Paying forward, this deck summarizes key concepts we need to be successful in IT Operations and security, focus is cryptographic controls and their relationship to cryptographic exploits. Please refer to the Networking and Security deck to better understand reference to layers and their associated protocols.
3. Bell-LaPadula – Confidentiality model
Only deals with confidentiality does not deal with
integrity or availability
(NO “I” or “EYE” is CONFIDENTIAL – can’t write to
my boss’ level, subordinates who are down can’t
read my level)
Based on Government Classification – Unclassified,
Sensitive But Unclassified (SBU), Confidential,
Secret, Top Secret
A Trusted Subject can violate the *property
Bell-LaPadula Security State Defined by three
properties:
Simple Security Property (ss Property) – no reading
from lower subject to higher object (No Read Up) I
don’t see above my class
The * (star) security Property – No writing from
higher subject to lower object (No write Down) I
don’t author to a lower level of security
Trusted Subject can violate the star property but not its
intent
Strong * property – no reading or writing to another level
Discretionary Security Property – Uses Access Matrix to
specify discretionary access control
Remember the hyphen “-” is separation of duties
4. Writing and Reading Orders - Confidentiality
No read up – its confidential so I can’t see a command sent to my
boss
No write down – I only need to read what my boss sends me. A
lower rank can’t see my orders. I can’t change classification to
allow them that access. We are segregated.
5. Biba Integrity Model defined by three goals
1. Integrity Data protected from
modification by unauthorized users
2. Data protected from unauthorized
modification by authorized users
3. Data is internally and externally
consistent.
Biba Integrity Model add on to BLP
Lattice Based uses less than or equal to
relation
A lattice structure is a set with a least upper
bound (LUB) and a greatest lower bound (GLB)
Lattice represents a set of integrity classes (IC)
and an ordered relationship
Lattice = (IC, LUB, GUB)
6. Integrity – who created this order – who classified this order?
Integrity Axioms
The Simple Integrity Axiom - no
reading of lower object from higher
subject (No Read Down)
The * (star) Integrity Axiom – No
writing from lower subject to higher
object (No write Up)
A subject at a lower level of
integrity can not invoke a subject at
a higher level of integrity
7. Clark-Wilson Integrity Model (Integrity for
Commercial Environments)
Two elements: well formed
transaction and separation of duties.
Developed in 1987 for use in real-
world commercial environment
Addresses the three integrity goals
Constrained Data Item (CDI) – A data
Item whose integrity is to be
preserved
Integrity Verification Procedure
(IVP) – confirms that all CDIs have
integrity
Transformation Procedure (TP) –
transforms a CDI from one integrity
state to another integrity state
Unconstrained Data Item – data
items outside of the control area of
the modeled environment
Requires Integrity Labels
8. Clark-Wilson Integrity Model
Information Flow Models
Each object and subject is assigned
security class and value; info is
constrained to flow in directions that
are permitted by the security policy.
Based on state machine and consists
of objects, state transitions and
lattice (flow policy) states.
Object can be a user
Each object is assigned a security
class and value
Information is constrained to flow in
the directions permitted by the
policy
Non-interference Model
Actions of group A using commands
C are not seen by users in Group B
using commands D
11. Needed Component Parts to an Encryption Strategy
Symmetric for confidentiality (DES, 3DES, IDEA, RC4, AES)
Hashing for integrity (MD4, MD5, RIPEMD, SHA-1, SHA-2)
Asymmetric for authentication (RSA, El Gamal, ECC
elliptic curve crypto)
Non Repudiation is Asymmetric plus Hashing – condition
where a message is hash encrypted with the sender’s
private key
12. Relationship of Encryption to Incidents and Threats
Threats Consequences Countermeasures
Integrity Modification of user data
Trojan horse browser
Modification of memory
Modification of message traffic in transit
Loss of information
Compromise of machine
Vulnerability to all other threats
Cryptographic
checksums
Confidentiality Eavesdropping on the net
Theft of info from server
Theft of data from client
Info about network configuration
Info about which client talks to server
Loss of information
Loss of privacy
Encryption
Web
proxies
Denial of
Service
Killing of user threads
Flooding machine with bogus requests
Filling up disk or memory
Isolating machine via DNS attacks
Disruptive ($$$)
Annoying
Prevent user from getting work done
Rate limiter
IPS and rate based IPS
Blackholing/ Sinkholing
Clean Pipes
Bogon Filtering
WAN Link Failover
Authentication Impersonation of legitimate users
Data forgery
Misrepresentation of user
Belief that false
information is valid
Cryptographic
techniques
13. Symmetric -
Confidentiality
• Secret Key
• Single or one key
• Requires secure channel
• Pre-shared key
• Asymmetric mode or
• Diffie Hellman Key
exchange
Asymmetric -
Authentication
• Public key crypto
• Dual or two key encryption
Hash - Integrity
• One way transformation
• No key
• Collision is when 2 inputs get
same output
Non Repudiation
• Digital Signatures
• Hash + Asymmetric
• Message hash encrypted
with sender’s private key
Elements needed for Encryption and Encryption Methods
14. Symmetric Encryption Systems
DES (Data Encryption Standard)
DES is a block encryption algorithm using
64-bit blocks. It uses a 64 bit key 56 bits of
true key and 8 for parity. Characters are put
through 16 rounds of transposition and
substitution.
