For people wishing to access text from this presentation, here's the outline:
CISSP Study Concepts for Security Engineering and Cryptographic Lifecycle
Robin Basham, using materials from SANS, ISC2,
Effective security management practices
Bell-LaPadula – Confidentiality model
Only deals with confidentiality does not deal with integrity or availability
(NO “I” or “EYE” is CONFIDENTIAL – can’t write to my boss’ level, subordinates who are down can’t read my level)
Based on Government Classification – Unclassified, Sensitive But Unclassified (SBU), Confidential, Secret, Top Secret
A Trusted Subject can violate the *property
Bell-LaPadula Security State Defined by three properties:
Simple Security Property (ss Property) – no reading from lower subject to higher object (No Read Up) I don’t see above my class
The * (star) security Property – No writing from higher subject to lower object (No write Down) I don’t author to a lower level of security
Trusted Subject can violate the star property but not its intent
Strong * property – no reading or writing to another level
Discretionary Security Property – Uses Access Matrix to specify discretionary access control
Remember the hyphen “-” is separation of duties
Writing and Reading Orders - Confidentiality
No read up – it's confidential so I can’t see a command sent to my boss
No write down – I only need to read what my boss sends me. A lower rank can’t see my orders. I can’t change the classification to allow them that access. We are segregated.
Biba Integrity Model defined by three goals
Biba Integrity Model add on to BLP
Lattice-Based uses less than or equal to relation
A lattice structure is a set with a least upper bound (LUB) and a greatest lower bound (GLB)
Lattice represents a set of integrity classes (IC) and an ordered relationship
Lattice = (IC, LUB, GUB)
Integrity – who created this order – who classified this order?
The Simple Integrity Axiom - no reading of lower object from higher subject (No Read Down)
The * (star) Integrity Axiom – No writing from lower subject to higher object (No write Up)
A subject at a lower level of integrity can not invoke a subject at a higher level of integrity
Clark-Wilson Integrity Model (Integrity for Commercial Environments)
Two elements: well-formed transaction and separation of duties.
Developed in 1987 for use in real-world commercial environment
Addresses the three integrity goals
Constrained Data Item (CDI) – A data Item whose integrity is to be preserved
Integrity Verification Procedure (IVP) – confirms that all CDIs have integrity
Transformation Procedure (TP) – transforms a CDI from one integrity state to another integrity state
Unconstrained Data Item – data items outside of the control area of the modeled environment
Requires Integrity Labels
Clark-Wilson Integrity Model
Information Flow Models
Each object and subject are assigned security class and value; info is constrained to flow in directions that are permitted by the security policy.
Based on state machine and consists of objects, state transitions, and lattice (flow policy) states.
Object can be a user
Each object is assigned a security class and value
Information is constrained to flow in the directions permitted by the policy
Actions of group A using commands C are not seen by users in Group B using commands D
CISSP Study Concepts for Cryptographic Lifecycle
Algorithm Protocol Governance
Needed Component Parts to an Encryption Strategy
Symmetric for confidentiality (DES, 3DES, IDEA, RC4, AES)
Hashing for integrity (MD4, MD5, RIPEMD, SHA-1, SHA-2)
Asymmetric for authentication (RSA, El Gamal, ECC elliptic curve crypto)
Non-Repudiation is Asymmetric plus Hashing – condition where a message is a hash encrypted with the sender’s private key
Relationship of Encryption to Incidents and Threats
Elements needed for Encryption and Encryption Methods
Symmetric Encryption Systems
DES (Data Encryption Standard)
DES is a block encryption algorithm using 64-bit blocks. It uses a 64 bit key 56 bits of true key and 8 for parity. Characters are put through 16 rounds of transposition and substitution.
Devised in 1972 as a derivation of the “Lucifer” system
DES Describes the DEA (Data Encryption Algorithm)
FIPS PUB 46-1 (1977) and ANSI X3.92 (1981)
64bit blocks, 56-bit key and
16 rounds of transformation
Uses confusion and diffusion for encrypting plain text.
Confusion Conceals statistical connection between ciphertext and plaintext. Uses non-linear substitution boxes (S-Boxes)
Diffusion Spreads the influence of a plain text character over many ciphertext characters.
DES has 4 distinct modes of operation
Symmetric algorithm Encryption method where the sender and receiver use an instance of the same key for encryption and decryption purposes.
