Professional Documents
Culture Documents
Warm Up Activity
Introduction
1
Encryption protects information by presenting the reader with a puzzle. Authorized readers
know the puzzle’s secret and can easily read the document. Unauthorized readers must take
the time to solve the puzzle. We protect the document by making the puzzle hard enough to
frustrate attackers.
Encryption often crops up in fiction, especially for protecting a buried treasure. The 2004
movie National Treasure presented the characters with a series of puzzles, including a
cleverly hidden map, that were clues leading to a massive buried treasure. If we go back to
1843, we find The Gold Bug, written by Edgar Allan Poe, who was an accomplished amateur
cryptographer. Poe’s characters find an encrypted message that locates treasure buried by
the pirate Captain Kidd. To find the treasure, the characters must somehow read the
message.
Encryption Basics
Encryption transforms readable data (called the plaintext) into unreadable data (called the
ciphertext) using secret information (called the key). FIGURE 7.1 illustrates the procedure.
Our objective is to keep the readable plaintext hidden from outsiders. We only expose the
plaintext when we are “inside” the safe boundary.
Smith R 2019, Elementary Information Security 3rd Edition, digital image, <
https://learning.oreilly.com/library/view/elementary-information-security/9781284153057/
xhtml/12_Chapter07_01.xhtml>
The encryption procedure (the algorithm) takes two inputs: the plaintext data and the
encryption key. The procedure scrambles the data to produce the ciphertext. If we use high-
2
quality encryption, no one will be able to interpret the ciphertext unless they have the correct
key. The recipient on the right side of Figure 7.1 can retrieve the ciphertext by using the
appropriate decryption algorithm and key.
The term algorithm should be familiar to computer science students; it is the mathematical
term for a step-by-step procedure. We may use it as a synonym for “procedure” when we
talk about cryptography.
For encryption to work, there must always be a matching decryption algorithm. These
algorithms may be identical in some cases, but not always. The encryption algorithm always
accepts two inputs: the plaintext and the key. The output is the ciphertext. The decryption
algorithm likewise accepts two inputs: the ciphertext and the key. Likewise, the decryption
algorithm yields the plaintext as output.
Effective Encryption
Encryption succeeds when it presents a puzzle that an attacker lacks the time, resources,
and motivation to solve. Encrypted diaries succeed when written by insignificant people
unless the code is incredibly simple; no one will bother to try to solve the puzzle. The diaries
of Beatrix Potter, Samuel Pepys, and Charles Wesley were important enough to justify the
effort. This is true of all encryption: There is no point in attacking it unless the attack is trivial,
or the secret information is valuable. If the attack is trivial, then the encryption gives no real
protection. Weak encryption is a form of Security Through Obscurity.
Smith R 2019, Elementary Information Security 3rd Edition, digital image, <
https://learning.oreilly.com/library/view/elementary-information-security/9781284153057/
xhtml/12_Chapter07_01.xhtml>
4
Figure 7.2 illustrates a set of states and transitions intended to keep the survey file safe.
Because we never want to transmit the plaintext file, we omit the Plaintext Transmission
state entirely.
Note how we mark the arrows between the Plaintext Storage state and the Encrypted
Storage state. Each contains an underlined phrase followed by an action. The underlined
phrase describes the condition that causes the change between the two states. The second
phrase indicates the action that implements the change (“encrypt” or “decrypt”).
The visible message is in text, but we obviously have a substitution cipher: each letter
corresponds to a digit. The correct decryption should yield the correct arithmetic sum. We
solve the cryptogram by looking for patterns and constraints in the text. For example, the
letter M must be the digit 1, because it appears on the bottom line due to a carry. If we guess
that the letter O represents the value 0, then the letter S is either 8 or 9, depending on the
carry from the next column. We can solve the cryptogram by applying plausible values and
checking the results. Cryptanalysts use similar tools to crack ciphers of written text. They
look for patterns that naturally occur in the document’s plaintext language. In English, for
example, the most common letters are E, T, and A. The first step for cracking a simple
cipher is to substitute those letters for the letters occurring most often in the ciphertext.
5
The Confederate Army used this type of cipher during the U.S. Civil War. To encrypt a
message, the clerk used a cipher disk like the one shown in FIGURE 7.3.
