Please enable JavaScript.
Coggle requires JavaScript to display documents.
The Art of Ensuring Integrity - Coggle Diagram
The Art of Ensuring Integrity
Types of Data Integrity Controls
Hashing Algorithms
Hashing
A tool that ensures data integrity by taking binary data (the message) and producing a fixed-length representation called the hash value or message digest
A one-way mathematical function that is relatively easy to compute, but significantly harder to reverse.
like throwing a plate on the ground and then trying to put the pieces together.
Cryptographic hash function properties
the output has a fixed length
the hash function is one way and is not reversible
the input can be any length
two different input values will always result in different hash values
Modern Algorithms
Message Digest 5 (MD5) Algorithm
a hash algorithm developed by Ron Rivest that produces a 128-bit hash value
Secure Hash Algorithm (SHA)
Developed by the US NIST and can be implemented in different strengths
SHA-256
SHA-384
SHA-224
SHA-512
Cracking Hashes
The top two attacks used to guess passwords are
Dictionary Attack
uses a file containing common words, phrases and passwords.
The file has the hashes calculated.
compares the hashes in the file with the password hashes. if a hash matches, the attacker will know a group of potentially good passwords
Brute-force Attack
Takes a lot of processor time, but it is just a matter of time before this method discovers the password.
Passwords need to be long enough to make the time to takes to execute a brute attack to long to be worth it
Attempts every possible combination of characters up to a given length
Salting
a string of random characters used to make hashing more secure
A database stores both the hash and the salt
Preventing Attacks
Salting prevents an attacker from using a dictionary attack
Lookup Tables
the pre-computed hashes of passwords in a password dictionary along with the corresponding password.
is a data structure that processes hundreds of hash lookups per second.
Reverse Lookup Tables
allows the cybercrim. to launch a diction or brute atk on many hashes w/o the pre-computed lookup table.
Rainbow Tables
sacrifice hash-cracking speed to make the lookup tables smaller
A smaller table means that the table can store the solutions to more hashes in the same amount of space
Implementing Salting
To Store a Password
Add the salt to the beginning of the password
Hash it with SHA-256
Use CSPRNG to generate a long, random salt
Save the salt and the hash as part o the user's database record
to Validate a Password
Retrieve a user's salt and hash from the database
Add the salt to the password and hash it with the same hash function
Compare the hash of the given password to the one store in the database
If the hashes do not match, the password is wrong
HMAC (Hash Message Authentication Code)
Strengthens hashing algorithms by using an additional secret key as input to the hash
HMAC goes a step further than just integrity assurance by adding authentication
Uses a specific algorithm that combines a cryptographic hash function with a secret key
can authenticate web users
Certificates
The Basics of Digital Certicates
Digital certificates enable users, hosts, and organizations to exchange information securely over the internet
A digital certificate authenicates and verifies that users sending a message are who they claim to be
a digital certificate is equivalent to an electronic passport
Digital certificates can also provide confidentiality for the receiver with the means to encrypt a reply
Constructing A Digital Certificate
Digital certificates must follow a standard structure so that any entity can read and understand it regardless of the issuer
TheX.509 is the standard for Constuction of digital certificates and the Public Key Infrastructure (PKI) used to manage digital certificates
PKI is the policies, roles, and procedures required to create, manage, distribute, use, store, and revoke digital certificates
What's inside a Digital Certificate
Issuer Name
Validity Period
Certificate Algorithm Identifier
Subject Name
Serial Number
Subject Public Key Info
Version Number
Issuer Unique ID
Subject Unique ID
Extentions
CA's Digital Signature
The Validation Process
Path Validation selects a certificate of the issuing CA for each certificate in the chain
Revocation determines whether the certificate was revoked and why
Certificate Discovery validates the certification path by checking each certificate starting at the beginning with the root CA’s certificate
Certificate Authority (CA)
issues digital certificates that authenticate the identity of organizations and users.
Digitial Signatures
Signatures and the Law
Digital Signatures provide the same purpose as handwritten signatures for electronic documents
A Digital Signature is used to determine if someone edits a document after the user signs it.
is a mathematical method used to check the authenticity and integrity of a message, digital document, or software
In many countries, digital signatures have the same legal importance as a manually signed document
the also provide repudiation
How Digital Signature Technology Works
Asymmetric cryptography is the basis for digital signatures.
