only about 150,000 words in a good collegiate dictionary, ignoring length. By picking one of the 99.95 percent nonwords, you force the attacker to use a longer brute-force search instead of the abbreviated dictionary search. Use a string you can remember. Password choice is a double bind. To remember the password easily, you want one that has special meaning to you. However, you don’t want someone else to be able to guess this special meaning. One easy-to-remember password is UcnB2s. 8/29/2024 11 Good Passwords Use variants for multiple passwords. With accounts, websites, and subscriptions, an individual can easily amass 50 or 100 passwords, which is clearly too many to remember. Unless you use a trick. Start with a phrase as in the previous suggestion: Ih1b2s (I have one brother, two sisters). Then append some patterns involving the first few vowels and consonants of the entity for the password: Ih1b2sIvs for vIsa, Ih1b2sAfc for fAcebook, and so forth. Change the password regularly. Even if you have no reason to suspect that someone has compromised the password, you should change it from time to time. A penetrator may break a password system by obtaining an old list or working exhaustively on an encrypted list. Don’t write it down. Note: This time-honored advice is relevant only if physical security is a serious risk. People who have accounts on many machines and servers, and with many applications or sites, may have trouble remembering all the access codes. Don’t tell anyone else. The easiest attack is social engineering, in which the attacker contacts the system’s administrator or a user to elicit the password in some way. For example, the attacker may phone a user, claim to be “system administration,” and ask the user to verify the user’s password. 8/29/2024 12 Security questions Instead of passwords, some companies use questions to which (presumably) only the right person would know the answer. Such questions include mother’s maiden name, street name from childhood, model of first automobile, and name of favorite teacher. The user picks relevant questions and supplies the answers when creating an identity. Knowledge Factors Are The Least Secure Authentication Factors. Passwords are becoming oppressive as many websites now ask users to log in. But when faced with a system that is difficult to handle, users often take the easy route: choosing an easy password and reusing it on many sites. To overcome that weakness, some systems use a form of authentication that cannot be stolen, duplicated, forgotten, lent, or lost: properties of the user. 8/29/2024 13 2. Something the user is Generally biometric Factors Something unique to the user's physical attributes. Examples include fingerprints, facial recognition, voice recognition, retina scans, and other forms of biometric data. Banks and investment firms commonly use voice recognition when you call them to verify your identity. Your voice is analysed based on its acoustics and individual characteristics like your accent, speech rhythm, and vocabulary. As an example of multi-factor authentication that uses biometrics, consider your cell phone. You can enable multi-factor authentication so that you have to enter a PIN (something you know) and scan your fingerprint (something you have). Biometrics are a convenient form of authentication because you have them readily available. 8/29/2024 14 Problems with Use of Biometrics Biometrics are relatively new, and some people find their use intrusive. For example, people in some cultures are insulted by having to submit to fingerprinting, because they think that only criminals are fingerprinted. Biometric recognition devices are costly. Biometric readers and comparisons can become a single point of failure Consider a retail application in which a biometric recognition is linked to a payment scheme: As one user puts it, “If my credit card fails to register, I can always pull out a second card, but if my fingerprint is not recognized, I have only that one finger.” All biometric readers use sampling and establish a threshold for acceptance of a close match. The device has to sample the biometric, measure often hundreds of key points, and compare that set of measurements with a template. Features vary slightly from one reading to the next, for example, if your face is tilted, if you press one side of a finger more than another, or if your voice is affected by a sinus infection. Variation reduces accuracy. Although equipment accuracy is improving, false readings still occur. We label a false positive or false accept a reading that is accepted when it should be rejected (that is, the authenticator does not match) and a false negative or false reject one that rejects when it should accept. False positive: incorrectly confirming an identity. False negative: incorrectly denying an identity. 