Domain_03:Security Architecture and Engineering

Threats to
Review
- Maintenance Hooks
  - Countermeasures
    - • Use a host-based intrusion detection system to watch for any attackers using back doors into the system.
    - • Use file system encryption to protect sensitive information.
    - • Implement auditing to detect any type of back door use.
  - Time-of-Check/Time-of-Use Attacks(TOC/TOU)
    - Race conditions
    - Countermeasures
      - Use lock
Computer Architecture
- encompasses
  - central processing unit,
  - memory chips
  - logic circuits
  - storage devices
  - input and output devices
  - security components
  - buses
  - networking interfaces
- Central processing
  unit (CPU)
  - program status word (PSW)
    - user mode (also called problem state)
    - privileged mode (also called kernel
      - or supervisor mode)
- Processor
  - Execution Types
    - Multitasking
    - Multithreading
    - Multicore
    - Multiprocessing
    - Multiprogramming
  - PROCESS STATES
    - Ready
    - Running
    - Waiting
    - Supervisory
    - Stopped
  - Operating Modes
    - User Mode
    - Privileged Mode
- Memory
  - Random access memory (RAM)
    - dynamic RAM (DRAM)
      - Hardware Segmentation
    - Static RAM (SRAM)
  - additional types of RAM
    - Synchronous DRAM (SDRAM)
    - Extended data out DRAM (EDO DRAM)
    - Burst EDO DRAM (BEDO DRAM)
    - Double data rate SDRAM (DDR SDRAM)
  - Read-Only Memory(ROM)
    - Programmable read-only memory (PROM)
    - Erasable programmable read-only memory (EPROM)
    - electrically erasable programmable read-only memory (EEPROM)
  - Cache Memory
    - Level 1 (L1) is faster than Level 2 (L2), and L2 is faster than L3
  - Memory Mapping
    - absolute addresses
    - logical addresses
    - relative addresses
  - Buffer Overflows
    - Memory Protection Techniques
      - address space layout randomization (ASLR),
      - data execution prevention (DEP),
  - Memory Leaks
    - garbage collector
    - developing better code
  - Secondary Memory
  - Memory Security Issues
  - Data Storage Devices
    - Primary vs. Secondary
    - Volatile vs. Nonvolatile
    - Random vs. Sequential
  - Memory Addressing
  - Storage Media Security
  - Emanation Security
  - Storage Security Issue
    - 3 main security issue with Secondary storage
    - Security issues with input and output device
    - Firmware
    - Vulnerability, Threat and Countermeasure
Operating Systems
System Security Architecture
- Security Policy
  - is a strategic tool that dictates how sensitive information and resources are to be managed and protected
- Security Architecture Requirements
  - trusted computing base (TCB)
    - is a collection of all the hardware, software, and firmware components within a system that provides some type of security and enforces the system’s security policy.
  - Security Perimeter
    - an imaginary boundary
  - Reference Monitor
    - is an abstract machine that mediates all access subjects have to objects, both to ensure that the subjects have the necessary access rights and to protect the objects from unauthorized access and destructive modification.
    - is an access control conceptreferred to as the
    - “reference monitor concept” or an “abstract machine.”
  - Security Kernel
    - is made up of hardware, software, and firmware components that fall within the TCB, and it implements and enforces the reference monitor concept
    - three main requirements
      - • It must provide isolation for the processes carrying out the reference monitor concept, and the processes must be tamperproof.
      - • It must be invoked for every access attempt and must be impossible to circumvent. Thus, the security kernel must be implemented in a complete and foolproof way.
      - • It must be small enough to be tested and verified in a complete and comprehensive manner.
    - The TCB is the totality of protection mechanisms within a computer system that work together to enforce a security policy
Techniques for Ensuring CIA
- Confinement
  - Confinement is a technique used to restrict access to sensitive information or resources within a system.
- Bound
  - Bound refers to the measures taken to limit access to sensitive information and resources within a system.
- Isolation
  - Isolation is a technique used to separate different components or systems in order to prevent unauthorized access or interference.
- Access Control
  - By implementing access control, organizations can ensure that only authorized individuals have access to sensitive information and resources, thereby protecting confidentiality, integrity, and availability.
- Trust and Assurance
  - Trust is the presence of a security mechanism, function, or capability
  - Assurance is the degree of confidence in satisfaction of security needs.
Cryptography Goal
- P - Privacy (Confidentiality)
- A - Authentication
  - PAIN
- I - Integrity
- N - Non-Repudiation
Secure Design Principles
- 1. Secure Defaults
  - default configuration reflects a restrictive and
    conservative enforcement of security policy.
- 1. Fail Securely
  - indicates that components should fail in a
    state that denies rather than grants access.
- 1. Keep it Simple
  - Complexity is the worst enemy of security.
  - Simplicity also helps to avoid configuration
    mistakes.
  - Enables organizations to move forward, improving
    incrementally, rather than demanding perfection.
  - Best-in-suite over best in breed solutions are
    one approach used to simplify defense in depth
- 1. Zero Trust Security
  - VERIFY
    IDENTITY
    - MANAGE
      DEVICES
      - MANAGE
        APPS
        
