IsaacShoebottom/Notes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

2024-01-22 10:12:47

Browse Source
This commit is contained in:
Isaac Shoebottom
2024-01-22 10:12:48 -04:00
parent 8cf1b5ba3b
commit ecba3cbcf8
78 changed files with 82766 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
UNB/Year 4/Semester 1/CS2418/10-11-2023.md Normal file
View File

@ -0,0 +1,5 @@
Lecture Topic: Access Control
[Module Four PDF](https://lms.unb.ca/d2l/le/content/231513/viewContent/2614490/View)

30
UNB/Year 4/Semester 1/CS2418/10-13-2023.md Normal file
View File

@ -0,0 +1,30 @@
Lecture Topic: Access Control
[Module Four PDF](https://lms.unb.ca/d2l/le/content/231513/viewContent/2614490/View)
Access Control Policies:
- Discretionary access control (DAC): Controls access based on the identity of the requestor, and based on access rules. The term discretionary is used because it implies that the authorized user might be able to give access to another user (?)
- Mandatory access control (MAC): Controls access based on security labels which indicate how sensitive the data is, and use security clearances. The term mandatory is used because a user who has access to a resource may not enable another user to have access
- Role based access control (RBAC): Controls access based on roles that users have in a given system, and rules that control access to resources based on those roles
- Attribute based access control (ABAC): Controls access based on attributes a user has, the resource being requested and the current environment
Subject, Object and Access Right
- Subject: A subject is an entity capable of accessing objects. A comparison is that a subject can be equated to a process. A process is often a representation of a given user.
- Owner: The creator of the resource, full access to the resource. May belong to system administrator, or a project administrator for project resources
- Group: A group of users that may be assigned in addition to the owner. In most schemes a user can belong to multiple groups
- World: Generally the least amount of access, and applies to everyone who isn't the owner or in an allowed group
- Object: An object is the resources which access is being controlled. Usually objects store or receive information. Examples would include files, directories, blocks, pages, programs
- Access Right: The way in which a subject may access an object
- Read: The subject can view information. This also allows copying and printing
- Write: The user may add, modify or delete the object being requested. Write includes access to read
- Execute: You can execute the object if it is a program or script that contains code/machine code
- Delete: The subject can delete the object that is being accessed
- Create: The subject can create new objects
- Search: The subject can access the a of objects and search a directory
Example: UNIX file access control
All UNIX file systems are administered by the OS in terms of inodes. An inode (index node) is a control structure for a particular file. Several files may be associated with a single inode, but an active inode is associated with exactly one file, and each file is controlled by exactly one inode.
Attributes of the file as well as permissions are stored in the inode. On the disk there is an inode table or inode list, which stores all the files on the system. When a file is opened its inode is stored in a memory resident inode table.

68
UNB/Year 4/Semester 1/CS2418/10-16-2023.md Normal file
View File

@ -0,0 +1,68 @@
Lecture Topic: UNIX file access control
[Module Four PDF](https://lms.unb.ca/d2l/le/content/231513/viewContent/2614490/View)
# Unix file access control
Each Unix user is assigned a UUID, a user is also a member of a primary group, and possibly a number of other groups, each identified by a group ID
When a file is created, it is designed as owned by a particular user and marked with that users id, It also belongs to a specific group, which initially is is either its creators primary group or the group of its parents directory that has SETGID permission set
Associated with each file is a set of 12 protection bits
Table of Unix permissions goes here
## Superuser
One particular user ID is designated as "super user"
This user is exempt from the usual file access control constraints and has systemwide accesses.
Any program that is owned by, and SetUID to, the superuser potentially grants unrestricted access to the system. Great care must be taken when running or making programs which run as the superuser
## Access Control Lists in Unix
Many modern unix and unix based OS, support access control lists, including FreeBSD, OpenBSD and Solaris, often called the "extended access control list" while the traditional Unix system is called the "minimal access control list"
## Mandatory access control
In this nondiscretionary model, people are granted access based on information clearance.
A central authority regulates access rights based on different security levels
Policies are set by the administrator, the users cannot able to interact with permissions.
This model is common in military or government.
MAC puts strict controls on users and information being accessed
## Role-based access control
In RBAC, permissions are based on roles that users assume, rather than identity.
This is typically a job function within an organization.
Users are often given roles either statically or dynamically according to their responsibilities.
The relationship of users to roles is many to many, as is the relationship to roles to resources or system objects
The set of users changes, and the assignment of roles can often be dynamic
The set of roles is often static, usually only adding or deleting occasionally
Each role will often have access rights to one or more given resources. The set of resources that a role can access often does not change frequently as well.
Insert RBAC table example here
RBAC reference models
- RBAC0: This is the minimum for a RBAC system
- RBAC1: This is RBAC0 with the addition of role hierarchies, which enables role inheritance
- RBAC2: This is RBAC0 which adds constraints, which restrict the way in which componants of an RBAC system can be configured (ex, only x times a day)
- RBAC3: Is RBAC0, RBAC1 and RBAC2
## Attribute based access control
ABAC is a dynamic, context based policy that defines access based on policies granted by users. The system is used in identity and access management frameworks.
An ABAC model can define authorizations that express conditions on properties of both the resources and the subject
Long ass list in the slides

