Steganography Steganography is the art of using cryptographic techniques to embed secret messages within another message. Steganographic algorithms work by making alterations to the least significant bits of the many bits that make up image files. The changes are so minor that there is no appreciable effect on the viewed image. This technique allows communicating parties to hide messages in plain sight— such as embedding a secret message within an illustration on an otherwise innocent web page. Steganographers often embed their secret messages within images or WAV files. These files are often so large that the secret message would easily be missed by even the most observant inspector. E-Commerce As mentioned in the previous section, the rapid growth of electronic commerce led to the wide- spread adoption of SSL and HTTPS as standards for the secure exchange of information through web browsers. Recently, industry experts have recognized the added security necessary for electronic transactions. In the next section, we’ll explore the Secure Electronic Transaction SET protocol designed to add this enhanced security. Secure Electronic Transactions The Secure Electronic Transaction SET standard was originally developed jointly by Visa and MasterCard—the two largest providers of credit cards in the United States—as a means for securing e-commerce transactions. When they outlined the business case for SET, the two ven- dors identified the following seven requirements: Provide confidentiality of payment information and enable confidentiality of order infor- mation transmitted along with the payment information. Ensure the integrity of all transmitted data. Provide authentication that a cardholder is a legitimate user of a branded payment card account. Provide authentication that a merchant can accept branded payment card transactions through its relationship with an acquiring financial institution. Ensure the use of the best security practices and system design techniques to protect all legitimate parties in an electronic commerce transaction. Create a protocol that neither depends on transport security mechanisms nor prevents their use. Facilitate and encourage interoperability among software and network providers. Material on SET is disappearing from the Internet since the original site, www.setco.org , is no longer active. For more information on SET, try visiting www.ectag.org . SET utilizes a combination of RSA public key cryptography and DES private key cryptogra- phy in conjunction with digital certificates to secure electronic transactions. The original SET standard was published in 1997. Networking The final application of cryptography we’ll explore in this chapter is the use of cryptographic algorithms to provide secure networking services. In the following sections, we’ll take a brief look at two methods used to secure communications circuits, as well as IPSec and the ISAKMP protocol. We’ll also look at some of the security issues surrounding wireless networking. Circuit Encryption Security administrators use two types of encryption techniques to protect data traveling over networks—link encryption and end-to-end encryption. Link encryption protects entire communications circuits by creating a secure tunnel between two points using either a hardware or a software solution that encrypts all traffic entering one end of the tunnel and decrypts all traffic entering the other end of the tunnel. For example, a company with two offices connected via a data circuit might use link encryption to protect against attackers monitoring at a point in between the two offices. End-to-end encryption protects communications between two parties e.g., a client and a server and is performed independently of link encryption. An example of end-to-end encryp- tion would be the use of Privacy Enhanced Mail to pass a message between a sender and a receiver. This protects against an intruder who might be monitoring traffic on the secure side of an encrypted link or traffic sent over an unencrypted link. The critical difference between link and end-to-end encryption is that in link encryption, all the data, including the header, trailer, address, and routing data, is also encrypted. Therefore, each packet has to be decrypted at each hop so it can be properly routed to the next hop and then reencrypted before it can be sent along its way, which slows the routing. End-to-end encryption does not encrypt the header, trailer, address, and routing data, so it moves faster from point to point but is more susceptible to sniffers and eavesdroppers. When encryption hap- pens at the higher OSI layers, it is usually end-to-end encryption, and if encryption is done at the lower layers of the OSI model, it is usually link encryption. Secure Shell SSH is a good example of an end-to-end encryption technique. This suite of programs provide encrypted alternatives to common Internet applications like FTP, Telnet, and rlogin. There are actually two versions of SSH. SSH1 which is now considered insecure MONDEX The MONDEX payment system, owned by MasterCard International, uses cryptographic tech- nology to allow electronic commerce users to store value on smart chips in proprietary pay- ment cards. The value can then be instantly transferred to a vendor at the point of purchase. supports the DES, 3DES, IDEA, and Blowfish algorithms. SSH2 drops support for DES and IDEA but adds support for several other algorithms. IPSec There are various security architectures in use today, each one designed to address security issues in different environments. One such architecture that supports secure communications is the Internet Protocol Security IPSec standard. IPSec is a standard architecture set forth by the Internet Engineering Task Force IETF for setting up a secure channel to exchange information between two entities. The two entities could be two systems, two routers, two gateways, or any combination of entities. Although generally used to connect two networks, IPSec can be used to connect individual computers, such as a server and a workstation or a pair of workstations sender and receiver, perhaps. IPSec does not dictate all implementation details but is an open, modular framework that allows many manufacturers and software developers