ICS Short notes

Viraj Dissanayake

 Lecture 1

Key objectives of computer security – Confidentiality, Integrity, Availability

Confidentiality – make sure to allow only authorized parties to access data/information (Privacy &
confidentiality are not the same. Privacy comes under confidentiality and it only protect personal
data/information)

Integrity – (Ensure nonrepudiation) unauthorized parties can’t modify/destruct data/information. two

type of integrity. Data integrity and system integrity (Nonrepudiation - assurance that someone cannot
deny authonticity). Authenticity is a part of integrity

Availability – make sure that the service is available for authorized parties

System resources (assets) – Software, Hardware, data, networks

Vulnerability – A weakness (flaw, bug) in a system

Threat – The possible danger of a vulnerability gets exploited

Attack – A threat in action. Two type (active attacks- alter system information | passive attacks- doesn’t
alter information)

- Attack can origin in two ways (Inside attack, outside attack)

The person who does the attack is known as Threat agent (adversary)

Risk – expected loss due to an attack

RFC 2828

Unauthorized disclosure – A threat to system confidentiality

Deception – A threat to system integrity

Disruption – A threat to system availability & integrity

Usurpation – A threat to system integrity

Two types of passive attacks – Release of message content, traffic analysis

To prevent passive attacks, we use attack prevention security implementation

Three types of Information security controls

1. Logical(Technical) control – (Eg: Encryption, access control)

2. Physical control – (Eg: CCTV, alarms, security doors/gates)
3. Administrative control – (Eg: Policies, protocols)

Security strategy aspects

1. Specification(policy)
2. Implementation(mechanism)
3. Correctness (assurance)

Security implementation

Prevention – Always Eliminate the attack (not always possible)

Detection – If prevention failed, need to detect the attack (Intrusion detection systems)

Response – If the attack got detected, then we have to response for that.

Recovery – If the attack detection failed, which means we got attacked, we need to have a way to
recover the system as it was (Keeping backups)

 Lecture 2

Key objectives of secure communication - Confidentiality, Integrity, Authentication

Authentication – make sure message is sent by the original sender

Cryptography – study of hiding information

Components of cryptography - Confidentiality, Integrity, Authentication

Cipher – Encryption + Decryption

Methods of creating cipher text

Transposition – Change the order(rearrange) of the text pattern (Eg: Scytale, Rail fence, DES, 3DES)

Substitution – Substitute(replace) letters with different letters (Caesar, Vigenere cipher)

Two types of substitutions – mono alphabetic substitution (The key consists one character (key=3))

- Poly alphabetic substitution (The key consists multiple characters

(key=Athma))

Onetime pad – The key can be used only for a one time. One-time pad immune to cipher text attacks
Two types of cipher

1. Symmetric cipher – both parties use same key to encrypt and decrypt (key need to be shared)
2. Asymmetric cipher – use one key to encrypt and use another key to decrypt

Symmetric cipher is faster, less secure

Asymmetric cipher slower, more secure

DES and AES / Rijndael are symmetric ciphers. RSA and Diffie-Hellman are asymmetric ciphers.

Two types of Symmetric cipher

1. Block cipher
2. Stream cipher

Block cipher example

Think that you need to encrypt your name,

 Athma Dulangi Rathnayake
In block cipher it takes the first block and encrypt it first. The first block is Athma, it encrypts
Athma. Then it encrypts the second block. The second block is Dulangi. Finally, the third block
Rathnayake will be encrypted.

Key size – If key = 101, key size = 3 (number of bits for the key)
Key space – 2Key size (if key size is 3, then key space= 23)
Stream cipher example

Let’s assume the binary value of Athma is 1001101. The key is 1101001 (key will be given in the
exam)
To encrypt, perform the XOR opration.

1001101 (Binary value of plain text (Athma))

⊕ (XOR)
1101001 (Key)
-------------
0100100 (Cipher text)
-------------

Methods for cracking code

1) Brute force method – Attacker tries every possible key for the decryption algorithm.

Solution – Having a large key space

2) Cipher text only attack – Attacker use statistical analysis to crack the key (Attacker doesn’t know
the plain text. He has cipher text of several messages which uses same encryption.)

Solution – pseudorandom outputs

3) Known plain text attack – Attacker use brute force attack (attacker has information of the plain
text and has cipher text of several messages)

Solution – Having a large key space

4) Chosen plain text attack – Attacker observe the cipher text output

This attack is not practical because the it’s impossible to capture both plain
text and cipher text

5) Chosen cipher txt attack - Attacker chooses different cipher text to be decrypted and has access
to the decrypted plaintext

This attack is not practical because the it’s impossible to capture both plain
text and cipher text

6) Meet in the middle – A known plain text attack.

Best method use for the cracking code is the brute force attack
 Cryptology = cryptography(developing codes) + cryptanalysis(breaking codes)

Security of encryption depends on the secrecy of the keys, not on the

algorithm

Cryptographic hash – a one-way mathematical function

Hashing protects integrity and authentication

Hash functions are used to detect only unintentional change of data

Applications of cryptographic hash function

Nonrepudiation
Authentication protocols (PPP CHAP)
Message integrity check proof
Confirming download files have not altered

Hash functions are vulnerable to man in the middle attacks

Well known hash functions

1. MD5 (use 128-bit digest)

2. SHA256 (use 256-bit digest)
Purpose of salt value - To prevent rainbow table attacks and dictionary attacks

Hash message authentication code(HMAC) - Use hash function to calculate a message authentication
code. Has a secret key. The key makes assurance of authentication and integrity. Output depends on
input and the secret key.

Cryptographic strength of the HMAC depend on size of the key and size of the hash output

Well known HMAC Functions

1. Keyed MD5 or HMAC-MD5 (Based on MD5)

2. Keyed SHA-1 or HMAC-SHA-1 (Based on SHA1)

 Inference is a way to infer or derive sensitive data from nonsensitive data

 A subject is said to have a security clearance of a given level; an object is said to have a security
classification
 When multiple categories or levels of data are defined, the requirement is referred to as
multilevel security
 Trusted computer system
 A system that employs sufficient hardware and software assurance measures to allow its use for
simultaneous processing of a range of sensitive or classified information
 Access Control: The prevention of unauthorized use of a resource, including the prevention of
use of a resource in an unauthorized manner
 Discretionary access control (DAC) is a type of security access control that grants or restricts
object access via an access policy determined by an object's owner group and/or subjects
 Authentication: Verification that the credentials of a user or other system entity are valid
 Authorization: The granting of a right or permission to a system entity to
access a system resource. This function determines who is trusted for a given purpose