CYBER SECURITY MADE SIMPLE Author: Christopher Gorog www.logiccentral.org www.newcyberfrontier.com Christopher Gorog, MBA, PMP, CISSP Lead Faculty for Cybersecurity at Colorado Technical University; Published Author, Board of Advisors for Cyber Institute of the National Cybersecurity Center, Board of Directors for Cyber Resilience Institute, Host of New Cyber Frontier, and PhD Candidate at UCCS
CYBERSECURITY AND SECURITY Security - the state of being protected or safe from harm (merriam-webster.com) Cybersecurity - measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack (merriamwebster.com) Where do we start? Keeping the good guys in line Keeping the bad guys out Preventative security Strengthening defenses Reactive security Blocking attacks
INFORMATION SECURITY AND DESIGN SECURITY BASICS Information Security C.I.A. acronym Confidentiality and Integrity are properties of data Availability changes due to dynamic nature of technology For Cyber Physical Designs Additive Property of Reduced Availability 98% Uptime = 2% down time Dependency of 5 components (each 98% uptime) = ~1% downtime Availability = Constant = 1% Design Security P.A.I.N. acronym Privacy Protecting interfaces and data so only authorized actors have access to them Authentication Verify a actors before are trusted to utilize systems and data Integrity Prove that a configurations and/or data has not changed Non-repudiation Prove an action was taken by another actor such that the action cannot be denied
COMPUTER DATA BASICS How does a computer understand data? Computers process digital bits Switches which are off or on Translate computer numbers to human readable numbers How do people make sense of data? Grouping pre-set amounts of data together Simplest is called a Byte (8 Bits) Storage is measured in terms of bytes A Megabytes is 1 Million bytes Set length vs. variable length
SWITCHES OFF OFF OFF OFF OFF
SWITCHES OFF ON PATTERN OFF Groups of ones and zeros can represent a binary number OFF ON 1 OFF OFF ON 1
TRANSLATING COMPUTER NUMBERS TO HUMAN 1 1 1 2 1 1 3 1 4 1 1 5 1 1 6 1 1 1 7 1 8
BYTE SET LENGTH DATA 1 1 1 1 Set length One Byte = 8 bits Digital is always in multiples of two Cannot count in base ten Count in Hexadecimal Set length for standard computer operations know how much data to use
BYTE Byte is smallest set length data Counting is done in Hexadecimal 16 combinations Represented F After 16 combinations caries to next place After F is 1 All ones FF 256 combinations with two digits 65,536 combinations with 4 digits 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 = = 1 2 = 3 = 4 = 5 = 6 = 7 = 8 = 9 A = B = C = D E F = 1 1 1 1 1 1 1 1 1 = FF
VARIABLE LENGTH DATA Header Byte Byte Byte Byte Footer Byte Array [4] = [ 4][1A][EF][73] Header and footer tells what is in-between Tells what type and how many Computer has to read contents before operating Human functions use data in variable lengths Programs tell computer how to use the data Any type of data can be in variable lengths
HOW PEOPLE UNDERSTAND COMPUTER DATA? Characters & symbols (Hexadecimal) ASCII English U.S. standard (1 byte) Unicode Worldwide characters (2 bytes) Commands Instructions for computer Files storage Memory, media, cloud Human content and files people create Separate data into recognizable pieces Headers and footers Tell information about the contents Who owns the content Content type or how to handle Security requirements
ASCII AMERICAN STANDARD CODE FOR INFORMATION INTERCHANGE
UNICODE TABLE
COMMANDS Strings of characters recognized by computer Perform actions or run processes Trace route computer command example
COMPUTER NETWORKING BASICS Communication between systems Data is broken up into small pieces to send called Packets Each packet has headers and footers Gives destination and handling instructions Data is reassembled when received Negotiation between sender and receiver Verified completeness Request resend if needed Transporting Data content Packets and Routing Changing path networks Important Security Concepts
IMPORTANT CONCEPTS FOR CYBER SECURITY STRUCTURED VS. DYNAMIC DETERMINISTIC VS. NON-DETERMINISTIC SYNCHRONOUS VS. ASYNCHRONOUS Structured transport - - Set size content - - Set path - - Predictable timing Dynamic transport -Variable size content -Variable path -Variable timing
BASIC CYBER SECURITY OPERATIONS 1. Identifying data 2. Hiding data in plain sight 3. Creating unique signatures 4. Verifying the people or machines 5. Safe data storage and transmission 6. Tracking and verifying actions 7. Distributing trust worldwide All products and applications in cyber security implement combinations of these basic cyber security operations
IDENTIFYING DATA Unique Identification Fingerprints uniquely identify people Data can also have a unique fingerprint What are files made of? Files are composed of numbers Computers understand them by formatting into patterns Since they are numbers all files can have mathematical operations done on them
IDENTIFYING DATA Hash Algorithms Mathematic equation Inputs any length of data Acts as a number crunching machine Outputs a set-length series of bits Each bit change on the input changes output drastically A given input produces same output every time What does this give you? Create Identity for data Then verify the same data later Data fingerprint is a number Output in Hexadecimal Example { A1 2E F4 63 1 F. } Hash algorithms are identified by the size of the string of bits they output SHA 1 (16 bit output) SHA 256 (256 bit output)
HASH DEMO Hash Demo https://anders.com/blockchain/hash.html