to develop IPSec solutions that work well with products from other vendors. IPSec uses public key cryptography to provide encryption, access control, nonrepudiation, and message authentication, all using IP protocols. The primary use of IPSec is for virtual private net- works VPNs, so IPSec operates in either transport or tunnel mode. Tunnel mode is most often used when you set up VPNs between network gateways. In tunnel mode, the message and the orig- inal IP header are encrypted. Then a new IP header that addresses the destination’s gateway is added. In contrast, in transport mode, only the message is encrypted, not the IP header. The IP Security IPSec protocol provides a complete infrastructure for secured network communications. IPSec has gained widespread acceptance and is now offered in a number of commercial operating systems out of the box. IPSec relies upon security associations, and there are four main components: The Authentication Header AH provides assurances of message integrity and nonrepudi- ation. AH also provides authentication and access control and prevents replay attacks. The Encapsulating Security Payload ESP provides confidentiality and integrity of packet contents. It provides encryption and limited authentication and prevents replay attacks. ESP also provides some limited authentication, but not to the degree of the AH. Though ESP is sometimes used without AH, it’s rare to see AH used without ESP. The IP Payload Compression IPcomp protocol allows IPSec users to achieve enhanced performance by compressing packets prior to the encryption operation. The Internet Key Exchange IKE protocol provides for the secure exchange of crypto- graphic keys between IPSec participants. IKE establishes a shared security policy between communication partners and authenticates andor produces keys for key-dependent ser- vices. All communication partners e.g., routerfirewallhost must be identified before traf- fic is sent. This is accomplished through manual pre-shared keys or by a CA-controlled key distribution service ISAKMP. OAKLEY is a key establishment protocol that was proposed for IPsec but was superseded by IKE. OAKLEY is based on the Diffie-Hellman algorithm and designed to be a compatible component of ISAKMP. IPSec provides for two discrete modes of operation. When IPSec is used in transport mode, only the packet payload is encrypted. This mode is designed for peer-to-peer communication. When it’s used in tunnel mode, the entire packet, including the header, is encrypted. This mode is designed for gateway-to-gateway communication. IPSec is an extremely important concept in modern computer security. Be cer- tain that you’re familiar with the four component protocols and the two modes of IPSec operation. At runtime, you set up an IPSec session by creating a security association SA. The SA rep- resents the communication session and records any configuration and status information about the connection. The SA represents a simplex connection. If you want a two-way channel, you need two SAs, one for each direction. Also, if you want to support a bidirectional channel using both AH and ESP, you will need to set up four SAs. Some of IPSec’s greatest strengths comes from being able to filter or manage communications on a per-SA basis so that clients or gate- ways between which security associations exist can be rigorously managed in terms of what kinds of protocols or services can use an IPSec connection. Also, without a valid security asso- ciation defined, pairs of users or gateways cannot establish IPSec links. Further details of the IPSec algorithm are provided in Chapter 3, “ISO Model, Network Security, and Protocols.” ISAKMP The Internet Security Association and Key Management Protocol ISAKMP provides back- ground security support services for IPSec by negotiating, establishing, modifying, and deleting security associations. As you learned in the previous section, IPSec relies upon a system of secu- rity associations SAs. These SAs are managed through the use of ISAKMP. There are four basic requirements for ISAKMP, as set forth in Internet RFC 2408: Authenticate communicating peers. Create and manage security associations. Provide key generation mechanisms. Protect against threats e.g., replay and denial of service attacks. Wireless Networking The widespread rapid adoption of wireless networks poses a tremendous security risk. Many traditional networks do not implement encryption for routine communications between hosts on the local network and rely upon the assumption that it would be too difficult for an attacker to gain physical access to the network wire inside a secure location to eavesdrop on the network. However, wireless networks transmit data through the air, leaving them extremely vulnerable to interception. The security community responded with the introduction of Wired Equivalent Privacy WEP, which provides 40-, 64-, and 128-bit encryption options to protect communications within the wireless LAN. WEP is described in IEEE 802.11 as an optional component of the wireless networking standard. Unfortunately, there are several vulnerabilities in this protocol that make it a less than desirable choice for many security administrators. Remember that WEP is not an end-to-end security solution. It encrypts traffic only between a mobile computer and the nearest wireless access point. Once the traffic hits the wired network, it’s in the clear again. Another commonly used wireless security standard, IEEE 802.1x, provides a flexible frame- work for authentication and key management in wireless networks. It greatly reduces the bur- den inherent in changing WEP encryption keys manually and supports a number of diverse authentication techniques. Wireless Application Protocol WAP Unlike WEP, Wireless Application Protocol WAP is not used for 802.11 wireless networking. Instead, WAP is used by portable devices like cell phones and PDAs to support Internet con- nectivity via your telco or carrier provider. WAP is not a single protocol, but rather a suite of protocols: Wireless Markup Language WML and Script Wireless Application Environment WAE Wireless Transaction Protocol WTP Wireless Transport Layer Security Protocol WTLS; provides three classes of security Wireless Datagram Protocol