5
UNB/Year 4/Semester 1/CS2418/10-18-2023.md Normal file
View File

@ -0,0 +1,5 @@
Lecture Topic: Database Security
[Module Five](https://lms.unb.ca/d2l/le/content/231513/viewContent/2617915/View)
I'm tired as shit might not type anything

7
UNB/Year 4/Semester 1/CS2418/10-20-2023.md Normal file
View File

@ -0,0 +1,7 @@
Lecture Topic: Databases
A view is a virtual table
A view is the result of a query, that returns selected rows and columns from one or more tables
SQL injection is the one of the most common forms of database attacks

23
UNB/Year 4/Semester 1/CS2418/10-23-2023.md Normal file
View File

@ -0,0 +1,23 @@
Lecture Topic: SQL attacks
[Slides](https://lms.unb.ca/d2l/le/content/231513/viewContent/2617915/View)
## Inferential attack:
An inferential attack, there is no transfer of data, but the attacker is able to reconstruct information by sending particular requests, and observing the behavior of the website or database
Examples include
- Illegal/logically incorrect queries: This lets the attacker gain information by observing the behavior of the backend system. Even error codes can often give the attacker information about vulnerable/injectable
- Blind SQL injection: This attacks allow the attacker to infer data present on the server, by noticing the differences in of the result of the injection. An example would be the difference between a request with injection being true or false, it could be a result code, an empty response, result strings.
## Out of band attack:
This is a type of attack where the attacker receives information through another method, like an email containing data. This can happen when the outbound connectivity of a system is lax.
# SQL injection countermeasures
There are three types of countermeasures, generally
## Defensive Coding
Here are a few defensive coding techniques:
- Manual defensive coding practices like type checking (only allow alphanumeric characters in username)
- Parameterized query inspection, by specifying the structure of a query, we can inspect the contents of input and not allow the parameters to affect the structure of the query itself
- SQL DOM is a way to do automatic data validation and escaping by providing a standard structure to database queries.
## Detection

5
UNB/Year 4/Semester 1/CS2418/10-25-2023.md Normal file
View File

@ -0,0 +1,5 @@
Lecture Topic: Database Encryption
[Slides](https://lms.unb.ca/d2l/le/content/231513/viewContent/2617915/View)
database encryption and problems with database encryption and database encryption schemes

3
UNB/Year 4/Semester 1/CS2418/10-27-2023.md Normal file
View File

@ -0,0 +1,3 @@
Lecture Topic: Malicious Software
Look in slides on it, not that hard