        PROTECT
        DATA
- 1. Privacy by Design
  - 1. Proactive and not a reactive approach
  - 1. Privacy as the Default setting
  - 1. Privacy must be embedded in the design
  - 1. Privacy should be a positive-sum approach and not a Zero-sum approach
  - 1. End to end full lifecycle data protection
  - 1. Visibility and transparency
  - 1. Keep privacy user-centric
- 1. Trust but Verify
  - depended on an initial authentication process to
    gain access to the internal “secured” environment
    then relied on generic access control methods.
- Threat Modeling
- Defense in Depth
- Least Privilege
- Separation of Duties
- Shared responsibility
Operating Systems
- Process Management
  - multiprogramming
  - multitasking
    - preemptive multitasking
    - Cooperative multitasking
  - two categories of interrupts
    - maskable
    - nonmaskable
  - Memory Stacks
    - last in, first out (LIFO)
  - Thread Management
  - Process Scheduling
    - denial-of-service
    - (DoS)software deadlock
  - Process Activity
    - Process isolation
      - • Encapsulation of objects
      - • Time multiplexing of shared resources
      - • Naming distinctions
        
        Process identification (PID)
      - • Virtual memory
- Memory Management
  - five basic responsibilities
    - Relocation
      - • Swap contents from RAM to the hard drive as needed
      - • Provide pointers for applications if their instructions and memory segment have been moved to a different location in main memory
    - Protection
      - • Limit processes to interact only with the memory segments assigned to them
      - • Provide access control to memory segments
    - Sharing
      - • Use complex controls to ensure integrity and confidentiality when processes need to use the same shared memory segments
      - • Allow many users with different levels of access to interact with the same application running in one memory segment
    - Logical organization
      - • Segment all memory types and provide an addressing scheme for each at an abstraction level
      - • Allow for the sharing of specific software modules, such as dynamic link library (DLL) procedures
    - Physical organization
      - • Segment the physical memory space for application and operating
        system processes
  - Memory Protection Issues
    - • Every address reference is validated for protection.
    - • Two or more processes can share access to the same segment with potentially different access rights.
    - • Different instruction and data types can be assigned different levels of protection.
    - • Processes cannot generate an unpermitted address or gain access to an unpermitted segment.
  - Virtual Memory
    - virtual memory paging
    - Swap space
      - While this unencrypted data is sitting in RAM, the system could
      - write out the data to the swap space on the hard drive in its unencrypted state
- Input/Output Device
  Management
  - Type
    - block
      - disk drive
    - character
      - printer, network interface card (NIC), or mouse,
  - Interrupts
    - • Programmed I/O
    - • Interrupt-driven I/O
    - • I/O using DMA
      - unmapped I/O
    - • Premapped I/O
    - • Fully mapped I/O
- CPU Architecture
  Integration
  - microarchitectures
  - Isolation
    - memory protection
    - ring-based architecture.
      - Image not available
  - CPU Operation Modes
    - kernel mode
      - ring 0
    - user mode
  - Process Domain
    - The higher the ring level that the process executes within, the larger the domain of resources that is available to it.
- Operating System
  Architectures
  - layered operating
  - System architecture
    - provide data hiding
  - Monolithic
  - Microkernel architecture
  - Hybrid microkernel architecture
- Virtual Machines
  - Virtual machines can be used to provide secure, isolated sandboxes for running untrusted applications.
Cryptography Definitions
and Concepts
- Definitions and Concepts
  - plaintext
    - Plaintext is the original and readable form of data or information before it is encrypted.
  - ciphertext
    - Ciphertext is the encrypted or encoded form of a message or data. It is the output of the encryption process, where the original plaintext is transformed into an unreadable format using a cryptographic algorithm and a secret key.
  - algorithm
    - cipher
  - key
    - A key is a piece of information used in cryptography to encrypt or decrypt data. It is essentially a secret code that is known only to the sender and receiver of a message.
- Cryptosystems
  - • Software
  - • Protocols
  - • Algorithms
  - • Keys
- Kerckhoffs’ Principle
  - the only secrecy involved with a cryptography system should be the key
  - the algorithm should be publicly known
- The Strength of the Cryptosystem
  - million-instruction-per-second (MIPS)
- One-Time Pad
  - • The pad must be used only one time.
  - • The pad must be as long as the message.
  - • The pad must be securely distributed and protected at its destination.
  - • The pad must be made up of truly random values.
  - • Secured at sender’s and receiver’s sites
- Running and Concealment Ciphers
  - running key cipher
  - concealment cipher
    - also called a null cipher
    - is a type of steganography method.
- Steganography
  - • Carrier A signal, data stream, or file that has hidden information (payload) inside of it
  - • Stegomedium The medium in which the information is hidden
  - • Payload The information that is to be concealed and transmitted
  - method
    - least significant bit (LSB)
Security Models
- Purpose
  - enables designers to establish an association between abstract statements and a security policy. Establishes the security implementation, subjects permitted access to the system, and objects to which they are granted access.
- Confidentiality/Integrity
  - Confidentiality
    - Be la Padula
      - enforces the confidentiality aspects of access control
      - is called a multilevel security system
      - it provides and addresses confidentiality only
      - Three main rules
        