WDP Wireless Transport Layer Security Protocol WTLS provides the authentication mechanism for WAP. It is a wireless version of TLS, which is a derivative of SSL v.3.0. WTLS provides for three types of authentication: Class 1 Anonymous authentication Class 2 Server authentication Class 3 Two-way client and server authentication The biggest problem with WAP is known as the “gap in wap.” This means that WAP is used to protect data from the handheld device to the receiving station at the telco, but once on the telco’s servers, data returns to its pre-WAP state i.e., decrypted into plain text before being reencoded or reencrypted into SSL for secured transmission from the telco’s servers to the ulti- mate Internet-based destination. This temporary state of insecurity grants the telco and other potential eavesdroppers the ability to gain direct access to your data. Cryptographic Attacks As with any security mechanism, malicious individuals have found a number of attacks to defeat cryptosystems. It’s important that you, as a security administrator, understand the threats posed by various cryptographic attacks to minimize the risks posed to your systems: Analytic attack This is an algebraic manipulation that attempts to reduce the complexity of the algorithm. Analytic attacks focus on the logic of the algorithm itself. Implementation attack This is a type of attack that exploits weaknesses in the implementation of a cryptography system. It focuses on exploiting the software code, not just errors and flaws but methodology employed to program the encryption system. Statistical attack A statistical attack exploits statistical weaknesses in a cryptosystem, such as inability to produce random numbers and floating point errors. Statistical attacks attempt to find a vulnerability in the hardware or operating system hosting the cryptography application. Brute force Brute force attacks are quite straightforward. Such an attack attempts every pos- sible valid combination for a key or password. They involve using massive amounts of process- ing power to methodically guess the key used to secure cryptographic communications. For a non-flawed protocol, the average amount of time required to discover the key through a brute force attack is directly proportional to the length of the key. A brute force attack will always be successful given enough time. However, enough time is relative to the length of the key. For example, a computer that could brute force a DES 56-bit key in 1 second would take 149 trillion years to brute force an AES 128-bit key. Every additional bit of key length doubles the time to perform a brute force attack because the number of potential keys is doubled. Known plaintext In the known plaintext attack, the attacker has a copy of the encrypted mes- sage along with the plaintext message used to generate the ciphertext the copy. This knowl- edge greatly assists the attacker in breaking weaker codes. For example, imagine the ease with which you could break the Caesar cipher described in Chapter 9 if you had both a plaintext and a ciphertext copy of the same message. Chosen ciphertext In a chosen ciphertext attack, the attacker has the ability to decrypt chosen por- tions of the ciphertext message and use the decrypted portion of the message to discover the key. Chosen plaintext In a chosen plaintext attack, the attacker has the ability to encrypt plaintext mes- sages of their choosing and can then analyze the ciphertext output of the encryption algorithm. Meet-in-the-middle Attackers might use a meet-in-the-middle attack to defeat encryption algo- rithms that use two rounds of encryption. This attack is the reason that Double DES 2DES was quickly discarded as a viable enhancement to the DES encryption in favor of Triple DES 3DES. In the meet-in-the-middle attack, the attacker uses a known plaintext message. The plaintext is then encrypted using every possible key k1, while the equivalent ciphertext is decrypted using all possible keys k2. When a match is found, the corresponding pair k1, k2 represents both portions of the double encryption. This type of attack generally takes only double the time necessary to break a single round of encryption or 2 n rather than the anticipated 2 n 2 n , offering minimal added protection. Man-in-the-middle In the man-in-the-middle attack, a malicious individual sits between two communicating parties and intercepts all communications including the setup of the crypto- graphic session. The attacker responds to the originator’s initialization requests and sets up a secure session with the originator. The attacker then establishes a second secure session with the intended recipient using a different key and posing as the originator. The attacker can then “sit in the middle” of the communication and read all traffic as it passes between the two parties. Be careful not to confuse the meet-in-the-middle attack with the man-in-the- middle attack. They sound very similar Birthday The birthday attack also known as a collision attack or reverse hash matching see our discussion of brute force and dictionary attacks in Chapter 2 seeks to find flaws in the one- to-one nature of hashing functions. In this attack, the malicious individual seeks to substitute in a digitally signed communication a different message that produces the same message digest, thereby maintaining the validity of the original digital signature. Replay The replay attack is used against cryptographic algorithms that don’t incorporate tem- poral protections. In this attack, the malicious individual intercepts an encrypted message between two parties often a request for authentication and then later “replays” the captured message to open a new session. This attack can be defeated by incorporating a time stamp and expiration period into each message. Summary Public key encryption provides an extremely flexible infrastructure, facilitating simple, secure com- munication between parties that do not necessarily know each other prior to initiating the commu- nication. It also provides the framework for the digital signing of messages to ensure nonrepudiation and message integrity. This chapter explored public key encryption, which is made possible by the public key infrastructure PKI hierarchy of trust