kubectl port-forward vault-0 8200 -n=vault
Friday, June 28, 2019
Automates your workflows and making developing and testing kubernetes applications
Garden is a developer tool that automates your workflows and makes developing and testing Kubernetes applications faster and easier than ever.
https://github.com/garden-io/garden
https://github.com/garden-io/garden
Git Pro-Tips
How to switch a git branch ?
git checkout -b feature/kg-test
< response : switched to the new branch feature/kg-test >
How to check on which branch your ?
git branch
* feature/kg-test
How to pull the changes in the new branch ?
first we need to set it:
> git branch --set-upstream-to=origin/feature/kg-test
> git pull
< the latest changes are available now >
git checkout -b feature/kg-test
< response : switched to the new branch feature/kg-test >
How to check on which branch your ?
git branch
* feature/kg-test
How to pull the changes in the new branch ?
first we need to set it:
> git branch --set-upstream-to=origin/feature/kg-test
> git pull
< the latest changes are available now >
Tuesday, June 18, 2019
Fundamentals of Cryptography
Fundamentals of cryptography
After completing this course, you will be able to:
Explain the roles of encoding, encryption and hashing and the differences between them.
Explain the roles of the digital signature and HMACs and differences between them.
Explain the purpose of digital certificates and public key infrastructure ( PKI )
Identify some common applications of cryptography
Understand that cryptograph is complex and requires strong expertise to be properly implemented and validated.
Identify some of the complexities of cryptograph such as critical role of randomness.
Understand that as difficult as cryptography is, there are no real alternatives to achieving the level of security it can provide if properly implemented and validated.
Module overview
This module provides an introduction to cryptography, how cryptograph can help secure applications and data, and the standard model used to convey cryptographic security concepts.
Module Objective
After completing this module, you will be able to:
Explain why cryptograph is important
Identity some of the cryptography-related failures in recent security breaches.
Explain some of the costs versus benefits of cryptographic security solutions.
Identify the component of the standard cryptographic security model
Fundamentals of cryptography
The Standard cryptographic security model
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> diagram -1 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
In the standard cryptographic security model, Alice is the party that wants to send a message, Bob is the message recipient, Evil Eve is a passive interceptor, and Malicious Mallory is an active interceptor
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> diagram -2 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Caesar Cipher
Cryptograph have its origin in the ancient times, the best cipher is the Caesar cipher.
( it is the simple substitution system where the letters of the alphabet
>>>>>>>>>>>>>>>> diagram -3 and diagram-4 <<<<<<<<<<<<<<<<<<<<<<<
Modern cryptograph uses far more complex keys and ciphers along with new components, but the essential goal is the same: to communicate information privately.
Why is cryptography important ?
The news is full of security breaches at government organizations and at well known companies such as Sony, Target, Home Depot, PF Chang’s , Dairy Queen, Niemen Marcus the list seems endless.
Many other types of organizations that hold or use valuable information have been targets as well, such as universities and healthcare organizations.
And every few months we have new reports of security flaws being found in software intended to secure systems.
Most information disclosure from security breaches result from one or more of the following:
A failure to use cryptography to secure data
An incorrect use of cryptography in securing data
An implementation error in the cryptography software itself
The Hard Part
“…Cryptography has done more to damage the security of digital systems than it has to enhance it.
“For the most part, cryptography has done little more than give internet users a false sense of security by promising security but not delivering it. And that’s not good for anyone except the attackers.
“The reasons for this have less to do with cryptography as a mathematical science, and much more to do with cryptography as an engineering discipline. [ As engineers ], we have developed, implemented and fielded cryptographic systems… what we have been less effective at is converting the mathematical promise of cryptographic security in to a reality of security. As it turns out, this is the hard part.
“Too many engineers consider cryptography to be a sort of magic security dust that they can sprinkle over their hardware or software, and which will imbue those products with they mythical property of security.’ Too many consumers read product claims like ‘encrypted and believe in the same magical security dust. Reviewers are no better, comparing things like key lengths and on that basis, pronouncing one product to be more than another.
“Security is only as strong as the weakest link and the mathematics of cryptography is almost never the weakest link. The fundamentals of cryptography are important but far more important how those fundamentals are implemented and used.
Niels Ferguson, Bruce Schneier
Preface to Practical Cryptography
Costs vs Benefits of Using Cryptography
Benefits:
Protects the confidentiality of information
Ensures the integrity of information ( ensures that information has not been modified in an unauthorized fashion ).
Verifies the authenticity ( origin ) of information
Controls access to information
Note that cryptography cannot ensure the availability of information and systems.
Costs
Complex and resource intensive
Affects system performance
Administrative costs related to access control and key management
Operational and maintenance costs ( key rotation, replacing the algorithm and patching of the system and automatic recovery ).
New hardware , employees and processes ( New hardware purchases, New employees will be hiring, New process will be bought in to the online ).
False sense of security if not implemented properly
Bottom line :
There is no viable alternative to cryptography for securing information
Deploying Cryptography
You should have the knowledge and experience to handle this.
( and individual rolls in the project )
Deployment of cryptographic solution requires:
Taking the packaged application that uses the cryptography and making it available to use in an organization is very difficult from a business perspective,
( It requires two things mainly Threat model and Business case )
Threat modeling, use case analysis
Firm grasp of the technical , administrative , maintainence and operational aspects of the solution
Solid understanding of the fundamentals of cryptography
( including the cryptographic component and each of that threat that affects the solution ).
You no need to understand the mathematical touch of each algorithm.
Training - even the use and maintainence of previously deployed cryptographic solutions requires specialized knowledge
Building cryptographic solutions using pre-existing components and libraries is extremely difficult. This must be left to the true experts.
Question :
There is no viable alternative to cryptography for securing information , applications and system
True
( The benefits of proper use of cryptography far outweigh the costs. For the foreseeable future, cryptography is the only viable option to adequately protect the confidentiality of information, ensure that information has not been modified in an unauthorized fashion, verify the origin of information and control access to information ).
Module summary
In this module, you learned what cryptography is, why it is important and the costs versus the benefits of using cryptography. You also learned that using cryptography introduces risks and vulnerabilities into your system if not properly implemented , validated and secured
You learned that most cryptographic problems are often stated using a standard model of parties communication, whether the parties are people, components or systems and you learned the names and roles of the parties used in this standard model.
Module overview and objectives
All modern cryptographic systems are based on four components
A source of randomness
Algorithms to perform cryptographic manipulation of information
Cryptographic keys
Mechanism to manage and distribute cryptographic keys
This module introduces you to each of these components
After completing this module, you will able to
Identify the components of a cryptographic system
Explain the critical role of randomness in cryptography
Identify common cryptographic algorithms
Identify the types and roles of cryptographic keys
Explain the key management problem
Components of Modern cryptographic systems
In the ancient times,
Bob is sending the secret message to John using the Caesar cipher and the relative simple key ( shift 3 right )
In the modern times,
Involving four components for doing that,
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> diagram 1 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[ Algorithms , keys , key distribution , Randomness ]
Predictablility is the enemy of the cryptography.