8/29/2024 15 3. Something the user has Something you have means that you have a physical object in your possession. One physical authenticator with which you are probably familiar is a key. Other familiar examples of tokens are badges and identity cards. As the names imply, passive tokens do nothing, and active ones take some action. A photo or key is an example of a passive token in that the contents of the token never change. (And, of course, with photos permanence can be a problem, as people change hair style or color and their faces change over time.) An active token can have some variability or interaction with its surroundings. For example, some public transportation systems use cards with a magnetic strip. When you insert the card into a reader, the machine reads the current balance, subtracts the price of the trip and rewrites a new balance for the next use. In this case, the token is just a repository to hold the current value. Another form of active token initiates a two-way communication with its reader, often by wireless or radio signaling. Passive tokens do not change. Active tokens communicate with a sensor. 8/29/2024 16 Static tokens The value of a static token remains fixed. Keys, identity cards, passports, credit and other magnetic-stripe cards, and radio transmitter cards (called RFID devices) are examples of static tokens. Static tokens are most useful for onsite authentication: When a guard looks at your picture badge, the fact that you possess such a badge and that your face looks (at least vaguely) like the picture causes the guard to pass your authentication and allow you access. Tokens are vulnerable to an attack called skimming. Skimming is the use of a device to copy authentication data surreptitiously and relay it to an attacker. Automated teller machines (ATMs) and point-of-sale credit card readers are particularly vulnerable to skimming. Another form of copying occurs with passwords. If you have to enter or speak your password, someone else can look over your shoulder or overhear you, and now that authenticator is easily copied or forged. To overcome copying of physical tokens or passwords, we can use dynamic tokens. 8/29/2024 17 Dynamic tokens A dynamic token is one whose value changes. Although there are several different forms, a dynamic authentication token is essentially a device that generates an unpredictable value that we might call a pass number. Some devices change numbers at a particular interval, for example, once a minute; others change numbers when you press a button, and others compute a new number in response to an input, sometimes called a challenge. In all cases, it does not matter if someone else sees or hears you provide the pass number, because that one value will be valid for only one access (yours), and knowing that one value will not allow the outsider to guess or generate the next pass number. Dynamic token generators are useful for remote authentication, especially of a person to a computer. An example of a dynamic token is the SecurID token from RSA Laboratories. 8/29/2024 18 3. Something the user has Possession factor technologies include the following: Security tokens are small hardware devices that store a user's personal information and are used to authenticate that person's identity electronically. The device may be a smart card, an embedded chip in an object, such as a Universal Serial Bus (USB) drive, or a wireless tag. A software-based security token application generates a single-use login PIN. Soft tokens are often used for mobile multifactor authentication, in which the device itself -- such as a smartphone -- provides the possession factor authentication. Typical possession factor user scenarios include the following: mobile authentication, where users receive a code via their smartphone to gain or grant access -- variations include text messages and phone calls sent to a user as an out-of-band method, smartphone OTP apps, SIM cards and smart cards with stored authentication data; and attaching a USB hardware token to a desktop that generates an OTP and using it to log in to a VPN client. 8/29/2024 19 4. Location Factors Somewhere the user is. This can involve geolocation services to verify that the user is accessing the system from an expected or approved location. Some see it as authorisation factor instead of an authentication factor Three main difficulties around the use of location to help give confidence that an identity is authentic are Specificity - How much space do you occupy at any one time Accuracy - consumer hardware is affected by so many variables, that we can’t trust any location data is accurate at this level of resolution with current technology. Reliability - we need to know that the data provided, even if really accurate, is authoritative. Location data as it stands is often trivial to spoof, there are also issues with GPS jamming. 