relationships. We also described some popular cryptographic algorithms, such as link encryption and end-to-end encryption. Finally, we intro- duced you to the public key infrastructure, which uses certificate authorities CAs to generate digital certificates containing the public keys of system users and digital signatures, which rely upon a com- bination of public key cryptography and hashing functions. We also looked at some of the common applications of cryptographic technology in solving everyday problems. You learned how cryptography can be used to secure electronic mail using PGP, PEM, MOSS, and SMIME, web communications using SSL and S-HTTP, electronic commerce using steganography and SET, and both peer-to-peer and gateway-to-gateway net- working using IPSec and ISAKMP as well as wireless communications using WEP. Finally, we looked at some of the more common attacks used by malicious individuals attempting to interfere with or intercept encrypted communications between two parties. Such attacks include birthday, cryptanalytic, replay, brute force, known plaintext, chosen plaintext, chosen ciphertext, meet-in-the-middle, man-in-the-middle, and birthday attacks. It’s important for you to understand these attacks in order to provide adequate security against them. Exam Essentials Understand the key types used in asymmetric cryptography. Public keys are freely shared among communicating parties, whereas private keys are kept secret. To encrypt a message, use the recipient’s public key. To decrypt a message, use your own private key. To sign a message, use your own private key. To validate a signature, use the sender’s public key. Be familiar with the three major public key cryptosystems. RSA is the most famous public key cryptosystem; it was developed by Rivest, Shamir, and Adleman in 1977. It depends upon the difficulty of factoring the product of prime numbers. El Gamal is an extension of the Diffie- Hellman key exchange algorithm that depends upon modular arithmetic. The elliptic curve algorithm depends upon the elliptic curve discrete logarithm problem and provides more secu- rity than other algorithms when both are used with keys of the same length. Know the fundamental requirements of a hash function. Good hash functions have five requirements. They must allow input of any length, provide fixed-length output, make it rela- tively easy to compute the hash function for any input, provide one-way functionality, and be collision free. Be familiar with the four major hashing algorithms. The Secure Hash Algorithm SHA and its successor SHA-1 make up the government standard message digest function. SHA-1 pro- duces a 160-bit message digest. MD2 is a hash function that is designed for 8-bit processors and provides a 16-byte hash. MD4 and MD5 both produce a 128-bit hash, but MD4 has proven vul- nerabilities and is no longer accepted. Understand how digital signatures are generated and verified. To digitally sign a message, first use a hashing function to generate a message digest. Then encrypt the digest with your pri- vate key. To verify the digital signature on a message, decrypt the signature with the sender’s public key and then compare the message digest to one you generate yourself. If they match, the message is authentic. Know the components of the Digital Signature Standard DSS. The Digital Signature Stan- dard uses the SHA-1 message digest function along with one of three encryption algorithms: the Digital Signature Algorithm DSA, the Rivest, Shamir, Adleman RSA algorithm, or the Ellip- tic Curve DSA ECDSA algorithm. Understand the public key infrastructure PKI In the public key infrastructure, certificate authorities CAs generate digital certificates containing the public keys of system users. Users then distribute these certificates to people with whom they wish to communicate. Certificate recipients verify a certificate using the CA’s public key. Know the common applications of cryptography to secure electronic mail. The emerging standard for encrypted messages is the SMIME protocol. Other popular e-mail security proto- cols include Phil Zimmerman’s Pretty Good Privacy PGP, Privacy Enhanced Mail PEM, and MIME Object Security Services MOSS. Know the common applications of cryptography to secure web activity. The de facto stan- dard for secure web traffic is the use of HTTP over Secure Sockets Layer SSL, otherwise known as HTTPS. Secure HTTP S-HTTP also plays an important role in protecting individual messages. Most web browsers support both standards. Know the common applications of cryptography to secure electronic commerce. The Secure Electronic Transaction SET protocol was developed jointly by Visa and MasterCard to pro- vide end-to-end security for electronic commerce transactions. Know the common applications of cryptography to secure networking. The IPSec protocol standard provides a common framework for encrypting network traffic and is built in to a num- ber of common operating systems. In IPSec transport mode, packet contents are encrypted for peer-to-peer communication. In tunnel mode, the entire packet, including header information, is encrypted for gateway-to-gateway communications. Describe IPSec. IPSec is a security architecture framework that supports secure communica- tion over IP. IPSec establishes a secure channel in either transport mode or tunnel mode. It can be used to establish direct communication between computers or to set up a VPN between net- works. IPSec uses two protocols: Authentication Header AH and Encapsulating Security Pay- load ESP. Explain common cryptographic attacks Brute force attacks are attempts to randomly find the correct cryptographic key. Known plaintext, chosen ciphertext, and chosen plaintext attacks require the attacker to have some extra information in addition to the ciphertext. The meet-in- the-middle attack exploits protocols that use two rounds of encryption. The man-in-the-middle attack fools both parties into communicating with the attacker instead of directly with each other. The birthday attack is an attempt to find collisions in hash functions. The replay attack is an attempt to reuse authentication requests. Review Questions 1. In the RSA public key cryptosystem, which one of the following numbers will always be largest?