        • Simple security rule
        
        no read up
        
        • *-property (star property) rule
        
        no write down
        
        • Strong star property rule
        
        states that a subject who has read and write capabilities can only perform both of those functions at the same security level
      - Example
    - Take Grant Model
      - TAKE – Take someone else's permissions
      - GRANT – Grant permissions to subordinates
      - CREATE – Create new rule
      - REMOVE – Remove a rule
    - Brewer & Nash Model
      - The Brewer and Nash model was created to permit access controls to change dynamically based on a user’s previous activity.
      - also called the Chinese Wall model
      - states that a subject can write to an object if, and only if, the subject cannot read another object that is in a different dataset.
      - The main goal of the model is to protect against conflicts of interest by users’ access attempts.
  - Integrity
    - BIBA Model - No read down, no write
      up
      - Examples
    - ClarK Wilson security model
      - Access Control triple
    - Goguen–Meseguer Model
    - Sutherland Model
  - Security model properties
    - simple = read;
    - star = write (old-school files have *star in titlebar when modified/edited/written)
- Noninterference Model
  - to ensure any actions that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level
  - Covert Channels
    - is a way for an entity to receive information in an unauthorized manner
    - storage
    - timing
- Graham-Denning Model
  - Define
    - addresses some of these issues and defines a set of basic rights in terms of commands that a specific subject can execute on an object.
  - Eight rules
    - • How to securely create an object
    - • How to securely create a subject
    - • How to securely delete an object
    - • How to securely delete a subject
    - • How to securely provide the read access right
    - • How to securely provide the grant access right
    - • How to securely provide the delete access right
    - • How to securely provide transfer access rights
  - Secure deletion and creation of object and subject
- State Machine Model
- Information Flow model
- Layered /Lattice & Rule-Based Model
- Access Control Matrix
  - Access Control List: Object Focused
  - Capability Table: Subject Focused
- Trusted Computing Base (TCB)
  - Reference monitor
    - enforces access control
  - Security kernel
    - implements access control
Cryptography Types
- Types of Ciphers
  - Substitution Ciphers
    - Caesar cipher
  - Transposition Ciphers
    - frequency analysis
- Confusion and Diffusion
Security modes
- Dedicated Mode
- System High Mode
- Multilevel Mode
  - S.C.A.N. (Signed NDA. Clearance. Approval. Need to Know)
- Compartmented Mode
Methods of Encryption
- Symmetric Algorithms
  - strengths and weakness
    - Strengths
    - • Much faster (less computationally intensive) than asymmetric systems.
    - • Hard to break if using a large key size.
    - Weaknesses
    - • Requires a secure mechanism to deliver keys properly.
    - • Each pair of users needs a unique key, possibly making key management overwhelming.
    - • Provides confidentiality but not authenticity or nonrepudiation.
  - examples
    - • Data Encryption Standard (DES)
    - • Triple-DES (3DES)
    - • Blowfish
    - • International Data Encryption Algorithm (IDEA)
    - • RC4, RC5, and RC6• Advanced Encryption Standard (AES)
  - Symmetric Key Management
    - Creation and Distribution of Symmetric Keys
      - Offline Distribution
      - Public Key Encryption
      - Diffie–Hellman
    - Storage and Destruction of Symmetric Keys
    - Key Escrow and Recovery
- Asymmetric Algorithms
  - Importance of Key Length
  - strengths and weakness
    - Strengths
      - • Better key distribution than symmetric systems.
      - • Better scalability than symmetric systems.
      - • Can provide authentication and nonrepudiation.
    - Weaknesses
      - • Works much more slowly than symmetric systems.
      - • Mathematically intensive tasks.
  - examples
    - Public and Private Keys
    - • Rivest-Shamir-Adleman (RSA)
    - • Elliptic curve cryptosystem (ECC)
    - • Diffie-Hellman
    - • El Gamal
    - • Digital Signature Algorithm (DSA)
    - Quantum Cryptography
      - Post-Quantum Cryptography
    - Asymmetric Key Management
- Block Ciphers
- Stream Ciphers
- Initialization Vectors
  - characteristics
    - • Easy to implement in hardware
    - • Long periods of no repeating patterns within keystream values
    - • A keystream not linearly related to the key
    - • Statistically unbiased keystream (as many zeroes as ones)
- Cryptographic Transformation Techniques
  - • Compression
  - • Expansion
  - • Padding
  - • Key mixing
- Hybrid Encryption Methods
- Session Keys
Systems Evaluation
- Common Criteria（CC)
  - name: ISO/IEC 15408
    - • ISO/IEC 15408-1 Introduction and general model
    - • ISO/IEC 15408-2 Security functional components
    - • ISO/IEC 15408-3 Security assurance components
  - Evaluation Assurance Level (EAL)
    - • EAL1 Functionally tested
    - • EAL2 Structurally tested
    - • EAL3 Methodically tested and checked
    - • EAL4 Methodically designed,tested, and reviewed
    - • EAL5 Semiformally designed and tested
    - • EAL6 Semiformally verified design and tested
    - • EAL7 Formally verified design and tested
  - protection profile
    - • Security problem description
      - Lays out the specific problems (i.e., threats) that any compliant product must address.
    - • Security objectives
      - Lists the functionality (i.e., controls) that compliant products must provide in order to address the security problems.