8/29/2024 20 5. Behavioral Factor Something related to the user's behaviour or patterns of interaction. Examples include typing speed, mouse movement patterns, and other behavioural characteristics. There are many potential benefits to behavioral biometrics authentication, including the following: REMOVE ANY UNCERTAINTY ABOUT A USER’S IDENTITY Behavioral biometrics authentication uses unique data points to continuously authenticate a user, irrespective of what they’re doing on their computer. This eliminates any opportunity for identity theft or fraud since there is no way to steal or replicate biometric information. PRESERVE PRIVACY Behavioral biometrics authentication does not reveal user identity like traditional authentication methods do. This preserves user privacy and allows them to keep their personal information private. EVALUATION OF USER INTERACTION WITH THE DEVICE IN REAL TIME Behavioral biometrics authentication evaluates a user’s ongoing interaction with their device in real time, making it harder for hackers to get around security measures. MORE SECURE THAN TRADITIONAL SECURITY MEASURES Unlike standard security measures, which are susceptible to theft or replication, behavioral biometrics authentication is almost impossible to replicate. This makes it more secure than traditional security measures. 8/29/2024 1 Multi-factor Authentication When implementing MFA, it's generally recommended to use a combination of these factors to ensure a higher level of security. For example, a common MFA setup might involve a password (knowledge factor) and a one-time code from an authenticator app (possession factor). This way, even if one factor is compromised, the attacker would still need the other factor to gain access 8/29/2024 2 Distribution of Password Types One character 0% Other good Two characters passwords 2% 14% Three characters 14% Words in dictionaries or lists of names Four characters, 15% all letters 14% Six letters, lowercase Five letters, 19% all same case 22% 8/29/2024 3 Password Storage 1. Use Strong Encryption: - Employ strong, industry-standard encryption algorithms (like bcrypt, scrypt, or Argon2) to hash passwords before storing them. Avoid using weak or outdated encryption methods. 2. Salted Hashing: Always use a unique, random value (known as a "salt") for each password before hashing. This helps protect against rainbow table attacks. 3. Avoid Plain Text Storage: - Never store passwords in plain text. If a database is breached, plain text can be easily exploited. 4. Implement Key Strengthening: - Use techniques like key stretching to make the hashing process computationally intensive. This slows down brute-force and dictionary attacks. 5. Regularly Update Password Hashes: - Periodically rehash passwords using stronger algorithms or longer salts. This helps to stay ahead of advances in computational power. 6. Protect the Database: - Implement strong access controls and encryption for the database where passwords are stored. Use firewalls and intrusion detection systems to safeguard against unauthorized access. 7. Access Control: - Limit access to the password database to only those who need it. Use strict access controls and strong authentication for administrators. 8. Monitor for Anomalies - Set up monitoring systems to detect unusual activity related to password storage or access. 9. Multi-Factor Authentication (MFA): - Implement MFA for privileged users who have access to password databases. 10. Use a Trusted Password Manager: If possible, encourage users to use trusted password managers to generate, store, and manage their passwords securely. 11. Regularly Audit Password Security: - Conduct regular security audits and vulnerability assessments to identify and address any weaknesses in the password storage process. 8/29/2024 4 Brute Force Hacking Brute force hacking is a method used by attackers to gain unauthorized access to a system or an account by systematically trying out all possible combinations of usernames and passwords until the correct one is found. This method does not rely on any specialized knowledge or vulnerabilities in the system; instead, it relies on the sheer computational power and persistence of the attacker. 1.Selection of Target: The attacker identifies a target, which could be a specific account (like an email or social media account) or a system (like a website, server, or application) that they want to access. 2.Credential List: The attacker compiles a list of potential usernames and passwords. These lists can be generated in various ways, including using common passwords, dictionary words, or by harvesting data from previous breaches. 3.Iteration: The attacker uses a program or script to automate the process of attempting to log in. The program iterates through the list of usernames and tries each one with every password. 4.Testing Credentials: For each combination of username and password, the program sends a login request to the target system. If the combination is correct, the attacker gains access. 5.Iterative Process: The process continues until the correct combination is found or until the entire list of possible combinations has been exhausted. 6.Time and Resources: The success of a brute force attack depends on the strength and complexity of the passwords, the computational power available to the attacker, and the effectiveness of any countermeasures in place (such as account lockouts after a certain number of failed login attempts). 