A. e

B. n

C. p

D. q

2. Which cryptographic algorithm forms the basis of the El Gamal cryptosystem?

A. RSA

B. Diffie-Hellman

C. 3DES

D. IDEA

3. If Richard wants to send an encrypted message to Sue using a public key cryptosystem, which

key does he use to encrypt the message?

A. Richard’s public key

B. Richard’s private key

C. Sue’s public key

D. Sue’s private key 4. If a 2,048-bit plaintext message was encrypted with the El Gamal public key cryptosystem, how long would the resulting ciphertext message be? A. 1,024 bits

B. 2,048 bits

C. 4,096 bits

D. 8,192 bits

5. Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The company

plans to convert from RSA to an elliptic curve cryptosystem. If it wishes to maintain the same cryptographic strength, what ECC key length should it use?

A. 160 bits

B. 512 bits

C. 1,024 bits

D. 2,048 bits 6. John would like to produce a message digest of a 2,048-byte message he plans to send to Mary. If he uses the SHA-1 hashing algorithm, what size will the message digest for this particular message be?

A. 160 bits

B. 512 bits

C. 1,024 bits

D. 2,048 bits 7. Which one of the following message digest algorithms is considered flawed and should no longer be used?

A. SHA-1

B. MD2

C. MD4

D. MD5

8. Which one of the following message digest algorithms is the current U.S. government standard

in use by secure federal information processing systems?

A. SHA-1

B. MD2

C. MD4

D. MD5

9. Richard received an encrypted message sent to him from Sue. Which key should he use to decrypt the message? A. Richard’s public key

B. Richard’s private key

C. Sue’s public key

D. Sue’s private key

10. Richard would like to digitally sign a message he’s sending to Sue so that Sue can be sure the mes- sage came from him without modification while in transit. Which key should he use to encrypt the message digest?

A. Richard’s public key

B. Richard’s private key

C. Sue’s public key

D. Sue’s private key 11. Which one of the following algorithms is not supported by the Digital Signature Standard? A. Digital Signature Algorithm

B. RSA

C. El Gamal DSA

D. Elliptic Curve DSA

12. Which International Telecommunications Union ITU standard governs the creation and

endorsement of digital certificates for secure electronic communication?

A. X.500

B. X.509

C. X.900

D. X.905

13. What cryptosystem provides the encryptiondecryption technology for the commercial version of Phil Zimmerman’s Pretty Good Privacy secure e-mail system?

A. DES3DES

B. IDEA

C. ECC

D. El Gamal

14. What TCPIP communications port is utilized by Secure Sockets Layer traffic?

A. 80

B. 220

C. 443

D. 559 15. What type of cryptographic attack rendered Double DES 2DES no more effective than stan- dard DES encryption? A. Birthday

B. Chosen ciphertext

C. Meet-in-the-middle

D. Man-in-the-middle

16. Which of the following security systems was created to support the use of stored-value payment

cards?