Smith R 2019, Elementary Information Security 3rd Edition, digital image, <
https://learning.oreilly.com/library/view/elementary-information-security/9781284153057/
xhtml/12_Chapter07_02.xhtml>
Cryptanalysis takes a different approach depending on the cipher being attacked and the
tricks available to attack it. Here are three attack vectors that often apply to encryption:
Known ciphertext or ciphertext-only. The analyst works exclusively from the
ciphertext. The analyst doesn’t have access to plaintext or to the encrypting device. This
is the most common situation. Newspaper cryptograms pose this type of challenge.
Known plaintext. The analyst has both the plaintext and the ciphertext for a particular
message. A Vigenére cipher like that used by the Confederates cannot withstand this
attack vector. We can derive the key easily if we have both the ciphertext and the
matching plaintext.
Chosen plaintext. The analyst can select plaintexts to be encrypted with the target’s
secret key. The analyst then tries to determine the secret key by analyzing the plaintexts
and ciphertexts together. This is a powerful attack vector, even against modern ciphers.
6
EXERCISE 7
Instruction: Answer the following on a whole sheet/s yellow paper. Write legibly and
concisely. Please observe correct grammar.
A.
1. Describe the different categories of symmetric encryption algorithms.
2. Outline the symmetric encryption process and explain the components involved in
the process.
3. What is cryptanalysis? Give an example of a cryptanalytic problem.
No copyright is claimed in [Chapter 9] and to the extent that material may appear to
be infringed, I assert that such alleged infringement is permissible under fair use
principles in Philippines copyright laws. If you believe material has been used in an
unauthorized manner, please contact the poster/borrower.”
7
Secret and Public Keys
In this chapter we discuss fundamental issues and techniques for handling cryptographic
keys. We also introduce the important concept of public-key cryptography. At the end of this
chapter, students will be able to understand the following topics:
8
THE KEY MANAGEMENT CHALLENGE
When we encrypt a file, we substitute the problem of protecting the file with the problem of
protecting its key. If attackers can retrieve our secret keys, then our cryptographic measures
give no protection. Keys face two attack vectors: attempts to guess a key and attempts to
intercept a key. We face three key management problems:
The third problem itself has several facets. First, there’s the key distribution problem: We
need to share keys with others without risking security. Second, we need to store the keys
safely so that attackers can’t retrieve all or part of any key. An attack that retrieves part of a
key reduces the attacker’s search space for guessing that key. Finally, we need to use our
keys and cryptographic mechanisms effectively. If we use the same key for too long, we
increase the risk of successful cryptanalysis. If we set up a stream cipher incorrectly, we’ll
use the same key stream to encrypt two or more files, and this gives a good cryptanalyst an
easy job to do.
Cryptonets
When we share a key with two or more people, we refer to that group as being the cryptonet.
Everyone within a cryptonet shares the same keys and therefore can read the same
encrypted files.
Bob and Alice use a shared secret key to protect Alice’s bookkeeping file. Thus, the
cryptonet consists of Bob and Alice. Alice wrote down a copy of the key, and she keeps it in
her purse. When she returns to her apartment, she leaves her purse in her drawer and steps
out for a moment. According to Transitive Trust, we now trust her roommate as well.
9
If we take an optimistic view of security, we might insist that the key is protected from
potential attackers. However, this violates Least Privilege and overlooks potential risks of
Transitive Trust. As we make the cryptonet larger, we increase the risk of someone leaking
the key by accident. If we include people unnecessarily, we increase our risk unnecessarily.
Our keys are safest when we keep the cryptonet as small as possible; as Benjamin Franklin
famously claimed, “Three may keep a secret if two of them are dead.”
Levels of Risk
We classify threats against authentication as weak, strong, and extreme. We use the same
classification for threats against file encryption.
■ Weak threat—a person with limited skills and a mild motivation to recover the file.
■ Strong threat—a skilled person willing to invest time and money to recover the
file, but not inclined to cause significant damage.
■ Extreme threat—a person with the skill or motivation to do damage, regardless of
how the file is protected. This includes threats who would damage or destroy the computer,
or people with the skill to circumvent other operating system protections.
For the most part, we will focus on strong threats. Weak threats are often discouraged by
applying simple access restrictions. Extreme threats may manage to substitute Trojan horse
software for our file encryption program, thus bypassing its protection.
Key-Sharing Procedures
After we establish who needs to use the keys, we need procedures to choose, handle, and
distribute the keys safely.
Do we need to plan for changing the key (rekeying)? How hard will it be to change
the key?
How long does a key last? What is its cryptoperiod?
Key strength questions (these must be considered together):
Should the key be a password or a passphrase?
How do we maximize the entropy contained in our key?
How should the key be protected against a strong threat?
If we write the key down, will a threat have access to it?