Going through the four key components,
Randomness
Effective cryptography requires a source of random numbers. Random numbers are:
Statistically uniformly distributed
Independent of predecessor and successor
Generated from a non-deterministic source, such as hardware random number generator ( RNG )
Not every cryptography app can have a hardware random number generator ( PRNGs ) are used instead.
Cryptographically secure PRNGs use seeds as a source of entropy. Seeds are numbers or vectors used to initialize a PRNG
High-entropy seeds are needed
Best seed source: Hardware random number generator
Next best source : operating system pseudorandom number device drivers
Least desirable source: software-collected entropy sources
Proper seeding is critical. Follow the seeding recommendations of your PRNG
Flawed Random number generators
Flaws in random number generators have allowed cryptographic security to be compromised. For example
Debian Linux : A flawed patch to the OpenSSL random number generator caused cryptographic keys to be predictable and rendered secure shell ( SSH ) and other network connections hackable
The US NSA intentionally introduced a vulnerable pseudo random number generator into a NIST standard . Anyone using that vulnerable random numbers generator could have their cryptographic security trivially compromised by the NSA
Apple’s IOS 7.0 used a new, flawed psuedorandom number generator. It led to kernel exploits against iOS
Always use cryptographically secure pseudorandom number generators , such as the one supplied by your cryptographic software suite.
Randomness : Review of terminology
Deterministic : A system or process that always produces the same output for a given initial state or predictable output for a variable initial state.
Probabilistic : A system or process in which. There is some indeterminacy to the output even if the initial conditions and/or starting point are known
Entropy : a measure of the disorder ( randomness ) in a system
Random number : A number, where a sequence of such numbers are uniform and independent
True random number : A number generated from a non-deterministic source, such that a sequence of such numbers is truly random
True random number generator : A hardware random number generator that produces true random numbers
Hardware Random number generator : A device that generates random numbers from physical processes that are unpredictable high entropy sources, and extracts measurements of that entropy in a manner that results in sequences of numbers that are statistically uniformly distributed
Cryptographically secure pseudorandom number generator : A pseudorandom number generator using seed sources of high entropy, that produces unpredictable pseudorandom numbers and which possess properties suitable for use in cryptography
Seed : A number of vector used to initialize a pseudorandom number generator
Algorithms
An algorithm is a well-defined set of steps for performing a task. There are three types of algorithm in cryptography : hash functions , ciphers and encoders
Hash functions : Takes arbitrarily sized input and procedure a shorter fixed length output
A cryptographically secure hash functions:
Produces a result from which you cannot feasibly produce the source data.
No two inputs will produce the same result
Cipher : Used for encryption and decryption
Symmetric ciphers use a single key for both encryption and decryption
Asymmetric cipher use two separate, but related keys
The security of the entire system depends on secure key management
Encoder : Transforms information from one representational format to another
Used by most cryptographic systems to convert binary information into textual representations.
Encoders do not provide any information security. If a process can be reversed and it does not use keys, it is an encoder, not a cipher and it will provider privacy of data
Algorithms
Ciphers, hash functions and encoders are the basis of algorithms for :
Psuedorandom number generation
Key generation and management
Message authentication code creation and validation
Digital signature creation and validation
Cryptographic keys
Cryptographic keys lock and unlock digital information protection mechanisms, such as ciphers, message authentication code and digital signatures
There are two general types of cryptographic keys : symmetric and asymmetric.
Symmetric key
The same key is used both to encrypt and decrypt
The key must remain secret
Symmetric keys are used in ciphers and message authentication codes
Asymmetric key
Asymmetric keys are used in ciphers and digital signatures
They come in public and private key pairs
The public key is for public distribution. It is used by the public to encrypt plaintext and to verify digital signatures
The private key is to be used only by its owner. It is used to decrypt cipher text and create digital signatures
The private key must remain secret
Use of public key and private key
Bob Alice
( Alice’s public key ) ( Alice’s private key )
Bob uses this to encrypt the message to Alice
Because Alice has her own private key
Only Alice can encrypt the bob’s message
( the greatest problem with the public key is to verify its authenticity ).
In other words, if bob has Alice’ public key what guarantee is the public key is Mallorys public key ( manipulation may happened ) that is the purpose of digital certificate.
A digital certificate verifies the authenticity of a public key ( this certiifcate is verified by the third-party ).
( in the cryptography model we called the trant ).
The key distribution problem : Symmetric keys
If you want to distribute the secret key to someone you need to communicate with, then it is safe to use the sniffer net in person for example on a memory stick.
( the key distribution becomes complex with the symmetric keys ).
Asymmetric key solution
Asymmetric keys solve the key distribution problem, because public keys can be freely distributed with no concern for secrecy:
Two common means of distributing public keys are:
Out-of-band distribution of public key fingerprints
Digital certificates
A Public key fingerprint is:
A short sequence of characters used to authenticate a public key
Usually a hash of the public key and associated identity information
Created by the key owner
Commonly distributed by an out-of-band method ( a method separate and distinct from the key distribution method )
Consider a common example:
Out-of-band distribution of public key fingerprints are often provided for the email security.
The sender of the public key sends the key to the one of the widely recognized public key servers. Then they will include the public key in the email signature. Anyone want to verify there public key as its fingerprint its readily available. If the recepient does not trust that fingerprint they can use other means to verify such as the phone call or IAM.
These are been considered out of band method.
A digital certificate is an electronic document used to prove ownership of a public and private key pair.
The certificate is created by a trusted third party based on information submitted by the key owner.
Digital certificate consists of
Public key
Key Owner: Bob
Key Issuer: Trent
Expiration Date: December 14, 2020
Digital Signature: Trent
The distribution method is the context specific, for example the certificate issuer often included with the operating system and your browser.
When such certificates are sent to the browser as a part of the HTTPS authentication process. Users certificates are provided to the authentication servers during the login process, these are few examples of how certificates are distributed.
Common certificate distribution methods is being discussed in detail.
Module summary:
Introduction: In this topic, you learned some brief historical background about cryptography
Randomness: In this topic, you learned that correctly seeded, cryptographically secure pseudorandom number generators are critical to cryptographic security.
You also learned that flaws in cryptographic random number generator have allowed cryptographic security to be compromised.
Algorithms: In this topic, you learned that algorithms are the computational engines of cryptographic systems, and include ciphers, hash functions and encoders.
They are the basis for:
Pseudorandom number generation
Key generation and management
Digital signatures creation and validation
Message authentication code creation and validation
Digital certificate creation and validation
Cryptographic keys
In this topic, you learned about symmetric and asymmetric keys and the stringent requirement to prevent the disclosure of secret and private keys. You learned that with symmetric keys, a single key performs both encryption and decryption of a message and the symmetric keys are used by ciphers and message authentication codes
You learned that with asymmetric key pairs, the public keys and private key perform inverse operations on a message: public keys are used to encrypt plaintext and verify digital signatures, while private keys are used decrypt cipher text and create digital signatures.