A. SET

B. IPSec

C. MONDEX

D. PGP

17. Which of the following links would be protected by WEP encryption? A. Firewall to firewall

B. Router to firewall

C. Client to wireless access point

D. Wireless access point to router

18. What is the major disadvantage of using certificate revocation lists?

A. Key management

B. Latency

C. Record keeping

D. Vulnerability to brute force attacks 19. Which one of the following encryption algorithms is now considered insecure? A. El Gamal

B. RSA

C. Skipjack

D. Merkle-Hellman Knapsack

20. What does IPSec define?

A. All possible security classifications for a specific configuration

B. A framework for setting up a secure communication channel

C. The valid transition states in the Biba model

D. TCSEC security categories Answers to Review Questions

1. B. The number n is generated as the product of the two large prime numbers p and q. Therefore,

n must always be greater than both p and q. Furthermore, it is an algorithm constraint that e must be chosen such that e is smaller than n. Therefore, in RSA cryptography n is always the largest of the four variables shown in the options to this question.

2. B. The El Gamal cryptosystem extends the functionality of the Diffie-Hellman key exchange

protocol to support the encryption and decryption of messages.

3. C. Richard must encrypt the message using Sue’s public key so that Sue can decrypt it using her

private key. If he encrypted the message with his own public key, the recipient would need to know Richard’s private key to decrypt the message. If he encrypted it with his own private key, any user could decrypt the message using Richard’s freely available public key. Richard could not encrypt the message using Sue’s private key because he does not have access to it. If he did, any user could decrypt it using Sue’s freely available public key.

4. C. The major disadvantage of the El Gamal cryptosystem is that it doubles the length of any mes-

sage it encrypts. Therefore, a 2,048-bit plaintext message would yield a 4,096-bit ciphertext message when El Gamal is used for the encryption process.

5. A. The elliptic curve cryptosystem requires significantly shorter keys to achieve encryption that

would be the same strength as encryption achieved with the RSA encryption algorithm. A 1,024- bit RSA key is cryptographically equivalent to a 160-bit elliptic curve cryptosystem key.

6. A. The SHA-1 hashing algorithm always produces a 160-bit message digest, regardless of the

size of the input message. In fact, this fixed-length output is a requirement of any secure hashing algorithm.

7. C. The MD4 algorithm has documented flaws that produce collisions, rendering it useless as a

hashing function for secure cryptographic applications.

8. A. SHA-1 is the current U.S. government standard, as defined in the Secure Hashing Standard SHS,

also known as Federal Information Processing Standard FIPS 180. Several newer algorithms such as SHA-256, SHA-384, and SHA-512 are being considered to replace SHA-1 and make it crypto- graphically compatible with the stronger Advanced Encryption Standard.

9. B. Sue would have encrypted the message using Richard’s public key. Therefore, Richard needs

to use the complementary key in the key pair, his private key, to decrypt the message.

10. B. Richard should encrypt the message digest with his own private key. When Sue receives the

message, she will decrypt the digest with Richard’s public key and then compute the digest her- self. If the two digests match, she can be assured that the message truly originated from Richard.

11. C. The Digital Signature Standard allows federal government use of the Digital Signature Algo-

rithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing function to pro- duce secure digital signatures. 12. B. X.509 governs digital certificates and the public key infrastructure PKI. It defines the appro- priate content for a digital certificate and the processes used by certificate authorities to generate and revoke certificates. 13. B. Pretty Good Privacy uses a “web of trust” system of digital signature verification. The encryp- tion technology is based upon the IDEA private key cryptosystem.

14. C. Secure Sockets Layer utilizes TCP port 443 for encrypted clientserver communications.

15. C. The meet-in-the-middle attack demonstrated that it took relatively the same amount of com-

putation power to defeat 2DES as it does to defeat standard DES. This led to the adoption of Tri- ple DES 3DES as a standard for government communication.

16. C. The MONDEX payment system, owned by MasterCard International, provides the crypto-

graphic technology necessary to support stored-value payment cards.

17. C. The Wired Equivalent Privacy protocol encrypts traffic passing between a mobile client and

the wireless access point. It does not provide end-to-end encryption.

18. B. Certificate revocation lists CRLs introduce an inherent latency to the certificate expiration

process due to the time lag between CRL distributions.

19. D. The Merkle-Hellman Knapsack algorithm, which relies upon the difficulty of factoring

superincreasing sets, has been broken by cryptanalysts.

