Welcome to the (ISC)2 Certified Information Systems Security

Professional (CISSP) Training Course

Course Agenda

Domain 1: Security and Risk Management

Domain 2: Asset Security

Domain 3: Security Architecture and Engineering

Domain 4: Communication and Network Security

Domain 5: Identity and Access Management (IAM)

Domain 6: Security Assessment and Testing

2
Course Agenda (continued)

Domain 7: Security Operations

Domain 8: Software Development Security

3
Domain 3
Security Architecture and Engineering

4
Domain Objectives
1. Implement engineering processes using secure design
principles.
2. Manage engineering processes using secure design principles.
3. Identify the purpose of security models.
4. Identify common security models.
5. Differentiate between security requirements and security
controls.
6. Identify types of controls.
7. Identify common or inheritable controls.

5
Domain Objectives (continued)
8. Select appropriate security controls.
9. Identify major control frameworks.
10. Tailor security controls.
11. Identify security control evaluation criteria.
12. Identify types of system security capabilities.
13. Employ integrated security elements.
14. Identify vulnerabilities and mitigations in client-based systems.
15. Identify vulnerabilities and mitigations in server-based systems.
16. Identify vulnerabilities and mitigations in database systems.

6
Domain Objectives (continued)
17. Identify vulnerabilities and mitigations in industrial control
systems (ICSs).
18. Identify vulnerabilities and mitigations in cloud-based systems.
19. Identify vulnerabilities and mitigations in distributed systems.
20. Identify vulnerabilities and mitigations in Internet of Things (IoT).
21. Assess and mitigate vulnerabilities in web-based systems.
22. Assess and mitigate vulnerabilities in mobile systems.
23. Assess and mitigate vulnerabilities in embedded systems.
24. Understand key terms associated with cryptography.

7
Domain Objectives (continued)
25. Understand how security services such as confidentiality,
integrity, authenticity, non-repudiation, and access control
are addressed through cryptography.
26. Understand basic cryptography concepts of symmetric
and asymmetric.
27. Describe hashing algorithms and digital signatures.
28. Understand the importance of key management.
29. Understand cryptanalysis methods.
30. Apply security principles to site and facility design.
31. Implement and manage physical security controls.

8
Domain Objectives (continued)
32. Implement and manage physical controls in wiring closets
and intermediate distribution facilities.
33. Implement and manage physical controls in server rooms
and data centers.
34. Implement and manage physical controls in media storage
facilities.
35. Implement and manage physical controls for evidence storage.
36. Implement and manage physical controls in restricted areas.
37. Implement and manage physical controls in work areas.

9
Domain Objectives (continued)
38. Implement and manage environmental controls for utilities
and power.
39. Implement and manage controls for heating, ventilation,
and air conditioning (HVAC).
40. Implement and manage environmental controls.
41. Implement and manage environmental controls for fire
prevention, detection, and suppression.

10
Domain Agenda

Processes Using Secure Design Principles

Fundamental Concepts of Security Models

Select Controls Based upon Systems Security Requirements

Security Capabilities of Information Systems

Vulnerabilities of Security Architectures, Designs, and Solution

Elements

11
Domain Agenda (continued)

Cryptography

Physical Security

Domain Review

12
Module 1
Processes Using Secure Design Principles

13
Module Objectives

1. Implement engineering processes using secure design

principles.
2. Manage engineering processes using secure design principles.

14
System and Security Engineering Processes

• Commonly accepted sources for engineering processes:

o International Council on Systems Engineering (INCOSE)
o NIST SP800-160 System Security Engineering
o ISO/IEC 15026 series-Systems and Software Engineering
o ISO/IEC/IEEE 15288 Systems and Software Engineering

• Systems and systems security engineering processes have

converged across major sources:
o NIST and INCOSE recognize system security engineering as a
specialty engineering function

15
Technical Processes

• Business and mission analysis • Implementation process

process
• Stakeholder needs and
requirements definition process
• System requirements definition
process
• Architecture definition process
• Design definition process
• System analysis process
• Integration process
• Verification process
• Validation process
• Transition process
• Operation process
• Maintenance process
• Disposal process

16
Technical Management Processes

• Project planning process

• Project assessment and control process
• Decision management process
• Risk management process
• Configuration management process
• Information management process
• Measurement process
• Quality assurance process

17
Enabling Processes

• Lifecycle model management process

• Infrastructure management process
• Portfolio management process
• Human resources management process
• Quality management process
• Knowledge management process

18
Agreement Processes

• Acquisition process
• Supply process

19
Key Principles of System Security

• Confidentiality
• Integrity
• Availability

20
Module 2
Fundamental Concepts of Security Models

21
Module Objectives

1. Identify the purpose of security models.

2. Identify common security models.

22
Security Models

Purpose: Security models define rules of behavior for an

information system to enforce policies related to system security
but typically involving confidentiality and/or integrity policies of the
system.

23
Security Models Examples

• Bell–LaPadula (Confidentiality)
• Biba (Integrity)
• Brewer and Nash (Confidentiality)
• Clark–Wilson (Integrity)
• Graham–Denning (Confidentiality/Integrity)
• Harrison, Ruzzo, Ullman (Integrity)

24
Bell–LaPadula (BLP) (Confidentiality)

• State machine model

• Developed for Department of Defense (DoD)
• Used for multilevel security (MLS)
• Three properties defined:
o No read up (simple security property)
o No write down (star property)
o Access matrix (discretionary security property)

25
Biba (Integrity)

• State transition model

• Focus on integrity vice confidentiality
• Opposite direction rules from Bell–LaPadula (BLP)
o No Read down (simple integrity property)
o No Write up (star integrity property)
o Lower level process cannot request higher access (invocation property)

26
Brewer and Nash (Confidentiality)

• Designed to prevent conflict of interest

• Information flow control model
• Decomposes a company’s information into discrete datasets based
on potential conflicts of interest
• Defines rules for acceptable access to data objects by a particular
subject (e.g., person or process)
• Accessing a data object excludes future access to potential conflict
of interest objects

27
Clark–Wilson (Integrity)

• Introduces the concept of triples:

o Subject
o Program
o Object
• Subjects can only manipulate data objects through the use of a
defined program
• Set of rules designed to ensure data integrity for all operations

28
Graham–Denning (Confidentiality/Integrity)

• Set of rules for creation, assignment of access rights, and deletion

of objects and subjects
• Eight rules (create/delete object/subject, assign: read, grant,
delete, and transfer access rights)
• Often used in distributed systems

29
Harrison, Ruzzo, Ullman (HRU) (Integrity)

• Primarily for protection of access right integrity

o Confidentiality is protected by access rights, so HRU does provide
secondary confidentiality protection
• Extends Graham–Denning model
• Defines a set of primitive allowable operations involving subjects
and objects

30
Modern Implementation

• Various components of security models are integrated into modern

operating systems (OSs).
• The access control mechanisms discussed in Domain 5 implement
key features of the security model in practical systems.
• Security models may not be implemented exactly in modern
systems, but they provided the basis for most modern security
implementation.

31
Module 3
Select Controls Based upon System Security Requirements

32
Module Objectives

1. Differentiate between security requirements and security controls.

2. Identify types of controls.
3. Identify common or inheritable controls.
4. Select appropriate security controls.
5. Identify major control frameworks.
6. Tailor security controls.
7. Identify security control evaluation criteria.

33
Security Controls

• Safeguards or countermeasures that mitigate risks to

confidentiality, integrity, or availability in a system or operating
environment.
• Controls may impact or modify the behavior of people, process,
or technology.

34
Types of Controls

Control Action Types: Means of Application:

• Preventive controls: • Management:
o Reduce likelihood or impact of o Policy- or human-driven
an undesirable event occurring controls
• Detective controls: • Operational:
o Identify an undesirable event o Process-driven controls
or collect information about it • Technical
• Corrective controls: o Controls applied to
o Reduce or eliminate the impact technology
of an undesirable event that
has occurred
35
Common/Inheritable Controls

• Common or Inheritable controls exist outside of a particular

system but provide some confidentiality, integrity, or availability
protection to the system
o For example, enterprise firewall protections are inherited by systems
behind the firewall
• May include management, operational, or technical controls

36
Control Selection

• Controls are selected to support the confidentiality, integrity,

and availability needs of the system.
• Control frameworks are often utilized to select appropriate
controls and define controls.
• Inheritable controls that support the system are identified.

37
Control Frameworks

• Control frameworks define controls and control elements.

• Frameworks allow for standardization of control
implementation.
• Control frameworks often include evaluation criteria
or mechanisms to verify controls are effective.

38
Example Control Frameworks and Standards

• ISO/IEC 27001
o International Standard
• NIST (SP 800-53)
o Required for US government use
• COBIT
o Focused on business values
• ISA/IEC 62443 (ISA 99)
o Industrial Automation and Control Systems

39
Tailoring Controls

• Control frameworks and standards are intended to be tailored to

specific use-cases.
• Adjust control specifications or parameters to meet the needs of a
specific system or environment.
• “Book” controls must be tailored to provide optimal value.

