Data Protection and Cryptography Techniques, Exams of Data Mining

An overview of various data protection and cryptography techniques used to secure sensitive information. It covers topics such as data ownership, data states, protective measures, and different cryptographic methods like encryption, hashing, masking, and tokenization. The document also discusses data sovereignty laws, access restrictions, and data loss prevention systems. It delves into the details of symmetric and asymmetric encryption, including algorithms like diffie-hellman, rsa, and elliptic curve cryptography (ecc). Additionally, it explores variants of ecc, such as ecdh, ecdhe, and ecdsa, as well as hashing techniques and their associated concepts like key stretching and salting. This comprehensive guide offers valuable insights into the complex world of data security and the tools and strategies employed to protect sensitive information.

Typology: Exams

2023/2024

Available from 09/17/2024

Emma_Johnson
Emma_Johnson 🇬🇧

2.1K documents

1 / 19

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Fundamentals Of Data Communication
Questions and Answers For Guarantee Pass
Data Classification - Solution Based on the value to the organization and
the sensitivity of the information, determined by the data owner
Sensitive Data - Solution • Information that can result in the loss of security
or competitive advantage for a company
• Over classifying data leads to protecting all data and resource
mismanagement
Why is Data Classification important? - Solution • Helps allocate
appropriate protection resources
• Prevents over-classification to avoid excessive costs
• Requires proper policies to identify and classify data accurately
What are some commercial business classification levels? - Solution 1.
Public: no impact if released, often publicly accessible data
2. Sensitive: minimal impact, financial data
3. Private: contains internal PII
4. Confidential: trade secrets, intellectual property, source code, IP
5. Critical: extremely valuable and restricted information
What are some government classification levels? - Solution 1.
Unclassified: releasable to public, under Freedom of Information Act
2. Sensitive but Unclassified: medical records, PII but not national security
3. Confidential: affect the government if unauthorized disclosure happens
4. Secret: data that could seriously damage national security, military
deployment plans, defensive postures
5. Top Secret: highest level, highly sensitive national security information
Data Ownership - Solution Process of identifying the individual responsible
for maintaining the confidentiality, integrity, availability, and privacy of
information assets
Data Owner - Solution • A business entity responsible for creating this
information with each owner being assigned to their own department
• Senior executive responsible for labeling information assets with
appropriate controls
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13

Partial preview of the text

Download Data Protection and Cryptography Techniques and more Exams Data Mining in PDF only on Docsity!

Fundamentals Of Data Communication

Questions and Answers For Guarantee Pass

Data Classification - Solution Based on the value to the organization and the sensitivity of the information, determined by the data owner Sensitive Data - Solution • Information that can result in the loss of security or competitive advantage for a company

  • Over classifying data leads to protecting all data and resource mismanagement Why is Data Classification important? - Solution • Helps allocate appropriate protection resources
  • Prevents over-classification to avoid excessive costs
  • Requires proper policies to identify and classify data accurately What are some commercial business classification levels? - Solution 1. Public: no impact if released, often publicly accessible data
  1. Sensitive: minimal impact, financial data
  2. Private: contains internal PII
  3. Confidential: trade secrets, intellectual property, source code, IP
  4. Critical: extremely valuable and restricted information What are some government classification levels? - Solution 1. Unclassified: releasable to public, under Freedom of Information Act
  5. Sensitive but Unclassified: medical records, PII but not national security
  6. Confidential: affect the government if unauthorized disclosure happens
  7. Secret: data that could seriously damage national security, military deployment plans, defensive postures
  8. Top Secret: highest level, highly sensitive national security information Data Ownership - Solution Process of identifying the individual responsible for maintaining the confidentiality, integrity, availability, and privacy of information assets Data Owner - Solution • A business entity responsible for creating this information with each owner being assigned to their own department
  • Senior executive responsible for labeling information assets with appropriate controls

