Cyber Security Foundations

• Personal information
• Business information
• Financial information

• Intellectual property

  • Copyright
  • Trademarks
  • Patents
  • Trade secrets
• System information

• In storage

  • Data that is stored on a server or in a database short-term or long-term.

• In transit

  • Data that is currently being transported from one place to another.

• In use

  • Data that is currently being processed by a service or another entity.

• Software
• Hardware
• Data
• People
• Procedures
• Networks

• Obtaining perfect information security is impossible.
• Security needs to protect the system without slowing people down.

• Too much security can lead to workarounds.

  • Example: If strong passwords are enforced, people might start writing them down on sticky notes.
• Too much convenience exposes the system to unnecessary risks.

• It’s all about finding that sweet spot between security and usability.

  • Example Solution: Employees must use multi-factor authentication. This way, they are free to use a less secure password without compromising the overall security.
• An even better, continuously review policies and involve users to find the best solution.

The CIA triad is a foundational information-security model stating that systems should protect:

• Confidentiality - Keeping information secret
• Integrity - Keeping information correct and unaltered
• Availability - Ensuring information and systems remain accessible

Example of security controls through which non-repudiation can be established: Digital certificates, session identifiers, transaction logs, etc.

• Ensures that the subject of an activity or who caused an event cannot deny having performed an action or cannot deny that the event occurred.
• Non-Repudiation prevents a subject from claiming not to have sent a message, not to have performed an action, or not to have been the cause of an event.

• Being responsible or obligated for actions and results.
• Non-Repudiation is an essential part of accountability. A suspect cannot be held accountable if they can repudiate the claim against them.

A structured model developed by Microsoft used in cybersecurity to identify and categorize threats to systems by looking at how they can be attacked.

The psychological manipulation of individuals to trick them into revealing confidential information or performing actions that can compromise security.

Attacks involving malicious code or malware designed to damage systems, steal sensitive data, or gain unauthorized access to systems or services.

Attacks aims at making a system or service unavailable by overwhelming it with excessive traffic or requests.

Exploits vulnerabilities in web applications to steal data, manipulate content, or gain unauthorized access.

Attacks that attempt to bypass or compromise login systems to gain unauthorized access to a system or service.

Threats or attacks that affect the physical infrastructure supporting information systems, usually bypassing technical controls overall.

The system by which an organization directs and controls its information security strategy to ensure that it supports business objectives, manages risk appropriately, and complies with legal and other regulatory requirements.

Strategic Direction

• Defining security objectives aligned with business goals.

Leadership and Accountability

• Having clear roles and responsibilities for security decisions.

Risk Management

• Defining risks and ensuring they are identified and addressed appropriately.

Regulatory Compliance

• Ensuring adherence to laws and regulations (e.g. NIS2, HIPAA, CRA)

A structured framework used to systematically manage and protect an organization’s assets through various policies, processes and controls

Security governance defines what an organization wants to achieve. An ISMS defines how the organization wants to manage it.

Enterprise Information Security Policy (EISP)

• The information security policy that sets the strategic direction and scope for all an organization’s security efforts.

Risk Management Process

• Definition of processes to identify assets, analyze threats and evaluate risk.

Security Awareness and Training

• Educational programs to ensure employees understand their security responsibilities.

Monitoring, Measurement and Audits

• Ongoing evaluation of control effectiveness and ISMS performance.

A high-level, management-approved rule that defines mandatory organizational behavior and translates external laws and regulations into enforceable internal requirements.

What does a policy do? Establishes authority, accountability, and responsibilities for protecting information assets. Provides the foundation for standards, procedures and guidelines.

Who is responsible for policies? Policies are created and approved by senior management, ensuring organizational commitment. Management is responsible for enforcement while employees and users are responsible for compliance.

How is a policy enforced? By clearly communicating it to all relevant parties, integrating it into standards and procedures, monitoring compliance through audits and oversight, and applying defined disciplinary measures when violations occur.

Cyber Resilience Act (EU)

• Requires secure-by-design digital products and vulnerability management (starting December 2027).

Health Insurance Portability and Accountability Act (U.S.)

• Requires administrative, technical, and physical safeguards for protecting patient health data from disclosure.

NIS2 Directive (EU)

• Mandates cybersecurity risk management and incident reporting for critical and important entities.

Local Laws

• Many regions have their own data protection or breach notification laws in additional to national or EU regulations.

1. Development

   • Policies must align with organizational goals, business risks and legal requirements.

2. Distribution

   • Policies must be distributed to all affected entities in a timely manner.

3. Comprehension

   • Policies must be readable for, available to and read by all affected entities.

