cCryptography and Network Security

1.1 computer Security Concept

1. Confidentiality

• Definition: Protection of data and information from unauthorized disclosure

• Two Key Aspects:
o Data confidentiality: Preventing unauthorized access to private information
o Privacy: Enabling individual control over personal information collection and
distribution
• Example: Student grade information (high confidentiality) vs. public directory
information (low confidentiality)

2. Integrity

• Definition: Ensuring data and system trustworthiness

• Two Components:
o Data integrity: Protection against unauthorized changes
o System integrity: Ensuring proper system functionality
• Example: Hospital patient allergy information (high integrity) vs. anonymous online
polls (low integrity)

3. Availability

• Definition: Ensuring timely access to resources for authorized users

• Impact Levels:
o High: Authentication services for critical systems
o Moderate: University public website
o Low: Online telephone directory

Additional Key Requirements

Two supplementary concepts extend beyond the CIA triad:

1. Authenticity: Verifying genuine identity and trust in communications

2. Accountability: Enabling actions to be traced to specific entities

Security Challenges

The text identifies several key challenges in implementing computer security:

1. Complexity: Security requirements appear simple but demand complex

implementation
2. Adversarial Nature: Constant battle between attackers and defenders
3. Counter-intuitive Solutions: Security measures often require elaborate, non-obvious
approaches
 4. Strategic Placement: Determining optimal physical and logical security
implementation
5. Infrastructure Dependencies: Reliance on protocols and secret information
distribution
6. Asymmetric Advantage: Attackers need find only one weakness; defenders must
protect against all
7. Perception Issues: Security benefits often undervalued until breaches occur
8. Maintenance Burden: Requires constant monitoring in resource-constrained
environments
9. Design Integration: Security often treated as an afterthought rather than core design
element
10. User Resistance: Security measures often viewed as impediments to efficiency

Impact Levels

The text defines three levels of security impact:

Low Impact

• Limited adverse effects

• Degraded mission capability but primary functions still operational
• Minor damage or financial loss
• Minor harm to individuals

Moderate Impact

• Serious adverse effects

• Significantly reduced functional effectiveness
• Significant damage or financial loss
• Significant harm to individuals (non-life-threatening)

High Impact

• Severe or catastrophic effects

• Major loss of mission capability
• Major organizational damage or financial loss
• Potential loss of life or serious injuries

1.2 ISO Security Architecture

Core Framework Purpose

Management Perspective

1. Systematic Approach
o Provides structured methodology for defining security requirements
o Enables systematic evaluation of security products and policies
 o Particularly crucial for complex networked environments

Implementation Value

1. Standardization Benefits
o International standard status drives vendor compliance
o Facilitates consistent security feature development
o Enables interoperability across products and services

Key Architectural Components

1. Security Attacks

• Definition: Actions compromising organizational information security

• Characteristics:
o Direct threat to information ownership
o Represent active security compromises
o Target organizational assets

2. Security Mechanisms

• Definition: Processes or devices designed for security protection

• Primary Functions:
o Detection of security attacks
o Prevention of security breaches
o Recovery from security incidents
• Implementation: Can be either process-based or device-based

3. Security Services

• Definition: Enhanced processing or communication services

• Purpose:
o Strengthen data processing security
o Protect information transfers
o Counter security attacks
• Implementation:
o Utilizes multiple security mechanisms
o Provides layered security approach

Critical Terminology

Threat Analysis

1. Threat Definition
o Potential for security violation
o Requires existence of:
▪ Circumstance
▪ Capability
▪ Action
 ▪ Event
o May exploit vulnerabilities
o Can lead to harm
2. Attack Definition
o Active assault on system security
o Characteristics:
▪ Derives from intelligent threat
▪ Represents deliberate attempt
▪ Aims to evade security services
▪ Violates system security policy

Key Distinctions

• Threat vs. Attack:

o Threat = Potential danger
o Attack = Actual execution
• Mechanism vs. Service:
o Mechanism = Specific tool or process
o Service = Broader security function

Implications for Security Management

Organizational Considerations

1. Risk Assessment
o Need to identify potential threats
o Evaluate likelihood of attacks
o Assess potential impact
2. Security Planning
o Implement appropriate mechanisms
o Deploy relevant security services
o Maintain systematic approach

