Domain 3: Security Architecture and Engineering
3.1 Implement and manage engineering processes using secure design principles
Write (save) results
Trusted Platform Module – hardware crypto-processor. Generates, stores and limits the use of crrypto keys. Literally a chip on a motherboard. Commonly used to ensure boot integrity.
Data Execution Prevention – areas of RAM marked Non-Executable (NX bit). Prevents simple buffer overflows.
Address Space Layout Randomization – each process is randomly located in RAM. Makes it difficult for attacker to find code that has been injected.
Reference Monitor – mediates access between subjects and objects. Enforces security policy. Cannot be bypassed.
Trusted Computing Base – combination of HW, SW and controls that workk together to form a trusted base that enforces your security policies. TCB is generally the OS Kernel, but can include things like configuration files.
Security Perimeter – separates the TCB from the rest of the system. The TCB communicates through secure channels called trusted paths
3.2 Understand the fundamental concepts of security models
Bell-LaPadula Model – Developed by DoD, focuses on maintaining confidentiality. Two primary rules:
State Machine Model – every possible interaction between subjects and objects is included in its state. If every possible state is secure, the system is proven to be secure.
Biba Model – Concerned only with integrity. Two rules:
These rules are exact opposite of the B-LP model
If a high ranking subject issues data, everyone is able to trust that data. If a low ranking subject issues some sort of data, no one above that subject has permission to trust it.
Clark-Wilson – another integrity model. “Subjects must access objects through programs. Cannot access data directly.” Includes separation of duties.
Informatiom Flow Model – limits how info flows in a system. Biba and B-LP are both examples of this
Brewer Nash / Chinese Wall – protects against conflict of interest.
Take-Grant - four rules:
Graham-Denning Model – defines a set of basic rights in terms of commands that a subject can execute on an object. Three parts: objects, subjects and rules.
Harrison-Rizzo-Ullman Model – like Graham-Denning, but treats subjects and objects as the same and only has 6 rules:
Non-Interference Model – ensures that commands and activities at one level are not visible to other levels
Access Control Matrix – describes the rights of every subject for every object in the system. An access matrix is like an excel spreadsheet. The rows are the rights of each subject (called a capability list), and the columns show the ACL for each object or application
Zachman Framework for Enterprise Architecture – takes the Five W’s (and How), and maps them to specific subjects or roles.
3.3 Select controls based upon systems security requirements
Scoping is the process of determining which portions of a standard an organization will use. If there’s no wireless, wireless encryption standards are out of scope
Tailoring is customizing the standard for an organization to address their specific technologies
3.4 Understand security capabilities of information systems
Security Modes of Operational
Dedicated – system contains objects of only one classification level. All subjects are cleared for that level or higher. All subjects have access approval and need to know for all info stored/processed on that system
System High – system contains objects of mixed labels (confidential, secret, top secret). All users have appropriate clearances and access permissions for all info processed by a system, but they don’t necessarily need to know all the info processed by that system. Provides the most granular control over resources compared to the other security models.
Compartmented – All subjects accessing the system have necessary clearance, but do not have formal access approval or need to know for ALL info on the system. Technical controls enforce need to know for access.
Multilevel – also known as label-based. Allows you to classify objects and users with security labels. A “reference monitor” controls access. If a top-secret subject attempts to access a top-secret object, access is granted. By the reference monitor.
3.5 Assess and mitigate the vulnerabilities of security architectures, designs and solution elements
SaaS – Software-as-a-Service. provided through a browser, such as web mail.
PaaS – Platform-as-a-Service. Provides customers with a pre-configured computing platform. The vendor manages the underlying platform and all maintenance associated with it.
IaaS – Infrastructure-as-a-Service. You’re just renting physical equipment. Client is responsible for their data, patching and updating everything, etc.
Peer-to-peer – sharing between many systems, such as BitTorrent. It’s decentralized and so integrity is questionable.
Used to control industrial equipment such as power plants, heating, prison doors, elevators, etc
Supervisory control system – gathers data and sends commands
Remote Terminal Unit (RTU) – connects devices to SCADA network. Converts analog to digital
Human Machine Interface – presents data to the operator
Often older and have security issues. Typically they are airgapped (no direct connection to outside world).
