"pageSize": "A4",
"landscape": false,
"margin": "2",
- "downscalePercent": 100
+ "downscalePercent": 50
},
"promptDelete": false
}
\ No newline at end of file
"type": "split",
"children": [
{
- "id": "2136efadb65426c0",
+ "id": "5e6069bc7520fcd6",
"type": "tabs",
"children": [
{
- "id": "b32655feb9b7d9db",
+ "id": "29d0775217ba3dcc",
"type": "leaf",
"state": {
"type": "markdown",
"state": {
- "file": "University/Computer Security/Cheatsheet (extensive, draft).md",
+ "file": "Thoughts on Politics and Researching, and finding out things that you think are right.md",
"mode": "source",
"source": false,
"backlinks": true,
}
},
"icon": "lucide-file",
- "title": "Cheatsheet (extensive, draft)"
+ "title": "Thoughts on Politics and Researching, and finding out things that you think are right"
}
}
]
"pdf-plus:PDF++: Toggle auto-paste": false
}
},
- "active": "b32655feb9b7d9db",
+ "active": "29d0775217ba3dcc",
"lastOpenFiles": [
- "Pasted image 20250416221211.png",
- "Pasted image 20250416221155.png",
- "People/Ruxi.md",
+ "Watchlist.md",
+ "Thoughts on Politics and Researching, and finding out things that you think are right.md",
+ "Some cool music perhaps?.md",
+ "University/Computer Security/Pasted image 20250416221155.png",
+ "Pasted image 20250207160807.png",
+ "University/Computer Security/Pasted image 20250416221211.png",
+ "Pasted image 20250103161642.png",
"University/Computer Security/Cheatsheet (extensive, draft).md",
+ "University/Computer Security/Cheatsheet (shortened, draft) (for me).md",
+ "People/Ruxi.md",
"University/Human Computer Interaction/Untitled.md",
"University/Computer Security",
"University/Human Computer Interaction",
- "Pasted image 20250207160807.png",
- "Pasted image 20250103161642.png",
"get over it, everyone's tipsy. Dance..md",
"Food with the boys - money note.md",
- "Watchlist.md",
- "Thoughts on Politics and Researching, and finding out things that you think are right.md",
- "Some cool music perhaps?.md",
"Quotes.md",
"Poet List.md",
"Untitled 1.md",
"Bundesverfassungsgericht/Urteil_des_Ersten_Senats_vom_5_November_2019.pdf",
"Bundesverfassungsgericht/References on Bundesverfassungsgericht.md",
"University/Algorithm Design/Resources.md",
- "University/Algorithm Design/Greedy.md",
"People",
"University/HCI",
"University/Algorithm Design",
Layered Defence:
Implement a multi-layered security approach to address different levels of threats.
-
### Threat vs. Harm
> Threat = A potential danger that could cause harm
> Risk = The likelihood that the threat will actually exploit a vulnerability and cause damage
- Taking down C2 Infra., though they make this hard
- Blocklisting devices that are infected
+Firewalls:
+- prevents access from outside networks
+- segments networks
+- reduces attack surface
+
+there are _hardware_ and _software_ firewalls
+Hardware tends to be faster, safer and more expensive
+
+Types of firewalls:
+- Packet filtering
+- Stateful inspection
+- Application-level
+- Circuit-level
+ - relays application layer data between user and app
+ - does not parse contents, determines which connections are allowed
+
+DMZ - De-militarized Zone (separating different levels of network security, public facing servers, then firewall, then internal services.)
+
+VPN, allow to create a "tunnel"
+
+## Intrusion Detection
+IDS:
+- Host-Based
+ - Monitor logs
+- Network-Based
+ - Monitors network data and deep packet inspect
+
+IDS Types:
+- Heuristic
+- Signature
+- Anomaly (Determine what "normal data" is)
+ - Can be detected with statistics
+ - or knowledge
+ - or machine-learning
+
+Alert fatigure: the boy who cried wolf, you need to check the number of false positive and sensitivity of the system.
+
+SPAN ports on Switch: to monitor things
+
+Honeypot:
+ A decoy system that is designed to lure potential attackers away from critical systems.
+
+Goals of a honeypot:
+- Divert attackers
+- Collect info about attackers
+- alert administrators of strange behaviour
+
+Needed role of secure protocols:
+- Interoperability, need to make sure that people can communicate
+- Baseline security - standards establish a min. level of security
+- Regulatory compliance
+
+SSL and TLS (secure in HTTTPS)
+
+Client Hello ->
+ServerHello, Certificate, ServerHellDone <-
+ClientKeyExchange, ChangeCipherSpec, Finished ->
+ChangeChiperSpec, Finished <-
+
+Certificate issuer should be a trusted party, you need to trust the person who gives these out
+
+Heartbleed: OpenSSL vulnerability
+
+DNS poisoning: inserting a fake response
+
+DNSSEC does not encrypt DNS but protects integrity
+Creates a chain of trust to root server
+
+all protocols are unencrypted by default, i.e. POP, IMAP, SMTP
+PGP and S/MIME is for encrypting email itself
+
+SPF (Sender-Policy Framework)
+- allows domain owners to specify which servers are authorized to send mail using the domain (using a TXT record)
+
+DomainKeys Identified Mail (DKIM)
+- is designed to sign the email on a domain-level and distribute the key via DNS
+
+
+# Cryptography
+Cryptography ensures the _confidentiality_ and _integrity_ of the message
+
+Kerckhoff's principle
+> The security provided by an encryption system should not depend on the secrecy of the system, but only on the secrecy of the key.
