




























































































Studia grazie alle numerose risorse presenti su Docsity
Guadagna punti aiutando altri studenti oppure acquistali con un piano Premium
Prepara i tuoi esami
Studia grazie alle numerose risorse presenti su Docsity
Prepara i tuoi esami con i documenti condivisi da studenti come te su Docsity
Trova i documenti specifici per gli esami della tua università
Preparati con lezioni e prove svolte basate sui programmi universitari!
Rispondi a reali domande d’esame e scopri la tua preparazione
Riassumi i tuoi documenti, fagli domande, convertili in quiz e mappe concettuali
Studia con prove svolte, tesine e consigli utili
Togliti ogni dubbio leggendo le risposte alle domande fatte da altri studenti come te
Esplora i documenti più scaricati per gli argomenti di studio più popolari
Ottieni i punti per scaricare
Guadagna punti aiutando altri studenti oppure acquistali con un piano Premium
Introduction to cybersecurity (risk estimation and risk management, main attacks, secuirty properties), cryptography (symmetric and asymmetric crypto, digest, key-digest, PKC), authentication processes (CRA, OTP, Kerberos, FIDO), security in IP (IPsec, RADIUS, PAP, CHAP, EAP) networks and application layer (TLS), security in e-mails, firewalls.
Tipologia: Appunti
1 / 121
Questa pagina non è visibile nell’anteprima
Non perderti parti importanti!





























































































It’s inevitable that many risks will be identified. So you need to prioritize them keeping into account not only the impact but also the available time and budget. It’s important to prioritize risks as you have a fixed time and money and try to maximize the number of risks covered. In order to do that, it is possible to create a risk assessment matrix (or risk heat map) where colours of the matrix depends on the rule that you decide and indicate how the risk can damage.
After the analysis of the security (asset, vulnerabilities and threats), there is the management of the security which count to select countermeasures, implement countermeasures and audit the system. The audit (the verification) of the system has to be done by a person who is not into the project.
When should I consider the risk while creating a new system? In every step of the creation.
Some terminology:
Security tool updated: for example IDS is an alarm that tell you when something is happening so that you can switch off the device. How long is the window of exposure? Patch Tuesday is the second Tuesday of the month, which is the day where companies release patch in stock. Than, there’s the Exploit
Wednesday where hackers know about the problem (from the patch) and create an automatic scan for the devices, so that they can attack devices that they still haven’t updated. In general this window can be a vary variable length.
There are many organizations, like ZDI (Zero Day Initiative) which disclosure responsibly the error they find with the phylosophy: ”knowing the problem is better than ignoring”. This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline. They follow some specific ways of working, that’s a real example:
There are three main components:
1.7.1 Motivations and threat actors
The motivations are bounded to MICE:
About the actors:
where CaaS, Crime as a Service, is a service that you can buy and APT is a software which is silently located in a device, most of the time done my nation-state.
Now imagine if I can’t modify or delete any data from the communication and data are encrypted (data are hidden and it’s impossible to understand them). What it is possible to do? We can try changing some data randomly, but then we don’t know what could happen. So I can let the data pass, but I wait till the message arrive to the receiver and I make a copy of that message. Now, I can replay the message again and again. This kind of attack is called replay attack. That’s the same principle of the car attack: when you open the car, it is possible to copy that signal and then replay it when you are gone so I can open the car.
For each security property consider always the three cases of data protection:
But, where is the enemy? It can be
We say that the enemy can be:
Then he can be a passive attacker if he can only read data/traffic or an active attacker if he can read but also modify, delete or create data/traffic. The basic problems is that networks are insecure, that is that most communications are made in clear, LANs operate in broadcast and geographical connections are not made through end-to-end dedicated lines but through shared lines o third-party routers. Other problems are weak user authentication (normally password-based), no server authentication and software contains many bugs.
1.12.1 IP spoofing
The IP spoofing or masquerading is an attack where the enemy forge a new source network address so as not to be recognised. Typically the level 3 (IP) address is forged, but it’s convenient to change also the level 2 address (e.g. ETH) because modifying just the level 3 it is possible to know from which place the attack come from. So the attack is about data forging and unauthorized access to systems. The countermeasure is to never use address-base authentication because, for security, address are not reliable information.