Important:
Controls are not intended to be checklist items but some
organizations treat them as such.

40
Evaluation Criteria

Each control should include specific evaluation methods and

expected results.
• Example evaluation methods from NIST:
o Test: conduct a direct test of the control (usually used for
technical type controls)
o Interview: Interview or question staff (usually used for
management or operational controls)
o Examine: Examine documentation or artifacts for evidence that
a control is properly employed (used for all control types)
• Controls may be evaluated by multiple methods

41
Module 4
Security Capabilities of Information Systems

42
Module Objectives

1. Identify types of system security capabilities.

2. Employ integrated security elements.

43
System Security Capabilities

• Access control • Encryption

• Processor states • Code signing
• Memory management • Audit and monitoring
• Process isolation • Virtualization/sandbox
• Data hiding • Hardware security Modules
• Abstraction layers • File system attributes
• Security kernel

44
Generic Operating System (OS)/Computer Model

45
Access Control

• OS controls access to objects

• Rules define allowable behavior
• Security monitor or reference monitor enforces allowed
behavior
• File systems typically support by assigning security attributes
to objects/files
• Access control models are described in detail within Domain 5

46
Processor States

• Processors typically support at least two states of operation:

o User mode
o Kernel mode
• User mode has limited access to core functions or direct
hardware access

47
Memory Management

• Direct application access to system memory is restricted

• Modern operating systems randomize memory locations
(address space)
• Modern operating systems limit memory locations where
code can execute
o E.g., Data Execution Prevention (DEP) in Windows

48
Process Isolation

• Processes execute in separate

memory spaces
• Direct exchange between
processes is limited
• Operating system (OS)
manages inter-process
exchanges through controlled
interfaces

49
Data Hiding

• Typical with multilevel security (MLS) architectures using

mandatory access control (MAC)
• Data or objects at a higher security level cannot be seen
by objects at a lower security level
o Associated to the Bell–LaPadula (BLP) security model
• Also a coding practice where raw data is hidden from access
and can only be obtained from a standardized interface

50
Abstraction layers

• Limits direct access to

objects or entities
• Defines allowable
actions and interactions
between layers
• Protects against
improper behavior or
access between layers

51
Security Kernel

• Also known as a reference monitor

• “Big Brother” of kernel mode
• Monitors and validates access control over system objects
(e.g., files, network stack)
• Enforcement and validation component of all secure
operating systems

52
Encryption

• Encryption can be applied to data at rest (e.g., files on hard

drive) or data in transit (e.g., communication channel)
• May protect confidentiality and/or integrity of data
• Data cannot be read without the proper decryption key
• Protects data when OS features (e.g., security kernel) are
not active or present
o E.g., Windows Bitlocker protects data when the OS is not running
and an attempt is made to physically remove and read the
computer hard drive

53
Code Signing and Validation

• Cryptographic function
• Executable code is digitally signed
• OS validates signature before loading code
• Unsigned code or code with an invalid signature
is prevented from executing
• May include OS internal code to prevent replacement
of OS components

54
Audit and Monitoring

• System actions are recorded and stored in a protected location

o Audit storage protection levels vary by system and must be
enabled and validated
• Specific actions that are recorded are typically customizable
• Audit records MUST be reviewed or monitored to be an
effective protection
• Monitoring and review may include both automated and
manual elements
• Audit records are typically transferred off of a system for
protection and long term storage

55
Virtualization/Sandbox

• Executing code is “wrapped” in a virtualization or sandbox layer

• Code executing within the environment is strictly limited from
direct interaction outside the environment
• Permissions for system access may be restricted independently
for each virtualized or sandboxed instance
• May be an OS native function or function provided by third-party
software

56
Hardware Security Modules

• Hardware components that provide security services

• Trusted Platform Module (TPM)
o Most common security module, present in most modern
hardware platforms
o Provides secure storage and cryptographic functions
o Typically used to securely generate and store encryption keys
o Keys or stored data cannot be extracted from the module without
appropriate permissions
• Specialized devices (e.g., cell phone) may contain multiple
hardware security modules

57
File System Attributes

• Various file systems may store security attributes or provide

security functions
• A critical component to employing access control models in most
operating systems
• File systems may include journaling that can protect data integrity

58
Host Protection Software

• Antivirus
• Host-based intrusion prevention (HIPS)
• Host firewall
• File integrity monitoring (FIM)
• Configuration and policy monitor

59
Module 5
Vulnerabilities of Security Architectures, Designs,
and Solution Elements

60
Module Objectives

1. Identify vulnerabilities and mitigations in client-based systems.

2. Identify vulnerabilities and mitigations in server-based systems.
3. Identify vulnerabilities and mitigations in database systems.
4. Identify vulnerabilities and mitigations in Industrial Control
Systems (ICS).
5. Identify vulnerabilities and mitigations in cloud-based systems.
6. Identify vulnerabilities and mitigations in distributed systems.
7. Identify vulnerabilities and mitigations in Internet of Things (IoT).

61
Module Objectives (continued)

8. Assess and mitigate vulnerabilities in web-based systems.

9. Assess and mitigate vulnerabilities in mobile systems.
10. Assess and mitigate vulnerabilities in embedded systems.

62
Vulnerabilities of Security Architectures, Designs, and
Solution Elements

• This module introduces some common vulnerabilities and

mitigation approaches
o These are common among most system types
• It presents typical vulnerabilities and mitigation approaches
for various system types
o The vulnerabilities and mitigations are not intended to be
comprehensive for each system type
• For each system type, consider which common vulnerabilities
might exist in the various system components

63
Top Threat Actions/Mitigations

Top Threat Actions Top Mitigations

• Hacking • Know what you have
• Social engineering • Patch and manage
• Malware distribution what you have
• Phishing • Assess/monitor/log
• Educate users

64
Common System Vulnerabilities

Hardware
• Hardware components may fail at any time
o Mean time between failure (MTBF) used to calculate expected life
o Failure rates higher during initial system operation
• Supply chain issues may introduce technical
flaws/vulnerabilities or malicious modification
• Old hardware may be difficult to repair/replace

65
Common System Vulnerabilities (continued)

Communications:
• Can fail
• Can be blocked (denial of service (DoS))
• Can be intercepted
• Can be counterfeited (replayed)
• Can be modified
• Characteristics can expose information about the
sender/receiver (e.g., address, location, etc.)

66
Common System Vulnerabilities (continued)

Misuse by user
• Can be intentional or accidental
• Can degrade or bypass security controls
• Increases in likelihood as difficulty to operate increases
o E.g., difficult security requirements increase likelihood of
intentional misuse to “get the job done”

67
Common System Vulnerabilities (continued)

Code flaws
• Exist in all software products with more than trivial
complexity
• May be introduced accidentally or intentionally
• Typical risk conditions:
o Known flaws, patch available, systems not patched, exploit
available
o Known flaws, patch not available, exploit available
o Unknown flaws, exploit available (zero-day attack possible)

68
Common System Vulnerabilities (continued)

Emanations
• Hardware/physical elements may radiate information
o Radio frequency
o Visible and non-visible spectrum
• Can be used to discern system functions
• Can be used to locate systems/components

69
Client-based Systems

• Desktops, laptops, thin client terminals, etc.

• Typically present in large quantities
• Continuous state of adding new and decommissioning old in
most organizations
• General purpose devices with inconsistent usage patterns across
the install base

70
Client-based System Vulnerabilities

• Physically under user control Consider:

• Susceptible to user misuse

(intentional or accidental)
• May be lost/stolen
• Monitoring may be difficult
• 100% update may be difficult

71
Client-based System Mitigations

• Patch/update*: Continuous action

• General network protections: e.g. Network segmentation, firewall
devices, network intrusion prevention or detection
• Host protections*: Antivirus, host IPS, host firewall, disk encryption
• Monitor*: Logs, alerts, track location
• Educate users: Anti-phishing campaign, detecting attacks

*Applied to all general purpose computing systems-servers, database, distributed,

cloud-based, web-based

72
Server-based Systems

• Application servers, file servers, domain controllers, print servers,

network service servers (e.g., DNS, DHCP, etc)
• Centrally managed/controlled
• Limited access/functionality
• Likely to be in a tightly controlled network segment

73
Server-based System Vulnerabilities

• May be exposed to external Consider:

communication/services
• Updates may be delayed due
to operational need
• May exist for long periods (risk
of being outdated)
• High-traffic volume makes
monitoring more difficult

74
Server-based System Mitigations

• Targeted network protections (server specific rules,

restricted ports/protocols)
• Strong remote access mechanisms
• Configuration and change management
• Monitor: Logs, alerts—targeted to server functions

75
Database Systems

• Hosted on servers, cloud, distributed, etc.

o Inherits platform vulnerabilities
• Typically contains large quantities of valuable information
• Typically requires high-speed operation with large number
of transactions

76
Database System Vulnerabilities

• Inference Consider:

• Aggregation
• Data mining
• High-value target

77
Database System Mitigations

• Input validation
• Robust authentication/access control
• Output throttling
• Anonymization
• Tokenization

78
Industrial Control Systems (ICSs)

• Typically embedded, limited function hardware

• Interfaces between logical (computer) space and the physical world
• Includes sensors, motors, actuators, valves, gauges, etc.