8/29/2024 5 Bruce Force Hacking 7. Variations: 1. Simple Brute Force: This involves systematically trying every possible combination of characters until the correct one is found. 2. Dictionary Attacks: In this variation, the attacker uses a list of commonly used passwords or dictionary words, potentially supplemented with variations (e.g., "password123", "letmein"). 3. Hybrid Attacks: These combine elements of dictionary attacks with variations and patterns that users commonly use to create passwords. 8. Countermeasures: 1. Account Lockouts: After a certain number of failed login attempts, an account may be temporarily locked to prevent further unauthorized access attempts. 2. CAPTCHA: CAPTCHA challenges can be used to differentiate between human users and automated scripts. 3. Strong Password Policies: Requiring complex passwords with a combination of uppercase, lowercase, numbers, and special characters can significantly increase the difficulty of a successful brute force attack. 4. Multi-Factor Authentication (MFA): Adding an extra layer of authentication, e.g. a one-time code sent to a user's mobile device, greatly mitigates the effectiveness of brute force attacks. It is important for individuals and organizations to implement strong password practices and other security measures to protect against brute force attacks 8/29/2024 6 How Long Does It Take a Hacker to Brute Force a Password in 2023 Hive Systems conducts annual research to determine how long it takes to crack passwords Provides a time of how long it would take a hacker with a consumer budget to crack passwords using a desktop computer with a top-level consumer-grade graphics card. If a password is set of 8 characters, using the NIST recommendation of choosing a randomly generated string of 8-characters, using a top-of-a-range GPU that was available in 2018 (RTX 2080) it would take 4 hours to crack a password with numbers, upper- and lower-case letters, and symbols. Today, using the latest GPUs (RTX 4090) it takes just 59 minutes, but if cloud resources were used, the time taken to crack the password drops to just 19 minutes if using 8 x A100 GPUs from Amazon AWS, and 12 minutes if using 12. The table on next slide shows how long it would take a hacker using standard equipment to guess a password 8/29/2024 7 Time it takes hackers to brute force passwords 8/29/2024 8 Federated Identity Management FIM is a system of single login, multiple access. For FIM to work effectively, all involved partners must have a sense of mutual trust. Each trust domain maintains its own identity management. However, all domains are interlinked through a third-party service that stores users' access credentials and provides the trust mechanism needed for FIM to work. This third service is known as the identity provider or identity broker. Users' credentials are provided to and stored with their identity provider, which is their home domain. Then, when logging in to a service such as a software- as-a-service application, they don't have to provide credentials to the service provider. Rather, the service provider trusts the identity provider to validate these credentials and grant them access. Examples of FIM systems include OpenID and Open Authorization, as well as Shibboleth, which is based on the Organization for the Advancement of Structured Information Standards' Security Assertion Markup Language (SAML). 8/29/2024 9 Federated Identity Management A federated identity management scheme is a union of separate identification and authentication systems. Authentication is performed in one place, and separate processes and systems determine that an already authenticated user is to be activated. 8/29/2024 10 Single Sign-On Single sign-on lets a user log on once per session but access many different applications/systems. It often works in conjunction with federated identity management, with the federated identity provider acting as the source of authentication for all the applications. Google, LinkedIn, Apple, Twitter and Facebook offer popular SSO services that enable end users to log in to third-party applications with their social media authentication credentials. 8/29/2024 11 Single Sign-On vs FIM Single sign-on (SSO) is an important component of FIM, but it is not the same as FIM. Implementing single sign-on doesn't necessarily require FIM, but the latter does rely heavily on SSO technologies for authentication among domains. SSO enables users to use a single set of credentials to access multiple systems within a single organization. It is token-based, meaning that users are identified by a token rather than a password. FIM enables users to access systems across federated organizations. They can use the same credentials to access the applications, programs and networks of all members within the federated group. It provides single-step access to multiple systems across different organizations. Unlike SSO, FIM users don't provide credentials directly to a web application, but to the FIM system itself. 