+
+Cracking it should not be viable without the keys.
+
+Symmetric Encryption:
+- Encryption and decryption keys are the same
+- Decryption is the reverse of encryption
+
+Key sharing, would need quadratic number of keys for every pair, has to be unique.
+
+Alphabet Shift Cipher: Shifting, generalized caesar cipher
+
+Substitution Cipher: use a map to change letters in the original text
+- can't try all combos, but frequency analysis works
+
+## One-Time Pad
+KEy: Sequence of random bits same length as plaintext
+XOR Key and plaintext
+Decrypt is simply XOR Key and Cipher
+
+Advantages:
+- Fully secure if key only used once
+
+Disadvatange:
+- Key as large as plaintext
+- cannot be reused
+
+Patterns can be found if you reuse the key
+If the randomness is imperfect then, well shit
+
+Modern Symmetric Encryption:
+DES (Data Encryption Standard) Key: 56 bits
+
+AES (Advanced Encryption Standard)
+Key: 128, 192 or 256 bits. (Exhaustive search not yet possible)
+
+Cryptographic Hash Functions:
+- Short Output
+- One-way
+- Collision Resistance
+- Public Function (no secret key)
+- Can only be brute-forced
+
+example application: file integrity
+or password auth
+
+most practical hash functions have no mathematical proof, but they tend to perform like this by mixing bits
+
+MD5 128 bits (insecure)
+SHA-1 160 bits (deprecated)
+SHA-2 224, 256, 384, 512 bits
+SHA-3 Keccak (224, 256, 284, 512 bits)
+(not widely used)
+
+Birthday attack:
+- about 2^(b/2) tries (b = number of bits of hash function) to find a collision
+
+## Entropy
+Experiment E, some output $e_i$
+$$I(E=e_i)=log_2 \left( \frac{1}{p(e_i)}\right)$$
+Higher probability -> Less Information
+(Measured in bits)
+
+Flip a fair coin and land on heads:
+1 bit
+
+Roll a 6-sided die and land on 3:
+Log(6) = 2.58 bits
+
+Roll a 20-sided die and land on 9 or 19:
+log(20/2) = 3.32 bits
+
+Average value of information we obtain by learning the result of Experiment E with outcomes $e_0, e_1, ..., e_{n-1}$
+$$H(E)=\sum_{i=0}^{n-1} p(e_i)log_2\left(\frac{1}{p(e_i)}\right)$$
+Computer need a source of entropy to generate random numbers:
+- Computer
+ - Processor thermal noise
+ - Disk Activity
+ - Network activity
+- User
+ - Keyboard keys and timing
+ - Mouse movement and timing
+- Other
+ - Nuclear Decay
+ - Cosmic Noise
+
+
+### Block Cipher
+A symmetric encryption scheme for messages (blocks) of a given fixed length
+Length of block indepedent from key-length
+AES is block cipher that operates on 128 bit blocks
+
+ECB (Electronic Code Book) Mode:
+When plaintext is longer than block size b
+Partition plaintext P into seq of m blocks n / b < m
+
+ECB Mode
+- Assume n is a multiple of b
+- C[i] = E_k(P[i])
+(encrypt every block)
+
+can be done in parallel
+documents and images not suitable for ECB (better for random strings)
+
+Cipher Block Chaining (CBC) Mode
+Previous ciphertext block combined with current plaintext block
+$C[i]=E_k(C[i-1]\oplus P[i])$
+V is the initialisation vector for the first one
+
+works well with any input plaintext
+can't parallelize
+bad when data lost
+
+Counter Mode:
+- Counter t
+$C[i] = E_k(t+i)\oplus P[i]$
+works in parallel
+does not reveal patterns
+
+Pad is a sequence of identical bytes, each indicating the length (in bytes) of the padding
+
+Stream Cipher
+
+Onetime pad advatnage:
+- each bit of the ciphertext is random
+- fully secure if key used only once
+
+Disadvantages:
+- key as large as plaintext
+- key cannot be reused
+
+Key stream:
+- pseudorandom bit sequence generated from a key K
+- (generated on demand, one bit / block at a time)
+
+Stream Cipher
+XOR the plaintext with the key stream
+
+Advantages:
+- Fixed length secrey key
+- plaintext can have any length
+- incremental encryption and decryption
+- works for packets sent over an unreliable channel
+
+but:
+- stream cannot be reused
+
+KEy stream generations:
+- Use a block E_k with block size b
+- Secret key is a pair (k<t) where K is a key an t is a counter with b bits
+Keystream is concat of cipher texts
+
+Advantages:
+- simple, fast
+
+Disadvatnage:
+- long streams are not random
+
+Can use initialisation vector, two part key
+(U, V), v is transmitted with cipher text
+
+Repition and Replacement sattacks
+
+Public Key Crypto
+
+same public key goes to many people
+
+slower though
+
+RSA - factoring is hard
+2048 bit or longer keys
+slower than AES
+typically used to encrypt AES keys
+
+Adversary models
+- Ciphertext only:
+ - Sees all ciphertext, nothing else
+- Known plaintext:
+ - knows prt of / format of plaintext messages
+ - and ciphertext
+
+Stronger:
+Chosen plaintext:
+- Adverisary is able to encrypt plaintexts of their choosing and seeing the ciphertext
+Chosen chipertext:
+- Adversary chooses chipertexts an some info is revealed about the decryption
+
+IND-CPA:
+has access to encryption oracle, and polynomialls many pairs, can they gain info on another ciphertext that isn't in the pairs?