1.3 Security attacks

I. Passive Attacks

A. General Characteristics
 1. Nature of Attack
o Eavesdropping-based
o Monitoring-focused
o No system resource modification
o Aims to gather information
2. Detection and Prevention
o Extremely difficult to detect
o Normal message flow appears unaffected
o Prevention is primary defense strategy
o Typically countered through encryption

B. Types of Passive Attacks

1. Message Content Release

o Definition: Unauthorized capture and reading of transmitted information
o Targets:
▪ Telephone conversations
▪ Email messages
▪ File transfers
▪ Confidential communications
o Impact: Direct exposure of sensitive information
2. Traffic Analysis
o Definition: Pattern observation even when content is masked
o Observable Elements:
▪ Message frequency
▪ Message length
▪ Communication patterns
▪ Communicating hosts' location/identity
o Impact: Can reveal nature of communication despite encryption

II. Active Attacks

A. General Characteristics

1. Nature of Attack
o Involves data stream modification
o Creates false data streams
o Affects system resources
o More complex than passive attacks
2. Detection and Prevention
o Easier to detect than passive attacks
o Difficult to prevent completely
o Focus on detection and recovery
o Requires comprehensive security measures

B. Types of Active Attacks

1. Masquerade
o Definition: Entity impersonation
 o Characteristics:
▪ Often combines with other attack types
▪ Uses captured authentication sequences
▪ Aims for privilege escalation
o Impact: Unauthorized access to privileged resources
2. Replay
o Definition: Capture and retransmission of data
o Method:
▪ Passive capture of data units
▪ Subsequent retransmission
▪ Creates unauthorized effects
o Impact: System manipulation through legitimate data reuse
3. Message Modification
o Definition: Alteration of legitimate messages
o Techniques:
▪ Content alteration
▪ Message delay
▪ Message reordering
o Impact: Unauthorized changes to communication content/flow
4. Denial of Service
o Definition: Disruption of normal system operations
o Methods:
▪ Network disruption
▪ System overloading
▪ Targeted service suppression
o Impact: System/service unavailability

III. Defense Strategy Comparison

Passive Attack Defense

1. Primary Focus: Prevention

2. Key Methods:
o Encryption implementation
o Secure communication channels
o Traffic masking

Active Attack Defense

1. Primary Focus: Detection and Recovery

2. Key Methods:
o Monitoring systems
o Intrusion detection
o Recovery procedures
o System hardening

IV. Implementation Considerations

A. Prevention Strategies
 1. Passive Attacks
o Strong encryption protocols
o Secure communication channels
o Traffic normalization
2. Active Attacks
o Authentication mechanisms
o Access controls
o System monitoring
o Regular security updates

B. Response Strategies

1. Detection Methods
o Security monitoring
o Log analysis
o Intrusion detection systems
2. Recovery Procedures
o Incident response plans
o System restoration
o Security patch management

1.4 Security Services

I. Authentication Services

A. General Authentication

• Purpose: Ensure communication authenticity

• Scope: Single messages or ongoing interactions
• Primary Goal: Verify legitimate source of communication

B. Specific Types

1. Peer Entity Authentication

o Definition: Corroborates identity of peer entities in an association
o Application: Used during connection establishment/data transfer
o Features:
▪ Prevents masquerade attempts
▪ Prevents unauthorized replay
▪ Applies to peer protocol implementations (e.g., TCP modules)
2. Data Origin Authentication
o Definition: Corroborates source of data unit
o Characteristics:
▪ No protection against duplication/modification
▪ Suitable for connectionless applications
▪ Used in applications like email
▪ No prior interaction requirement
II. Access Control Service

A. Core Concepts

• Definition: Ability to limit and control system access

• Implementation:
o Controls access via communication links
o Requires entity identification
o Tailors access rights to individuals

B. Key Components

1. Authentication Prerequisite
o Identity verification required
o Forms basis for access decisions
2. Access Rights Management
o Individual-specific permissions
o Resource access control
o Application access control

