The document covers various security models and practices relevant to cryptography and information integrity in security engineering, including the Bell-LaPadula and Biba models, as well as the Clark-Wilson integrity model. It discusses cryptographic lifecycle management, including algorithm selection, key management, and the roles of symmetric and asymmetric encryption methods. Furthermore, it addresses denial-of-service attacks, botnets, and specific exploits, highlighting vulnerabilities in protocols like SSL and TLS.

1. http://www.enterprisegrc.com
CISSP Study Concepts for Security
Engineering and Cryptographic Lifecycle
Robin Basham, using materials from SANS, ISC2,

2. Data
classification
Operational
activities
Safeguard
selection
Separation of
duties
Management
security
responsibilities
Guidelines and
procedures
Risk assessment Policies and
standards
Security
awareness
Effective security management practices

3. Bell-LaPadula – Confidentiality model
 Only deals with confidentiality does not deal with
integrity or availability
 (NO “I” or “EYE” is CONFIDENTIAL – can’t write to
my boss’ level, subordinates who are down can’t
read my level)
 Based on Government Classification – Unclassified,
Sensitive But Unclassified (SBU), Confidential,
Secret, Top Secret
 A Trusted Subject can violate the *property
 Bell-LaPadula Security State Defined by three
properties:
 Simple Security Property (ss Property) – no reading
from lower subject to higher object (No Read Up) I
don’t see above my class
 The * (star) security Property – No writing from
higher subject to lower object (No write Down) I
don’t author to a lower level of security
 Trusted Subject can violate the star property but not its
intent
 Strong * property – no reading or writing to another level
 Discretionary Security Property – Uses Access Matrix to
specify discretionary access control
 Remember the hyphen “-” is separation of duties

4. Writing and Reading Orders - Confidentiality
 No read up – its confidential so I can’t see a command sent to my
boss
 No write down – I only need to read what my boss sends me. A
lower rank can’t see my orders. I can’t change classification to
allow them that access. We are segregated.

5. Biba Integrity Model defined by three goals
1. Integrity Data protected from
modification by unauthorized users
2. Data protected from unauthorized
modification by authorized users
3. Data is internally and externally
consistent.
Biba Integrity Model add on to BLP
 Lattice Based uses less than or equal to
relation
 A lattice structure is a set with a least upper
bound (LUB) and a greatest lower bound (GLB)
 Lattice represents a set of integrity classes (IC)
and an ordered relationship
 Lattice = (IC, LUB, GUB)

6. Integrity – who created this order – who classified this order?
Integrity Axioms
 The Simple Integrity Axiom - no
reading of lower object from higher
subject (No Read Down)
 The * (star) Integrity Axiom – No
writing from lower subject to higher
object (No write Up)
 A subject at a lower level of
integrity can not invoke a subject at
a higher level of integrity

7. Clark-Wilson Integrity Model (Integrity for
Commercial Environments)
Two elements: well formed
transaction and separation of duties.
 Developed in 1987 for use in real-
world commercial environment
 Addresses the three integrity goals
 Constrained Data Item (CDI) – A data
Item whose integrity is to be
preserved
 Integrity Verification Procedure
(IVP) – confirms that all CDIs have
integrity
 Transformation Procedure (TP) –
transforms a CDI from one integrity
state to another integrity state
 Unconstrained Data Item – data
items outside of the control area of
the modeled environment
 Requires Integrity Labels

8. Clark-Wilson Integrity Model
Information Flow Models
 Each object and subject is assigned
security class and value; info is
constrained to flow in directions that
are permitted by the security policy.
 Based on state machine and consists
of objects, state transitions and
lattice (flow policy) states.
 Object can be a user
 Each object is assigned a security
class and value
 Information is constrained to flow in
the directions permitted by the
policy
Non-interference Model
 Actions of group A using commands
C are not seen by users in Group B
using commands D

9. Cryptographic
limitations
Algorithm
selection
Protocol
governance
Key
management
CISSP Study Concepts for Cryptographic Lifecycle