You also learned that asymmetric keys are used by ciphers and digital signatures.
Key distribution
In this topic, you learned about the complexities of key distribution and about the use of public key fingerprints and digital certificates to verify the authenticity of public keys.
Module overview
This module presents an overview of the fundamental services provided by every cryptographic application suite
Module objectives
After completing this module, you will able to:
Explain encoding and decoding
Explain encryption and decryption
Explain the difference between encoding and encryption
Explain hashing
Identify the appropriate applications of encoding, encryption and hashing
The appropriate uses of encryption, hashing and encoding
The three fundamental cryptographic services include the following:
Encryption : Protects the confidentiality of information
Hashing : Verifies the integrity of information
Encoding: Makes it easier to store, transmit or read binary data.
- Providers no information security, but makes it easier to read binary data.
- Encoding’s only legitimate role is the textual representation of binary information.
These fundamental cryptographic services can be combined to create other important cryptographic services, such as digital signatures.
Encoding and Decoding
Encoding: An easily reversible process for rendering information in to a different representation
The small item of the information is the 8 bit byte
Information mostly stored in the multiple zip bytes.
ASCII : One reprepresentation of computers internal binary code
A = Binary : 8 bit binary code ( 01000001 ) Hexa : 0x41
( this is nothing but the binary value in to the ASCII character ).
Decoding: Converts encoded information into its original form.
0x48656C6C6F20576F726C6421 >>>>> ASCII characters ( Hello World!)
Base64 Encoding:
Is used to process binary data or other character sets that are not ASCII characters
Uses 6-bit values to represent the information
For example, the ASCII string ‘Hello’ has the Bse64 encoded value ‘SGVsbG8’.
Base64 decoding:
Is the reverse process of Base64 encoding
Does not require any special knowledge and offers no security
Insecure use of Base64 is a concern:
Many widely deployed protocols such as HTTP BASIC AUTH, attempt to use Base64 to protect information
Base64 offers no protection
No special knowledge, such as a key is required to decode Base64 or any other type of encoded information.
No encoding scheme should ever be used on its own in any attempt to protect information.
Decoding Exercise: Hex
View the ASCII-to-hex conversation chart below to decode the following hex-encoded string:
496E73656375726521
As you see, encoding data offers no real protection, as it is neither confidential not secure.
Symmetric vs Asymmetric ciphers
There are two types of ciphers and there are two types of keys:
Symmetric ciphers: use symmetric keys and the types of the services provided by the symmetric ciphers are sometimes refer to a secret key cryptography.
In symmetric ciphers there are two groups of ciphers:
Block ciphers which process information in fixed length blocks
Stream ciphers which process information one byte at a time
Asymmetric ciphers use asymmetric keys and the services provided by the asymmetric ciphers usually refer to public-key cryptography
In general Symmetric ciphers substantially faster hardware acceleration support ( hardware acceleration on many hardware CPUs ).
Requires substantially shorter key length to achieve the given length
With symmetric ciphers is the key distribution, that is how does the secret key of Bob gets to the Alice. ( that is we are having key distribution problem in the symmetric ciphers ).
> solves the key distribution problem, the ability to publish the public key still have security encryption, one of the most common usefulness of the asymmetric ciphers is to establish an encrypted connection to the secret key is exchanged. Everytime when someone connects the HTTPS connection on the internet ( TLS Is activated ) which use ( TLS ) Transport layer security, use both asymmetric and symmetric ciphers:
> TLS creates an encrypted connection using asymmetric cipher and keys.
> TLS uses this channel or through this connection, the client and server exchange a symmetric key, and establish a new encrypted connection based on faster symmetric ciphers.
> The remainder of the TLS session uses symmetric cipher-based connections.
Relation between the keys and ciphers
Example : Alice want to send the same message to Charle and bob and she is going to use the same Cipher Encrypt for the Charle and Bob and she is going to use different keys one for Bob and one for Charlie.
Before the message is encrypted it is called plain text and the encrypted text is called the Cipher text
If the Alice use the same cipher but two different keys to encrypt the same plain text what she gets is two different Cipher texts ( Ciphertext 1 and Ciphertext 2 ) .
In a well designed Cipher, when encrypting a new given text any minor key variation results in different Cipher texts.
With out having the both keys running the encryption for both times twice it is impossible to predict what exactly the changes would be.
Decrypting the cipher key with the proper text will result in proper plain text
Decrypting the cipher with the wrong ket results in the Garbage or error
Encrypting the plaintext with the same key for twice will result in same Ciphertext
( this is the problem, this makes the attacker to compromise your things much easier ).
Note : you want every cipher text to be unique.
To answer this problem, we want to add the randomness to the text everytime when it is encrypted. The cipher always creates unique Cipher text.
Even for the same plain text, however the decryption side of the communication for the message to be properly decrypted the cipher needs to know what randomness is added to the plain text
The plaintext during the encryption, there are several approaches to be created the randomness,
You can use unencrypted intialazation vector which is prepended to the message ( plaintext ) because the intialization factor is not encrypted this randomness is used in the decryption operation to properly decrypt the cipher text in returning the original plain text .
It is safer to send the randomness things unencrypted
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> diagram-8 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Relationship between key length and Ciphers
Many ciphers can operate with different length keys.
Changing the length of a key is equivalent to changing keys. For example, the following are two different and unique keys:
For a given cipher, using a longer key:
Usually, but not always, results in stronger encryption
May result in decreased performance
Performance impact may not be worth the relative increase in security
Determining the best key length is complex. See standards such as FIPS-140
FIPS-140
AES - Advanced Encryption Standard ( AES ), also known as Rijindael, is an encryption algorithm used as the US Governments standard and widely accepted around the world.
Algorithm - An algorithm is a sequence of steps used to perform a logical operation
Asymmetric keys - Asymmetric keys are keys used for Asymmetric cryptography. They are always in the form of a public/private key pair. The public key may be freely distributed. It is used for encrypting, and for verifying digital signatures. The private key must be kept secret. It is used for decrypting and for digital signing
Availability - Availability means that you must have reliable access to system resources
Base64 Encoding : Base64 encoding schemes are commonly used when there is a need to encode binary data that needs to be stored and transferred over media that is designed to deal with textual data. This is to ensure that the data remains intact without modification during transport. Bae64 is commonly used in a number of applications, including email via MIME and storing complex data in XML
Source : https://en.wikipedia.org/wiki/Base64
Certificate Revaction list ( CRL ) is a list of certificates that used to be valid but have since become untrusted. A certificate revocation list is usually maintained and distributed by a Certificate Authority
Certificate Signing Request ( CSR ) : In public key infrastructure ( PKI ) systems, a Certificate Signing Request ( also CSR or Certification request ) is a message sent from an applicant to a certificate authority in order to apply for a digital identity certificate
Chain of Trust refers to the trust relationship hierarchy between users of digital certificates. The chain of trust begins with a registration authority’s Root Certificate, continues through to an Intermediate Certificate signed with the Root Certificate, which continues to Certificates signed by the Intermediate certificate and so on. The chain of trust allows you to verify that a given certificate has been legitimately issued by trusted parties.