III. Data Confidentiality Services

A. General Protection

• Purpose: Protection against passive attacks

• Scope: Transmitted data security

B. Levels of Protection

1. Broad Protection
o Covers all user data between parties
o Example: Complete TCP connection protection
o More practical implementation
2. Narrow Protection
o Single message protection
o Specific field protection
o More complex implementation

C. Traffic Flow Protection

• Conceals communication patterns

• Protects against traffic analysis
• Masks source/destination information
• Hides message characteristics

IV. Data Integrity Services

A. Scope of Protection
 1. Stream Protection
o Multiple message handling
o Complete communication coverage
o Most straightforward approach
2. Individual Elements
o Single message protection
o Field-level protection
o More complex implementation

B. Service Types

1. Connection-Oriented Integrity
o Features:
▪ Message stream protection
▪ No duplication
▪ No insertion
▪ No modification
▪ No reordering
▪ No replays
o Coverage: Includes data destruction protection
2. Connectionless Integrity
o Focus: Individual message protection
o Scope: Message modification only
o Context: Independent message handling

C. Recovery Options

1. With Recovery
o Automated recovery mechanisms
o Self-healing capabilities
o Preferred approach
2. Without Recovery
o Violation reporting only
o Requires external intervention
o Manual recovery processes

V. Nonrepudiation Service

A. Core Functionality

• Prevents denial of transmission

• Prevents denial of reception
• Provides transaction proof

B. Types

1. Sender Nonrepudiation
o Proves message sending
o Verifies sender identity
 2. Receiver Nonrepudiation
o Proves message receipt
o Verifies receiver identity

VI. Availability Service

A. Basic Concepts

• Definition: System/resource accessibility

• Requirements: On-demand access
• Scope: Authorized entity usage

B. Implementation

1. Protection Measures
o Authentication systems
o Encryption mechanisms
o Physical security
2. Counter Measures
o Against denial-of-service
o Resource management
o Access control integration

1.5 Security mechanism

I. Classification of Security Mechanisms

A. Specific Security Mechanisms

Mechanisms implemented in specific protocol layers

 1. Encipherment
o Definition: Mathematical algorithms for data transformation
o Types:
▪ Reversible: Encryption/decryption capability
▪ Irreversible: Hash algorithms and authentication codes
o Implementation: Algorithm and key dependent
2. Digital Signature
o Purpose: Source and integrity verification
o Implementation: Cryptographic transformation
o Application: Protection against forgery
3. Access Control
o Function: Enforce access rights
o Scope: Resource protection
o Implementation: Various control mechanisms
4. Data Integrity
o Purpose: Ensure data unit/stream integrity
o Application: Message protection
5. Authentication Exchange
o Purpose: Entity identity verification
o Method: Information exchange-based
6. Traffic Padding
o Function: Traffic analysis prevention
o Method: Bit insertion in data streams
7. Routing Control
o Purpose: Secure route selection
o Application: Security breach response
o Feature: Dynamic routing changes
8. Notarization
o Function: Third-party verification
o Application: Data exchange properties

B. Pervasive Security Mechanisms

Mechanisms not specific to particular protocol layers

1. Trusted Functionality
o Scope: Security policy compliance
o Implementation: System-wide
2. Security Label
o Purpose: Resource security marking
o Application: Security attributes designation
3. Event Detection
o Function: Security event monitoring
o Scope: System-wide security events
4. Security Audit Trail
o Purpose: Security activity recording
o Application: System review and examination
5. Security Recovery
o Function: System recovery processes
o Implementation: Event handling and management
II. Service-Mechanism Relationships

A. Key Relationships

1. Authentication Services
o Peer Entity Authentication:
▪ Uses encipherment
▪ Employs digital signatures
▪ Utilizes authentication exchange
o Data Origin Authentication:
▪ Relies on encipherment
▪ Uses digital signatures
2. Access Control
o Primary mechanism: Access control
o Supporting mechanisms: Authentication
3. Confidentiality Services
o General Confidentiality:
▪ Uses encipherment
▪ Employs routing control
o Traffic Flow Confidentiality:
▪ Uses encipherment
▪ Employs traffic padding
▪ Utilizes routing control
4. Data Integrity
o Mechanisms:
▪ Encipherment
▪ Digital signatures
▪ Data integrity checks
5. Nonrepudiation
o Primary mechanism: Digital signatures
o Supporting: Notarization
6. Availability
o Mechanisms:
▪ Access control
▪ Event detection