Should we limit ourselves to keys we can memorize?
This discussion will focus on strong threats. Weak threats will not be inclined to attack an
encrypted document. Extreme threats will attack weak data encryption. When faced with
stronger encryption, they look for other ways to extract the data without breaking the
encryption.
Rekeying
10
We need to plan for changing the key on occasion. If we set things up perfectly and nothing
goes wrong, it might make sense to leave an unchanged file in place, encrypted with the
same key, for an extended period of time. However, trouble often crops up, and we must be
prepared to change the key if leaked. Moreover, we make the cryptanalyst’s job easier if we
use the same key to reencrypt the file after making changes.
We call the key-changing process rekeying or key rollover. Here are cases in which we
should rekey:
We use the document regularly over a long period of time. Each time we use it, we
introduce the risk of leaking the key. Pick a time for changing the key that balances
convenience and safety.
At minimum, change the key whenever some other major event occurs. For example,
the distribution of a major new version of the file might justify rekeying. Legitimate users will
learn the new key. If copies of the old key leaked, then the attackers don’t get access to the
new version.
For safety’s sake, rekey more often on larger cryptonets. A larger cryptonet poses a
larger risk of disclosure. On the other hand, it is harder to distribute new keys on a larger
cryptonet.
We suspect that the key has been leaked. We don’t want to wait and find out that the
file itself has been leaked, so we should change the key immediately.
A person who knows the key must leave the cryptonet. For example, Kevin worked at
a company that kept administrator passwords in an encrypted file, and Kevin knew the file’s
key. After he quit that job, the other administrators chose a new key.
Rekeying brings up another question: How do we really change the key? Each copy of an
encrypted file increases the file’s attack surface. If we change the file’s key, how do we
ensure that all copies are protected with the new key? Backed-up copies of the file may still
be encrypted with the previous key. Some cryptanalytic techniques work more effectively
when there are multiple copies of the ciphertext encrypted with different keys.
Cryptoperiods
U.S. government standards published by NIST recommend encrypting data with a particular
secret key for no more than 2 years before changing it. If we have already encrypted data
with an existing key, that data doesn’t need to be reencrypted. However, we shouldn’t
encrypt additional data with an “old” key.
11
There are other limitations to using a secret key. We will see later, for example, that we
shouldn’t reuse the same key when encrypting with a stream cipher. We may want to use a
passphrase as a memorable secret key, and it’s difficult to memorize numerous
passphrases. Later, we will see how “key wrapping” minimizes the need to change
passphrases.
We handle encryption keys in one of three ways: We memorize them, we write them down,
or we carry them on a storage device and download them as needed. The first case applies
if we never make a permanent copy of the key. If we never physically make a copy of the
key, then we face the lowest risk of disclosure. Instead, we face a risk of losing access to the
file by forgetting the exact passphrase.
It can be challenging to distribute a passphrase without writing it down. The safest way to do
it is in person; the recipient should memorize it on the spot without writing it down. In some
environments, telephones may be safe enough for sharing keys. This assumes potential
threats can’t tap our phones.
In the second and third cases, we have to control possession of the copied key. While it’s in
our possession, we have to ensure that no one else gets a copy of the key. We share it with
members of the cryptonet, but we must hide it from everyone else.
Public-Key Cryptography
Secret-key techniques provide very simple and strong mechanisms for protecting and
sharing data. However, they may be impractical in some situations. Bob and Alice can use
secret-key techniques to share data because they’ve already shared a sufficiently strong
secret key.
What if Bob needs to share information with Alice, but he can’t arrange a shared secret
ahead of time? Public-key cryptography provides the mechanism to make this possible. Our
browsers routinely use public keys to produce strongly encrypted connections for financial
transactions and other private business. Although the actual connections may use the AES,
the keys are established using a public-key algorithm.
PUBLIC-KEY CRYPTOGRAPHY
When we encrypt with a secret-key algorithm, the security resides in the key, and our data
remains secret if our key remains secret. We often call this secret-key cryptography. With
12
public-key cryptography, clever mathematics allows us to share a crypto key publicly and still
keep information safe.
The secret key is always kept The private key is kept secret. The
Key secrecy
secret. public key is published and shared.
Typical key
128–256 bits 1024–4096 bits
sizes
All public-key algorithms rely on a mathematical trick. The algorithms use mathematical
functions that are relatively easy to calculate but very difficult to invert. Although
cryptography always has had one-way functions, researchers like to call these “trapdoor
one-way functions.” In other words, they have the one-way essence of cryptography, plus a
second element that is easy or hard depending on the information you have.
13
Consider the problem of “prime factors.” All integers are either prime numbers or they are
composite numbers made up of two or more primes. If we have a list of prime factors in a
number (e.g., 2, 3, 5, and 11), it’s straightforward to multiply them together to yield 330. On
the other hand, it takes many more computational steps—and a more subtle procedure—to
undo the multiplications and retrieve the primes.
This task becomes much, much harder as the numbers grow large—and this becomes the
basis of many public-key techniques. We often form the private key from one or two very
large prime numbers. We form the public key by calculating a result from those primes.
To detect malicious changes, we must prevent attackers from knowing how to accurately
revise the CRC or other error check value. The obvious approach is to add a secret to the
process, as in FIGURE 8.1. Without knowing the secret, attackers won’t know how to
accurately revise the check value.
The attacker can’t modify both the text and the check value without knowing exactly what the
file says. Any mistake could make the checksum fail. If the attacker does know exactly what
14
the file says, then he can replace its contents with a different message and a new checksum,
just by flipping appropriate bits.
Software distributed on the internet occasionally takes a different approach; it publishes the
check value on a website next to a link for the downloaded file. If Alice, for example,
downloads a program, she can calculate the file’s check value and compare it with the value
published on the website. This strategy poses a problem: What if an attacker replaces the
good file with a subverted one whose check value matches the original file’s check value?
This problem leads us to one-way hash functions.
Hash values are very large; the smallest is 16 bytes long, and more recent functions yield
much longer results. The large results are intended to make it as hard as possible to
produce two different, but similar, documents that yield the same hash value.
Birthday Attacks
A more practical approach to this is the birthday attack. The name comes from the “birthday
paradox,” a classic parlor game. If we have a group of about two dozen people, the odds are
good that at least two have their birthday on the same day. This may not seem obvious,
because the chances of someone having a particular birthday are 1 in 365. We narrow the
odds if we search a group to find any two people with the same birthday.
This attack lets Kevin take advantage of the fact that he creates the IOU file. He doesn’t just
create a single file and then search 256 alternatives for a match. Instead, he randomly
creates files of both types until two of them yield the same hash value.
EXERCISE 8
15
Instruction: Answer the following on a whole sheet/s yellow paper. Write legibly and
concisely and please observe correct grammar.
No copyright is claimed in [Chapter 8] and to the extent that material may appear to
be infringed, I assert that such alleged infringement is permissible under fair use
principles in Philippines copyright laws. If you believe material has been used in an
unauthorized manner, please contact the poster/borrower.”
Encrypting Volumes
16
In this chapter, we look at the problem of protecting an entire storage device, as opposed to
protecting individual files. At the end of this chapter, students will be able to understand the
following topics:
When we examined file systems, Eve had asked to borrow a USB drive from which all data
had been deleted. Eve could have tried to recover private bookkeeping files from the drive.
We can avoid such risks and protect everything on the drive, including the boot blocks,
directory entries, and free space, if we encrypt the entire drive volume.
The word volume refers to a persistent storage area that contains its own file system. The
volume may reside on any physical device with storage: a hard drive, a solid-state drive, a
smartphone, or another mobile device. A device may often contain two or more volumes,
each in a separate storage partition. If the system “sees” the volume as a single random-
access storage device, then we can protect it all by encrypting it all. We sometimes call this
full-disk encryption (FDE) because we often apply it to hard drives, but it applies to any mass
storage volume.
SECURING A VOLUME
When we examined file systems, Eve had asked to borrow a USB drive from which all data
had been deleted. Eve could have tried to recover private bookkeeping files from the drive.
We can avoid such risks and protect everything on the drive, including the boot blocks,
directory entries, and free space, if we encrypt the entire drive volume.
The word volume refers to a persistent storage area that contains its own file system. The
volume may reside on any physical device with storage: a hard drive, a solid-state drive, a
smartphone, or another mobile device. A device may often contain two or more volumes,
each in a separate storage partition. If the system “sees” the volume as a single random-
access storage device, then we can protect it all by encrypting it all. We sometimes call this
full-disk encryption (FDE) because we often apply it to hard drives, but it applies to any mass
storage volume (FIGURE 9.1).
17
Smith R 2019, Elementary Information Security 3 rd Edition <
https://learning.oreilly.com/library/view/elementary-information-security/9781284153057/
xhtml/14_Chapter09_01.xhtml>
File encryption lets us protect individual files from a strong threat. If we encrypt a particular
file, then attackers aren’t likely to retrieve its contents, except in two cases. First, there is the
file-scavenging problem noted previously. Second, people often forget things, and file
encryption is a forgettable task.