10. (Selection)
Approved
cryptographic
algorithms
key sizes
Transition
plans for
weakened
compromised
algorithms
and keys
Process
crypto
systems,
standards
what / how
organization
use
cryptography
Key
Management
Generation
Escrow and
Destruction
Incident
reporting for
key loss or
compromised
cryptographic
systems
Algorithm Protocol Governance

11. Needed Component Parts to an Encryption Strategy
Symmetric for confidentiality (DES, 3DES, IDEA, RC4, AES)
Hashing for integrity (MD4, MD5, RIPEMD, SHA-1, SHA-2)
Asymmetric for authentication (RSA, El Gamal, ECC
elliptic curve crypto)
Non Repudiation is Asymmetric plus Hashing – condition
where a message is hash encrypted with the sender’s
private key

12. Relationship of Encryption to Incidents and Threats
Threats Consequences Countermeasures
Integrity  Modification of user data
 Trojan horse browser
 Modification of memory
 Modification of message traffic in transit
 Loss of information
 Compromise of machine
 Vulnerability to all other threats
 Cryptographic
 checksums
Confidentiality  Eavesdropping on the net
 Theft of info from server
 Theft of data from client
 Info about network configuration
 Info about which client talks to server
 Loss of information
 Loss of privacy
 Encryption
 Web
 proxies
Denial of
Service
 Killing of user threads
 Flooding machine with bogus requests
 Filling up disk or memory
 Isolating machine via DNS attacks
 Disruptive ($$$)
 Annoying
 Prevent user from getting work done
 Rate limiter
 IPS and rate based IPS
 Blackholing/ Sinkholing
 Clean Pipes
 Bogon Filtering
 WAN Link Failover
Authentication  Impersonation of legitimate users
 Data forgery
 Misrepresentation of user
 Belief that false
 information is valid
 Cryptographic
 techniques

13. Symmetric -
Confidentiality
• Secret Key
• Single or one key
• Requires secure channel
• Pre-shared key
• Asymmetric mode or
• Diffie Hellman Key
exchange
Asymmetric -
Authentication
• Public key crypto
• Dual or two key encryption
Hash - Integrity
• One way transformation
• No key
• Collision is when 2 inputs get
same output
Non Repudiation
• Digital Signatures
• Hash + Asymmetric
• Message hash encrypted
with sender’s private key
Elements needed for Encryption and Encryption Methods

14. Symmetric Encryption Systems
DES (Data Encryption Standard)
 DES is a block encryption algorithm using
64-bit blocks. It uses a 64 bit key 56 bits of
true key and 8 for parity. Characters are put
through 16 rounds of transposition and
substitution.
 Devised in 1972 as a derivation of the
“Lucifer” system
 DES Describes the DEA (Data Encryption
Algorithm)
 FIPS PUB 46-1 (1977) and ANSI X3.92 (1981)
 64bit blocks, 56 bit key and
 16 rounds of transformation
 Uses confusion and diffusion for encrypting
plain text.
 Confusion Conceals statistical connection
between ciphertext and plain text. Uses
non-linear substitution boxes (S-Boxes)
 Diffusion Spreads the influence of a plain
text character over many ciphertext
characters.

15. DES has 4 distinct modes of operation
Electronic Code Book (ECB) It is a block cipher Native
encryption method for DES. Electronic codebook literally
operates like a code book. For a given block of plaintext and a
given key, the same set of ciphertext is always produced. ECB
uses padding to round up to a 64 bit block boundary. ECB is used
for small amounts of data such as challenge-response or key
management. Not good for large amounts of data as patterns
would eventually show.
Cipher Block Chaining (CBC) In Cipher Block Chaining,
the value of the previous block processed is a part of the
algorithm and key for the next block, so, patterns are not
revealed. This chaining effect means that a particular ciphertext
block is dependent on all the blocks that came before it, not just
the current block.
Cipher Feedback Mode (CFB) It is a stream cipher.
Previously generated ciphertext is used as feedback into the key
generation source to develop the next keystream. This mode is
used when encrypting individual characters is required.
Output Feedback Mode (OFB) Similar to CFB, but stream
cipher functions by generating a random stream of bits to be
combined with the plaintext to create ciphertext. Requires
initialization vector. Ciphertext is fed back to the algorithm to
form a portion of the next input to encrypt the stream of bits.
DES 4 Distinct modes