Cipher : A cipher also known as a cryptographic algorithm, is an algorithm for encrypting or decrypting information
Ciphertext : the contents of a message after it has been encrypted
CSR : See Certificate Signing Request ( CSR )
Decoding : The reverse process of encoding
Decryption : See Encryption
Denial of service : The prevention of legitimate users from using a system or service
Digital Certificate : See X.509
Digital Signature : A digital signature is a mechanism of hashing public and private key encryption. This allows you to not only validate the data, but also to check whether the data has been changed or modified In transit or on the disk
Encoder : An encoder is a process or algorithm that converts information from its original form to a different form. Encoders do not use any secret element, there fore information cab usually be trivially decoded beck to its original form. Encoders should never be relied upon on their own for the purposes of information security
Encoding : The reversible process of converting information from one format to another
Encryption : The process of transforming information using a cipher algorithm to make it unreadable to anyone except to those possessing special knowledge. The special knowledge is usually referred to as a decryption key.
Fingerprint : See Public key Fingerprint
FIPS 140 : Federal information processing standards publications ( FIPS PUBS ) are issued by the National institute of standards and technology ( NIST ). FIPS-140 describes the security requirements for cryptographic modules
Hash : In the context of information security, a hash is usually the output from a cryptographic hashing functions ( a one-way function that transforms a given input into a concise, fixed-length output). Most commonly, hashes are stored passwords that have been scrambled by cryptographic hashing functions for protection. One important property of hashes is that they cannot be turned back in to the original. Unscrambled form. Cryptographic hashing functions can also be used to validate integrity of data - if a piece of Fata matches a hash, that mean that the hash has been computed from the same input.
Hash Based Message Authentication Code HMAC
A short piece of information based on a cryptographic hash function used to verify a message’s authenticity. It is an encrypted hash or keyed hash of the page combined with the session ID
HMAC : see Hash-based message authentication code ( HMAC )
HTTPS : HTTPS Acronmys for “hypertext transfer protocol over secure socket layer.” Secure HTTP that provides authentication and encrypted communication on the world wide web designed for security-sensitive communication such as web-based logins
IMAP : Internet Message Access Protocol
Integrity : Integrity Is essentially the ability to validate data, ensuring that it hasn’t been accessed or modified by unauthorized users.
Key : A cryptographic key is a piece of information that is passed as one of the inputs to a cryptographic function to encrypt or decrypt data. A valid key is required to successfully decrypt encrypted data. A key has to be sufficiently long to encrypt data securely
Key management is a very important part of symmetric cryptography because it involves generating secret material that will be used to encrypt/decrypt plain text information
MAC : See Message Authentication code ( MAC )
MitM ( Man in the Middle Attack ) : A man-in-the-middle attack is any attack on a communications system that requires the attacker to act as a relay between the sender and the recipient of the communication. By acting as a relay, the attacker is able to access and/or modify the data in transmit. Accessing or modifying the data in transit by acting as a relay is the essence of the man-in-the-middle attack
Message Authentication code ( MAC ) is a keyed algorithm used to authenticate a message, to provide integrity, and to assure authencity. The recipient of the message, to provide integrity, and to assure authenticity. The recipient of the message must verify the MAC with the secret key used to create the MAC. A MAC is usually used with symmetric encryption algorithms to make more secure.
PKI : See Public Key Infrastructure
Plaintext : The contents of a message before it is encrypted
Private key : A private key is one of the keys used in public key cryptography. The private key is the key that is kept secret and used to decrypt data
PRNG : Pseudo-random number generator ( PRNG )
Pseudo Random number generator ( PRNG ) : A pseudo-random number generator ( PRNG ) is an algorithm that attempts to provide random numbers to be used by cryptographic solution. A weak PRNG means a weak cryptographic solution, even if everything else is done correctly - if an attacker is able to predict the pseudo-random numbers used for cryptography, the attacker will usually be able to defeat the cryptographic solution.
Public Key Infrastructure ( PKI ) is a system for binding users with public keys by means of a Certificate Authority. The purpose of PKI systems is to provide a usable framework, based upon public key cryptography, which allows users who have had no prior contact to securely communicate with one another.
Random Number generator : A Random number generator ( RNG ) is a device that can produce a series of numbers that lack any pattern. A weak RNG is one that may appear to produce a series of random numbers, but in actually produces a series that contain subtle patterns or relations. Since RNGs are a key component in many security systems like encryption algorithms, it is important for RNGs to be strong and not have predictable values.
Registration Authority: A registration Authority ( RA ) is an authority in a network that verifies user requests for a digital certificates and tells the Certificate authority ( CA ) to issue it.
Seed: The number or vector; used to initialize a pseudo random number generator. Seeds need to be based on strong entropy or else an attacker might be able to guess the stream of numbers produced by the generator.
Compromising the cryptographic scheme
Symmetric cryptography : Symmetric cryptography uses the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties. And the fact that both parties have access to the secret key is one of the main drawbacks of symmetric encryption, in comparison too asymmetric, or public-key, encryption
TLS : is a cryptographic protocol to provide secure communication in a networked environment. TLS Is the successor of Secure Socket Layer ( SSL ) . SSL/TLS is widely used on the internet to secure communications by applications and web sites
VPN:
Virtual private network ( VPN ) is a private network constructed across a public network. It implements security measures that encrypt data before sending it and decrypt it at the receiving end.
Relationship between key length and Ciphers
Many ciphers can operate with different length keys
Changing the length of a key is equivalent to changing keys. For example, the following are two different and unique keys:
0x00000020 0x00000000000000020
For a given cipher, using a longer key:
> Usually, but not always, results in stronger encryption
May result in decreased performance
Performance impact may not be worth the relative increase in security
Determining the best key length is complex. See standards such as FIPS-140
Using different ciphers with the same plaintext and key will result in radically different cipher text
Using the same length key with different ciphers will not produce the same strength encryption.
Factors affecting cryptographic performance include the following:
Symmetric vs asymmetric : Symmetric ciphers are much faster
Choice of cipher : different ciphers have different performance characteristics
Key length : the longer the key, the slower the cipher
Parallel processing capability : ciphers designed for parelle processing will be faster, but only with appropriate hardware and software implementation
Hardware acceleration : for example, many CPUs have built-in instruction to accelerate AES encryption. Your cryptographic package must be written and compiled to take advantage of those instructions.
Cryptographic Hash Functions
Input Algorithm Hash value
Bat SHA-1 0xACDF41B2A87507140847219F011290C5F872476E
Cat SHA-1 0xCEBE54C7626CB1CEFACA5F7F5EA6C96B4A7A2882
Cryptographic Hash Functions is an algorithm that takes the variable length input generates a unique fixed-length output called the Hash value.