8/29/2024 12 Cryptography Cryptography is the study of conversion of plain text (readable format) to ciphertext (non-readable format) i.e. encryption. It is also called the study of encryption. Cryptology, on the other hand, is the study of the conversion of plain text to ciphertext and vice versa. It is also called the study of encryption and decryption. 8/29/2024 13 Cryptography Cryptography is used to secure data at rest, stored in servers, and in motion, transmitted over the network. Cryptography involves mathematical operations that convert the original plaintext into an unintelligible ciphertext (encryption) and the reverse process, converting ciphertext to plaintext (decryption). Cryptography is classified into symmetric cryptography and asymmetric cryptography. 8/29/2024 14 Symmetric systems 8/29/2024 15 Asymmetric (Public) key systems 8/29/2024 16 Purpose and Goal of Cryptography The goal of the cryptography schemes is to ensure: Entity authentication: The entities are alive and active as corroborating with both parties. Data origin authentication: Each party is corroborated of the information source. Implicit key authentication: Only the intended recipient can determine the private key and use it to complete the encryption/decryption process. Key confirmation: Confirm that the recipient is in possession of their particular secret key. Explicit key authentication: Ensure that the given secret key is in possession of the intended recipient. 8/29/2024 17 Key Management Cryptographic keys are a vital part of any security system. They do everything from data encryption and decryption to user authentication. The compromise of any cryptographic key could lead to the collapse of an organization’s entire security infrastructure, allowing the attacker to decrypt sensitive data, authenticate themselves as privileged users, or give themselves access to other sources of classified information. Proper management of keys and their related components can ensure the safety of confidential information. Key Management is the process of putting certain standards in place to ensure the security of cryptographic keys in an organization. Key Management deals with the creation, exchange, storage, deletion, and refreshing of keys. They also deal with the members access of the keys. 8/29/2024 18 Why is Key Management important? Key management forms the basis of all data security. Data is encrypted and decrypted via the use of encryption keys, which means the loss or compromise of any encryption key would invalidate the data security measures put into place. Keys also ensure the safe transmission of data across an Internet connection. With authentication methods, like code signing, attackers could pretend to be a trusted service like Microsoft, while giving victim’s computers malware, if they steal a poorly protected key. Keys provide compliance with certain standards and regulations to ensure companies are using best practices when protecting cryptographic keys. Well protected keys are only accessible by users who need them. 8/29/2024 19 What is Key Management? Effective use of cryptography requires key management, which refers to the all-encompassing activities in handling cryptography keys during the entire lifecycle. It is designed to defend against two attacks, which refer to the key exchange problem: Forward secrecy refers to an encryption system that changes the keys used to encrypt and decrypt information frequently and automatically. This ongoing process ensures that even if the most recent key is hacked, a minimal amount of sensitive data is exposed. Known key attack If the keying material is compromised, future session keys are no longer secure. An adversary can impersonate the legitimate entity using this knowledge, but the past communication sessions are not compromised by this attack. 8/29/2024 20 Types of Keys There are two types of cryptographic keys, symmetric and asymmetric keys. Symmetric keys deal with data-at-rest, which is data stored in a static location, such as a database. Symmetric key encryption uses the same key for both encryption and decryption. Using data in a database as an example, while the data is stored in the database, it is encrypted with the symmetric key. Once an authorized user attempts to access the data, the information is decrypted with the same symmetric key and made accessible to the user. The other type of cryptographic key is an asymmetric key. 8/29/2024 21 Symmetric key cryptography It involves the usage of one secret key along with encryption and decryption algorithms which help in securing the contents of the message. The strength of symmetric key cryptography depends upon the number of key bits. It is relatively faster than asymmetric key cryptography. There arises a key distribution problem as the key has to be transferred from the sender to the receiver through a secure channel. 