4. Compliance

   • Policies must be formally agreed to by act or affirmation.

5. Enforcement

   • Policies must be uniformly applied to all affected entities.

6. Review

   • Policies must be reviewed regularly in a changing environment.

The high-level information security policy that sets the strategic direction, scope and tone for all an organization’s security efforts and policies.

• Guidance for the development, implementation and management of the security program.
• Sets the requirements that must be met by the information security blueprint.
• Defines the purpose, scope, constraints and applicability of the security program.
• Assigns responsibilities for the various areas of information security.
• Addresses legal compliance.

Although the content of EISP documents varies among organizations, most EISP documents should include the following elements.

• Statement of Purpose

  • Statement of intent that defines the scope, objectives, and purpose of the enterprise information security policy and establishes its role as the foundation for all supporting security documents.

• Information Security Elements

  • Definition of information security that outlines the core principles and concepts, including confidentiality, integrity, and availability, guiding the organization’s security efforts.

• Need for Information Security

  • Definition of the importance of information security within an organization and its legal and ethical responsibility to protect information about customers, employees, and markets.

• Information Security Responsibilities and Roles

  • Description of the organizational structure that supports information security, including defined roles and responsibilities for management, employees, and users, as well as responsibility for maintaining the policy itself.

An organizational policy that provides detailed, targeted guidance to instruct members of an organization in the use of a specific resource.

• Supports the EISP by translating it into an issue-specific guidance.
• Establishes rules for access, monitoring, and protection of the resource.
• Defines acceptable and unacceptable use of the specified technology or resource.
• Assigns responsibilities and accountability to users, administrators, and management.

The process of identifying assets, threats, and vulnerabilities, and evaluating the likelihood and impact of potential adverse events to determine the level of risk.

The process of assigning every asset to a class based on their value, sensitivity and impact if compromised

A potential event, actor, or action that could exploit a vulnerability and cause harm to an asset.

Examples: Power outage, insider threat, vishing attack

Measures to reduce risk by detecting, preventing, responding to, or mitigating threats to organizational assets.

Ensures that critical business functions can continue during and after incidents or disruptions such as cyberattacks, system failures, or physical incidents.

Even with strong security controls in place, incidents can and will still occur at some point. BCM prepares the organization to operate and recover during these times.

• Maintain critical operations during incidents.
  e.g., backups, redundant services, manual processing, etc.
• Minimize downtime and financial impact.
  e.g., fast system restore, emergency support contracts, incident response team, etc.
• Protect people, assets and reputation
  e.g., evacuation plans, fire suppression systems, customer notification processes, etc.
• Enable fast and structured recovery
  e.g., disaster recovery playbooks, tested backup restoration, post-incident review processes, etc.

A coordinated program designed to ensure that all members of an organization understand their security responsibilities and have the knowledge and skills to protect information assets.

The process of comparing an organization’s current security posture with a required or desired target to identify missing or insufficient controls.

• Risk Analysis: What could go wrong?
• Gap Analysis: Where are we non-compliant or under-protected?

A structured set of principles, processes, and controls that organizations use to manage risks and protect their information systems, assets, and operations.

A set of standards for ISMS, helping organizations systematically protect information assets using a risk-based approach.

A risk-based guideline that helps organizations to structure, manage, and improve their cybersecurity activities across the full lifecycle of prevention, detection, and response.

• It’s organized into five core functions; Identify, Protect, Detect, Respond, Recover.
• Provides categories and subcategories of cybersecurity outcomes and controls.
• Includes implementation tiers to assess cybersecurity maturity.
• Is very flexible and adaptable to any organization or business sector.
• Not certifiable, primarily used as guidance and best practice.

A potential weakness in an asset or its defensive control system. Can be known or unknown.

Examples:

• Software vulnerabilities (Bugs, design flaws, …).
• Human vulnerabilities (sharing passwords, …).

A potential malicious action, or event that aims to damage, or steal unauthorized access to assets. A threat exploits system vulnerabilities.

• Threat: What?
• Threat Actor: Who?
• Threat Vector: How?

The path, method, or delivery mechanism that a threat uses to reach an asset and exploit a vulnerability.

Types:

• Software Vectors (Bugs, Virus, …)
• Network Vectors (Bluetooth, Open Ports, Remote Network, …)
• Lure-Based Vectors (Drop Attacks with USB Sticks, Trojans, …)
• Message-Based Vectors (SMS, Email, IM, Web and Social Media, …)
• Supply Chain Vectors (Updates, Libraries, …)

The sum of vulnerabilities, pathways, or methods (Threat vectors) that hackers can use to gain unauthorized access to the network or sensitive data, or to carry out a cyberattack.

