Information Security - CRASH COURSE

Information security

Protecting information administratively, physically, and technically in order to prevent damage, alteration, and leakage of information while being collected, processed, stored, and transmitted information.

Confidentiality (Goal of information security)

The original information is not exposed to unauthorized users while being stored and transmitted.

Integrity (Goal of information security)

The original information is maintained while sending and receiving it, without illegal creation, modification, or deletion.

Availability (Goal of information security)

Authorized users can access and use the requested information when necessary.

Authentication

A method of verifying whether the information exchanged between the sender and receiver, who are the subjects of the information, has not been altered or deleted, and whether the subjects (sender and receiver) are legitimate.

Non-repudiation

Security technology to prevent the repudiation after receiving and sending a message, by verifying the fact of message receiving/sending.

Non-repudiation of origin

The prevention of the sender's claim that the message was not received after actually receiving the message.

Non-repudiation of delivery

The prevention of the receiver’s claim that the message was not delivered after actually sending the message.

Non-repudiation of receipt

The prevention of the receiver's claim that the message was not received after actually receiving the message.

Cryptography

Largely classified into cryptographic techniques and encryption protocol techniques.

Cryptographic techniques

Can be divided into the symmetric key cryptosystem, in which the encryption key and the decryption key are the same, and the public key cryptosystem, in which the encryption key and the decryption key are different, depending on whether the encryption key and the decryption key are the same.

Cryptographic protocols

Protocols that use cryptographic techniques.

Digital signature

The method of providing both data integrity and signature authentication, by performing a hash operation on a specific document, using the signature’s private key.

Hash function (Hash algorithm)

A mathematical function that converts a random string of various sizes into a short hash value (hash code) of fixed length, then outputs it.

Malware (Malicious software)

Software designed to perform malicious actions against computers, file systems, or networks.

Worms

Malware that runs independently. This malware replicates itself and spreads to other computers.

Viruses

Malicious codes that are inserted into the code of another independent program, then make the program perform malicious behavior and spread on its own.

Trojan horse

A program with hidden codes. Although it looks like a normal program, malicious code is executed when the user executes the program.

Firewall

A security solution installed between the public network and the private network to protect the private network from the outside.

Packet filtering gateway (Firewall type)

Determines whether to pass the packet, based on a series of rules.

Proxy server (Firewall type)

Provides authentication to specific hosts to access a private network and allows them to pass the packet.

Intrusion Prevention System (IPS)

A security system that blocks intrusions in real time by detecting unauthorized and abnormal behaviors for the target system (network detection area), and by distinguishing detected illegal behavior.

Virtual Private Network (VPN)

A technology that enables to safely use access control, authentication, and confidentiality services, like a private network when using a public network, without building a physical private network between remote sites.

Single Sign On (SSO)

Enables the user to access another site without a separate authentication procedure after logging in on one site.

Web Application Firewall (WAF)

Located in front of the web server, this security solution monitors incoming traffic with the HTTP/HTTPS protocol and blocks malicious attacks detected against the web application, such as the SQL Injection attack or XSS attack, before it reaches the web server.

Network Access Control (NAC)

When at the endpoint, when a user computer attempts to access the internal network for the first time, the system checks whether the accessing user computer complies with various security policies, such as network user authentication, anti-virus program installation, etc., and controls network access according to the pre-defined security policy, when security policies are not observed.

Wireless Intrusion Prevention System (WIPS)

Automatically detects and blocks access from unauthorized wireless devices by continuously monitoring the wireless LAN operated of a specific organization, and it improves the stability of wireless LAN and enables integrated management.

Enterprise Security Management (ESM)

Designed to provide a consistent and intuitive administrator and user interface by integrating security management functions modularized by function and product.

Security Information Event Management (SIEM)

The SIEM solution establishes an early warning and monitoring system for intelligent threats, which provides correlation analysis and forensic functions in the vast information of big data, by extending the role of the existing ESM from the security domain to the entire enterprise, and by adding corporate compliance response functions, so that those threats can be traced later, instead of only collecting and analyzing logs.

Blockchain

A distributed ledger and is designed with a structure that enables network participants to store and verify data. When transactions occur, transactions that have occurred for a certain period of time (10 minutes) are collected to create a block, in order to verify transaction information, then the blocks are sequentially connected to form a chain.

FIDO (Fast Identity Online Alliance)

Established in July 2012 to set the technical (De facto) standard for the authentication method, using biometrics in the online environment. The FIDO standard separated local user authentication in the user device from remote authentication performed by the service provider's server.

UAF (Universal Authentication Framework) protocol (FIDO 1.0)

Does not store the user's personal information on the server.

U2F (Universal 2nd Factor) protocol (FIDO 1.0)

Improves security using two-factor authentication.

Network segregation

Refers to network blocking, which separates the business network from the external network in order to block illegal access from the external Internet network and to prevent the leakage of internal information.

