Professional Documents
Culture Documents
Fail secure/close - lock access after failure #ITSEC - EU separate functionality and assurance
Secure default
Fail safe/open - door open (human safety) Goal: test security of product,
identify and remove vulnerabilities
Separation of duties (SoD) - >1 person to complete a task , prevent fraud
protection profile - security requirements (what)
Keep it simple (KISS) - least is power Select Control
Secure Design
Common Criteria security target - doc describe ToE + requirement (how)
Zero trust - authenticate every request
target of evaluation (ToE) -
Privacy by design system/product to be tested (which)
Trust but verify - 1. authentication to secured EAL 7 level - Func Struc Meth M Semi S Form
environment --> 2. generic access control
certification - tested security control meet standard (internal audit)
Shared responsibility - customer + cloud
verification - third party/external audit
zero-knowledge proof - proof knowledge of fact to
another without revealing the fact accreditation - management formally accept
Programmable PROM
Simple security - No read up Read-only memory
(ROM) - non-volatile
Bell-LaPadula (confidentiality, Erasable EPROM - ultraviolet PROM, Electronically EPROM
* security - No write down
MAC, lattice) - ^
Primary memory - Static (flip-flop, faster),
strong star - can read/write on same level Domain 3.1 Secure Random access memory Dynamic (capacitor, slower, cheaper)
Design, TCB, Memory (RAM) - volatile
Simple integrity - No read down Security Model, Cache ram - L1,L2...improved performance
Select Control,
* integrity - No write up Biba (integrity, MAC, lattice) - \ Hardware
Secondary memory - non-volatile, ssd, magnetic tapes, flash
drive, CD Data not immediately available to CPU
Invocation - prevent invoke higher level subject Hardware
Virtual memory - pagefile, swapfile
Clark-Wilson (integrity) - subject access object through program
(access triple), SoD, auditing, well-fromed transaction primary - same as memory
Brewer Nash/Chinese Wall - conflict of interest in 2 secondary - first read into primary
parties; restrict access based on previous activity memory before cpu can use the data
Storage
Non-inteference - High security A should not interfere Security Model
(way to formalize random access storage - read any point
Low security B (not seen). Prevent covert channel
security policy)
sequential access storage - require
Take-grant (Confidentiality) - how
scanning all before desired location
rights pass among subjects/objects)-
take, grant, create, remove rule
TEMPEST - spying info through leaking
electromagnetic emanations, sounds,
Information flow - design of bell+biba, brewer nash,
Emanation
flow btw different security levels
countermeasure: Faraday cage, white noise
(broadcast false traffic), Control Zone
State machine - Finite state machine (FSIM) system always
secure no matter of state; Bell, Biba, Sutherland
Input/output - monitor, printer, keyboard, modem (eavesdropping, tapping)
Goguen–Meseguer - predermined action on predetermined objects
Firmware - software stored on a ROM chip that
contains basic instruction to start a pc
Graham-Denning (DAC owner) - matrix based, secure creation of
subject&objects, assign specific rights (how), 8 rules
Dedicated mode - all
Harrison-Ruzzo-Ullman (DAC owner) - edit access right of subject (how)
System high - X need to know
Sutherland - prevent covert channel Security Mode
Comparted - X access approval, X need to know
virtualization - host one or more OS within a host computer
Multilevel- ntg
endorsement key - created when
TPM is manufacture (permanent) trusted platform module (TPM) - a chip covert timing - exchange info by
in motherboard to store encrypted key exerting some amount of control.
(authenticate laptop) user types using a specific
storage root key - created when Covert channel - pass info rhythm of Morse code
user takes ownership of TPM over a hidden path
Security capacities of IS
hardware security module (HSM) - cryptoprocessor covert storage - space accessed by 2 processes
used to manage/store digital encryption key that have different security label
interface - restrict action based on privilege maintenance hook - backdoor, provide developers with easy access
fault tolerance
System
Domain 3.2: Information System Saved Comment 0 Export as PNG Share
Table- relation
Keys: Primary key, Candidate key (sets grid computing - form of parallel
of attribute to uniquely identify), Server based system
distributed. Loss of privacy
Alternate key (2nd PK), Foreign key
Expert - if..condition Internet of thing (IoT) - internet security issues: access, encryption.
connected device Keep device up to date
Machine learning - supervised learning Knowledge-Based System
Fog computing -centralised processing of data
Edge- CDN collected by distributed sensor
Neural network - imitate biological reasoning
Microservice
Infrastructure as Code
hypervisor - VMM -
create/manage/operate virtual machine mobile device management - full drive
encryption, remote wiping, device
Virtualized System authentication, device lockout, app
Hypervisor I - install on bare metal
control
Cryptography - Science
One way function - math's output value #ECB - block, same encrypted block
but can't get input value
CBC - block, IV, chain (error propagate),
Initialization Vector (IV) - is a random bit string (a nonce) that is unencrypted text XORed
XORed with the message, reducing predictability and repeatability.