It is mathematically impossible to recover the original input value by knowing only the output value.
In a well-designed cryptographic hash function even a minor change in the input value creates a substantial change in generated hashes.
A given hash function always produces the same length hash value regardless of the size of the input for the given input
Same input + same hash algorithm > same hash value
Algorithm Hash length
SHA-1 160 bits
SHA-224 224 bits
SHA-256 256 bits
SHA-384 384 bits
SHA-512 512 bits
Same input + Different hash algorithm > Different hash value
Factors that affect hashing performance are algorithm, length if input and hardware acceleration
Q : All hashing algorithm of a given hash length produce the same hash value for a given input.
A : Each hashing algorithm produces its own unique hash value. A given hashing algorithm for a given input always produces the exact same hash value.
Module summary:
The pieces of the puzzle : In this topics, you learned that encoding is trivially reversible, that encryption is reversible if you know the encryption key and that hashing is not reversible.
Encoding and Decoding
In this topic, you learned that encoding is the conversation of information from one representational code into a different representational code, and that decoding is the conversation of encoded information into its original representation code.
You also learned that encoding schemes offer no confidentiality to information because encoded information is trivially decoded to its original form.
Additionally, you learned that Base64 encoding is used to encode data for transport via protocols that only support ASCII text data. It is often misapplied and used as an inappropriate substitution for encryption
Encryption and decryption
In this topic, you learned some basic concepts of encryption and decryption.
You learned about ciphers, keys and the dependency of encryption on the combination of both cipher and key.
Cryptographic hashing
In this topic, you learned the basic concepts of hashing
You learned that any given hash function always produces the exact same output for any given set of input, and that different hash functions that produce a given length hash create different unique outputs for the same input
Module overview and objectives
Module overview
This module provides an overview of message integrity functions
Module objectives
After completing this module, you will able to:
Explain what a message integrity function is
Explain the difference between a message authentication code and a digital signature
Explain how a digital signature works
Explain how encrypting and signing a message works
Explain how message authentication codes works
Explain why a digital signature is superior to a cryptographic hash for validating software integrity
Message Integrity Functions : MACs and Digital signatures
Example:
Bob got message from Alice and Bob wants to make sure that the message from Alice and it is complete.
( he wants to verify the messages integrity, he want to confirm that the message is generally from ALICE and that is authenticity.
Message integrity functions is from the cryptographic algorithm and make sure the message is not tampering.
( tampering is the attack against the integrity, authenticity or availability ).
From the message integrity functions we can limit the definition of tampering to integrity and authenticity.
Spoofing and forgery have a wide range of attacks
( such as replaying the previous said message or creating a message pretending to be a someone you’re not ).
Unfortunately most message integrity functions do not defend against the replay attacks, but they do protect against many spoofing and forgery attacks.
A Simple cryptographic hash could tell us the message we received matches the message the sender intended.
Unfortunately hash do not uses any kind of secret or private key and we don’t know who sent the message. ( this causes the problem of integrity).
There are two types of the Message integrity functions:
Message Authentication Code ( MAC ) key ( symmetric )
Digital Signature key ( Asymmetric )
Like all other cryptographic functions message integrity functions relay on the secret or the private keys, if these keys become disclose, then message integrity functions provide a false sense of the security and they can no longer assure that the message is subjected to the tampering.
MAC ( Message Authentication code ) assures the Authenticity and the integrity.
Digital signature assures the Authenticity, Integrity and the Non-repudiation
MAC vs Digital signatures
Example : If Alices gives MAC for authenticity and integrity her message to Bob then must have the access for the same secret key is to generate the MAC.
Because the bob and Alice shared the secret key, either of them can generate the MAC
Example of Digital Signature
On the other hand, If the Alice generates the digital signature to verify the authenticity and integrity of her message she uses her private key to generate the digital signature that means Bob only needs access to the original message.
The Digital signature and the Alice’s public key to verify the authenticity and integrity of the message.
As long as the Alice’s kept private key private and selected the secure kind of algorithms to generate the digital signature then Alice only could generate the secure digital signature.
( then the Bob is confident that the message is from the Alice ). ( that means his content is not tampered with ).
Unlike the MAC ,digital signature provides the non-repudiation assurance . Because of this digital signature are widely deployed then MACs.
Q: Tampering is only an attack against integrity
A : Tampering is an attack against authenticity, availability or integrity
MAC provides assurance for authenticity and integrity
HMACs : Introduction
Message authentication codes are based on symmetric cryptography. This creates a key distribution problem and is a major reason why MACs are less commonly used than digital signatures
There are several different MAC schemes. Most only assure message authenticity and integrity, and do not support the advanced features of digital signatures such as non-repudiation
Only one MAC scheme is commonly used called HMAC ( hash-based message authentication code ).
Creating an HMAC
The standard approach to building HMAC is defined in RFC 2104
HMAC was designed to use any standard iterative cryptographic hash function in combination with a shared secret key to produce a message authentication code.
To quote from the RFC, “The cryptographic strength of HMAC depends on the properties of the underlying hash function”.
Every iterative cryptographic hash algorithm processes messages one block at a time.
A block is a fixed length portion of the string
The block size varies between different cryptographic hash algorithms
The symmetric key should be at least the same size as the internal block size of the hashing algorithm being used.
Note: Never write your own HMAC function. Always use functions from well-known and fully verified cryptographic libraries.
The steps to create an HMAC are as follows:
step1: Create two hashing keys ( key1 & key2 ) and manipulating the shared secret key
Step2: Hashing key 1 and append to the original message step2-result
Step3: Step2 result add the hash >>>> step3 result
Step4 : Hashing key 2 + step 3 result >> step 4 result
Step5: Apply the hash function to the step4 result >> HMAC
Creating a Digital signature
Alice want to make sure the message was not tampered with.
She only wants to sign it but not encrypt it.
Before publishing the message, she sents the public key to the world. After creating the message Alice uses her the digital signature software to sign her message.
The process used in the software ( The process for creating the digital signatures is as follows: ),
Step 1: the software creates the hash of the message ( original message >>>>>>hash>>>>>>> Message hash ).
Step2: Message hash >>>>>> Encrypts using the Alices private key >>>>>>>> Encrypted hash
Step3: The software takes the encrypted hash >>>>>>uses Base64 encode >>>>> encoded encrypted hash
Step4: Then software appends the encoded encrypted hash + original message >>>>>>> message hash
Alices sends the message and hash to the Bob
Bob’s digital signature software processes Alice’s message as follows,
Step 1 : The software separates the encoded encrypted hash from the message
[ Message hash >> original message + encoded encrypted hash ]
Step2 : and then computes the hash from the message itself
[ original message >>>> hash >>>> message hash ]
Step3 : the software base64 decode the encoded encrypted hash
[ encoded encrypted hash >>>>>> Base64 decode >>>>> encrypted hash ]
Step 4: the software then uses the Alice’s public key to decrypt the hash
[ encrypted hash >>>>>>>> Alices public key *decrypt* >>>>> Decrypted hash ]
Step5: And compares the hash value computed for the message
[ Message hash ? = Decrypted hash ]
( if both the messages are compared and good and Bob can confirm that messages are tampering ).