    - • Security requirements
      - These are very specific requirements for compliant products. They are detailed enough for implementation by system developers,and for evaluation by independent laboratories.
  - Components
    - • Protection profile (PP)
      - Description of a needed security solution.
    - • Target of evaluation (TOE)
      - Product proposed to provide a needed security solution.
    - • Security target
      - Vendor’s written explanation of the security functionality and assurance mechanisms that meet the needed security solution
    - • Security functional requirements
      - Individual security functions that must be provided by a product.
    - • Security assurance requirements
      - Measures taken during development and evaluation of the product to assure compliance with the claimed security functionality
    - • Packages—EALs
      - Functional and assurance requirements are bundled into packages for reuse.
Types of Symmetric
Systems
- Information Table_Symmetric Encryption Memorization Chart
- Data Encryption Standard (DES)
  - Data Encryption Algorithm(DEA)
  - 56 bits make up the true key
  - The result is 64-bit blocks of ciphertext
  - brute-force attack
  - DES Modes
    - • Electronic Code Book (ECB)
      - • Operations can be run in parallel, which decreases processing time.
      - • Errors are contained. If an error takes place during the encryption process, it only affects one block of data.
      - • It is only usable for the encryption of short messages.
      - • It cannot carry out preprocessing functions before receiving plaintext.
    - • Cipher Block Chaining (CBC)
    - • Cipher Feedback (CFB)
    - • Output Feedback (OFB)
    - • Counter (CTR) Image not available
- Triple-DES (3DES)
  - Triple-DES
    - • DES-EEE3
    - • DES-EDE3
    - • DES-EEE2
    - • DES-EDE2
- Advanced Encryption Standard (AES)
  - AES candidates
    - FIPS PUB 197
      - • MARS Developed by the IBM team that created Lucifer
      - • RC6 Developed by RSA Laboratories• Serpent Developed by Ross Anderson, Eli Biham, and Lars Knudsen
      - • Twofish Developed by Counterpane Systems
      - • Rijndael Developed by Joan Daemen and Vincent Rijmen
  - Rounds
    - • If both the key and block size are 128 bits, there are 10 rounds.
    - • If both the key and block size are 192 bits, there are 12 rounds.
    - • If both the key and block size are 256 bits, there are 14 rounds.
- International Data Encryption
  Algorithm (IDEA)
- Blowfish
- Rivest Ciphers
  - Rivest Cipher 4 (RC4)
  - Rivest Cipher 5 (RC5)
  - Rivest Cipher 6 (RC6)
  - Cryptography Notation
    - shorthand
      - w = Word size, in bits, which can be 16, 32, or
        64 bits in length
      - r = Number of rounds, which can be 0 to 255
      - b = Key size, in bytes
    - RC5-32/12/16
Certification vs.
Accreditation
- Certification
  - is the comprehensive technical evaluation of the security components and their compliance for the purpose of accreditation.
- Accreditation
  - is the formal acceptance of the adequacy of a system’s overall security and functionality by management
- Certification and accreditation (C&A)
  - Federal Information Security Management Act of 2002 (FISMA)
Transitive trust
- Open Systems
  - Systems described as open are built upon standards, protocols,and interfaces that have published specifications.
- Closed Systems
  - Systems referred to as closed use an architecture that does not follow industry standards.
Types of Asymmetric
Systems
- Diffie-Hellman Algorithm
  - MQV (Menezes-Qu-Vanstone)
  - based on the difficulty of calculating logarithms in a finite field.
- RSA
  - Diving into Numbers
  - One-Way Functions
  - provides: digital signatures, secure key distribution, and encryption.
- El Gamal
  - based on the difficulty of calculating logarithms in a finite field.
  - used for digital signatures,encryption, and key exchange.
- Elliptic Curve Cryptosystems(ECC)
  - provides: digital signatures, secure key distribution, and encryption.
- Knapsack
  - was discovered to be insecure and is not currently used in cryptosystems
- Zero Knowledge Proof
Systems Security
- Client-Based Systems
  - Client-Based Systems
    - Mobile Code
    - Local Caches
- Server-Based Systems
  - Large-Scale Parallel Data Systems
    - SMP- The scenario where a single computer contains multiple processors that are treated equally and controlled by a single OS is called symmetric multiprocessing (SMP).In SMP, processors share not only a common OS but also a common data bus and memory resources. In this type of arrangement, systems may use a large number of processors. The collection of processors works collectively on a single or primary task, code, or project
    - AMP - In asymmetric multiprocessing (AMP), the processors are often operating independently of one another. Usually, each processor has its own OS and/or task instruction set, as well as a dedicated data bus and memory resources. Under AMP, processors can be configured to execute only specific code or operate on specific tasks (or specific code or tasks are allowed to run only on specific processors; this might be called affinity in some circumstances).
  - Grid Computing
    - Grid computing is a type of computing that connects multiple computers or servers to work together as a single system. It allows for the sharing of computational resources and enables large-scale data processing and analysis.
  - Peer to Peer
    - Peer to Peer is a type of network where computers directly communicate with each other without the need for a central server.
- Distributed Systems or Distributed Computing Environment DCE
  - ■■ Access by unauthorized users