Ex. a public key algorithm like RSA generates two keys: one private and the other public.
Using Digital Signautres
Code Signing
Used to verify the integrity of executable files downloaded from a vendor website.
Code signing also uses signed digital certificates to authenticate and verify the identity of the site
Digital Certificates
Used to verify the identity of an organization or individual to authenticate a vendor website and establish an encrypted connection to exchange confidential data
Signing a hash instead of the whole document provides efficiency, compatibility, and integrity.
Comparing Digital Signature Algorithms
Three Common Algorithms
DSA (Digital Signature Algorithm)
ECDSA (Elliptic Curve Digital Signature Algortihm)
RSA (Rivest-Shamir-Adleman)
Digital Signature Operations
Key Generation
Key Verification
Database Integrity Enforcement
Database Integrity
Data integrity refers to the accuracy, consistency, and reliability of data stored in a database
Databases provide an efficient way to store, retrieve, and analyze data
The Four database integrity rules or constraints are as follows
Entity Integrity
All rows must have a unique identifier called a Primary Key
Domain Integrity
All data stored in a column must follow the same format and definition
Referential Integrity
Table relationships must remain consistent.
A user cannot delete a record which is related to another one
User-defined Intgrity
A set of rules defined by a user which does not belong to one of the other categories
As data collection increases and data becomes more sensitive, it is important for cybersecurity professionals to protect the growing number of databases
Data Entry Controls
Data Field Validation Controls
Positive dollar amounts
Data ranges ensure that a user enters data within a given range (like a Birth Date)
Input masks prevent users from entering invalid data or help ensure that they enter data consistently (Like a phone #)
Mandatory second person approval (a bank teller receives a deposit or withdraw request greater than a specified value triggers a second or third approval)
Maximum record modification trigger (the number of records modified exceeds a predetermined number within a specific period of time blocks a user until a manager identifies whether or not the transactions were legitimate)
Unusual activity trigger
Mandatory input ensures that a required field contains data
Drop Down Master Data Controls
Have a drop down option for master tables instead of asking individuals to enter the data.
Database Validation
A validation rule checks that data falls within the parameters defined by the database designer.
A validation rules helps to ensure the completeness. accuracy, and consistency of data
Validation Rule Criteria
Format - checks that the data conforms to a specified format
Consistency - checks for the consistency of codes in related data items
Size - Checks the # of characters in a data item
Range - checks that data lies within a min and max value
Check Digit - provides for an extra calculation to generate a check digit for error detection
Data Type Validation
The simplest data validation and verifies that a user entering data is consistent with the type of characters expected.
Databases allow three data types: integer, string, and decimal
Anomaly Verification
refers to identifying patterns in data that do not conform to expected behavior.
These non-conforming patterns are anomalies, outliers, exceptions, aberrations, or surprises in different database applications.
Input Validation
One of the most vulnerable aspects of database integrity management is controlling the data input process.
Many well-known attacks run against a database and insert malformed data.
The attack can confuse, crash, or make the application divulge too much information to the attacker. Attackers use automated input attacks.
Database Integrity Requirements
Entity integrity is an integrity rules, which states that every table must have a primary key and that the column or columns chosen to be the primary key must be unique and not NULL
Null in a database signifies missing or unknown values.
Entity integrity enables proper organization of data for that record
In order to maintain the integrity of the database filing system, users must follow certain rules
Referential integrity which deals with foreign keys.
A foreign key in one table references a primary key in a second table.
The primary key for a table uniquely identifies entities (rows) in the table.
Referential integrity maintains the integrity of foreign keys
Tables, Records, Fields, and Data within each field make up a database
Domain Integrity ensures that all the data items in a column fall within a defined set of values.
Each column in a table has a defined set of values,
Such as the set of all numbers for credit card numbers, social security numbers, or email addresses.
Limiting the value assigned to an instance of that column (an attribute) enforces domain integrity.
Domain Integrity enforcement can be as simple as choosing the correct data type, length and/or format for a column
Maintaining proper filing is critical in maintaining the trustworthiness and usefulness of the data within the database