CYBER SECURITY MADE SIMPLE

Similar documents
Introduction to Cryptography in Blockchain Technology. December 23, 2018

Overview. SSL Cryptography Overview CHAPTER 1

Most Common Security Threats (cont.)

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

Network Security and Cryptography. 2 September Marking Scheme

Pretty Good Privacy (PGP

CS 425 / ECE 428 Distributed Systems Fall 2017

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Security in ECE Systems

Cryptography (Overview)

(2½ hours) Total Marks: 75

How Secured2 Uses Beyond Encryption Security to Protect Your Data

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Computers and Security

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Cryptographic Concepts

Authentication. Chapter 2

Lesson 13 Securing Web Services (WS-Security, SAML)

Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1

BS801E-BSCS. Cryptography

Public-key Cryptography: Theory and Practice

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

NETWORK SECURITY & CRYPTOGRAPHY

Service Managed Gateway TM. Configuring IPSec VPN

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Distributed Systems. Lecture 14: Security. 5 March,

Firewalls, Tunnels, and Network Intrusion Detection

20-CS Cyber Defense Overview Fall, Network Basics

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Authentication CHAPTER 17

Linux Network Administration

Security. Communication security. System Security

CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

WHITE PAPER. Authentication and Encryption Design

2.1 Basic Cryptography Concepts

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

CS 161 Computer Security

Digital Certificates Demystified

Vidder PrecisionAccess

Pretty Good Privacy (PGP)

WHITE PAPER. Secure communication. - Security functions of i-pro system s

Wireless Attacks and Countermeasures

Exam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

UNIT - IV Cryptographic Hash Function 31.1

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Deprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Network Security and Cryptography. December Sample Exam Marking Scheme

SMart esolutions Information Security

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

Wireless LAN Security. Gabriel Clothier

Systems Analysis and Design in a Changing World, Fourth Edition

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

Message authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

HOST Authentication Overview ECE 525

Security Digital Certificate Manager

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Authenticating on a Ham Internet

Viability of Cryptography FINAL PROJECT

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

18-642: Cryptography 11/15/ Philip Koopman

Outline Key Management CS 239 Computer Security February 9, 2004

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Authentication & Authorization

BreezeACCESS VL Security

CRYPTOGRAPHY. BY, Ayesha Farhin

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

2/24/2018. Computer Security CS433 Luai E. Hasnawi, PhD

CS 111. Operating Systems Peter Reiher

A Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography

ECE646 Fall Lab 1: Pretty Good Privacy. Instruction

BlackBerry Enterprise Solution Security

Ralph Durkee Independent Consultant Security Consulting, Security Training, Systems Administration, and Software Development

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

e-commerce Study Guide Test 2. Security Chapter 10

Network Security Issues and Cryptography

Security Handshake Pitfalls

Security PGP / Pretty Good Privacy. SANOGXXX July, 2017 Gurgaon, Haryana, India

1.264 Lecture 28. Cryptography: Asymmetric keys

WAVE: A decentralised authorization system for IoT via blockchain smart contracts

Internet Architecture

Introduction Classical Confidentiality Modern Confidentiality Integrity Authentication

The Match On Card Technology

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions

14. Internet Security (J. Kurose)

SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9

PKI Credentialing Handbook

Transcription:

CYBER SECURITY MADE SIMPLE Author: Christopher Gorog www.logiccentral.org www.newcyberfrontier.com Christopher Gorog, MBA, PMP, CISSP Lead Faculty for Cybersecurity at Colorado Technical University; Published Author, Board of Advisors for Cyber Institute of the National Cybersecurity Center, Board of Directors for Cyber Resilience Institute, Host of New Cyber Frontier, and PhD Candidate at UCCS

CYBERSECURITY AND SECURITY Security - the state of being protected or safe from harm (merriam-webster.com) Cybersecurity - measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack (merriamwebster.com) Where do we start? Keeping the good guys in line Keeping the bad guys out Preventative security Strengthening defenses Reactive security Blocking attacks

INFORMATION SECURITY AND DESIGN SECURITY BASICS Information Security C.I.A. acronym Confidentiality and Integrity are properties of data Availability changes due to dynamic nature of technology For Cyber Physical Designs Additive Property of Reduced Availability 98% Uptime = 2% down time Dependency of 5 components (each 98% uptime) = ~1% downtime Availability = Constant = 1% Design Security P.A.I.N. acronym Privacy Protecting interfaces and data so only authorized actors have access to them Authentication Verify a actors before are trusted to utilize systems and data Integrity Prove that a configurations and/or data has not changed Non-repudiation Prove an action was taken by another actor such that the action cannot be denied