+
+IND-CCA:
+access to encrypt and decryption oracle (polynomially bounded), can they learn something about another message not in their pairs?
+
+Digital signature goals:
+- authenticity
+- Unforability
+- Nonrepudiation
+- Integrity
+
+can be done with public keys, e.g. "decrypting" the plaintext M, and thereby gets a signature, can then be checked with encryption
+
+Signing hashes
+either normal, or crypto hashes (crypto preferred, fixed length)
+
+Sig = D_sk(h(M))
+h(M) == E_pk(S)
+
+Security depends on collision resistance and algorithm
+
+You should always _sign_ then _encrypt_
+the public key needs to be of the correct party
+, signer should not be able to deny assosciation with the public key
+
+Digital Signatures in Practice:
+DSA( no longer used)
+RSA DSA
+ECDSA
+
+MAC (message auth codes):
+similar to digital signatures but symmetric
+- does not provide non-repudiation
+ - anyone who can verify the message can also sign it
+- provides guarantee that message comes from certain sender and has not been changed
+
+Unforgeable, integral
+
+CBC-MAC block cipher in cbc mode to encrypt and last cipher block as MAC
+to do this the Initialisation Vector is set to 0.
+preprend each message with its length
+
+HMAC:
+hash function and shared secret
+H(M||K)
+
+in practice: length extensions attacks for some hash functions
+
+Encrypt then MAC (EtM) should be used
+(E(Messsage), MAC(E(Message)))
+integrity guarantee on cipher and plaintext
+generally recommended order of operations
+
+Mac Then Encrypt (generally not secure)
+same for Mac and Encrypt
+
+Diffie Hellman key exchange:
+x = rand()
+X = f(x)
+
+y = rand()
+Y = f(y)
+
+only Y and X are sent
+
+K = g(x,Y) (for alex)
+K = g(y,X) (for harm)
+
+vulnerable to man in the middle
+
+more concrete
+x = rand()
+X = $g^x \mod p$
+
+y = rand()
+Y = $g^y \mod p$
+
+K = $Y^X\mod p$
+K = $X^Y\mod p$
+as
+K = $g^{xy}\mod p$
+
+Merkle trees:
+useful for proof of membership
+combining of hashes from bottom to top, only one path needed to verify
+
+only root has to be stored locally
+
+how to tell if corrupted?
+all valid certificates are publicly available
+Invalid certs can be detected and revoked.
+
+# lots of password storing stuff going on here, already familiar
+
+Size of password space: multiplication right
+
+short passwords are shit, but adding just a few more characters make it so much better
+
+brute force:
+try all combos
+parallelizable
+
+Dictionary Attacks:
+hash and password maps that are precomputed for fast look up
+
+intelligent guessing methods:
+try first N
+dictionaryies, words, names place, dates
+combinations of above
+replace, interspace, digits inside
+
+Secret Sharing
+a t out of n secret sharing scheme
+
+- Shares returns s_1, s_2, ... s_n
+- Recover (s_k, ... , s_k+t-1) returns s
+
+for any subset S_t of Shares of size t
+Recover (S_t) = s
+if less than t, nothing can be learnt about s
+*formula on slides*
+
+applications
+- messaging
+- secure computing on the cloud
+- private keys
+ - when not supposed to be on server
+- secret sharing
+ - help in recovery with other people
+
+crypto applications for this
+key protects assets
+
+also used in DNS
+DNSSEC usies auth to protecting against attacks, master key needs to be able to be recovered. 5 needed, 7 hold.
+
+
+Anon networks
+VPN
+Onion routing, through multiple nodes, peeling one at a time
+
+layered encryption
+header: next node
+payloaD: message for next node, encrypted for relays
+decrypt and foward to next node
+
+privacy goal: support anon communication
+recipient does not know sneder
+admin cannot link sender to recipient
+eavesdropper cannot link them
+
+censoring techniques
+DNS blacklist
+IP blacklist
+keyword blacklist in urls or stuff
+
+TOR:
+advantages:
+- tunnel allows it to work with any protocol
+- three nodes of proxy at least, make it hard to find source
+
+problems:
+- slow
+- exit node?