The probability of an unwanted occurrence, such as an undesirable event or loss.

• The definition of risk implies threats and vulnerabilities: A risk is only here if we have an existing vulnerability, threat, and threat vector!
• Risk = Vulnerability (Value & Exposure) + Threat (Threat Actor & Threat vector)

At what cost are we willing to accept what risk? The answer to that question gives us risk management.

The process of identifying, assessing, prioritizing and mitigating threats to an asset from an organisation.

Risk management framework

Structure of the strategic planning and design of the entirety of the risk management efforts (planning).

Risk management process

Implementation, analysis, evaluation of the risk management framework (doing).

1. Executive Governance & Support: Support from management and users.
2. Framework Design: Defining the methods and risk appetite strategy.
3. Framework Implementation: Rollout of the plan (through →RM process).
4. Monitoring & Review: How effective is the entire system?
5. Continuous Improvement: Continuous adaption to new , or existing threats.

Defining the methods and risk appetite strategy

Framework Implementation starts after:

• The RM framework and process is finished designing.
• The structure of the RM process & framework is defined.

The methodologies are dependent on the risk appetite:

• Direct rollout
• Pilot-test
• Phased approach

• How successful was the framework in the last cycle?

  • Designing
  • Implementing
• What issues require adjustments to the plan?

Risk assessment: The identification, analysis, and evaluation of risk as initial parts of risk management.

Risk treatment & Risk Owner: The application of safeguards or controls to reduce the risks to an organization’s information assets to an acceptable level.

1. Risk identification: Where and what is the risk?
2. Risk analysis: How severe is the current level of risk?
3. Risk evaluation: Is the current level of risk acceptable?
4. Risk treatment: What do I need to do to bring the risk to an acceptable level?

The recognition, enumeration, and documentation of risks to an organization’s information assets.

Where and what is the risk?

• What are the assets of the organisation? (Internal Asset Register, Weighted Asset Table)

  • Data, Software, Hardware, Networks, Employees, procedures, …

• What are the threats of the organisation? ( ATT&CK is a globally-accessible knowledge base).

  • Human error, Attacks from hackers, forces of nature, day zero attacks …

• What are the vulnerabilities? ( CVE and CVSS helps with that question).

  • Lack of training, known bugs in the system, day zero exploit
• Precision is key: If THIS then THAT, because OF …

• A Common Vulnerabilities and Exposures (CVE) is an industry-wide standard identification number for vulnerabilities.

• The Common Vulnerability Scoring System (CVSS) uses the CIA triad principles within the metrics used to calculate the CVVS base score and assigns severity scores to a vulnerability

A determination of the extent to which an organization’s information assets are exposed to risk.

Identify the severity of every identified threat and vulnerability.

• What is the probability of an attack?

• What would be the impact of an attack?

  • Quantitative risk analysis assigns real dollar figures to the loss of an asset.
  • Qualitative risk analysis assigns subjective and intangible values to the loss of an asset.
• Existing Security Controls shall be considered

1. Assign Asset Value (AV)
2. Calculate Exposure Factor (EF)
3. Calculate single loss expectancy (SLE)
4. Assess the annualized rate of occurrence (ARO)
5. Derive the annualized loss expectancy (ALE)
6. Perform cost/benfit analysis of countermeasures

1. Identify the organization’s information assets.
2. Classify them.
3. Categorize them into useful groups.
4. Prioritize them by overall importance.

Exposure factor (EF): Represents the percentage of loss that an organization would experience if a specific asset is violated by a realized risk.

• In most cases, a realized risk does not result in the total loss of an asset. The EF simply indicates the expect.

Single loss expectancy (SLE): The cost associated with a single realized risk against a specific asset. It indicates the exact amount of loss an organization would experience if an asset were harmed by a specific threat occurring.

• SLE = asset value (AV) × exposure factor (EF)
• Example: if an asset is valued at $200,000 and it has an EF of 45 % for a specific threat, then the SLE of the threat for that asset is $90,000.

Annualized rate of occurrence (ARO): The expected frequency with which a specific threat or risk will occur within a single year.

• Example: The ARO of an earthquake in Paris may be .00001, whereas the ARO of an earthquake in San Francisco may be .03 (for a 6.7+ magnitude).

Annualized loss expectancy (ALE): The possible yearly cost of all instances of a specific realized threat against a specific asset.