79
Industrial Control System Types

• Supervisory control and data acquisition (SCADA)

• Distributed control systems (DCSs)
• Programmable logic controllers (PLCs)

80
Industrial Control System Vulnerabilities

• Limited functionality Consider:

• Limited protections
• Long lifespan (become outdated)
• Susceptible to misuse/error
• Highly susceptible to denial of service
(DoS) attacks
• Attacks can produce physical effects
• Often unattended in remote locations

81
Industrial Control System Mitigations

• Isolated network infrastructure

• Robust network connection restrictions and monitoring
• Highly segmented network
• Protect communication channels
• Robust configuration control

82
Cloud-based Systems

• Components hosted by a cloud service provider (CSP)

• CSP assumes specific security responsibilities, the remainder
stay with the data owner
• Typically high reliability, speed, capacities
• CSP to data owner relationship is governed by a contract
and/or service-level agreements (SLAs)

83
Cloud-based System Characteristics

• On-Demand Self-Service
• Broad Network Access
• Resource Pooling
• Rapid Elasticity
• Measured Service
• Multi-Tenancy

84
Cloud-based System Types

• Software as a service (SaaS)

• Platform as a service (PaaS)
• Infrastructure as a service (IaaS)
• Network as a service (NaaS)

85
Cloud-based System Deployment

• Private
o Exclusive use by a single organization
o On or off premises
• Community
o Provisioned for exclusive use by a community of users
• Public
o Open use by general public
• Hybrid
o Combination of two or more deployment models

86
Cloud-based System Vulnerabilities

• Inherently exposed to external Consider:

communication/access
• Misconfiguration a major risk
• May exist for long periods (risk of
being outdated)
• Gap between CSP and data owner
security controls

87
Cloud-based System Mitigations

• Reputable cloud service provider that supplies security

information/testing results
• Well trained system administrators
• Robust configuration control/change control
• File and communication encryption
• Well managed identity and access controls

88
Distributed Systems

• Nodes and processors operate independently

• Storage and processing spread across multiple components
• Nodes “pass messages” to coordinate and communicate
• Example: traditional telephone
o Switches operate independently
o Coordinate to pass calls between them

89
Distributed System Vulnerabilities

• Lack of central control/monitoring Consider:

• Data elements may be lost if

nodes fail
• Inconsistent security levels
between nodes is possible
• Susceptible to communication
failures, compromise, or denial
of service (DoS)

90
Distributed System Mitigations

• Standard security rules for nodes to enter distributed network

• Communication control, encryption, and redundancy
• Node backup and data sharing between nodes

91
Internet of Things (IoT) Systems

• Generally small form factor, embedded hardware

• Limited functionality OS
• May interface with the physical world
• Pervasive and often connected to general purpose networks
• Functions/accessibility may be unclear to owner/user

92
Internet of Things (IoT) Vulnerabilities

• Limited vendor support for updates Consider:

• Little to no onboard security

capability
• Poor code management due to rapid
development cycles
• May contain limited or weak security
implementations on standard
protocols (e.g., Bluetooth, WiFi)

93
Internet of Things (IoT) Mitigations

• Isolated on private networks with controlled access

• Products selected for security features and updatability
• Product security/penetration testing
• Disable unneeded functions

94
Web-based Systems

• Applications or data accessible and manipulated through a web

browser or web service
• Often connects to a data source (database) that may be on or
off platform
• Uses standard protocols and interface languages
• Connections are typically dynamic

95
Web-based System Vulnerabilities

• Accessibility to network Consider:

communications/access
• Use of obsolete
protocols/encryption
• Code/configuration errors that
expose components or data

96
Web-based System Mitigations

• Protect system behind firewalls and access controls

• Limit and monitor communication protocols
• Scan, evaluate, and assess interfaces and code (HTML,
Java, scripts, etc)
• Tightly control configuration and change management
• Ensure platform is security configured

97
Mobile Systems

Phones, tablets, wearable devices

• Portable, small form factor
• Limited functionality
• Embedded OS
• Typically contains limited amounts of data
• Connected (cellular, WiFi, Bluetooth, tethering)
• Designed for single user

98
Mobile Systems (continued)

Laptops, personal computers

• Portable, medium form factor
• Full featured operating system
• Capabilities similar to a desktop
• May contain large amounts of data
• Multi-user capable
• Connected (WiFi, Bluetooth, tethering, possibly cellular)

99
Mobile Systems (continued)

Are laptops mobile systems?

• Opinions may vary, wide gray area depending on the particular
capabilities and configuration of a device
• Share physical vulnerabilities with other device types
• Capable of more onboard controls (e.g., traditional computer
host protections, logging, monitoring, access controls)
• Mitigation mechanisms are different from other device types
• Some tablets cross the line between laptop characteristics and
embedded mobile device characteristics

100
Mobile System Vulnerabilities

• Loss or theft Consider:

• Weak access controls configured

• Unencrypted data
• Communication interception or
eavesdropping
• Limited onboard security services
and monitoring

101
Mobile System Mitigations

• Mobile device management (MDM) installed

o Device tracking, wiping, software control, policy enforcement
• Activate screen lock and high complexity passcodes or
biometrics
• Ensure device is encrypted
• Tunnel communications through VPN architecture
• Limit software/apps installed to trusted packages
• Prevent jailbreak or rooting devices
• Do not connect to public networks (e.g., coffee shop, hotel)

102
Mobile System Mitigations (continued)

For laptops:
• Apply all traditional computer system protections (e.g., AV, FW,
Host IPS, etc.)
• Ensure encryption is activated
• Ensure strong passwords, biometrics, or two factor
authentication on all user accounts
• Activate anti-theft function or tracking functions if available
• Tunnel mobile communications through VPN
• Do not connect to public networks (e.g., coffee shop, hotel)

103
Embedded Systems

• Computing platform with a dedicated function

• Limited function/specialized OS
• Limited processing power
• Long service life in many applications
• Includes System on a Chip (SoC) architectures
• Typically includes special device categories:
o IoT, ICS, mobile devices
• Highly diverse in nature
o Specialized computing vs general purpose computing

104
Embedded System Vulnerabilities

• Limited function design does not Consider:

include all full monitoring and
security control implementation
• Limited access controls
• Limited ability to update, vendor
support often time limited

105
Embedded System Mitigations

• Limit access to devices

• Limit communications to devices
• Disable unnecessary/unneeded
components/features/communications
• Isolate on dedicated networks if connected
• Monitor external communications with exterior sensors
(e.g., network taps, sensors)
• Apply vendor updates when available

106
Activity: Designing Security into an Architecture Scenario

The National Federal Amalgamated Corporation (NFAC) is developing

a new customer facing application for amalgamated data. The initial
design includes the following elements:
• Database servers within the NFAC data center that store customer
private and sensitive data elements
• Application servers within the NFAC data center that access the
database servers and are accessed by NFAC employee workstations
• Employee workstations (some desktop, some laptop) are used by
NFAC employees to access the Application servers to access,
upload, modify, and delete sensitive customer data

107
Activity: Designing Security into an Architecture Scenario
(continued)

• Web servers located with a cloud provider that access NFAC

databases and applications to deliver data to external customers
through a web browser
• Mobile applications distributed to customers for installation on
Android and Apple devices that provide customer access via a
Mobile Application Service hosted by the same cloud provider
hosting the web servers

108
Activity: Designing Security into an
Architecture-Instructions

INSTRUCTIONS
Consider the scenario and the vulnerabilities, mitigations, and
controls discussed in the preceding modules. Each of the system
types listed in the scenario have inherent strengths and weaknesses.
For each item, identify potential risks or weakness and one or more
controls or mitigation consistent with the access requirements listed
in the scenario.

109
Activity: Designing Security into an Architecture-
Instructions (continued)

Example:
• Database Servers:
o Risk: Database servers contain bulk sensitive data and may be
targeted by adversaries.
o Control: Database servers will be placed on a protected network
segment and network access controls will prevent access to the
database server for any connection except from authorized
application servers.

110
Module 6
Cryptography

111
Module Objectives

1. Understand key terms associated with cryptography.

2. Understand how security services such as confidentiality,
integrity, authenticity, non-repudiation, and access control
are addressed through cryptography.
3. Understand basic cryptography concepts of symmetric and
asymmetric.
4. Describe hashing algorithms and digital signatures.
5. Understand the importance of key management.
6. Understand cryptanalysis methods.