HIDING DATA IN PLAIN SIGHT XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX Encryption algorithm Mathematical equation Input numbers (files) Input key Uses a process which includes the key to scramble the output Encrypts entire file in blocks Process is reversible to decrypt Algorithm is public Algorithm strength is based on length of the key What does encrypted text look like? Example Apple Computer 41 7 7 6C 65 2 43 6F 6D 7 75 74 65 72 Encrypted it may look like 71 FA 39 7C 3 21 8D 32 8F 9 A7 55 FC 31 qú9! 2 Uü1
HIDING DATA IN PLAIN SIGHT Read XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX Symmetric (exhibiting symmetry) encryption Encrypt data (use a read/write key) Decrypt using the same key One key shared by everyone that encrypts or decrypts Less complicated math allows rapid operation
HIDING DATA IN PLAIN SIGHT Read XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX Decrypt using the same key One key shared by everyone that encrypts or decrypts Less complicated math allows rapid operation Challenges include key exchange and key management
HIDING DATA IN PLAIN SIGHT Asymmetric (Having no balance or symmetry) encryption Encrypt data with a key
HIDING DATA IN PLAIN SIGHT Read Asymmetric (Having no balance or symmetry) encryption Decrypt using a different Read key
HIDING DATA IN PLAIN SIGHT Read Read Asymmetric (Having no balance or symmetry) encryption Encrypt data with a key Decrypt using a different Read key Keys managed to keep read key Private Everyone can have key (make it public) Asymmetric algorithms have complicated math Time of operations varies and is unpredictable Usually just key exchanges are Asymmetric
CREATING UNIQUE SIGNATURES Read Creating signatures uses combination of last two operations Hash algorithm to create a fingerprint Asymmetric encrypt the fingerprint with Key Create an unchangeable signature
CREATING UNIQUE SIGNATURES Read Read Read Read Keys are managed differently Keep key private (Private signing key) Everyone can have Read key (make it public) Anyone can use Read key to decrypt What have you produced? Nobody can change the signature without your private key They verify you signed it if they can decrypt with your Read key They can reproduce the fingerprint to verify the data has not changed
VERIFYING THE PEOPLE OR MACHINES THAT MAKE CHANGES TO DATA Authentication Verifying something you know and/or something you have You know a password and/or you have a key Ultimately their must be an accountable person to be trusted Someone issued an authorized person keys Someone issued a person a drivers license or credit card The base trust requires accountability, someone with something to loose. Once initial trust is set up Authentication is done each on some reoccurring basis to verify the continuation of that trust Transferred trust to a computer machine Trust the user accessing the machine Trust for the manufacturer of the machine Trust for the software on the machine Authentication of a machine is only as reliable as the person which can be proven to be responsible for the machine and thus can be held accountable
VERIFYING THE PEOPLE OR MACHINES Do they match Password = Memory Authentication knowledge should not be stored on machine being accessed or the network you log into Use Hash or encryption operation and match output Produce Fingerprint from password Retrieve saved fingerprint What does this give you? The machine or system does not have a copy of your password With a strong password they could spend more than a lifetime trying to match the Algorithm output How easy is it to produce a match determines the strength of your password Attackers try to guess password and not to break the Hash 128 Bit (2 128 ) approximately the number of atoms in the Sun 256 Bit (2 256 ) approximately the number of atoms in the known universe
SAFE DATA STORAGE AND TRANSMISSION Similar needs for storage and transmitting data Data is moved somewhere and at either another time or in another location it is accessed again Security has to answer questions about what happens between those times and/or locations Did someone see it that was not allowed to? Did an error in the system change something? Did someone change it? Did someone intercept and alter the content? Did intended recipient get the data and not someone pretending to be? Storing and Transmitting safely uses a combinations of previous operations Scrambling communications (Encryption) Data Integrity Monitoring - checks for changes
SETTING UP SECURE SESSIONS 1 2 1 RN2 2 Setting up a communication session starts with exchanging keys Asymmetric encryption used for key exchange Simplified exchange process Both ends of communication exchange public keys Remember these are different pairs of keys for each computer The message is decrypted on both ends using each systems Read keys and Once again these Read keys are different on each system Finally the two exchanged portion which were exchanged are put together
SETTING UP SECURE SESSIONS 1 RN2 1 2 2 RN2 1 RN2 Each end generates a random number Encrypts it and sends to other Both sides will have the others random input without anyone being able to see it during transit
SETTING UP SECURE SESSIONS 1 1 2 RN1 2 RN1 2 RN1 Each end generates a random number Encrypts it and sends to other Both sides will have the others random input without anyone being able to see it during transit
SETTING UP SECURE SESSIONS RN2 1 2 Read Private Read Key Encryption Key RN2 + RN1 = Read The message is decrypted on both ends using each systems Read key Once again these Read keys are different on each system Finally the locally created and exchanged random numbers are put together
SETTING UP SECURE SESSIONS 1 2 RN1 Encryption Key Private Read Key Read Read = RN2 + RN1 Both sides already have the random number they generated This side also decrypts the others random using its private Read key Once again these Read keys are different on each system The combination of both sides now becomes the total key which was exchanged without anyone being able to see it during transit.