Polyinstantiation - Two rows may have the same primary key, but different data for each clearance level. Top secret clearance subjects see all data. Secret clearance subjects see only the data they are cleared for. This prevents unprivileged users from assuming data based on what they notice is missing.
Data mining – searching a large database for useful info. Can be good or bad. For example,, a credit card company may mine transaction records to find suspicious transactions and detect fraud.
Data Analytics is understanding normal use cases to help detect insider threats or other compromises.
Data Diddling – altering existing data, usually as it’s being entered.
3.6 Assess and mitigate vulnerabilities in web-based systems
Covert Channels – communications that violate security policies.
Backdoors – system shortcut to bypass security checks. Could be planted by attackers, or included by developers (called maintenance hooks).
Java Applets run in web browsers to make a web session more functional and interactive
OWASP Top 10
3.7 Assess and mitigate vulnerabilities in mobile systems
3.8 Assess and mitigate vulnerabilities in embedded devices
3.9 Apply cryptography
NOTE: a sender will use their private key to actually sign the digital signature
Cryptography is the science of encrypting information. The work function/factor of a cryptosystem is the measure of its strength in terms of cost and time to decrpt messages. The work function is generally rated by how long it takes to brute-force the cryptosystem.
Encryption is the act of rendering data unintelligible to unauthorized subjects
Algorithms and keys work together to encrypt and decrypt information. In the above example, 13 is the key and ROT is the algorithm. In modern cryptography, algorithms don’t change often but keys should every time
Confusion – relationship between plaintext and ciphertext should be as random as possible
Substitution replaces one character for another
Permutation provides confusion by rearranging the characters of the plaintext (such as ROT 13)
Monoalphabetic ciphers use one alphabet, meaning letter E is always substituted with the same letter every time. These ciphers are susceptible to frequency analysis
Cryptosystem Development Concepts:
Exclusive-OR (XOR) Operation - Logical, binary operation which adds two bits together. Plaintext is XORed with a random keystream to generate ciphertext
If values are same, result is 0
If values are different, result is 1
Zero-proof Knowledge is the concept that you can prove your knowledge of a fact to a third party without revealing the fact itself. This is the case with digital signatures and certificates. This is illustrated by the “Magic Door”, where user A uses a secret password to open a door to get to user B without having to tell user B the password:
Caesar Cipher – used simple substitution where characters where shifted 3 spaces
Scytale – used by Spartans. Wrapped tape around a rod. The message was on the tape and the key was the diameter of the rod.
Vigenere Cipher – polyalphabetic cipher. Alphabet is repeated 26 times to form a matrix (Vigenere Square).
One-Time Pad – if done correctly, it’s mathematically unbreakable. Sender and recipient must have a pad with pages full of random letters. Each page is used only once. The only way to break it is to steal or copy the pad. They key must be at least as long as the message to be encrypted.
The equation for determining how many keys are required for symmetric communications is:
Uses the same key both to encrypt and decrypt a message. This makes it very fast compared to asymmetric encryption. May be referred to as “secret key” or “shared key” cryptography.
A session key is a temporary symmetric key used for a connection
Difficult to securely exchange the keys
Not scalable. The number of keys you need grows exponentially as you add additional people to the communication link
Stream vs Block Ciphers - In a stream cipher, data is encrypted bit-by-bit. Usually implemented in hardware and requires no memory. Not used anymore because it’s likely for patterns to emerge. Block ciphers group communications into blocks and encrypt those all together. This alleviates the issue of patterns in stream ciphers because an attacker would never know if a block is one word or ten words.
Initialization Vector (IV) – a random value added to the plaintext before encryption. Used to ensure that two identical plaintext messages don’t encrypt to the same ciphertext
Chaining – uses the result of one block to “seed”, or add to, the next block
Common Symmetric Algorithms:
DES – Uses a single 56-bit key. Brute forced two decades ago. No longer safe to use.
3DES – Three rounds of DES encryption using two or three different 56-bit keys. Key length is 112 bits or more depending on how many keys you use. Considered secure, but slower to compute than AES
AES – Three key lengths: 128, 192 and 256-bits. Current US recommended standard.. Open algorithm, patent free (anyone can use it)
RC4 – Key length of 8-2048 bits. Was used in SSL and WEP communication
Blowfish – Developed by Bruce Schneider. key sizes 32-448 bit. Faster than AES.