16. Key Terms
Symmetric algorithm Encryption method where the sender
and receiver use an instance of the same key for
encryption and decryption purposes.
Out-of-band method Sending data through an alternate
communication channel.
Asymmetric algorithm Encryption method that uses two
different key types, public and private. Also called public
key cryptography.
Public key Value used in public key cryptography that is
used for encryption and signature validation that can be
known by all parties.
Private key Value used in public key cryptography that is
used for decryption and signature creation and known to
only key owner.
Public key cryptography Asymmetric cryptography, which
uses public and private key values for cryptographic
functions.
Block cipher Symmetric algorithm type that encrypts
chunks (blocks) of data at a time.
Diffusion Transposition processes used in encryption
functions to increase randomness.
Confusion Substitution processes used in encryption
functions to increase randomness.
Avalanche effect Algorithm design requirement so that
slight changes to the input result in drastic changes to the
output.
Stream cipher Algorithm type that generates a keystream
(random values), which is XORd with plaintext for
encryption purposes.
Keystream generator Component of a stream algorithm
that creates random values for encryption purposes.
Initialization vectors (IVs) Values that are used with
algorithms to increase randomness for cryptographic
functions.

17. Triple DES (3DES)
Encrypting plaintext with one DES key and then encrypting it
with a second DES key is no more secure than using a single DES
key, therefore, Triple DES is used to obtain stronger encryption
DES-EDE2 2 keys are used. Encrypt with 1, decrypt with 2 and
then encrypt with 1 again.
DES-EEE2 2 keys used. Encrypt with 1, encrypt with 2, encrypt
with 1.
DES-EEE3 3 keys used. Encrypt with 1, encrypt with 2, encrypt
with 3. Most secure, but requires 3 keys.

18. Advanced Encryption Standard (AES)
Uses Rjindael block cipher, specifies three key sizes; 128,
192 or 256 bit. Choice of key determines encryption level.
AES is the government standard for encrypting SBU
information. Best suited for hardware encryption.
The number of rounds of transformation is a function of
the key size used
256 bit – 14 rounds.
192 bit – 12 rounds.
128 bit – 10 rounds.

19. Symmetric Algorithms that provide bulk (data)
Encryption services only
DES and 3DES
TwoFish
 128 bit blocks in 16 rounds. Key
lengths can be up to 256 bits.
BlowFish
 A block cipher operating on 64 bit
blocks with a key length of up to 448
bits. The blocks go through 16 rounds
of crypto functions.
IDEA
 Ideas stands for International Data
Encryption Algorithm. It operates
on 64 bit blocks and uses a 128 bit
key. (cont)

20. Symmetric Algorithms that provide bulk (data) Encryption
services only
IDEA (cont)
 Performs 8 rounds on 16 bit sub-
blocks. Each 64 bit block is divided
into 16 smaller blocks and each block
has 8 rounds of mathematical
functions performed on it.
 IDEA is harder to crack than DES for
the same keysize and is used in PGP.
RC5
 Block cipher of variable block
length. Key can be 0-2048 bits,
blocks can be 32, 64 or 128 bits
and the number of rounds can be
0 – 255. Created by Ron Rivest and
patented by RSA data.

21. .
Asymmetric Encryption Algorithms – Authentication
and Public Key Crypto
RSA
 Defacto standard for
public encryption.
Invented by Ron Rivest,
Adi Shamir and Leonard
Adleman. Developed at
MIT. Security comes
from the difficulty of
factoring large numbers.
Public and private key
are functions of a pair of
large prime numbers.
RSA is used in many web
browsers with SSL.
El-Gamal
 Extends Diffie-Hellman
to apply to encryption
to digital signatures.
Based on calculating
discrete logarithms in a
finite field.
Elliptical Curve
Cryptosystem (ECC)
 Provides much of the
same functionality as
RSA Digital signatures,
secure key distribution
and encryption. ECC is
very resource efficient
– ideal for smaller
devices. ECC providers
higher protection with
smaller keys than RSA.
An ECC key of 160 bits
is equivalent to a 1024-
bit RSA key.