  - ■■ Masquerading, impersonation, and spoofing attacks of users and/or devices
  - ■■ Security control bypass or disablement
  - ■■ Communication eavesdropping and manipulation
  - ■■ Insufficient authentication and authorization
  - ■■ A lack of monitoring, auditing, and logging
  - ■■ Failing to enforce accountability
- Cloud Computing
  - Shared responsibility model
    - IaaS
    - PaaS
    - SaaS
  - Models
    - Public
    - Private
    - Hybrid
  - CASB
    - A cloud access security broker (CASB) is a
      security policy enforcement solution that may
      be installed on premises or in the cloud.
- Parallel Computing
  - Bit-level parallelism
    - takes place in every computing device we use these days 32bit64bit
  - Instruction-level parallelism
  - Task-level parallelism
  - data parallelism
    - describes the distribution of data among different nodes that then process it in parallel
- Database Systems
  - Aggregation
    - is the act of combining information from separate sources
  - Inference
    - is the ability to derive information not explicitly available.
    - Context-dependent access control
    - content-dependent access control
    - Cell suppression
      - is a technique used to hide specific cells that contain information that could be used in inference attacks
    - Noise and perturbation
      - is a technique of inserting bogus information in the hopes of misdirecting an attacker or confusing the matter enough that the actual attack will not be fruitful.
- Web-Based Systems
  - analyzing the website architecture
  - failing securely
  - WAF
  - ssecurity through obscurity
  - encryption
  - human element.
- Mobile Systems
  - issues
    - • False base stations can be created.
    - • Confidential data can be stolen.
    - • Camera and microphone functionality can be used improperly.
    - • Internet sites can be accessed in violation of company policies.
    - • Malicious code can be downloaded.
    - • Encryption can be weak and not end to end.
  - enterprise mobile device security
    - • Only devices that can be centrally managed should be allowed access to corporate resources.
    - • Remote policies should be pushed to each device, and user profiles should be encrypted with no local options for modification.
    - • Data encryption, idle timeout locks, screen-saver lockouts,authentication, and remote wipe should be enabled.
    - • Bluetooth capabilities should be locked down, only allowed applications should be installed, camera policies should be enforced, and restrictions for social media sites (Facebook, Twitter, etc.) should be enabled.
    - • Endpoint security should expand to mobile endpoints.
    - • 802.1X should be implemented on wireless VoIP clients on mobile devices.
- Industrial Control Systems
  - Distributed Compute System (DCS)
    - DCS units are typically found in industrial process plants where the need to gather data and implement control over a large-scale environment from a single location is essential. A DCS focuses on processes and is state driven
  - Programmable logic controllers (PLCs)
    - PLC units are effectively single-purpose or focused-purpose digital computers. They are typically deployed for the management and automation of various industrial electromechanical operations, such as controlling systems on an assembly line or a large-scale digital light display (such as a giant display system in a stadium or on a Las Vegas Strip marquee).
  - Supervisory control and data acquisition (SCADA)
    - SCADA focuses on datagathering and is event drive,SCADA is often referred to as a human-machine interface (HMI) since it enables people to better understand, oversee, manage, and control complex machine and technology systems.
- Internet of Things (IoT)
  - IoT devices
    - Smart home devices
    - Wearable devices
    - Industrial IoT devices
  - IoT communication protocols
    - Wi-Fi
    - Bluetooth
    - Zigbee
    - Z-Wave
  - Challenges in IoT security
    - Device vulnerabilities
    - Data privacy and protection
    - Network security
    - Authentication and authorization
    - Firmware and software updates
    - Physical security
- Microservices
  - Infrastructure as Code
- Containerization
  - Containerization is a method of virtualization that allows applications and their dependencies to be packaged into lightweight, portable containers.
  - These containers provide an isolated and secure environment for running applications, ensuring that they are not affected by changes or conflicts in the underlying system.
  - By using containerization, organizations can improve system security by reducing the attack surface and minimizing the impact of vulnerabilities.
  - Containerization also enables easier deployment and scaling of applications, as containers can be quickly spun up or down without affecting other containers or the overall system.
- High-Performance Computing
  (HPC) Systems
  - Real-time OS (RTOS)
- Edge and Fog Computing
- Virtualized Systems
  - Hypervisors
    - Type I hypervisor
      - A native or bare metal hypervisor. In this configuration, there is no host OS; instead, the hypervisor installs directly onto the hardware where the host OS would normally reside.
    - Type II hypervisor
      - A hosted hypervisor. In this configuration, a standard regular OS is present on the hardware, and the hypervisor is then installed as another software application.
- Embedded Devices and Cyber-Physical
  Systems
  - Static Systems / Nonpersistent Environment /Stateless
  - Network-Enabled Devices
  - Cyber-Physical Systems
  - Elements Related to Embedded and Static Systems
  - Security Concerns of Embedded and Static System
  - Specialized Devices