8/29/2024 22 Asymmetric key cryptography It is also known as public-key cryptography because it involves the usage of a public key along with the secret key. It solves the problem of key distribution as both parties use different keys for encryption/decryption. It is not feasible to use for decrypting bulk messages as it is very slow compared to symmetric key cryptography. 8/29/2024 23 Encryption using Asymmetric Keys Encryption using asymmetric keys is a little more complicated than symmetric key encryption. Instead of using the same key for both encryption and decryption, two separate keys called a public and private key, are used for the encryption and decryption of data. These keys are created as a pair, so that they relate to each other. The public key of a pair of asymmetric keys is mainly used to encrypt data. This key can be shared with anyone since it encrypts, not decrypts, data. The private key is used for the decryption of data encrypted by its public key counterpart, so it must stay secure. Asymmetric keys focus on encrypting data-in-motion. Data-in-motion is data sent across a network connection, whether it be a public or private connection. When transporting sensitive data, most encryption processes use both symmetric and asymmetric keys to encrypt data. The data is first encrypted-at-rest by a symmetric encryption key. The symmetric key is now encrypted by the public key of the person who the data is being sent to. That encrypted symmetric key and the ciphertext are sent to the recipient of the data. Once the ciphertext and key reach the recipient, the symmetric key is decrypted by that user’s private key, and the ciphertext is decrypted. 8/29/2024 24 How Key Management Works? Key management follows a lifecycle of operations which are needed to ensure the key is created, stored, used, and rotated securely. Most cryptographic keys follow a lifecycle which involves key Generation Distribution Use Storage Rotation Backup/Recovery Revocation Destruction 8/29/2024 25 Key management lifecycle 8/29/2024 26 Key management lifecycle 1. Key generation First step: generating a cryptography key using an approved set of rules, including the use of a pseudo-random generator. 2. Key installation Next, we move into the process of setting up, configuring and testing keying material, including hardware, software and cryptomodules. 3. Key establishment The distribution of keys between two or more entities involved in the communication. The process may involve Key Generation or Key Agreement, where a new key is produced as a function of the secret (key) information possessed by the individual communicating parties. 8/29/2024 27 Key management lifecycle 4. Key certification Now the key must be certified — an authentication using digital signatures (issued by third party certification authority) that unambiguously associate the key with the appropriate sources. Users are registered as the authorized members of the security domain to which these digital signatures may apply. 5. Key usage Key usage is the process of ensuring operational availability of keying material during the applicable cryptoperiod of the keys. Depending on the type of key establishment protocols, the key may be temporary (session key) and need revocation at the expiration end of the digital certificate. 6. Key storage Cryptography keys must be stored with a high degree of Confidentiality, Integrity and Availability (CIA). The storage location may not be an active memory but only acquired from an operational memory available to cryptographic algorithms. 8/29/2024 28 Key management lifecycle 7. Key update & recovery Mechanisms that allow authorized entities to update and retrieve the keys stored in the operational memory. This follows the principle of securing data at rest and is useful for reconstructing a key from archived keying information. 8. Key revocation The key is destroyed or deregistered when no further key management operations are applicable to the associated source entities. These entities may have completed the communication process or may no longer be eligible for the key certification process. 8/29/2024 29 Key Management in Cryptography In cryptography, it is a very tedious task to distribute the public and private keys between sender and receiver. If the key is known to the third party (forger/eavesdropper) then the whole security mechanism becomes worthless. So, there comes the need to secure the exchange of keys. There are two aspects for Key Management: 1. Distribution of public keys. 2. Use of public-key encryption to distribute secrets. 