22. .
Asymmetric Encryption Algorithms
Public Key Cryptography
 Public key cryptography uses
asymmetric encryption for key
encryption and secret key
encryption for data. We use an
asymmetric algorithm to encrypt
the secret key.
Diffie-Hellman
 Used for key distribution, NOT
encryption and decryption.
Subjects can exchange session
keys over a non-secure medium
without exposing the keys.
Session-Key
 “Secret” key used for one data
exchange only. Usually randomly
generated then encrypted using
public cryptography

23. Public Key Infrastructure (PKI) – X.509
 PKI is an ISO authentication
framework that uses public key
cryptography and X.509 standard
protocols.
 PKI provides authentication,
confidentiality, non-repudiation
and message integrity.
 The PKI infrastructure contains the
pieces that will identify the user,
distribute and maintain keys,
distribute and maintain certificates
and allow certificate revocation.
 Each individual taking part in PKI
needs a digital signature signed by
a CA.
 Some well-known Certification
Authorities are Entrust and
VeriSign. The old method of
revocation is handled by the
certification revocation list (CRL).
 New revocation is via Online
Certificate Status Protocol OCSP

24. PKI is made up of the following entities and functions
Certification
Authorities
Registration
Authorities
Certificate
Repository
Certificate
Revocation
System
Key backup
and recovery
system
Automatic key
update
Management
of key
histories
Cross-
certification
with other CAs
Time stamping
Client side
software

25. Uses for PKI (Public Key Infrastructure)
IPSec & VPN
Authentication
General User
Authentication
Code & Driver
Signing
Wireless
Authentication
Network
Access Control
Protection
(NAC/NAP)
Digital
Signatures

26. LDAP, ISAKMP, IKE
 LDAP is the standard format for accessing certification repositories.
Availability and Integrity of LDAP servers is a concern.
 ISAKMP Internet Security Association and Key Management Protocol.
 IKE ISAKMP, Secure Key Exchange Mechanism (SKEME) and Oakley,
combined.
In general
 ISAKMP defined the phases for establishing a secure relationship
 SKEME describes a secure exchange mechanism
 Oakley defined the modes of operation needed to establish a secure
connection.

27. http://www.enterprisegrc.com
Bad Poodle

28. Can you match the exploit name to exploited protocol?
Exploit Vulnerability
A. RC4 - does not require MITM, passive sniffing or eavesdropping, also vulnerable to MITM
B. SSL 3.0 enables MITM - must be disabled, was already replaced by TLS 1.0, only works while victim is online and attacker is near
C. OpenSSL - missing bound check during TLS heartbeat, eavesdrop web, email, IM, VPN, reads system memory to get secret
keys used to encrypt traffic, names, passwords, content.
D. *NIX OS, exploited via CGI, attacker can tack-on malicious code to the environment variable
E. Factoring Attack on RSA-EXPORT - weak cipher suite SSLv3
F. TLS 1.0 browser reveals session id;java script compares block cipher msg hash and deduces IV out of CBC-steal first block before XOR
G. TLS 1.0 and SPDY Compression Ratio Info-Leak Mass Exploitation
H. Schannel - remote code execution vulnerability
D Bash Bug ShellShock
H WinShock
C Heartbleed
B POODLE (Padding Oracle On Downgraded Legacy Encryption)
E Freak
G Crime
F Beast
A Bar Mitzvah

30. Denial-of-Service Attacks
Prevents a systems from processing or responding to
legitimate traffic
Transmits data packets
Exploits a known fault in an OS, service or application
Results in system crash or CPU at 100%

31. Distributed reflective denial of service DRDoS
Reflected approach, rather than direct to victim,
manipulates traffic so that attack is reflected back to victim
from other sources
Example: DNS Poisoning and SMURF

32. Smurf and Fraggle Attacks
A smurf attack is another type of flood attack, but it floods the
victim with Internet Control Message Protocol (ICMP) echo
packets instead of with TCP SYN packets. More specifically, it is a
spoofed broadcast ping request using the IP address of the
victim as the source IP address. Ping uses ICMP to check
connectivity with remote systems.
Normally, ping sends an echo request to a single system, and the
system responds with an echo reply. However, in a smurf attack
the attacker sends the echo request out as a broadcast to all
systems on the network and spoofs the source IP address. All
these systems respond with echo replies to the spoofed IP
address, flooding the victim with traffic.