30
UNB/Year 4/Semester 1/CS2418/10-4-2023.md Normal file
View File

@ -0,0 +1,30 @@
Lecture Topic: User authentication
Exploiting User Mistakes:
If the system assigns password the user is more likely to write it down because of difficulty in remembering it.
A user might share a password between colleagues to make it easier to share files
Social engineering may be used to trick users into sharing passwords
Many systems have administration accounts with preconfigured passwords
Exploiting Multiple Password Use:
Attacks can be much more effective if users share the same password between services
Electronic Monitoring:
If a password is communicated across a network to log on to a remote system, it is vulnerable to eavesdropping. Encryption will not fix this, because the attacker can simply replay the encrypted password to the endpoint.
Why is password based authentication still popular?
Physical tokens can be expensive and inconvenient, and biometrics require hardware that authenticates said biometrics that can be potentially exploited
The use of hashed passwords:
You can hash a password to not store plaintext passwords on a server or service. This hash is designed to be slow to execute as to slow down attackers who are trying to brute force the passwords.
Salting is when you add a random salt value to a password to avoid duplicates in a password database, as hashes of common passwords can be analyzed to deduce the plaintext password. It makes it way harder to perform dictionary attacks on the database as the hash function would not give the same hash as the hash + salt
This scheme comes from UNIX, and a password file. It stores the user ID, salt, and the hash code, and the slow hash function uses the salt + plaintext password and compares this result to the hash code for authentication.
The salt is okay to store because the salt is truly random data and knowing the salt does not make it easier to reverse the plaintext based on the hash code.
Password Cracking of User-Chosen passwords:
A traditional approach is to use a large dictionary and trying each entry against the password file.
Another approach is to use precomputed hashes, and compare this against the password file directly. This approach can be countered by using a large salt value and a large hash length

66
UNB/Year 4/Semester 1/CS2418/10-6-2023.md Normal file
View File

@ -0,0 +1,66 @@
Lecture Topic: Passwords
Password File Access Control:
One way to thwart a password attack is to deny the attacker access to the password file
Shadow password?
There are four techniques to attempt make users select a secure password:
- User Education (Can be ignored)
- Computer Generated Passwords (Users are unable to remember)
- Reactive password checking (Resource intensity issues)
- The system runs its own password cracker in the background and finds guessable passwords
- Any vulnerable passwords remain vulnerable until the checker checks it
- Complex Password Policy (Proactive password checker - Promising approach)
- Password must be at least 16 characters (basic16)
- Must have 8 characters including an uppercase and lowercase, a digit and may not contain a dictionary word (comprehensive8)
Another possible procedure is to simply compile a large dictionary of bad passwords, and when the user selects a password, it makes sure it's not in the list
But there are problems with this approach
- Space: The dictionary must be very large to be effective
- Time: The time required to search a large dictionary may itself be large. If the checker also checks permutations the time cost increases exponentially
Bloom filter
A technique for developing an effective and proactive password checker
- It is based on rejecting words on a list that has been implemented on a number of systems
Token based Authentication
Objects that a user posses for the purpose of user authentication are called tokens
- Memory Cards can store but not process data
- For authentication a user provides both the memory card and some form of password or PIN
- A typical example is an ATM, which uses a card in addition for a PIN for access to your money
Potential Drawbacks
- Requires reader
- Token loss
- User dissatisfaction
Smart Cards
Physical Characteristics:
- Has an embedded micro pressor. A smart token that looks like a card is called a smart card
User Interface:
- Manual interface includes a keypad and display for human/token interaction
Electronic Interface:
- Contact
- A smart card that needs to be inserted, and data transfer is done over physical contact points
- Contactless
- A contactless card only requires a close proximity to a reader. Both the reader and the card have an antenna and the two communicate using radio frequencies.
- Most contactless cards also derive power from these signals
- NFC is a common example
Authentication protocol
The purpose of a smart token is to provide authentication
Static:
With a static protocol, the user authenticates himself with the token and then the token authenticates with the computer. The second part is similar to the operation of a memory token
Dynamic password generator:
In this case the token generates a password periodically. The password is entered into the computer either manually or automatically. The computer needs to synchronized with the token for this method to work, as the computer needs to know the correct password for the given time
Challenge-response:
In this case the computer system generates a challenge …
Electronic Identity Cards - Digital applications of identity cards
Biometric Authentication: Covered next class