8/29/2024 30 Distribution of Public Key The public key can be distributed in four ways: 1. Public announcement 2. Publicly available directory 3. Public-key authority 4. Public-key certificates. Public Announcement: Here the public key is broadcasted to everyone. The major weakness of this method is a forgery. Anyone can create a key claiming to be someone else and broadcast it. Until forgery is discovered can masquerade as claimed user. 8/29/2024 31 Distribution of Public Key Publicly Available Directory: In this type, the public key is stored in a public directory. Directories are trusted here, with properties like Participant Registration, access and allow to modify values at any time, contains entries like {name, public- key}. Directories can be accessed electronically still vulnerable to forgery or tampering. Public Key Authority: It is similar to the directory but, improves security by tightening control over the distribution of keys from the directory. It requires users to know the public key for the directory. Whenever the keys are needed, real-time access to the directory is made by the user to obtain any desired public key securely. 8/29/2024 32 Distribution of Public Key Public Certification: This time authority provides a certificate (which binds an identity to the public key) to allow key exchange without real-time access to the public authority each time. The certificate is accompanied by some other info such as period of validity, rights of use, etc. All of this content is signed by the private key of the certificate authority and it can be verified by anyone possessing the authority’s public key. First sender and receiver both request CA for a certificate which contains a public key and other information and then they can exchange these certificates and can start communication. 8/29/2024 33 Public Key Encryption When the two parties communicate to each other to transfer the intelligible or sensible message, referred to as plaintext, is converted into apparently random nonsense for security purpose referred to as ciphertext. The process of changing the plaintext into the ciphertext is referred to as encryption. The encryption process consists of an algorithm and a key. The key is a value independent of the plaintext. The security of conventional encryption depends on the major two factors: 1. The Encryption algorithm 2. Secrecy of the key Once the ciphertext is produced, it may be transmitted. The Encryption algorithm will produce a different output depending on the specific key being used at the time. Changing the key changes the output of the algorithm. Once the ciphertext is produced, it may be transmitted. Upon reception, the ciphertext can be transformed back to the original plaintext by using a decryption algorithm and the same key that was used for encryption. The process of changing the ciphertext to the plaintext that process is known as decryption. 8/29/2024 34 Public Key Encryption Asymmetric is a form of Cryptosystem in which encryption and decryption are performed using different keys-Public key (known to everyone) and Private key (Secret key). This is known as Public Key Encryption. Basis Encryption Public-Key Encryption One algorithm is used for encryption and a related algorithm decryption with Same algorithm with the same key is pair of keys, one for encryption and other used for encryption and decryption. Required for Work: for decryption. The sender and receiver must share the Receiver and Sender must each have algorithm and key. one of the matched pair of keys (not identical). One of the two keys must be kept Key must be kept secret. secret. If the key is secret, it is very impossible If one of the key is kept secret, it is very to decipher message. impossible to decipher message. Required for Security: Knowledge of the algorithm plus Knowledge of the algorithm plus one of samples of ciphertext must be the keys plus samples of ciphertext must impractical to determine the key. be impractical to determine the other key. 8/29/2024 35 Characteristics of Public Key Encryption Public key Encryption is important because it is infeasible to determine the decryption key given only the knowledge of the cryptographic algorithm and encryption key. Either of the two keys (Public and Private key) can be used for encryption with other key used for decryption. Due to Public key cryptosystem, public keys can be freely shared, allowing users an easy and convenient method for encrypting content and verifying digital signatures, and private keys can be kept secret, ensuring only the owners of the private keys can decrypt content and create digital signatures. The most widely used public-key cryptosystem is RSA (Rivest–Shamir– Adleman). The difficulty of finding the prime factors of a composite number is the backbone of RSA. 8/29/2024 36 Example Public keys of every user are present in the Public key Register. If B wants to send a confidential message to C, then B encrypt the message using C Public key. When C receives the message from B then C can decrypt it using its own Private key. No other recipient other than C can decrypt the message because only C know C’s private key. 8/29/2024 37 Components of Public Key Encryption Plain Text: This is the message which is readable or understandable. This message is given to the Encryption algorithm as an input. Cipher Text: The cipher text is produced as an output of Encryption algorithm. We cannot simply understand this message. Encryp