33. Smurf amplifier
 Smurf attacks take advantage of an amplifying network (also called a smurf amplifier)
by sending a directed broadcast through a router. All systems on the amplifying
network then attack the victim. However, RFC 2644, released in 1999, changed the
standard default for routers so that they do not forward directed broadcast traffic.
When administrators correctly configure routers in compliance with RFC 2644, a
network cannot be an amplifying network. This limits smurf attacks to a single
network. Additionally, it’s becoming common to disable ICMP on firewalls, routers,
and even many servers to prevent any type of attacks using ICMP. When standard
security practices are used, smurf attacks are rarely a problem today.

34. Fraggle
Fraggle attacks are similar to smurf attacks. However,
instead of using ICMP, a fraggle attack uses UDP packets
over UDP ports 7 and 19.
The fraggle attack will broadcast a UDP packet using the
spoofed IP address of the victim. All systems on the
network will then send traffic to the victim, just as with a
smurf attack.
La la, lala lah la, la la la ladi dah (smurf song)

35. Botnets
Robots or Zombies, introduced through malware, often
browser based
Allows a herder to send instructions to the computer
Examples
Gamover Zues GOZ,
CrytoLocker ransomware
Simda
Esthost DNS Changer

36. Ping of Death – Teardrop and Land Attacks
POD
Oversized packets, changes size of packets to over 64KB
Results crash, buffer overflow
Rarely successful today
Teardrop
Fragments traffic so data can’t be put back together
Land Attacks
Sends spoofed SYN packets as both source and destination

37. SSLv3 is broken
What is SSLv3
Performs a security-related function and applies
cryptographic methods, often as sequences of
cryptographic primitives.
A protocol describes how the algorithms should be used. A
sufficiently detailed protocol includes details about data
structures and representations, at which point it can be
used to implement multiple, interoperable versions of a
program.

38. What is SSL and how did it get here?
Transport Layer Security (TLS) and its predecessor, Secure
Sockets Layer (SSL), both of which are frequently referred
to as 'SSL', are cryptographic protocols designed to
provide communications security over a computer
network.

39. Security protocol (cryptographic protocol or encryption
protocol)
Cryptographic protocols are widely used for secure
application-level data transport. A cryptographic protocol
usually incorporates at least some of these aspects:
Key agreement or establishment
Entity authentication
Symmetric encryption and message authentication material
construction
Secured application-level data transport

40. Security protocol (cryptographic protocol or encryption
protocol)
 Non-repudiation methods
 Secret sharing methods
 Secure multi-party computation
 For example, Transport Layer Security (TLS) is a cryptographic
protocol that is used to secure web (HTTP/HTTPS)
connections. It has an entity authentication mechanism,
based on the X.509 system; a key setup phase, where a
symmetric encryption key is formed by employing public-key
cryptography; and an application-level data transport
function. These three aspects have important
interconnections. Standard TLS does not have non-
repudiation support.

41. Encrypted messages are exchanged
SSL client “finished” SSL Server “finished”
Server decrypts the session key
If required, SSL Server verifies client certificate
Session key exchange
SSL Client sends certificate
Client encrypts session key
SSL client sends secret key information (encrypted with server public key)
Client validates certificate and crypto
SSL Client verifies server certificate Checks cryptographic parameters
Server Responds
SSL Server sends “Hello”
Sends Server certificate & optional “client certificate
request”
Client Web Request
SSL Client sends “Hello”
SSL Client to SSL Server Encryption and Key Exchange

42. Ring Layer Protection in Computing Systems