48
UNB/Year 4/Semester 1/CS2418/9-15-2023.md Normal file
View File

@ -0,0 +1,48 @@
Lecture Topic:
Security & Cryptographic Tools
# Security
Prevention: Ideally, no attack can be performed. The use of encryption, prevent unauthorized access, to prevent the loss of confidentiality of the system
Detection: If we cannot prevent, we should at least detect them. The use of intrusion detection systems, like firewalls, to log unauthorized access to system is important. An example of this would be denial of service detection so we can fall to a more available system
Something 1
Something 2
Assurance and Evaluation
Assurance is the degree of confidence that a system meets the needs of the system being protected, like if the design meets the requirements and the implementation meets the specifications of the design.
Evaluation is the examination of the security system, either through testing (pen testing) by internal teams or external teams, or analysis through of use of mathematical methods. A pillar of this area of work is the use of standard evaluation criteria that can be applied to any security system
# Cryptographic Tools
Recap: Information is the most valuable business resource. If this data is private or confidential, we must protect it. It needs to be protected while in motion and at rest
## Symmetric Encryption
Conventional single key encryption example:
Plaintext input is fed into an algorithm (for example DES) and encrypted with a single key. The output is then transferred. On the other side the same key is used to decrypt the data back to the same input text.
The five ingredients of symmetric encryption:
- Plaintext: The input
- Encryption algorithm: It performs substitutions and transformations to the plaintext
- Secret key: It determines what the encryption algorithm does to the plaintext
- Cipher text: This is the scrambled (meaningless) message that the algorithm outputs based on the secret key
- Decryption algorithm: This is the encryption algorithm run in reverse. It requires the secret key as an input, as well as the plaintext. It extracts the original plaintext from the cipher text
Strong Symmetric Encryption:
- Assume the opponent knows the encryption algorithm, without knowing the key
- The target should not be able toe get the plaintext or the secret key, even if a number of cipher texts are known by the opponent
Approaches to attacking symmetric encryption
- Cryptanalysis: Tries to analyze the algorithm, with maybe some guesses about what the plaintext contains, and maybe some sample pairs of plaintext-ciphertext pairs. The attacker tried to deduce the original plaintext or secret key used.
- Brute force: Try every possible key until something that makes sense is obtained. On average, half the number of total keys need to be tried in order to achieve success.
## Cryptographic Systems Classification:
The types of operations used by algorithms:
- Substitution
- Transposition
An simple an unsecure example would be a Caesar cipher, which uses solely transposition and has basically no key. An example of the key for a Caesar cipher would be 13, for ROT13, an application of the Caesar cipher
The number of keys used to encryption
- Symmetric, single-key, secret-key, conventional encryption
- Asymmetric, two-key, public-key encryption

59
UNB/Year 4/Semester 1/CS2418/9-18-2023.md Normal file
View File

@ -0,0 +1,59 @@
Lecture Topic:
Symmetric Block Encryption Algorithms:
A block cipher processes the plaintext into in fixed sized blocks and produces a ciphertext of equal size for each plaintext block, the algorithm process longer plaintexts amounts as a series of fixed sized blocks
- DES
- AES
- Triple DES
Comparison of three popular symmetric encryption algorithms
| Size in Bits | DES | Triple DES | AES |
| --------------------- | --- | ---------- | ------------- |
| Plaintext Block Size | 64 | 64 | 128 |
| Ciphertext Block Size | 64 | 54 | 128 |
| Key size | 56 | 112 or 168 | 128, 192, 256 |
Average Time for Exhaustive Key Search
| Key Size (bits) | Cipher | Number of Alternative Keys | Time Required at 10^9 decryptions/us | Time Required at 10^13 decyption/us |
| --------------- | ---------- | -------------------------- | ------------------------------------ | ----------------------------------- |
| 56 | DES | 2^56 | 2^55us = 1.125 years | 1 hour |
| 128 | AES | 2^128 | 2^127us = 5.3x10^21 years | 5.3^10^17 years |
| 168 | Triple DES | 2^168 | 2^127us | 5.3x10^17 years |
| 192 | AES | | | |
| 256 | AES | | | |
Practical Security issues
How do you encrypt a unit of data larger than a single 64 bit or 128 bit block?
Larger data must be broken down into a series of fixed length blocks
Problem: You use the same key for every single block
Stream Cipher:
A stream cipher processes the input elements continuously, producing output one element at a time, as it goes along. It goes by bit, or by byte, not by block
A pseudorandom stream is one that is unpredictable without knowledge of the input key. The output of the generator called a keystream, is combined one byte at a time with the plaintext stream using the bitwise exclusive or operator (XOR)
What is Message (Data) Authentication?
Encryption protects against passive attacks (eavesdropping)
A different requirement is to protect against active attack (falsification of data or transactions). Protection against this is Message or Data Authentication
A message, file, document or other data is said to be authentic, when it is genuine and came from its alleged source. We may also with to verify a message's timeliness (if it has not been delayed or replayed) and sequence relative to other message flowing between the two parties
Authentication using symmetric encryption?
Perform authentication by using symmetric encryption. If we assume only the sender and receiver share a key, then only the genuine sender would be able to encrypt a message successfully or the other participant, provided the receiver can recognize a valid message
If the message includes an error detection code and a sequence number the receiver is assured that no alterations have been made and the sequence is proper. If the message includes a timestamp, the receiver is assured that the message has not been delayed beyond that normally expected for network transit
But note! Symmetric encryption alone cannot guarantee that data is authenticated
Message Authentication without message encryption:
An exchange in which one side has a heavy load and can't afford to decrypt all incoming messages, authentication is carried out on a selective basis, with messages being chosen at random for checking.
Message Authentication Code:
The use of a secret key to generate a small block of data, known as a message authentication code (MAC) that is appended to the message. This verifies that the message has not been modified if the MAC value can be verified.
The MAC is generated by using a secret key in combination with the rest of the message. This verifies that the message is authentic, even if it is not encrypted, as only the sender and receiver could generate a valid MAC.
The code can also be called a message integrity code instead of a MAC