CFB - stream, IV, chain (error
Work function/work factor - measure strength of propagate)
Symmetric - a
cryptography, effort to decrypt msg #DES - 64B, 56 key
shared secret key
OFB - stream, IV, NO ERROR, XOR
Strength factor: algorithm, secrecy of plaintext with a seed value
key, key length, IV, random key
CTR - stream, IV, NO ERROR, use
Dual control - 2 separate increment counter instead of seed
function/process for key recovery
Galois counter mode - adds authentication
Split knowledge - 2 separate pieces of knowledge
Key management 3DES - 64B, 112 (more effective security), 168 key
Key escrow - third party hold the key Domain 3.4:
and release with condition Modern
Cryptography IDEA - PGP, 64B, 128 key
crypto (at
(Symmetric,
least 128
Rules: key length, store secure, key random, key lifetime Asymmetric, Blowfish - alternative to DES, IDEA but faster, variable
bits long)
on sensitivity of data, backup key, destroy key Quantum) lengh keys up to 448 bit
Substituition (Caesar) - RREPLACE letter #RC4,5,6 - RC4 is stream cipher 40-2048 bit, WEP,
WPA, SSL (no longer secure)
Vigenere - polyalphabetic substitution
Old crypto Pros - easy key distribution, integrity,
One time pad - authentication, nonrepudiation
Requirement - random, pad protected, unbreakable
used only once, key as long as msg (vernam) Cons: Slow, small data
security: asymmetric like RSA, DH could be broken. Stream Diffie-Hellman (discrete)- key exchange, middle man
cipher least vulnerable. Lattice offer some resistance attack. Use in SSL, TLS, SSH, IPSec, PKI
not for encrypt, solves key distribution problem Quantum - replace binary
#Knapsack - obsolete
with multidimensional
quantum bits (qubits)
Grover's algo - computer speeds up to attack with halve the key length
Shor's algo - easily break all public key algo based on factoring and discrete logorithm problem
Domain 3.5 Cryptography (HASH,
(HASH, HMAC,
HMAC, digital
digital sig...
signa Saved Comment 0 Export as PNG Share
5 requirement: input any length-->fix length output. key exchange - RSA, DH, ECDH
Easy to compute, one way, collision free
authentication - RSA, DSA, ECDSA
Attack: collision (2 different doc produce same
hash)--> birthday attack
Applied Web TLS/SSL encryption - AES, 3DES
Hash (MD)
#SHA1- 160 bit,224,256,512,384 message digest
hash - SHA
#MD5 - 512 block
TLS_DH_RSA_WITH_AES_256_CBC_SHA384
HAVAL - faster than MD5 with 3 rounds used
link encryption - secure tunnel btw 2
points (nodes)
RIPEMD, RIPEMD-128, RIPEMD-160 (remain secure)
Network Circuit encryption, IPSec
end-to-end encryption - btw client and
Integrity, authentication, server. Data is encrypted at origin
non-repudiation (NO CONFIDENTIALITY) and decrypt at destination
Digital Signature (Digests)
To sign/create - sender's private key encrypt hash brute force - try all possible key
4. client use server's public key to encrypt the replay attack - replay a valid session
symmetric key and sends it to server
pass the hash - windows active directory where attacker
5. server uses its private key to decrypt the symmetry key resubmit cached authentication token. Use mimikatz tool
Media storage - locked cabinet, deluge system - large volume of water, sprinkler head
custodian, entry, drive sanitization, open, empty until a fire alarm sound
integrity check
CO2 - effective but risk to human
Evidence storage - dedicated storage system,
keep storage offline, block internet, limit Gas Halon - non environment friendly
access, encrypt all dataset, hash
FE-13, FM-200, Inergen- safe for human (recommded)
Restricted and work area security - walls, clean desk,
only authorized access A - common combustibles (water or acid)