Devised in 1972 as a derivation of the
“Lucifer” system
DES Describes the DEA (Data Encryption
Algorithm)
FIPS PUB 46-1 (1977) and ANSI X3.92 (1981)
64bit blocks, 56 bit key and
16 rounds of transformation
Uses confusion and diffusion for encrypting
plain text.
Confusion Conceals statistical connection
between ciphertext and plain text. Uses
non-linear substitution boxes (S-Boxes)
Diffusion Spreads the influence of a plain
text character over many ciphertext
characters.
15. DES has 4 distinct modes of operation
Electronic Code Book (ECB) It is a block cipher Native
encryption method for DES. Electronic codebook literally
operates like a code book. For a given block of plaintext and a
given key, the same set of ciphertext is always produced. ECB
uses padding to round up to a 64 bit block boundary. ECB is used
for small amounts of data such as challenge-response or key
management. Not good for large amounts of data as patterns
would eventually show.
Cipher Block Chaining (CBC) In Cipher Block Chaining,
the value of the previous block processed is a part of the
algorithm and key for the next block, so, patterns are not
revealed. This chaining effect means that a particular ciphertext
block is dependent on all the blocks that came before it, not just
the current block.
Cipher Feedback Mode (CFB) It is a stream cipher.
Previously generated ciphertext is used as feedback into the key
generation source to develop the next keystream. This mode is
used when encrypting individual characters is required.
Output Feedback Mode (OFB) Similar to CFB, but stream
cipher functions by generating a random stream of bits to be
combined with the plaintext to create ciphertext. Requires
initialization vector. Ciphertext is fed back to the algorithm to
form a portion of the next input to encrypt the stream of bits.
DES 4 Distinct modes
16. Key Terms
Symmetric algorithm Encryption method where the sender
and receiver use an instance of the same key for
encryption and decryption purposes.
Out-of-band method Sending data through an alternate
communication channel.
Asymmetric algorithm Encryption method that uses two
different key types, public and private. Also called public
key cryptography.
Public key Value used in public key cryptography that is
used for encryption and signature validation that can be
known by all parties.
Private key Value used in public key cryptography that is
used for decryption and signature creation and known to
only key owner.
Public key cryptography Asymmetric cryptography, which
uses public and private key values for cryptographic
functions.
Block cipher Symmetric algorithm type that encrypts
chunks (blocks) of data at a time.
Diffusion Transposition processes used in encryption
functions to increase randomness.
Confusion Substitution processes used in encryption
functions to increase randomness.
Avalanche effect Algorithm design requirement so that
slight changes to the input result in drastic changes to the
output.
Stream cipher Algorithm type that generates a keystream
(random values), which is XORd with plaintext for
encryption purposes.
Keystream generator Component of a stream algorithm
that creates random values for encryption purposes.
Initialization vectors (IVs) Values that are used with
algorithms to increase randomness for cryptographic
functions.
17. Triple DES (3DES)
Encrypting plaintext with one DES key and then encrypting it
with a second DES key is no more secure than using a single DES
key, therefore, Triple DES is used to obtain stronger encryption
DES-EDE2 2 keys are used. Encrypt with 1, decrypt with 2 and
then encrypt with 1 again.
DES-EEE2 2 keys used. Encrypt with 1, encrypt with 2, encrypt
with 1.
DES-EEE3 3 keys used. Encrypt with 1, encrypt with 2, encrypt
with 3. Most secure, but requires 3 keys.
18. Advanced Encryption Standard (AES)
Uses Rjindael block cipher, specifies three key sizes; 128,
192 or 256 bit. Choice of key determines encryption level.
AES is the government standard for encrypting SBU
information. Best suited for hardware encryption.
The number of rounds of transformation is a function of
the key size used
256 bit – 14 rounds.
192 bit – 12 rounds.
128 bit – 10 rounds.
19. Symmetric Algorithms that provide bulk (data)
Encryption services only
DES and 3DES
TwoFish
128 bit blocks in 16 rounds. Key
lengths can be up to 256 bits.