Message Integrity
- SHA
- MD5
- RIPEMD
- The One-Way Hash
  - Hash Message Authentication Code(HMAC)
  - Cipher Block Chaining Message Authentication Code (CBC-MAC)
  - Cipher-Based Message Authentication Code (CMAC)
  - CCM
    - CTR + CBC-MAC
- Various Hashing Algorithms
  - characteristics
    - • The hash should be computed over the entire message.
    - • The hash should be a one-way function so messages are not disclosed by their values.
    - • Given a message and its hash value, computing another message with the same hash value should be impossible.
    - • The function should be resistant to birthday attacks
- Hash Functions
  - SALTS
  - Digital Signature Standards
- Attacks Against One-Way Hash Functions
  - Birthday Attack
Site and Facility
Security
- • Natural environmental threats
- • Supply system threats
- • Manmade threats
- • Politically motivated threats
Public Key Infrastructure
- Certificate Authorities
  - registration authority(RA)
  - Online Certificate Status Protocol (OCSP)
    - certificate revocation list (CRL).
- Certificates
  - The Registration Authority(RA)
- PKI Steps
- made up
  - • Certification authority
  - • Registration authority
  - • Certificate repository
  - • Certificate revocation system
  - • Key backup and recovery system
  - • Automatic key update
  - • Management of key histories
  - • Timestamping
  - • Client-side software
- supplies the following security services
  - • Confidentiality
  - • Access control
  - • Integrity
  - • Authentication
  - • Nonrepudiation
The Site Planning
Process
- physical security program
  - • Crime and disruption prevention through deterrence
    - Fences, security guards, warning signs, and so forth
  - • Reduction of damage through the use of delaying mechanisms
    - Layers of defenses that slow down the adversary, such as locks,security personnel, and barriers
  - • Crime or disruption detection
    - Smoke detectors, motion detectors, CCTV, and so forth
  - • Incident assessment
    - Response of security guards to detected incidents and determination of damage level
  - • Response procedures
    - Fire suppression mechanisms, emergency response processes,law enforcement notification, and consultation with outside security professionals
- Crime Prevention Through Environmental Design(CPTED)
  - Natural Access Control
    - Sidewalks, lights, and landscaping
  - Natural Surveillance
    - security guardsCCTVstraight lines ofsight, low landscaping,raised entrances
  - Natural Territorial Reinforcement
    - Open areas
- Designing a Physical Security Program
  - Investigate
    - • Construction materials of walls and ceilings• Power distribution systems
    - • Communication paths and types (copper, telephone,fiber)
    - • Surrounding hazardous materials
    - • Exterior components
      - • Topography
      - • Proximity to airports, highways, railroads
      - • Potential electromagnetic interference from surrounding devices
      - • Climate
      - • Soil
      - • Existing fences, detection sensors,cameras, barriers
      - • Operational activities that depend upon physical resources
      - • Vehicle activity
      - • Neighbors
  - various regulations
    - safety and health regulations; fire codes; state and local building codes; Departments of Defense, Energy, or Labor requirements;or some other agency’s regulations.
    - Every organization should have a facility safety officer
    - Occupational Safety and Health Administration (OSHA)
    - Environmental Protection Agency (EPA)
  - Facility
  - Construction
    - Walls
      - • Combustibility of material (wood,steel, concrete)
      - • Fire rating• Reinforcements for secured areas
    - Doors
      - • Combustibility of material (wood, pressed board, aluminum)
      - • Fire rating
      - • Resistance to forcible entry
      - • Emergency marking
      - • Placement
      - • Locked or controlled entrances
      - • Alarms
      - • Secure hinges
      - • Directional opening
      - • Electric door locks that revert to an unlocked state for safe evacuation in power outages
      - • Type of glass—shatterproof or bulletproof glass requirements
    - Ceilings
      - • Combustibility of material (wood, steel, concrete)
      - • Fire rating
      - • Weight-bearing rating
      - • Drop-ceiling considerations
    - Windows
      - • Translucent or opaque requirements
      - • Shatterproof
      - • Alarms
      - • Placement
      - • Accessibility to intruders
    - Flooring
      - • Weight-bearing rating
      - • Combustibility of material (wood, steel, concrete)
      - • Fire rating
      - • Raised flooring
      - • Nonconducting surface and material
    - Heating, ventilation, and air conditioning
      - • Positive air pressure
      - • Protected intake vents
      - • Dedicated power lines
      - • Emergency shutoff valves and switches
      - • Placement
    - Electric power supplies
      - • Backup and alternative power supplies
      - • Clean and steady power source
      - • Dedicated feeders to required areas
      - • Placement and access to distribution panels and circuit breakers
    - Water and gas lines
      - • Shutoff valves—labeled and brightly painted for visibility
      - • Positive flow (material flows out of building, not in)
      - • Placement—properly located and labeled
    - Fire detection and suppression
      - • Placement of sensors and detectors
      - • Placement of suppression systems
      - • Type of detectors and suppression agents
  - Entry Points
    - Doors
      - • Vault doors
      - • Personnel doors
      - • Industrial doors
      - • Vehicle access doors
      - • Bullet-resistant doors
      - mantrap
        