Two Fish - Developed by Bruce Schneider. key size 128-256 bit. Better than Blowfish. Uses a process known as prewhitening to XOR plaintext with a separate subkey before encryption
IDEA – block algorithm using 128-bit key and 64-bit block size. Patented in many countries.
Be able to look at a list of algorithms and pick out the symmetric ones. Think of the word FISHES. A fish is symmetric. Anything with FISH or ES in the name is symmetric, as are RC4, Skipjack, and IDEA.
The equation for determining how many keys are required for asymmetric communications is:
Designed to solve the key exchange problem of symmetric encryption. Each user has a public and a private key. The public is made available, but the private key is kept secret
Far slower than symmetric encryption and is weaker per key bit. 512-bit public key is roughly equivalent to a 64-bit symmetric key.
must be a way to calculate a public key from a private key, but impossible to deduce the private key from the public key.
Works by multiplying prime numbers. Calculating the product of those two prime numbers, but determining which prime numbers achieved the product is much more difficult.
Diffie-Hellman – original asymmetric algorithm. Allowed two parties to agree on a symmetric key via a public channel. Based on “difficulty of calculating discrete logarithms in a finite field”.
RSA – based on factoring large prime numbers. Key length and block size of 512-4096. 100 times slower than symmetric encryption. Only requires two keys for any given communication and is ideal for large environments with a low amount of time required for key management
DSA – used for digital signatures
El-Gamal – extension of Diffie-Hellman that depends on modular arithmetic
Elliptic Curve Cryptography (ECC) – faster than other asymmetric algorithms, so its used on devices with less computing power, such as mobile devices. It is patented so it costs money to use it. 256-bit ECC key is as strong as a 3,072-bit RSA key
PGP – originally used IDEA. Can now use PKI. Uses a web of trust model to authenticate digital
SSL/TLS – client requests a secure connection to a server. Server sends the client its public key in the form of a certificate. The client takes the public key and generates a one-time session key (temporary symmetric key) and encrypt it with the server public key and send it back to the server. The server uses their private key to decrypt the client’s private key. That symmetric key is now used to encrypt all data exchanged between client and server.
Considered one way because there is no way to reverse a hash. Plaintext is “hashed” into a fixed-length value (ie not variable), called a message digest or hash
Hashing helps ensure integrity. If the content of a file changes, its hash will change.
Hash Functions:MD5 is not used because it has been found to create collisions in the past. There is more data in the world than there are possible 128-bit combinations
HMAC uses a secret key in combination with a hash algorithm to verify that a hash has not tampered with it. It computes the hash of a message plus a secret key
When a digital signature is issued by a CA, they will include the recipient’s public key
If an outside individual receives someone else’s digital cert, they will verify its authenticity
by looking at the CA’s public key
Provide authentication and integrity. Do not provide confidentiality.
It will calculate the hash of a document it and encrypt it with your private key. Anyone can verify it with your public key.
Digital Signature Standard uses SHA-1, 2 and 3 message digest functions along with DSA, RSA and Elliptic Curve algorithms.
Digital Watermarks – encode data into a file. May be hidden using steganography.
Brute force – tries every possible key. In theory it will always work with time, except against one-time pads. If a key is long enough, however, it will take incredibly long amounts of time.
Rainbow Tables – pre-computed tables of passwords and their hashes. Not practical for modern. Effective against Windows LANMAN hashes
Salts are random values added to the end of a password before hashing it to help protect against rainbow table attacks. Salts are stored in the same database as the hashed password. Salting can be accomplished by PBKDF2, bcrypt and scrypt. Unique salts should be generated for each user.
Peppers are large constant numbers used to further increase the security of the hashed password, and are stored OUTSIDE the database that houses the hashed passwords.
Collisions – when two different messages have the same hash value, such as the Birthday Attack. If a room has 23 people in it, there is a significant chance that two people will have the same birthday. Chances increase with the size of the environment.