COMPUTER DATA BASICS How does a computer understand data? Computers process digital bits Switches which are off or on Translate computer numbers to human readable numbers How do people make sense of data? Grouping pre-set amounts of data together Simplest is called a Byte (8 Bits) Storage is measured in terms of bytes A Megabytes is 1 Million bytes Set length vs. variable length

SWITCHES OFF OFF OFF OFF OFF

SWITCHES OFF ON PATTERN OFF Groups of ones and zeros can represent a binary number OFF ON 1 OFF OFF ON 1

TRANSLATING COMPUTER NUMBERS TO HUMAN 1 1 1 2 1 1 3 1 4 1 1 5 1 1 6 1 1 1 7 1 8

BYTE SET LENGTH DATA 1 1 1 1 Set length One Byte = 8 bits Digital is always in multiples of two Cannot count in base ten Count in Hexadecimal Set length for standard computer operations know how much data to use

BYTE Byte is smallest set length data Counting is done in Hexadecimal 16 combinations Represented F After 16 combinations caries to next place After F is 1 All ones FF 256 combinations with two digits 65,536 combinations with 4 digits 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 = = 1 2 = 3 = 4 = 5 = 6 = 7 = 8 = 9 A = B = C = D E F = 1 1 1 1 1 1 1 1 1 = FF

VARIABLE LENGTH DATA Header Byte Byte Byte Byte Footer Byte Array [4] = [ 4][1A][EF][73] Header and footer tells what is in-between Tells what type and how many Computer has to read contents before operating Human functions use data in variable lengths Programs tell computer how to use the data Any type of data can be in variable lengths

HOW PEOPLE UNDERSTAND COMPUTER DATA? Characters & symbols (Hexadecimal) ASCII English U.S. standard (1 byte) Unicode Worldwide characters (2 bytes) Commands Instructions for computer Files storage Memory, media, cloud Human content and files people create Separate data into recognizable pieces Headers and footers Tell information about the contents Who owns the content Content type or how to handle Security requirements

ASCII AMERICAN STANDARD CODE FOR INFORMATION INTERCHANGE

UNICODE TABLE

COMMANDS Strings of characters recognized by computer Perform actions or run processes Trace route computer command example

COMPUTER NETWORKING BASICS Communication between systems Data is broken up into small pieces to send called Packets Each packet has headers and footers Gives destination and handling instructions Data is reassembled when received Negotiation between sender and receiver Verified completeness Request resend if needed Transporting Data content Packets and Routing Changing path networks Important Security Concepts

IMPORTANT CONCEPTS FOR CYBER SECURITY STRUCTURED VS. DYNAMIC DETERMINISTIC VS. NON-DETERMINISTIC SYNCHRONOUS VS. ASYNCHRONOUS Structured transport - - Set size content - - Set path - - Predictable timing Dynamic transport -Variable size content -Variable path -Variable timing

BASIC CYBER SECURITY OPERATIONS 1. Identifying data 2. Hiding data in plain sight 3. Creating unique signatures 4. Verifying the people or machines 5. Safe data storage and transmission 6. Tracking and verifying actions 7. Distributing trust worldwide All products and applications in cyber security implement combinations of these basic cyber security operations

IDENTIFYING DATA Unique Identification Fingerprints uniquely identify people Data can also have a unique fingerprint What are files made of? Files are composed of numbers Computers understand them by formatting into patterns Since they are numbers all files can have mathematical operations done on them

IDENTIFYING DATA Hash Algorithms Mathematic equation Inputs any length of data Acts as a number crunching machine Outputs a set-length series of bits Each bit change on the input changes output drastically A given input produces same output every time What does this give you? Create Identity for data Then verify the same data later Data fingerprint is a number Output in Hexadecimal Example { A1 2E F4 63 1 F. } Hash algorithms are identified by the size of the string of bits they output SHA 1 (16 bit output) SHA 256 (256 bit output)