Data Controller - Solution Entity responsible for determining data storage, collection and usage purposes and methods, ensuring the legality of these processes within responsibility Data Processor - Solution A group or individual hired by the data controller to assist with tasks like data collection and processing Data Steward - Solution Focuses on data quality and metadata, appropriate labeling and classification, often working under the data owner Data Custodian - Solution Responsible for managing the systems on which data assets are stored, including enforcing access control, encryption, and backup measures, example: system administrator Privacy Officer - Solution • Oversees privacy-related data, personally identifiable information (PII), sensitive personal information (SPI), protected health information (PHI), ensuring compliance with legal and regulatory frameworks

  • On hook for data breaches
  • Compliance PII - Solution Personally Identifiable Information SPI - Solution Sensitive Personal Information PHI - Solution Protected Health Information Data Ownership responsibility - Solution • IT dept should not be data owner
  • Data owners should be individuals from business who understand the data's content and can make informed decision about classification Selection of Data Owners - Solution • Designated within respective departments based on their knowledge and its significance within the org What are the states of data? - Solution • Data at Rest
  • Data in Transit
  • Data in Use
  1. Secure Enclaves: isolated environments for processing sensitive data
  2. Mechanisms like INTEL Software Guard: encrypts data in memory to prevent unauthorized access Data Types - Solution • Regulated Data: PII, PHI
  • Trade Secrets
  • Intellectual Property (PI)
  • Legal Information
  • Financial Information
  • Human-Readable Data
  • Non-Human-Readable Data What is Regulated Data? - Solution • Controlled by laws, regulations, industry standards
  • Compliance requirements: GDPR, HIPAA
  • PII
  • PHI GDPR - Solution • General Data Protection Regulations
  • Protects EU citizens' data within EU and EEA borders
  • Compliance required regardless of data location
  • Non-compliance leads to significant fines HIPAA - Solution Health Insurance Portability and Accountability Act PII - Solution • Personal Identification Information
  • Information used to identify an individual
  • example: social security number, name, address... PHI - Solution • Protected Health Information
  • Information about health status, healthcare provision, payment linked to specific individual
  • Protected by HIPAA What is Trade Secret? - Solution • Confidential business information giving competitive edge
  • Legally protected, unauthorized disclosure results in severe legal penalties What is IP? - Solution • Intellectual Property
  • Creation of the mind, invention, designs, literary works
  • Protected by patents, copyrights, trademarks to encourage innovation
  • Unauthorized use can lead to legal action What is Legal Information? - Solution • Data related to legal proceedings, contracts, regulatory compliance
  • Required high-level protection for client confidentiality and legal privilege What is Financial information? - Solution • Data related to financial transactions, sales records, tax documents, bank statements
  • Targeted by cyber criminals for fraud and identity theft
  • Subjected to PCI DSS PCI DSS - Solution Payment Card Industry Data Security Standard What is Human-Readable Data? - Solution Understandable directly by humans What is Non-Human-Readable Data? - Solution • Requires machine or software to interpret such as binary code, machine language
  • Contains sensitive information and requires protection Data Sovereignty - Solution • Digital information subject to laws of the country where it is collected or processed and located
  • Gained importance with cloud computing's global data sotorage
  • Geographical Consideration: geographical location of data storage and processing can significantly impact business Data Sovereignty Laws - Solution • China, Russia
  • Require data storage and processing within national borders
  • Challenge for multinational companies and cloud services Access Restrictions - Solution Cloud services may restrict access from multiple geographic locations What are the methods of securing data? - Solution 1. Geographic Restrictions
  1. Encryption
  2. Hashing
  3. Masking
  • Reduce risk of internal data breaches Data Loss Prevention (DLP) - Solution • Set up to monitor data in use, in transit, or at rest to detect and prevent data theft
  • Software and hardware systems Types of DLP Systems - Solution • Endpoint DLP System
  • Network DLP System
  • Storage DLP System
  • Cloud-Based DLP System Endpoint DLP System - Solution • Installed as software on workstations or laptops
  • Monitors data in use on individual computers
  • Can prevent or alert on file transfers based on predefined rules
  • Can be set to detection mode or prevention mode Network DLP System - Solution • Software or hardware placed at the network perimeter
  • Focuses on monitoring data entering and leaving the network
  • Detects unauthorized data leaving the network Storage DLP System - Solution • Installed on a server in the data center
  • Inspects data at rest, especially encrypted or watermarked data
  • Monitors data access patterns and flags policy violations Cloud-Based DLP System - Solution • Offered as a software as a service solution like Google Drive
  • Protects data stored in cloud services Configuring DLP, Data Loss Prevention - Solution • Google Suite - Security - Access and data control - Data Protection
  • Gmail - Content Compliance Cryptography - Solution Practice and study of writing and solving codes to hide the true meaning of the information Encryption - Solution Process of converting plaintext into ciphertext Cipher - Solution An algorithm that performs the encryption or decryption