112
Cryptography Services

• Confidentiality
• Integrity
• Authenticity
• Non-repudiation
• Access control

113
Data Protection

Data at Rest
Backup tapes, off-site storage, password files

Data in Transit
Provides secure and confidential methods to transmit data
Allows the verification of the integrity of the message so that
any changes to the message itself can be detected

114
End-to-end Encryption

• Generally performed by the end user within an organization

• The data is encrypted at the start of the communications
channel or before and remains encrypted until it is decrypted at
the remote end

115
Link Encryption

• Encrypts all of the data along a communications path

• Communications nodes need to decrypt the data to continue
routing

116
Cryptographic Evolution

Cryptographic techniques:
• Manual
• Mechanical
• Electro-mechanical
• Electronic
• Quantum cryptography

117
Key Encryption Concepts and Definitions

Plaintext or Ciphertext or
Cryptosystem Algorithm
cleartext cryptogram

Key or Non-
Encryption Decryption
Cryptovariable Repudiation

Cryptanalysis Cryptology Collision Key space

118
Key Encryption Concepts and Definitions (continued)

Initialization vector (IV) Encoding/decoding

Substitution Transposition or permutation

Confusion/diffusion
Key clustering
Avalanche

119
Key Encryption Concepts and Definitions (continued)

Synchronous Asynchronous
Each encryption or Hash function
Encrypt/Decrypt requests
decryption request is
are processed in queues
performed immediately

Digital signatures Symmetric Asymmetric

Certificate authority Registration authority

Digital Certificate
(CA) (RA)

120
Stream-based Ciphers

A keystream (sequence of bits used as a key) is generated and

combined with the plaintext using an exclusive-or (XOR)
operation:
• Statistically unpredictable and unbiased
• Not linearly related to the key
• Operates on individual bits or bytes
• Functionally complex
• Long periods with
no repeats

121
Cryptographic Operation for a Stream-based Cipher

• Plaintext is XORed with a seemingly random keystream to

generate ciphertext
• It is seemingly random because the generation of the keystream
is usually controlled by the key

122
Exclusive-Or (XOR)
Crypto XOR Operation

1 Convert letters into C = ASCII 67

binary values 67 Binary = 01000011
A = ASCII 65
65 Binary = 01000001

2 XOR Values 01000011

01000001
XOR calculation 00000010
Compare two binary values
If both values are same the output is 0
If they are different the output is 1 Transmit = 00000010

123
Block Ciphers
• A block cipher operates on fixed-size blocks of text
• The size of the block affects the strength of the cryptographic
implementation
• As plaintext is fed into the cryptosystem, it is divided into blocks
of a preset size
• Often a multiple of the ASCII character size — 64, 128, 192 bits,
etc.

124
 Block Ciphers (continued)

Operate on fixed size

blocks of plain text

More suitably
implemented in software
to execute on general-
purpose computer

Overlap when block

operated as stream

125
Key Length
• Important aspect of key management to consider when
generating and using cryptographic keys
• The longer the key, the more keyspace it represents

126
Block Size
• Block ciphers operate on a fixed length string of bits
• Typically 64 bits, or multiples of 64 bits

127
Initialization Vectors (IV) – Why They Are Needed

• Encrypting the same plaintext using the same key always

produces the same ciphertext
• Encrypting the same message with different keys may produce
discernable patterns
• An IV is a random value added to the plaintext message before
encrypting so that each ciphertext will be substantially different

128
Kerckhoff’s Principle

A cryptosystem should be secure

even if everything about the system, except
the key, is public knowledge

129
High Work Factor

• Measured in units such as:

o Hours of computing time
o Cost in dollars of breaking the encryption
• If the work factor is sufficiently high, the encryption system
is considered to be practically or economically unbreakable

130
Substitution Ciphers
• The process of substituting one
letter for another based upon a
cryptovariable
• Involves shifting positions in the
alphabet of a defined number of
characters (Caesar cipher and
Vigenere cipher)
• Involves using a scrambled alphabet
to substitute one letter for another
(Enigma machine)

131
Transposition Ciphers
• Cryptosystems that use T H I S I
transposition or permutation
S A N E X
• Rely on concealing the message
through the transposing of or A M P L E
interchanging the order of the
letters O F T R A

N S P O S

I T I O N
Rectangular Substitution Tables

132
Monoalphabetic and Polyalphabetic Ciphers
• Monoalphabetic Cipher • Polyalphabetic Cipher
o Developed Circa 15th Century

A B C D E F G H
1 Z A B C D E F G H
2 Y Z A B C D E F G H
3 X Y Z A B C D E F G H
4 W X Y Z A B C D E F G H
…
I J K L M N O P Q R S T U V W X Y Z
I J K L M N O P Q R S T U V W X Y
I J K L M N O P Q R S T U V W X
I J K L M N O P Q R S T U V W
I J K L M N O P Q R S T U V

Encrypt the plaintext ‘FEEDBACK’ using a key of 3241 CCACYYYJ

133
Running Key Cipher
T H I S
• Use the value of Value of Message 19 7 8 18
‘THIS message …’
plaintext letters and O N P E
a value of key based + Value of Key 14 13 15 5
on a shared book ‘on periodic …’
33 20 23 22
-26
= Value of Ciphertext
7 20 23 22
H U X W

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

134
One-Time Pads
• The only cipher system asserted as unbreakable
• Both sides have same pad of key values
o Truly random key values
o Keys are only used once

135
Steganography
• Plaintext hidden/disguised
• Prevents a third party from knowing
that a secret message exists
• Traditionally accomplished in a
E1089197693F6C4C26E0033F8C8AF00C
number of ways:
o Physical techniques
o Modern steganography
o Null ciphers

57694B77DCB55C543C6C0BA8E1FF2D17

136
Null Cipher
• Plaintext is mixed with large amounts of non-cipher material
• A simple form of steganography

Example:
Closed inspection specific security process integrate security
governance really easily and timely
CISSP is great

137
Null Cipher – Are You Deaf, Father William, William

Carroll - 1876
“Are you deaf, Father William!” the young man said,
“Did you hear what I told you just now?
“Excuse me for shouting! Don’t waggle your head
“Like a blundering, sleepy old cow!
“A little maid dwelling in Wallington Town,
“Is my friend, so I beg to remark:
“Do you think she’d be pleased if a book were sent down
“Entitled ‘The Hunt of the Snark?’”
“Pack it up in brown paper!” the old man cried,
“And seal it with olive-and-dove.
“I command you to do it!” he added with pride,
“Nor forget, my good fellow, to send her beside
“Easter Greetings, and give her my love.”
138
 Advantages and Disadvantages of Symmetric

Algorithms
Advantages Disadvantages

• Fast • Key distribution is very difficult

• Secure • Not able to provide integrity,
• Confidentiality authenticity, non-repudiation of
origin, access control, and digital
signatures
• Require both sender and receiver to
share the same key
• Challenges with secure key distribution
• Scalability

139
Out-of-Band Key Distribution

Out-of-Band Key Distribution

140
Examples of Symmetric Algorithms
System 97 Printing Machine for
Caesar European Characters
cipher Codename “Purple”

The Spartan
scytale

The Enigma
machine

141
Basic Block Cipher Modes
Mode Usage

Electronic Code Book (ECB) Very short messages (less than 64 bits in length),
such as transmission of a DES key.

Cipher Block Chaining (CBC) Authentication

Cipher Feedback (CFB) Authentication

Output Feedback (OFB) Authentication

Counter (CTR) Used in high-speed applications such as IPSec

and ATM

142
Basic Block Cipher Modes
• Electronic Codebook (ECB) Mode
• Cipher Block Chaining (CBC) Mode

143
Using Symmetric Block Cyphers to Simulate Stream

Ciphers
• Cipher Feedback (CFB) Mode
• Output Feedback (OFB) Mode
• Counter (CTR) Mode

144
Electronic Codebook (ECB) Mode
• Each block of plaintext is encrypted independently using the same key
• Only used for small messages – smaller than 64 bits

145
Cipher Block Chaining (CBC) Mode

146
Cipher Feedback (CFB) Mode

147
Output Feedback (OFB) Mode

148
Counter Mode (CTR)

149
The Data Encryption Standard (DES)
• Horst Feistel had developed a family of algorithms that had a core
principle of taking the input block of plaintext and dividing it in half
• Then, each half was used several times through an exclusive-or
operation to alter the other half — providing a type of
permutation as well as substitution
• A Feistal algorithm became the data encryption algorithm used for
DES
• DEA Algorithm is Symmetric Block Cipher, 64-bit blocks, 16
rounds, 56-bit effective key length

150
Double-DES (2DES)

• Given today’s technology, DES key is too short to provide

adequate protection
• One of the first alternatives to create a stronger version of DES
was to double the encryption process

151
Meet-in-the-Middle Attack on 2DES

152
Triple DES (3DES)
• Triple DES was designed to operate at a relative strength of 2112
using two, or three, different keys to perform the encryption
• This effectively rendered a key with a 168-bit strength, as there
are always three iterations done with the keys

153
Counter Mode with Cipher Block Chaining Message

Authentication Code Protocol (CCMP)

CCMP is an authentication protocol that forms part of the 802.11i
standard for wireless local area networks.

