Scribd
Upload
25 views

05.best Practices

The document discusses various topics related to information security including on-the-fly disk encryption, encryption algorithms like ECB, CBC, CFB, one-time passwords and HMAC-based one-time passwords, and multi-level security. It also provides descriptions and details about these topics.

Uploaded by

NURRUL ISMAIL
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
25 views

05.best Practices

The document discusses various topics related to information security including on-the-fly disk encryption, encryption algorithms like ECB, CBC, CFB, one-time passwords and HMAC-based one-time passwords, and multi-level security. It also provides descriptions and details about these topics.

Uploaded by

NURRUL ISMAIL
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

FUNDAMENTAL

OF INFORMATION
SECURITY
Best Practices
Content

ON-THE-FLY DISK ENCRYPTION ELECTRONIC CODE BOOK (ECB), ONE-TIME PASSWORD (OTP),
(OTFE) CIPHER BLOCK CHAINING (CBC), HMAC-BASED ONE-TIME
CIPHERTEXT FEEDBACK (CFB) PASSWORD (HTOP)
Best Practices in
Information Security

Kredit:https://www.it.ucsb.edu/password-best-practices
12 Top Tips for Information Security

Credit: https://www.contextis.com/us/blog/12-top-tips-for-cyber-security
Credit: https://www.contextis.com/us/blog/12-top-tips-for-cyber-security
Credit: https://www.contextis.com/us/blog/12-top-tips-for-cyber-security
Credit: https://www.contextis.com/us/blog/12-top-tips-for-cyber-security
Also known as “Live encryption, “transparent
encryption”, “real-time encryption”

When you open a file from the safe, the data is


decrypted instantly. When you save it back, the file is
re-encrypted automatically (on-the-fly).

ON-THE-FLY DISK ENCRYPTION


(OTFE)
ON-THE-FLY DISK ENCRYPTION (OTFE)
• One of the major advantages that a live-encryption program has over
a classic file encryption program is that you don’t have to remember
to re-encrypt the files you work with after you’re done.
• Live-encryption programs are the next generation of encryption
programs.
• Used in situations when you want the encryption process to be totally
transparent
ELECTRONIC CODE BOOK (ECB)
• A mode of operation for a block cipher
• With the characteristic that each possible block of plaintext has a
defined corresponding ciphertext value and vice versa.
• Has the ability to support a separate encryption key for each block
type.
CIPHER BLOCK CHAINING (CBC)
• In CBC mode, each block of plaintext is XORed with the previous
ciphertext block before being encrypted.
• This way, each ciphertext block depends on all plaintext blocks
processed up to that point.
• To make each message unique, an initialization vector must be used in
the first block.
CIPHERTEXT FEEDBACK (CFB)
• The cipher feedback (CFB) mode, a close relative of CBC, makes a
block cipher into a self-synchronizing stream cipher.
• Operation is very similar
• CFB decryption is almost identical to CBC encryption performed in
reverse
ONE-TIME PASSWORD (OTP)
• Also known as one-time pin or dynamic password
• A password that is valid for only one login session or transaction, on a
computer system or other digital device.
• The most important advantage that is addressed by OTPs is that, in
contrast to static passwords, they are not vulnerable to replay attacks.
• OTP systems also aim to ensure that a session cannot easily be
intercepted or impersonated without knowledge of unpredictable data
created during the previous session, thus reducing the attack surface
further.
HOW OTPS ARE GENERATED AND DISTRIBUTED
• OTP generation algorithms typically make use of randomness
• Various approaches for the generation of OTPs are listed below:
Based on time-synchronization between the authentication server and the
client providing the password (OTPs are valid only for a short period of time)
Using a mathematical algorithm to generate a new password based on the
previous password (OTPs are effectively a chain and must be used in a
predefined order).
Using a mathematical algorithm where the new password is based on a
challenge (e.g., a random number chosen by the authentication server or
transaction details) and/or a counter.
Methods of delivering the OTP

A common technology used


Phones for the delivery of OTPs is text
messaging.

Authentication-as-a-service
providers offer various web-
Web-
based methods for delivering based
one-time passwords without
the need for tokens. methods
HMAC-BASED ONE-TIME PASSWORD (HTOP)
• Is a one-time password (OTP) algorithm based on hash-based
message authentication codes (HMAC)
• Also known as Event-based OTP
• The original One-Time Password algorithm and relies on two pieces of
information
• The first is the secret key, called the "seed", which is known only by the token
and the server that validates submitted OTP codes.
• The second piece of information is the moving factor which, in event-based
OTP, is a counter.
HOTP is calculated by first creating an HMAC hash from the seed and
counter. The result output is too long though, it’s a 160-bit long string. Thus,
next, it is shortened to a reasonable 6 or 8 digits, which is the OTP displayed
on the token.
Multi Level Security

Kredit:https://www.it.ucsb.edu/password-best-practices
MULTI LEVEL SECURITY
• The application of a computer system to process information with:
a) Incompatible classifications (i.e., at different security levels)
b) Permit access by users with different security clearances
c) Needs-to-know and prevent users from obtaining access to information for
which they lack authorization.
• There are two contexts for the use of multilevel security:
A system that is adequate to protect itself from subversion and has robust
mechanisms to separate information domains, that is, trustworthy
An application of a computer that will require the computer to be strong
enough to protect itself from subversion and possess adequate mechanisms
to separate information domains, that is, a system we must trust.
TRUSTED OPERATING SYSTEMS
• An OS which has been tested by Common Criteria labs’ based to the
ISO /IEC 15408 criteria and passed the test to call certified to be a
Secure OS.
• Trusted Operating System (TOS)generally refers to an operating
system that provides sufficient support for multilevel security and
evidence of correctness to meet a set of government requirements.
An OS IS TRUSTED if it can provide:
1. Memory Protection
2. File Protection
3. User Authentication
4. Policy
5. Identification and Authentication

You might also like