1.12.2 Packet sniffing (eavesdropping)
This attack permit the attacker to read the packets (password, data, etc.) addressed to another network node. It is easy to do in broadcast networks or at the switching node. The countermeasures are to use non-broadcast network and encryption of packet payload. However, the problem, in this case, is that non-broadcast networks are impossible to obtain (it’s possible only if we connect with a wire 2 devices, in wireless it’s impossible): so that’s not the solution. You can protect the content (the payload) but not the header because you want to know were the packets are going or the system would not work anymore. However, that’s not safe 100% because I can in any case understand where the packets are going and so I can understand something about the situation or the data.
1.12.3 Denial-of-Service (DoS)
This attack keep the host busy so that it can’t provide its services: it can be done with email/log saturation, ping flooding (ping bombing) or SYN attack. There’s no way to block this attack, if not to monitor the connection to mitigate the effects. Remember:
1.12.6 Connection hijacking/MITM
This kind of attack, also known as data spoofing, is an attack where the attacker takes control of the communication channel deviating it, inserting, deleting and manipulating it. If u want to do that you have to be in the middle between the 2 hosts (MITM) either physically or logically. You can do it sending fake information to the host so that to convince it to be the right destination of the traffic. This kind of attack can be done also after peer authentication. So peer authentication is not enough, we need other properties like secrecy, data/origin authentication, integrity, serialization (is the data coming in the same order, or not, or some packet have been cancelled?).
1.12.7 Trojan
A trojan (horse) is a program that seems to be ok, which contains a dangerous payload (the most simple example is a generic cracked program). It is considered a malware vector, that is something transporting things for another one. Network is more protected than in the past, so now the attack is moving towards the terminals (MATE, MITB). There are many ways in which this kind of attack can be performed: starting from classic attack tools (like a keylogger as part of a game, that is a keyboard driver that record the keys you type, so as to recognise possible username/password) and modern ones like a browser extension. Another kind of attack is the overlay attack, that is a musk under a site so as to catch sensible data from the site on the musk (like bank password, etc.).
1.12.8 Zeus
Zeus (or Zbot) is the biggest botnet in the world. It can be used both directly or indirectly to load other malware. It is very difficult to discover and remove because it hides itself with stealth techniques and it has about 3.6M active copies just in the USA.
1.12.9 Software bugs
Even the best software contains bugs that can be used for various aims. An example was the WinNT server (3.51, 4.0): it happened that, while testing this server on the market, the TCP port 135 was open (release 3.51). So, with the service pack (SP) 3, Windows fixed the problem. But an attacker tried to see how it works now with this release the port. He installed the SP3 on the server attacker and sent a message to the 135 port. Now the server is not blocking. But it is responding back with an error saying that the pack sent is wrong. So the attacker, with attack spoofing, can use another NT server to redirect that answer (to this server, which is not the one that actually sent the packet). This machine will say that the packet is not wrong, the other one will respond the same, and so on, blocking both of the machines. With SP4, they solve this problem. The lesson is: you can’t respond to an attack.
1.12.10 Virus and Co. (malware)
and/or privacy. It may also contribute in consuming computing resources. It may be unwanted by the user even if it is installed with users’ consent.
Virus, worm and malware require complicity (may be involuntarily) from the user, the system manager or the producer. The possible countermeasures are user awareness, correct configuration/secure software and install antivirus and keep it updated. In black market there are temporary shops called vulnerability marketplace where it is possible to buy malicious codes. There are some people that develop software to make malware. This chain in called malware food chain. In order to avoid this phenomenon many companies guarantee a bug bounty (some money) to anyone who discover a bug. They create server with fake data to discover bugs and they release it in the market as a test server so that everyone can work on it. Another economic fraud which is often used is the one that uses a mule. A malware coder writes malicious software in order to enter in a computer and install a trojan to steal bank credential. But he is a clever guy, so he uses a mule. He sends, for example, an e-mail to a third person saying him ”Help me and I give you some money, you take 30% of the total, I take the 70%. The only thing you have to do is taking this money and sending me it at this bank account”. The third person will have 30% of the total but he will be also contacted by the police for this movement of money, while the attacker is safe and with his money. This third person, the one who is the bridge between the victim and the attacker is called mule. A ransomware is a malware oriented to get a ransom (riscatto). It can attack desktop and laptop (disk content made unreadable), but also table and smartphone (made unusable). The attack asks for a ransom to unblock it (not always). Sometimes he gives you only a little part of the data, asking for more money to the rest. They actually never give you back the whole data. In some cases, this attack is called ransomware-as-a-service or TOX malware, it is performed in the TOR anonymous network and he says that he is giving you the money back if you help him distributing the ransomware to the victims. How? Pen drive is the best way to distribute ransomware. So, never take a pen drive from places where a pen drive should not be in (streets, etc.).