Key - Solution • Essential piece of information that determine the output of a cipher

  • Length of a key is proportional to the level of security it provides Symmetric Encryption - Solution • 100 to 1000 times faster than asymmetric
  • Uses a single key for both encryption and decryption
  • Often referred to as private key encryption
  • Requires both sender and receiver to share the same secret key
  • Offers confidentiality but lacks non-repudiation
  • Challenges with key distribution in large-scale usage - more people shares the key Asymmetric Encryption - Solution • Overcomes the key distribution challenge of symmetric encryption
  • Uses two separate keys: public key for encryption and private key for decryption
  • Aka Public Key Cryptography
  • No need for shared secret keys
  • Commonly used algorithms include Diffie-Hellman, RSA, and Elliptic Curve Cryptography (ECC)
  • Slower compared to symmetric encryption but solves key distribution challenges Hybrid Approach - Solution • Combines both symmetric and asymmetric encryption for optimal benefits
  • Asymmetric encryption used to encrypt and share a secret key
  • Symmetric encryption used for bulk data transfer, leveraging the shared secret key
  • Offers security and efficiency Stream Cipher - Solution • Encrypts data bit-by-bit or byte-by-byte in a continuous stream
  • Uses a keystream generator and exclusive XOR function for encryption
  • Suitable for real-time communication data streams like audio and video
  • Often used in symmetric algorithms
  • Implemented in hardware solution
  • Widely adopted and considered the encryption standard for sensitive unclassified information
  • Created to replace DESs by National Institute of Standard and Technology
  • Known as PGP "Pretty good privacy" Blowfish - Solution • Block and Symmetric
  • Ranging from 32 to 448-bits
  • Developed as alt for DES but NOT widely adopted
  • Open source Twofish - Solution • Block and Symmetric
  • 128, 192, or 256-bits
  • 128-bit block size
  • Open source What are RC Cipher Suite? - Solution • RC4, RC5, RC
  • Created by cryptographer Ron Rivest RC4 - Solution • Stream and Symmetric
  • Keys from 40 to 2048-bits
  • Used in SSL and WEP (wireless network) RC5 - Solution • Block and Symmetric
  • Keys up to 2048-bits RC6 - Solution • Block and Symmetric
  • DES replacement How does Asymmetric Algorithms work? - Solution 1. Confidentiality with Public Key: encrypt data using the receiver's public key and can be decrypted using corresponding private key
  1. Non-Repudiation with Private Key: encrypt data using the sender's private key and can be decrypted using sender's public key
  2. Digital Signature: create hash digest, encrypt the hash digest with the sender's private key, encrypt the message with receiver's public key What is Digital Signature? - Solution A hash digest of a message encrypted with the sender's private key to let the recipient know the document was created and sent by the person claiming to have sent it.
  • ensures message integrity, non-repudiation, and confidentiality What are common Asymmetric Algorithms? - Solution • Diffie-Hellman
  • RSA (Ron Rivest, Adi Shamir, Leonard Adleman)
  • ECC: Elliptic Curve Cryptography Diffie-Helman - Solution • Asymmetric Algorithm
  • Use key exchange and secure key distribution in public channel
  • Vulnerable to "On-Path" or "Man-in-the-middle" attacks
  • Requires authentication
  • Commonly used in VPN tunnel establishment, IPSec, key exchange of any kind RSA - Solution • Ron Rivest, Adi Shamir, Leonard Adleman
  • Asymmetric Algorithm
  • example: Google Authenticate, one-time key
  • Use for key exchange, encryption, digital signature
  • Mathematical difficulty of factoring large prime numbers, from 1024 to 4096-bits