+- semi fixed infra
+- is suspicious
+
+blocking tor?
+- block directories
+- block all relays
+- make people unable to find it
+
+Trusted-Computing Base (TCB)
+- Kernel and Hardware
+- Must be correct and untampered
+
+threats to that: bugs / vulnerabilities
+backdoors
+rootkits
+
+OS enforcing of access control
+Login Process
+- perform id and auth
+
+reference monitors
+- checks every access to sensitive resources
+- authrorises said access
+
+auditing:
+- registers access control decisions
+
+subjects are software entities
+
+id & auth:
+- something you have (card, token)
+- you know (password, pin)
+- you are (fingerprint, voice etc.)
+- where you are (location, proximity etc.)
+
+by default everything inherits your user ID, which was assigned after login
+user id can be changed
+some exceptions to that
+
+reference monitor can cancel actions that are not allowed
+its a guard
+
+Discretionary Access Control (DAC)
+- owner of an object decides access control policy
+- based on identity, most common for files
+- cannot enforce global
+- easy to implement
+
+access control matrix (ACM)
+, often ends up being sparse af
+which subject on which object maatrix
+
+access control lists (ACLs)
+separate list of actions each subject can perform
+stored with object
+
+U/G/O thing in unix systems is an ACL
+
+capability lists
+list of permitted actions stored with subject
+give permission to perform specific (sometimes priviliged) actions
+
+Mandatory Access Control (MAC)
+- OS Sets the access control policy
+- ensures that org. security policies cannot be overridden by users
+- assign security labels to all objects and subjects (at creation time)
+
+Bell-LaPadula (confidentialty)
+- Top Secret
+- Secret
+- Confidential
+- Unclassified
+
+prevent information from leaking
+write up, read down
+
+cannot share info with less priviliged subjects
+cannot enforce integrity
+hard to handle changes in sec. level
+
+Biba model (untrusted -> high integrity)
+read up, write down
+protect system processes against malicious user processes
+
+high integrity can't get anything from low integrity
+cannot enforce confidentiality
+cannot handle changes in integrity levels
+
+reference monitors check:
+- process & thread objects
+ - creating processes, stopping them, sending signals, scheduling policies, debugging etc.
+- file / directory objects
+ - creating / deleting/ reading/ writing objects
+- IPC and device objects (sockets, pipes, message queues etc.)
+- user / group info / credentials
+
+setuid / setgid binaries => launch with uid/gid of their owners e.g. login process must be able to see user / password info
+
+servers / browsers -> interact with untrusted stuff, less priviliged
+
+superuser process, bypasses all checks
+priviliged processes are part of the trusted computing base
+
+# database security
+
+SQL injection:
+- bypass protectings by executing unauthorised queries by injecting SQL code into database
+
+blind sql injection
+- when code not available
+- may be learned through returned error messages
+- prohibit display of error messages
+ - doesn't make it disappear, but a lot harder
+
+input sanitisation
+- escaping potentially malicious characters, stuff like quotes, newlines, returns or null characters
+
+sanitising can be tricky, for example because of different text encodings
+
+second-order SQL injection
+sanitised input / unsanistised input being reused and causing issues
+
+
+prepared statements
+- SQL statements with ? placeholders
+- provide values that replace placeholders
+
+best practice for new applications, modifying existing ones
+generally safe from injections
+, separation of code and data
+values replacing placeholders always treated as data
+
+potential vulnerabilities when
+prepared statement is itself built from user input
+or calls queries from library
+
+reject inputs that yield atypical queries and toutput, determine norms
+
+## memory error
+bugs in the way we handle memory in memory unsafe languages
+memory error is when a program access memory that it should not : violating memory safety
+
+we focus on buffer under and overflows
+writing out of boundary of a buffer, spatial violation
+cause:
+insufficient input checks / wrong assumptions about input
+unchecked buffer size
+integer overflows / underflows
+
+underflows:
+other direction otherwise the same
+
+off-by-one errors also cause issues here
+
+write: corrupt memory
+read: leak memory
+
+these are vulnerabilities of input can trigger them
+
+can be used for code injection
+code injection is possible because there is a memory area that is both writable and executable
+, we can eliminate that using the MMU and paging
+and page permissions
+non excutable stack also helps - widely adopted today
+
+code re-use is still a thing
+
+this works a lot of the time because so far we assumed a fixed layout
+ASLR - adress space layout randomisation
+now they have to guess locations, making it a lot harder
+base addresses are randomly selected from within predetermined ranges, libraries are loaded in the gaps
+
+fuzzing
+find bugs in programs by feeding it large amounts of automatically generated inputs
+program is run on each input, and each run is monitored
+
+common fuzzing strats:
+- mutation based, randomy mutate test cases
+- generated based, generate based on the grmamar of the input format
+- cover-guided: measure code coverage of test cases to guide fuzzing
+
+used for security and relaibility
+
+Malware types:
+- virses
+- worms
+- rootkits
+- keyloggers
+- trojan horses