154
How CCMP Works

• AES processing in CCMP must use AES 128-bit key and 128-bit
block size
• CCMP use of 128-bit keys and a 48-bit IV minimizes vulnerability
to replay attacks; the CTR component provides data privacy
• The Cipher Block Chaining Message Authentication Code
component produces a MIC that provides data origin
authentication and data integrity for the packet payload data

155
Rijndael
Byte Sub
• The Rijndael algorithm can be used with
block sizes of 128, 192, or 256 bits
• Four major operations: Shift Row

Mix
Substitute bytes Shift rows
Column
Add
Round
Mix columns Add round key
Key

156
Other Symmetric Algorithms

• International Data Encryption Algorithm (IDEA) 128-bit key

64-bit blocks
• CAST-128 key length between 40 and 128 bits. 12 and 16 rounds
• SAFER uses 64-bit (SAFER-SK64) or 128-bit blocks (SAFER-SK128)
• Blowfish uses variable key sizes, from 32 up to 448 bits on 64-bit
blocks

157
Other Symmetric Algorithms (continued)

• Twofish can operate with keys of 128, 192, or 256 bits on blocks
of 128 bits
• RC4 commonly used stream-based cipher
• RC5/RC6 key size can vary from 0 to 2,040 bits; the number of
rounds 0 to 255

158
International Data Encryption Algorithm

(IDEA)
• IDEA uses a 128-bit key and operates on 64-bit blocks
• IDEA does eight rounds of transposition and substitution using
modular addition and multiplication and bitwise XOR

159
CAST

CAST-128 can use keys between 40 and 128 bits in length and will
do between 12 and 16 rounds of operation, depending on key
length

160
Secure and Fast Encryption Routine (SAFER)

• All of the algorithms in SAFER are patent-free

• The algorithms work on either 64-bit input blocks (SAFER-SK64)
or 128-bit blocks (SAFER-SK128)

161
Blowfish

• Extremely fast cipher and can be implemented in as little as 5K

of memory
• Operates with variable key sizes, from 32 up to 448 bits on 64-bit
input and output blocks

162
Twofish

• Was one of the finalists for the AES

• Can operate with keys of 128, 192, or 256 bits on blocks of 128
bits
• Performs 16 rounds during the encryption/decryption process

163
Rivest Cipher 5 (RC5)

• Very adaptable product useful for many applications

• The key for RC5 can vary from 0 to 2,040 bits
• The number of rounds it executes can be adjusted from 0 to 255
• The length of the input words can also be chosen from 16-, 32-,
and 64-bit lengths
• The algorithm operates on two words at a time in a fast and
secure manner

164
Rivest Cipher 4 (RC4)

• If RC4 is used with a key length of at least 128 bits, there are
currently no practical ways to attack it
• The published successful attacks against the use of RC4 in WEP
applications are related to problems with the implementation
of the algorithm, not the algorithm itself

165
Symmetric Algorithms

Strength Name Key Size Strength Name Key Size

Weak RC2-40 40 IDEA 128

DES 56 Blowfish 128

RC5-64/16/7 56 3DES 168

Medium RC5-64/16/10 80 Very Strong RC5-64/12/32 256

Skipjack 80 Twofish 256

Strong RC2-128 128 RC6 256

RC5-64/12/16 128 Rijndael 256

166
Advantages and Disadvantages of Symmetric

Algorithms
Advantages Disadvantages

• Fast • Key distribution is very difficult

• Secure • Not able to provide integrity,
• Confidentiality authenticity, non-repudiation of
origin, access control, and digital
signatures
• Require both sender and receiver
to share the same key
• Challenges with secure key
distribution
• Scalability
167
Out-of-Band Key Distribution

Out-of-Band Key Distribution

Cryptovariable
168
Asymmetric Algorithms

• Asymmetric algorithms:
o Based on the use of a pair of mathematically related keys
o Relies on hard mathematical problems and one-way functions
− A process that is much simpler to go in one direction (forward) than to
go in the other direction (backward or reverse engineering)
• The process to generate the public key (forward) is fairly simple
o To learn the private key from knowledge of the public key in
computationally infeasible

169
Asymmetric Algorithms (continued)
Factoring
• Given P and Q, it is easy to compute
P*Q
• Given the product N = P*Q, it is not
easy to compute P and Q
• Pick E (encrypt number)
• Compute D so that D*E = 1, MOD (P-
1)*(Q-1)
• E and N together are the public key,
and D and N are the private key
170
Discrete Logs
• Exponentiation is easy: if you have
G and X, it is easy to compute S = G
to the power of X
• Logarithms are hard: if you have S
and G, it is hard to find X such that
G to the power of X = S
• There are better attacks against
discrete logs than brute force
• Parameters have to be as large as
factoring (512, 1024, 2048 bits)
Using Public Key Cryptography to Send a

Confidential Message

171
Open Message

• When a message is encrypted with the private key of a sender,

it can be opened or read by anyone who possesses the
corresponding public key
• When a person needs to send a message and provide proof of
origin (non-repudiation), he can do so by encrypting it with his
own private key
• The recipient then has some guarantee that the message did
originate with the sender

172
Using Public Key Cryptography to Send a Message

with Proof of Origin

173
Confidential Messages with Proof of Origin

174
Rivest-Shamir-Adleman (RSA) Algorithm

• RSA is based on the mathematical challenge of factoring the

product of two large prime numbers
• Three primary attack approaches:

Mathematical
Brute force Timing attacks
attacks

175
Diffie-Hellman Algorithm

• Used to enable two users to exchange or negotiate a secret

symmetric key that will be used subsequently for message
encryption
• Does not provide for message confidentiality, but it is extremely
useful for applications such as TLS and IPSEC
• Based on discrete logarithms

176
ElGamal

• Included the ability to provide message confidentiality and

digital signature services
• Based on the same mathematical functions of discrete logs

177
Elliptic Curve Cryptography (ECC)

• The ability to use much shorter keys for ECC implementations

provides savings on computational power and bandwidth
• This makes ECC especially beneficial for implementation in
smart cards, wireless, and other similar application areas
• Elliptic curve algorithms provide confidentiality, digital
signatures, and message authentication services

178
Advantages and Disadvantages of Asymmetric Key

Algorithms
Advantages Disadvantages

Possible to send a message across an Mathematically intensive and,

untrusted medium in a secure manner therefore, becomes extremely slow
without the overhead of prior key compared with its symmetric
exchange or key material distribution counterpart
• Access control • Non-repudiation
• Confidentiality • Authenticity
• Integrity • No scalability
problem

179
Activity: Asymmetric Cryptography

1. What must the key holder do to allow for the transmission

of a confidential message?
2. Identify one or more advantages of asymmetric
cryptography.
3. Identify one or more disadvantages of asymmetric
cryptography.
4. Describe RSA.

180
Activity: Asymmetric Cryptography (continued)

ANSWERS

1. Keep their private key confidential.

2. It makes it possible to send a message across an untrusted
medium in a secure manner without the overhead of prior
key exchange or key material distribution.
3. Extremely slow
4. RSA is based on the mathematical challenge of factoring
the product of two large prime numbers.

181
Hybrid Cryptography and Cryptographic

Systems

182
Message Integrity Controls (MICs)

• MICs detect alterations

(whether intentional or
accidental) to a message
during transmission
• A MIC is a special value
that is calculated based
on the message contents
and added to the
message to be sent

183
Message Integrity Controls (MICs) (continued)

Accomplished through cryptographic functions that perform in

several manners, depending on the business needs and level
of trust between the parties and systems

184
Message Integrity Controls (MICs) (continued)

185
Message Digests

• A small representation of a larger message

• Used to ensure the authentication and integrity of information,
not the confidentiality

186
Message Authentication Code (MAC)

• A small block of data that is generated using a secret key and

then appended to the message
• When the message is received, the recipient can generate
his/her own MAC using the secret key and know the message
has not changed

187
Hash Message Authentication Code (HMAC)
• Hashed MACing implements a freely available hash algorithm as
a component (black box) within the HMAC implementation
• This allows ease of the replacement of the hashing module if a
new hash function becomes necessary

188
Hashing

Accepts an input message of any length and generates a fixed-

length output

189
Operation of Hash Functions

190
Five Key Properties of a Hash Function

Uniformly
Collision resistant Difficult to invert
distributed

Deterministic
Computed on (same input
entire message always produces
same digest)
191
MD5 Message Digest Algorithm
• The most widely used hashing algorithm and is described in RFC
1321 but no longer considered secure
• MD5 generates a 128-bit digest from a message of any length
• It processes the message in 512-bit blocks and does four rounds
of processing

192
Secure Hash Algorithm (SHA) and SHA-1

• SHA was developed by NIST.