Fraud Detection System (FDS)

A system that detects suspicious transactions and blocks abnormal financial transactions by comprehensively analyzing device information, access information, and transaction details used in electronic financial transactions.

Quantum cryptography

A cryptographic technology that utilizes the characteristics of mechanics.

Trusted Platform Module (TPM)

A standard established by the TCG (Trusted Computing Group), an international industry standard organization, to overcome the limitations of security technology that only operates with software. This module provides a strong security environment that stores important data that requires security in a secure space separated by hardware, such as the encrypted key, password, digital certificate.

De-identification

The process or method of converting data in such way that an individual cannot be identified.

Re-identification

The process or method of identifying an individual from the de-identified data by combining, analyzing, and processing it with other information.

EU-GDPR (General Data Protection Regulation)

The personal information protection law of the EU (European Union) that took effect from May 25, 2018.

Encryption

The process of converting plain text, which can be seen by anyone, into an incomprehensible form of ciphertext.

Decryption

The process of converting ciphertext back into plaintext, so that it can be understood.

Cryptographic algorithm

The mathematical function used in encryption and decryption processes. The cryptographic algorithm uses a key to perform encryption and decryption.

Private key cryptographic algorithm (Secret key encryption algorithm)

The encryption key used for encryption and the decryption key used for decryption are the same, and that the length of the key may be short, and the speed of encryption and decryption operations is fast.

Block cipher algorithm

Performs the encryption and decryption process, using the cryptographic algorithm that transforms fixed size input blocks into fixed size output blocks using a secret key.

Differential attack (Block cipher attack)

A method of attack on the selected plaintext. This attack technique finds the key used for encryption by using the bit difference of the ciphertext blocks, which corresponds to the difference of two plaintext blocks.

Linear attack (Block cipher attack)

A method of attacking plaintext. This attack technique finds the encryption key by properly linearizing a nonlinear structure inside a cryptographic algorithm.

Brute force attack (Block cipher attack)

An attack technique that finds the encryption key by comparing plaintext and ciphertext by using all possible encryption keys used for encryption.

Statistical attack (Block cipher attack)

An attack technique that decrypts ciphertext using all known statistical data, including statistical data on the frequency of each word used in ciphertext.

Mathematical analysis (Block cipher attack)

An attack technique that decrypts ciphertext using mathematical theories, including statistical methods.

Stream cipher

A method where ciphertext is created by the bitwise XOR operation of the plaintext bit string, and the bit string of the key.

Public key cryptographic algorithm

The sender and receiver use different keys to establish secret communication. The sender encrypts data, using the receiver's public key, and sends the result over the network. The receiver decrypts the encrypted data, using the private key that matches the receiver's public key, to restore the plain text.

Public key

A key that each user discloses and will be used to send data to them.

Private key

A key that can decrypt the information encrypted by their public key, held by the user.

RSA (Rivest, Shamir and Adleman)

A public key cryptosystem used for encryption and authentication. The safety of this system is based on the difficulty of factoring a large integer.

ElGamal

The first public key cryptographic algorithm, based on the difficulty of the discrete algebra problem. When a message is encrypted with ElGamal, its length is doubled. However, different ciphertext is created each time, even though the same message is encrypted because random numbers are used for encryption.

ECC (Elliptic Curve Cryptosystem)

An encryption system based on the discrete logarithm problem on the elliptic curve. Since its safety is high and its speed is fast, it draws attention as a new public key encryption system.

Pre-image resistance (Hash property)

When y is given, it is difficult to find x where h(x)=y.

2nd pre-image resistance (Hash property)

Given h(x)=y, it is difficult to find x where h(x’)=y (however, x#x)).

Collision resistance (Hash property)

It is difficult to find x and x’ (however, x#x’) where h(x)=h(x’).

MD5 (Message Digest Algorithm 5)

A 128-bit hash function used for testing the integrity of the program or file.

SHA (Secure Hash Algorithm)

A set of interlinked hash functions. It was first designed by the National Security Agency (NSA) in 1993.

Salt (Hash function context)

An arbitrary bit string that is added when a hash function generates a hash value.

Salting (Hash function context)

To generate a hash value by adding a bit string to the original message.

Checksum

A type of duplicate test, tests integrity by adding data to obtain a checksum, converting it into a certain bit value, then adding it to the message.

Cyclic Redundancy Check (CRC)

Mainly used as a method of verifying transmission data errors in the communication system, such as the Internet. A checksum is calculated at the sending side, based on polynomials that are easy to detect and corrected errors, and it is sent after adding it to the header.

Message Authentication Code (MAC)

When the sender calculates the hash value using the message as an input, it becomes a message authentication code. If this message authentication code is sent together with the message, the receiver can be confident that the message has not been tampered during transmission.

Password-Based Encryption (PBE)

The hash value, which is obtained by entering the result of combining the password and salt (random number generated using a pseudo-random number generator) into the hash function, is used as an encryption key.

User authentication

Refers to a function that enables the user to prove their identity to the other party over the network.

Message authentication

To check whether the contents of the transmitted message have the original information and are not altered or modified.

Knowledge-based authentication

This method is based on the user's information (“What you know’), and uses various means, such as a PIN (Personal Identification Number), password, account number, etc.

Ownership-based authentication

This method is based on the user's possessions (“What you have’), and uses various means, such as anOTP (One Time Password), smart card, card key, etc.

Presence-based authentication

This method is based on the user’s body or characteristics of their body (“What you are’), and uses various means, such as iris recognition, fingerprint recognition, voice recognition, and face recognition.

One Time Password (OTP)

One of the methods used by the authentication system to authenticate users. This authentication technology uses a one-time password generator that generates and inputs a one-time password for each session.

Challenge-response OTP (Synchronous OTP)

An authentication server generates a random number and sends it to the client, and the client generates a one-time password using the random number as an input value.

Time-synchronous OTP

The authentication server and the client are synchronized, and a one-time password is created by using the time as an input value.

Event-synchronous OTP (Asynchronous OTP)

The authentication count record is shared with the authentication server, and a one-time password is created by using the authentication count as an input value.

Biometric authentication

Authentication technology to extract the measurable physical or behavioral features of a person, using an automated sensor, and to use it as a means of authentication.

Multi-factor authentication

A method of improving the security of authentication by combining multiple authentication technologies to supplement the weakness of a single authentication method.

Electronic signature

A technology that enables the user to sign on an electronic document using the authentication function of encryption technology. The effect of an electronic signature can be obtained by authenticating the identity of the signer, by using the authentication function of the public key cryptographic technique, while authenticating an electronic document to be signed at the same time.

PKI (Public Key Infrastructure)

An infrastructure for managing the public key, which is an essential element for encryption and authentication required for secure transactions. This infrastructure safely distributes encryption and decryption keys, as well as certificates that provide information security services.

Policy Approval Authority (PAA) (PKI component)

Creating and setting up policies and procedures comprehensively used for PKI (Ministry of Security and Public Administration).

Policy Certification Authority (PCA) (PKI component)

Establishing detailed policies for the policy approved by the PAA (Korea Internet & Security Agency).

Certification Authority (CA) (PKI component)

Issuing user's public key certificates and managing the list of revoked certificates (Korea Information Certificate Authority, Koscom, Korea Financial Telecommunications and Clearings Institute, Korea Electronic Certification Authority, KTNET).

Registration Authority (RA) (PKI component)

Doing business for certification authorities and receiving public certificate registration applications (banks, securities companies).

Certificate holder (PKI component)

The owner of the public key certificate who receives a certificate, and signs and encrypts electronic documents.

User (PKI component context)

A user who verifies the authentication path and electronic signature, using the public key of the certification authority.

Public key certificate and CRL repository (PKI component)

Using the certificate standard that complies with the X.509 v3 standard. An electronic file that proves the relationship between the electronic signature verification key and the key owner. A CRL repository to manage the list of revoked certificates.

Session key (PKI context)

A one-time secret key, generated by the sender, to apply the secret key system to the message.

Electronic envelope (PKI context)

The encrypted session key, which is encrypted using the public key of the receiver to safely transmit it.

CRL (Certificate Revocation List)

Refers to the list of certificates revoked by the CA. The list contains the serial number, the revocation date, and the reasons for revocation.

OCSP (Online Certificate Status Protocol)

This protocol makes up for the shortcomings that the CRL should be periodically updated. When the user attempts to gain access, the OCSP protocol immediately answers the validity of the certificate by requesting certificate status information in real time.

Access control

Refers to the task of controlling who can access a system, and which task the user can perform when the user interacts with the system.

Identification (Access control)

A process of identifying a subject using its unique token, that is, a process where the system identifies the subject. (e.g., ID, employee card, biometrics).

Authentication (Access control context)

A process where the subject verifies its identity to the system, that is, a process where the system acknowledges the user who claims his/her identity (e.g., password (knowledge-based), certificate (ownership-based), OTP (ownership-based), biometrics (presence-based)).

Authorization (Access control)

A process when the system controls the task and object, which can be performed and accessed by the authenticated user (e.g, mandatory access control, discretionary access control, role-based access control).

Minimum privilege policy ("Need-to-know" policy)

System subjects should use the minimum amount of information that is needed for their activities.

Maximum privilege policy

This policy is based on the principle of maximum availability that is applied to increase the benefits of data sharing. That is, this policy can be effectively applied to the case when no special protection is needed, due to the high reliability of data exchange with the user.

Mandatory Access Control (MAC)

A security level is given to the subject and a security label is given to the object. Then, it is determined whether the subject in question can access the object, according to the predetermined rule.

Discretionary Access Control (DAC)

Access to an object is controlled by the identity of the subject’s account or the account’s belonging group. The owner of the object determines access permission.