BlowFish
A block cipher operating on 64 bit
blocks with a key length of up to 448
bits. The blocks go through 16 rounds
of crypto functions.
IDEA
Ideas stands for International Data
Encryption Algorithm. It operates
on 64 bit blocks and uses a 128 bit
key. (cont)
20. Symmetric Algorithms that provide bulk (data) Encryption
services only
IDEA (cont)
Performs 8 rounds on 16 bit sub-
blocks. Each 64 bit block is divided
into 16 smaller blocks and each block
has 8 rounds of mathematical
functions performed on it.
IDEA is harder to crack than DES for
the same keysize and is used in PGP.
RC5
Block cipher of variable block
length. Key can be 0-2048 bits,
blocks can be 32, 64 or 128 bits
and the number of rounds can be
0 – 255. Created by Ron Rivest and
patented by RSA data.
21. .
Asymmetric Encryption Algorithms – Authentication
and Public Key Crypto
RSA
Defacto standard for
public encryption.
Invented by Ron Rivest,
Adi Shamir and Leonard
Adleman. Developed at
MIT. Security comes
from the difficulty of
factoring large numbers.
Public and private key
are functions of a pair of
large prime numbers.
RSA is used in many web
browsers with SSL.
El-Gamal
Extends Diffie-Hellman
to apply to encryption
to digital signatures.
Based on calculating
discrete logarithms in a
finite field.
Elliptical Curve
Cryptosystem (ECC)
Provides much of the
same functionality as
RSA Digital signatures,
secure key distribution
and encryption. ECC is
very resource efficient
– ideal for smaller
devices. ECC providers
higher protection with
smaller keys than RSA.
An ECC key of 160 bits
is equivalent to a 1024-
bit RSA key.
22. .
Asymmetric Encryption Algorithms
Public Key Cryptography
Public key cryptography uses
asymmetric encryption for key
encryption and secret key
encryption for data. We use an
asymmetric algorithm to encrypt
the secret key.
Diffie-Hellman
Used for key distribution, NOT
encryption and decryption.
Subjects can exchange session
keys over a non-secure medium
without exposing the keys.
Session-Key
“Secret” key used for one data
exchange only. Usually randomly
generated then encrypted using
public cryptography
23. Public Key Infrastructure (PKI) – X.509
PKI is an ISO authentication
framework that uses public key
cryptography and X.509 standard
protocols.
PKI provides authentication,
confidentiality, non-repudiation
and message integrity.
The PKI infrastructure contains the
pieces that will identify the user,
distribute and maintain keys,
distribute and maintain certificates
and allow certificate revocation.
Each individual taking part in PKI
needs a digital signature signed by
a CA.
Some well-known Certification
Authorities are Entrust and
VeriSign. The old method of
revocation is handled by the
certification revocation list (CRL).
New revocation is via Online
Certificate Status Protocol OCSP
24. PKI is made up of the following entities and functions
Certification
Authorities
Registration
Authorities
Certificate
Repository
Certificate
Revocation
System
Key backup
and recovery
system
Automatic key
update
Management
of key
histories
Cross-
certification
with other CAs
Time stamping
Client side
software
25. Uses for PKI (Public Key Infrastructure)
IPSec & VPN
Authentication
General User
Authentication
Code & Driver
Signing
Wireless
Authentication
Network
Access Control
Protection
(NAC/NAP)
Digital
Signatures
26. LDAP, ISAKMP, IKE
LDAP is the standard format for accessing certification repositories.
Availability and Integrity of LDAP servers is a concern.
ISAKMP Internet Security Association and Key Management Protocol.
IKE ISAKMP, Secure Key Exchange Mechanism (SKEME) and Oakley,
combined.
In general
ISAKMP defined the phases for establishing a secure relationship
SKEME describes a secure exchange mechanism
Oakley defined the modes of operation needed to establish a secure
connection.
28. Can you match the exploit name to exploited protocol?
Exploit Vulnerability
A. RC4 - does not require MITM, passive sniffing or eavesdropping, also vulnerable to MITM
B. SSL 3.0 enables MITM - must be disabled, was already replaced by TLS 1.0, only works while victim is online and attacker is near
C. OpenSSL - missing bound check during TLS heartbeat, eavesdrop web, email, IM, VPN, reads system memory to get secret
keys used to encrypt traffic, names, passwords, content.
D. *NIX OS, exploited via CGI, attacker can tack-on malicious code to the environment variable
E. Factoring Attack on RSA-EXPORT - weak cipher suite SSLv3
F. TLS 1.0 browser reveals session id;java script compares block cipher msg hash and deduces IV out of CBC-steal first block before XOR
G. TLS 1.0 and SPDY Compression Ratio Info-Leak Mass Exploitation
H. Schannel - remote code execution vulnerability
D Bash Bug ShellShock
H WinShock
C Heartbleed
B POODLE (Padding Oracle On Downgraded Legacy Encryption)
E Freak
G Crime
F Beast
A Bar Mitzvah
29.