• ALE = single loss expectancy (SLE) ⋅annualized rate of occurrence (ARO)
• If the SLE of an asset is $90,000 and the ARO for a specific threat (such as total power loss) is .5, then the ALE is $45,000.
  On the other hand, if the ARO for a specific threat (such as compromised user account) is 15, then the ALE would be $1,350,00

• You must calculate the ALE for the asset if the safeguard is implemented.

  • This requires a new EF and ARO specific to the safeguard.
  • The whole point of a safeguard is to reduce the ARO and/or reduce the SLE. The best of all possible safeguards would reduce the ARO to zero.
  • In most cases, the EF to an asset remains the same even with an applied safeguard because if the safeguard fails, the loss on the asset is usually the same as when there is no safeguard.

• Safeguard Costs

  • You must first compile a list of safeguards for each threat. Then you assign each safeguard a deployment value = ACS (Annual cost of the safeguard).

Net Value or Cost/Benefit of a safeguard:

• Negative value: not a responsible choice.
• Positive value: Then the value represents the yearly savings in cost that you CAN have (because the rate of occurrence is just an expected value).

Safety needs to be cost effective. Do not use more resources or money for the protection of an asset as the value of the asset itself!

The process of comparing an information asset’s risk rating to the numerical representation of the organization’s risk appetite or risk threshold to determine if risk treatment is required.

Risk Evaluation: Compare the risk with the risk appetite of the organization.

• Can the company live with the analysed level of risk (From the CVSS, the quantitative risk analysis, qualitative risk analysis)?
• Levels: Expansionary, Conservative or Neutral

The Risk appetite from the RM Framework must be translated into a value so it can be compared to each analysed risk.

• For the quantitative risk analysis, the risk appetite can be translated into a numerical value!

Goal: The risk must be smaller or equal as the risk appetite.

• Important Indicators for Business Impact:

  • Maximum Tolerable Downtime (MTD)
  • Recovery Point Objective (RPO)
  • Recovery Time Objective (RTO) & Work Recovery Time (WRT)

Mitigation risk treatment strategy: The risk treatment strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards in an effort to change the likelihood of a successful attack on an information asset; also known as the defense strategy.

The company now has a list of information assets with unacceptable levels of risk.

• The appropriate strategy must be selected and applied.

Four basic strategies to treat risk:

1. Mitigation: Apply safeguards that eliminate or reduce the remaining uncontrolled risk.

   • Example: Firewall, Training, …

2. Transfer: Shift risks to other areas or outside entities.

   • Example: Outsourcing
3. Acceptance: Understand the consequences of choosing to leave an information assets vulnerability facing the current risk level (after formal evaluation).
4. Termination: Remove or discontinue the asset from the organization’s operating environment.

• Fix vulnerabilities

• Applying controls (tools, processes, rules to mitigate risk)

  • Endpoint Hardening (preventive Control): Secure a “endpoint” (device: laptop, server, …) by reducing its vulnerabilities and shut down potential threat vectors!

• Reduce final impact (If zero-day attacks, unknown vulnerabilities, or a taken risk happen)

  • EDR (Endpoint Detection and Response): Software that watches for suspicious behaviour and responds with certain measures.
  • XDR (Extended Detection and Response): Watching everywhere (not just on endpoints) and respond with certain measures (shut down infected laptop, …)

• OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation) by the Carnegie Mellon University.
• FAIR (Factor Analysis of Information Risk) by Jack A. Jones.
• ISO Standards: ISO 27005 and ISO 31000: (explanation: https://en.wikipedia.org/wiki/ISO/IEC_27005 ).
• NIST Risk Management Framework (RMF): https://csrc.nist.gov/publications/sp

IAM deals with provisioning and protecting digital identities and user access permissions. Or in other words: The right people can access the right resources for the right reasons at the right time. To ensure this we need Access Controls.

Any hardware, software, or administrative policy or procedure that controls access to resources. The selective method by which systems specify who may use a particular resource and how they may use it.

The goal is to:

• PROVIDE access to authorized subjects
• PREVENT access to unauthorized access attempts and unauthorized subjects

The subject is claiming an identity.