+- ransomware
+- dialers
+- droppers
+- spyware
+- adware
+- backdoors
+
+infection vector vs. payload
+
+infection vector:
+vulnerability the malware exploits to infect a host
+the method the malware uses to propagatae
+
+payload:
+the actions the malware takes after infecting
+
+infection vectors:
+- compromised legit sites
+- IOT devices
+- email, phishing and spamming
+- installed by user
+- malware anti malware
+- scareware
+- drive-by download, no interaction required
+
+virus vs worm
+virus: attaches itself to exec files and transfer from one system to other
+
+worm:
+malicious standalone program that replicates itself and can spread to different machines, usually via a network
+
+worms can use hit-list, pregenerated list of potential targets
+
+rootkits:
+modifies the OS to hide its existence
+
+ransomware:
+encrypts your data, ransom in excahnge for key
+
+backdoor:
+bypass normal security measures
+
--- /dev/null
+**Firewalls**:
+- Packet Level
+- Application Level
+- Stateful inspection
+- Circuit-level
+ - relays application layer data between user and app
+ - does not parse contents, determines which connections are allowed
+
+There are _hardware_ and _software_ firewalls
+Hardware tends to be faster, safer and more expensive
+
+**Threat Model**:
+ A strategic framework that identifier potential attacks and adversaries
+
+## Types of Threat Actors
+| Threat Actor | Motivation |
+| ---------------- | -------------------- |
+| Cybercriminal | Profit |
+| Nation State | Geopolitical |
+| Terrorist Groups | Ideological Violence |
+| Thrill-Seeker | Satisfaction |
+| Insider Threats | Discontent |
+| Hackers | Variable |
+
+**Coordinated Vulnerability Disclosure (CVD)**:
+ CVD is an ethical practice where security researchers or individuals who discover a vulnerability responsibly report it
+
+**Cyber Kill Chain**:
+ 1. Recon
+ 2. Weaponisation
+ 3. Delivery
+ 4. Exploitation
+ 5. Installation
+ 6. Command and Control (C2)
+ 7. Actions on Objectives
+
+Detecting Criminals can be based on multiple things:
+1. Hash Values
+2. IP Addresses
+3. Domain Names
+4. Network / Host Artifacts
+5. Tools
+6. Tactics, Techniques and Procedures
+
+Defense in Depth: cybersec. strategy that involves deploying multiple layers of security (layered security)
+
+Usable Security: If your security is not very usable this can pose its own security risks.
+
+CIA Triad:
+ The CIA Triad contains the three security essential goals in Cyber Security
+ 1. Confidentiality
+ 2. Integrity
+ 3. Availability
+
+Confidentiality can be achieved with:
+- Encryption
+- Access Control Systems
+- Policies an Governance
+
+Integrity with:
+- Data validation
+- Change Management and Version Control
+
+Availability:
+- Redundancy and failover
+- Load balancing
+- Monitoring and alerting
+
+# Physical Layer
+**Access Control**:
+ Only the people that should have authorised access, should be able to go there.
+
+Physical Security includes things like: wiretaps etc. but also EMI and pests.
+
+**Data Diodes**:
+ Things that allow data to only flow one way.
+
+**Guided Medium**:
+ A communication channel where the signals are guided along a physical path. e.g. calbes
+
+**Unguided Medium**:
+ Refers to a communication channels where the signals propagate freely through the air or space. E.g. Radio.
+ Controlled via direction and range
+
+**Spoofing**:
+ In the case of IP Spoofing, making a server's response to go someone else, not you.
+**Denial of Service**:
+ An Attack that floods a victim's network with traffic, making it unavailable
+- Volumetric Attack (loads of stuff)
+- Protocol Attacks (break the protocol in some way)
+- Application Layer Attacks (target specific apps)
+
+**Volumetric**:
+ Amplification Attack: Use an intermediary that returns a large response, done with DNS and UDP
+
+**Protocol**:
+ TCP SYN Flood is a common protocol attack
+ Occupy memory space by never sending the 'ACKS' to finish. Fix: Don't use memory to keep state.
+
+**Application layer attack**:
+ HTTP Flood - Cannot be spoofed. Requests a lot of large files.
+
+How to mitigate DDoS attacks:
+- Redundant network infrastructure (no single point of failure)
+- Traffic filtering
+- Content Delivery Networks (distribute and cache content)
+- Web Application Firewalls (try to identify malicious traffics)
+
+**Intrusion Detection System (IDS)**:
+- Host-Based
+- Network-Based
+
+- Heuristic
+- Signature
+- Anomaly (Determine what "normal data" is)
+ - Can be detected with statistics
+ - or knowledge
+ - or machine-learning
+
+**SPAN ports**:
+ On switch to monitor things
+
+**Goals of a honeypot**:
+- Divert attackers
+- Collect info about attackers
+- Alert administrators of strange behaviour
+
+**TLS / SSL**:
+ Client Hello ->
+ ServerHello, Certificate, ServerHellDone <-
+ ClientKeyExchange, ChangeCipherSpec, Finished ->
+ ChangeChiperSpec, Finished <-
+
+**DNS Poisoning**:
+ inserting a fake response
+
+**DNSSEC** does not encrypt DNS but protects integrity
+Creates a chain of trust to root server
+
+**SPF (Sender-Policy Framework)**:
+ Allows domain owners to specify which servers are authorized to send mail using the domain (using a TXT record)
+
+**DomainKeys Identified Mail (DKIM)**:
+ is designed to sign the email on a domain-level and distribute the key via DNS
+
+# Cryptography
+Cryptography ensures the _confidentiality_ and _integrity_ of the message
+Kerckhoff's principle
+> The security provided by an encryption system should not depend on the secrecy of the system, but only on the secrecy of the key.