SETTING UP SECURE SESSIONS 1 2 Encrypt Read Read Data Data Scrambling data while in transit or storage The Encryption (Read/) Key is used on both ends Data in is scrambled before sending (Encrypted)
SETTING UP SECURE SESSIONS Read 1 2 Encrypted Data Read Data On the wire or in storage it is not readable Both Side have the capability of encrypting or decrypting Shared keys can be placed in more then two location or systems
SETTING UP SECURE SESSIONS 1 2 Read Read Data Decrypt Data When it is received it is unscrambled (Decrypted) Data can be stored for indefinitely and then decrypted as long as the key is stored safely
Read VERIFYING INTEGRITY IN SESSIONS, OR WHILE STORED Do they match = Setting up to perform integrity verification Create a fingerprint of data before storage or transmission Create signatures to accompany files or data Store or transmit data content as needed for operations When retrieved from memory or after transmission re-hash data Use Read key included in certificate to decrypt certificate fingerprint Verify the original Fingerprint matches the re-created one A match proves the data's integrity
TRACKING AND VERIFYING ACTIONS Many Transactions Stored in Database Signing a computer transaction Digital information is comprised of numbers Current User and Computer Information about the action Time action took place Put information together to build a transaction signature Signatures of events can be verified later Use and event logging Each action and/or Signature can be logged Verifying transactions later tell us, who, when, where and on which systems performed the actions.
TRACKING AND VERIFYING ACTIONS Linking the people, systems, actions, and the times they take place together Security operations makes it possible to mathematically verify any computer generated content As long the person or system holding the private key has not been compromised Signing the fingerprint provides a certifiable record of that exact data combination. Actions are non-reputable, and can prove that they were performed Credit card transaction Banking transfer User information changes Access or updating confidential material Log files store transactions Elevated access logging -Log any time users log in with higher then normal access The dilemma is always how do you track and watch the watchers
DISTRIBUTING TRUST WORLDWIDE Monetary Transactions Integrity of communications Supply Chain Tracking Accountability of Ownership Digital Rights Managements Allowed Software Profiles Individualized Privacy and Permission Verifiable Audit Records Immutable Accountability of Actions Distributed Access to Single Data Storage Location Immutable proof of origin Risk becomes deterministic and quantifiable Verifiable Quality Comparisons
BLOCKCHAIN DEMO Block Chain Demo https://anders.com/blockchain/blockchain.html
COMBINATIONS OF BASIC CYBER SECURITY OPERATIONS 1. Identifying data 2. Hiding data in plain sight 3. Creating unique signatures 4. Verifying the people or machines 5. Safe data storage and transmission 6. Tracking and verifying actions 7. Distributing Trust Worldwide What are the most sensitive components of data we need to protect?
TAKING PRECAUTIONS HANDLING THE MOST SENSITIVE MATERIAL What is the most sensitive digital material? What are most cybersecurity operation we looked at based on? Storage and handling of Keys Relatively small pieces of data The better quality of the key the more random its bits But this makes them different then other files Files have patterns with headers & footers Focus of a strong digital security is making processes and designs which protect these keys
CYBER SECURITY MADE SIMPLE Author: Christopher Gorog www.logiccentral.org www.newcyberfrontier.com Christopher Gorog, MBA, PMP, CISSP Lead Faculty for Cybersecurity at Colorado Technical University; Published Author, Board of Advisors for Cyber Institute of the National Cybersecurity Center, Board of Directors for Cyber Resilience Institute, Host of New Cyber Frontier, and PhD Candidate at UCCS