Creating an encrypted and signed message :
If Alice wants to keep the contents of the message private, she will need to both sign and encrypt the message
Before making the public key to the internet by Alice.
She need to make the things using the software ( both sign and encrypt the message ).
Step 1: The digital signature software generates a one-time session key
( this is the secret key generated by the cryptographic secure pseudo random number generator ).
( PRNG >>>>>>>>> ALICE >>>>>>>>>>> one time session key )
( as you remember secret keys are used in symmetric encryption )
Step 2: The software then encrypts the session key using Bobs public key
[ one time session key >>>>>>>>> bObs public ket ( encrypt ) >>>>> encrypted session key ]
Step 3: creates the hash function in the original message
[ original message >>>>>>>>>>>> hash >>>>>>>>>>>>>>> message hash ]
Step 4: Encrypts the hash using the Alice’s private key ( encrypt )
[ Message hash >>>>>>>>. Alice’s private key ( encrypt ) >>>>>>>>> encrypted hash
Step 5: Appends the encrypted has to the original message
[ original message + encrypted hash >>>>>> message+hash ]
Step 6: for the message+hash using the one-time session key ( encrypt ) gets the encrypted message + hash
[ message + hash >>>>>>>> one-time session key ( encrypt ) >>>>>>>>> encrypted message +hash ]
Step 7 : plus hash prepares the encrypted message + hash gets the encrypted K+M+H
[ encrypted session key + encrypted message + hash >>>>>> encrypted K+M+H ]
Step 8 : encrypted K+M+H Base64 encoded will get the encoded encrypted K+M+H
[ Encrypted K+M+H >>>>>> Base64 encoded >>>>> Encoded encrypted K+M+H ]
ALICE WILL SENT THIS TO THE Encoded encrypted K+M+H TO THE BOB
From Bob side,
The digital signature software processes Alices message received by Bob as follows
Step 1: Encoded encrypted K+M+H software Base64 decode in to the encrypted K+M+H
[ Encoded encrypted K+M+H >>>>>. Bae64 decode >>>>>>>> encrypted K+M+H ]
Step 2 : splits the encrypted session key from the encrypted message + hash
[ encrypted K+M+H >>>>>>> encrypted session key + encrypted message + hash ]
Step 3: encrypted session key >>>>>>>> Bob’s private key ( decrypt ) >>>>>> one-time session key
Step4: encrypted message + hash one-time session key ( decrypt ) gets message + hash
[ encrypted message + hash
Step 5: splits the encrypted hash from the message.
[ message + hash >>> original message + Encrypted hash ]
Step 6: original message >>>>>> hash >>>>>>>>>>>> message hash
Step 7 : Encrypted hash >>>> Alices public key ( decrypt ) >>>>>> decrypted hash
Step 8 : finally the software compares the hash value
( to the hash value the Alice encrypted, if the two values are same ).
Then the Bob is assured the message is not tampered with.
Other uses for digital signatures
In addition to protecting messages from tampering, digital signatures have a wide variety of applications and can be used to protect any type of data.
Can serve as an electronic equivalent to a hand written signature, such as for signing contracts and other legal documents
Can be used to protect and validate software
Can be used by software to self-validate before execution. Or the software launcher can use digital signatures to validate software before allowing it to execute
Can be used by operating systems to validate firmware and software during the boot proces. However the most common schemes in use today still have significant attack vectors.
Digital signaturs: review of terminology
Element Action or use
Sender’s public key used to decrypt the messages hash value
Senders private key used to encrypt the messages hash value
Recipient’s public key. Used to encrypt the session key
Recipient’s private key used to decrypt the session key
Session key used to encrypt the sender’s message and encrypted hash value
Encrypted session key prepended to the senders encrypted message
Senders encrypted hash Appended to the senders encrypted message
Cryptographically secure pseudorandom number used to create the session key
Base 64 used to encode the binary encrypted message, including encrypted session key and encrypted hash value
Module summary:
Message integrity functions
In this topic, you learned about message integrity
You also learned the difference between digital signatures and message authentication codes
Message Authentication codes ( MACs )
In this topic, you learned how message authentication codes work and how an HMAC is created
You also learned why digital signatures are generally preferred over MACs and why MACs occasionally may offer an advantage over digital signatures
Digital signatures
In this topic, you learned how to create a digital signatures and how to create an encrypted and signed message.
You also learned why a digital signatures is superior to a cryptographic hash for validating software integrity
Module overview and objectives
Module overview:
This module provides an overview of digital certificates and the pki required to support the creation, distribution and use of digital certificates
Module objectives
After completing this module, you will be able to:
Explain the most common types of digital certificates
Explain the digital certificates creation process
Identify the components and roles of a public key infrastructure
Explain the weaknesses in the digital certificates trust model
Digital certificates
When we discussed the digital signatures ,we discussed that Alice has published his public key to the world.
We also mentioned that Alice required Bobs public key inorder to sign and encrypt the message to him ,
So, how can Alice publish the public key in a format that other people can use to verify that the key actually belongs to her and how can the Alice be sure that the public key for Bob is legitimate.
The Answer has two parts,
Digital certificates and Trent
A digital certificate is an electronic document used to prove the ownership of the public key ideally the trusted third-party creates the digital certificate.
In a standard cryptographic model, a trusted third-party often uses the name “Trent” , the information contained in the digital certificate typically includes the owners public key, ( the owners verified identity ) Key Owner : Alice , ( The issuers identity ) Key Issuer: Trent and Expeirtation Date : Dec 14 2020 , ( one or more issuer created digital certs ) Digital Signature: Trent that validates the integrity of the certificate and the authenticity of the Issuer.
( Trent a trusted third-party is essential hear ).
For the public facing digital certificates, the trusted third-party Trent is called the registrar
( Registrars are the companies that verify the identities and sign the digital certificates ).
( Registrars includes companies such as the Verisign, Thawte, comodo, Digicert Entrust )
( For the private issuer things the authority is called the registration authority ).
Certificate Signing Request:
To a digital certificate you must create a Certificate Signing Request
A Certificate Signing Request ( CSR ) is an electronic document that is sent to the registrar and used to create a digital certificate
Create a digital certificate for the sake of the simplicity we call it as the registrar
There are two kinds of registrar one is the public registrar and the Internal registrar. ( Internal registration authority ).
To generate a CSR
The steps tp generate a CSR are:
- Securely generate a new public/private key pair. Always keep the private key secure.