+
+For Symmetric: Key sharing, would need quadratic number of keys for every pair, has to be unique.
+
+**One-Time Pad**:
+ Key: Sequence of random bits same length as plaintext
+ XOR Key and plaintext
+ Decryption is simply XOR Key and Cipher
+Advantages:
+- each bit of the ciphertext is random
+- Fully secure if key only used once
+Disadvatange:
+- Key as large as plaintext
+- Cannot be reused
+
+If the randomness is imperfect then, well shit
+
+Modern Symmetric Encryption:
+DES (Data Encryption Standard) Key: 56 bits
+
+**AES (Advanced Encryption Standard)**
+ Key: 128, 192 or 256 bits. (Exhaustive search not yet possible)
+
+Cryptographic Hash Functions:
+- Short Output
+- One-way
+- Collision Resistance
+- Public Function (no secret key)
+- Can only be brute-forced
+
+SHA-2 224, 256, 384, 512 bits
+SHA-3 Keccak (224, 256, 284, 512 bits)
+(not widely used)
+
+Birthday attack:
+- about 2^(b/2) tries (b = number of bits of hash function) to find a collision
+
+**Entropy**:
+Experiment E, some output $e_i$
+$$I(E=e_i)=log_2 \left( \frac{1}{p(e_i)}\right)$$
+Higher probability -> Less Information
+(Measured in bits)
+Roll a 20-sided die and land on 9 or 19:
+ Log(20/2) = 3.32 bits
+
+Average value of information we obtain by learning the result of Experiment E with outcomes $e_0, e_1, ..., e_{n-1}$
+$$H(E)=\sum_{i=0}^{n-1} p(e_i)log_2\left(\frac{1}{p(e_i)}\right)$$
+**Block Cipher**:
+ A symmetric encryption scheme for messages (blocks) of a given fixed length
+ Length of block indepedent from key-length
+ AES is block cipher that operates on 128 bit blocks
+
+**ECB (Electronic Code Book) Mode**:
+ When plaintext is longer than block size b
+ Partition plaintext P into seq of m blocks n / b < m
+
+ECB Mode
+- Assume n is a multiple of b
+- $C[i] = E_k(P[i])$
+(encrypt every block)
+**! WARNING !**: documents and images not suitable for ECB (better for random strings)
+
+**Cipher Block Chaining (CBC) Mode**:
+ Previous ciphertext block combined with current plaintext block
+ $C[i]=E_k(C[i-1]\oplus P[i])$
+ V is the initialisation vector for the first one
+
+Works well with any input plaintext
+Can't parallelize
+Bad when data lost
+
+**Counter Mode (CM)**:
+- Counter t
+ $C[i] = E_k(t+i)\oplus P[i]$
+ works in parallel
+ does not reveal patterns
+
+Pad is a sequence of identical bytes, each indicating the length (in bytes) of the padding
+
+**Stream Cipher**:
+Key stream:
+- Pseudorandom bit sequence generated from a key K
+- (generated on demand, one bit / block at a time)
+- XOR the plaintext with the key stream
+
+Advantages:
+- Fixed length secret key
+- Plaintext can have any length
+- Incremental encryption and decryption
+- Works for packets sent over an unreliable channel
+
+But:
+- stream cannot be reused
+
+Key stream generations:
+- Use a block $E_k$ with block size b
+- Secret key is a pair (k<t) where K is a key an t is a counter with b bits
+Keystream is concat of cipher texts
+
+Advantages:
+- simple, fast
+
+Disadvantage:
+- long streams are not random
+
+Can use initialisation vector, two part key
+(U, V), v is transmitted with cipher text
+
+Repetition and Replacement attacks
+
+**Public Key Crypto**:
+ same public key goes to many people
+ slower though
+
+**RSA**:
+ Factoring is hard principle
+ Typically used to encrypt AES keys
+
+**Adversary models**:
+- Ciphertext only:
+ - Sees all ciphertext, nothing else
+- Known plaintext:
+ - knows prt of / format of plaintext messages
+ - and ciphertext
+
+Stronger:
+Chosen plaintext:
+- Adverisary is able to encrypt plaintexts of their choosing and seeing the ciphertext
+Chosen chipertext:
+- Adversary chooses chipertexts an some info is revealed about the decryption
+
+IND-CPA:
+has access to encryption oracle, and polynomialls many pairs, can they gain info on another ciphertext that isn't in the pairs?