41
UNB/Year 4/Semester 1/CS2418/9-22-2023.md Normal file
View File

@ -0,0 +1,41 @@
Lecture Topic:
## One way hash function:
An alternative to the message authentication is the one way hash function.
As with MAC, a hash function accepts a variable size message as input and produces a fixed size message digest as output (eg 1024 bits). Unlike a MAC ta hash function does not take a secret key as input. The message is padded out toe and integer multiple of some fixed length. The padding includes the value of the length of the original message in bits
Common one way hash functions:
- MD5
- SHA
Secure Hash Functions:
Important to note in addition to message authentication, but also digital signatures produce a fingerprint
Requirements:
1. H can be applied to a block of data of any size
2. H produces a fixed length output
3. H(x) is relatively easy to compute for any given x
4. For any given code h, it is computationally infeasible to find x such that H(x) = h
(Property: one way, or primage resistant)
5. For any given block x, it is computationally infeasible to find y = x with H(y) = H(x)
(Property: second preimage resistant)
6. It is computationally infeasible to find any pair (x, y) such that H(x) = H(y)
(Property: collision resistance)
## Security of Hash functions
Approaches to attacking a secure hash function
- cryptanalysis: exploiting logical weaknesses in the algorithm
- brute-force attacks:
- the strength of a hash function attacks depends solely on the length of the hash code produces by the algorithm
- preimage resistant: $2^n$ (level of effort)
- collision resistance: $2^{n/2}$ due to birthday problem
Secure hash function algorithms:
The most widely used hash function has been the Secure Hash Function (SHA)
Passwords:
- a hash of a password is stored in the OS rather than the password itself
- this ensures that the password is not retrievable by a hacker who gains access to the password file
- when a user logs in the password value is hashed and compared to the hash value stored in the system
Intrusion Detection
- store the hash value for a file h(f)

16
UNB/Year 4/Semester 1/CS2418/9-25-2023.md Normal file
View File

@ -0,0 +1,16 @@
Lecture Topic: Public Key Encryption
Public Key Encryption, first proposed by Diffie and Hellman in 1976.
Asymmetric Encryption is when we use different keys for encrypting and decrypting text. It is slow and is used for encrypting keys, so you have to remember
One key: fast, large data
Pair of keys: slow, small data
Requirements for public key cryptography
It is computationally easy for party B to generate a pair
It is computationally easy for a sender A knowing the public key and the message to be encrypted M to generate the corresponding cipher text:
-
-
-

21
UNB/Year 4/Semester 1/CS2418/9-27-2023.md Normal file
View File

@ -0,0 +1,21 @@
Lecture Topic: Public Key Infrastructure
PKI protects information assets in several ways
- Authentication (using digital certificates)
- Integrity (content not changed)
- Privacy (secure information)
- Authorization (access control)
- Nonrepudiation (can validate action)
The Diffie Hellman key exchange provides no authentication of the two communicating partners, so it is vulnerable to man in the middle attacks
Digital envelopes are an application of public key encryption which can be used to protect a symmetric key, which can be used to protect a message without needing to first arrange for sender and receiver to have the same secret key
Randomness
Two criteria are used to valid a sequence of random numbers:
- Uniform Distribution: The distribution of the numbers should be uniform, that is the frequency of occurrence of each of the number should be approximately the same
- Independence: No one value in the sequence can be inferred from the others
Random vs Pseudorandom