In many cases, sensitive data is vulnerable simply because nobody bothered to encrypt it.
Even when users encrypt some of their data files, it’s not likely that they have encrypted all
of their sensitive files. It is challenging to identify the files at risk and to remember which
ones to encrypt.
The principal benefit of encrypting a whole volume is that the encryption takes place
automatically. When we plug in a removable encrypted drive or we start up the operating
system, the drive encryption system retrieves the volume’s encryption keys and mounts the
volume. If the keys aren’t available, then the volume can’t be used. Once the volume is
mounted, the data is encrypted and decrypted automatically. The user doesn’t need to
decide which files to encrypt. In fact, the user doesn’t even have the choice of saving a
plaintext file; everything on the volume is encrypted, including the directories and free space.
Volume encryption is convenient, but it doesn’t solve every security problem. For example, it
protects Bob if the attacker physically opens up his tower computer and connects directly to
his hard drive. Disk encryption does not protect Bob from a Trojan program that copies files
to a separate, unencrypted storage device, like a USB stick.
To put volume encryption in context with other security measures, we look at risks and policy
trade-offs. First, we will look at risks facing an unencrypted volume. Next, we look at policy
trade-offs between volume encryption, file encryption, and file-based access control.
18
Risks to Volumes
Lost Device
The first risk is everyone’s worst-case scenario: Our computer is stolen. Laptops especially
seem likely to “sprout legs and walk away.” While our first worry might be the cost of
replacing the laptop, many people also worry about identity theft. Some thieves exploit the
data stored on the hard drive to masquerade as the laptop’s owner. Identity theft is a
booming business, and personal computers often contain extensive financial records and
lists of online passwords.
The theft risk poses even greater problems for large organizations. A stolen laptop may
contain large databases of sensitive information about customers. According to statistics
collected for the first half of 2009, there were 19 incidents in the United States where a
misplaced or stolen laptop placed databases at risk. The incidents involved private
companies, schools, hospitals, and government agencies at all levels. The smallest data
loss involved 50 personal records, while one incident involved more than a million records.
If a stolen computer contains a customer database, many companies are legally required to
contact all affected customers and warn them that their information may have been stolen. If
the database includes credit card numbers or Social Security numbers, then the company
may need to provide some defense against identity theft.
Eavesdropping
The eavesdropping attack vector arises if we can’t always keep our drive physically safe or
under appropriate software protection. When Bob and Alice started using file encryption,
they decided to keep the encrypted file on a shared USB drive. Because the file was
encrypted, they assumed it was safe from eavesdropping. For convenience, they left it on
the bulletin board in their suite.
This attack vector poses a risk even if we don’t share a drive on a bulletin board. If we back
up the data to a separate drive, we need to physically protect the backup drive. If attackers
have physical access to our computer, then we can try to protect our data by protecting our
Chain of Control; we can disable booting of other drives and enable file protections.
However, these defenses don’t protect us if the attacker cracks open the computer’s case.
19
An attacker can bypass any BIOS or operating system by connecting the drive to a different
motherboard.
When we upgrade our devices, we usually acquire new storage. We copy our data from our
old storage volumes. The old devices disappear along with their storage volumes. What
happens to our sensitive data?
Modern mobile devices often have mechanisms to erase all personal data when the owner
turns in, donates, or discards the equipment. Smartphones and other mobile devices
typically use flash storage, which is hard to erase reliably.
Drive erasure has long posed a challenge for desktop computers. Research at MIT by
Simson Garfinkel in the 2000s found that many companies and individuals were selling or
discarding computers without properly erasing the hard drives. The researchers found that
most people took very simple steps to “clean” their drive of data before passing the computer
onto the next owner. Using “undelete” programs and other file-recovery tools, researchers
were able to recover numerous personal and business files.
There are four strategies for cleaning a hard drive of personal data:
Either of the last two strategies may eliminate the risk of recovered files. We examined disk
wiping as part of encrypting a file, but there are also utility programs that wipe a drive by
overwriting every one of its blocks. Some hard drives have a built-in mechanism to wipe the
drive, but these mechanisms are rarely evaluated for effectiveness. Even with the built-in
wipe, an attacker might be able to retrieve data.
20
Note that it may be challenging to physically destroy a modern hard drive. The major
components are metal and are assembled to operate at very high rotational speeds. For all
but the more extreme threats, we render the data irrecoverable if we open the drive case
and remove all of the drive’s read/write heads.