  • Widely used in orgs and multi-factor authentication ECC - Solution • Elliptic Curve Cryptography
  • Asymmetric Algorithm
  • Algebraic structure of elliptical curves
  • Commonly used in mobile devices and lower-power computing
  • 6x efficient than RSA for equivalent security, ECC 256-bit = RSA 2048-bit What are variants of ECC? - Solution • ECDH: Elliptic Diffie-Hellman
  • ECDHE: Elliptic Curve Diffie-Hellman Ephemeral
  • ECDSA: Elliptic Curve Digital Signature Algorithm ECDH - Solution • Elliptic Diffie-Hellman
  • ECC version of the popular Diffie-Hellman
  • Key exchange protocol ECDHE - Solution • Elliptic Curve Diffie-Hellman Ephemeral
  • Uses different key for each portion of the key establishment process inside the DH key exchange ECDSA - Solution • Elliptic Curve Digital Signature Algorithm
  • 160-bit (most common), 256-bit, 320-bit HMAC - Solution • Hashing Algorithm
  • Check integrity and authenticity
  • HMAC-MD5, HMAC-SHA1, HMAC-SHA256 (SHA-2) What are common use of Hashing? - Solution • Digital Signature What are common digital signature algorithms? - Solution • DSA: Digital Security Algorithm
  • RSA: Rivest-Shamir-Adleman DSA - Solution • Digital Security Algorithm
  • Digital Signature Algorithm
  • Uses 160-bit message digest created by DSS (Digital Security Standard) DSS - Solution • Digital Security Standard
  • Relies upon a 160-bit message digest created by digital security algorithm RSA - Solution • Rivest-Shamir-Adleman
  • Digital Signature Algorithm
  • Supports digital signatures, encryption, and key distribution
  • Widely used in various apps and code signing such as app stores What are common hashing attacks? - Solution • Pass the Hash Attack
  • Birthday Attack Pass the Hash Attack - Solution • Using the hash as the password, attacker authenticates through a remote server or service by using the underlying hash of a user's password
  • hash itself is obtained by the attacker to impersonate the user without cracking the password
  • difficult to defend against due to various Windows vulnerabilities and application
  • tool example: Mimikatz What is Mimikatz? - Solution • Penetration tools
  • Notably used for "Pass the hash Attack"
  • Provides the ability to automate the process of harvesting the hashes and conducting an attack using it

How can "Pass the Hash Attack" be mitigated? - Solution • Ensure trusted OS

  • Proper Windows domain trust
  • Patching, Updates
  • Multi-factor authentication
  • Access Control/Least Privilege Birthday Attack - Solution • Hashing attack that targets collision to identify the same hash digest
  • Collisions in hashes can be exploited by attackers to bypass authentication system
  • Birthday Paradox, most likely group being the birthdays How can "Birthday Attack" be mitigated? - Solution • Use longer hash output (SHA-256) to reduce collisions and mitigate the attack What are methods used to increase Hash Security? - Solution • Key Stretching
  • Salting
  • Nounces
  • Limiting Failed Login Attempts Key Stretching - Solution • Technique used to mitigate hashing attack by creating longer, secure keys (min. 128-bits)
  • Increases the time needed to crack the key
  • Commonly used in Wi-Fi protected access, Wi-Fi protected access version 2, and Pretty Good Privacy Salting - Solution • Adds random data aka Salt to passwords before hashing
  • Distinct hash outputs for the same password due to different salts
  • Reduces effectiveness of Dictionary Attacks, Brute-force Attacks, and Rainbow Tables What is Dictionary Attack? - Solution When an attacker tries every word from a predefined list What is Brute-force Attack? - Solution When an attacker tries every possible password combination