1.12.11 Prevention against malware
How to prevent all this kind of attack? Backup is the minimum but efficient solution. However, how do you do a backup? Backup could be not enough. But how old is the backup? If it’s an old backup, it will be useless to recover data. There could be the possibility of a silent backup that doesn’t block the pc immediately, but encrypt the backup. So it’s important so read it first. Offline or network backup? Network backup is a backup linked to cloud for example, backup must be offline because the ransomware will attack also the network backup. You should also take it away from the source to avoid fire, flooding and earthquake. Try to take the backup from the far place to simulate the travel you have to do when something happen (if this travel is secure for the backup, it can happen that your car is a modern one and produce electromagnetic camps that can delete the content of a disk) and read it at least once a year. If an attack has been performed, you should know when it happened so to understand which is the right backup. Nowadays there are systems that protect the integrity that want a permission to modify things (in this case we talk about availability).
1.12.12 Social Engineering
In many cases human can be the weak element of the attack. This happens because of many factors like low problem understanding, mistakes of human beings especially when overload and stressed, human beings have a natural tendency to trust, complex interfaces can mislead the user and originate erroneous behaviours (usability), performance decrease due to the application of security measures. We call social engineering the techniques used to ask for the involuntary user’s participation to the attack. Usually naive users are targeted (”change your password with the following one, because your PC is under attack”), but experienced users are targeted too (copying an authentic mail but changing its attachment or URL). It can happen via mail, via phone, fax or even paper and involves also psychological pressure, showing acquaintance with the company’s procedures, habits and personnel helps in gaining trust and make the target lower his defences. There are cases in which, the attacker has obtained something without using any kind of technology.
Cryptography is a mathematical technique: we have some data that we want to protect, this data is a message, for example, that we want to send to a receiver through a channel which is not secure. So we take this message, which is called message in clear because in this part everyone can read it and understand it, and we transform it through the mathematical algorithm of the encryption. So now we can send the message on the channel, but now this message is the equivalent of the message in clear but in a way that no one can understand it, and it is called message encrypted. Once this message arrive at destination, if the receiver use a proper algorithm of decryption, which is the contrary on encryption, he will be able to transform the message into the original one, so as to be read and understood. The most important part in this chain are the keys, the one used for encryption and the one used for decryption, which tell the algorithms how to transform the message. For each different key, you obtain different transformation: so key1 hide the message, while key2 is the antidote of this transformation. In this document we will refer to the message in clear as plaintext or cleartext or using a P; while we will refer to the encrypted message as ciphertext or C.
If the keys:
then it has no importance that the encryption and decryption algorithms are kept secret. On the contrary, it is better to make the algorithms public so that they can be widely analysed and their possible weaknesses identified. This principle is transformed into the motto ”Security Through Obscurity”. So, it’s better use public algorithms.
This is a primitive operation available on all CPU, even the smallest ones. So, quick repetition:
In this kind of cryptography key1 and key2 are the same key (K), so it’s a single key, shared by sender and receiver. Mathematical rules used are very simple so it uses a low computational load and it is used for data encryption. We will define cyphertext as C = enc(K,P), while plaintext as P = dec(K,C). In this case we put the key inside the algorithm which encrypt the message, so data is sent. At the receiver, the data need the key to be decrypted. How do we send the key? This is the main problem of symmetric cryptography. In this picture we see many encryption algorithms. The DES one is the worst one: if you find it somewhere, there could be two reasons: or it’s something old, or they want to spy you because 56 bits as key are not enough. While AES one in the best one. Why are there so many algorithms (there are many algorithms than the ones in the slide)? For political reasons (more or less each country have one of them), then there are many kind of devices and computational strength (some algorithms are better for some environment). In this slide we see also the use of the work ”block”. We can say that blocks are the way the message is divided. In the first case, for example, the message to send will be divided
into blocks of 64 bits, not one more, not one less. These kind of algorithms are called block encryption algorithms.
Data Encryption Standard (DES) uses 56 bits key + 8 parity bits, up to 64 bits. In particular, every 7 bits, the 8th is the parity bit. So, only 56 bits are meaningful. The attacker has to guest only 56 bits. This is the only algorithm with a difference between the real key and the effective one. It uses 64 bits data block. It was designed to be efficient in hardware because it requires XOR, shift, permutation (modifying randomly the bits in a register).