ENCRYPTING A VOLUME
The risk and policy discussions in the beginning of this chapter argue strongly for encrypting
storage volumes of all shapes and sizes, but volume encryption also poses some
challenges. If a cryptanalyst steals an encrypted drive, there will be gigabytes of ciphertext
with which to work. The attacker will be able to guess some of the corresponding plaintext
because disk formats are public knowledge. In addition, the attacker can be certain that a
great deal of duplicate data resides on the drive, just because that’s what happens on a
modern hard drive. If the encrypted drive is a system drive, the attacker might be able to
make astute guesses about the drive’s contents and make undetectable changes to it.
Strong encryption: Use a strong, modern block cipher that can reliably encrypt
trillions of bytes of data and more.
Large encryption key: Strong modern ciphers require large, random encryption keys.
The ciphers don’t provide their strongest security, except with fully random keys.
High speed: In practice, this means that we want to encrypt all of the drive’s data with
the same key. If we switch between keys while encrypting the drive, then we’ll have delays
awaiting key expansion.
Suppress any data patterns: Use a block cipher mode that mixes data during
encryption so that plaintext patterns aren’t duplicated in the ciphertext. Moreover, it should
be impractical for an attacker to choose plaintext data that creates a recognizable pattern in
the stored ciphertext.
Plaintext size = ciphertext size: Modern file systems assume they have full access to
the disk. We can’t steal space from the file system to store IVs, for example.
Integrity protection: This is not the primary concern, but at least it should be hard to
make undetectable changes.
In addition, the FDE implementation must handle the crypto keys safely and efficiently. If we
have permission to use the encrypted drive, we should be able to supply the keys and mount
the drive. When we dismount the drive, the keys should disappear. In hardware
implementations, this is tied to the drive hardware status: The drive is “locked” when it is
21
powered off or reset, and “unlocked” when its keys are in place and it is mounted for use.
We discuss this further as we examine key management and drive hardware issues.
In order to avoid patterns in the drive’s ciphertext, we need to encrypt data differently
according to where it resides on the hard drive. Conventional cipher modes eliminate
patterns by using IVs and chaining. We don’t really have a place to store IVs, so we
incorporate location information into the encryption instead.
One solution is called a tweakable cipher. A normal cipher takes two inputs—the key and the
plaintext—and yields the ciphertext. A tweakable cipher has a third input, the tweak, a
nonce-like value that modifies the encryption without the cost of changing the encryption
key.
In drive encryption, the tweak identifies the disk sector and selects a block within the sector.
In practice, we don’t really have to design a new block cipher. Instead, we use a block cipher
mode to tweak the cipher for us.
Modern FDE techniques are based in either hardware or software. Hardware-based systems
may be built into the hard drive’s controller or they may exist as add-on circuits. Software-
based systems often operate as a device driver. Both hardware- and software-based
techniques share these four properties:
1. Both appear “below” the file system in terms of software layering, either at or below
the device driver.
2. Both are typically unlocked with a typed passphrase.
3. Both often store their working keys as wrapped keys and use a passphrase to
produce the KEK.
4. Both can encrypt the system volume. In both cases, there needs to be special
software, or BIOS firmware, that collects the passphrase to unlock the drive.
22
Volume Encryption in Software
When we look beyond the similarities between hardware- and software-based FDE, we find
important differences. Because software products reside within the operating system, they
have both additional features and additional weaknesses. Here is a listing of better-known
FDE software implementations:
■ Apple’s MacOS—can create encrypted drives and “virtual disks” through its Disk
Utility.
■ Microsoft BitLocker—an optional feature of certain higher-end versions of
Microsoft Windows.
■ Veracrypt—a highly regarded open-source FDE package.
EXERCISE 9
Instruction: Answer the following on a whole sheet/s yellow paper. Write legibly and
concisely and please observe correct grammar.
No copyright is claimed in [Chapter 9] and to the extent that material may appear to
be infringed, I assert that such alleged infringement is permissible under fair use
principles in Philippines copyright laws. If you believe material has been used in an
unauthorized manner, please contact the poster/borrower.”
23
In this chapter, we look at the deployment of internet services by an enterprise. Email serves
as an example of an enterprise capability. At the end of this chapter, students will be able to
understand the following topics:
Warm Up Activity
INTERNET SERVICES
When typical users think of internet services, they think of commercial services provided
through web pages. A few may also think of email. To provide internet services, an
enterprise connects itself to the internet and provides hosts for the appropriate services.