Known-Plain Text Attack – attempting to attain the key when you have the encrypted text and all or some of the plain text.
In WWII, the Germans and Japanese always started a transmission with a certain phrase. The Allies knew this phrase and could record the encrypted message, and were able to break the code
Chosen-Plaintext Attack – attacker has the ability to encrypt chosen portions of the plaintext and compares it to the encrypted portion to discover the key
Cipher-Text Only Attacks – Attacker collects many messages encrypted with the same key, and uses statistical analysis to break the encryption
Chosen Ciphertext Attack – cryptanalyst can choose the cipher text to be decrypted. Thus, they have ciphertext and plaintext for messages that they choose.
Known Key – attacker may have some knowledge about the key. This reduces the number of variations they have to consider to guess the key (ex: Passwords must be 8-12 characters)
Meet-in-the-middle Attack – Encrypts the plaintext using all possible keys and creates a table with all possible results. Then they decrypt the plaintext using all possible keys. This is why 3DES is used over 2DES.
Side-Channel Attack – uses physical data to break cryptosystem, such as monitoring CPU cycles or power consumption used while encrypting or decrypting. Longer keys may require more CPU cycles for examination.
Implementation Attacks -exploit a vulnerability with the actual system used to perform the math. System may leave plaintext in RAM, or the key may be left on the hard drive.
Public Key Infrastructure. Provides a way to manage digital certificates, which is a public key signed with a digital signature. The standard digital certificate format is X.509.
A digital certificate will contain:
A certificate will NOT contain:
The Certificate Authority creates certs to verified users. Examples include Verisign, DigiSign, Comodo, GoDaddy, etc.
Certificate Policy – set of rules dictating the circumstances under which a cert can be used. Used to protect Cas from claims of loss if the cert is misused.
Certificate Revocation List (CRL) – identifies certs that have been revoked due to theft, fraud, change in information associated with the CA, etc. Expired certs are not on the CRL. DOES NOT UPDATE INFO IN REAL TIME
Online Certificate Status Protocol – used to query the CA as to the status of a cert issued by that CA. Useful in large environments. Responds to a query with the status of valid,, suspended or revoked
There are several models:
Hierarchical Trust – Root CA can delegate intermediate CAs to issue certs on its behalf.
Web of Trust – All parties involved trust each other equally. No CA to certify certificate owners
Hybrid-Cross Certification – Combination of hierarchical and mesh models. Common for when two different organizations establish trust relationships. A trust is created between two Root CAs, and each organization trusts the others’ certificates.
Key Escrow – keys needed to decrypt cyphertext are held in escrow so that, under certain cirumstances, an authorized third party may gain access to those keys.
Recovery Agent – has authority to remove lost/destroyed keys from escrow. Requires at least TWO agents (M of N controls – a number (n) of agents must exist in an environment. Of those agents, a minimum number (m) must work together to recover a key). This is an example of Split Knowledge, where information or privilege required to perform an action is divied among multiple users.
Security Association (SA) – one way connection. May be used to negotiate AH and/or ESP parameters. If using ESP only, two SAs are required (one for each direction). If using AH and ESP, 4 SAs are required
Know the difference between tunnel and transport mode, AH and ESP, and how many security associations you need.
3.10 Apply security principles to site and facility design
3.11 Implement site and facility security controls
Fault – a temporary loss of power
Blackout – Power is completely off
Sag – or dips. When voltage briefly drops below acceptable operating range
Brownout – A prolonged sag
Spike – or transients. Voltage briefly rises above acceptable operating range. Very brief, and should be absorbed by surge protectors
Noise – signals emitted from cabeling
HVAC should keep rooms with electronics between 60-75 degrees fahrenheit/15-23 degrees celsius. Humidity should be mainteained between 40-60%.
Locate server rooms and other critical components away from any water source.
Know what mantraps and turnstiles look like
A preaction system is the best water-based suppression system.
FEMA (Federal Emergency Management Agency) provides flood risk data for locations in th US
Types of fire extinguishers:
Class A - Uses water to suppress common combustibles
Class B – uses CO2, halon or soda acid to suppress liquid-based fires
Class C – Use CO2 or other suppressants and suppress electric fires
Class D – Use dry powder to suppress metal fires