Computer Security Midterm Review

Confidentiality

• preserves authorized restrictions on information access and disclosure

• protects personal privacy and proprietary information

• break: information leaked

Integrity

• guards against improper information modification or destruction

• assures system integrity or soundness

• ensures information non-repudiation and authenticity

• information and programs are changed only in a specified and authorized manner.

• break: information corrupted

Availability

• ensures timely and reliable access to and use of information

• systems work promptly and service is not denied to authorized users

• The more critical a component or service, the higher the level of availability required

• break: degraded or unavailable

Authenticity

identity setup and verification

Accountability

non-repudiation, keeps every activity traceable

Asset

• hardware, software and data

• communication facilities and networks

Vulnerability

a weak point of a system

Threat

a potential security harm to an asset

Attack

• a threat in action

• an assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system

• EX: active, passive, inside, outside

Active attacks

• replay

• masquerade (spoof)

• tamper

• denial of service (DoS)

Passive attacks

• an attempt to learn or make use of information from the system that does not affect system resources 

• sniff

Symmetric cryptography

• the encryption key = the decryption key

• also called single-key cipher

• Two requirements for secure use

  • a strong encryption algorithm

  • Sender and receiver must

    • have obtained copies of the secret key in a secure fashion

    • must keep the key secure

• the key revealed is calls compromised

Asymmetric cryptography

• also called public-key cipher

• based on mathematical functions

• asymmetric

  • use two separate but related keys

  • a public key and a private key

  • private key is never released

  • public key is made public for others to use

    • it is a challenge to distribute public keys

Components of a cipher

• provide confidentiality for transmitted and stored data

• plaintext: human readable message, text, image, audio or video

• ciphertext: human unreadable message scrambled with encryption algorithm

• encryption algorithm: performs various substitution and transformation on plaintext with an encryption key

• decryption algorithm: reverse the operations of encryption to get the original message with a decryption key

Symmetric ciphers

• AES

• DES

• Triple DES

Asymmetric ciphers

• RSA

• Diffie-Hellman

• DSS

• ECC

Find the hash code length in bits, in bytes, and in hex digits for MD5 and SHA256.

• MD5: 128 bits = 16 bytes = 32 hex digits

• SHA-256: 256 bits = 32 bytes = 64 hex digits

Steps in the non-federated digital identity model

1. An applicant applies to a CSP through an identity proofing and enrollment process. The CSP identity-proofs that applicant.

2. The applicant is enrolled into the identity service as a subscriber.

3. The claimant initiates an authentication request with the RP and the RP requests that the claimant authenticate. 

4. The claimant proves possession and control of the authenticators to the verifier function through an authentication process. 

5. An authenticated session is established between the subscriber and the RP.

Types of cards used as tokens

• Embossed

• Magnetic stripe

• Memory

• Smart (contact & contactless)

Biometric authentication

• authenticate a user based on unique physical characteristics

  • by pattern recognition

• complex and expensive compared to passwords and tokens

• typical physical characteristics:

  • Static

    • Facial characteristics, fingerprints, hand geometry

    • Retinal pattern, iris

  • Dynamic

    • Signature, voice, handwriting characteristics, typing rhythm

Criteria for bad passwords

• Too short

• Easily guessable / dictionary words

• Lack of complexity

• Reused passwords

• Predictable patterns

• Passwords found in cracking tools / rainbow tables

• No resistance against password policies

Password cracking

• Dictionary attacks

  • Develop a large dictionary of possible passwords and try each against the password file

  • Each password must be hashed using each salt value and then compared to stored hash values

• Rainbow table attacks

  • Pre-compute tables of hash values for all salts

  • A mammoth table of hash values

  • Can be countered by using a sufficiently large salt value and a sufficiently large hash length

• Password crackers exploit the fact that people choose easily guessable passwords

  • Shorter password lengths are also easier to crack

• John the Ripper

  • an Open Source password security auditing and password recovery tool

  • Uses a combination of brute-force and dictionary techniques

Relationship between User Authentication and Access Control

• A user logs in → goes through authentication.

• If authentication succeeds, the access control (AC) mechanism consults authorization (AD) policies.

• The AC system grants or denies specific requests to resources based on the user’s authenticated identity, group, roles, or attributes.

• All actions are audited.