20. B. IPSec is a security protocol that defines a framework for setting up a secure channel to

exchange information between two entities. Chapter 11 Principles of Computer Design THE CISSP EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE: Principles of Common Computer and Network Organizations, Architectures, and Designs In previous chapters of this book, we’ve taken a look at basic security principles and the protective mechanisms put in place to prevent violation of them. We’ve also examined some of the spe- cific types of attacks used by malicious individuals seeking to circumvent those protective mech- anisms. Until this point, when discussing preventative measures we have focused on policy measures and the software that runs on a system. However, security professionals must also pay careful attention to the system itself and ensure that their higher-level protective controls are not built upon a shaky foundation. After all, the most secure firewall configuration in the world won’t do a bit of good if the computer it runs on has a fundamental security flaw that allows malicious individuals to simply bypass the firewall completely. In this chapter, we’ll take a look at those underlying security concerns by conducting a brief survey of a field known as computer architecture: the physical design of computers from various components. We’ll examine each of the major physical components of a computing system— hardware and firmware—looking at each from a security perspective. Obviously, the detailed analysis of a system’s hardware components is not always a luxury available to you due to resource and time constraints. However, all security professionals should have at least a basic understanding of these concepts in case they encounter a security incident that reaches down to the system design level. The federal government takes an active interest in the design and specification of the com- puter systems used to process classified national security information. Government security agencies have designed elaborate controls, such as the TEMPEST program used to protect against unwanted electromagnetic emanations and the Orange Book security levels that define acceptable parameters for secure systems. This chapter also introduces two key concepts: security models and security modes, both of which tie into computer architectures and system designs. A security model defines basic approaches to security that sit at the core of any security policy implementation. Security mod- els address such basic questions as: What basic entities or operations need security? What is a security principal? What is an access control list? Security models covered in this chapter include state machine, Bell-LaPadula, Biba, Clark-Wilson, information flow, noninterference, Take- Grant, access control matrix, and Brewer and Nash models. Security modes represent ways in which systems can operate, depending on various elements such as the sensitivity or security classification of the data involved, the clearance level of the user involved, and the type of data operations requested. A security mode describes the conditions under which a system runs. Four such modes are recognized: dedicated security, system high security, com- partmented security, and multilevel security modes, all covered in detail in this chapter. The next chapter, “Principles of Security Models,” examines how security models and secu- rity modes condition system behavior and capabilities and explores security controls and the criteria used to evaluate compliance with them. Computer Architecture Computer architecture is an engineering discipline concerned with the design and construction of computing systems at a logical level. Many college-level computer engineering and computer science programs find it difficult to cover all the basic principles of computer architecture in a single semester, so this material is often divided into two one-semester courses for undergrad- uates. Computer architecture courses delve into the design of central processing unit CPU components, memory devices, device communications, and similar topics at the bit level, defin- ing processing paths for individual logic devices that make simple “0 or 1” decisions. Most secu- rity professionals do not need that level of knowledge, which is well beyond the scope of this book. However, if you will be involved in the security aspects of the design of computing sys- tems at this level, you would be well advised to conduct a more thorough study of this field. The more complex a system, the less assurance it provides. More complexity means more areas for vulnerabilities exist and more areas must be secured against threats. More vulnerabilities and more threats mean that the subse- quent security provided by the system is less trustworthy. Hardware Any computing professional is familiar with the concept of hardware. As in the construction industry, hardware is the physical “stuff” that makes up a computer. The term hardware encompasses any tangible part of a computer that you can actually reach out and touch, from the keyboard and monitor to its CPUs, storage media, and memory chips. Take careful note that although the physical portion of a storage device such as a hard disk or SIMM may be considered hardware, the contents of those devices—the collections of 0s and 1s that make up the software and data stored within them—may not. After all, you can’t reach inside the com- puter and pull out a handful of bits and bytes Processor The central processing unit CPU, generally called the processor, is the computer’s nerve cen- ter—it is the chip, or chips in a multiprocessor system, that governs all major operations and either directly performs or coordinates the complex symphony of calculations that allows a computer to perform its intended tasks. Surprisingly, the CPU is actually capable of performing only a limited set of computational and logical operations, despite the complexity of the tasks it allows the computer to perform. It is the responsibility of the operating system and compilers to translate high-level programming languages used to design software into simple assembly language instructions that a CPU understands. This limited range of functionality is inten- tional—it allows a CPU to perform computational and logical operations at blazing speeds, often measured in units known