2.3.2 Triple DES (3DES, TDES)
This kind of encryption repeat 3 times the DES (encrypting 3 times). Actually, they use the EDE mode which is Encrypt-Decrypt-Encrypt with different keys:
C′^ = enc(K 1 , P ) (1)
C′′^ = dec(K 2 , C′) (2) C = enc(K 1 , C′′) (3)
C′^ = enc(K 1 , P ) (4)
C′′^ = dec(K 2 , C′) (5) C = enc(K 3 , C′′) (6)
If the time for processing is T, with 3DES is 3T. But, why do we need to spend so much time? So, why dont’t we pass from double encryption?
2.3.3 Double DES
We don’t have to use it because it can be used to perform an attack called meet-in-the-middle which allows to decrypt data with at most 2N^ +1^ attempts (if the keys are N-bit long). So, you have doubled the processing time, gaining only 1 resistance bit. That’s the reason why the double version of encryption algorithms is never used. If the base symmetric algorithms would ba a mathematical group, you don’t won’t have neither 1 bit more. Let’s try to understand the meet-in-the-middle attack. The hypothesis are that that the keys are N bit long and we know P and C as C = (K2, enc(K1, P)). How can we know C e P? If I send a message on a line of communication, I can, then, look at the communication and catch C and P. We can break the formula into two so as to obtain for each M = enc(k1, P) and C = enc(K2, M). At this point, given N bit of key, I try all the possible combination of bits to find X and Y, encrypting and decrypting:
will be encrypted in different ways ans if someone perform che swap the result will be wrong. But we have a problem: like we say before, the most attacked block is the first one and in this case this block doesn’t have anybody before him. We need to create something additional, the initialization vector (IV), to start the procedure. It should be a random value used only to manipulate the first block and to give it the some protection as the other blocks. In the decryption phase, we need to cancel the effect of the XOR. So, first we decrypt the ciphertext, then we XOR it with the previous one so as to cancel the effect of the XOR. Also the receiver should know the IV, so it must be transmitted to destination as well. How do we send it? The first approach says to send in clear the IV, because even if the attacker knows the IV, he can’t encrypt the header, but he can encrypt the header xored with the IV. So, if you have IV, you cannot perform pre-computation because the header will be different every time (being xored with the IV). The second approach, if you don’t want to send the IV in clear, you can use ECB to encrypt the IV (if it’s one single block) and CBC to encrypt the key. One error in transmission generates an error at the decryption at two blocks.
Padding We can do padding if some data don’t fit perfectly in a block. It is typically applied to large data, on the last fragment resulting from the division in blocks. If data dimensions is less than the block dimension, we prefer ad-hoc techniques (CFB, OFB, CTR, ...). How do we do that? If we have 2 bit in one block, we add other 62 bits to complete the block. Even if the plaintext is an exact multiple of the block, padding must be added anyhow to avoid errors in the interpretation of the last block. So, if you think that you don’t need padding because your data are perfectly divided, you actually need the biggest padding block (64 bits). YOU CAN NEVER HAVE 0 PADDING. So the padding length is always between 1 and the size of the block. The problems in this case are that we are transmitting/storing more data than needed and then, which is the value of the padding bits? Some padding techniques: Why are there so many techniques? Some of
them offer minimal integrity control: if key is wrong or data is manipulated, then the padding bytes are incoherent (e.g. wrong padding values). With SSH2 padding equal data gives different ciphertext. The padding type for a certain algorithm determines the type of some possible attacks.
CTS (Ciphertext stealing) CTS permits to use block algorithms without padding. It works like that: the last partial block is filled with bytes from the second-to-last block, these bytes are removed from the second-to-last block (which becomes a partial one), then after encryption, it exchanges the position of the last and second-to-last blocks. It easy really useful when we cannot increase the size of the data after encryption, but the computation time slightly increase. Let’s have an example of how CTS works with ECB (encryption). We start form the two blocks Pn− 1 and Pn. We first encrypt Pn− 1 , then we cut it into two pieces; the first one (the head) has the same dimension of Pn, while the second one (the tail) has the same dimension of the missing piece in Pn. So, we take the tail and we put in next to the last block, then we encrypt it (so that the tail will be encrypted twice). At the end we swap the position of the two blocks.
Now, we go to the decryption phase. We take Cn− 1 to create Dn, then we pad Cn with the extracted ciphertext in the tail end of Dn. We select the first M bits of Dn to create Pn. We queue this last (possibly partial) block for eventual output. Then, we decrypt En 1 to create Pn 1. C = AES 128 ECB CTS containts all the information to send data to destination. But we say that we never use ECB, so let’s go now CBC. We start form the two blocks Pn− 1 and Pn where we add all 0s to complete the block. The first thing to do is to XOR Pn− 1 with the previous ciphertext and then encrypt it (En− 1 ). Then, we use this whole block to XOR with Pn and we encrypt