Types of Access Control Policies

• Discretionary access control (DAC)

  • by the requestor's volition

• Mandatory access control (MAC)

  • by the requestor's clearance

  • required for military information security

• Role-based access control (RBAC)

  • by the requestor's roles

• Attribute-based access control (ABAC)

  • by related attributes of the requestor, resources and environmental conditions

Discretionary Access Control (DAC)

• restricts access to objects based on

  • the identity of subjects

  • groups to which they belong

• allow pass of access rights to other subjects

Role-Based Access Control (RBAC)

• simplifies DAC by abstracting the access rights shared by a group of subjects into role

  • roles have hierarchies

• decouples access rights from subjects → two matrixes

• typically defines a role as a job function within an organization

• a user can be assigned more than one roles statically or dynamically

  • according to the principle of least privileges

Attribute-Based Access Control (ABAC)

• defines authorizations conditioning on attributes of subjects, objects, operations and environment

• flexible and expressive

  • Allows an unlimited number of attributes to be combined to satisfy any access control rule

• capable of enforcing DAC, RBAC, and MAC concepts

Components in a relational database

• Collections of tables (relations) consisting of rows and columns

  • Each column (field, attributes) holds a particular type of data

    • Ideally has one column where all values are unique, forming an identifier/key for that row

  • Each row (record, tuple) contains a specific value for each column

• Multiple tables linked together by keys (relationship)

• Use SQL to manipulate and access the database

• Primary key

  • Uniquely identifies a row

  • Consists of one or more column names

• Foreign key

  • Links one table to attributes in another

• View/virtual table

  • Result of a query

  • often used for security purposes

Inband attack (SQLi Attack type)

• Uses the same communication channel for injecting SQL code and retrieving results

• The retrieved data are presented directly in application Web page

• Methods:

  • Tautology

    • injects code in conditional statements so that they always evaluate to true

  • End-of-line comment

    • legitimate code that follows are nullified

  • Piggybacked queries

    • adds additional queries on top of the legitimate query

Inferential attack (SQLi Attack type)

• no application Web page for showing the retrieved data

• send particular requests and observe the resulting behavior of the Website

  • e.g. error message

• Methods

  • Illegal queries: trial and error

    • find information about the type and structure of the backend database

    • a preliminary, information-gathering step for other attacks

  • Blind SQL injection: exhaustion

    • infer the data present in a database without error feedback

Out-of-Band Attack (SQLi Attack type)

• Data are retrieved using a different channel

• when there are limitations on information retrieval,

  • but outbound connectivity from the database server is lax

  • e.g. query results are sent through email

SQLi Countermeasures

• Defensive coding

  • Manual defensive coding practices

  • Parameterized query insertion

    • prepared statements

  • SQL DOM

    • a set of classes that enables automated data type validation and escaping

• Detection

  • Signature based

  • Anomaly based

  • Code analysis

• Run-time prevention

  • Check queries at runtime to see if they conform to a model of expected queries

Topics covered in TIA-492

• Network architecture, Network access control and security

• File storage, backup, and archiving

• Database management

• Web hosting, Application hosting, Content distribution

• Environmental control, Protection against physical hazards

• Power management, Electrical design, Fire safty

• System redundancy for electrical, mechanical and telecommunication

Types of Malware

• Propagation mechanisms (replication methods):

  • Infect existing files by viruses

  • Exploit software vulnerabilities by worms or drive-by-downloads

  • Social-engineer users to install Trojans or to respond to phishing attacks

• Payloads:

  • Corrupt target system/data files

  • Make the target a zombie as part of a botnet

  • Steal information/service from the target

  • Hide its presence on the victim target

Viruses components

• Infection mechanism / infection vector

  • How the virus propagates

• Trigger / logic bomb

  • When and how the virus activates or delivers its payload

• Payload

  • What the virus does (besides spreading)

    • damage or pranks

Virus Phases

• Dormant

  • Virus is idle

  • Will eventually be activated by some event

  • Not all viruses have this stage

• Trigger

  • Virus is activated to deliver its payload

  • Can be caused by a variety of system events

• Propagation

  • Virus inject a copy of itself into other programs or certain disk areas

  • May not be identical to the propagating version

  • Each infected program will enter a propagation phase

• Execution 

  • Playload is delivered

  • May be pranking or damaging

Malware Countermeasures

• Ideal solution to the threat of malware is prevention

• Four main elements of prevention:

  • Policy

  • Awareness

  • Vulnerability mitigation

  • Threat mitigation

• If prevention fails, technical mechanisms can be used to support the following threat mitigation options:

  • Detection

  • Identification

  • Removal