Out-of-band method Sending data through an alternate communication channel.
Asymmetric algorithm Encryption method that uses two different key types, public and private. Also called public key cryptography.
Public key Value used in public key cryptography that is used for encryption and signature validation that can be known by all parties.
Private key Value used in public key cryptography that is used for decryption and signature creation and known to the only key owner.
Public key cryptography Asymmetric cryptography, which uses public and private key values for cryptographic functions.
Block cipher Symmetric algorithm type that encrypts chunks (blocks) of data at a time.
Diffusion Transposition processes used in encryption functions to increase randomness.
Confusion Substitution processes used in encryption functions to increase randomness.
Avalanche effect Algorithm design requirement so that slight changes in the input result in drastic changes to the output.
Stream cipher Algorithm type that generates a keystream (random values), which is XORd with plaintext for encryption purposes.
Keystream generator Component of a stream algorithm that creates random values for encryption purposes.
Initialization vectors (IVs) Values that are used with algorithms to increase randomness for cryptographic functions.
Triple DES (3DES)
Encrypting plaintext with one DES key and then encrypting it with a second DES key is no more secure than using a single DES key, therefore, Triple DES is used to obtain stronger encryption
DES-EDE2 2 keys are used. Encrypt with 1, decrypt with 2 and then encrypt with 1 again.
DES-EEE2 2 keys used. Encrypt with 1, encrypt with 2, encrypt with 1.
DES-EEE3 3 keys used. Encrypt with 1, encrypt with 2, encrypt with 3. Most secure, but requires 3 keys.
Advanced Encryption Standard (AES)
Uses Rijndael block cipher, specifies three key sizes; 128, 192 or 256 bit. Choice of key determines encryption level. AES is the government standard for encrypting SBU information. Best suited for hardware encryption.
The number of rounds of transformation is a function of the key size used
256 bit – 14 rounds.
192 bit – 12 rounds.
128 bit – 10 rounds.
Symmetric Algorithms that provide bulk (data) Encryption services only
DES and 3DES
128-bit blocks in 16 rounds. Key lengths can be up to 256 bits.
A block cipher operating on 64-bit blocks with a key length of up to 448 bits. The blocks go through 16 rounds of crypto functions.
Ideas stand for International Data Encryption Algorithm. It operates on 64-bit blocks and uses a 128-bit key. (cont)
Symmetric Algorithms that provide bulk (data) Encryption services only
Performs 8 rounds on 16-bit sub-blocks. Each 64-bit block is divided into 16 smaller blocks and each block has 8 rounds of mathematical functions performed on it.
IDEA is harder to crack than DES for the same key size and is used in PGP.
Block cipher of the variable block length. Key can be 0-2048 bits, blocks can be 32, 64 or 128 bits and the number of rounds can be 0 – 255. Created by Ron Rivest and patented by RSA data.
Asymmetric Encryption Algorithms – Authentication and Public Key Crypto
Defacto standard for public encryption. Invented by Ron Rivest, Adi Shamir, and Leonard Adleman. Developed at MIT. Security comes from the difficulty of factoring large numbers. Public and private key are functions of a pair of large prime numbers. RSA is used in many web browsers with SSL.
Extends Diffie-Hellman to apply to encryption to digital signatures. Based on calculating discrete logarithms in a finite field.
Elliptical Curve Cryptosystem (ECC)
Provides much of the same functionality as RSA Digital signatures, secure key distribution, and encryption. ECC is very resource efficient – ideal for smaller devices. ECC providers higher protection with smaller keys than RSA. An ECC key of 160 bits is equivalent to a 1024-bit RSA key.
Asymmetric Encryption Algorithms
Public Key Cryptography
Public key cryptography uses asymmetric encryption for key encryption and secret key encryption for data. We use an asymmetric algorithm to encrypt the secret key.
Used for key distribution, NOT encryption, and decryption. Subjects can exchange session keys over a non-secure medium without exposing the keys.
“Secret” key used for one data exchange only. Usually randomly generated then encrypted using public cryptography
Public Key Infrastructure (PKI) – X.509
PKI is an ISO authentication framework that uses public-key
cryptography and X.509 standard protocols.
PKI provides authentication, confidentiality, non-repudiation and message integrity.