• Example: Typing a username, swiping a smartcard, waving a token device, speaking a phrase, or positioning your face, hand, or finger in front of a camera or in proximity to a scanning device

Important: All subjects must have unique identities

• IT systems track activity by identities, not by the subjects themselves
• A subject’s identity is typically labeled as, or considered to be, public information

A subject must provide an identity to a system to start the other processes (authentication, authorization, and accountability)

The process of verifying that the claimed identity (from identification) is valid

• Example: password
• Identification and authentication are often used together as a single two-step process

Authentication information used to verify identity is private information and needs to be protected

To authenticate the claimed identity it is common to use multiple factors These factors are often categorized in three different categories:

1. Type 1

   • Something you know. Passwords, PINs, …

2. Type 2

   • Something you have. Physical devices that a user possesses can help them provide authentication

3. Type 3

   • Something you are or something you do. It is a physical characteristic of a person identified with different types of biometrics

1. Basic Authentication: Classical username / password pair transmitted in the clear
2. One Time Passwords: Transmitted in the clear but used only once
3. Challenge / Response: Response is a function of password and one-time challenge
4. Anonymous Key Exchange: Exchange credentials over unauthenticated secure channel
5. Zero-Knowledge Password Proofs: Does not permit offline-based password attacks
6. Server Certificates plus User Authentication: Transmit user password over unilaterally authenticated secure channel
7. Mutual Public Key Authentication: Bilateral use of public key signatures

Attack vulnerability Matrix

Passwords are typically static. They are the weakest form of authentication

• Users often choose passwords that are easy to remember and therefore easy to guess or crack
• Randomly generated passwords are hard to remember, and many users write them down
• Users often share their passwords, or forget them

• Passwords are rarely stored in plaintext.

  • A system will create a hash of a password using a hashing algorithm

• Best practices and policies

  • Enforce a minimum length
  • Complexity rules (uppercase/lowercase, non-alphanumeric, etc…)
  • Ageing and expiration
  • Reuse and history
• Password managers mitigate the risk of poor credential management

A token device, or hardware token, is a device that users can carry with them

• An authentication server stores the details of the token, so at any moment, the server knows what number is displayed on the user’s token

Hard Authentication Tokens

• No transmission of the token itself e.g. Smartcards, Hardware OTP Token

Soft Authentication Tokens

• Software token transmitted to the user e.g. via Authenticator App, SMS, Email or phone

Dynamic Password Tokens

• Synchronous dynamic passwords are time-based and synchronized with an authentication server (TOTP)
• Asynchronous dynamic password is based on a Challenge-Response principle. Passwords are generated based on an algorithm and an incrementing counter, which remains valid until used (HOTP)

A smartcard is a credit card–sized ID or badge and has an integrated circuit chip embedded in it

• Smartcards store information about the authorized user that is used for identification and/or authentication purposes
• Implements certificate-based authentication (private key and sometimes a PIN to activate the card)
• Most current smartcards include a microprocessor and one or more certificates. The certificates are used for asymmetric cryptography such as encrypting data or digitally signing email
• Smartcards are tamper-resistant and provide users with an easy way to carry and use complex encryption keys

Onetime passwords are dynamic passwords that change every time they are used

• Onetime password generators are token devices that create passwords
• The PIN can be provided via a software application running on the user’s device (e.g., smartphone)

TOTP (Time-based One-Time Password)

• Uses a timestamp and remains valid for a certain timeframe, such as 30 seconds
• This is similar to the synchronous dynamic passwords used by tokens

HOTP (HMAC-based One-Time Password)

• Includes a hash function to create onetime passwords. It creates HOTP values of six to eight numbers
• This is similar to the asynchronous dynamic passwords created by tokens. The HOTP value remains valid until used

Biometric authentication uses physiological characteristics to provide authentication for a provided identification.

Biometrics make measurements and compare them with unique points of reference. This may lead to these errors:

• False reject rate (FRR) (Type 1 Error): percentage of authorized users who are denied access
• False accept rate (FAR) (Type 2 Error): percentage of unauthorized users who are granted access
• Crossover error rate (CER): The point at which the rate of false rejections equals the rate of false acceptances

Multifactor authentication is any authentication using two or more factors

• For a positive authentication, elements from at least two, and preferably three factors should be verified

  • When two authentication methods of the same factor are used together, the strength of the authentication is no greater than it would be if just one method were used
  • Using more types or factors results in more secure authentication

Numbered from weak to strong

1. Type 1: Something you know
2. Type 2: Something you have
3. Type 3: Something you are/ you do
4. Multi-Factor: 2 types
5. Multi-Factor: 3 types

In addition to the three primary authentication factors, there are some others

• Somewhere You Are

  • The somewhere-you-are factor identifies a subject’s location based on a specific computer, a geographic location identified by an Internet Protocol (IP) address, or a phone number identified by caller ID

• Somewhere You Aren’t

  • Many IAM systems use geolocation technologies to identify suspicious activity
  • For example, imagine that a user typically logs on with an IP address in Switzerland. If a user is trying to log on from a location in India, it can block the access even if the user has the correct username and password

• Kerberos: Create Authentication through a trusted third party.
• RADIUS: Provide centralized authentication, authorization, and accounting (AAA) for network access.