- Use the registrar’s CSR utility to enter the certificate details such as
( if the registrar lacks the vendor specific utility you can always use the CSR generation capabilities of your cryptographic package such as the openssl) , most CSR utilities want the following,
> Location of the public key for the certificate
> Organization name, city, state and ISO country code
> Fully qualified domain name ( FQDN ) of the server that will use the certificate
> Email address of the organizations certificate administrator
( the registrar may also request information specific to the type of the certificate being created , once the CSR is being generated submit it to the registrar , Submit the CSR), along with payment and proof that you are authorized to create the certificate
Note: The email address used in the CSR should be an alias or a mailing list, and not the email address of an individual.
This prevents an expiration notice from being sent to an inactive or invalid email address, which could result in expiration of your certificate, causing your website, VPN, or other resource to become inaccessible.
Common types of Digital Certificates
Certificate Type Description
Single server Tied to a single, fully qualified domain name such as: www.example.com
[ Many registrars called this as SSL certificate, this certificate is tied to the single fully qualified domain name ]
Unified communications (UC) Tied to multiple, fully qualified domain names with in a single domain name such as:
/ Subject Alternative name ( SAN) www.example.com, www2.example.com , secure.example.com
Extended validation ( EV ) ( Indicates that the registrar has extensively validated the identity of the certificate owner and warrants that the certificate guarantees that you are accessing a resource under the control of that owner )
( some uri turns green during an EV certificate ).
Personal Asserts the owner’s identity, such as for email signing and encrypting and for smart cards ( such as the employee badges, national identity cards and credit cards ).
Software-Signing Used to digitally sign the software
( these are usually issued by the operating system vendors such as Apple and Microsoft ).
Hardware identity contains make, model and serial number information, manufacturer-specific information and device-specific info
( installed on the electronic devices by the manufacturer ).
Certificate signing allows the holder to issue and sign certificates within a given scope
( for example : if the scope of the signing certificate is example.com , example.net , example.org and example.info then the signing certificate used to create and sign certificates for any of these domains and these can be only used for the www.example.com but not for the www.microsoft.com ).
Root Allows its holder to sign certificates for any scope
( A root certificate is a special signing certificate that Allows its holder to sign certificates for any scope, although anyone can create the root certificate for the certificate to be considered valid it must be installed on all the systems inorder to recognize it, root certificates are installed by the operating system and browser vendors. Who recursively validate the root certificates they accept and install ).
Self-signed Signed by its creator; does not have a recognized root certificate as its signer
( self-signed certificates are useful in small organizations inorder to avoid the expense and the complexity of establishing the in-house facility to issue and manage an unimportant certificates such as those used for the software testing or internal host identification ).
There are many more types of certificates but these are more encounter on a regular basis.
Perhaps the most important type of certificate is the ROOT CERTIFICATE because the registrar the trusted third-party, the certificates it issued must be trusted the relationship between those certificates is referred to as a chain of trust .
In a chain of trust we will receive a certificate with a signature to verify the signature is generated by a trusted registrar. You check the registrar digital certificate known as Root certificate.
Every valid certificate is a chain of trust starts from a root certificate your operating system and Many of your applications such as the web browsers have a list of root certificates and those are trusted as valid. Some of the registrar use the root certificate to sign all of the certificates they issue.
Others use an intermediate certificate to sign the certificates they issue.
And intermediate certificate that been signed by a certificate and can intern be used to sign the certificates.
Although there is no limit to the number of levels of the intermediate certificates in a chain of trust from a practical stand point there are rarely more than five,
For example,
The end issued certificate might be signed by a intermediate and the intermediate certificate might be signed by a well-known registrar.
The registrar root certificate is embedded in the operating systems key chain and marked as a trusted. When validating an issued certificate, each certificate in the chain is checked all the way back to the root.
If any certificate fails the chain validation, the entire chain is invalid. To validate the certificate : first extract the signature from the end-issued certificate and validate this by using the intermediate certificate public key and next extract the signature from the intermediate certificate and validated using the root certificates public key, finally validate the root certificate and make sure that is in the operating systems key chain and that is marked as trusted.
Keep in mind this is over the simplification and other information such as the certificate expiration is also checked in the validation process.
Certificate Authority
Public key infrastructure or PKI, supports issuance, maintainence and revocation of digital certificates
The components of PKI include the following:
( People, processes and technology ).
The first component we will be discussing is the “Certificate authority ( CA )”.
CA creates digital certificates
Maintains a database of issued certificates
Maintains certificate status : Good or Revoked
The revoked status includes the expired certificates, certificates revoked due to revocation requests.
And anyother status indicate an invalid certificate.
Registration authority ( RA )
Validates the identity of the certificate request
Requests certificates from the CA and distributes them to the requester
Processes revocation requests
Informs the CA of validated requests
Earlier in this module, we use the word registrar and RA somewhat interchangeably.
To be technically correct,
Note : A Registrar is a public registration authority that also acts as a Certificate Authority.
When an organization maintains its internal PKI the distinction between RA and CA it is usually more obvious in the case of the public registrar.
Certificate Revocation
Certificate Revocation informs the world that a certificate is no longer valid.
A certificate is revoked if:
It has expired
It has issued to a fraudulent requester
Its private key has been compromised
The CA tracks the certificate status. The registration authority determines whether to revoke a certificate and asks the CA to change its status.
Methods to distribute a certificate status include:
Certificate revocations list ( CRL ) : A downloadable list. This method is no longer practical.
Online certificate status protocol ( OCSP ) : Current method for real-time status queries. Three possible status values: Good, Revocked and unknown.
OCSP also provides us the information of latency and compromised privacy.
For example:
Track who visits which website.
OCSP is the best available alternative better than blindly expecting expired certificate validated by the chain of trust.
PKI Security Flaws:
PKIs significant security flaws include the following:
User failure, such as ignoring browser warnings and accepting bad certificates anyway.
Software and configuration bugs, such as failure of browsers to properly check the chain of trust or the status of certificates
Protocol attacks are common, such as Man in the Middle ( MITM ) attacks on TLS sessions
Compromise of root certificates, Certificate authorities have been hacked to issue fraudulent certificates. Some hardware and software vendors have unknowingly installed fraudulent root certificates on computers destined for end users.
Example: Iranian government attack against the Dutch registrar
DigiNotar, using bogus certificates to insert themselves between the users and Google, capturing the credentials of Gmail users and reading all their stored emails.
Proposed solution : A public Certificate Notary. The browser queries Notaries around the world for their view of the Certificate.
Keep in mind that PKI and cryptography are not “magic” and must be threat-modeled and treated with proper skepticism, just like all other security tools.
Good tool on the browser : Firefox plugin called the convergence
Module summary:
Digital Certificates:
In this topic, you learned what a digital certificate is and some of the types of digital certificates.
You also learned about the digital certificate creation process.
Public Key Infrastructure
In this topic, you learned the components of a public key infrastructure
You also learned about the weaknesses of the digital certificate trust model
Module overview and objectives
Module overview
This module provides an overview of application that use cryptographic services to secure information.
Module objectives
After completing this module, you will be able to:
Explain the types of protected channels
Identify several common data-at-rest cryptographic security applications
Identify several common data-in-motion cryptographic security applications
Protected communications
A primary use of cryptography is to protect communications.