• SHA-1 operates on 512-bit blocks and can handle any message
up to 264 bits in length.
• The output of SHA-1 is 160 bits in length – not considered good
practice. Recommended use of SHA-512.
• The processing includes four rounds of operations of 20 steps each.

193
Secure Hash Standard – SHA-3

The new hash algorithm is based on the KECCAK algorithm and will
be named SHA-3. It will be described in FIPS 202 (draft as of April
2015) and will augment the hash algorithms currently specified in
FIPS 180-4, the Secure Hash Standard.

194
Other Hash Algorithms
• HAVAL – variable length output
• RIPEMD-160 – European Standard
• The output may be 128, 160, 192, 224, or 256 bits, and the
number of rounds may vary from three to five
• HAVAL operates 60% faster than MD5 when only three rounds are
used and is just as fast as MD5 when it does five rounds of
operation

195
The Birthday Paradox/Birthday Attack
• Once there are more than 23 people together, there is a greater
than 50% probability that two of them share the same birthday
• The likelihood of finding a collision for two messages and their
hash values may be a lot easier than may have been believed
• It would be very similar to the statistics of finding two people
with the same birthday
• Rainbow table uses this predictability against hashing systems

196
Digital Signatures – Non-Repudiation

• Provides assurance that the message comes from the person

who claims to have sent it
• Has not been altered, both parties have a copy of the same
document
• The sender cannot claim that he/she did not send it
• Digital Signature Standard (DSS)
o A digital signature is based on a public key (asymmetric) algorithm

o Does not provide for confidentiality of the message through

encryption and is not used for key exchange
197
Digital Signatures

198
Uses of Digital Signatures
• A digital certificate is an electronic document that asserts
authenticity and data integrity that is tied to a sender
• Digital signatures are used to sign emails, ecommerce transactions,
software and software patches, and digital certificates
• Many governments and courts recognize digital signatures as a
verifiable form of authentication

199
Combine Everything

200
Applying Cryptography and Key Management

201
Cryptographic Lifecycle
A cryptographic function is “broken” when one of the following
conditions is met:
For a Hashing Function:
• Collisions or hashes can be reliably
reproduced in an economically feasible
fashion without the original source
• When an implementation of a hashing
function allows a side channel attack
202
For an Encryption System:
• A cipher is decoded without access
to the key in an economically
feasible fashion
• When an implementation of an
encryption system allows
unauthorized disclosure or
alteration of information
• Private key has been compromised
Algorithm/Protocol Governance
Cryptography policies, standards, and procedures should
minimally address:
• Approved cryptographic algorithms and key sizes
• Transition plans for weakened or compromised algorithms and
keys
• Procedures for the use of cryptographic
• Key generation, escrow, and secure destruction
• Incident reporting

203
Issues Surrounding Cryptography
• As part of risk analysis, it is important to understand how
cryptography can be misused so that appropriate security
mitigation can be applied
• Cryptographic protection is implemented for preventing software
and media piracy or corruption of software (digitally signed
software and software patches)
• Digital rights management systems (DRMS) require a design and
governance to protect intellectual property and individual
privacy while ensuring an individual’s fair use of the intellectual
property

204
International Export Controls
• Most countries regulate the use of cryptographic tools used by
their citizens
• Most laws that control the use of cryptography are based on key
length
• Dual use good (can be used for both commercial and military
purposes)
• This is because key length is one of the most understandable
methods of gauging the strength of a cryptosystem

205
Public Key Infrastructure (PKI)
• A set of system, software, and communication protocols required
to use, manage, and control public key cryptography
• It has core primary purposes:
o Publish public keys/certificates
o Certify that a key is tied to an individual or entity
o Provide verification of the validity of a public key
o Provide services such as confidentiality, integrity, authenticity,
non-repudiation and access control

206
Certification/Certificate Authority (CA)

• Binds entities to their public keys

• “Signs” an entity’s digital certificate to certify that the certificate
content accurately represents the certificate owner

207
X-509 Certificate

208
Certificate Revocation

• Certificate revocation is required if private key has been

compromised
• Provides updates on non-valid certificates, in other words, tells
certificate holders not to use public key

209
Key Management and Key Management

Practices

Key generation Key distribution Key change

Key disposition Key recovery Key storage

210
Key Recovery

Split Knowledge
Dual Control
Specific information
Key Escrow
Two or more known only to one
people required individual that must Storing key with a
working in be combined with trusted party
cooperation knowledge held by
another individual

211
Creation of Keys

Automated key
Truly random
generation

Asymmetric key
Random
length

212
Key Wrapping and Key Encrypting Keys (KEKs)
• KEKs are used as part of key distribution or key exchange
• The process of using a KEK to protect session keys is called key
wrapping
• Key wrapping uses symmetric ciphers to securely encrypt a
plaintext key with associated integrity information and data

213
Key Distribution

• Keys can be distributed in a number of ways

• Example:
o Out-of-band key exchange
o Key wrapping

214
Key Storage and Destruction

Methods for protecting stored keying material include:

• Trusted, tamperproof hardware security modules
• Passphrase protected smart cards
• Key wrapping the session keys using long-term storage KEKs
• Splitting cipher keys and storing in physically separate storage
locations
• Protecting keys using strong passwords/passphrases, key expiry,
and the like
• At the end of lifecycle of keys, they must be securely destroyed

215
Cryptanalysis – Methods of Cryptanalytic Attacks

216
Activity: Cryptanalytic Attacks

INSTRUCTIONS
As we discuss each of the attacks, complete the table.

217
 Brute Force Attacks
Key Size Possible Key Size Time to Crack
If you assume:
combinations 56-bit 399 seconds • Every person on the planet
1-bit 2 128-bit 1.02 x 1018 years owns 10 computers.
2-bit 4 192-bit 1.872 x 1037 years
• There are 7 billion people on
4-bit 16 256-bit 3.31 x 1056 years
8-bit 256
the planet.
16-bit 65536 • Each of these computers can
32-bit 4.2 x 109 test 1 billion key
56-bit (DES) 7.2 x 1016 combinations per second.
64-bit 1.8 x 1019
128-bit (AES) 3.4 x 1038
• On average, you can crack
192-bit (AES) 6.2 x 1057 the key after testing 50% of
256-bit (AES) 1.1 x 1077 the possibilities.
Supercomputer: No. of combination checks per second = Then the earth's population
(10.51 x 1015) / 1000 = 10.51 x 1012 can crack one encryption key in
https://www.eetimes.com/document.asp?doc_id=1279619 77,000,000,000,000,000,000,00
0,000 years!
218
Ciphertext-only Attack
• One of the most difficult because the attacker has so little
information to start with
• All the attacker starts with is some unintelligible data that he
suspects may be an important encrypted message
• The attack becomes simpler when the attacker is able to gather
several pieces of ciphertext and thereby look for trends or
statistical data that would help in the attack

219
Known Plaintext

• The attacker has access to the ciphertext and the plaintext

versions of the same message
• The goal of this type of attack is to find the cryptographic key
that was used to encrypt the message
• Once the key has been found, the attacker would then be able to
decrypt all messages that had been encrypted using that key

220
Chosen Plaintext
• The attacker knows the algorithm used for the encrypting or has
access to the machine used to do the encryption and is trying to
determine the key
• This may happen if a workstation used for encrypting messages is
left unattended
• The attacker can run chosen pieces of plaintext through the
algorithm

221
Chosen Ciphertext
• Similar to the chosen plaintext attack in that the attacker has
access to the decryption device or software and is attempting to
defeat the cryptographic protection by decrypting chosen pieces

of ciphertext to discover the key

o Sometimes called the lunchtime attack
• An adaptive chosen ciphertext would be the same, except that
the attacker can modify the ciphertext prior to putting it
through the algorithm
o Sometimes called the midnight attack

222
Linear and Differential Cryptanalysis

• Linear cryptanalysis is a known plaintext attack that requires

access to large amounts of plaintext and ciphertext pairs
encrypted with an unknown key
• It focuses on statistical analysis against one round of decryption on
large amounts of ciphertext
• Differential cryptanalysis is a chosen plaintext attack that seeks
to discover a relationship between ciphertexts produced by two
related plaintexts
• It focuses on statistical analysis of two inputs and two outputs of a
cryptographic algorithm

223
Implementation Attacks

Some of the most common and popular attacks against

cryptographic systems due to problems with their implementation
ease and reliance on system elements outside of the algorithm
such as random number generators.

224
Replay Attack

• Disrupts and damages processing by the attacker by resending

repeated files to the host
• If there are no checks such as time-stamping, use of one-time
tokens or sequence verification codes in the receiving software,
the system might process duplicate files

225
Birthday Attack

The point of the birthday attack is that it is easier to find two

messages that hash to the same message digest than to match a
specific message and its specific message digest.

226
Factoring Attack

Because RSA uses the product of large prime numbers to generate

the public and private keys, this attack attempts to find the keys
through solving the factoring of these numbers.