as MIPS million instructions per second. To give you an idea of the magnitude of the progress in computing technology over the years, consider this: The original Intel 8086 processor introduced in 1978 operated at a rate of 0.33 MIPS that’s 330,000 calculations per second. A reasonably current 3.2GHz Pentium 4 processor intro- duced in 2003 operates at a blazing speed of 3,200 MIPS, or 3,200,000,000 calculations per second, almost 10,000 times as fast Execution Types As computer processing power increased, users demanded more advanced features to enable these systems to process information at greater rates and to manage multiple functions simul- taneously. Computer engineers devised several methods to meet these demands. At first blush, the terms multitasking, multiprocessing, multiprogramming, and multithreading may seem nearly identical. However, they describe very differ- ent ways of approaching the “doing two things at once” problem. We strongly advise that you take the time to review the distinctions between these terms until you feel comfortable with them. MULTITASKING In computing, multitasking means handling two or more tasks simultaneously. In reality, most systems do not truly multitask; they rely upon the operating system to simulate multitasking by carefully structuring the sequence of commands sent to the CPU for execution. After all, when your processor is humming along at 3,200 MIPS, it’s hard to tell that it’s switching between tasks rather than actually working on two tasks at once. MULTIPROCESSING In a multiprocessing environment, a multiprocessor computing system that is, one with more than one CPU harnesses the power of more than one processor to complete the execution of a single application. For example, a database server might run on a system that contains three processors. If the database application receives a number of separate queries simultaneously, it might send each query to a separate processor for execution. Two types of multiprocessing are most common in modern systems with multiple CPUs. The scenario just described, where a single computer contains more than one processor controlled by a single operating system, is called symmetric multiprocessing SMP. In SMP, processors share not only a common operating system, but also a common data bus and memory resources. In this type of arrangement, systems may use a large number of processors. Fortunately, this type of computing power is more than sufficient to drive most systems. Some computationally intensive operations, such as those that support the research of sci- entists and mathematicians, require more processing power than a single operating system can deliver. Such operations may be best served by a technology known as massively parallel pro- cessing MPP. MPP systems house hundreds or even thousands of processors, each of which has its own operating system and memorybus resources. When the software that coordinates the entire system’s activities and schedules them for processing encounters a computationally intensive task, it assigns responsibility for the task to a single processor. This processor in turn breaks the task up into manageable parts and distributes them to other processors for execution. Those processors return their results to the coordinating processor where they are assembled and returned to the requesting application. MPP systems are extremely powerful not to men- tion extremely expensive and are the focus of a good deal of computing research. Both types of multiprocessing provide unique advantages and are suitable for different types of situations. SMP systems are adept at processing simple operations at extremely high rates, whereas MPP systems are uniquely suited for processing very large, complex, computationally intensive tasks that lend themselves to decomposition and distribution into a number of subor- dinate parts. MULTIPROGRAMMING Multiprogramming is similar to multitasking. It involves the pseudo-simultaneous execution of two tasks on a single processor coordinated by the operating system as a way to increase oper- ational efficiency. Multiprogramming is considered a relatively obsolete technology and is rarely found in use today except in legacy systems. There are two main differences between mul- tiprogramming and multitasking: Multiprogramming usually takes place on large-scale systems, such as mainframes, whereas multitasking takes place on PC operating systems, such as Windows and Linux. Multitasking is normally coordinated by the operating system, whereas multiprogramming requires specially written software that coordinates its own activities and execution through the operating system. MULTITHREADING Multithreading permits multiple concurrent tasks to be performed within a single process. Unlike multitasking, where multiple tasks occupy multiple processes, multithreading permits multiple tasks to operate within a single process. Multithreading is often used in applications where frequent context switching between multiple active processes consumes excessive over- head and reduces efficiency. In multithreading, switching between threads incurs far less overhead and is therefore more efficient. In modern Windows implementations, for example, the over- head involved in switching from one thread to another within a single process is on the order of 40 to 50 instructions, with no substantial memory transfers needed. Whereas switching from one process to another involves 1,000 instructions or more and requires substantial memory transfers as well. A good example of multithreading occurs when multiple documents are opened at the same time in a word processing program. In that situation, you do not actually run multiple instances of the word processor—this would place far too great a demand on the system. Instead, each document is treated as a single thread within a single word processor process, and the software chooses which thread it works on at any given moment. Symmetric multiprocessing systems actually make use of threading at the operating system level. As in the word processing example just described, the operating system also contains a number of threads that control the tasks assigned to it. In a single-processor system, the OS sends one thread at a time to the processor for execution. SMP systems send one thread to each available processor for simultaneous execution.