An authentication system that uses symmetric key encryption to validate an individual user’s access to various network resources by keeping a database containing the private keys of clients and servers that are in the authentication domain it supervises.

• Authentication in UNIX-based TCP/IP networks
• Use of symmetrical cryptography (DES)
• Relies on the mediation services of a trusted referee or notary
• Based on the work by Needham and Schroeder on trusted third-party protocols as well as Denning and Sacco’s modifications of these
• Current release is Kerberos v5 ( RFC 1510 , September 1993)
• V5 supports additional encryption ciphers besides DES

Kerberos Step-By-Step

1. The user wants to get authenticated at a Service.
2. The user sends a request to the Authentication Server (KDC) asking for a Ticket Granting Ticket (TGT). This request is encrypted with the hash of the user’s password.
3. The Authentication Server looks up the user, authenticates him using the hashed password and sends back the TGT. (notice, the password itself never travels across the network)
4. The user wants to access a specific service. He sends the TGT to the Ticket Granting Server (TGS)
5. The TGS verifies the TGT and issues a Service Ticket to the client
6. The client presents this Service Ticket directly to the Service he wants to use.
7. The Service decrypts the ticket, verifies the client and grants access. He can also send a message back to the client to prove its own identity.

A networking protocol that provides centralized Authentication, Authorization and Accounting (AAA) management for users who use a network service.

Used to secure network nodes: Enterprice Wi-Fi (802.1x), VPNs, Switches

AAA

• Authentication: Verifying the user’s identity
• Authorization: Granting specific network privileges (assigning specific IP, …)
• Accounting: Tracking network resource for auditing, billing, …

RADIUS Architecture

1. User requests network access from the Network Access Server (NAS)
2. NAS prompts the RADIUS server for credentials (username / password, or certificate)

3. RADIUS server evaluates the request and returns one of three responses:

   • Access-Accept: User is authenticated, NAS grants network access
   • Access-Reject: Invalid credentials, NAS denies access
   • Access-Challenge: Server requires more information (MFA, or Token)
4. When connected, NAS sends Accounting-Request to log the session.

The process of authorization ensures that the requested activity or access to an object is possible given the rights and privileges assigned to the authenticated identity

Or in other words: Once a subject is authenticated, access must be authorized

• Just because a subject has been identified and authenticated does not mean they have been authorized to perform any function or access all resources within the controlled environment

Identification and authentication are all-or-nothing aspects of access control. This is NOT the case with authorization:

• Authorization has a wide range of variations between all or nothing for each object within the environment

Access controls that are implemented at the judgment or option of the data owner. Every object has an owner, and the owner can grant or deny access to any other subjects The owner (or user) chooses who has access!

• Most flexible and widely used e.g. file system security
• Data owner can modify access control list (ACL)
• Example: User has a hard drive and wants to share it with coworkers. He decides who he shares it with.

Access controls that are implemented by a central authority.

• Example: US-Hospital where access is based on rules and regulations like HIPAA (DSG covers that in Switzerland)

A variation on mandatory access controls that assigns users a matrix of authorizations for particular areas of access, incorporating the information assets of subjects such as users and objects.

• Mandatory access control (MAC):

  Use of labels applied to both subjects and objects. This means each collection of information is rated, and all users are rated to specify the level of access.

  • Example: Information are labelled as top secret only users that are labelled top secret are granted access to this information!

• Role-based (RBAC) / Task-based (TBAC) access control:

  privileges are tied to a role or a job (role-based) or to a task or assignment (task-based).

  • Example: Project manager has access to corresponding information about his project. (role-based)
  • Example: A technician is only allowed into a server room in his planned maintenance timeslot (task-based)

Access rights should be limited in scope, time, and function

• “Just enough access” is usually better than broad permanent access

Users and systems should only get the permissions they actually need

• Reduces attack surface and limits damage after account compromise
• Helps prevent misuse of admin accounts and service accounts
• Supports separation of duties and stronger compliance

Requires regular access reviews and removal of unused permissions

A subject’s actions are tracked and recorded

Purpose: Hold the subjects accountable for their actions while authenticated on a system

The consumption of resources by a subject is measured, metered, and collected.

Purpose: Provide a record of resource usage for billing, capacity planning, and trend analysis.