227
Attacking the Random Number Generators

• This attack was successful against the SSL installed in Netscape

several years ago
• Because the random number generator was too predictable, it
gave the attackers the ability to guess the random numbers
• Short Initialization Vectors led to compromise of WEP since the
IV was not random enough

228
Other Cryptographic Attacks

Power
Algebraic Timing
analysis

Frequency Statistical Social

analysis analysis engineering

Dictionary Rainbow
Brute force
attacks tables

229
Accessing Temporary Files

• Most cryptosystems will use temporary files to perform their

calculations
• If not deleted and overwritten, they may be compromised and
lead an attacker to the message in plaintext

230
Social Engineering for Key Discovery

• Through coercion, bribery, or befriending people in positions of

responsibility, spies gain access to systems without having any
technical expertise
• This is the most common type of attack and usually the most
successful

231
Module 7
Physical Security

232
Module Objectives

1. Apply security principles to site and facility design.

2. Implement and manage physical security controls.
3. Implement and manage physical controls in wiring closets and
intermediate distribution facilities.
4. Implement and manage physical controls in server rooms and data
centers.
5. Implement and manage physical controls in media storage facilities.
6. Implement and manage physical controls for evidence storage.
7. Implement and manage physical controls in restricted areas.

233
Module Objectives (continued)

8. Implement and manage physical controls in work areas.

9. Implement and manage environmental controls for utilities
and power.
10. Implement and manage controls for heating, ventilation,
and air conditioning (HVAC).
11. Implement and manage environmental controls.
12. Implement and manage environmental controls for fire
prevention, detection, and suppression.

234
Physical Security
• Physical security plans and infrastructure are often designed,
implemented, and operated by physical security specialists
• Physical security infrastructure is typically controlled outside
of IT or IT security control
• The CISSP MUST understand physical security fundamentals
in order to:
o Assess the risk reduction value of physical security controls
o Communicate physical security needs to physical security managers
o Identify risks to Information Security due to physical security
weaknesses

235
Apply Security Principles to Site and Facility Design

• Physical design should support confidentiality, integrity, and

availability of information systems
• Physical design must consider human safety and external factors
as well

236
Physical Design that Supports Confidentiality, Integrity, and
Availability (CIA)

• Physical design protects information systems from unauthorized

access
• Provides for auditing or observation of sensitive physical access
• Includes identification of subjects in sensitive areas
• Ensures robust services (e.g., power, cooling) to information
systems

237
Physical Design that Supports Human Safety
• Emergency alarms (audible, visible)
• Egress routes
• Safety equipment
• Emergency power or equipment shutoffs
• Equipment lockouts

238
Site and Facility Design Considerations
• Personnel policy and procedure • Parking and site security
• Personnel screening • Site and building access control
• Workplace violence prevention • Video surveillance
• Response protocols and training • Internal access control
• Mail screening • Infrastructure protection
• Shipping and receiving • Onsite redundancy
• Property ID and tracking • Structural protections

239
Implement and Manage Physical Security
• Conduct a physical risk assessment (Domain 1)
o Human action, natural disaster, industrial accident, equipment
failure, etc.
• Develop layered physical protections commensurate with the
risk assessment
o E.g., Embassy level protections vs a small remote office
• Physical risk controls will impact information system design
o E.g., weak physical controls may necessitate more complex
information system protections to compensate
• Physical protections require monitoring and auditing

240
Perimeter Security Controls
• Surrounding Areas:
o Roadways
o Waterways
o Geography
o Lines of sight
• Consider:
o Facility visibility from roads
o Potential for vehicle borne threats
o Vehicular and pedestrian access
point locations
o Fencing, perimeter landscaping (natural fence)

241
Perimeter Security Controls (continued)
• Site Entry/Exit points:
o Vehicular
− Public/customer/visitor
− Staff/employee
− Delivery/truck
o Pedestrian
• Consider:
o Access controls
o Surveillance
o Lighting
o Intrusion detection
o Barriers/traffic control
242
Perimeter Security Controls (continued)
• External Facilities:
o Parking structures/lots
o Utilities components
− Electric transformers/lines
− Telecommunications
o Landscaping
• Consider:
o Lighting
o Surveillance
o Intrusion detection
o Lines of sight

243
Perimeter Security Controls (continued)
• Operational Facilities:
o Where employees work
o Where information technology operates
• Consider:
o Exterior lighting and surveillance
o Building materials
− Doors, locks, windows, walls
o Entry/exit points and access controls
− Staff/employee entrance
− Public/customer entrance
− Delivery entrance
− Sensors/intrusion detection
244
Perimeter Security Controls—Typical Control

Types
• Lighting • Surveillance/camera
o Bright enough to cover target o Narrow focus for critical
areas areas
o Limits shadow areas o Wide focus for large areas
o Sufficient for operation of o IR/low light in unlit areas
cameras, must be coordinated o Monitored and/or recorded
with camera plan o Dummy cameras

245
Perimeter Security Controls—Typical Control

Types (continued)
• Intrusion detection • Fencing/security landscaping
o Cut/break sensors o Slows and deters
o Sound/audio sensors o Should not impede monitoring
o Motion sensors
• Barriers
o Fixed barriers to prevent
ramming
o Fixed barriers to slow speeds
o Deployable barriers to block
access ways

246
Perimeter Security Controls—Typical Control
Types (continued)
• Building material security
examples:
o High-security glass
o Steel/composite doors
o Steel telecommunications conduit
o Secure walls
o True floor to ceiling walls (wall
continues above drop ceiling)
o Anchored framing material
o Solid walls/in-wall barriers
247
• Lock security examples:
o Available in varying grades
o Physical key locks
o Mechanical combination locks
o Electronic combination locks
o Biometric locks
o Magnetic locks
o Magnetic strip card locks
o Proximity card locks
o Multifactor locks (e.g., card + pin)
Internal Security Controls
• Controls for human safety
o Visible and audible alarms, fire suppression, response plans/training,
emergency shutoffs
• Controls to manage access
o Door locks (e.g., magnetic, card key, mechanical key, combination lock)
o Access point security (e.g., mantraps, limited ingress, alarmed
emergency egress)
o Multifactor access (e.g., key card + pin for room entry)
• Internal monitoring
o Physical access control system/monitor (e.g., records key card use)
o Video surveillance/cameras
o RF monitoring
248
Implement Site and Facility Security Controls
• Wiring closets/intermediate distribution facilities
• Server rooms/data centers
• Media storage facilities
• Evidence storage
• Restricted area security
• Utilities
• Heating, ventilation, and air conditioning (HVAC)
• Fire prevention, detection, and suppression
• Environmental issues

249
Wiring Closets/Intermediate Distribution Facilities

—Components
• Entrance facility
o External communications enter facility
o Phone, network, special connections
o May house ISP/provider equipment
• Equipment room
o Primary communication hub for facility
o Houses wiring/switch components
o May be combined with entrance facility
• Backbone distribution
o Connects entrance facility, equipment room, and
telecommunication room(s)

250
Wiring Closets/Intermediate Distribution Facilities

—Components (continued)
• Telecommunications room (wiring closet)
o Serves a particular area of a facility
− Floor, section, wing, etc.
o Terminates local wiring into patch panels
o Backbone distribution is broken out to individual connections
(e.g., switch)
• Horizontal distribution system
o Cables, patch panels, jumpers, cable

251
Wiring Closets/Intermediate Distribution Facilities
—Protections
Security Protections
• Rooms must be secured against
unauthorized access
• Access to rooms should be
monitored/recorded
• Secondary locks on equipment/racks
o Rooms may share space with non-IT
equipment and require access by
non-IT staff
• Conduit or tamper protections for
wiring
252
Environmental Protections
• Protection from lightning/surge
• Backup power/UPS
• Heating/cooling/air flow
o Critical in enclosed spaces
• Appropriate fire detection/suppression
• Emergency shutoffs for high-power
connections
o May not be necessary in all closets
Server Rooms/Data Centers
• Similar security and environmental protections to wiring closets
• Access point security and access monitoring is a critical concern
o Rack or equipment level locking for shared spaces
o Especially in shared spaces
• Power/surge/uninterruptible power supply (UPS) equipment is tailored to
the operating equipment
o Human safety becomes an issue with power levels in most server rooms
o Emergency shutoffs and non-conductive hooks/gloves are important for
human safety
• Appropriate fire detection/suppression must be considered (e.g., sprinkler
is inappropriate for electrical fires)
• Typically maintained at a higher level of physical security than the rest of
the facility
253
Media Storage Facilities
• Media may be stored onsite and offsite from the main facility
• Offsite storage should duplicate critical media
• Access control is strictly limited and monitored (often limited to
archivists)
• Temperature/humidity should be consistent with media storage
requirements
o As media types evolve, this must be continually reassessed
• Fire protection at both room and container levels