        piggybacking
      - turnstiles
        
        piggybacking
    - Window Types
      - • Standard
      - • Tempered
      - • Acrylic
      - • Wired
      - • Laminated
      - • Solar window film
      - • Security film
  - Internal Compartments
    - Server Rooms
      - Water detectors
        
        • Equipment
        
        • Flooring
        
        • Walls
        
        • Computers
        
        • Facility foundations
      - Location of water detectors
        
        • Under raised floors
        
        • On dropped ceilings
        
        uninterrupted power supply (UPS) or generators
        
        HVAC
  - Distribution Facilities
    - one main distribution facility (MDF)
    - intermediate distribution facilities (IDFs)
    - more external data lines
  - Storage Facilities
Applied Cryptography
- Services of Cryptosystems
  - provide the following services
    - • Confidentiality
    - • Integrity
    - • Authentication
    - • Authorization
    - • Nonrepudiation
- Digital Signatures
  - • A message can be hashed, which provides integrity.
  - • A message can be digitally signed, which provides authentication, nonrepudiation, and integrity.
- Digital Signature Standard
  - The Digital Signature Standard (DSS) is a digital signature algorithm used to authenticate the integrity and authenticity of digital documents or messages.
  - DSS is based on public key cryptography, where a private key is used to create a digital signature that can be verified using the corresponding public key.
  - Digital signatures created using the DSS algorithm provide assurance that the document or message has not been tampered with and that it was indeed signed by the claimed sender.
  - DSS is widely used in various applications, including secure communication, electronic transactions, and data integrity verification.
- Key Management
  - Kerberos
    - Kerberos is a network authentication protocol that provides secure communication over an insecure network
    - It uses symmetric key cryptography to authenticate clients and servers and establish a trusted connection
    - Kerberos uses a trusted third-party server called the Key Distribution Center (KDC) to manage and distribute encryption keys
    - Once authenticated, clients and servers can securely communicate and exchange data using the keys provided by the KDC
  - Key Management Principles
    - Key management principles involve the secure generation, distribution, and storage of cryptographic keys.
  - Rules for Keys and Key Management
    - • The key length should be long enough to provide the necessary level of protection.
    - • Keys should be stored and transmitted by secure means.
    - • Keys should be extremely random, and the algorithm should use the full spectrum of the keyspace.
    - • The key’s lifetime should correspond with the sensitivity of the data it is protecting.
    - • The more the key is used, the shorter its lifetime should be.
    - • Keys should be backed up or escrowed in case of emergencies.
    - • Keys should be properly destroyed when their lifetime comes to an end.
- Trusted Platform Module
  - TPM Uses
    - Persistent Memory
      - • Endorsement Key (EK)
      - • Storage Root Key (SRK)
    - Versatile Memory
      - • Attestation Identity Key (AIK)
      - • Platform Configuration Registers (PCR)
      - • Storage keys
- Digital Rights Management (DRM)
  - Protecting digital content
  - Preventing unauthorized access
  - Controlling distribution
  - Enforcing usage restrictions
  - Managing licenses
  - Securing intellectual property
  - Limiting copying and sharing
- Portable Devices
- Email
  - PGP
  - S/MIME
- Web Applications
  - Secure Sockets Layer (SSL)
    - SSL ensures that data transmitted between a web server and a client remains encrypted and cannot be intercepted by unauthorized parties.
  - Transport Layer Security (TLS)
    - It works by establishing a secure connection between the client (web browser) and the server hosting the web application.
- Tor and the Dark Web
  - Tor uses a network of volunteer-operated servers to encrypt and redirect internet traffic, making it difficult to track users' online activities.
  - The Dark Web is often associated with illegal activities, such as drug trafficking and hacking, but it can also be used for legitimate purposes, such as anonymous communication and bypassing internet censorship.
- Steganography and Watermarking
  - Steganography techniques involve hiding data within images, audio files, video files, or even text files, making it difficult for unauthorized individuals to detect the hidden message.
  - Watermarking, on the other hand, adds a visible or invisible mark or identifier to a digital asset, such as an image or document, to prove its authenticity or ownership.
- Networking
  - Circuit Encryption
- IPsec
  - IPsec stands for Internet Protocol Security.
  - It is a set of protocols used to secure internet protocol (IP) communications.
  - IPsec provides confidentiality, integrity, and authenticity of data transmitted over IP networks.
Cryptographic Lifecycle
- Key Generation
- Key Distribution
- Key Management
  - Key Storage
  - Key Revocation
- Encryption
- Decryption
- Key Destruction
- Key Renewal
Internal Support
Systems
- Electric Power
  - Power Protection
    - UPSs
      - Online UPS systems
    - Standby UPS
    - Backup power
    - power line conditioners
    - backup sources
  - Electric Power Issues
    - interference
      - electromagnetic interference (EMI)
      - radio frequency interference (RFI),
    - different types of voltage fluctuations
      - Power excess
        