Accountability means actions can be traced to a specific identity

• Proving to regulators that your data is secure
• Link a human to the activities of an identity
• Requires unique user identities, no shared accounts and trong authentication
• Support your security decisions and their implementation
• Supports incident investigation, compliance, and trust in transactions

Non-repudiation means a user cannot credibly deny a performed action

• Logging and audit trails must be complete, accurate, and protected
• Digital signatures are a key mechanism for non-repudiation

• Access aggregation refers to collecting multiple pieces of nonsensitive information and aggregating them to learn sensitive information.
• Reconnaissance attacks are access aggregation attacks that combine multiple tools to identify multiple elements of a system, such as Internet Protocol (IP) addresses, open ports, running services, operating systems.

• Online: Attacks against online accounts
• Offline: to steal an account database and then crack the passwords.

An attempt to discover passwords by using every possible password in a predefined database or list of common or expected passwords also called a password-cracking dictionaries

• Dictionary attack databases also include character combinations commonly used as passwords, but not found in dictionaries
• Dictionary attacks often scan for one-upped-constructed passwords. A one-upped-constructed password is a previously used password, but with one character different.
• For example, password1 is one-upped from password, as are Password, 1password, and passXword

A birthday attack focuses on finding collisions. Its name comes from a statistical phenomenon known as the birthday paradox

• The birthday paradox states that if there are 23 people in a room, there is a 50 percent chance that any two of them will have the same birthday. (This is not the same year, but instead the same month and day, such as March 30)
• With February 29 in a leap year, there are only 366 possible days in a year. With 367 people in a room, you have a 99.99 percent chance of getting at least two people with the same birthdays. Reduce this to only 23 people in the room, and you still have a 50 percent chance that any two have the same birthday

You can reduce the success of birthday attacks by using hashing algorithms with enough bits to make collisions computationally infeasible, and by using salts.

• MD5 is not collision free
• SHA-3 (short for Secure Hash Algorithm version 3) can use as many as 512 bits and is considered safe against birthday attacks and collisions – at least for now

A rainbow table reduces the time by using large databases of precomputed hashes

• It takes a long time to find a password by guessing it, hashing it, and then comparing it with a valid password hash

A password cracker can then compare every hash in the rainbow table against the hash in a stolen password database file

• When using the rainbow table, the password cracker doesn’t spend any time guessing and calculating hashes. It simply compares the hashes until it finds a match
• This can significantly reduce the time it takes to crack a password

Salting

• adds a unique random value to each password before hashing
• prevents identical passwords from producing identical hash values

A sniffer (also called a packet analyzer or protocol analyzer) is a software application that captures traffic traveling over the network

• A sniffer attack (also called eavesdropping attack) occurs when an attacker uses a sniffer to capture information transmitted over a network

The following techniques can prevent successful sniffing attacks:

• Encrypt all sensitive data (including passwords) sent over a network. Attackers cannot easily read encrypted data with a sniffer
• Use onetime passwords (OTP) when encryption is not possible or feasible. OTPs prevent the success of sniffing attacks, because they are used only once, also see next chapter Kerberos
• Protect network devices with physical security. Controlling physical access to routers and switches prevents attackers from installing sniffers on these devices

• Confidentiality (Privacy)

  • Only authorized persons should read a message, get to know sener/receiver, know about the existence of a message

• Integrity

  • Data should be demonstrably unaltered from sender to recipient

• Authentication

  • The identity of an author of a message should be clearly verifiable

• Non-repudiation

  • The sender of a message should not be able to deny authorship or having performed an action.
• Procedures do not necessarily have to fulfill every objective

A cryptographic system should be secure even if everything about the system, except the key, is public knowledge

• This principle makes algorithms known and public, allowing anyone to examine and test them
• The principle can be summed up as “The enemy knows the system”
• Public exposure may expose weaknesses more quickly, leading to the abandonment of insufficiently strong algorithms and quicker adoption of suitable ones
• A large number of cryptographers adhere to this principle, but not all agree
• Some believe that better overall security can be maintained by keeping both the algorithm and the key private

One of the earliest known cipher systems was used by Julius Caesar to communicate with Cicero in Rome while he was conquering Europe

• To encrypt a message, you simply shift each letter of the alphabet three places to the right
• The Caesar cipher became known as the ROT3 (or Rotate 3) cipher
• The Caesar cipher is a substitution cipher that is mono-alphabetic

An SP-Network (Substitution-Permutation Network) is an algorithm that uses repeated substitution and permutation operations

• Substitution: Replacing bytes with others
• Permutation: Swapping bytes around
• The substitutions and permutations are combined into a round.
• Rounds are then repeated many times

M 01011010 00110101
          ^
K 01001011 10111001
          =
C 00010001 10001100

M 01011010 00110101
          ^
K 01001011 10111001
          =
C 00010001 10001100

• A hash function maps data of any size to a fixed-size output in a deterministic and hard-to-reverse way
• A 128 bit hash function will return a 128 bit string, regardless of how much bits have been hashed in

• Hash functions are used everywhere. Message authentication, integrity, passwords etc.