254
Evidence Storage
• Access strictly limited and monitored
• Individual lockers/secure containers for investigations/investigators
• Tamper evident seals available for evidence bags/containers
• Maintaining chain of custody is critical to prove evidence has not
been modified or tampering has not occurred
• Evidence protected against damage/theft
• Environmental protections should be commensurate with evidence
types stored (e.g., paper, digital, media)

255
Restricted Area Security
• Includes secure facilities and classified workspaces
• Extremely high access control protections and logging of access
• May include audio protections against eavesdropping
• May include enhanced visual screening from exterior spaces
• May include protection against the detection of electromagnetic
emissions from equipment

256
Utilities
• Power • Telecommunications
o Redundant power input from utilities o Multiple service provider inputs
o Redundant transformers/power o Redundant communication
delivery channels/mechanisms
o Backup generators o Redundancy on key equipment
o Battery backups (eliminate single points of failure)
o Dual power infrastructure within • Water/Sewer
data centers o Cooling/human habitation
o Backup sources must be o Risk of leaks/damage to
tested/exercised equipment
o Backup sources must be sized o Supports most building-wide fire
appropriately and upgraded when suppression plans
load increases
257
Utilities-Safety
• Generators, battery backups, and data center power feeds may
carry very high electrical loads that are inherently dangerous
• Emergency power shutoffs in high-load areas:
o Safeguard human life in case of electrocution (big red button)
o Safeguard equipment in case of overload (automated shutoff)
o Safeguard humans and equipment in emergencies
− Flooding/sprinkler activation
• High load areas should provide access to nonconductive
gloves/equipment and push/pull rods in case of emergency

258
Heating, Ventilation, and Air Conditioning
(HVAC)
• High-density equipment requires adequate cooling and airflow
• Cooling must be designed match the equipment/space to be cooled
• High-capacity rooms (e.g., operations center) must have sufficient
airflow for the number of human occupants (CO2 danger)
• Air should be filtered for contaminants (natural or intentionally
introduced)

259
Fire Prevention and Detection

• Human training and awareness is critical to prevention

• Sensors (IR, temperature, smoke) can detect conditions leading
up to a fire as well as fire initiation.
o Smoke detectors include optical (photoelectric) and physical process
(ionization)
o Fire detectors include infrared and ultraviolet detectors

260
Fire Suppression
• Buildings should be equipped with one or more types of fire
suppression systems than include installed and handheld
• Handheld extinguishers are typically chemical agent based with
either wet or dry chemicals
• Two main types of installed suppression systems: water-based
and gas-based

261
Fire Suppression (continued)
Water-based
• Effective for common material
fires (e.g., wood, paper,
building materials)
• Safe for human spaces
• Damages equipment
• Ineffective for electrical or
petroleum fires
• Typically cheaper than gas-
based
262
Gas-based
• Effective for any fire type
• Typically safe for equipment
• May be dangerous to humans
in enclosed spaces (depending
on type)
• Costly to install and maintain
compared to water-based
Fire Suppression (continued)
Water-based system types:
• Wet pipe • Pre-action
o Most common, water in pipes, o Combines wet and dry pipe
heat activated sprinkler heads actions
• Dry pipe • Deluge
o Pressurized gas in pipes, water o Pre-action but with open
released when activated, slight sprinkler heads
delay, less danger of pipe
leaks/freezing

263
Fire Suppression (continued)
Gas system examples:
• Hydrofluorocarbon
o Halon (older type—mostly gone)
o FM-200
• Inert gas (e.g., Argon/Nitrogen)
o Argonite
o Inergen
• Aerosol
o Aero-K

264
Environmental Issues

Hurricane Forest/wildfire Flooding

Tornado Earthquake Mudslide

265
Module 9
Domain Review

266
Domain Summary
• Application of security engineering and architecture principles
is a key element to any system lifecycle.
• Security models are used as templates for system security
behavior and design.
• Security control frameworks are employed to ensure consistent
and complete application of security functions across an
environment.
• Various types of systems have inherent security strengths
and weaknesses that must be understood to ensure they are
properly employed.

267
Domain Summary (continued)
• The history of cryptography is very long, but over the last
50 years or so, cryptography has become an integral and
necessary part of security implementations.
• Cryptography can be very effective in providing some key
security services such as confidentiality, integrity,
authenticity (proof of origin), non-repudiation, and access
control.
• There are basic fundamental ways to do cryptography,
stream and block ciphers.
• Symmetric key cryptography is very fast, but has problems
related to key distribution and scalability.
268
Domain Summary (continued)
• Asymmetric key cryptography is very slow but solves the
problems related to key distribution and scalability.
• Hashing, which is defined as one-way encryption, can be very
useful in addressing integrity of stored and transmitted
information.
• Digital signatures can achieve non-repudiation of origin and
non-repudiation of delivery.
• Key management, and key management techniques are the
most important aspects of secure cryptography
implementations.

269
Domain Summary (continued)
• There are many cryptanalysis attacks that try and break
cryptography systems.
• Physical security is an important element to ensure information
systems are protected.

270
Domain Review Questions
1. Requirements definition, design, implementation, and operation
are examples of what type of System and Security Engineering
processes?

A. Technology processes
B. Acquisition processes
C. Design processes
D. Technical processes

271
Answer

The correct answer is D.

A is incorrect terminology. B and C are specific processes,

not types of processes.

272
Domain Review Questions

2. One security model includes a set of rules that can dynamically

restrict access to information based upon information that a
subject has already accessed in order to prevent any potential
conflict of interest. This model is known as the:

A. Biba model
B. Brewer/Nash model
C. Graham–Denning model
D. Harrison, Ruzzo, Ullman model

273
Answer

The correct answer is B.

A, C, and D are models that describe an information system’s rules

for operation, but those rules are applied universally. The
Brewer/Nash model is the only model that explicitly addressed
conflicts of interest.

274
Domain Review Questions

3. Select the best answer. Inheritable or “common” security controls

are characterized as:

A. Controls that are passed down from older systems to new

systems through code sharing
B. Introduces unacceptable risk in most systems
C. Controls that are never assessed in an operational environment
D. Controls that are provided from one system to another in an
operational environment

275
Answer

The correct answer is D.

D is the correct definition of the term. A, B, and C are not types of

controls. All controls must be assessed whether inherited or not,
and while inheritable controls may introduce risk if not operating
properly, they do not generally introduce unacceptable risk, which
makes D a better answer

276
Domain Review Questions

4. Three common types of industrial control systems include:

A. Supervisory control and data acquisition, distributed control

systems, programmable logic controllers
B. Supervisory control and data anonymization, distributed control
systems, programmable logic capability
C. Supervisory control and data anonymization, distributed chip
systems, programmable logic controllers
D. Supervisory control and data acquisition, distributed chip
systems, programmable logic capability

277
Answer

The correct answer is A.

Items B, C, and D include incorrect terminology.

278
Domain Review Questions

5. The four most common types of sprinkler systems are:

A. Soaking, wet pipe, dry pipe, and pre-action

B. Wet pipe, dry pipe, deluge, and pre-action
C. Wet pipe, dry pipe, soaking, and hybrid
D. Dry pipe, soaking, deluge, and hybrid

279
Answer

The correct answer is B.

Items A, C, and D each contain at least one incorrect element.

280
Domain Review Questions

6. The key used in a cryptographic operation is also called:

A. Cryptovariable
B. Cryptosequence
C. Cryptoform
D. Cryptolock

281
Answer

The correct answer is A.

The cryptovariable is the correct definition used by cryptologists

to describe the key in a cryptography system.

282
Domain Review Questions

7. Most cryptographic algorithms operate either in block mode or:

A. Cipher mode
B. Logical mode
C. Stream mode
D. Decryption mode

283
Answer

The correct answer is C.

All ciphers either operate on stream mode, one bit at a time,

or block mode, several bits at a time.

284
Domain Review Questions

8. Which of the following is NOT one of the primary objectives

of cryptography?

A. Non-repudiation
B. Authenticity
C. Data integrity
D. Authorization

285
Answer

The correct answer is D.

The five services that cryptography can provide are confidentiality,

integrity, authenticity, non-repudiation, and access control.
Authorization, therefore, is not a service that cryptography
can achieve.

286
Domain Review Questions

9. Another name for symmetric key cryptography is?

A. Shared
B. Public
C. Key clustering
D. Elliptic curve

287
Answer

The correct answer is A.

Symmetric, which means “the same,” implies that a shared key

is required by the sender and the receiver in order to be able to
encrypt and decrypt a message or data.

288
Domain Review Questions

10. How many keys would need to be managed for an asymmetric

key system such as RSA with 500 users (N)?

A. Nx2
B. N (N-1)/2
C. 2 to the power of N
D. N to the power of 2

289
Answer

The correct answer is A.

Asymmetric key cryptography algorithms require users to have

their private and public key pairs, two keys each. For 500 users,
each having a key pair, the answer is 1,000, or Nx2.

290