The PKI infrastructure contains the pieces that will identify the user, distribute and maintain keys, distribute and maintain certificates and allow certificate revocation.
Each individual taking part in PKI needs a digital signature signed by a CA.
Some well-known Certification Authorities are Entrust and VeriSign. The old method of revocation is handled by the certification revocation list (CRL).
New revocation is via Online Certificate Status Protocol OCSP
PKI is made up of the following entities and functions
Uses for PKI (Public Key Infrastructure)
LDAP, ISAKMP, IKE
LDAP is the standard format for accessing certification repositories. Availability and Integrity of LDAP servers is a concern.
ISAKMP Internet Security Association and Key Management Protocol.
IKE ISAKMP, Secure Key Exchange Mechanism (SKEME) and Oakley, combined.
ISAKMP defined the phases for establishing a secure relationship
SKEME describes a secure exchange mechanism
Oakley defined the modes of operation needed to establish a secure connection.
Can you match the exploit name to exploited protocol?
Prevents systems from processing or responding to legitimate traffic
Transmits data packets
Exploits a known fault in an OS, service or application
Results in system crash or CPU at 100%
Distributed reflective denial of service DRDoS
Reflected approach, rather than direct to victim, manipulates traffic so that attack is reflected back to victim from other sources
Example: DNS Poisoning and SMURF
Smurf and Fraggle Attacks
A smurf attack is another type of flood attack, but it floods the victim with Internet Control Message Protocol (ICMP) echo packets instead of with TCP SYN packets. More specifically, it is a spoofed broadcast ping request using the IP address of the victim as the source IP address. Ping uses ICMP to check connectivity with remote systems.
Normally, ping sends an echo request to a single system, and the system responds with an echo reply. However, in a smurf attack the attacker sends the echo request out as a broadcast to all systems on the network and spoofs the source IP address. All these systems respond with echo replies to the spoofed IP address, flooding the victim with traffic.
Smurf attacks take advantage of an amplifying network (also called a smurf amplifier) by sending a directed broadcast through a router. All systems on the amplifying network then attack the victim. However, RFC 2644, released in 1999, changed the standard default for routers so that they do not forward directed broadcast traffic. When administrators correctly configure routers in compliance with RFC 2644, a network cannot be an amplifying network. This limits smurf attacks to a single network. Additionally, it’s becoming common to disable ICMP on firewalls, routers, and even many servers to prevent any type of attacks using ICMP. When standard security practices are used, smurf attacks are rarely a problem today.
Fraggle attacks are similar to smurf attacks. However, instead of using ICMP, a fraggle attack uses UDP packets over UDP ports 7 and 19.
The fraggle attack will broadcast a UDP packet using the spoofed IP address of the victim. All systems on the network will then send traffic to the victim, just as with a smurf attack.
La la, lala lah la, la la la ladi dah (smurf song)
Robots or Zombies, introduced through malware, often browser based
Allows a herder to send instructions to the computer
Gamover Zues GOZ,
Esthost DNS Changer
Ping of Death – Teardrop and Land Attacks
Oversized packets, changes size of packets to over 64KB
Results crash, buffer overflow
Rarely successful today
Fragments traffic so data can’t be put back together
Sends spoofed SYN packets as both source and destination
SSLv3 is broken
What is SSLv3
Performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives.
A protocol describes how the algorithms should be used. A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program.
What is SSL and how did it get here?
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as 'SSL', are cryptographic protocols designed to provide communications security over a computer network.
Security protocol (cryptographic protocol or encryption protocol)
Cryptographic protocols are widely used for secure application-level data transport. A cryptographic protocol usually incorporates at least some of these aspects:
Key agreement or establishment
Symmetric encryption and message authentication material construction
Secured application-level data transport
Security protocol (cryptographic protocol or encryption protocol)
Secret sharing methods
Secure multi-party computation
For example, Transport Layer Security (TLS) is a cryptographic protocol that is used to secure web (HTTP/HTTPS) connections. It has an entity authentication mechanism, based on the X.509 system; a key setup phase, where a symmetric encryption key is formed by employing public-key cryptography; and an application-level data transport function. These three aspects have important interconnections. Standard TLS does not have non-repudiation support.
SSL Client to SSL Server Encryption and Key Exchange
Ring Layer Protection in Computing Systems