HASH DEMO Hash Demo https://anders.com/blockchain/hash.html

HIDING DATA IN PLAIN SIGHT XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX Encryption algorithm Mathematical equation Input numbers (files) Input key Uses a process which includes the key to scramble the output Encrypts entire file in blocks Process is reversible to decrypt Algorithm is public Algorithm strength is based on length of the key What does encrypted text look like? Example Apple Computer 41 7 7 6C 65 2 43 6F 6D 7 75 74 65 72 Encrypted it may look like 71 FA 39 7C 3 21 8D 32 8F 9 A7 55 FC 31 qú9! 2 Uü1

HIDING DATA IN PLAIN SIGHT Read XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX Symmetric (exhibiting symmetry) encryption Encrypt data (use a read/write key) Decrypt using the same key One key shared by everyone that encrypts or decrypts Less complicated math allows rapid operation

HIDING DATA IN PLAIN SIGHT Read XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX Decrypt using the same key One key shared by everyone that encrypts or decrypts Less complicated math allows rapid operation Challenges include key exchange and key management

HIDING DATA IN PLAIN SIGHT Asymmetric (Having no balance or symmetry) encryption Encrypt data with a key

HIDING DATA IN PLAIN SIGHT Read Asymmetric (Having no balance or symmetry) encryption Decrypt using a different Read key

HIDING DATA IN PLAIN SIGHT Read Read Asymmetric (Having no balance or symmetry) encryption Encrypt data with a key Decrypt using a different Read key Keys managed to keep read key Private Everyone can have key (make it public) Asymmetric algorithms have complicated math Time of operations varies and is unpredictable Usually just key exchanges are Asymmetric

CREATING UNIQUE SIGNATURES Read Creating signatures uses combination of last two operations Hash algorithm to create a fingerprint Asymmetric encrypt the fingerprint with Key Create an unchangeable signature

CREATING UNIQUE SIGNATURES Read Read Read Read Keys are managed differently Keep key private (Private signing key) Everyone can have Read key (make it public) Anyone can use Read key to decrypt What have you produced? Nobody can change the signature without your private key They verify you signed it if they can decrypt with your Read key They can reproduce the fingerprint to verify the data has not changed

VERIFYING THE PEOPLE OR MACHINES THAT MAKE CHANGES TO DATA Authentication Verifying something you know and/or something you have You know a password and/or you have a key Ultimately their must be an accountable person to be trusted Someone issued an authorized person keys Someone issued a person a drivers license or credit card The base trust requires accountability, someone with something to loose. Once initial trust is set up Authentication is done each on some reoccurring basis to verify the continuation of that trust Transferred trust to a computer machine Trust the user accessing the machine Trust for the manufacturer of the machine Trust for the software on the machine Authentication of a machine is only as reliable as the person which can be proven to be responsible for the machine and thus can be held accountable

VERIFYING THE PEOPLE OR MACHINES Do they match Password = Memory Authentication knowledge should not be stored on machine being accessed or the network you log into Use Hash or encryption operation and match output Produce Fingerprint from password Retrieve saved fingerprint What does this give you? The machine or system does not have a copy of your password With a strong password they could spend more than a lifetime trying to match the Algorithm output How easy is it to produce a match determines the strength of your password Attackers try to guess password and not to break the Hash 128 Bit (2 128 ) approximately the number of atoms in the Sun 256 Bit (2 256 ) approximately the number of atoms in the known universe

SAFE DATA STORAGE AND TRANSMISSION Similar needs for storage and transmitting data Data is moved somewhere and at either another time or in another location it is accessed again Security has to answer questions about what happens between those times and/or locations Did someone see it that was not allowed to? Did an error in the system change something? Did someone change it? Did someone intercept and alter the content? Did intended recipient get the data and not someone pretending to be? Storing and Transmitting safely uses a combinations of previous operations Scrambling communications (Encryption) Data Integrity Monitoring - checks for changes

SETTING UP SECURE SESSIONS 1 2 1 RN2 2 Setting up a communication session starts with exchanging keys Asymmetric encryption used for key exchange Simplified exchange process Both ends of communication exchange public keys Remember these are different pairs of keys for each computer The message is decrypted on both ends using each systems Read keys and Once again these Read keys are different on each system Finally the two exchanged portion which were exchanged are put together

SETTING UP SECURE SESSIONS 1 RN2 1 2 2 RN2 1 RN2 Each end generates a random number Encrypts it and sends to other Both sides will have the others random input without anyone being able to see it during transit