        • Spike Momentary high voltage
        
        • Surge Prolonged high voltage
      - Power loss
        
        • Fault Momentary power outage
        
        • Blackout Prolonged,complete loss of electric power
      - Power degradation
        
        • Sag/dip Momentary low-voltage condition, from one cycle to a few seconds
        
        • Brownout Prolonged power supply that is below normal voltage
        
        • In-rush current Initial surge of current required to start a load
  - Preventive Measures and Good Practices
    - • Employ surge protectors to protect from excessive current.
    - • Shut down devices in an orderly fashion to help avoid data loss or damage to devices due to voltage changes.
    - • Employ power line monitors to detect frequency and voltage amplitude changes.
    - • Use regulators to keep voltage steady and the power clean.
    - • Protect distribution panels, master circuit breakers, and transformer cables with access controls.
    - • Provide protection from magnetic induction through shielded lines.
    - • Use shielded cabling for long cable runs.• Do not run data or power lines directly over fluorescent lights.
    - • Use three-prong connections or adapters if using two-prong connections.
    - • Do not plug outlet strips and extension cords into each other.
- Environmental Issues
  - Fire Prevention, Detection, and Suppression
    - Types of Fire Detection
      - Portable fire extinguishers
      - Fire Resistance Ratings
      - Smoke-activated detectors
        
        are good for early warning devices
      - Heat-activated detectors
        
        can be configured to sound an alarm either when a predefined temperature (fixed temperature) is reached or when the temperature increases over time (rate-of-rise)
        
        Rate-of-rise temperature sensors
        
        fixed-temperature sensors
      - Four Types of Fires and Their Suppression Methods
    - Fire Suppression
      - The Montreal Protocol banned halon in 1987
      - The most effective replacement for halon is FM-200
    - Water Sprinklers
      - • Wet pipe
      - • Dry pipe
        
        holding tank
        
        allowing the water valve to be opened by the water pressure.
      - • Preaction
        
        similar to dry pipe systems
        
        not released right away
        
        A thermal-fusible link on the sprinkler head has to melt before the water is released.
      - • Deluge
        
        A deluge system has its sprinkler heads wide open to allow a larger volume of water to be released in a shorter period
Cryptographic Attack
- Analytic Attack
- Implementation Attack
- Statistical Attack
- Brute-Force Attack
- Fault Injection Attack
- Side-Channel Attack
- Timing Attack
- Frequency Analysis and the Ciphertext-Only Attack
- Known Plaintext
- Chosen Plaintext
- Chosen Ciphertext
- Meet-in-the Middle Attack
- Man-in-the Middle Attack
- Birthday Attack
- Replay Attack
Cloud Computing
- Shared responsibility model
  - IaaS
  - PaaS
  - SaaS
- Models
  - Public
  - Private
  - Hybrid
Access Control Model
- 1. Discretionary Access Control: Owner, creator or custodian define access to the objects. Uses Access control list (known as Identity based access control)
- 1. Non-Discretionary Access Control: Centrally managed by administrators. (Hint: Any model which is not DAC, can be called as Non-DAC)
- 1. Role Based Access Control: Access is defined based on the role in an organization and subjects are granted access based on their roles. Normally it is implemented in
    the organizations with high employee turnover.
- 1. Rule Based Access Control: There are set of rules. e.g. Firewall. Global rules are applied to all users equally.
- 1. Mandatory Access Control (Lattice Based): Implemented in high secure organizations such as Military. It is compartment based.
  - a. Hierarchical - Clearance of Top secret gives access to Top secret as well as Secret
  - b. Compartmentalized - Each domain represents a separate isolated compartment.
  - c. Hybrid - Combination of both
- 1. Attribute Based Access Control: Rules that can include multiple attributes. e.g. working hours, place of work, type of connection etc.