There are three types of protected communications channels
- Authentic 2. Confidential 3. Secure
Channel name Disclosure Tamper Example
Resistance Resistant
Authentic channel Ok Message signed, not encrypted
( that means Authentic channel is tamper resistant and rarely resistant to the disclosure, sending a signed message, which is not encrypted ).
Confidential
Channel ok Message encrypted, not signed
( that means confidential channel is disclosure resistant and but not tamper resistant, sending a message encrypted but not signed ).
Secure channel ok ok. Message encrypted and signed
Earlier, we define the following,
Note: Tampering is an attack against integrity, authenticity or availability. Signing a message does not make the message fully tamper-resistant:
Signing helps ensure message integrity
Signing cannot fully ensure authenticity. It cannot protect against a replay of a previously sent message
Signing cannot ensure availability. It cannot ensure delivery or protect against denial of service
Authentic channels:
Authentic channels assure:
Integrity of the message. Proof that the message has not been modified. A digital signature or MAC provides this proof
Authenticity of the sender : anti-spoofing. Proof that the sender is legitimate, and non-repudiation of the sender’s identity
Authenticity of the message: anti-forgery. Proof that the message is legitimate, I.e , that it is not a forgery or a replay
Availability of the message: cryptography cannot ensure availability. It cannot prove delivery or receipt of the message or prevent denial of service. The protocol by which the message is delivered must have mechanisms to ensure availability.
Examples of authentic channels are:
A digitally signed email sent with a delivery receipt request.
A digitally signed PDF document with a visible version number and date-time stamp, written to a CD and delivered by a service that requires a signature upon receipt.
Confidential vs Secure:
Confidential channels are disclosure resistant
Secure channels protect against both disclosure and tampering
Often a channel is called “secure” when in reality it is only ‘confidential’
> examples: HTTPS
No availability assurance
Weak integrity assurance
Other channels can be either secure or confidential depending upon how they configured
> examples : SSH
Depends upon protocol configured and negotiated
Limited availability assurance
Not all SSH connections are necessarily confidential
Few channels are truly secure, mostly because it is difficult to assure availability
If a channel is confidential and not secure, it is essential to understand both the risks and the necessity of additional processes and controls.
Secure tunnels
Secure tunnels provide a secured point-to-point connection between two systems or networks. Examples of secure tunnels include.
( In most instances there are confidential channels ).
You can create secure tunnels in number of ways,
The most widely deployed is the Virtual private network ( VPN )
A secured connection in which the remote client network appears to be part of the host local network.
Commonly deployed protocols: IPSec , L2TP and PPTP - seriously flawed and should never be used.
Often deployed tunneling is Transport layer security ( TLS ), often called an SSL VPN
The secure replacement for secure sockets layer ( SSL )
Can be implemented with hardware appliances or with software such as Open VPN and stunnel
Another common secured channel technology
Secure Shell ( SSH )
Especially in the unix/linux world is SSH
A secure tunnel usually between a client and server, often used when a server does not support protocol-level security
An ssh tunnel is used to provide a Secure IMAP connection for a mail server that does not support IMAPS
Wireless networks
Cryptographic services plays two roles in securing wireless networks:
Authenticate users attempting to access the network
Encrypt the traffic on that network
VPNs should always be used on any public wireless network
There is no expectation of privacy on any public or unencrypted wireless network
Cryptography cannot prevent accidentally joining a rogue network but a VPN substantially protects against accidental information disclosure
Cryptographic services provide no defenses against rogue wi-fi access points or networks
Secure Application protocols
To secure communication over unsecured protocol, TLS has been bolted onto the original protocols to avoid the time and expense of creating new secure protocols
TLS provides a simple, cost-effective means to secure an existing network protocol
Examples includes the following:
For HTTP:HTTPS
For LDAP:LDAPS
For email related protocols: IMAPS, POPS and SMTPS
For VoIP networking: SIPS,SRTP and SRTCP
For IRC, Telnet and FTP: IRCS, TELNETS and FTPS
Many internet applications are developed without security.
Whole-disk encryption:
Encrypts every disk sector using symmetric encryption
Encrypts the key with the user credentials as a passphrase
User enters their credentials to unlock the drive
On laptops,
Ideally, laptop contents are unreadable if lost or stolen
Only effective if the laptop is powered off
Contents are not protected if:
Laptop is lost or stolen in sleep or hibernation mode
Users store their password or two-factor authentication device with their laptop
Hardware-based disk encryption:
The disk-driven is encrypted by its hardware
The entire drive including all boot information can be encrypted
Software-based disk encryption:
Does not encrypt the partition table, boot sectors and other boot-required information
Some systems leave an entire boot partition unencrypted
File encryption
Protects individual files
Is a feature of file editing applications
Allow file signing
Allows encrypted disk partition encryption
Supports virtual partition
File can be mounted as a disk partition
Database encryption
Common approaches to securing databases and some of their potential security issues, include:
Hardware-level disk encryption. For databases on raw partitions.
Whole-disk or file-level encryption. For databases in formatted file systems
Can leave backups and exported data unsecured
Only the media is secured, not the data in the database.
DBMS-based encryption. Example: Encrypting sensitive columns in the database.
Often leaves data exposed to malicious database queries
Server-side application-based encryption. Data is encrypted by the application querying the database. The database has no knowledge that the data is encrypted.
Might expose data in memory or over the networks
Can limit the ability to perform ad-hoc queries on encrypted data.
Client-side applications-based encryption. Data is encrypted by the client application. Neither the server nor the database knows that the data is encrypted
Might create key-managment issues.
Backups
Backups can pose a serious security risk and often contain unencrypted sensitive data, unless data is encrypted at the file level.
Backups of encrypted disks:
Produce unencrypted archives
The unencrypted files are being backed up, not the encrypted raw disk sectors
Backups of database transaction records and database archives are unencrypted, unless the records in the database itself are encrypted.
Offsite backups
Are often out of your physical control and vulnerable to unauthorized access
Theft of backups is a common risk
Be sure to encrypt every backup.
The main security issue Is key management and the solution depends on the backup system or software.
Tamper detection
Tamper detection applications detect changes to static information on a system such as operating system files.
These applications scan static information and compute a cryptographic hash for each file. Some applications provide directory-level checks as well
They help determine if static information has been modified on a system, which can provide an early alert to intrusions.
Q : The user is usually the weakest link in effective whole-disk encryption
Users might fail to fully power off a laptop when not in use, or they might store login credentials or two-factor authentication devices with their laptop. This can render whole-disk encryption worthless.
Module summary
Protected communications
In this topic, you learned about secure, authentic and confidential channels,
You also learned about tampering and some of the attacks against protected communications
Secure Data in Motion
In this topic, you learned about secure tunnels and VPNs
You also learned how cryptography can be used to secure wireless and how TLS can turn an unsecured protocol into a secured one
Subscribe to:
Posts (Atom)