🔤 Terminology

Types of Attacks

• Eavesdropping = attacker taps a network
• Masquerading = attacker pretends to be someone else
• Message tempering = attacker modifies the message
• Replay attack = attacker can replay prev. messages
• Denial of Service (DOS) = attacker bombards a port

Attacker Model describes the capacities of a potential attacker, don’t build systems that are overly secure for the types of attacks they typically get.

Principals are the processes that carry out actions in a security example (Alice, Bob)

Policies vs. Mechanisms

• Policy = what a secure system accomplishes (ex: enforce authorized access)
• Mechanism = how these goals are accomplished (ex: do this through 2FA)
  • Authentication → is the user who they claim they are
  • Authorization → does the user have access to perform requested operation
  • Auditing → need to log information for future assessments of how someone launched an attack
• There needs to be a clear separation between them

🔺CIA Triad

These qualities need to be accomplished by a secure system

Confidentiality

• Protects against unauthorized access
• Protection against leakage (authorized access)

Integrity

• Want to be sure that data is protected against unauthorized modifications
• Protection against tampering (unauthorized modification)

Availability

• Service or data is always accessible, readable, and writable
• Protection against vandalism (interference with normal service, ex: DDOS, i.e. bombarding a port)

🔏 Encryption & Decryption

gives you an encoded message or cipher text

• Encryption:encoded msg = original_msg(sequence of bytes) + key
• Decryption: original msg = encoded_msg(bytes) + key

Types of Keys

Key = sequence of bytes assigned to a user, can be used to lock or unlock

👯 Symmetric Key

• The same key can be used for encryption and decryption
• Ka = Alice’s Key, Kb = Bob’s Key, Kab = shared key between Alice and Bob

Since public-private key is expensive, systems typically use it only to start session + generate a shared key → then the shared key is used for following message exchanges

🔑 Public-Private Key

• Ka_priv = Alice’s private key known only to her
• Ka_pub = Alice’s public key that everyone knows
• Anything encrypted with Ka_pub can only be decrypted by Ka_priv → Encoded messages meant for Alice are only decodable by Alice
• Anything encrypted with Ka_priv can only be decrypted byKa_pub → Alice’s messages are only decodable by others with public key
• RSA and PGP follow this schema

👤 Authentication

Direct Authentication → only involves two parties

How can Alice prove to Bob that she is Alice without giving away Kab (because people can eavesdrop and steal Kab) ?

1. Alice tells Bob she’s Alice
2. Bob sends Alice nonce_b
3. Alice sends back an encrypted nonce Kab(nonce_b) and Bob can compare and confirm since they both share Kab
4. Alice now sends her own nonce nonce_a
5. This time, Bob confirms by sending Kab(nonce_a)

OPTIMIZATION 🔥

• Highlighted messages are piggybacked off messages as optimization
• ‼️ PROBLEM: this is prone to replay attack because Eve can fake verify Kab(nonce_a) AND send back the nonce nonce_b (from Bob) through another session and use the response of that Kab(nonce_b to fool Bob that she is in fact Alice