  • For example, SHA-256 can be used to verify data integrity
• A good hash algorithm should perform quickly but it shouldn’t be too quick because if it’s too quick, it is easy to break

• Usually hash functions iteratively jumble blocks of a message after another

  • This is a one-way function
  • There is no way to revert back and restore the initial message

• A hash function is kind of like a washing machine for bits

  • The initial hash is usually defined in the spec
  • A new current hash is created every round
  • We loop for every block of the message
• When we run out of message, we use the current hash as the final hash

The output must be indistinguishable from random noise

• It should look like you have just generated random numbers
• It shouldn’t look like the output is based on the input
• With SHA-256, the output is pretty much undistinguishable from random noise

Bit changes must diffuse through the entire output

• This is called the avalanche effect
• With SHA-256, a small change in the message makes a big change in the hash

It shall to be quick but not too quick

It shall introduce diffusion

• Most hash functions, even MD5, adhere to that

Given a hash, we can’t reverse it

• Most hash functions, even MD5, adhere to that

Given a message and its hash, we can’t find another message that hashes to the same thing

• That’s a collision
• That is problematic because we use hashes to verify that things hasn’t been changed. So finding collision undermines the whole idea
• MD5 is broken in that sense
• shattered.io: two different PDFs that have the exact same SHA-1 hash

The current standard is the SHA-2 family with 256-bit and 512-bit variants

SHA-3 is not better or worse than SHA-2

• SHA-3 is a completely different function (Keccak algorithm)
• SHA-3 was designed in case something happens to SHA-2

KMAC 128/256 is a new SHA-3 based KECCAK MAC

• standardized in Dec 2016, NIST SP 800-185
• alternative method to SHA-2
• permutation-based hash algorithm (sponge construction)
• very strong resistance to the pre-image

Optimized for parallel processing; efficient on various platforms

Hash functions such as SHA-256 are not good to store passwords because there are too fast

• They are designed to be quick to summarize data
• Vulnerable to brute-force attacks. The attackers hash the passwords and compare with the hashes to see if there are any matches

The hashes are iterated to slow them down on purpose

• Argon2 is memory-hard and designed to resist brute-force attacks
• Configurable parameters for memory usage, iterations, and parallelism.
• Slows down attackers – makes massive guessing attempts significantly harder.
• This is exclusively good for login and passwords and not not suitable for general-purpose hashing
• It is totally useless for any kind of other hash function usage

Hashing lets us ensure that a message hasn’t been altered

1. Digital signatures
2. Message Authentication Codes (MAC)

• MAC approaches may have issues due to the structure of common hash functions like SHA-256

  • MAC with SHA-1 and SHA-2: possibility of length extension attack

• Hash based MAC (HMAC) is a standardized form and the most common approach, it splits a key in two and hashes twice

  • We hash two times to be safer.
  • We split the key into two and we hash twice with each key
  • Then not vulnerable to length extension attack

Symmetric key algorithms rely on a shared secret key that is distributed to all members who participate in the communications.

• This key is used by all parties to both encrypt and decrypt messages
• The sender encrypts with the shared secret key and the receiver decrypts with it.
• When large-sized keys are used, symmetric encryption is very difficult to break.

It provides for the security service of confidentiality

We can approximate a one-time pad by generating an infinite pseudo-random keystream

• Stream ciphers work on messages of any length
• The nonce guarantees that each keystream is unique, even if the same key is reused

Block ciphers take an input of a fixed size and return an output of the same size

• Block ciphers attempt to hide the transformation from message to ciphertext through confusion and diffusion
• Most block ciphers are SP-Networks

The Advanced Encryption Standard (AES) is an SP-Network

• Almost everything uses AES
• There are others (e.g. Feistel Ciphers)

Provides Confusion

Provides Diffusion

Combines S-Box and P-Box

• A standard built around the Rijndael algorithm

  • Superseded DES as a standard in 2002

• SP-Network with a 128-bit block size

  • Key length of 128, 192 or 256-bits
  • 10, 12 or 14 rounds

  • Each Round:

    • SubBytes
    • ShiftRows
    • MixColumns
    • Key Addition

Round Structure

Key addition to a Block / XOR

128 bits block after XOR with the extended key

SubBytes

It is a lookup table, there is no fixed point (byte 15 doesn’t end up byte 15)

There is no opposite bit flap (10101010 didn’t become 01010101)