+
+IND-CCA:
+access to encrypt and decryption oracle (polynomially bounded), can they learn something about another message not in their pairs?
+
+Digital signature goals:
+- authenticity
+- Unforability
+- Nonrepudiation
+- Integrity
+
+can be done with public keys, e.g. "decrypting" the plaintext M, and thereby gets a signature, can then be checked with encryption
+
+Signing hashes
+either normal, or crypto hashes (crypto preferred, fixed length)
+
+Sig = D_sk(h(M))
+h(M) == E_pk(S)
+
+Security depends on collision resistance and algorithm
+
+You should always _sign_ then _encrypt_
+the public key needs to be of the correct party
+, signer should not be able to deny assosciation with the public key
+
+Digital Signatures in Practice:
+DSA( no longer used)
+RSA DSA
+ECDSA
+
+MAC (message auth codes):
+similar to digital signatures but symmetric
+- does not provide non-repudiation
+ - anyone who can verify the message can also sign it
+- provides guarantee that message comes from certain sender and has not been changed
+
+Unforgeable, integral
+
+CBC-MAC block cipher in cbc mode to encrypt and last cipher block as MAC
+to do this the Initialisation Vector is set to 0.
+preprend each message with its length
+
+HMAC:
+hash function and shared secret
+H(M||K)
+
+in practice: length extensions attacks for some hash functions
+
+Encrypt then MAC (EtM) should be used
+(E(Messsage), MAC(E(Message)))
+integrity guarantee on cipher and plaintext
+generally recommended order of operations
+
+Mac Then Encrypt (generally not secure)
+same for Mac and Encrypt
+
+Diffie Hellman key exchange:
+x = rand()
+X = f(x)
+
+y = rand()
+Y = f(y)
+
+only Y and X are sent
+
+K = g(x,Y) (for alex)
+K = g(y,X) (for harm)
+
+vulnerable to man in the middle
+
+more concrete
+x = rand()
+X = $g^x \mod p$
+
+y = rand()
+Y = $g^y \mod p$
+
+K = $Y^X\mod p$
+K = $X^Y\mod p$
+as
+K = $g^{xy}\mod p$
+
+Merkle trees:
+useful for proof of membership
+combining of hashes from bottom to top, only one path needed to verify
+
+only root has to be stored locally
+
+how to tell if corrupted?
+all valid certificates are publicly available
+Invalid certs can be detected and revoked.
+
+# lots of password storing stuff going on here, already familiar
+
+Size of password space: multiplication right
+
+short passwords are shit, but adding just a few more characters make it so much better
+
+brute force:
+try all combos
+parallelizable
+
+Dictionary Attacks:
+hash and password maps that are precomputed for fast look up
+
+intelligent guessing methods:
+try first N
+dictionaryies, words, names place, dates
+combinations of above
+replace, interspace, digits inside
+
+Secret Sharing
+a t out of n secret sharing scheme
+
+- Shares returns s_1, s_2, ... s_n
+- Recover (s_k, ... , s_k+t-1) returns s
+
+for any subset S_t of Shares of size t
+Recover (S_t) = s
+if less than t, nothing can be learnt about s
+*formula on slides*
+
+applications
+- messaging
+- secure computing on the cloud
+- private keys
+ - when not supposed to be on server
+- secret sharing
+ - help in recovery with other people
+
+crypto applications for this
+key protects assets
+
+also used in DNS
+DNSSEC usies auth to protecting against attacks, master key needs to be able to be recovered. 5 needed, 7 hold.
+
+
+Anon networks
+VPN
+Onion routing, through multiple nodes, peeling one at a time
+
+layered encryption
+header: next node
+payloaD: message for next node, encrypted for relays
+decrypt and foward to next node
+
+privacy goal: support anon communication
+recipient does not know sneder
+admin cannot link sender to recipient
+eavesdropper cannot link them
+
+censoring techniques
+DNS blacklist
+IP blacklist
+keyword blacklist in urls or stuff
+
+TOR:
+advantages:
+- tunnel allows it to work with any protocol
+- three nodes of proxy at least, make it hard to find source
+
+problems:
+- slow
+- exit node?
+- semi fixed infra
+- is suspicious
+
+blocking tor?
+- block directories
+- block all relays
+- make people unable to find it
+
+Trusted-Computing Base (TCB)
+- Kernel and Hardware
+- Must be correct and untampered
+
+threats to that: bugs / vulnerabilities
+backdoors
+rootkits
+
+OS enforcing of access control
+Login Process
+- perform id and auth
+
+reference monitors
+- checks every access to sensitive resources
+- authrorises said access
+
+auditing:
+- registers access control decisions
+
+subjects are software entities
+
+id & auth:
+- something you have (card, token)
+- you know (password, pin)
+- you are (fingerprint, voice etc.)
+- where you are (location, proximity etc.)