Public Key Cryptography - Solution • Refers to the encryption and decryption process using public and private keys

  • A part of the overall PKI architecture Certificate Authorities - Solution • Issues digital certificates and keeps the level of trust between all of the certificate authorities and the world
  • Essential for PKI system Key Escrow - Solution • Storage of cryptographic keys in a secure, third- party location
  • Enable key retrieval in cases of key loss or for legal investigations
  • In PKI, key escrow ensures that encrypted data is not permanently inaccessible, and useful when org lose access to their encryption keys What are some security concerns of Key Escrow? - Solution • Malicious access to escrowed keys could lead to data decryption
  • Requires stringent security measures and access controls Digital Certificates - Solution • Digitally signed electronic documents
  • Bind a public key with a user's identity
  • Used for individual, servers, workstations, devices
  • X.509 Standard What is X.509 Standard? - Solution • Common standard for digital certificates within PKI
  • Certificate authority details, public keys What are types of Digital Certificates? - Solution • Wildcard Certificate
  • SAN: Subject Alternate Name
  • Single-Sided and Dual-Sided Certificates
  • Self-Signed Certificates
  • Third-Party Certificates Wildcard Certificate - Solution • Allows multiple subdomains to use the same certificate
  • Compromise affects all subdomains
  • Easy management
  • Cost-effective for subdomains SAN field - Solution • Subject Alternate Name field
  • Specifies what additional domains and IP addresses are going to be supported
  • Don't have the same root domain Single-Sided Certificate - Solution • Only requires the server to be validated Dual-Sided Certificate - Solution • Validates both servers
  • High security
  • Requires more processing power Self-Signed Certificate - Solution • Signed by the same entity whose identity it certifies
  • Encryption without third-party trust
  • Used in testing or closed systems (dev env) Third-Party Certificate - Solution • Issued and signed by trusted certificate authorities (CAs)
  • Trusted by browser and systme
  • Preferred for public facing websites Root of Trust - Solution • Highest level of trust in certificate validation
  • example: Verisign, Google
  • Forms a certification path for trust Certificate Authority (CA) - Solution • Trusted third-party that issues digital certificates
  • Certificates contain CA's information and digital signature
  • Validates and managers certificates Registration Authority (RA) - Solution • Requests identifying information from the user and forwards certificate request up to the CA to create digital certificate
  • Collects user information for certificates
  • Assists certificate issuance process Certificate Signing Request (CSR) - Solution • A block of encoded text with information about the entity requesting the certificate
  • Includes the public key
  • Private key remains secure with the requester

Blockchain - Solution • Shared immutable ledger for transactions and asset tracking

  • Essentially a really long series of information with each block containing information in it
  • Each block has the hash for the block before it Block Structure - Solution • Chain of blocks includes previous block's hash, timestamp, root transaction, hashes of individual transactions
  • Blocks are in chronological order Public Ledger - Solution • Secure and anonymous record-keeping system
  • Maintains participants' identities
  • Tracks cryptocurrency balances
  • Records all genuine transactions in a network Where can blockchain be used? - Solution • Smart Contracts
  • Commercial Uses
  • Supply Chain Management Smart Contracts - Solution • Self-executing contracts with code-defined terms
  • Execute actions automatically when conditions are met
  • Transparent, tamper-proof, and trust-enhancing Commercial Use of Blockchain - Solution