30. Denial-of-Service Attacks
Prevents a systems from processing or responding to
legitimate traffic
Transmits data packets
Exploits a known fault in an OS, service or application
Results in system crash or CPU at 100%
31. Distributed reflective denial of service DRDoS
Reflected approach, rather than direct to victim,
manipulates traffic so that attack is reflected back to victim
from other sources
Example: DNS Poisoning and SMURF
32. Smurf and Fraggle Attacks
A smurf attack is another type of flood attack, but it floods the
victim with Internet Control Message Protocol (ICMP) echo
packets instead of with TCP SYN packets. More specifically, it is a
spoofed broadcast ping request using the IP address of the
victim as the source IP address. Ping uses ICMP to check
connectivity with remote systems.
Normally, ping sends an echo request to a single system, and the
system responds with an echo reply. However, in a smurf attack
the attacker sends the echo request out as a broadcast to all
systems on the network and spoofs the source IP address. All
these systems respond with echo replies to the spoofed IP
address, flooding the victim with traffic.
33. Smurf amplifier
Smurf attacks take advantage of an amplifying network (also called a smurf amplifier)
by sending a directed broadcast through a router. All systems on the amplifying
network then attack the victim. However, RFC 2644, released in 1999, changed the
standard default for routers so that they do not forward directed broadcast traffic.
When administrators correctly configure routers in compliance with RFC 2644, a
network cannot be an amplifying network. This limits smurf attacks to a single
network. Additionally, it’s becoming common to disable ICMP on firewalls, routers,
and even many servers to prevent any type of attacks using ICMP. When standard
security practices are used, smurf attacks are rarely a problem today.
34. Fraggle
Fraggle attacks are similar to smurf attacks. However,
instead of using ICMP, a fraggle attack uses UDP packets
over UDP ports 7 and 19.
The fraggle attack will broadcast a UDP packet using the
spoofed IP address of the victim. All systems on the
network will then send traffic to the victim, just as with a
smurf attack.
La la, lala lah la, la la la ladi dah (smurf song)
35. Botnets
Robots or Zombies, introduced through malware, often
browser based
Allows a herder to send instructions to the computer
Examples
Gamover Zues GOZ,
CrytoLocker ransomware
Simda
Esthost DNS Changer
36. Ping of Death – Teardrop and Land Attacks
POD
Oversized packets, changes size of packets to over 64KB
Results crash, buffer overflow
Rarely successful today
Teardrop
Fragments traffic so data can’t be put back together
Land Attacks
Sends spoofed SYN packets as both source and destination
37. SSLv3 is broken
What is SSLv3
Performs a security-related function and applies
cryptographic methods, often as sequences of
cryptographic primitives.
A protocol describes how the algorithms should be used. A
sufficiently detailed protocol includes details about data
structures and representations, at which point it can be
used to implement multiple, interoperable versions of a
program.
38. What is SSL and how did it get here?
Transport Layer Security (TLS) and its predecessor, Secure
Sockets Layer (SSL), both of which are frequently referred
to as 'SSL', are cryptographic protocols designed to
provide communications security over a computer
network.
39. Security protocol (cryptographic protocol or encryption
protocol)
Cryptographic protocols are widely used for secure
application-level data transport. A cryptographic protocol
usually incorporates at least some of these aspects:
Key agreement or establishment
Entity authentication
Symmetric encryption and message authentication material
construction
Secured application-level data transport
40. Security protocol (cryptographic protocol or encryption
protocol)
Non-repudiation methods
Secret sharing methods
Secure multi-party computation
For example, Transport Layer Security (TLS) is a cryptographic
protocol that is used to secure web (HTTP/HTTPS)
connections. It has an entity authentication mechanism,
based on the X.509 system; a key setup phase, where a
symmetric encryption key is formed by employing public-key
cryptography; and an application-level data transport
function. These three aspects have important
interconnections. Standard TLS does not have non-
repudiation support.
41. Encrypted messages are exchanged
SSL client “finished” SSL Server “finished”
Server decrypts the session key
If required, SSL Server verifies client certificate
Session key exchange
SSL Client sends certificate
Client encrypts session key
SSL client sends secret key information (encrypted with server public key)
Client validates certificate and crypto
SSL Client verifies server certificate Checks cryptographic parameters
Server Responds
SSL Server sends “Hello”
Sends Server certificate & optional “client certificate
request”
Client Web Request
SSL Client sends “Hello”
SSL Client to SSL Server Encryption and Key Exchange