+
+by default everything inherits your user ID, which was assigned after login
+user id can be changed
+some exceptions to that
+
+reference monitor can cancel actions that are not allowed
+its a guard
+
+Discretionary Access Control (DAC)
+- owner of an object decides access control policy
+- based on identity, most common for files
+- cannot enforce global
+- easy to implement
+
+access control matrix (ACM)
+, often ends up being sparse af
+which subject on which object maatrix
+
+access control lists (ACLs)
+separate list of actions each subject can perform
+stored with object
+
+U/G/O thing in unix systems is an ACL
+
+capability lists
+list of permitted actions stored with subject
+give permission to perform specific (sometimes priviliged) actions
+
+Mandatory Access Control (MAC)
+- OS Sets the access control policy
+- ensures that org. security policies cannot be overridden by users
+- assign security labels to all objects and subjects (at creation time)
+
+Bell-LaPadula (confidentialty)
+- Top Secret
+- Secret
+- Confidential
+- Unclassified
+
+prevent information from leaking
+write up, read down
+
+cannot share info with less priviliged subjects
+cannot enforce integrity
+hard to handle changes in sec. level
+
+Biba model (untrusted -> high integrity)
+read up, write down
+protect system processes against malicious user processes
+
+high integrity can't get anything from low integrity
+cannot enforce confidentiality
+cannot handle changes in integrity levels
+
+reference monitors check:
+- process & thread objects
+ - creating processes, stopping them, sending signals, scheduling policies, debugging etc.
+- file / directory objects
+ - creating / deleting/ reading/ writing objects
+- IPC and device objects (sockets, pipes, message queues etc.)
+- user / group info / credentials
+
+setuid / setgid binaries => launch with uid/gid of their owners e.g. login process must be able to see user / password info
+
+servers / browsers -> interact with untrusted stuff, less priviliged
+
+superuser process, bypasses all checks
+priviliged processes are part of the trusted computing base
+
+# database security
+
+SQL injection:
+- bypass protectings by executing unauthorised queries by injecting SQL code into database
+
+blind sql injection
+- when code not available
+- may be learned through returned error messages
+- prohibit display of error messages
+ - doesn't make it disappear, but a lot harder
+
+input sanitisation
+- escaping potentially malicious characters, stuff like quotes, newlines, returns or null characters
+
+sanitising can be tricky, for example because of different text encodings
+
+second-order SQL injection
+sanitised input / unsanistised input being reused and causing issues
+
+
+prepared statements
+- SQL statements with ? placeholders
+- provide values that replace placeholders
+
+best practice for new applications, modifying existing ones
+generally safe from injections
+, separation of code and data
+values replacing placeholders always treated as data
+
+potential vulnerabilities when
+prepared statement is itself built from user input
+or calls queries from library
+
+reject inputs that yield atypical queries and toutput, determine norms
+
+## memory error
+bugs in the way we handle memory in memory unsafe languages
+memory error is when a program access memory that it should not : violating memory safety
+
+we focus on buffer under and overflows
+writing out of boundary of a buffer, spatial violation
+cause:
+insufficient input checks / wrong assumptions about input
+unchecked buffer size
+integer overflows / underflows
+
+underflows:
+other direction otherwise the same
+
+off-by-one errors also cause issues here
+
+write: corrupt memory
+read: leak memory
+
+these are vulnerabilities of input can trigger them
+
+can be used for code injection
+code injection is possible because there is a memory area that is both writable and executable
+, we can eliminate that using the MMU and paging
+and page permissions
+non excutable stack also helps - widely adopted today
+
+code re-use is still a thing
+
+this works a lot of the time because so far we assumed a fixed layout
+ASLR - adress space layout randomisation
+now they have to guess locations, making it a lot harder
+base addresses are randomly selected from within predetermined ranges, libraries are loaded in the gaps
+
+fuzzing
+find bugs in programs by feeding it large amounts of automatically generated inputs
+program is run on each input, and each run is monitored
+
+common fuzzing strats:
+- mutation based, randomy mutate test cases
+- generated based, generate based on the grmamar of the input format
+- cover-guided: measure code coverage of test cases to guide fuzzing
+
+used for security and relaibility
+
+Malware types:
+- virses
+- worms
+- rootkits
+- keyloggers
+- trojan horses
+- ransomware
+- dialers
+- droppers
+- spyware
+- adware
+- backdoors
+
+infection vector vs. payload
+
+infection vector:
+vulnerability the malware exploits to infect a host
+the method the malware uses to propagatae
+
+payload:
+the actions the malware takes after infecting
+
+infection vectors:
+- compromised legit sites
+- IOT devices
+- email, phishing and spamming
+- installed by user
+- malware anti malware
+- scareware
+- drive-by download, no interaction required
+
+virus vs worm
+virus: attaches itself to exec files and transfer from one system to other
+
+worm:
+malicious standalone program that replicates itself and can spread to different machines, usually via a network
+
+worms can use hit-list, pregenerated list of potential targets
+
+rootkits:
+modifies the OS to hide its existence
+
+ransomware:
+encrypts your data, ransom in excahnge for key
+
+backdoor:
+bypass normal security measures
projects / research-obsidian.git / commitdiff
