Please enable JavaScript.
Coggle requires JavaScript to display documents.
IS613: Cybersecurity Technology and Applications - Coggle Diagram
IS613: Cybersecurity Technology and Applications
TCP/IP:
A
pplication
T
ransport
N
etwork
D
ata Link
P
hysical
Router
(within the Network)
Security properties:
CIA triad
4As, 1NR
Can we hide?
Security by Obscurity
Kerckhoff’s Principle
Trade-offs:
Security-Functionality-Usability
Security-Peformance-Compatibility
Vulnerability: Weakness
Threat: Consequence (STRIDE)
Controls (3As, 3Cs, 1E, 1I, 2S)
8 Bits = 1 Byte
ASCII:
Uses a 7-bit binary system
Highest place value for conversion is 64, followed by 32, 16, 8, 4, 2, and 1
E.g., Convert Binary to Decimal:
B: Binary - 1000010
Using base 2, (1 x 2^6) + (1 x 2^1) = 66
Hexadecimal: Base 16 number system
0 – 9,
A – F (9 – 15)
E.g., Convert 0xA7 to Binary:
0xA7 = 1010 0111
Data Security
Encryption approaches:
Substitution (e.g., Caesar Cipher, One-Time Pad)
Shuffle / Permutation
Symmetric encryption:
Data Encryption Standard (DES) — key: 56 bits
Advanced Encryption Standard (AES) —
key: 128, 192, 256 bits; block: 128 bits
AES:
2 modes: ECB, CBC (introduce randomness using an Initial Vector, IV) — In the case of a single block message, ECB and CBC are equivalent
Efficiency (speed) — ECB: Parallel; CBC: Encryption must be done in sequence / Decryption only can be done in parallel
Error propagation — ECB: Both no; CBC: Both yes
Limitation:
Key distribution
Key management — Not scalable
Asymmetric encryption (RSA) — key: 2048, 4096 bits
Encryption (Public): C = M^e mod n
n = pq, where p and q are really large primes
e co-prime (p-1)(q-1)
Decryption (Private): C^d mod n
d, s.t. d x e ≡ 1 mod (p-1)(q-1)
Limitation:
0 ≤ M < n
Computationally expensive: n, e, d
Can be attacked by Chosen Plaintext attack
Solution: RSA with random padding
Encryption of M: C = (R || M)^e mod n
Decryption of C: (R || M) = C^d mod n
where, 0 ≤ (R || M) < n
Hybrid encryption
Encryption:
Random session AES k
Encrypt M with k
Use receiver's
RSA (n, e)
to encrypt k
Send both encryption
Decryption:
Use
RSA d
to decrypt k
Decrypt using k to get M
Cryptoanalysis:
Ciphertext-only (frequency analysis)
Known plaintext
Chosen plaintext
Chosen ciphertext
Communication Security
Objective:
Integrity
Authentication
Hash function, H():
One way
Fixed length
Collision resistant
MD2, MD4, MD5: 128 bits
SHA-0 , SHA-1: 160 bits
SHA-2: 224, 256, 384, 512 bits
HMAC (symmetric
proof
):
HMAC(M) = H(k ⊕ opad || H(k ⊕ ipad || M))
The same key is used for AES symmetric encryption; the secret k can be shared using RSA encryption
Sends (M, HMAC(M)) to receiver
Compute HMAC(M received)
Verify if HMAC(M received) = HMAC(M)
to achieve...
Digital Signature:
Sender computes sig = H(M^d) mod n using the
sender's private key d
Sends both (M, sig) over a public channel
Receiver computes H(M received) and H(M) = sig^e mod n using the
sender's public key (n, e)
Verify if H(M received) = H(M)
If H() is not applied:
An attacker can compute message M as M = sige mod n, since sig, n and e are all public.
Also, without the fixed length property, a message can exceed the modulus (n). In this case the message may be sent in chunks of message-signature blocks => An attacker can re-order these chunks
also, non-repudiation
Public Key Infrastructure (PKI):
Central Authorities (CAs) endorse the public keys of users and servers by signing with the CA's private key
Client (receiver) verifies using the CA's public key
Digital Certificate:
Serial no.
Subject identifier
Owner's public key info
Issuer's identifier
CA's signature
Validity period
Also checks against:
Trusted CA list — verification of CA certs along a chain until it reaches a trusted CA cert
Certificate Revocation List (CRL)
Online Cert Status Protocol (OCSP)
Transport layer runs in 2 phases:
Handshake: Hello, certificate request, key exchange (Hybrid), verification, negotiated cipher
Encryption and/or Authentication
Handshake has a similar process to PGP
Email security:
Pretty Good Privacy (PGP) — uses digital signature and hybrid encryption based on Web of Trust model
Secure/Multi-purpose Internet Mail Extensions (S/MIME)
User Authentication
Weak authentication: Reveal shared secret
Encrypt password in server:
Salt (usually user ID) + HMAC (password as key)
Can add an arbitrary message or randomize the salt value to make it more secure
Limitation:
Must use encrypted channel
Subject to replay attacks
Strong authentication: Do not reveal shared secret, but prove you know the secret
Time-stamp protocol:
Sender sends R = Enck(T) / Hashk(T)
Server verifies T = Deck(R) with its own clock reading T', i.e., |T' - T| < window size
Still subjected to eavesdropping / replay attack within the time window
Challenge-response protocol:
Server sends sender a random challenge C
Sender sends Rb = Enck(C) / Hashk(C)
Server computes Rs and verifies if Rs = Rb
Attack scenarios:
Communication channel: Eavesdropping, Reply
Server: Online / Offline, Password file (Brute-force / Dictionary)
Client: Key logger, Malware
Authorization
Discretionary Access Control (DAC): The access rights are at the discretion of the resource owner
Access Control List (ACL): In ACL, each object (e.g. a file) is associated with users and their access rights on the object
Role-Based Access Control (RBAC): The access rights are defined according to the users' roles
User-role relationship changes over time
Role-permission relationship is relatively stable
Network Security
A network packet contains:
IP addresses
Port numbers — specifies application running in the computer
Payload
Router
Denial of Service (DoS) Attack:
Overwhelm the victim to the point of unresponsiveness
Firewalls:
Blocks and allows traffic through, based on pre-defined rules / pattern-recongition
Host-based firewall (software): For a single computer / control traffic to a single host
Network-based firewall (hardware): Placed between private and public networks
Open policy (default: allow) — Only blacklisted packets are dropped
Close policy (default: deny) — Only whitelisted packets are forwarded
Intrusion Detection Systems (IDS):
Detects and looks at that traffic in close detail to see if it is an attack
Signature-based IDS:
Match network traffic with pre-defined attack patterns (i.e., signatures)
[+] Little / No false positives (false alarm)
[-] A lot of false negatives (cannot detect new attacks, a.k.a. 0-day attacks)
Anomaly-based IDS:
Build a machine learning model of normal behaviors
[+] Little / No false negatives (can detect some new attacks)
[-] High false alarm rates
Accuracy evaluation of IDS:
Accuracy = TP + TN / (TP + TN + FP + FN)
Precision = TP / (TP +
FP
) — How precise is the positive prediction?
Recall = TP / (TP +
FN
) — How many positive cases were detected?
Software Security
Command (Shell) Injection:
Execution of arbitrary commands on the operation system
The attack typically involves the use of command line-specific special character
";"
Can be via:
Local system
Web application
Directory Traversal:
Access of unauthorized files and directories
The attack typically involves the use of the sequence of special characters dot-dot-slash
(../)
and its variations
(../../../)
Buffer Overflow:
Memory corruption vulnerabilities in C/C++
Bypassing Authentication
Redirecting Control Flow / Function Pointer Overwrite
Smashing the Stack / Out-of-bound read/write:
Overflow a buffer so that it overwrites the return address and jump to the
attacker's address
Countermeasures
(for Memory Corruption Vulnerabilities)
Immutable code / Inexecutable data in the memory:
An ACL-like approach to specify whether bytes in a memory region can be read, written or executed
Apply randomization when a program is launched:
Coarse-grained: Only the base addresses (for function / buffer) are randomized
Fine-grained: More secure, but you waste a lot of memory spaces in between
Control flow integrity (CFI) enforcement:
Checks whether a control transfer destination in use violates predefined policies
Use memory-safe languages such as Java, C# and Python
Secure Programming Practices
Use safe APIs instead of unsafe APIs
Apply proper input validation
Blacklist: Check for things that are not allowed
May not be exhaustive
Whitelist: Check for things that are allowed
May cause false positives
Specify maximum expected size of input
Malware
Categorization:
Replicating / Parasitic: Virus
Replicating / Self-contained: Worm
Non-replicating / Parasitic: Trojan
Non-replicating / Self-contained: Bot (Zombine)
Malware Concealment
Encrypted malware: A random encryption key is created and the decryption key is stored with the malware
Polymorphic malware: Malware that mutates with every infection, making detection by the
signature
of the malware impossible
Can be done by encryption, inserting superfluous instructions or interchanging the order of independent instructions
Metamorphic malware: As with a polymorphic malware, it mutates with every infection. However, it
rewrites itself completely
at each iteration. Both the
behavior
and appearance can be changed
Anti-virus
Simple scanners:
Requires a signature (a string of bytes) to identify a virus
Use heuristic rules:
Involve program integrity checking, looking for encryption
Memory-resident programs:
Executes and identifies a virus by its action
Combination of antivirus techniques, with access control capability
Web Security
SQL Injection:
Aim at gaining access to the database by manipulating user inputs used in SQL queries
Inject special characters such as
‘ # OR ; =
Occurs when there is no clear distinction between data and code
Fundamental defenses
1a.
Validate
user inputs — blacklist / whitelist
Similar to...
Use
bound parameters
so that user inputs cannot be mistaken for code
1b.
Sanitize
user inputs (blacklist approach) —
Escaping ("\"): Replace dangerous characters with encodings
Additional pre-cautions:
Avoid verbose error messages
Least privilege: Do not connect as sysadmin
Cookies:
A type of session identifiers that stores information about a user on a local device
Cookie poisoning:
An attacker may modify a session identifiers, e.g., to elevate their permissions
Session Hijacking: Use guessed cookie to impersonate the user
Must be unpredictable and stored in a safe place
Same Origin Policy (SOP):
Restricts how a document or script loaded from one origin can interact with a resource from another origin
Two pages have the same origin if they
share protocol, host name and port number
Cross-Site Scripting (XSS):
A way to bypass SOP
XSS attacks run a script in the browser that was not written by the web application owner
Types of XSS
Stored / Persistent XSS:
Where the malign string originates from the
website’s database
Reflected XSS:
Where the malign string originates from the
victim’s request
(HTTP request parameters)
Defense against XSS
1a. Filter server outputs / browser inputs — Differentiate between HTML elements (e.g., <script> (‘code’) and user data)
Improve access control
Authenticate origin (e.g., digital signature)
Block execution of scripts in the browser (most secure, but not practical)
Authorize scripts explicitly
1b. Servers can sanitize outputs by escaping / encoding dangerous characters (e.g., < converts to <)
Cloud & IoT Security
Privacy ≠ Confidentiality
Data Anonymization
Prevent Link Attack: Concatenating data tables with using a set of similar attributes (i.e., quasi-identifiers) to obtain sensitive information
Definition:
Identifiers — Uniquely identify a record; removed completely
Quasi-Identifiers (QIs) — Maximal set of attributes that could help identify individuals; retained, but anonymized
Sensitive attributes (SAs) — retained, but hide the associations by anonymizing the QIs
k-Anonymity:
Ensure at least k users have the same attribute(s) before released
The probability of being identified ≤ 1/k against link attack
Methods
Generalization: Replacing a value with a less specific but semantically consistent one
Affect the columns
Suppression: Remove outlier tuples
Affect the rows
For queries: Return mean, median, min or max of all possible values
Problem: If everyone in the k-anonymous group has the same value of sensitive attribute, an adversary who knows that a person is in that k-anonymous group can then still learn about the value of the sensitive attribute