SETTING UP SECURE SESSIONS 1 1 2 RN1 2 RN1 2 RN1 Each end generates a random number Encrypts it and sends to other Both sides will have the others random input without anyone being able to see it during transit

SETTING UP SECURE SESSIONS RN2 1 2 Read Private Read Key Encryption Key RN2 + RN1 = Read The message is decrypted on both ends using each systems Read key Once again these Read keys are different on each system Finally the locally created and exchanged random numbers are put together

SETTING UP SECURE SESSIONS 1 2 RN1 Encryption Key Private Read Key Read Read = RN2 + RN1 Both sides already have the random number they generated This side also decrypts the others random using its private Read key Once again these Read keys are different on each system The combination of both sides now becomes the total key which was exchanged without anyone being able to see it during transit.

SETTING UP SECURE SESSIONS 1 2 Encrypt Read Read Data Data Scrambling data while in transit or storage The Encryption (Read/) Key is used on both ends Data in is scrambled before sending (Encrypted)

SETTING UP SECURE SESSIONS Read 1 2 Encrypted Data Read Data On the wire or in storage it is not readable Both Side have the capability of encrypting or decrypting Shared keys can be placed in more then two location or systems

SETTING UP SECURE SESSIONS 1 2 Read Read Data Decrypt Data When it is received it is unscrambled (Decrypted) Data can be stored for indefinitely and then decrypted as long as the key is stored safely

Read VERIFYING INTEGRITY IN SESSIONS, OR WHILE STORED Do they match = Setting up to perform integrity verification Create a fingerprint of data before storage or transmission Create signatures to accompany files or data Store or transmit data content as needed for operations When retrieved from memory or after transmission re-hash data Use Read key included in certificate to decrypt certificate fingerprint Verify the original Fingerprint matches the re-created one A match proves the data's integrity

TRACKING AND VERIFYING ACTIONS Many Transactions Stored in Database Signing a computer transaction Digital information is comprised of numbers Current User and Computer Information about the action Time action took place Put information together to build a transaction signature Signatures of events can be verified later Use and event logging Each action and/or Signature can be logged Verifying transactions later tell us, who, when, where and on which systems performed the actions.

TRACKING AND VERIFYING ACTIONS Linking the people, systems, actions, and the times they take place together Security operations makes it possible to mathematically verify any computer generated content As long the person or system holding the private key has not been compromised Signing the fingerprint provides a certifiable record of that exact data combination. Actions are non-reputable, and can prove that they were performed Credit card transaction Banking transfer User information changes Access or updating confidential material Log files store transactions Elevated access logging -Log any time users log in with higher then normal access The dilemma is always how do you track and watch the watchers

DISTRIBUTING TRUST WORLDWIDE Monetary Transactions Integrity of communications Supply Chain Tracking Accountability of Ownership Digital Rights Managements Allowed Software Profiles Individualized Privacy and Permission Verifiable Audit Records Immutable Accountability of Actions Distributed Access to Single Data Storage Location Immutable proof of origin Risk becomes deterministic and quantifiable Verifiable Quality Comparisons

BLOCKCHAIN DEMO Block Chain Demo https://anders.com/blockchain/blockchain.html

COMBINATIONS OF BASIC CYBER SECURITY OPERATIONS 1. Identifying data 2. Hiding data in plain sight 3. Creating unique signatures 4. Verifying the people or machines 5. Safe data storage and transmission 6. Tracking and verifying actions 7. Distributing Trust Worldwide What are the most sensitive components of data we need to protect?

TAKING PRECAUTIONS HANDLING THE MOST SENSITIVE MATERIAL What is the most sensitive digital material? What are most cybersecurity operation we looked at based on? Storage and handling of Keys Relatively small pieces of data The better quality of the key the more random its bits But this makes them different then other files Files have patterns with headers & footers Focus of a strong digital security is making processes and designs which protect these keys

CYBER SECURITY MADE SIMPLE Author: Christopher Gorog www.logiccentral.org www.newcyberfrontier.com Christopher Gorog, MBA, PMP, CISSP Lead Faculty for Cybersecurity at Colorado Technical University; Published Author, Board of Advisors for Cyber Institute of the National Cybersecurity Center, Board of Directors for Cyber Resilience Institute, Host of New Cyber Frontier, and PhD Candidate at UCCS

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback