Objects and Subjects

Objects are resources that a user or process wants to access, and subjects are the users or processes requesting access. If the resource is requesting access, it is a subject. If a resource is being accessed, it is an object. Many resources can be both objects and subjects.

Let’s look at an example. Suppose Jim, a user, wants to access an application. In this case, Jim is a subject, and the application is an object. If the application Jim uses needs to access a database, then the application is the subject, and the database is the object.

Closed Versus Open Systems

A closed system is a proprietary system that is designed to work with a limited range of other systems. Open systems conform to industry standards and can work with systems that support the same standard. When an organization is integrating these systems, closed systems are harder to integrate, whereas open systems are much easier to integrate.

Threat Modeling

Threat modeling is the process of identifying potential threats and determining possible mitigations and countermeasures, if any, for the threats. The process can provide an organization with an attacker’s profile, likely attack vectors, targeted asset, and an analysis of the controls or defenses that should be implemented for the identified threats.

Least Privilege

The principle of least privilege is important in the design of systems. Least privilege means that users are granted access only to the information and resources that are minimally necessary for them to do their jobs. If the principle of least privilege is strictly enforced across an organization and the appropriate procedures are in place, privilege creep, wherein user privileges accumulate over time, will be prevented so that systems are as secure as possible.

When designing operating system processes, security professionals should ensure that system processes run in user mode when possible. When a process executes in privileged mode, the potential for vulnerabilities greatly increases. If a process needs access to privileged services, it is best to use an application programming interface (API) to ask for supervisory-mode services.

Related to the principle of least privilege, the principle of least functionality is that systems and devices should be configured to provide only essential or minimally required capabilities and specifically prohibit or restrict the use of functions, ports, protocols, and services.

Defense in Depth

Communications security management and techniques are designed to prevent, detect, and correct errors so that the CIA of transactions over networks might be maintained. Most computer attacks result in a violation of one of the security properties: confidentiality, integrity, or availability. A defense-in-depth approach refers to deploying layers of protection. For example, even when you are deploying firewalls, access control lists (ACLs) should still be applied to resources to help prevent access to sensitive data in case the firewall is breached.

Secure Defaults

Secure defaults, also referred to as secure by default, is a term used to describe a condition wherein an application’s or device’s default settings are set to the most secure settings possible. If the application or device is reset, these secure defaults should be maintained. Security professionals should keep in mind that the most secure settings are not often the most user-friendly settings.

If a technology follows secure defaults principles, the technology will have embedded, built-in cybersecurity principles. Depending on the technology, device, or application, best practices in secure defaults should include password prompts, history, length and strength, the closing of unused ports or services, encryption, and remote access disablement.

Fail Securely

To understand the concept of fail securely, security professionals must understand two related terms: fail safe and fail secure. Most often these terms are used in conjunction with physical controls, particularly door locks.

A product that is fail safe is unlocked when power is removed. Personnel therefore can enter or leave the area. A product that is fail secure is locked when power is removed. In this case, personnel can leave the area, but they must use a key to enter the area. These terms refer to the status of the secure side of the door. Most products provide free egress or exit whether they are fail safe or fail secure.

Fail-safe products should never be used for areas of high security. Simply cutting the power would give a threat actor access to the security area. Security professionals should ensure that public or general areas use fail-safe products, whereas secure areas, such as data centers, use fail-secure products.

Separation of Duties (SoD)

Separation of duties (SoD) is an internal personnel control that distributes the tasks and associated privileges for a security process among multiple personnel. It is most often associated with an organization’s financial accounting policies whereby controls are put into place for issuing checks. The person inputting the payment information is usually a separate person than the one who signs or otherwise authorizes the checks after printing. In addition, organizations often implement policies whereby checks above a certain amount require two signatures.

SoD, as it relates to security, has two primary objectives: (1) to prevent conflict of interest, fraud, abuse, or errors and (2) to detect control failures, including breaches, data theft, and circumvention of security controls.

SoD restricts the power or influence held by any one person. It also ensures that personnel do not have conflicting responsibilities and are not responsible for reporting on themselves or their superiors. For example, in an IT department, the person who creates the user accounts can only do so with the proper request made by a department head or asset owner, and the person who assigns the appropriate permissions can only do so with the proper request made by the data or asset owner.

Keep It Simple

Keep it simple, also referred to as keep it simple, stupid (KISS), is a design principle that states a design and/or system should be as simple as possible and avoid unneeded complexity. Simplicity guarantees the greatest levels of user acceptance and interaction.

Security professionals should ensure that organizations focus on implementing simple controls to provide security for confidentiality, integrity, and availability. To offset the need for controls to be simple, organizations should deploy a layered security model.

Zero Trust

Zero trust is a security model based on the principle of maintaining strict access controls and not trusting anyone or anything by default. Zero trust requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter.

In a zero trust environment, each access request is fully identified, authenticated, authorized, and encrypted before granting access. A zero trust environment is built upon five fundamental elements:

• The person or device is always assumed to be hostile.

• External and internal threats exist at all times.

• Location is not sufficient for deciding trust in a person or device.

• Every device, user, and communication is identified, authenticated, and authorized.

• Policies must be dynamic and calculated from as many sources of data as possible.

To fully implement zero trust, organizations must deploy multifactor authentication (MFA), the principle of least privilege, and endpoint validation.

Privacy by Design

Privacy by design is a term that implies data protection through technology design. Behind this is the thought that data protection in data processing procedures is best adhered to when it is already integrated in the technology at creation. It is a concept in the General Data Protection Regulation (GDPR).

In new systems, security professionals should implement privacy by design by emphasizing privacy and security throughout the design process. Privacy should be integrated into a system from day one. Security professionals should implement privacy by design in an existing system by deconstructing and analyzing the system. This is more difficult and time-consuming. A privacy audit should be performed on the existing system to examine how privacy has been embedded into the system, identify weak-points, and create new user-friendly solutions.

Trust but Verify

Trust but verify is a principle that is used when communicating entities trust each other but verify that such trust should be provided through the verification of an established relationship. When implementing trust but verify, security professionals should ensure their organizations

• Use multiple asset inventory tools for verification and validation.

• Use vulnerability management scanning tools to verify patching and hardening settings.

• Use account reviews to verify that the principle of least privilege is enforced.

• Use penetration tests and security posture testing in production environments.

• Document supporting artifacts and evidence for audits and reviews.

Using a trust but verify approach ensures that checks and balances are implemented and that the appropriate controls are deployed to meet the expectations of the organization.

Shared Responsibility

Shared responsibility is a principle that requires that each user is accountable for different aspects of security and all must work together to ensure full coverage. All personnel within an organization must be aware of their responsibilities regarding security. During annual security and awareness training, personnel should be given scenarios wherein they see when and how to report security issues they may encounter.

All organizations should implement a security issues reporting portal so that it becomes part of organizational culture. This portal should include a feature that allows personnel to anonymously report security issues or violations that they observe to the appropriate management. Personnel can choose to remain anonymous or to disclose their identity.

Confidentiality, Integrity, and Availability

The essential security principles of confidentiality, integrity, and availability are referred to as the CIA triad. Confidentiality is provided if the data cannot be read either through access controls and encryption for data as it exists on a hard drive or through encryption as the data is in transit. With respect to information security, confidentiality is the opposite of disclosure.

Integrity is provided if you can be assured that the data has not changed in any way. This is typically provided with a hashing algorithm or a checksum of some kind. Both methods create a number that is sent along with the data. When the data gets to the destination, this number can be used to determine whether even a single bit has changed in the data by calculating the hash value from the data that was received. This approach helps to protect data against undetected corruption.

Some additional integrity goals are to

• Prevent unauthorized users from making modifications.

• Maintain internal and external consistency.

• Prevent authorized users from making improper modifications.

Availability describes what percentage of the time the resource or the data is available. This is usually measured as a percentage of “up” time, with 99.9 percent up time representing more availability than 99 percent up time. Making sure that the data is accessible when and where it is needed is a prime goal of security.

Confinement

Confinement is a term used to describe isolating processes or machines/subsystems in a larger system. When a process is confined, the process is only allowed to read from and write to certain memory locations and resources. Confinement is usually carried out using the operating system, through a confinement service, or using a hypervisor.

Bounds

On a system, processes run at an assigned authority level, which defines what the process can do. Two common authority levels are user and kernel. The bounds of a process set limits on the memory addresses and resources the process can access. The bounds logically segment memory areas for each process to use. Highly secure systems will physically bound the processes, meaning that the processes run in memory areas that are physically separated from each other. Logically bounded memory is cheaper than but not as secure as physically bounded memory.

Isolation

A process runs in isolation when it is confined using bounds. Process isolation ensures that any actions taken by the process will only affect the memory and resources used by the isolated process. Isolation prevents other processes, applications, or resources from accessing the memory or resources of another.

Security Modes

A mandatory access control (MAC) system operates in different security modes at various times, based on variables such as sensitivity of data, the clearance level of the user, and the actions users are authorized to take. The following sections provide descriptions of these modes.

Multilevel Security Mode

When a system allows two or more classification levels of information to be processed at the same time, it is said to be operating in multilevel security mode. Users must have a signed NDA for all the information in the system and will have access to subsets based on their clearance level, need-to-know, and formal access approval. These systems involve the highest risk because information is processed at more than one level of security, even when all system users do not have appropriate clearances or a need to know for all information processed by the system. This is also sometimes called controlled security mode. Table 3-1 compares the four security modes and their requirements.

	Signed NDA	Proper Clearance	Formal Approval	Valid Need to Know
Dedicated	All information	All information	All information	All information
System high	All information	All information	All information	Some information
Compartmented	All information	All information	Some information	Some information
Multilevel	All information	Some information	Some information	Some information

Security Model Types

A security model describes the theory of security that is designed into a system from the outset. Formal models have been developed to approach the design of the security operations of a system. In the real world, the use of formal models is often skipped because it delays the design process somewhat (although the cost might be a lesser system). This section discusses some basic model types along with some formal models derived from the various approaches available.

A security model maps the desires of the security policy makers to the rules that a computer system must follow. Different model types exhibit various approaches to achieving this goal. The specific models that are contained in the section “Security Models” incorporate various combinations of these model types.

Take-Grant Model

A system in the Take-Grant model is represented as a directed graph, called a protection graph. The subjects and objects of the computer system are the vertices, and the access rights of subjects to objects are represented by arcs. Although the Take-Grant model uses standard access rights like read and write, the Take-Grant model includes two additional access rights:

• Take (t) is the right to take any access rights from the subject.

• Grant (g) is the right to assign its access rights to any subject.

Figure 3-1 shows a graph of the Take-Grant model’s Take and Grant access rights.

Security Models

A number of formal models incorporating the concepts discussed in the previous section have been developed and used to guide the security design of systems. The following sections discuss some of the more widely used or important security models, including the following:

• Bell-LaPadula model

• Biba model

• Clark-Wilson integrity model

• Lipner model

• Brewer-Nash (Chinese Wall) model

• Graham-Denning model

• Harrison-Ruzzo-Ullman model

• Goguen-Meseguer model

• Sutherland model

Bell-LaPadula Model

The Bell-LaPadula model was the first mathematical model of a multilevel system that used both the concepts of a state machine and those of controlling information flow. It formalizes the U.S. DoD multilevel security policy. It is a state machine model capturing confidentiality aspects of access control. Any movement of information from a higher level to a lower level in the system must be performed by a trusted subject.

Bell-LaPadula, known as “no read up and no write down,” incorporates three basic rules with respect to the flow of information in a system:

• The simple security rule: A subject cannot read data located at a higher security level than that possessed by the subject (also called no read up).

• The star (*)-property rule: A subject cannot write to a lower level than that possessed by the subject (also called no write down or the confinement rule).

• The strong star property rule: A subject can perform both read and write functions only at the same level granted to the subject.

The *-property rule is depicted in Figure 3-2.

The main concern of the Bell-LaPadula security model and its use of these rules is confidentiality. Although its basic model is a MAC system, another property rule called the discretionary security property (ds-property) makes a mixture of mandatory and discretionary controls possible. This property allows a subject to pass along permissions at its own discretion. In the discretionary portion of the model, access permissions are defined through an access control matrix using a process called authorization, and security policies prevent information flowing downward from a high security level to a low security level.

The Bell-LaPadula security model does have limitations. Among those are

• It contains no provision or policy for changing data access control. Therefore, it works well only with access systems that are static in nature.

• It does not address what are called covert channels. A low-level subject can sometimes detect the existence of a high-level object when it is denied access. Sometimes it is not enough to hide the content of an object; also their existence might have to be hidden.

• Its main contribution at the expense of other concepts is confidentiality.

This security policy model was the basis for the Orange Book, discussed in the later section “TCSEC.”

Biba Model

The Biba model came after the Bell-LaPadula model and shares many characteristics with that model. These two models are the most well-known of the models discussed here. It is also a state machine model that uses a series of lattices or security levels, but the Biba model concerns itself more with the integrity of information rather than the confidentiality of that information. It does this by relying on a data classification system to prevent unauthorized modification of data. Subjects are assigned classes according to their trustworthiness; objects are assigned integrity labels according to the harm that would be done if the data were modified improperly.

Like the Bell-LaPadula model, the Biba model applies a series of properties or axioms to guide the protection of integrity. Its effect is that data must not flow from a receptacle of given integrity to a receptacle of higher integrity:

• Integrity axiom: Subjects cannot write to a higher integrity level than that to which they have access (no write up).

• Simple integrity axiom: Subjects cannot read to a lower integrity level than that to which they have access (no read down).

• Invocation property: Subjects cannot invoke (request service of) higher integrity.

Clark-Wilson Integrity Model

Developed after the Biba model, the Clark-Wilson integrity model also concerns itself with data integrity. The model describes a series of elements that are used to control the integrity of data as listed here:

• User: An active user’s agent

• Transformation procedure (TP): An abstract operation, such as read, write, and modify, implemented through programming

• Constrained data item (CDI): An item that can be manipulated only through a TP

• Unconstrained data item (UDI): An item that can be manipulated by a user via read and write operations

• Integrity verification procedure (IVP): A check of the consistency of data with the real world

This model enforces these elements by allowing data to be altered only through programs and not directly by users. Rather than employing a lattice structure, it uses a three-part relationship of subject/program/object known as a triple. It also sets as its goal the concepts of separation of duties and well-formed transactions:

• Separation of duties: This concept ensures that certain operations require additional verification or that all personnel do their part.

• Well-formed transaction: This concept ensures that all values are checked before and after the transaction by carrying out particular operations to complete the change of data from one state to another.

To ensure that integrity is attained and preserved, the Clark-Wilson model asserts, integrity-monitoring and integrity-preserving rules are needed. Integrity-monitoring rules are called certification rules, and integrity-preserving rules are called enforcement rules.

System Architecture Steps

Various models and frameworks discussed in this chapter might differ in the exact steps toward developing a system architecture but do follow a basic pattern. The main steps include

1. Design phase: In this phase system requirements are gathered and the manner in which the requirements will be met is mapped out using modeling techniques that usually graphically depict the components that satisfy each requirement and the interrelationships of these components. At this phase many of the frameworks and security models discussed later in this chapter are used to help meet the architectural goals.

2. Development phase: In this phase hardware and software components are assigned to individual teams for development. At this phase the work done in the first phase can help to ensure these independent teams are working toward components that will fit together to satisfy requirements.

3. Maintenance phase: In this phase the system and security architecture are evaluated to ensure that the system operates properly and that security of the systems is maintained. The system and security should be periodically reviewed and tested.

4. Retirement phase: In this phase the system is retired from use in the live environment. Security professionals must ensure that the organization follows proper disposal procedures and ensure that data cannot be obtained from disposed assets.

ISO/IEC 42010:2011

ISO/IEC 42010:2011 uses specific terminology when discussing architectural frameworks. The following is a review of some of the most important terms:

• Architecture: The organization of the system, including its components and their interrelationships, along with the principles that guide its design and evolution

• Architectural description (AD): The set of documents that convey the architecture in a formal manner

• Stakeholder: Individuals, teams, and departments, including groups outside the organization with interests or concerns to consider

• View: The representation of the system from the perspective of a stakeholder or a set of stakeholders

• Viewpoint: A template used to develop individual views that establish the audience, techniques, and assumptions made

Computing Platforms

A computing platform is composed of the hardware and software components that allow software to run. This typically includes the physical components, the operating systems, and the programming languages used. From a physical and logical perspective, a number of possible frameworks or platforms are in use. The following sections discuss some of the most common.

Virtual Computing

Virtual environments are increasingly being used as the computing platform for solutions. Most of the same security issues that must be mitigated in the physical environment must also be addressed in the virtual network.

In a virtual environment, instances of an operating system are called virtual machines (VMs). A host system can contain many VMs. Software called a hypervisor manages the distribution of resources (CPU, memory, and disk) to the VMs. Figure 3-3 shows the relationship between the host machine, its physical resources, the resident VMs, and the virtual resources assigned to them.

Security Services

The process of creating system architecture also includes design of the security that will be provided. These services can be classified into several categories depending on the protections they are designed to provide. The following sections briefly examine and compare types of security services.

System Components

When discussing the way security is provided in an architecture, having a basic grasp of the components in computing equipment is helpful. The following sections discuss those components and some of the functions they provide.

CPU

The central processing unit (CPU), also called the processor, is the hardware in the system that executes all the instructions in the code. The CPU is the heart of a computer or IT systems. It has its own set of instructions for its internal operation, and those instructions define its architecture. The software that runs on the system must be compatible with this architecture, which really means the CPU and the software can communicate.

When more than one processor is present and available, the system becomes capable of multiprocessing. This capability allows the computer to execute multiple instructions in parallel. It can be done with separate physical processors or with a single processor with multiple cores. When multiple cores are used, each core operates as a separate CPU.

CPUs have their own memory, and the CPU is able to access this memory faster than any other memory location. It also typically has cache memory where the most recently executed instructions are kept in case they are needed again. When a CPU gets an instruction from memory, the process is called fetching.

An arithmetic logic unit (ALU) in the CPU performs the actual execution of the instructions. The control unit acts as the system manager while instructions from applications and operating systems are executed. CPU registers contain the instruction set information and data to be executed and include general registers, special registers, and a program counter register.

CPUs can work in user mode or privileged mode, which is also referred to as kernel or supervisor mode. When applications are communicating with the CPU, it is in user mode. If an instruction that is sent to the CPU is marked to be performed in privileged mode, it must be a trusted operating system process and is given functionality not available in user mode.

The CPU is connected to an address bus. Memory and I/O devices recognize this address bus. These devices can then communicate with the CPU, read requested data, and send it to the data bus.

When microcomputers were first developed, the instruction fetch time was much longer than the instruction execution time because of the relatively slow speed of memory access. This situation led to the design of the Complex Instruction Set Computer (CISC) CPU. In this arrangement, the set of instructions was reduced (while made more complex) to help mitigate the relatively slow memory access.

After memory access was improved to the point where not much difference existed in memory access times and processor execution times, the Reduced Instruction Set Computer (RISC) architecture was introduced. The objective of the RISC architecture was to reduce the number of cycles required to execute an instruction, which was accomplished by making the instructions less complex.

Multitasking and Multiprocessing

Multitasking is the process of carrying out more than one task at a time. Multitasking can be done in two different ways. When the computer has a single processor with one core, it is not really doing multiple tasks at once. It is dividing its CPU cycles between tasks at such a high rate of speed that it appears to be doing multiple tasks at once. However, when a computer has more than one processor or has a processor with multiple cores, then it is capable of actually performing two tasks at the same time. It can do this in two different ways:

• Symmetric mode: In this mode the processors or cores are handed work on a round-robin basis, thread by thread.

• Asymmetric mode: In this mode a processor is dedicated to a specific process or application; when work needs done for that process, it always is done by the same processor. Figure 3-4 shows the relationship between these two modes.

Preemptive multitasking means that task switches can be initiated directly out of interrupt handlers. With cooperative (nonpreemptive) multitasking, a task switch is only performed when a task calls the kernel and allows the kernel a chance to perform a task switch.

Multithreading

Multithreading allows multiple tasks to be performed within a single process. A thread is a self-contained sequence of instruction that can execute in parallel with other threads that are part of the same process. Multithreading is often used in applications to reduce overhead and increase efficiency. An example of multithreading is having multiple Microsoft Excel spreadsheets open at the same time. In this situation, the computer does not run multiple instances of Microsoft Excel. Each spreadsheet is treated as a single thread within the single Microsoft Excel process with the software managing which thread is being accessed.

Single-State Versus Multistate Systems

Single-state systems manage information at different levels using policy mechanisms approved by security administrators. These systems handle one security level at a time. Multistate systems manage multiple security levels at the same time using the protection mechanisms described in the next section. Multistate systems are uncommon because they are so expensive to implement.

Process States

Process states are the different modes in which a process may run. A process can operate in one of several states:

• Ready: The process is ready to start processing when needed.

• Waiting: The process is ready for execution but is waiting for access to an object.

• Running: The process is being executed until the process is finished, the time expires, or the process is blocked or aborted.

• Supervisory: The process is performing an action that requires higher privileges.

• Stopped: The process is finished or terminated.

Operating Systems

The operating system is the software that enables a human to interact with the hardware that comprises the computer. Without the operating system, the computer would be useless. Operating systems perform a number of noteworthy and interesting functions as part of the interfacing between the human and the hardware. In this section, we look at some of these activities.

A thread is an individual unit of an application for a specific process. A process is a set of threads that are part of the same larger application. An application’s instructions are not considered processes until they have been loaded into memory where all instructions must first be copied to be processed by the CPU. A process can be in a running state, ready state, or blocked state. When a process is blocked, it is simply waiting for data to be transmitted to it, usually through user data entry. A group of processes that share access to the same resources is called a protection domain.

CPUs can be categorized according to the way in which they handle processes. A superscalar computer architecture is characterized by a processor that enables concurrent execution of multiple instructions in the same pipeline stage. A processor in which a single instruction specifies more than one concurrent operation is called a Very Long Instruction Word (VLIW) processor. A pipelined processor overlaps the steps of different instructions, whereas a scalar processor executes one instruction at a time, consequently increasing pipelining.

From a security perspective, processes are placed in a ring structure according to the concept of least privilege, meaning they are only allowed to access resources and components required to perform the task. A common visualization of this structure is shown in Figure 3-5.

When a computer system processes I/O instructions, it is operating in supervisor mode. The termination of selected, noncritical processing when a hardware or software failure occurs and is detected is referred to as a fail soft state. It is in a fail safe state if the system automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system.

TCSEC

The Trusted Computer System Evaluation Criteria (TCSEC) was developed by the National Computer Security Center (NCSC) for the U.S. DoD to evaluate products. NCSC has issued a series of books focusing on both computer systems and the networks in which they operate. They address confidentiality, but not integrity. In 2005, TCSEC was replaced by the Common Criteria, discussed later in the chapter. However, security professionals still need to understand TCSEC because of its effect on security practices today and because some of its terminology is still in use.

With TCSEC, functionality and assurance are evaluated separately and form a basis for assessing the effectiveness of security controls built into automatic data-processing system products. For example, the concept of least privilege is derived from TCSEC. In the following sections, we discuss those books and the ratings they derive.

Rainbow Series

The original publication created by the TCSEC was the Orange Book, but as time went by, other books were also created that focused on additional aspects of the security of computer systems. Collectively, this set of more than 20 books is now referred to as the Rainbow Series, alluding to the fact that each book is a different color. For example, the Green Book focuses solely on password management. Next, we cover the most important books: the Red Book, Orange Book, and Green Book.

Red Book

The Trusted Network Interpretation (TNI) extends the evaluation classes of the TCSEC (DOD 5200.28-STD) to trusted network systems and components in the Red Book. So where the Orange Book focuses on security for a single system, the Red Book addresses network security.

Orange Book

The Orange Book is a collection of criteria based on the Bell-LaPadula model that is used to grade or rate the security offered by a computer system product. Covert channel analysis, trusted facility management, and trusted recoveries are concepts discussed in this book.

The goals of this system can be divided into two categories, operational assurance requirements and life cycle assurance requirements, the details of which are defined next.

The operational assurance requirements specified in the Orange Book are as follows:

• System architecture

• System integrity

• Covert channel analysis

• Trusted facility management

• Trusted recovery

The life cycle assurance requirements specified in the Orange Book are as follows:

• Security testing

• Design specification and testing

• Configuration management

• Trusted distribution

TCSEC uses a classification system that assigns an alphabetic letter and a number to describe systems’ security effectiveness. The assigned letter refers to a security assurance level or division as A, B, C, D, and the number refers to gradients within that security assurance level or class. Each division and class incorporates all the required elements of the ones below it.

In order of least secure to most secure, the four classes and their constituent divisions and requirements are as follows:

• D—Minimal Protection

Reserved for systems that have been evaluated but that fail to meet the requirements for a higher division.

• C—Discretionary Protection

  • C1—Discretionary Security Protection

    • – Requires identification and authentication.

    • – Requires separation of users and data.

    • – Uses discretionary access control (DAC) capable of enforcing access limitations on an individual or group basis.

    • – Requires system documentation and user manuals.

  • C2—Controlled Access Protection

    • – Uses a more finely grained DAC.

    • – Provides individual accountability through login procedures.

    • – Requires protected audit trails.

    • – Invokes object reuse theory.

    • – Requires resource isolation.

• B—Mandatory Protection

  • B1—Labeled Security Protection

    • – Uses an informal statement of the security policy.

    • – Requires data sensitivity or classification labels.

    • – Uses MAC over selected subjects and objects.

    • – Capable of label exportation.

    • – Requires removal or mitigation of discovered flaws.

    • – Uses design specifications and verification.

  • B2—Structured Protection

    • – Requires a clearly defined and formally documented security policy.

    • – Uses DAC and MAC enforcement extended to all subjects and objects.

    • – Analyzes and prevents covert storage channels for occurrence and bandwidth.

    • – Structures elements into protection-critical and non-protection-critical categories.

    • – Enables more comprehensive testing and review through design and implementation.

    • – Strengthens authentication mechanisms.

    • – Provides trusted facility management with administrator and operator segregation.

    • – Imposes strict configuration management controls.

  • B3—Security Domains

    • – Satisfies reference monitor requirements.

    • – Excludes code not essential to security policy enforcement.

    • – Minimizes complexity through significant systems engineering.

    • – Defines the security administrator role.

    • – Requires an audit of security-relevant events.

    • – Automatically detects and responds to imminent intrusion detection, including personnel notification.

    • – Requires trusted system recovery procedures.

    • – Analyzes and prevents covert timing channels for occurrence and bandwidth.

    • – An example of such a system is the XTS-300, a precursor to the XTS-400.

• A—Verified Protection

  • A1—Verified Design

    • – Provides higher assurance than B3, but is functionally identical to B3.

    • – Uses formal design and verification techniques, including a formal top-level specification.

    • – Requires that formal techniques are used to prove the equivalence between the Trusted Computer Base (TCB) specifications and the security policy model.

    • – Provides formal management and distribution procedures.

    • – An example of such a system is Honeywell’s Secure Communications Processor (SCOMP), a precursor to the XTS-400.

Green Book

The Green Book provides guidance on password creation and management. It includes single sign-on (SSO) responsibilities, user responsibilities, authentication mechanisms, and password protection. The following major features are advocated in this guideline:

• Users should be able to change their own passwords.

• Passwords should be machine-generated rather than user-created.

• Certain audit reports (e.g., date and time of last login) should be provided by the system directly to the user.

ITSEC

TCSEC addresses confidentiality only and bundles functionality and assurance. In contrast to TCSEC, the Information Technology Security Evaluation Criteria (ITSEC) addresses integrity and availability as well as confidentiality. Another difference is that the ITSEC was mainly a set of guidelines used in Europe, whereas the TCSEC was relied on more in the United States.

ITSEC has a rating system in many ways similar to that of TCSEC. ITSEC has 10 classes, F1 to F10, to evaluate the functional requirements and 7 TCSEC classes, E0 to E6, to evaluate the assurance requirements.

Security functional requirements include the following:

• F00: Identification and authentication

• F01: Audit

• F02: Resource utilization

• F03: Trusted paths/channels

• F04: User data protection

• F05: Security management

• F06: Product access

• F07: Communications

• F08: Privacy

• F09: Protection of the product’s security functions

• F10: Cryptographic support

Security assurance requirements include the following:

• E00: Guidance documents and manuals

• E01: Configuration management

• E02: Vulnerability assessment

• E03: Delivery and operation

• E04: Life cycle support

• E05: Assurance maintenance

• E06: Development

• E07: Testing

The TCSEC and ITSEC systems can be mapped to one another, but the ITSEC provides a number of ratings that have no corresponding concept in the TCSEC ratings. Table 3-3 shows a mapping of the two systems.

The ITSEC has been largely replaced by Common Criteria, discussed in the next section.

Common Criteria

In 1990 the ISO identified the need for a standardized rating system that could be used globally. The Common Criteria (CC) for Information Technology Security Evaluation was the result of a cooperative effort to establish this system. This system uses Evaluation Assurance Levels (EALs) to rate systems, with each EAL representing a successively higher level of security testing and design in a system. The resulting rating represents the potential the system has to provide security. It assumes that the customer will properly configure all available security solutions, so it is required that the vendor always provide proper documentation to allow the customer to fully achieve the rating. ISO/IEC 15408-1:2009 is the ISO version of the CC.

The CC represents requirements for IT security of a product or system in two categories: functionality and assurance. This means that the rating should describe what the system does (functionality), and the degree of certainty the raters have that the functionality can be provided (assurance).

The CC has seven assurance levels, which range from EAL1 (lowest), where functionality testing takes place, through EAL7 (highest), where thorough testing is performed and the system design is verified.

The assurance designators used in the CC are as follows:

• EAL1: Functionally tested

• EAL2: Structurally tested

• EAL3: Methodically tested and checked

• EAL4: Methodically designed, tested, and reviewed

• EAL5: Semi-formally designed and tested

• EAL6: Semi-formally verified design and tested

• EAL7: Formally verified design and tested

The CC uses a concept called a protection profile during the evaluation process. The protection profile describes a set of security requirements or goals along with functional assumptions about the environment. Therefore, if someone identified a security need not currently addressed by any products, that person could write a protection profile that describes the need and the solution and all issues that could go wrong during the development of the system. This would be used to guide the development of a new product. A protection profile contains the following elements:

• Descriptive elements: The name of the profile and a description of the security problem that is to be solved.

• Rationale: Justification of the profile and a more detailed description of the real-world problem to be solved. The environment, usage assumptions, and threats are given along with security policy guidance that can be supported by products and systems that conform to this profile.

• Functional requirements: Establishment of a protection boundary, meaning the threats or compromises that are within this boundary to be countered. The product or system must enforce the boundary.

• Development assurance requirements: Identification of the specific requirements that the product or system must meet during the development phases, from design to implementation.

• Evaluation assurance requirements: Establishment of the type and intensity of the evaluation.

The result of following this process will be a security target. This is the vendor’s explanation of what the product brings to the table from a security standpoint. Intermediate groupings of security requirements developed along the way to a security target are called packages.

While it is important to understand the EAL levels of the CC, the CC has been redesigned. Common Criteria Version 3.1, Revision 5, uses the term Target of Evaluation (TOE). A TOE is defined as a set of software, firmware, and/or hardware possibly accompanied by guidance. The TOE consists of a specific version and a specific representation of the TOE. For example, the Windows 10 Enterprise OS is a specific version, and its configuration on a computer based on the organization’s security policies is the specific representation.

The CC includes two types of evaluations: Security Target (ST)/TOE evaluation and Protection Profile (PP) evaluation. In an ST evaluation, the sufficiency of the TOE and the operational environment are determined. In a TOE evaluation, the correctness of the TOE is determined. The PP evaluation is a document, typically created by a user or user community, which identifies security requirements for a class of security devices relevant to that user for a particular purpose.

The Common Criteria has categorized PPs into 14 categories:

• Access control devices and systems

• Biometric systems and devices

• Boundary protection devices and systems

• Data protection

• Databases

• ICs, smart cards, and smart card–related devices and systems

• Key management systems

• Mobility

• Multifunction devices

• Network and network-related devices and systems

• Operating systems

• Other devices and systems

• Products for digital signatures

• Trusted computing

Protection profiles are assigned an EAL after analysis by a member organization in the Common Criteria Recognition Arrangement (CCRA). For more information on the latest Common Criteria implementation, go to www.commoncriteriaportal.org/. Click the Protection Profiles tab to see the available PPs.

Security Implementation Standards

It is important for a security professional to understand security implementation standards that have been published by international bodies. In addition, security professionals should examine standards in the industry that apply to their organizations and align the practices in their organization to these implementation standards. These standards include ISO/IEC 27001 and 27002 and PCI DSS.

ISO/IEC 27001

ISO/IEC 27001:2018 is the latest version of the 27001 standard and is one of the most popular standards by which organizations obtain certification for information security. It provides guidance on how to ensure that an organization’s information security management system (ISMS) is properly built, administered, and maintained. It includes the following components:

• ISMS scope

• Information security policy

• Risk assessment process and its results

• Risk treatment process and its decisions

• Information security objectives

• Information security personnel competence

• ISMS-related documents that are necessary

• Operational planning and control documents

• Information security monitoring and measurement evidence

• ISMS internal audit program and its results

• Top management ISMS review evidence

• Identified nonconformities evidence and corrective actions

When an organization decides to obtain ISO/IEC 27001 certification, a project manager should be selected to ensure that all the components are properly completed.

To implement ISO/IEC 27001:2018, the selected project manager should complete the following steps:

1. Obtain management support.

2. Determine whether to use consultants or to complete the implementation in-house, and if the latter, purchase the 27001 standard, write the project plan, define the stakeholders, and organize the project kickoff.

3. Identify the requirements.

4. Define the ISMS scope, information security policy, and information security objectives.

5. Develop document control, internal audit, and corrective action procedures.

6. Perform risk assessment and risk treatment.

7. Develop a statement of applicability and risk treatment plan and accept all residual risks.

8. Implement controls defined in the risk treatment plan and maintain implementation records.

9. Develop and implement security training and awareness programs.

10. Implement the ISMS, maintain policies and procedures, and perform corrective actions.

11. Maintain and monitor the ISMS.

12. Perform an internal audit and write an audit report.

13. Perform management review and maintain management review records.

14. Select a certification body and complete certification.

15. Maintain records for surveillance visits.

Controls and Countermeasures

After an organization implements a system security evaluation model and security implementation standard, the organization must ensure that the appropriate controls and countermeasures are implemented, based on the most recent vulnerability and risk assessments performed by security professionals. Understanding the different categories and types of access controls is vital to ensure that an organization implements a comprehensive security program. Information security should always be something that the organization assesses and pursues.

Memory Protection

In an information system, memory and storage are the most important resources. Damaged or corrupt data in memory can cause the system to stop functioning. Data in memory can be disclosed and therefore must be protected. Memory does not isolate running processes and threads from data. Security professionals must use processor states, layering, process isolation, abstraction, hardware segmentation, and data hiding to help keep data isolated.

Most processors support two processor states: supervisor state (or kernel mode) and problem state (or user mode). In supervisor state, the highest privilege level on the system is used so that the processor can access all the system hardware and data. In problem state, the processor limits access to system hardware and data. Processes running in supervisor state are isolated from the processes that are not running in that state; supervisor-state processes should be limited to only core operating system functions.

A security professional can use layering to organize programming into separate functions that interact in a hierarchical manner. In most cases, each layer has access only to the layers directly above and below it. Ring protection is the most common implementation of layering, with the inner ring (ring 0) being the most privileged ring and the outer ring (ring 3) being the lowest privileged. The OS kernel usually runs on ring 0, and user applications usually run on ring 3.

A security professional can isolate processes by providing memory address spaces for each process. Other processes are unable to access address spaces allotted to another process. Naming distinctions and virtual mapping are used as part of process isolation.

Hardware segmentation works like process isolation. It prevents access to information that belongs to a higher security level. However, hardware segmentation enforces the policies using physical hardware controls rather than the operating system’s logical process isolation. Hardware segmentation is rare and is usually restructured to governmental use, although some organizations may choose to use this method to protect private or confidential data.

Data hiding prevents data at one security level from being seen by processes operating at other security levels.

Trusted Platform Module

Trusted Platform Module (TPM) is a security chip installed on computer motherboards that is responsible for managing symmetric and asymmetric keys, hashes, and digital certificates. This chip provides service to protect passwords, encrypt drives, and manage digital rights, making it much harder for attackers to gain access to the computers that have a TPM-chip enabled.

Two particularly popular uses of TPM are binding and sealing. Binding actually “binds” the hard drive through encryption to a particular computer. Because the decryption key is stored in the TPM chip, the hard drive’s contents are available only when connected to the original computer. But keep in mind that all the contents are at risk if the TPM chip fails and a backup of the key does not exist.

Sealing, on the other hand, “seals” the system state to a particular hardware and software configuration. This technology prevents attacks from making any changes to the system. However, it can also make installing a new piece of hardware or a new operating system much harder. The system can only boot after the TPM verifies system integrity by comparing the original computed hash value of the system’s configuration to the hash value of its configuration at boot time.

The TPM consists of both static memory and dynamic memory that is used to retain the important information when the computer is turned off.

The memory used in a TPM chip is as follows:

• Endorsement Key (EK): Persistent memory installed by the manufacturer that contains a public/private key pair

• Storage Root Key (SRK): Persistent memory that secures the keys stored in the TPM

• Attestation Identity Key (AIK): Dynamic memory that ensures the integrity of the EK

• Platform Configuration Register (PCR) hashes: Dynamic memory that stores data hashes for the sealing function

• Storage keys: Dynamic memory that contains the keys used to encrypt the computer’s storage, including hard drives, USB flash drives, and so on

Interfaces

An interface is a mechanism that a user employs to access a system, an application, a device, or another entity. Most users assume that the interfaces they use are secure. Organizations are responsible for ensuring that secure interfaces are implemented across the network. If an entity has multiple user interfaces—such as a graphical user interface, a command-line interface, and a remote access interface—all these interfaces should require secure authentication. It is a security professional’s job to understand the difference between secure and insecure interfaces and to ensure that insecure interfaces are replaced with secure interfaces.

Fault Tolerance

Fault tolerance allows a system to continue operating properly in the event that components within the system fail. For example, providing fault tolerance for a hard drive system involves using fault-tolerant drives and fault-tolerant drive adapters. However, the cost of any fault tolerance must be weighed against the cost of the redundant device or hardware. If security capabilities of information systems are not fault tolerant, attackers may be able to access systems if the security mechanisms fail. Organizations should weigh the cost of deploying a fault-tolerant system against the cost of any attack against the system being secured. It may not be vital to provide a fault-tolerant security mechanism to protect data that is classified as public, but it is very important to provide a fault-tolerant security mechanism to protect confidential data.

Policy Mechanisms

Organizations can implement different policy mechanisms to increase the security of information systems. The policy mechanisms include separation of privilege and accountability.

Encryption/Decryption

Information systems use encryption and decryption to provide confidentiality of data. Encryption is the process of translating plain text data (plaintext) into unreadable data (ciphertext), and decryption is the process of translating ciphertext back into plaintext. Encryption and decryption are covered later in this chapter in the “Cryptography” section.

Client-Based Systems

In most networks, client systems are the most widely used because they are the systems that users most rely on to access resources. Client systems range from desktop systems to laptops to mobile devices of all types. This section focuses mainly on the vulnerabilities of desktops and laptops.

Because client systems are so prolific, new attacks against these systems seem to crop up every day. Security practitioners must ensure that they know which client systems attach to the network so they can ensure that the appropriate controls are implemented to protect them.

Traditional client-side threats usually target web browsers, browser plug-ins, and email clients. But threats also exploit the applications and operating systems that are deployed. Client systems also tend to have exposed services deployed that are not needed. Often client systems are exposed to hostile servers. Added to these issues is the fact that most normal users are not security savvy and often inadvertently cause security issues on client systems.

Security architecture for client systems should include policies and controls that cover the following areas:

• Deploying only licensed, supported operating systems. These operating systems should be regularly updated with all vendor patches, security updates, and service packs as they are released.

• Deploying anti-malware and antivirus software on every client system. Updates to this software should also be configured as automatic to ensure that the most recently detected vulnerabilities are covered.

• Deploying a firewall with a well-configured access control list (ACL) and host-based intrusion detection system on the client systems.

• Using drive encryption such as BitLocker to protect the data on the hard drives.

• Issuing user accounts with the minimum permissions the users require to do their jobs. Users who need administrative access should have both an administrative account and a regular account and should use the administrative account only when performing administrative duties.

• Testing all updates and patches, including those to both the operating systems and applications, prior to deployment at the client level.

An applet is a small application that performs a specific task. It runs within a dedicated widget engine or a larger program, often as a plug-in. Java applets and ActiveX applets are examples. Malicious applets are often deployed by attackers and appear to come from legitimate sources. These applets can then be used to compromise a client system. A security professional should ensure that clients download applets only from valid vendors. In addition, a security professional should ensure that any application that includes applets is kept up to date with the latest patches.

A client system contains several types of local caches. The DNS cache holds the results of DNS queries on the Internet and is the cache that is most often attacked. Attackers may attempt to poison the DNS cache with false IP addresses for valid domains. They do this by sending a malicious DNS reply to an affected system. As with many other issues, you should ensure that the operating system and all applications are kept up to date. In addition, users should be trained to never click unverified or unknown links in email or on websites. They are not always pointing to the site shown in the visible link. The link may show a valid website, while the underlaying link may point to a malicious site.

Server-Based Systems

In some cases an attack can focus on the operations of the server operating system itself rather than the web applications running on top of it. Later, we look at the way in which these attacks are implemented, focusing mainly on the issue of data flow manipulation.

Database Systems

In many ways, a database is the Holy Grail for the attacker. It is typically where sensitive information resides. When considering database security, you need to understand the following terms: inference, aggregation, contamination, and data mining warehouse.

Cryptographic Systems

By design, cryptographic systems are responsible for encrypting data to prevent data disclosure. Security professionals must ensure that their organization’s software and IT systems are using the latest version of a cryptographic algorithm, if possible. Once a compromise of a cryptographic algorithm is known, that algorithm should no longer be used.

Industrial Control Systems

Industrial control systems (ICSs) is a general term that encompasses several types of control systems used in industrial production. The most widespread is supervisory control and data acquisition (SCADA). SCADA is a system operating with coded signals over communication channels so as to provide control of remote equipment.

ICS includes the following components:

• Sensors: Sensors typically have digital or analog I/O and are not in a form that can be easily communicated over long distances.

• Remote terminal units (RTUs): RTUs connect to the sensors and convert sensor data to digital data, including telemetry hardware.

• Programmable logic controllers (PLCs): PLCs connect to the sensors and convert sensor data to digital data; they do not include telemetry hardware.

• Telemetry system: Such a system connects RTUs and PLCs to control centers and the enterprise and are generally used over short distances.

• Human interface: Such an interface presents data to the operator.

ICSs should be securely segregated from other networks as a security layer. The Stuxnet virus hit the SCADA used for the control and monitoring of industrial processes. SCADA components are considered privileged targets for cyberattacks. Through the use of cybertools, it is possible to destroy an industrial process. This was the idea used on the attack on the nuclear plant in Natanz in order to interfere with the Iranian nuclear program.

Considering the criticality of the systems, physical access to SCADA-based systems must be strictly controlled. Systems that integrate IT security with physical access controls like badging systems and video surveillance should be deployed. In addition, the solution should be integrated with existing information security tools such as log management and IPS/IDS. A helpful publication by NIST, SP 800-82, provides recommendations on ICS security. Issues with these emerging systems include

• Required changes to the system may void the warranty.

• Products may be rushed to market, with security an afterthought.

• The return on investment may take decades.

• There is insufficient regulation regarding these systems.

NIST SP 800-82, Rev. 2 provides a guide to ICS security.

According to this publication, the major security objectives for an ICS implementation should include the following:

• Restricting logical access to the ICS network and network activity

• Restricting physical access to the ICS network and devices

• Protecting individual ICS components from exploitation

• Restricting unauthorized modification of data

• Detecting security events and incidents

• Maintaining functionality during adverse conditions

• Restoring the system after an incident

In a typical ICS, this means a defense-in-depth strategy that includes the following:

• Develop security policies, procedures, training, and educational material that applies specifically to the ICS.

• Address security throughout the life cycle of the ICS.

• Implement a network topology for the ICS that has multiple layers, with the most critical communications occurring in the most secure and reliable layer.

• Provide logical separation between the corporate and ICS networks.

• Employ a DMZ network architecture.

• Ensure that critical components are redundant and are on redundant networks.

• Design critical systems for graceful degradation (fault tolerant) to prevent catastrophic cascading events.

• Disable unused ports and services on ICS devices after testing to assure this will not impact ICS operation.

• Restrict physical access to the ICS network and devices.

• Restrict ICS user privileges to only those that are required to perform each person’s job.

• Use separate authentication mechanisms and credentials for users of the ICS network and the corporate network.

• Use modern technology, such as smart cards, for Personal Identity Verification (PIV).

• Implement security controls such as intrusion detection software, antivirus software, and file integrity checking software, where technically feasible, to prevent, deter, detect, and mitigate the introduction, exposure, and propagation of malicious software to, within, and from the ICS.

• Apply security techniques such as encryption and/or cryptographic hashes to ICS data storage and communications where determined appropriate.

• Expeditiously deploy security patches after testing all patches under field conditions on a test system if possible, before installation on the ICS.

• Track and monitor audit trails on critical areas of the ICS.

• Employ reliable and secure network protocols and services where feasible.

When designing security solutions for ICS devices, security professionals should include the following considerations: timeliness and performance requirements, availability requirements, risk management requirements, physical effects, system operation, resource constraints, communications, change management, managed support, component lifetime, and component location.

ICS implementations use a variety of protocols and services, including

• Modbus: A master/slave protocol that uses port 50

• BACnet2: A master/slave protocol that uses port 47808

• LonWorks/LonTalk3: A peer-to-peer protocol that uses port 1679

• DNP3: A master/slave protocol that uses port 19999 when using Transport Layer Security (TLS) and port 20000 when not using TLS

They can also use IEEE 802.1X, Zigbee, and Bluetooth for communication.

The basic process for developing an ICS security program includes the following:

1. Develop a business case for security.

2. Build and train a cross-functional team.

3. Define charter and scope.

4. Define specific ICS policies and procedures.

5. Implement an ICS Security Risk Management Framework.

   1. Define and inventory ICS assets.

   2. Develop a security plan for ICS systems.

   3. Perform a risk assessment.

   4. Define the mitigation controls.

6. Provide training and raise security awareness for ICS staff.

The ICS security architecture should include network segregation and segmentation, boundary protection, firewalls, a logically separated control network, and dual network interface cards (NICs) and should focus mainly on suitable isolation between control networks and corporate networks.

Security professionals should also understand that many ISC/SCADA systems use weak authentication and outdated operating systems. The inability to patch these systems (and even the lack of available patches) means that the vendor is usually not proactively addressing any identified or newly found security issues. Finally, many of these systems allow unauthorized remote access, thereby making it easy for an attacker to breach the system with little effort.

Cloud-Based Systems

Cloud computing is the centralization of data, software, or the computing environment itself in a web environment that can be accessed from anywhere and anytime. An organization can create a cloud environment, or it can pay a vendor to provide this service. A private cloud is considered more secure than a public cloud. Using a public cloud introduces all sorts of security concerns. How do you know your data is kept separate from other customers? How do you know your data is safe? Outsourcing the security of their data makes many organizations uncomfortable.

Cloud computing is all the rage these days, and it comes in many forms. The basic idea of cloud computing is to make resources available in a web-based data center so the resources can be accessed from anywhere. A company can pay another company to host and manage the cloud environment, or a company can host the environment. Before a cloud deployment model is chosen, the organization must determine the needs of the organization and the security requirements for any data that will be stored in the cloud.

There is a trade-off when a decision must be made between the two architectures. A solution deployed on organizational resources provides the most control over the safety of your data but also requires the staff and the knowledge to deploy, manage, and secure the solution. A cloud solution deployed on a provider’s resources puts your data’s safety in the hands of a third party, but that party is often more capable and knowledgeable about protecting data in this environment and managing the cloud environment.

Cloud storage locates the data on a central server, but the key difference is that the data is accessible from anywhere and, in many cases, from a variety of device types.

Moreover, cloud solutions typically provide fault tolerance.

NIST SP 800-145 gives definitions for cloud deployments that IT professionals should understand. Security professionals should be familiar with four cloud deployments:

• Private cloud: This is a solution owned and managed by one company solely for that company’s use. This type of cloud provides the most control and security but also requires the biggest investment in both hardware and expertise.

• Public cloud: This is a solution provided by a third party. It offloads the details to that third party but gives up some control and can introduce security issues. Typically, you are a tenant sharing space with others, and in many cases you don’t know where your data is being kept physically.

• Hybrid cloud: This is some combination of private and public. For example, perhaps you only use the facilities of the provider but still manage the data yourself.

• Community cloud: This is a solution owned and managed by a group of organizations that create the cloud for a common purpose, perhaps to address a common concern such as regularity compliance.

When a public solution is selected, various levels of service can be purchased. Some of these levels include

• Infrastructure as a Service (IaaS): Involves the vendor providing the hardware platform or data center and the company installing and managing its own operating systems and application systems. The vendor simply provides access to the data center and maintains that access.

• Platform as a Service (PaaS): Involves the vendor providing the hardware platform or data center and the software running on the platform. This includes the operating systems and infrastructure software. The company is still involved in managing the system.

• Software as a Service (SaaS): Involves the vendor providing the entire solution. This includes the operating system, infrastructure software, and the application. It might provide you with an email system, for example, whereby the vendor hosts and manages everything for you.

Figure 3-6 shows the relationships of these services to one another.

NIST SP 800-144 gives guidelines on security and privacy in public cloud computing. This publication defines two types of cloud computing service contracts: predefined non-negotiable agreements and negotiated agreements. Non-negotiable agreements are in many ways the basis for the economies of scale enjoyed by public cloud computing. The terms of service are prescribed completely by the cloud provider. They are typically not written with attention to federal privacy and security requirements. Furthermore, with some offerings, the provider can make modifications to the terms of service unilaterally (e.g., by posting an updated version online) without giving any direct notification to the cloud consumer.

Negotiated service agreements are more like traditional outsourcing contracts for information technology services. They are often used to address an organization’s concerns about security and privacy policy, procedures, and technical controls, such as the vetting of employees, data ownership and exit rights, breach notification, isolation of tenant applications, data encryption and segregation, tracking and reporting service effectiveness, compliance with laws and regulations, and the use of validated products meeting national or international standards.

Critical data and applications may require an agency to undertake a negotiated service agreement. Because points of negotiation can negatively affect the service agreement, a negotiated service agreement is normally less cost effective. The outcome of a negotiation is also dependent on the size of the organization and the influence it can exert. Regardless of the type of service agreement, obtaining adequate legal and technical advice is recommended to ensure that the terms of service adequately meet the needs of the organization.

Potential areas of improvement where organizations may derive security and privacy benefits from transitioning to a public cloud computing environment include the following:

• Staff specialization

• Platform strength

• Resource availability

• Backup and recovery

• Mobile endpoints

• Data concentration

Some of the more fundamental concerns when transitioning to a public cloud include the following:

• System complexity

• Shared multitenant environment

• Internet-facing

• Loss of control

Table 3-4 provides a list of security and privacy issues and recommendations for public cloud deployments from NIST SP 800-144.

Another NIST publication, NIST SP 800-146, gives a cloud computing synopsis and recommendations.

NIST SP 800-146 lists the following benefits of SaaS deployments:

• Very modest software tool footprint

• Efficient use of software licenses

• Centralized management and data

• Platform responsibilities managed by providers

• Savings in up-front costs

NIST SP 800-146 lists the following issues and concerns of SaaS deployments:

• Browser-based risks and risk remediation

• Network dependence

• Lack of portability between SaaS clouds

• Isolation vs. efficiency (security vs. cost trade-offs)

NIST SP 800-146 gives a single benefit of PaaS deployments:

• Facilitated scalable application development and deployment

The issues and concerns of PaaS deployments are as follows:

• Lack of portability between PaaS clouds

• Event-based processor scheduling

• Security engineering of PaaS applications

NIST SP 800-146 lists the following benefits of IaaS deployments:

• Full control of the computing resource through administrative access to VMs

• Flexible, efficient renting of computing hardware

• Portability and interoperability with legacy applications

The issues and concerns of IaaS deployments are as follows:

• Compatibility with legacy security vulnerabilities

• Virtual machine sprawl

• Verifying authenticity of an IaaS cloud provider website

• Robustness of VM-level isolation

• Features for dynamic network configuration for providing isolation

• Data erase practices

Large-Scale Parallel Data Systems

Most large-scale parallel data systems have been designed to handle scientific and industrial problems, such as air traffic control, ballistic missile defense, satellite-collected image analysis, missile guidance, and weather forecasting. They require enormous processing power. Because data in these systems is being analyzed so quickly, it is often difficult to detect and prevent an attempted intrusion. These types of systems must find a way to split the queries across multiple parallel nodes so the queries can be processed in parallel.

Because these parallel data systems often span multiple organizations, security professionals must consider the areas of trust, privacy, and general security any time their organizations operate within large-scale parallel data systems. Trust-related issues such as the following need to be considered in trusted networks:

• Key verification

• Trust-based denial-of-service (DoS) attack mitigation

• Data leakage detection

Privacy-related issues that need to be considered include the following:

• Remote authentication

• Decentralized access control

• Traffic masking

• Large-scale dataset cryptography

Other general security issues that need to be considered include inconsistent user credentials and authorization and data sharing issues related to using cryptography.

Distributed Systems

Distributed systems are discussed in the “Computing Platforms” section earlier in this chapter.

Grid Computing

Grid computing is the process of harnessing the CPU power of multiple physical machines to perform a job. In some cases, individual systems might be allowed to leave and rejoin the grid. Although the advantage of additional processing power is great, there has to be concern for the security of data that could be present on machines that are entering and leaving the grid without proper authentication and authorization. Therefore, grid computing is not necessarily a safe implementation when secrecy of the data is a key issue.

Peer-to-Peer Computing

Any client/server solution in which any platform/system may act as a client or server or both is called peer-to-peer computing. A widely used example of this is instant messaging (IM). These implementations present security issues that do not present themselves in a standard client/server arrangement. In many cases these systems operate outside the normal control of the network administrators.

This situation can present problems such as the following:

• Viruses, worms, and Trojan horses can be transmitted through this entry point to the network.

• In many cases, lack of strong authentication allows for account spoofing.

• Buffer overflow attacks and attacks using malformed packets can sometimes be successful.

If these systems must be tolerated in the environment, security professionals should follow these guidelines:

• Security policies should address the proper use of these applications.

• All systems should have a firewall and antivirus products installed.

• Configure firewalls to block unwanted IM traffic.

• If possible, allow only products that provide encryption.

Internet of Things

The Internet of Things (IoT) refers to a system of interrelated computing devices, mechanical and digital machines, and objects that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. The IoT has presented attackers with a new medium through which to carry out an attack. Often the developers of the IoT devices add the IoT functionality without thoroughly considering the security implications of such functionality or without building in any security controls to protect the IoT devices.

NIST Framework for Cyber-Physical Systems

Cyber-physical systems (CPS) are smart systems that include engineered interacting networks of physical and computational components. These highly interconnected and integrated systems provide new functionalities to improve quality of life and enable technological advances in critical areas, such as personalized healthcare, emergency response, traffic flow management, smart manufacturing, defense and homeland security, and energy supply and use. In addition to CPS, there are many words and phrases (Industrial Internet, IoT, machine-to-machine [M2M], smart cities, and others) that describe similar or related systems and concepts. There is significant overlap between these concepts, in particular CPS and IoT, such that CPS and IoT are sometimes used interchangeably; therefore, the approach described in NIST’s CPS Framework should be considered to be equally applicable to IoT.

The CPS Framework includes domains, aspects, and facets, as shown in Figure 3-7.

Domains represent the different application areas of CPS and include all those listed in Table 3-5. This list is expected to expand as new CPS and IoT devices are launched.

	Domains
Advertising	Entertainment/sports
Aerospace	Environmental monitoring
Agriculture	Financial services
Buildings	Healthcare
Cities	Infrastructure (communications, power, water)
Communities	Leisure
Consumer	Manufacturing
Defense	Science
Disaster resilience	Social networks
Education	Supply chain/retail
Emergency response	Transportation
Energy	Weather

Table 3-6 describes the three facets of CPS.

Facet	Description
Conceptualization	What things should be and what things are supposed to do: the set of activities that produce a model of a CPS (includes functional decomposition, requirements, and logical models).
Realization	How things should be made and operate: the set of activities that produce, deploy, and operate a CPS (includes engineering trade-offs and detailed designs in the critical path to the creation of a CPS instance).
Assurance	How to achieve a desired level of confidence that things will work the way they should: the set of activities that provide confidence that a CPS performs as specified (includes claims, evidence, and argumentation).

Table 3-7 lists the different aspects of the CPS Framework.

Aspect	Description
Functional	Concerns about function including sensing, actuation, control, communications, physicality, and so on.
Business	Concerns about enterprise, time to market, environment, regulation, cost, and so on.
Human	Concerns about human interaction with and as part of a CPS.
Trustworthiness	Concerns about trustworthiness of CPS including security, privacy, safety, reliability, and resilience.
Timing	Concerns about time and frequency in CPS, including the generation and transport of time and frequency signals, timestamping, managing latency, timing composability, and so on.
Data	Concerns about data interoperability including fusion, metadata, type, identity, and so on.
Boundaries	Concerns related to demarcations of topological, functional, organizational, or other forms of interactions.
Composition	Concerns related to the ability to compute selected properties of a component assembly from the properties of its components. Compositionality requires components that are composable: they do not change their properties in an assembly. Timing composability is particularly difficult.
Life cycle	Concerns about the life cycle of CPS including its components.

To learn more about the CPS Framework and other IoT initiatives from NIST, go to https://www.nist.gov/itl/applied-cybersecurity/nist-cybersecurity-iot-program/related-initiatives-nist.

Microservices

Microservices is a term for an application design technique whereby developers design highly scalable, flexible applications by decomposing the application into discrete services that implement specific business functions. These services, often referred to as “loosely coupled,” can then be built, deployed, and scaled independently.

Microservices are based on container technology. Security professionals should ensure that security is deployed at the container level. Containers are based on baseline images, which may contain vulnerabilities. Organizations should perform regular scans of container images to ensure the images do not contain security issues. To protect containers at runtime, organizations should adopt the principle of least privilege.

Microservices should also be secured by creating one entry point, which all clients and systems access, and which can easily be secured. This entry point is called an API gateway. The API gateway performs authentication and authorization, and filters requests to sensitive resources.

Using microservices, each service is a separate, isolated application section. Programmers should be able to implement, maintain, modify, extend, and update microservices without affecting other microservices. Isolation should also be performed at other layers of the infrastructure, such as the database.

Containerization

Containerization is the use of containers to isolate and maintain an application. All resources that the application requires to run are placed inside that container. When an application is contained, you can pick it up and move it around regardless of the host operating system if a virtualization host is deployed.

Organizations can run software without worrying about operating systems or dependencies. Because an operating system runs underneath the containerization platform, developers do not have to build a production environment with the right settings and libraries. These are built into the container. Containers are not dependent on the underlying OS and are more portable than virtual machines.

Container isolation provides security benefits. However, isolation does not make a container safe by default. If attackers can find a container escape flaw, this flaw can be used to gain access to sensitive data in other containers. Also, container platforms often do not take advantage of network segmentation. Without network segmentation, an attacker can more easily cross from one compromised container to other vulnerable ones on the same network.

Because containers are portable and easy to set up, attackers can create their own malware-laden containers and upload them to public resources. Before running containers, security professionals should understand the source and assess the container’s security to ensure it is trustworthy and not opening the organization’s network for attackers.

Security professionals must update and securely configure the host OS, harden the containerization layers and any orchestration software, and configure accounts based on the principles of least privilege. Otherwise, attackers will focus on insecurely configured containerization layers. In addition, security professionals should ensure protections are in place for all sensitive information, such as credentials, API keys, and tokens at every level: the containerization platform, orchestration platforms, and the individual containers.

Serverless Systems

Serverless is a term used for a model wherein applications rely on managed services that do away with the need to manage, patch, and secure infrastructure and virtual machines. This is most commonly seen deployed in the cloud. Serverless systems have many vulnerabilities of which security professionals must be aware.

Any misconfigurations can act as an entry point for attacks against serverless architectures. With many independent functions and services, security professionals should ensure that the principle of least privilege is followed for all user accounts. In addition, the privileges of functions should be properly configured because privilege escalation is considered a potential security threat.

Injection flaws in applications are one of the most common security risks. They include untrusted inputs in application calls, cloud storage event triggers, NoSQL databases, and code changes.

Monitoring and logging in serverless systems must be properly configured as if these systems were physical systems. In addition, any third-party dependencies must be documented and the security of them verified.

Because debugging services are often limited to the capabilities of the developers, developers should implement verbose error messages and enable the debugging mode. But these should be disabled when the application is moved to production because they may reveal information about serverless functions and the logic used.

High-Performance Computing Systems

High-Performance Computing (HPC) systems process data and perform complex calculations at high speeds. One of the best-known types of HPC solutions is the supercomputer. Another example of an HPC is a cluster.

By definition, clusters are closely-coupled machines that are centrally administered and share common resources, such as storage. Security professionals should secure these internal distributed resources against unauthorized access, while at the same time allowing easy access by legitimate users.

When a user executes a job on HPC systems, it is often difficult to differentiate legitimate versus illegitimate use unless there are obvious malicious process signatures. In addition, security must be coordinated across different node platforms and different specialized function nodes in an HPC system. Tools to automate security management need to be aware of the similarities and differences present among HPS system resources.

The security of the resources in an HPC system is dependent on the integrity of all nodes. A single compromised node represents a dramatic risk increase to the rest of the nodes due to the fact that many nodes share identical configurations.

Edge Computing Systems

Edge computing systems are part of a distributed computing topology that brings computation and data storage closer to the devices where it’s being gathered, primarily on the edge of the network perimeter, rather than relying on a central location far away. Edge computing devices are often small, lacking built-in security, and without automatic updates. They are often an easy entry point into the network, which can then be used to access main systems.

Security professionals should ensure that edge computing systems are protected against digital and physical attacks. Employing security by design is basic to securing edge computing systems. Poorly configured and poorly secured edge computing systems provide attackers more opportunities to disrupt operations or to gain access to the broader enterprise network. If the edge computing systems interact with the service provider edge, organizations should examine the service provider’s security processes, service-level agreements (SLAs) and architecture alignment. Employing zero trust will ensure that untrusted devices will be more easily detectable. Finally, organizations should ensure that any open-source code is assessed for security vulnerabilities.

Virtualized Systems

Today physical servers are increasingly being consolidated as virtual servers on the same physical box. Virtual networks using virtual switches even exist in the physical devices that host these virtual servers. These virtual network systems and their traffic can be segregated in all the same ways as in a physical network using subnets, VLANs, and of course, virtual firewalls. Virtual firewalls are software that has been specifically written to operate in the virtual environment. Increasingly, virtualization vendors such as VMware are making part of their code available to security vendors to create firewalls (and antivirus products) that integrate closely with the product.

Keep in mind that in any virtual environment each virtual server that is hosted on the physical server must be configured with its own security mechanisms. These mechanisms include antivirus and anti-malware software and all the latest service packs and security updates for all the software hosted on the virtual machine. Also, remember that all the virtual servers share the resources of the physical device.

Maintenance Hooks

From the perspective of software development, a maintenance hook is a set of instructions built into the code that allows someone who knows about the so-called backdoor to use the instructions to connect to view and edit the code without using the normal access controls. In many cases, maintenance hooks are placed in an application to make it easier for the vendor to load patches, fix bugs, and/or otherwise provide software support to the customer. In other cases, maintenance hooks can be used in testing and tracking the activities of the product and not removed when the application is deployed.

Regardless of how the maintenance hooks got into the code, they can present a major security issue if they become known to hackers who can use them to access the system. Countermeasures on the part of the customer to mitigate the danger are

• Use a host-based IDS to record any attempts to access the system using one of these hooks.

• Encrypt all sensitive information contained in the system.

• Implement auditing to supplement the IDS.

The best solution is for the vendor to remove all maintenance hooks before the product goes into production. Code reviews should be performed to identify and remove these hooks.

Time-of-Check/Time-of-Use Attacks

Time-of-check/time-of-use attacks attempt to take advantage of the sequence of events that occur as the system completes common tasks. It relies on knowledge of the dependencies present when a specific series of events occur in multiprocessing systems. By attempting to insert themselves between events and introduce changes, hackers can gain control of the result.

A term often used as a synonym for a time-of-check/time-of-use attack is race condition, which is actually a different attack. In this attack, hackers insert themselves between instructions, introduce changes, and alter the order of execution of the instructions, thereby altering the outcome.

Countermeasures to these attacks are to make critical sets of instructions atomic. This means that they either execute in order and in entirety, or the changes they make are rolled back or prevented. It is also best for the system to lock access to certain items it will use or touch when carrying out these sets of instructions.

Web-Based Attacks

Attacks upon information security infrastructures have continued to evolve steadily over time, and the latest attacks use largely more sophisticated web application–based attacks. These attacks have proven more difficult to defend with traditional approaches using perimeter firewalls.

XML

Extensible Markup Language (XML) is the most widely used web language now and has come under some criticism. The method currently used to sign data to verify its authenticity has been described as inadequate by some, and the other criticisms have been directed at the architecture of XML security in general. Next, we discuss an extension of this language that attempts to address some of these concerns.

SAML

Security Assertion Markup Language (SAML) is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular between an identity provider and a service provider. SAML allows the user to have a portable identity for authentication and authorization on the Internet. The major issue on which it focuses is called the web browser single sign-on (SSO) problem.

SSO is the ability to authenticate once to access multiple sets of data. SSO at the Internet level is usually accomplished with cookies, but extending the concept beyond the Internet has resulted in many propriety approaches that are not interoperable. SAML’s goal is to create a standard for this process.

OWASP

The Open Web Application Security Project (OWASP) is an open-source application security project. This group creates guidelines, testing procedures, and tools to assist with web security. They are also known for maintaining a top-10 list of web application security risks. Information on OWASP can be obtained from www.owasp.org.

Device Security

Device security involves the physical security of the mobile device. In the event that a device is lost or stolen, users also need the capability to remotely track and lock the device. Some of the recommendations for device security include

• Locking your phone with a password or fingerprint detection

• Encrypting your data

• Setting up remote wipe

• Backing up phone, credit card, pictures, and other personal data

• Avoiding jail-breaking your iPhone or rooting your Android

• Updating the operating system as updates are available

• Being aware of social engineering scams

• Using public Wi-Fi with added caution

Application Security

Although device security is important for mobile devices, application security is just as important. Users should download approved apps only from the vendor application stores. Some of the recommendations for application security include

• Avoiding third-party apps

• Being aware of social engineering scams

• Downloading reputable and proven-to-work anti-malware for your mobile device

Mobile Device Concerns

To address these issues and to meet the rising demand to bring and use personal devices, many organizations have created bring-your-own-device (BYOD) policies. In supporting a BYOD initiative, a security professional should consider that careless users are a greater threat than hackers. Not only are users less than diligent in maintaining security updates and patches on devices, but they also buy new devices as often as they change clothes. These factors make it difficult to maintain control over the security of the networks in which these devices are allowed to operate.

Other initiatives today include company-owned, business only (COBO), company-owned, personally enabled (COPE), and choose-your-own-device (CYOD) deployments. No matter which deployment an organization uses, security professionals must ensure that the risks of each model are understood and that the appropriate policies are in place to protect company data and assets. Security professionals are responsible for ensuring that management understands these risks and implements the appropriate tools to control access to the enterprise.

Centralized mobile device management tools are a fast-growing solution. Some of these tools leverage the messaging server’s management capabilities, and others are third-party tools that can manage multiple brands of devices. Systems Manager by Cisco is one example that integrates with the Cisco Meraki cloud services. Another example for iOS devices is the Apple Configurator. One of the challenges with implementing such a system is that not all personal devices may support native encryption and/or the management process.

Typically, centralized mobile device management tools handle company-issued and personal mobile devices differently. For organization-issued devices, a client application typically manages the configuration and security of the entire device. If a personal device is allowed through a BYOD initiative, the application typically manages the configuration and security of itself and its data only. The application and its data are sandboxed from the other applications and data. The result is that the organization’s data and the user’s data are protected if the device is stolen.

Regardless of whether a centralized mobile device management tool is in use, a BYOD policy should include the following in the organization’s security policy:

• Identify the allowed uses of personal devices on the corporate network.

• Create a list of allowed applications on the devices and design a method of preventing the installation of applications not on the list (for example, software restriction policies).

• Ensure that high levels of management are on board and supportive.

• Train and regularly remind users to follow the new policies.

In the process of deploying and supporting a mobile solution, follow these guidelines:

• Ensure that the selected solution supports applying security controls remotely.

• Ensure that the selected vendor has a good track record of publicizing and correcting security flaws.

• Make the deployment of an MDM tool a top priority.

• In the absence of an MDM system, design a process to ensure that all devices are kept up to date on security patches.

• Update the policy as technology and behaviors change.

• Require all employees to agree to allow remote wiping of any stolen or lost devices.

• Strictly forbid rooted (Android) or jail-broken (iOS) devices from accessing the network.

• If possible, choose a product that supports:

  • Encrypting the solid state drive (SSD) and nonvolatile RAM

  • Requiring a PIN to access the device

  • Locking the device when a specific number of incorrect PINs are attempted

As with many of the other security issues discussed in this book, user education is key. A security professional must ensure that users understand the importance of mobile device security.

If an organization does not implement an MDM or MAM solution, the mobile device security policy should include, at minimum, the following policies:

• Implement anti-malware/antivirus software on all mobile devices.

• Use only secure communications.

• Use strong authentication.

• Require a PIN or some other login mechanism with each use of the device after a certain idle period (no more than 10 minutes of inactivity).

• Limit third-party software.

• Implement GPS and other location services.

• Enable remote locking and remote wiping features.

• Never leave the device unattended.

• Immediately report any missing or stolen device.

• Disable all unnecessary options, applications, and services, including Bluetooth.

• Regularly back up data.

• Install all updates from the device manufacturer.

NIST SP 800-164

NIST SP 800-164 is a draft Special Publication that gives guidelines on hardware-rooted security in mobile devices. It defines three required security components for mobile devices: Roots of Trust (RoTs), an application programming interface (API) to expose the RoTs to the platform, and a Policy Enforcement Engine (PEnE).

Roots of Trust are the foundation of assurance of the trustworthiness of a mobile device. RoTs must always behave in an expected manner because their misbehavior cannot be detected. Hardware RoTs are preferred over software RoTs due to their immutability, smaller attack surfaces, and more reliable behavior. They can provide a higher degree of assurance that they can be relied upon to perform their trusted function or functions. Software RoTs could provide the benefit of quick deployment to different platforms. To support device integrity, isolation, and protected storage, devices should implement the following RoTs:

• Root of Trust for Storage (RTS)

• Root of Trust for Verification (RTV)

• Root of Trust for Integrity (RTI)

• Root of Trust for Reporting (RTR)

• Root of Trust for Measurement (RTM)

The RoTs need to be exposed by the operating system to applications through an open API. This exposure will provide application developers a set of security services and capabilities they can use to secure their applications and protect the data they process. By providing an abstracted layer of security services and capabilities, these APIs can reduce the burden on application developers to implement low-level security features, and instead allow them to reuse trusted components provided in the RoTs and the OS. The APIs should be standardized within a given mobile platform and, to the extent possible, across platforms. Applications can use the APIs, and the associated RoTs, to request device integrity reports, protect data through encryption services provided by the RTS, and store and retrieve authentication credentials and other sensitive data.

The PEnE enforces policies on the device with the help of other device components and enables the processing, maintenance, and management of policies on both the device and in the information owners’ environments. The PEnE provides information owners with the ability to express the control they require over their information. The PEnE needs to be trusted to implement the information owner’s requirements correctly and to prevent one information owner’s requirements from adversely affecting another’s. To perform key functions, the PEnE needs to be able to query the device’s configuration and state.

Mobile devices should implement the following three mobile security capabilities to address the challenges with mobile device security:

• Device integrity: Device integrity is the absence of corruption in the hardware, firmware, and software of a device. A mobile device can provide evidence that it has maintained device integrity if its software, firmware, and hardware configurations can be shown to be in a state that is trusted by a relying party.

• Isolation: Isolation prevents unintended interaction between applications and information contexts on the same device.

• Protected storage: Protected storage preserves the confidentiality and integrity of data on the device while at rest, while in use (in the event an unauthorized application attempts to access an item in protected storage), and upon revocation of access.

Cryptography Concepts

A security professional should understand many terms and concepts related to cryptography.

These terms are often used when discussing cryptography:

• Encryption: The process of converting data from plaintext to ciphertext. Also referred to as enciphering.

• Decryption: The process of converting data from ciphertext to plaintext. Also referred to as deciphering.

• Key: A parameter that controls the transformation of plaintext into ciphertext or vice versa. Determining the original plaintext data without the key is impossible. Keys can be both public and private. Also referred to as a cryptovariable.

• Synchronous: When encryption or decryption occurs immediately.

• Asynchronous: When encryption or decryption requests are processed from a queue. This method utilizes hardware and multiple processors in the process.

• Symmetric: An encryption method whereby a single private key both encrypts and decrypts the data. Also referred to as private or secret key encryption.

• Asymmetric: An encryption method whereby a key pair, one private key and one public key, performs encryption and decryption. One key performs the encryption, whereas the other key performs the decryption. Also referred to as public key encryption.

• Digital signature: A method of providing sender authentication and message integrity. The message acts as an input to a hash function, and the sender’s private key encrypts the hash value. The receiver can perform a hash computation on the received message to determine the validity of the message.

• Hash: A one-way function that reduces a message to a hash value. A comparison of the sender’s hash value to the receiver’s hash value determines message integrity. If the resultant hash values are different, then the message has been altered in some way, provided that both the sender and receiver used the same hash function.

• Digital certificate: An electronic document that identifies the certificate holder.

• Plaintext: A message in its original format. Also referred to as cleartext.

• Ciphertext: An altered form of a message that is unreadable without knowing the key and the encryption system used. Also referred to as a cryptogram.

• Cryptosystem: The entire cryptographic process, including the algorithm, key, and key management functions. The security of a cryptosystem is measured by the size of the keyspace and available computational power.

• Cryptanalysis: The science of decrypting ciphertext without prior knowledge of the key or cryptosystem used. The purpose of cryptanalysis is to forge coded signals or messages that will be accepted as authentic signals or messages.

• Key clustering: The grouping that occurs when different encryption keys generate the same ciphertext from the same plaintext message.

• Keyspace: All the possible key values when using a particular algorithm or other security measure. A 40-bit key would have 2⁴⁰ possible values, whereas a 128-bit key would have 2¹²⁸ possible values.

• Collision: An event that occurs when a hash function produces the same hash value on different messages.

• Algorithm: A mathematical function that encrypts and decrypts data. Also referred to as a cipher.

• Cryptology: The science that studies encrypted communication and data.

• Encoding: The process of changing data into another form using code.

• Decoding: The process of changing an encoded message back into its original format.

• Transposition: The process of shuffling or reordering the plaintext to hide the original message. Also referred to as permutation. For example, AEEGMSS is a transposed version of MESSAGE.

• Substitution: The process of exchanging one byte in a message for another. For example, ABCCDEB is a substituted version of MESSAGE.

• Confusion: The process of changing a key value during each round of encryption. Confusion is often carried out by substitution. Confusion conceals a statistical connection between the plaintext and ciphertext. Claude Shannon first discussed confusion.

• Diffusion: The process of changing the location of the plaintext within the ciphertext. Diffusion is often carried out using transposition. Claude Shannon first introduced diffusion.

• Avalanche effect: The condition where any change in the key or plaintext, no matter how minor, will significantly change the ciphertext. Horst Feistel first introduced avalanche effect.

• Work factor or work function: The amount of time and resources that would be needed to break the encryption.

• Trapdoor: A secret mechanism that allows the implementation of the reverse function in a one-way function.

• One-way function: A mathematical function that can be more easily performed in one direction than in the other.

Cryptography History

Cryptography has its roots in ancient civilizations. Although early cryptography solutions were simplistic in nature, they were able to provide leaders with a means of hiding messages from enemies.

In their earliest forms, most cryptographic methods implemented some sort of substitution cipher, where each character in the alphabet was replaced with another. A mono-alphabetic substitution cipher uses only one alphabet, and a polyalphabetic substitution cipher uses multiple alphabets. As with all other cryptography methods, the early substitution ciphers had to be replaced by more complex methods.

The Spartans created the scytale cipher, which used a sheet of papyrus wrapped around a wooden rod. The encrypted message had to be wrapped around a rod of the correct size to be deciphered, as shown in Figure 3-8.

Other notable advances in cryptography history include the following:

• Caesar cipher

• Vigenere cipher

• Kerckhoff’s principle

• World War II Enigma

• Lucifer by IBM

Julius Caesar and the Caesar Cipher

Julius Caesar developed a mono-alphabetic cipher that shifts the letters of the alphabet three places. Although this technique is very simplistic, variations of it were very easy to develop because the key (the number of locations that the alphabet shifted) can be changed. Because it was so simple, it is easy to reverse engineer and led to the development of polyalphabetic ciphers.

An example of a Caesar cipher–encrypted message is shown in Figure 3-9. In this example, the letters of the alphabet are applied to a three-letter substitution shift, meaning the letters were shifted by three letters. As you can see, the standard English alphabet is listed first. Underneath it, the substitution letters are listed.

Vigenere Cipher

In the sixteenth century, Blaise de Vigenere of France developed one of the first polyalphabetic substitution ciphers, today known as the Vigenere cipher. Although it is based on the Caesar cipher, the Vigenere cipher is considerably more complicated because it uses 27 shifted alphabets (see the Vigenere table in Figure 3-10). To encrypt a message, you must know the security key and use it in conjunction with the plaintext message to determine the ciphertext.

As an example of a message on which the Vigenere cipher is applied, let’s use the security key PEARSON and the plaintext message of MEETING IN CONFERENCE ROOM. The first letter in the plaintext message is M, and the first letter in the key is P. We should locate the letter M across the headings for the columns. We follow that column down until it intersects with the row that starts with the letter P, resulting in the letter B. The second letter of the plaintext message is E, and the second letter in the key is E. Using the same method, we obtain the letter I. We continue in this same manner until we run out of key letters, and then we start over with the key, which would result in the second letter I in the plaintext message working with the letter P of the key.

So applying this technique to the entire message, the MEETING IN CONFERENCE ROOM plaintext message converts to BIEKABT XR CFFTRGINTW FBDQ ciphertext message.

Cryptosystem Features

A cryptosystem consists of software, protocols, algorithms, and keys. The strength of any cryptosystem comes from the algorithm and the length and secrecy of the key. For example, one method of making a cryptographic key more resistant to exhaustive attacks is to increase the key length. If the cryptosystem uses a weak key, it facilitates attacks against the algorithm.

While a cryptosystem supports the three core principles of the CIA triad, cryptosystems directly provide authentication, confidentiality, integrity, authorization, and non-repudiation. The availability tenet of the CIA triad is supported by cryptosystems, meaning that implementing cryptography will help to ensure that an organization’s data remains available. However, cryptography does not directly ensure data availability although it can be used to protect the data.

NIST SP 800-175A and B

NIST SP 800-175A and B are two Special Publications that provide guidelines for using cryptographic standards in the federal government. SP 800-175A lists all the directives, mandates, and policies that affect the selection of cryptographic standards for the federal government, while SP 800-175B discusses the cryptographic standards that are available and how they should be used.

NIST SP 800-175A lists the following laws as affecting cryptographic standards:

• Federal Information Security Management Act (FISMA)

• Health Information Technology for Economic and Clinical Health (HITECH) Act

• Federal Information Systems Modernization Act of 2014

• Cybersecurity Enhancement Act of 2014

The executive actions and the Office of Management and Budget (OMB) circulars and memorandums that affect U.S. government systems cryptography standards are also listed in NIST SP 800-175A. It also gives the definitions for the following policies:

• Information management policy: Specifies what information is to be collected or created, and how it is to be managed

• Information security policy: Supports and enforces portions of the organization’s information management policy by specifying in more detail what information is to be protected from anticipated threats and how that protection is to be attained

• Key management policy: Includes descriptions of the authorization and protection objectives and constraints that apply to the generation, distribution, accounting, storage, use, recovery, and destruction of cryptographic keying material, and the cryptographic services to be provided

Finally, NIST SP 800-175A lists the Risk Management Framework steps from NIST SP 800-37 that affect cryptography selection: categorization of information and information systems and selection of security controls.

NIST SP 800-175B covers the following cryptographic algorithms:

• Cryptographic hash functions

• Symmetric key algorithms

• Asymmetric key algorithms

It also discusses algorithm security strength, algorithm lifetime, and key management.

Security professionals who need help in selecting the appropriate cryptographic algorithms should refer to these SPs.

Cryptographic Mathematics

All cryptographic algorithms involve the use of mathematics. The fundamental mathematical concepts for cryptography are discussed in the following sections.

Cryptographic Life Cycle

When considering implementing cryptography or encryption techniques in an organization, security professionals must fully analyze the needs of the organization. Each technique has strengths and weaknesses. In addition, they each have specific purposes. Analyzing the needs of the organization will ensure that you identify the best algorithm to implement.

Professional organizations manage algorithms to ensure that they provide the protection needed. It is essential that security professionals research the algorithms they implement and understand any announcements from the governing organization regarding updates, retirements, or replacements to the implemented algorithms. The life cycle of any cryptographic algorithm involves implementation, maintenance, and retirement or replacement. Security professionals who fail to obtain up-to-date information regarding the algorithms implemented might find the organization’s reputation and their own personal reputation damaged as the result of this negligence.

Key Management

Key management in cryptography is essential to ensure that the cryptography provides confidentiality, integrity, and authentication. If a key is compromised, it can have serious consequences throughout an organization.

Key management involves the entire process of ensuring that keys are protected during creation, distribution, transmission, storage, and disposal. As part of this process, keys must also be destroyed properly. When you consider the vast number of networks over which the key is transmitted and the different types of systems on which a key is stored, the enormity of this issue really comes to light.

As the most demanding and critical aspect of cryptography, it is important that security professionals understand key management principles.

Keys should always be stored in ciphertext when stored on a noncryptographic device. Key distribution, storage, and maintenance should be automatic by integrating the processes into the application.

Because keys can be lost, backup copies should be made and stored in a secure location. A designated individual should have control of the backup copies with other designated individuals serving as emergency backups. The key recovery process should also require more than one operator to ensure that only valid key recovery requests are completed. In some cases, keys are even broken into parts and deposited with trusted agents, who provide their part of the key to a central authority when authorized to do so. Although other methods of distributing parts of a key are used, all the solutions involve the use of trustee agents entrusted with part of the key and a central authority tasked with assembling the key from its parts. Also, key recovery personnel should span across the entire organization and not just be members of the IT department.

Organizations should also limit the number of keys that are used. The more keys that you have, the more keys you must worry about and ensure are protected. Although a valid reason for issuing a key should never be ignored, limiting the number of keys issued and used reduces the potential damage.

When designing the key management process, security professionals should consider how to do the following:

• Securely store and transmit the keys.

• Use random keys.

• Issue keys of sufficient length to ensure protection.

• Properly destroy keys when no longer needed.

• Back up the keys to ensure that they can be recovered.

Running Key and Concealment Ciphers

Running key ciphers and concealment ciphers are considered classical methods of producing ciphertext. The running key cipher uses a physical component, usually a book, to provide the polyalphabetic characters. An indicator block must be included somewhere within the text so that the receiver knows where in the book the originator started. Therefore, the two parties must agree upon which book to use and where the indicator block will be included in the cipher message. Running key ciphers are also referred to as key ciphers and running ciphers.

A concealment cipher, also referred to as a null cipher, occurs when plaintext is interspersed somewhere within other written material. The two parties must agree on the key value, which defines which letters are part of the actual message. For example, every third letter or the first letter of each word is part of the real message. A concealment cipher belongs in the steganography realm.

Substitution Ciphers

A substitution cipher uses a key to substitute characters or character blocks with different characters or character blocks. The Caesar cipher and Vigenere cipher are two of the earliest forms of substitution ciphers.

Another example of a substitution cipher is a modulo 26 substitution cipher. With this cipher, the 26 letters of the alphabet are numbered in order starting at zero. The sender takes the original message and determines the number of each letter in the original message. Then the letter values for the keys are added to the original letter values. The value result is then converted back to text.

Figure 3-11 shows an example of a modulo 26 substitution cipher encryption. With this example, the original message is PEARSON, and the key is KEY. The ciphertext message is ZIYBSMX.

Substitution ciphers explained here include the following:

• One-time pads

• Steganography

One-Time Pads

A one-time pad, invented by Gilbert Vernam, is the most secure encryption scheme that can be used. If it’s used properly, an attacker cannot break a one-time pad. A one-time pad works like a running cipher in that the key value is added to the value of the letters. However, a one-time pad uses a key that is the same length as the plaintext message, whereas the running cipher uses a smaller key that is repeatedly applied to the plaintext message.

Figure 3-12 shows an example of a one-time pad encryption. With this example, the original message is PEARSON, and the key is JOHNSON. The ciphertext message is YSHEKCA.

To ensure that the one-time pad is secure, the following conditions must exist:

• Must be used only one time

• Must be as long as (or longer than) the message

• Must consist of random values

• Must be securely distributed

• Must be protected at its source and destination

Although the earlier example uses a one-time pad in a modulo 26 scheme, one-time pads can also be used at the bit level. When the bit level is used, the message is converted into binary, and an XOR operation occurs two bits at a time. The bits from the original message are combined with the key values to obtain the encrypted message. When you combine the values, the result is 0 if both values are the same and 1 if both values are different. An example of an XOR operation is as follows:

Original message  0 1 1 0 1 1 0 0

Key                       1 1 0 1 1 1 0 0

Cipher message    1 0 1 1 0 0 0 0

Transposition Ciphers

A transposition cipher scrambles the letters of the original message in a different order. The key determines the positions to which the letters are moved.

Figure 3-13 shows an example of a simple transposition cipher. With this example, the original message is PEARSON EDUCATION, and the key is 4231 2314. The ciphertext message is REAP ONSE AUCD IOTN. So you take the first four letters of the plaintext message (PEAR) and use the first four numbers (4231) as the key for transposition. In the new ciphertext, the letters would be REAP. Then you take the next four letters of the plaintext message (SONE) and use the next four numbers (2314) as the key for transposition. In the new ciphertext, the letters would be ONSE. Then you take the next four letters of the original message and apply the first four numbers of the key because you do not have any more numbers in the key. Continue this pattern until complete.

Symmetric Algorithms

Symmetric algorithms use a private or secret key that must remain secret between the two parties. Each party pair requires a separate private key. Therefore, a single user would need a unique secret key for every user with whom they communicate.

Consider an example where there are 10 unique users. Each user needs a separate private key to communicate with the other users. To calculate the number of keys that would be needed in this example, you would use the following formula:

# of users × (# of users – 1) / 2

Using this example, you would calculate 10 × (10 – 1) / 2, or 45 needed keys.

With symmetric algorithms, the encryption key must remain secure. To obtain the secret key, the users must find a secure out-of-band method for communicating the secret key, including courier or direct physical contact between the users.

A special type of symmetric key called a session key encrypts messages between two users during one communication session.

Symmetric algorithms can be referred to as single-key, secret-key, private-key, or shared-key cryptography.

Symmetric systems provide confidentiality but not authentication or non-repudiation. If both users use the same key, determining where the message originated is impossible.

Symmetric algorithms include DES, AES, IDEA, Skipjack, Blowfish, Twofish, RC4/RC5/RC6/RC7, and CAST. All these algorithms are discussed later in this chapter.

Table 3-12 lists the strengths and weaknesses of symmetric algorithms.

The two broad types of symmetric algorithms are stream-based ciphers and block ciphers. Initialization vectors (IVs) are an important part of block ciphers. These three components are discussed next.

Stream-Based Ciphers

Stream-based ciphers perform encryption on a bit-by-bit basis and use keystream generators. The keystream generators create a bit stream that is XORed with the plaintext bits. The result of this XOR operation is the ciphertext.

A synchronous stream-based cipher depends only on the key, and an asynchronous stream cipher depends on the key and plaintext. The key ensures that the bit stream that is XORed to the plaintext is random.

An example of a stream-based cipher is RC4, which is discussed later in this chapter.

Advantages of stream-based ciphers include the following:

• Generally have lower error propagation because encryption occurs on each bit

• Generally used more in hardware implementation

• Use the same key for encryption and decryption

• Generally cheaper to implement than block ciphers

• Employ only confusion concept

Block Ciphers

Block ciphers perform encryption by breaking the message into fixed-length units, called blocks. A message of 1,024 bits could be divided into 16 blocks of 64 bits each. Each of those 16 blocks is processed by the algorithm formulas, resulting in a single block of ciphertext.

Examples of block ciphers include IDEA, Blowfish, RC5, and RC6, which are discussed later in this chapter.

Advantages of block ciphers include the following:

• Implementation is easier than stream-based cipher implementation.

• Generally less susceptible to security issues.

• Generally used more in software implementations.

Block ciphers employ both confusion and diffusion. Block ciphers often use different modes: ECB, CBC, CFB, and CTR. These modes are discussed in detail later in this chapter.

Asymmetric Algorithms

Asymmetric algorithms use both a public key and a private or secret key. The public key is known by all parties, and the private key is known only by its owner. One of these keys encrypts the message, and the other decrypts the message.

In asymmetric cryptography, determining a user’s private key is virtually impossible even if the public key is known, although both keys are mathematically related. However, if a user’s private key is discovered, the encryption system can be compromised.

Asymmetric algorithms can be referred to as dual-key or public key cryptography.

Asymmetric systems provide confidentiality, integrity, authentication, and non-repudiation. Because both users have one unique key that is part of the process, determining where the message originated is possible.

If confidentiality is the primary concern for an organization, a message should be encrypted with the receiver’s public key, which is referred to as the secure message format. If authentication is the primary concern for an organization, a message should be encrypted with the sender’s private key, which is referred to as the open message format. When the open message format is used, the message can be decrypted by anyone with the sender’s public key.

Asymmetric algorithms include Diffie-Hellman, RSA, El Gamal, ECC, Knapsack, DSA, and zero-knowledge proof. All of these algorithms are discussed later in this chapter.

Table 3-13 lists the strengths and weaknesses of asymmetric algorithms.

Hybrid Ciphers

Because both symmetric and asymmetric algorithms have weaknesses, solutions have been developed that use both types of algorithms in a hybrid cipher. By using both algorithm types, the cipher provides confidentiality, authentication, and non-repudiation.

The process for hybrid encryption is as follows:

1. The symmetric algorithm provides the keys used for encryption.

2. The symmetric keys are then passed to the asymmetric algorithm, which encrypts the symmetric keys and automatically distributes them.

3. The message is then encrypted with the symmetric key.

4. Both the message and the key are sent to the receiver.

5. The receiver decrypts the symmetric key and uses the symmetric key to decrypt the message.

An organization should use hybrid encryption if the parties do not have a shared secret key and large quantities of sensitive data must be transmitted.

Elliptic Curves

Elliptic curves are public key algorithms that use mathematical functions to create faster, smaller, and more efficient cryptographic keys based on the elliptic curve theory. The algebraic structure of the elliptic curves over infinite fields provides a more difficult to break mechanism.

Quantum Cryptography

Quantum cryptography, also called quantum encryption, uses quantum mechanics principles to encrypt messages. Quantum’s multiple states, coupled with its “no change theory,” are used as part of the process. Quantum cryptography requires a quantum computer, which has the immense computing power to encrypt and decrypt data. A quantum computer could quickly crack current public key (asymmetric) cryptography.

Longer keys are a good defense against quantum computers breaking public key cryptography. Another good defense is to use symmetric encryption for the messages themselves and then use asymmetric encryption just for the keys.

DES and 3DES

Digital Encryption Standard (DES) is a symmetric encryption system created by the U.S. National Security Agency (NSA) but based on the 128-bit Lucifer algorithm by IBM. Originally, the algorithm was named Data Encryption Algorithm (DEA), and the DES acronym was used to refer to the standard. But in today’s world, DES is the more common term for both.

DES uses a 64-bit key, 8 bits of which are used for parity. Therefore, the effective key length for DES is 56 bits. DES divides the message into 64-bit blocks. Sixteen rounds of transposition and substitution are performed on each block, resulting in a 64-bit block of ciphertext.

DES has mostly been replaced by 3DES and AES (which is discussed later).

DES-X is a variant of DES that uses multiple 64-bit keys in addition to the 56-bit DES key. The first 64-bit key is XORed to the plaintext, which is then encrypted with DES. The second 64-bit key is XORed to the resulting cipher.

Double-DES, a DES version that uses a 112-bit key length, is no longer used. After it was released, a security attack occurred that reduced Double-DES security to the same level as DES.

DES Modes

DES comes in the following five modes:

• Electronic Code Book (ECB)

• Cipher Block Chaining (CBC)

• Cipher Feedback (CFB)

• Output Feedback (OFB)

• Counter Mode (CTR)

In ECB, 64-bit blocks of data are processed by the algorithm using the key. The ciphertext produced can be padded to ensure that the result is a 64-bit block. If an encryption error occurs, only one block of the message is affected. ECB operations run in parallel, making it a fast method.

Although ECB is the easiest and fastest mode to use, it has security issues because every 64-bit block is encrypted with the same key. If an attacker discovers the key, all the blocks of data can be read. If an attacker discovers both versions of the 64-bit block (plaintext and ciphertext), the key can be determined. For these reasons, the mode should not be used when encrypting a large amount of data because patterns would emerge.

ECB is a good choice if an organization needs encryption for its databases because ECB works well with the encryption of short messages. Figure 3-14 shows the ECB encryption process.

In CBC, each 64-bit block is chained together because each resultant 64-bit ciphertext block is applied to the next block. So plaintext message block 1 is processed by the algorithm using an IV (discussed earlier in this chapter). The resultant ciphertext message block 1 is XORed with plaintext message block 2, resulting in ciphertext message 2. This process continues until the message is complete.

Unlike ECB, CBC encrypts large files without having any patterns within the resulting ciphertext. If a unique IV is used with each message encryption, the resultant ciphertext will be different every time, even in cases where the same plaintext message is used. Figure 3-15 shows the CBC encryption process.

Whereas CBC and ECB require 64-bit blocks, CFB works with 8-bit (or smaller) blocks and uses a combination of stream ciphering and block ciphering. Like CBC, the first 8-bit block of the plaintext message is XORed by the algorithm using a keystream, which is the result of an IV and the key. The resultant ciphertext message is applied to the next plaintext message block. Figure 3-16 shows the CFB encryption process.

The size of the ciphertext block must be the same size as the plaintext block. The method that CFB uses can have issues if any ciphertext result has errors because those errors will affect any future block encryption. For this reason, CFB should not be used to encrypt data that can be affected by this problem, particularly video or voice signals. This problem led to the need for DES OFB mode.

Similar to CFB, OFB works with 8-bit (or smaller) blocks and uses a combination of stream ciphering and block ciphering. However, OFB uses the previous keystream with the key to create the next keystream. Figure 3-17 shows the OFB encryption process.

With OFB, the size of the keystream value must be the same size as the plaintext block. Because of the way in which OFB is implemented, OFB is less susceptible to the error type that CFB has.

CTR mode is similar to OFB mode. The main difference is that CTR mode uses an incrementing IV counter to ensure that each block is encrypted with a unique keystream. Also, the ciphertext is not chaining into the encryption process. Because this chaining does not occur, CTR performance is much better than the other modes. Figure 3-18 shows the CTR encryption process.

3DES and Modes

Because of the need to quickly replace DES, Triple DES (3DES), a version of DES that increases security by using three 56-bit keys, was developed. Although 3DES is resistant to attacks, it is up to three times slower than DES. 3DES did serve as a temporary replacement to DES. However, NIST has actually designated the Advanced Encryption Standard (AES) as the replacement for DES. Even though 3DES was an improvement over DES, modern applications should not use 3DES.

3DES comes in the following four modes:

• 3DES-EEE3: Each block of data is encrypted three times, each time with a different key.

• 3DES-EDE3: Each block of data is encrypted with the first key, decrypted with the second key, and encrypted with the third key.

• 3DES-EEE2: Each block of data is encrypted with the first key, encrypted with the second key, and finally encrypted again with the first key.

• 3DES-EDE2: Each block of data is encrypted with the first key, decrypted with the second key, and finally encrypted again with the first key.

AES

Advanced Encryption Standard (AES) is the replacement algorithm for DES. When NIST decided a new standard was needed because DES had been cracked, NIST was presented with five industry options:

• IBM’s MARS

• RSA Laboratories’ RC6

• Anderson, Biham, and Knudsen’s Serpent

• Counterpane Systems’ Twofish

• Daemen and Rijmen’s Rijndael

Of these choices, NIST selected Rijndael. So although AES is considered the standard, the algorithm that is used in the AES standard is the Rijndael algorithm. The AES and Rijndael terms are often used interchangeably.

The three block sizes that are used in the Rijndael algorithm are 128, 192, and 256 bits. A 128-bit key with a 128-bit block size undergoes 10 transformation rounds. A 192-bit key with a 192-bit block size undergoes 12 transformation rounds. Finally, a 256-bit key with a 256-bit block size undergoes 14 transformation rounds.

Rijndael employs transformations composed of three layers: the nonlinear layer, key addition layer, and linear-maxing layer. The Rijndael design is very simple, and its code is compact, which allows it to be used on a variety of platforms. It is the required algorithm for sensitive but unclassified U.S. government data.

IDEA

International Data Encryption Algorithm (IDEA) is a block cipher that uses 64-bit blocks. Each 64-bit block is divided into 16 smaller blocks. IDEA uses a 128-bit key and performs eight rounds of transformations on each of the 16 smaller blocks.

IDEA is faster and harder to break than DES. However, IDEA is not as widely used as DES or AES because it was patented, and licensing fees had to be paid to IDEA’s owner, a Swiss company named Ascom. However, the patent expired in 2012. IDEA is used in PGP, which is discussed later in this chapter.

Skipjack

Skipjack is a block-cipher, symmetric algorithm developed by the U.S. NSA. It uses an 80-bit key to encrypt 64-bit blocks. This is the algorithm that is used in the Clipper chip. Algorithm details are classified.

Blowfish

Blowfish is a block cipher that uses 64-bit data blocks using anywhere from 32- to 448-bit encryption keys. Blowfish performs 16 rounds of transformation. Initially developed with the intention of serving as a replacement to DES, Blowfish is one of the few algorithms that are not patented.

Twofish

Twofish is a version of Blowfish that uses 128-bit data blocks using 128-, 192-, and 256-bit keys. It uses 16 rounds of transformation. Like Blowfish, Twofish is not patented.

RC4/RC5/RC6/RC7

A total of seven RC algorithms have been developed by Ron Rivest. RC1 was never published, RC2 was a 64-bit block cipher, and RC3 was broken before release. So the main RC implementations that a security professional needs to understand are RC4, RC5, RC6, and RC7.

RC4, also called ARC4, is one of the most popular stream ciphers. It is used in SSL and WEP (both of which are discussed in more detail in Chapter 4, “Communication and Network Security”). RC4 uses a variable key size of 40 to 2,048 bits and up to 256 rounds of transformation.

RC5 is a block cipher that uses a key size of up to 2,048 bits and up to 255 rounds of transformation. Block sizes supported are 32, 64, or 128 bits. Because of all the possible variables in RC5, the industry often uses an RC5=w/r/b designation, where w is the block size, r is the number of rounds, and b is the number of 8-bit bytes in the key. For example, RC5-64/16/16 denotes a 64-bit word (or 128-bit data blocks), 16 rounds of transformation, and a 16-byte (128-bit) key.

RC6 is a block cipher based on RC5, and it uses the same key size, rounds, and block size. RC6 was originally developed as an AES solution, but lost the contest to Rijndael. RC6 is faster than RC5.

RC7 is a block cipher based on RC6. Although it uses the same key size and rounds, it has a block size of 256 bits. In addition, it uses six working registers instead of four. As a result, it is much faster than RC6.

CAST

CAST, invented by Carlisle Adams and Stafford Tavares, has two versions: CAST-128 and CAST-256. CAST-128 is a block cipher that uses a 40- to 128-bit key that will perform 12 or 16 rounds of transformation on 64-bit blocks. CAST-256 is a block cipher that uses a 128-, 160-, 192-, 224-, or 256-bit key that will perform 48 rounds of transformation on 128-bit blocks.

Table 3-14 lists the key facts about each symmetric algorithm.

Diffie-Hellman

Diffie-Hellman is an asymmetric key agreement algorithm created by Whitfield Diffie and Martin Hellman. Diffie-Hellman is responsible for the key agreement process. The key agreement process includes the following steps:

1. John and Sally need to communicate over an encrypted channel and decide to use Diffie-Hellman.

2. John generates a private and public key, and Sally generates a private and a public key.

3. John and Sally share their public keys with each other.

4. An application on John’s computer takes John’s private key and Sally’s public key and applies the Diffie-Hellman algorithm, and an application on Sally’s computer takes Sally’s private key and John’s public key and applies the Diffie-Hellman algorithm.

5. Through this application, the same shared value is created for John and Sally, which in turn creates the same symmetric key on each system using the asymmetric key agreement algorithm.

Through this process, Diffie-Hellman provides secure key distribution, but not confidentiality, authentication, or non-repudiation. The key to this algorithm is dealing with discrete logarithms. Diffie-Hellman is susceptible to man-in-the-middle (or on-path) attacks unless an organization implements digital signatures or digital certificates for authentication at the beginning of the Diffie-Hellman process.

RSA

RSA is the most popular asymmetric algorithm and was invented by Ron Rivest, Adi Shamir, and Leonard Adleman. RSA can provide key exchange, encryption, and digital signatures. The strength of the RSA algorithm is the difficulty of finding the prime factors of very large numbers. RSA uses a 1,024- to 4,096-bit key and performs one round of transformation.

RSA-768 and RSA-704 have been factored. If factorization of the prime numbers used by an RSA implementation occurs, then the implementation is considered breakable and should not be used. RSA-2048 is the largest RSA number. RSA-4096 is also available and has not been broken either. While RSA-4096 is considered stronger, organizations may be unable to deploy RSA-4096 because an application may limit them to 2048.

As a key exchange protocol, RSA encrypts a DES or an AES symmetric key for secure distribution. RSA uses a one-way function to provide encryption/decryption and digital signature verification/generation. The public key works with the one-way function to perform encryption and digital signature verification. The private key works with the one-way function to perform decryption and signature generation.

In RSA, the one-way function is a trapdoor. The private key knows the one-way function. The private key is capable of determining the original prime numbers. Finally, the private key knows how to use the one-way function to decrypt the encrypted message.

Attackers can use Number Field Sieve (NFS), a factoring algorithm, to attack RSA.

El Gamal

El Gamal is an asymmetric key algorithm based on the Diffie-Hellman algorithm. Like Diffie-Hellman, El Gamal deals with discrete logarithms. However, whereas Diffie-Hellman can be used only for key agreement, El Gamal can provide key exchange, encryption, and digital signatures.

With El Gamal, any key size can be used. However, a larger key size negatively affects performance. Because El Gamal is the slowest asymmetric algorithm, using a key size of 1,024 bits or less would be wise.

ECC

Elliptic Curve Cryptosystem (ECC) provides secure key distribution, encryption, and digital signatures. The elliptic curve’s size defines the difficulty of the problem.

Although ECC can use a key of any size, it can use a much smaller key than RSA or any other asymmetric algorithm and still provide comparable security. Therefore, the primary benefit promised by ECC is a smaller key size, reducing storage and transmission requirements. ECC is more efficient and provides better security than RSA keys of the same size.

Figure 3-19 shows an elliptic curve example with the elliptic curve equation.

Knapsack

Knapsack is a series of asymmetric algorithms that provide encryption and digital signatures. This algorithm family is no longer used due to security issues.

Zero-Knowledge Proof

A zero-knowledge proof is a technique used to ensure that only the minimum needed information is disclosed without giving all the details. An example of this technique occurs when one user encrypts data with a private key and the receiver decrypts with the originator’s public key. The originator has not given the private key to the receiver. But the originator is proving that they have their private key simply because the receiver can read the message.

Certificate Authority and Registration Authority

Any participant that requests a certificate must first go through the registration authority (RA), which verifies the requestor’s identity and registers the requestor. After the identity is verified, the RA passes the request to the certificate authority (CA).

A CA is the entity that creates and signs digital certificates, maintains the certificates, and revokes them when necessary. Every entity that wants to participate in the PKI must contact the CA and request a digital certificate. The CA is the ultimate authority for the authenticity for every participant in the PKI and signs each digital certificate. The certificate binds the identity of the participant to the public key.

There are different types of CAs. Some existing organizations provide a PKI as a payable service to companies that need them. An example is Symantec. Some organizations implement their own private CAs so that the organization can control all aspects of the PKI process. If an organization is large enough, it might need to provide a structure of CAs, with the root CA being the highest in the hierarchy.

Because more than one entity is often involved in the PKI certification process, certification path validation allows the participants to check the legitimacy of the certificates in the certification path.

Certificates

A digital certificate provides an entity, usually a user, with the credentials to prove its identity and associates that identity with a public key. At a minimum, a digital certificate must provide the serial number, the issuer, the subject (owner), and the public key.

An X.509 certificate complies with the X.509 standard. An X.509 certificate contains the following fields:

• Version

• Serial Number

• Algorithm ID

• Issuer

• Validity

• Subject

• Subject Public Key Info

• Public Key Algorithm

• Subject Public Key

• Issuer Unique Identifier (optional)

• Subject Unique Identifier (optional)

• Extensions (optional)

Symantec first introduced the following digital certificate classes:

• Class 1: For individuals; used to protect email. These certificates get saved by web browsers.

• Class 2: For organizations that must provide proof of identity.

• Class 3: For servers and software signing in which independent verification and identity and authority checking are done by the issuing CA.

Certificate Life Cycle

Security professionals should understand the certificate life cycle. According to Microsoft, the certificate life cycle includes the following events:

• CAs are installed, and the CA certificates are issued.

• Certificates are issued by CAs to entities.

• Certificates are revoked (as necessary), renewed, or allowed to expire.

• The CAs’ certificates are renewed before they expire, are revoked, or retired.

NIST Interagency Report (NISTIR) 7924, titled “Reference Certificate Policy,” identifies a baseline set of security controls and practices to support the secure issuance of certificates. This report is in its second draft and can be found at https://csrc.nist.gov/CSRC/media/Publications/nistir/7924/draft/documents/nistir_7924_2nd_draft.pdf.

According to NISTIR 7924, the certificate application process must provide sufficient information to

• Establish the applicant’s authorization (by the employing or sponsoring organization) to obtain a certificate.

• Establish and record the identity of the applicant.

• Obtain the applicant’s public key and verify the applicant’s possession of the private key for each certificate required.

• Verify any role or authorization information requested for inclusion in the certificate.

In this document, the steps of the certificate process are as follows:

1. Certificate application

2. Certificate application processing

3. Certificate issuance

4. Certificate acceptance

5. Key pair and certificate usage

6. Certificate renewal

7. Certificate re-key

8. Certificate modification

9. Certificate revocation and suspension

10. End of subscription

11. Key escrow and recovery

These steps may be performed in any order that is convenient for the CA and applicants that does not compromise security, but all must be completed before certificate issuance.

For the CISSP exam, you should know the four main steps that involve how a certificate is issued to an entity: enrollment, verification, revocation, and renewal and modification.

Certificate Revocation List

A certificate revocation list (CRL) is a list of digital certificates that a CA has irreversibly revoked. To find out whether a digital certificate has been revoked, the browser must either check the CRL or receive the CRL values pushed out from the CA. This process can become quite daunting when you consider that the CRL contains every certificate that has ever been revoked.

One concept to keep in mind is the revocation request grace period. This period is the maximum amount of time between when the revocation request is received by the CA and when the revocation actually occurs. A shorter revocation period provides better security but often results in a higher implementation cost.

OCSP

Online Certificate Status Protocol (OCSP) is an Internet protocol that obtains the revocation status of an X.509 digital certificate. OCSP is an alternative to the standard CRL that is used by many PKIs. OCSP automatically validates the certificates and reports back the status of the digital certificate by accessing the CRL on the CA.

PKI Steps

The steps involved in requesting a digital certificate are as follows:

1. A user requests a digital certificate, and the RA receives the request.

2. The RA requests identifying information from the requestor.

3. After the required information is received, the RA forwards the certificate request to the CA.

4. The CA creates a digital certificate for the requestor. The requestor’s public key and identity information are included as part of the certificate.

5. The user receives the certificate.

After the user has a certificate, that user is considered a trusted entity and is ready to communicate with other trusted entities. The process for communication between entities is as follows:

1. User 1 requests User 2’s public key from the certificate repository.

2. The repository sends User 2’s digital certificate to User 1.

3. User 1 verifies the certificate and extracts User 2’s public key.

4. User 1 encrypts the session key with User 2’s public key and sends the encrypted session key and User 1’s certificate to User 2.

5. User 2 receives User 1’s certificate and verifies the certificate with a trusted CA.

After this certificate exchange and verification process occurs, the two entities are able to communicate using encryption.

Cross-Certification

Cross-certification establishes trust relationships between CAs so that the participating CAs can rely on the other participants’ digital certificates and public keys. It enables users to validate each other’s certificates when they are actually certified under different certification hierarchies. A CA for one organization can validate digital certificates from another organization’s CA when a cross-certification trust relationship exists.

Hashing

Hash functions were explained earlier in this chapter. In the following sections, we discuss some of the most popular hash functions. Some of them might no longer be commonly used because more secure alternatives are available.

Security professionals should be familiar with the following hash functions:

• One-way hash

• MD2/MD4/MD5/MD6

• SHA/SHA-2/SHA-3

• HAVAL

• RIPEMD-160

• Tiger

One-Way Hash

A hash function takes a message of variable length and produces a fixed-length hash value. Hash values, also referred to as message digests, are calculated using the original message. If the receiver calculates a hash value that is the same, then the original message is intact. If the receiver calculates a hash value that is different, then the original message has been altered.

Using a given function H, the following equation must be true to ensure that the original message, M1, has not been altered or replaced with a new message, M2:

H(M1) < > H(M2)

For a one-way hash to be effective, creating two different messages with the same hash value must be mathematically impossible. Given a hash value, discovering the original message from which the hash value was obtained must be mathematically impossible. A one-way hash algorithm is collision free if it provides protection against creating the same hash value from different messages.

Unlike symmetric and asymmetric algorithms, the hashing algorithm is publicly known. Hash functions are always performed in one direction. Using it in reverse is unnecessary.

However, one-way hash functions do have limitations. If an attacker intercepts a message that contains a hash value, the attacker can alter the original message to create a second invalid message with a new hash value. If the attacker then sends the second invalid message to the intended recipient, the intended recipient will have no way of knowing that they received an incorrect message. When the receiver performs a hash value calculation, the invalid message will look valid because the invalid message was appended with the attacker’s new hash value, not the original message’s hash value. To prevent this from occurring, the sender should use message authentication code (MAC).

Encrypting the hash function with a symmetric key algorithm generates a keyed MAC. The symmetric key does not encrypt the original message. It is used only to protect the hash value.

Figure 3-20 illustrates the basic steps of a hash function.

Message Authentication Code

MAC was explained earlier in this chapter. Here, we discuss the three types of MACs with which security professionals should be familiar:

• HMAC

• CBC-MAC

• CMAC

HMAC

A hash MAC (HMAC) is a keyed-hash MAC that involves a hash function with symmetric key. HMAC provides data integrity and authentication. Any of the previously listed hash functions can be used with HMAC, with the HMAC name being appended with the hash function name, as in HMAC-SHA-1. The strength of HMAC depends on the strength of the hash function, including the hash value size and the key size.

HMAC’s hash value output size will be the same as the underlying hash function. HMAC can help to reduce the collision rate of the hash function.

The basic steps of an HMAC process are as follows:

1. The sender and receiver agree on which symmetric key to use.

2. The sender joins the symmetric key to the message.

3. The sender applies a hash algorithm to the message and obtains a hash value.

4. The sender adds a hash value to the original message, and the sender sends the new message to the receiver.

5. The receiver receives the message and joins the symmetric key to the message.

6. The receiver applies the hash algorithm to the message and obtains a hash value.

7. If the hash values are the same, the message has not been altered. If the hash values are different, the message has been altered.

CBC-MAC

Cipher Block Chaining MAC (CBC-MAC) is a block-cipher MAC that operates in CBC mode. CBC-MAC provides data integrity and authentication.

The basic steps of a CBC-MAC process are as follows:

1. The sender and receiver agree on which symmetric block cipher to use.

2. The sender encrypts the message with the symmetric block cipher in CBC mode. The last block is the MAC.

3. The sender adds the MAC to the original message, and the sender sends the new message to the receiver.

4. The receiver receives the message and encrypts the message with the symmetric block cipher in CBC mode.

5. The receiver obtains the MAC and compares it to the sender’s MAC.

6. If the values are the same, the message has not been altered. If the values are different, the message has been altered.

Salting

Lookup tables and rainbow tables work because each password is hashed exactly the same way. If two users have the same password, they have the same hashed password if random hashes are not used. To prevent attack, security professionals should ensure that each hash is randomized. Then, when the same password is hashed twice, the hashes are not the same.

Salting means randomly adding data to a one-way function that “hashes” a password or passphrase. The primary function of salting is to defend against dictionary attacks versus a list of password hashes and against precomputed rainbow table attacks.

A security professional should randomize the hashes by appending or prepending a random string, called a salt, to the password before hashing. To check whether a password is correct, the attacker needs to know the value of the salt added. The salt usually can be stored in the user account database, or another secure location, along with the hash, or as part of the hash string itself.

Attackers do not know in advance what the salt will be, so they cannot precompute a lookup table or rainbow table. If each user’s password is hashed with a different salt, a reverse lookup table attack doesn’t work either.

If salts are used, security professionals must ensure that they are not reused and are not too short. A new random salt must be generated each time an administrator creates a user account or a user changes their password. A good rule of thumb is to use a salt that is the same size as the output of the hash function. For example, the output of SHA-256 is 256 bits (32 bytes), so the salt should be at least 32 random bytes.

Salts should be generated using a cryptographically secure pseudo-random number generator (CSPRNG). As the name suggests, a CSPRNG is designed to provide a high level of randomness and is completely unpredictable.

DSS

The Digital Signature Standard (DSS) is a federal digital security standard that governs the Digital Security Algorithm (DSA). DSA generates a message digest of 160 bits. The U.S. federal government requires the use of DSA, RSA (discussed earlier in this chapter), or Elliptic Curve DSA (ECDSA) and SHA for digital signatures. DSA is slower than RSA and provides only digital signatures. RSA provides digital signatures, encryption, and secure symmetric key distribution.

Non-repudiation

Non-repudiation occurs when a sender is provided with proof of delivery to a receiver, and a receiver is provided with proof of the sender’s identity. If non-repudiation is implemented correctly, the sender cannot later deny having sent the information.

In addition to digital signatures, non-repudiation is also used in digital contracts and email. Email non-repudiation involves methods such as email tracking.

Link Encryption Versus End-to-End Encryption

Link encryption encrypts all the data that is transmitted over a link. End-to-end encryption encrypts less of the packet information than link encryption.

Email Security

Email security methods include the PGP, MIME, and S/MIME email standards that are popular in today’s world.

Internet Security

Internet security includes remote access; SSL/TLS; HTTP, HTTPS, and S-HTTP; SET; cookies; SSH; and IPsec and ISAKMP.

Ciphertext-Only Attack

In a ciphertext-only attack, an attacker uses several encrypted messages (ciphertext) to figure out the key used in the encryption process. Although it is a very common type of attack, it is usually not successful because so little is known about the encryption used.

Known Plaintext Attack

In a known plaintext attack, an attacker uses various plaintext and ciphertext versions of a message or more messages to discover the key used. This type of attack implements reverse engineering, frequency analysis, or brute force to determine the key so that all messages can be deciphered.

Chosen Plaintext Attack

In a chosen plaintext attack, an attacker chooses the plaintext to get encrypted to obtain the ciphertext. The attacker sends a message hoping that the user will forward that message as ciphertext to another user. The attacker captures the ciphertext version of the message and tries to determine the key by comparing the plaintext version that was originated with the captured ciphertext version. Once again, key discovery is the goal of this attack.

Chosen Ciphertext Attack

A chosen ciphertext attack is the opposite of a chosen plaintext attack. In a chosen ciphertext attack, an attacker chooses the ciphertext to be decrypted to obtain the plaintext. This attack is more difficult because control of the system that implements the algorithm is needed.

Social Engineering

Social engineering attacks against cryptographic algorithms do not differ greatly from social engineering attacks against any other security area. Attackers attempt to trick users into giving the attacker the cryptographic key used. Common social engineering methods include intimidation, enticement, or inducement.

Brute Force

As with a brute-force attack against passwords, a brute-force attack executed against a cryptographic algorithm uses all possible keys until a key is discovered that successfully decrypts the ciphertext. This attack requires considerable time and processing power and is very difficult to complete.

Differential Cryptanalysis

Differential cryptanalysis measures the execution times and power required by the cryptographic device. The measurements help to detect the key and algorithm used.

Linear Cryptanalysis

Linear cryptanalysis is a known plaintext attack that uses linear approximation, which describes the behavior of the block cipher. An attacker is more successful with this type of attack when more plaintext and matching ciphertext messages are obtained.

Algebraic Attack

Algebraic attacks rely on the algebra used by cryptographic algorithms. If an attacker exploits known vulnerabilities of the algebra used, looking for those vulnerabilities can help the attacker to determine the key and algorithm used.

Frequency Analysis

Frequency analysis is an attack that relies on the fact that substitution and transposition ciphers will result in repeated patterns in ciphertext. Recognizing the patterns of 8 bits and counting them can allow an attacker to use reverse substitution to obtain the plaintext message.

Frequency analysis usually involves the creation of a chart that lists all the letters of the alphabet alongside the number of times that letter occurs. So if the letter Q in the frequency lists has the highest value, a good possibility exists that this letter is actually E in the plaintext message because E is the most used letter in the English language. The ciphertext letter is then replaced in the ciphertext with the plaintext letter.

Today’s algorithms are considered too complex to be susceptible to this type of attack.

Birthday Attack

A birthday attack uses the premise that finding two messages that result in the same hash value is easier than matching a message and its hash value. Most hash algorithms can resist simple birthday attacks.

Dictionary Attack

Similar to a brute-force attack, a dictionary attack uses all the words in a dictionary until a key is discovered that successfully decrypts the ciphertext. This attack requires considerable time and processing power and is very difficult to complete. It also requires a comprehensive dictionary of words.

Replay Attack

In a replay attack, an attacker sends the same data repeatedly in an attempt to trick the receiving device. This data is most commonly authentication information. The best countermeasures against this type of attack are timestamps and sequence numbers.

Analytic Attack

In analytic attacks, attackers use known structural weaknesses or flaws to determine the algorithm used. If a particular weakness or flaw can be exploited, then the possibility of a particular algorithm being used is more likely.

Statistical Attack

Whereas analytic attacks look for structural weaknesses or flaws, statistical attacks use known statistical weaknesses of an algorithm to aid in the attack.

Factoring Attack

A factoring attack is carried out against the RSA algorithm by using the solutions of factoring large numbers.

Reverse Engineering

One of the most popular cryptographic attacks, reverse engineering occurs when an attacker purchases a particular cryptographic product to attempt to reverse engineer the product to discover any information about the cryptographic algorithm used, whether the information is the key or the algorithm itself.

Meet-in-the-Middle Attack

In a meet-in-the middle attack, an attacker tries to break the algorithm by encrypting from one end and decrypting from the other to determine the mathematical problem used.

Ransomware Attack

In a ransomware attack, a user accidentally installs a program that allows an attacker to encrypt files or folders on the user’s computer. To obtain access to the files and folders that are encrypted, the victim must pay a fine to obtain access to their data. Two of the more recent variants of this type of attack are the CryptoLocker, which targeted Windows computers and infected email attachments using a Trojan, and WannaCry, which also targeted Windows computers and demanded payment in Bitcoin.

Side-Channel Attack

In a side-channel attack, information from the implementation of a computer system is obtained, rather than exploiting a weakness in the algorithm itself. Areas that are exploited include the computer’s cache, timing, acoustics, and data remanence. It usually involves monitoring communication within the different components of the computer to determine the secret key.

Implementation Attack

An implementation attack, a specific type of side-channel attack, exploits implementation weaknesses in algorithms, focusing on software code, errors, and other flaws. This type of attack can be carried out in a physical or logical manner. Physical attacks target physical leakage of a device, meaning the attacker attempts to obtain the data from the hard drive or the hard drive itself. Logical attacks try to observe some parameters of the algorithm.

Fault Injection

Fault injection attacks, which are a type of side-channel attack, are carried out on crypto-devices. A single fault injected during encryption can reveal the cipher's secret key. Fault injection attacks on crypto-devices include power supply voltage variations, clock signal irregularity injections, electro-magnetics disturbances, overheating, and light exposure.

Timing Attack

A timing attack is a type of side-channel attack wherein an attacker attempts to compromise an algorithm by analyzing the time taken to encrypt or decrypt data. Timing attacks are easier to carry out if the attacker knows hardware implementation details and the cryptographic system used.

Pass-the-Hash Attack

A pass-the-hash attack allows an attacker to authenticate to a remote server or service by using the underlying hash of a user’s password, instead of the plaintext password itself. This attack requires that an attacker steal the password’s hash, rather than the plaintext password, and use it for authentication.

Document DRM

Organizations implement DRM to protect confidential or sensitive documents and data. Commercial DRM products allow organizations to protect documents and include the capability to restrict and audit access to documents. Some of the permissions that can be restricted using DRM products include reading and modifying a file, removing and adding watermarks, downloading and saving a file, printing a file, or even taking screenshots. If a DRM product is implemented, the organization should ensure that the administrator is properly trained and that policies are in place to ensure that rights are appropriately granted and revoked.

Music DRM

DRM has been used in the music industry for some time now. Subscription-based music services, such as Napster, use DRM to revoke a user’s access to downloaded music after their subscription expires. Although technology companies have petitioned the music industry to allow them to sell music without DRMs, the industry has been reluctant to do so.

Movie DRM

Although the movie industry has used a variety of DRM schemes over the years, two main technologies are used for the mass distribution of media:

• Content Scrambling System (CSS): Uses encryption to enforce playback and region restrictions on DVDs. This system can be broken using Linux’s DeCSS tool.

• Advanced Access Content System (AACS): Protects Blu-ray and HD DVD content. Hackers have been able to obtain the encryption keys to this system.

This industry continues to make advances to prevent hackers from creating unencrypted copies of copyrighted material.

Video Game DRM

Most video game DRM implementations rely on proprietary consoles that use Internet connections to verify video game licenses. Most consoles today verify the license upon installation and allow unrestricted use from that point. However, to obtain updates, the license will again be verified prior to download and installation of the update.

E-book DRM

E-book DRM is considered to be the most successful DRM deployment. Both Amazon’s Kindle and Barnes and Noble’s Nook devices implement DRM to protect electronic forms of books. Both of these companies have released mobile apps that function like the physical e-book devices.

Today’s implementation uses a decryption key that is installed on the device. This means that the e-books cannot be easily copied between e-book devices or applications. Adobe created the Adobe Digital Experience Protection Technology (ADEPT) that is used by most e-book readers except Amazon’s Kindle. With ADEPT, AES is used to encrypt the media content, and RSA encrypts the AES key.

Layered Defense Model

All physical security should be based in a layered defense model. In such a model, reliance should not be based on any single physical security concept but on the use of multiple approaches that support one another. The theory is that if one tier of defense (say, for example, perimeter security) fails, another layer will serve as a backup (such as locks on the server room door). Layering the concepts discussed in this chapter can strengthen the overall physical security.

CPTED

Crime Prevention Through Environmental Design (CPTED) refers to designing a facility from the ground up to support security. It is actually a broad concept that can be applied to any project (housing developments, office buildings, and retail establishments). It addresses the building entrance, landscaping, and interior design. It aims to create behavioral effects that reduce crime. The three main strategies that guide CPTED are covered here.

Physical Security Plan

Another important aspect of site and facility design is the proper convergence between the physical layout and the physical security plan. Achieving all the goals of CPTED may not be always possible, and in cases where gaps exist, the physical security plan should include policies and/or procedures designed to close any gaps. The plan should address the following issues.

Facility Selection Issues

When an organization moves to a new facility or enlarges an existing one, it is a great opportunity to include physical security issues in the site selection process or in the expansion plan. Next, we look at some critical items to consider if this opportunity presents itself.

Doors

A variety of door types and door materials can be used in buildings. They can either be hollow, which are used inside the building, or solid, typically used at the edge of the building and in places where additional security is required. Some door types with which a security professional should be familiar and prepared to select for protection are

• Vault doors: Leading into walk-in safes or security rooms

• Personnel doors: Used by humans to enter the facility

• Industrial doors: Large doors that allow access to larger vehicles

• Vehicle access doors: Doors to parking building or lots

• Bullet-resistant doors: Doors designed to withstand firearms

Turnstiles and Mantraps

Two special types of physical access control devices, turnstiles and mantraps, also require mention. Although you might be familiar with a turnstile, which can be opened by scanning or swiping an access card, a mantrap is an unusual system with which you might not be familiar.

A mantrap is a series of two doors with a small room between them. The user is authenticated at the first door and then allowed into the room. At that point, additional verification occurs (such as a guard visually identifying the person), and then the person is allowed through the second door. These doors are typically used only in very high security situations. Mantraps also typically require that the first door is closed prior to enabling the second door to open. Figure 3-21 shows a mantrap design.

Locks

Locks are also used in places other than doors, such as protecting cabinets and securing devices. Types of mechanical locks with which you should be familiar are

• Warded locks: These have a spring-loaded bolt with a notch in it. The lock has wards or metal projections inside the lock with which the key will match and enable opening the lock. A warded lock design is shown in Figure 3-22.

• Tumbler locks: These have more moving parts than the warded locks, and the key raises the lock metal piece to the correct height. A tumbler lock design is shown in Figure 3-23.

• Combination locks: These require rotating the lock in a pattern that, if correct, lines up the tumblers, opening the lock. A combination lock design is shown in Figure 3-24.

In the case of device locks, laptops are the main item that must be protected because they are so easy to steal. Laptops should never be left in the open without being secured to something solid with a cable lock. These are vinyl-coated steel cables that connect to the laptop and then lock around a hard-to-move object, such as a table or desk leg.

Biometrics

The most expensive physical access control to deploy is a biometric device. Biometric devices rely on human interaction and are covered extensively in Chapter 5.

Type of Glass Used for Entrances

Glass entryways, which have become common in many facilities, include windows, glass doors, and glass walls. The proper glass must be selected for the situation. A security professional should be familiar with the following types of glass:

• Standard glass: Used in residential areas and is easily broken

• Tempered glass: Created by heating the glass, which gives it extra strength

• Acrylic glass: Made of polycarbonate acrylic; is much stronger than regular glass but produces toxic fumes when burned

• Laminated glass: Made of two sheets of glass with a plastic film between, which makes breaking it more difficult

In areas where regular glass must be used but security is a concern, glass that is embedded with wire to reduce the likelihood of breaking and entering can be used. An even stronger option is to supplement the windows with steel bars.

Visitor Control

Some system of identifying visitors and controlling their access to the facility must be in place. The best system is to have a human present to require all visitors to sign in before entering. If that option is unfeasible, another option is to provide an entry point at which visitors are presented with a locked door and a phone that can be used to call and request access. Either of these methods helps to prevent unauthorized persons from simply entering the building and going where they please.

Another best practice with regard to visitors is to have personnel always accompany a contractor or visitor to their destination to help ensure they are not going where they shouldn’t. In low security situations, this practice might not be necessary but is recommended in high security areas. Finally, log all visitors.

Wiring Closets/Intermediate Distribution Facilities

Lock any areas where equipment is stored, and control access to them. Having a strict inventory of all equipment so theft can be discovered is also important. For data centers and server rooms, the bar is raised even higher. There is more on this topic later.

Restricted and Work Areas

Some system should be in place to separate areas by security. Some specific places where additional security measures might be required are discussed here. Most of these measures apply to both visitors and employees. Following the least privilege policies and prohibiting some employees from certain areas might be beneficial.

Environmental Security and Issues

Although most considerations concerning security revolve around preventing mischief, preventing damage to data and equipment from environmental conditions is also the responsibility of the security team because it addresses the availability part of the CIA triad. In the following sections, we cover some of the most important considerations.

Fire Protection

Fire protection has a longer history than many of the topics discussed in this book, and although the traditional considerations concerning preventing fires and fire damage still hold true, the presence of sensitive computing equipment requires different approaches to detection and prevention, which we discuss next.

Fire Detection

Several options are available for fire detection.

Security professionals should be familiar with the following basic types of fire detection systems:

• Smoke-activated sensor: Operates using a photoelectric device to detect variations in light caused by smoke particles.

• Heat-activated sensor (also called heat-sensing sensor): Operates by detecting temperature changes. These systems can either alert when a predefined temperature is met or alert when the rate of rise is a certain value.

• Flame-actuated sensor: Operates by “looking at” the protected area with optical devices. They generally react faster to a fire than nonoptical devices do.

Fire Suppression

Although fire extinguishers (covered in Chapter 1) are a manual form of fire suppression, other more automated systems also exist.

Security professionals should be familiar with the following sprinkler system types:

• Wet pipe extinguisher: This system uses water contained in pipes to extinguish the fire. In some areas, the water might freeze and burst the pipes, causing damage. These extinguishers are also not recommended for rooms where equipment will be damaged by the water.

• Dry pipe extinguisher: In this system, the water is not held in the pipes but in a holding tank. The pipes hold pressurized air, which is reduced when fire is detected, allowing the water to enter the pipe and the sprinklers. This structure minimizes the chance of an accidental discharge.

• Preaction extinguisher: This system operates like a dry pipe system except that the sprinkler head holds a thermal-fusible link that must be melted before the water is released. This is currently the recommended system for a computer room.

• Deluge extinguisher: This system allows large amounts of water to be released into the room, which obviously makes this not a good choice where computing equipment will be located.

At one time, fire suppression systems used Halon gas, which works well by suppressing combustion through a chemical reaction. However, these systems are no longer used because they have been found to damage the ozone layer.

Current EPA-approved replacements for Halon include

• Water

• Argon

• NAF-S-III

Another fire suppression system that can be used in computer rooms that will not damage computers and is safe for humans is FM-200.

Power Supply

The power supply is the lifeblood of the enterprise, its IT systems, and all of its equipment. Here, we look at common power issues and some of the prevention mechanisms and mitigation techniques that will allow the company to continue to operate when power problems arise.

Types of Outages

When discussing power issues, security professionals should be familiar with the following terms:

• Surge: A prolonged high voltage

• Brownout: A prolonged drop in power that is below normal voltage

• Fault: A momentary power outage

• Blackout: A prolonged power outage

• Sag: A momentary reduction in the level of power

However, possible power problems go beyond partial or total loss of power. Power lines can introduce noise and interfere with communications in the network. In any case where large electric motors or sources of certain types of light, such as fluorescent lighting, are present, shielded cabling should be used to help prevent radio frequency interference (RFI) and electromagnetic interference (EMI).

Preventive Measures

Procedures to prevent static electricity from damaging components should be observed. Some precautions to take are

• Use antistatic sprays.

• Maintain proper humidity levels.

• Use antistatic mats and wrist bands.

To protect against dirty power (sags and surges) and both partial and total power outages, the following devices can be deployed:

• Power conditioners: Go between the wall outlet and the device and smooth out the fluctuations of power delivered to the device, protecting against sags and surges.

• Uninterruptible power supplies (UPSs): Go between the wall outlet and the device and use a battery to provide power if the source from the wall is lost. UPSs also exist that can provide power to a server room.

Equipment Physical Security

The physical security of the equipment is stressed throughout this book. Here, we discuss corporate procedures concerning equipment and media and the use of safes and vaults for protecting other valuable physical assets. IT systems are not the only physical assets.