Many enterprises rely on third parties to host their internet services, instead of managing the
24
servers themselves. In either case, enterprise employees need internet access to manage
and update the internet services.
Network services rely on communications, and communications rely on protocols. Our web
browsers and email clients are clearly application programs, and they use application
protocols to provide their services. We saw that network applications reside at Layer 7 of the
OSI protocol stack.
Not all Layer 7 protocols provide visible services. Both DNS and DHCP are Layer 7
protocols. Both usually work invisibly for less-sophisticated internet users; most people only
notice them if they fail.
Many traditional application protocols, including email and web access, do most of their work
by exchanging files between hosts. Each web page is handled as a file when retrieved by a
browser. Individual email messages are treated as files when being exchanged between
hosts. The protocols exchange the files reliably by using TCP connections. If data is lost
while traveling across the network, the hosts negotiate to retransmit the data. Although this
occasionally introduces delays in a response, it generally provides acceptable service for
traditional internet applications.
Traditional applications generally follow the client/server model. We use email client software
to retrieve or send email, and we use a web browser (client) to retrieve data from web
servers. The clients initiate connections to servers and not vice versa.
As internet services have expanded to provide streaming audio and video media, protocol
designers have developed new techniques to provide effective network service. Streaming
media do not work well with traditional internet protocols.
An internet server presents a large and inviting attack surface. Many enterprises employ
third-party service providers to host their internet services and to keep the servers secure.
The service providers offer a range of management and security services. Lowest-cost
internet service provides a managed host with basic server software. To host a service, the
enterprise provides and manages the site’s contents, including specialized services like web
“content management systems.” The service provider may provide, secure, and maintain
additional server software packages for a higher cost.
25
Many service providers offer cloud computing, which reacts flexibly to extreme changes in
server traffic. Traditionally, services are assigned a fixed amount of computing resources in
terms of RAM and processor cores. A cloud computing service can allocate additional
resources as the demand for services increases, and it can release those resources as
demand decreases. While some enterprises host their own private cloud service, many rely
on third-party hosting services.
From a security standpoint, we compare third-party hosting with other types of outsourcing,
like renting office space in a building. The rental management company takes responsibility
for the building’s physical plant and basic physical security. The enterprise itself manages
security within its offices.
Basic third-party services offer a similar level of security to low-cost office space. There is a
lock on the office door. There may be additional security outside of business hours, like
locking the building’s outside doors. The customer adds burglar alarms and surveillance
within the offices, if needed. The third-party internet service relies on password-protected
administrative accounts. If the customer requires additional security measures, the customer
provides them.
A full-service cloud computing vendor offers a broad range of software services and security
measures. Customers may still arrange for a bare-bones level of service, or they may use
vendor-managed authentication, access control, and crypto key management.
An enterprise that outsources internet services must be assured that the vendor provides the
expected levels of service and security. A service-level agreement (SLA) can cover explicitly
identified features and performance levels. It is harder to assure the trustworthiness of
internet services, so many enterprises today rely on standards administered by the American
Institute of Certified Public Accountants (AICPA). These involve audits that yield Service and
Organization Control (SOC) standardized reports, which help service providers give
customers confidence in their cybersecurity controls. There are three levels of reports:
■ SOC 1—Shows that internal cybersecurity controls are in place that are relevant
to financial reporting.
■ SOC 2—Provides broad cybersecurity assurance for customers in terms of the
AICPA’s published trust principles. The report provides control and implementation details
that may not be appropriate for public distribution.
■ SOC 3—Provides broad cybersecurity assurance for customers in terms of the
AICPA’s published trust principles. The report provides a general statement of the system’s
security intended for public distribution.
26
Reports SOC 2 and SOC 3 are often provided by cloud service providers. Both reflect the
same level of internal review and audit; the principal difference is the level of detail provided
in the reports.
Outsourcing does not eliminate security problems. Recent studies argue that security
breaches of cloud-based systems are most often a result of configuration errors by the cloud
customer. For example, the enterprise may transfer a sensitive company database to the
cloud service provider but fail to restrict access to its data. The enterprise must reliably
identify and address security gaps between what the service vendor provides by default and
the security the data demands.
INTERNET EMAIL
Internet email is perhaps the oldest of today’s widely used internet applications. Network
email sporting an “@” sign originated in the early 1970s. Even though raw file transfers
accounted for most ARPANET traffic during its history, email was the most familiar and
useful ARPANET service to most users.
Although both the ARPANET and today’s internet are packet-oriented, email is message-
oriented. The email system accepts and delivers each message as a single unit. If a
message must traverse several email servers, the receiving server collects the entire
message before sending it on to the next one.
1. Formatting standards: These describe the layout of an email message: the headers
we use and how we format attachments.
2. Protocol standards: These describe how email clients and servers interact to either
deliver mail or pick up mail. There is a single standard for email delivery, but multiple
standards for retrieving email.
The rest of this section will discuss formatting standards. The following section discusses
protocol standards.
1. Mailbox protocols: Describe how email client software on a user’s computer retrieves
email from a personal mailbox stored on a server
27
2. Delivery protocols: Describe how email client software takes a message and gives it
to an email server for delivery, then how servers exchange messages among themselves
All of these protocols use TCP as the transport protocol. Each has specific port numbers
assigned to servers. Most of these protocols initially evolved in the 1980s or early 1990s,
and they trust the internet backbone. Modern sites often provide these protocols with SSL
protection. Users may protect the protocol with SSL crypto by connecting to the appropriate
port number.
Mailbox Protocols
Many email users retrieve their email by visiting their email service using a web browser.
Others rely on email client software residing on their computer. Client software uses a
mailbox protocol to retrieve the email. The protocol logs in to the server containing the user’s
mailbox. It then examines the mailbox and tells the user which messages are available.
Some protocols automatically copy all messages to the user’s client. Others leave the
messages on the server until the user deletes them.
There are several well-known mailbox protocols, including the Post Office Protocol (POP3)
and the Internet Message Access Protocol (IMAP). Other users rely on Microsoft’s
proprietary email protocol, the “Message API” or MAPI, to access its Exchange Server
product. POP3 and IMAP are supported by most email client software, including Mozilla’s
Thunderbird, Qualcomm’s Eudora, Apple Mail on MacOS, and Microsoft’s email products.
POP3: An Example
As in all internet protocols, we find the official description for POP3 in an RFC; this one is
RFC 1939, “Post Office Protocol—Version 3.” The POP3 protocol includes a strategy to
incorporate new features, and these are documented in a few later RFCs. However, RFC
1939 describes the fundamentals of the POP3 operation.
POP3 is a text-oriented protocol that uses a single connection. The client opens the
connection, and the server replies with “+OK.” The client sends commands and the server
responds to each one. Some commands yield a single line response, like those for
authenticating. Others yield multiple lines, like those that list available messages or retrieve
messages. The server uses a special text marker to indicate the end of the message.
28
Email Delivery
When we create an email message for delivery, we don’t place it directly in the recipient’s
mailbox. Instead, we contact an email server, transmit the message to the server, and let the
server deliver it. The email delivery protocol is called the Simple Mail Transfer Protocol
(SMTP), and it has been the workhorse of internet email since 1982. These SMTP servers,
also called message transfer agents (MTAs), form the backbone of internet email delivery.
The SMTP protocol is extremely simple. We open a connection to the SMTP server and
send a series of simple text commands to identify the recipients of the email, then we
transmit the email message and close the connection. The server takes responsibility for
delivering the message to its recipients.
In simple cases, we connect directly to an MTA, and that MTA places the email in the
recipient’s mailbox. This often happens when sending email between users in the same site.
When email must travel across the internet to a different site, it often passes through a
series of MTAs.
When two MTAs exchange email, they operate in a peer-to-peer relationship. Either MTA
can initiate the connection, and either can respond. SMTP is a client/server protocol; the
MTAs use it as peers because either host can play the role of client or server.
EXERCISE 14
Instruction: Answer the following on a whole sheet/s yellow paper. Write legibly and
concisely and please observe correct grammar.
29
1. Describe the structure of an email message. Identify typical header fields. How does
the format mark the end of a message’s regular headers?
2. Explain the purpose and use of MIME in an email message.
3. Describe a typical strategy for formatting an email message with text features not
found in a plaintext file.
4. Explain the role of mailbox protocols.
5. Describe how all three types of network switching (message, circuit, and packet) are
used in the email system.
No copyright is claimed in [Chapter 14] and to the extent that material may appear to
be infringed, I assert that such alleged infringement is permissible under fair use
principles in Philippines copyright laws. If you believe material has been used in an
unauthorized manner, please contact the poster/borrower.”
Reference
30
Richard E. Smith, PhD, CISSP (2019). Elementary Information Security, 3rd Edition
[Published by Jones and Bartlett Learning]. Retrieved from https://learning.oreilly.com
31