Cryptography Goal
Secure communication channel, even with eavesdroppers present.
Key Cryptographic
Use of keys for encryption, attributed to Leon Alberti during the Renaissance.
Stream Ciphers
encrypt digit by digit, fast but less secure
Block Ciphers
encrypt fixed-length blocks, slower but more secure.
Asymmetric Key Cryptography
Uses a pair of keys (public and private) for secure communication, based on hard-to-solve number theory problems.
Confidentiality
Ensuring that information is not disclosed to unauthorized individuals.
Authenticity
Verifying that both the sender and receiver are who they claim to be.
Integrity
Maintaining and assuring the accuracy and completeness of data.
Availability
Ensuring that authorized users have access to information and associated assets when required.
Security Goals
Confidentiality, Authenticity, Integrity, and Availability became essential.
Zero-Trust Network
Modern security requires that each device in a network be secured individually,
the principle of Zero-Trust
do not automatically trust anything inside or outside the network.
Network Components
Hardware or software piece that plays a specific role in connecting devices and ensuring data flow within a network.
Networking Devices
switches, bridges, and routers, and their roles in managing network traffic.
Network Security Layers
Firewalls: Prevent unauthorized access
Intrusion Detection: Monitor for attacks
Network Throttling: Control traffic flow
Firewalls
Separate device or part of a modem/router, filters packets, detects IP spoofing.
Intrusion Detection Systems (IDS)
Detect spam, spoofed addresses, and botnet connections.
Network Throttling
Manages network load and prevents overuse.
Early Networks
Refers to the initial stages of network development characterized by a focus on fast communication with minimal security measures in place.
Critical Infrastructure
The internet evolved into a vital component of modern society, necessitating measures for ensuring confidentiality, authenticity, integrity, and availability of data and services.
Network Security
Protocols, topology, and defenses protect networks.
Networking
Devices, protocols, and virtualization optimize connectivity.
Switches and Bridges
Efficiently process and forward network traffic.
Virtual Switches and Security Switches
Manage virtual traffic and enforce security.
Routers
Direct packets between network segments.
OSI Model
Organizes data exchange into layers.
Internet Protocol (IP)
Routes data packets using addresses.
IPv4 Addressing
Assigns network and subnet addresses.
Transmission Control Protocol (TCP)
Ensures reliable data transfer.
Packets and Layers
Data units in network communication.
Domain Name System (DNS)
Maps domain names to IP addresses.
DNS Security (DNSSEC)
Enhances DNS security.
VLANs and VPNs
Create virtual networks and secure connections.
Ethernet and Wi-Fi
Common local network technologies.
Wireless LANs (IEEE 802.11)
Standards for wireless networks.
Address Resolution Protocol (ARP)
Maps IP addresses to MAC addresses.
Dynamic Host Configuration Protocol (DHCP)
Automates IP address assignment.
Network Attacks
Malicious activities targeting networks.
Malware
Malicious software threats.
Distributed Systems
Independent sub-systems collaborating on tasks.
Race Conditions
Outcome depends on concurrent process instruction order.
Time of Check to Time of Use Flaws
System state changes between verification and action.
Citibank Casino Cash Caper
Example of a security protocol vulnerability allowing unlimited transactions in 60 seconds.
Concurrency
Can cause issues like outdated data, inconsistent updates, and deadlock.
Locking
Restricts resource access to prevent inconsistent updates.
Deadlock
Processes wait for each other indefinitely.
Order of Updates
Affects outcome, e.g., paying with insufficient funds.
ACID Transactions
Ensure atomicity, consistency, isolation, and durability.
Fault Tolerance
Essential for system functionality and recovery from failures.
Redundancy
Replicates components for resilience.
Denial of Service (DoS) Attacks
Overwhelm system with meaningless requests, impacting availability.
Distributed Denial of Service (DDoS) Attacks
Large-scale attacks using botnets.
Naming Objects
the process of assigning labels to objects in a distributed system.
Needham Naming Principles
Guidelines for naming in distributed systems.
Multilevel Security
System with different security levels, often in government contexts.
Mandatory Access Control (MAC)
Enforces access based on security classifications.
Bell LaPadula Security Policy Mode
Controls access based on security clearances and prevents unauthorized access.
Biba Model
Ensures data integrity and prevents corruption.
Multilateral Security
Various models ensuring security across different levels.
Compartmentation
Separates sensitive information using codewords.
Lattice Model
Access control model based on security levels.
Covert Channels
Unauthorized communication paths in multilevel systems.
Practicality of Multilevel Security
Balances security needs with implementation costs.
Classified Documents
Categorized into Top Secret, Secret, and Confidential levels.
Trusted Computer System Evaluation Criteria (TCSEC)
US DoD standards for computer security.
Access Control Modes
Different methods recommended for multiuser computers.
Operating System Security
Windows and Linux implement mandatory access control mechanisms.
Security Enhanced Linux (SELinux)
Kernel module developed by NSA for MAC.
Formal Mathematical Analysis
Precise security policy evaluation using mathematical methods.
Information Leaks
Breaches in government and military systems.
Protocol notation for sending an encrypted message
T → E: {M,T}k
RSA-N Number
positive integer which equals the product of two distinct prime numbers p and q