III. Implementation Considerations

A. Protocol Layer Integration

1. Specific Mechanisms
o Integrated into appropriate protocol layers
o Service-specific implementation
o Layer-dependent functionality
2. Pervasive Mechanisms
o System-wide implementation
o Cross-layer functionality
o General security support
B. Mechanism Selection Criteria

1. Security Requirements
o Service needs
o Protection level
o Implementation complexity
2. System Constraints
o Protocol compatibility
o Performance requirements
o Resource availability

1.6 Fundamental of security Design Principles

1. Economy of Mechanism

Definition: Security measures should be as simple and small as possible.

Key Aspects:

• Simpler designs are easier to test and verify

• Reduced complexity means fewer potential exploitable flaws
• Easier maintenance and updates
• Simplified configuration management

Challenges:

• Difficult to implement due to demand for new features

• Constant pressure to add complexity
• Must balance functionality with simplicity

2. Fail-safe Defaults

Definition: Access decisions should be based on permission rather than exclusion.

Implementation:

• Default state is denial of access

• Explicit permissions required for access
• Safer failure mode (denies access when failing)
• Widely used in file access systems and client/server services

3. Complete Mediation

Definition: Every access must be checked against the access control mechanism.

Characteristics:
 • No reliance on cached access decisions
• Continuous verification of permissions
• Resource-intensive approach
• Requires careful propagation of authority changes

4. Open Design

Definition: Security mechanisms should be open to public scrutiny.

Benefits:

• Allows expert review

• Builds user confidence
• Supports standardization
• Example: NIST encryption standards

5. Separation of Privilege

Definition: Multiple privilege attributes required for resource access.

Applications:

• Multifactor authentication
• Program division by privilege requirements
• Process separation by privilege levels
• Damage mitigation in case of attacks

6. Least Privilege

Definition: Operations should use minimal privileges necessary for tasks.

Implementation:

• Role-based access control

• Explicit permission granting
• Temporal privilege management
• Privilege withdrawal when not needed

7. Least Common Mechanism

Definition: Minimize shared functions between users.

Benefits:

• Reduces unintended communication paths

• Minimizes shared dependencies
• Easier security verification
• Enhanced mutual security
8. Psychological Acceptability

Definition: Security mechanisms should not unduly interfere with user work.

Requirements:

• Transparent to users where possible

• Minimal obstruction
• Match users' mental models
• Intuitive protection procedures

9. Isolation

Definition: Separation of critical resources and processes.

Contexts:

1. Public Access Systems:

o Physical or logical separation
o Protection of critical resources
2. User Isolation:
o Separate process spaces
o Protected memory areas
o Individual file spaces
3. Security Mechanism Isolation:
o Protected access control
o Cryptographic software protection

10. Encapsulation

Definition: Object-oriented protection through domain isolation.

Features:

• Protected subsystems
• Controlled access points
• Internal structure protection

11. Modularity

Definition: Development of separate, protected security modules.

Aspects:

• Common security functions

• Reusable components
• Protected from tampering
• Supports technology migration
12. Layering

Definition: Multiple, overlapping protection approaches.

Characteristics:

• Defense in depth
• Multiple security barriers
• Comprehensive protection
• Failure resilience

13. Least Astonishment

Definition: System responses should be predictable and intuitive.

Implementation:

• Transparent authorization
• Intuitive interfaces
• Predictable behavior
• User-friendly security mechanisms

Conclusion

These principles form a comprehensive framework for developing secure systems. While
perfect security may be unattainable, following these principles helps create more robust and
secure systems while maintaining usability.

1.7 Attack Surfaces and Attack Trees

I. Attack Surfaces

A. Definition and Scope

• Consists of reachable and exploitable vulnerabilities in a system

• Provides framework for vulnerability assessment
• Helps prioritize security measures

B. Common Attack Surface Types

1. Network Attack Surface

o Enterprise network vulnerabilities
o WAN vulnerabilities
o Internet-facing vulnerabilities
o Protocol vulnerabilities
o Common threats:
▪ Denial-of-service attacks
 ▪
Communication disruptions
▪
Intruder attacks
2. Software Attack Surface
o Application vulnerabilities
o Operating system weaknesses
o Utility software issues
o Special focus on web server software
o Interface vulnerabilities
3. Human Attack Surface
o Personnel-related vulnerabilities
o Social engineering risks
o Human error potential
o Insider threats

C. Examples of Attack Surfaces

1. Open ports on servers

2. Internal firewall services
3. Data processing interfaces
4. Web forms and SQL interfaces
5. Employee access points

D. Risk Assessment Matrix

Based on Figure 1.3:

• Small attack surface + Low layering = Low security risk

• Small attack surface + High layering = Medium security risk
• Large attack surface + Low layering = Medium security risk
• Large attack surface + High layering = High security risk

II. Attack Trees

A. Fundamental Concepts

• Hierarchical data structure

• Represents potential exploitation techniques
• Root node = Ultimate attack goal
• Leaf nodes = Initial attack methods
• Branches = Attack paths

B. Structural Elements

1. Node Types
o AND-nodes: All subnodes must be achieved
o OR-nodes: Any subnode achievement sufficient
o Leaf nodes: Initial attack points
2. Branch Attributes
o Difficulty levels
 o Cost factors
o Other attack characteristics

C. Case Study: Internet Banking Authentication

1. Major Components at Risk

o User Terminal/User (UT/U)
o Communications Channel (CC)
o Internet Banking Server (IBS)
2. Primary Attack Strategies a) User Credential Compromise
o Procedural attacks
o Token attacks
o Malware installation
o Communication interception
o Social engineering

b) Command Injection

o Communication interception
o User impersonation
o System access exploitation

c) Credential Guessing

o Brute force attacks

o Distributed attacks
o Automated programs

d) Security Policy Violation

o Internal threats
o Access control exploitation
o Policy circumvention

e) Authentication Session Exploitation

o Session ID manipulation
o User identity spoofing
o Connection hijacking

D. Implementation Benefits

1. Design Phase
o Guides system architecture
o Identifies critical vulnerabilities
o Supports security measure selection
2. Analysis Phase
o Documents attack patterns
o Enables risk assessment
o Supports countermeasure evaluation
 3. Maintenance Phase
o Facilitates system updates
o Guides security enhancements
o Supports threat monitoring

Conclusion

The combination of attack surface analysis and attack trees provides a comprehensive
framework for understanding and addressing security vulnerabilities. This approach enables
organizations to:

• Identify and prioritize vulnerabilities

• Develop targeted security measures
• Implement effective defense-in-depth strategies
• Maintain dynamic security posture

Understanding both attack surfaces and attack trees is crucial for developing robust security
architectures and implementing effective countermeasures.

1.8 A Model for Network Security

A. Core Components

1. Principal Parties
 o Sender: Initiates secure communication
o Recipient: Receives protected information
o Trusted Third Party: Facilitates secure communication
2. Communication Elements
o Information Channel: Logical path through Internet
o Security Transformations: At both endpoints
o Secret Information: Shared between principals
o Communication Protocols: e.g., TCP/IP
3. Security Mechanisms
o Information Transformation
▪ Encryption for confidentiality
▪ Code addition for authentication
▪ Message scrambling techniques
o Secret Information Management
▪ Shared keys
▪ Authentication data
▪ Verification codes

B. Implementation Tasks

1. Algorithm Design
o Security transformation development
o Opponent-resistant features
o Robust security properties
2. Secret Information Generation
o Key creation
o Authentication data generation
o Security parameters
3. Distribution Methods
o Secret information sharing
o Secure distribution channels
o Trust establishment
4. Protocol Specification
o Implementation procedures
o Algorithm utilization
o Secret information usage

II. Network Access Security Model (Figure 1.6)

A. Threat Landscape

1. Human Threats
o Hackers
▪ Unauthorized system access
▪ System penetration attempts
o Malicious Insiders
▪ Disgruntled employees
▪ Intentional damage
o Criminals
▪ Financial exploitation
 ▪ Data theft
2. Software Threats
o Information Access Threats
▪ Unauthorized data interception
▪ Data modification
o Service Threats
▪ Legitimate user disruption
▪ Service exploitation
o Attack Vectors
▪ Viruses
▪ Worms
▪ Concealed malicious logic

B. Defense Mechanisms

1. Gatekeeper Functions (First Line of Defense)

o Access Control
▪ Password-based authentication
▪ Login procedures
▪ User verification
o Threat Screening
▪ Virus detection
▪ Worm identification
▪ Attack pattern recognition
2. Internal Controls (Second Line of Defense)
o Activity Monitoring
▪ User behavior analysis
▪ System usage patterns
▪ Anomaly detection
o Information Analysis
▪ Stored data examination
▪ Security audit trails
▪ Intrusion detection

C. System Components

1. Information System Elements

o Computing Resources
▪ Processors
▪ Memory
▪ I/O devices
o Data Storage
o Process Management
o Software Systems
o Security Controls
2. Access Channel
o Network connections
o Entry points
o Communication paths
III. Security Implementation Considerations

A. Preventive Measures

1. Strong authentication mechanisms

2. Robust encryption algorithms
3. Secure protocol design
4. Access control policies

B. Detective Measures

1. Continuous monitoring systems

2. Intrusion detection
3. Activity logging
4. Audit trails

C. Responsive Measures

1. Incident response procedures

2. Recovery mechanisms
3. Threat mitigation strategies
4. Security update protocols

Conclusion

The combination of these two models provides a comprehensive framework for

understanding and implementing network security. The first model focuses on secure
communication between parties, while the second addresses system protection against
unauthorized access. Together, they form the foundation for developing robust security
architectures that protect both data in transit and system resources

1.9 Standards

I. National Institute of Standards and Technology (NIST)

Organization Profile

• Type: U.S. federal agency

• Scope: National with global impact
• Focus: Measurement science, standards, and technology

Key Responsibilities

1. Standards Development
o Federal Information Processing Standards (FIPS)
o Special Publications (SP)
2. Areas of Impact
 o U.S. government technology use
o Private-sector innovation promotion
o Global security standards influence

II. Internet Society (ISOC)

Organization Profile

• Type: Professional membership society

• Scope: Worldwide
• Structure: Umbrella organization for Internet standards

Key Components

1. Internet Engineering Task Force (IETF)

o Develops Internet standards
o Technical specification creation
o Protocol development
2. Internet Architecture Board (IAB)
o Internet architecture oversight
o Technical advisory group
o Standards process supervision

Publications

• Requests for Comments (RFCs)

• Internet standards documentation
• Technical specifications

III. International Telecommunication Union - Telecommunication

Standardization Sector (ITU-T)

Organization Profile

• Type: United Nations organization

• Scope: International
• Focus: Global telecommunications

Key Features

1. Structure
o Part of ITU
o Government and private sector coordination
o Global network standardization
2. Output
o Technical standards
o Recommendations
o Telecommunications specifications
IV. International Organization for Standardization (ISO)

Organization Profile

• Type: Non-governmental organization

• Scope: Global federation
• Membership: 140+ national standards bodies

Key Functions

1. Standards Development
o International Standards publication
o Global standardization promotion
o Cross-border cooperation
2. Areas of Focus
o Intellectual cooperation
o Scientific standardization
o Technological harmony
o Economic activity facilitation

Impact on Security Standards

A. Cross-Organization Collaboration

1. Standards Harmonization
o Coordinated development
o Compatible specifications
o Unified approaches
2. Global Implementation
o Widespread adoption
o International recognition
o Consistent application

B. Industry Benefits

1. Interoperability
o Common frameworks
o Compatible systems
o Standardized protocols
2. Security Enhancement
o Best practices sharing
o Unified security approaches
o Coordinated responses

C. Implementation Considerations

1. Compliance Requirements
o Regional variations
o Industry-specific needs
 oTechnical capabilities
2. Adoption Strategies
o Phased implementation
o Resource allocation
o Training requirements

Conclusion

These organizations play crucial roles in developing and maintaining security standards that
shape global cybersecurity practices. Their collaborative efforts ensure:

• Consistent security approaches

• International compatibility
• Technical excellence
• Industry best practices

Understanding these organizations and their standards is essential for implementing effective
security measures in modern computing environments.