쥐스킨트의 작은 서재

Pre-shared Key

In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used.

To build a key from shared secret, the key derivation function is typically used. Such systems almost always use symmetric key cryptographic algorithms. The term PSK is used in Wi-Fi encryption such as Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), where the method is called WPA-PSK or WPA2-PSK, and also in the Extensible Authentication Protocol (EAP), where it is known as EAP-PSK. In all these cases, both the wireless access point (AP) and all clients share the same key.

The characteristics of this secret or keyare determined by the system which uses it; some system designs require that such keys be in a particular format. It can be a password, a pass phrase, or a hexadecimal string. The secret is used by all systems involved in the cryptographic processes used to secure the traffic between the systems.

Crypto systems rely on one or more keys for confidentiality. One particular attack is always against keys, the brute force key search attack. A sufficiently long, randomly chosen, key can resist any practical brute force attack, though not in principle if an attacker hassufficient computational power. Unavoidably, however, pre-shared keys are heldby both parties to the communication, and so can be compromised at one end, without the knowledge of anyone at the other. There are several tools available to help one chose strong passwords, though doing so over any network connection is inherently unsafe as one cannot in general know who, if anyone, may be eavesdropping on the interaction. Choosing keys used by cryptographic algorithms is somewhat different in that any pattern whatsoever should be avoided, as any such pattern may provide an attacker with a lower effort attack than brute force search. This implies random key choice to force attackers to spend as much effort as possible; this is very difficult in principle and in practice as well. As a general rule, any software except a cryptographically secure pseudorandom number generator should be avoided.

From: https://en.wikipedia.org/wiki/Pre-shared_key

Handshaking

In information technology, telecommunications, and related fields, handshaking is an automated process of negotiation that dynamically sets parameters of a communications channel established between two entities before normal communication over the channel begins. If follows the physical establishment of the channel and precedes normal information transfer.

The handshaking process usually takes place in order to establish rules for communication when a computer sets about communicating with a foreign device. When a computer communicates with another device like a modem, printer, or network server, it needs to handshake with it to establish a connection.

Handshaking can negotiate parameters that are acceptable to equipment and systems at both ends of the communication channel, including information transfer rate, coding alphabet, parity, interrupt procedure, and other protocol or hardware features. Handshaking is a technique of communication between two entities. However, within TCP/IP RFCs, the term “handshake” is most commonly used to reference the TCP three-way handshake. For example, the term “handshake” is not present in RFCs covering FTP or SMTP. One exception is Transport Layer Security, TLS, setup, FTP RFC 4217. In place of the term “handshake”, FTP RFC 3659 substitutes the term “conversation” for the passing of commands.

A simple handshaking protocol might only involve the receiver sending a message meaning “I received your last message and I am ready for you to send me another one.” A more complex handshaking protocol might allow the sender to ask the receiver if it is ready to receiveor for the receiver to reply with a negative acknowledgement meaning “I did not receive your last message correctly, please resend it”.

Handshaking facilitates connecting relatively heterogeneous systems or equipment over a communication channel without need for human intervention to set parameter.

-      TCP three-way handshake: Establishing a normal TCP connection requires three separate steps:
1. The first host (Alice) sends the second host (Bob) a “synchronize” (SYZ) message with its own sequence number x, which Bob receives.
2. Bob replies with a synchronize-acknowledgement (SYZ+ACK) message with its own sequence number Y and acknowledgement numberx+1, which Alice receives.
3. Alice replies with an acknowledgment message with acknowledgement number y+1, which Bob receives and to which he doesn’t need to reply.
In this setup, the synchronize messages act as service requests from one server to the other, while the acknowledgement messages return to the requesting server to let it know the message was received.
One of the most important factors of three-way handshake is that, in order to exchange the starting sequence number the two sides plan to use, the client first sends a segment with its own initial sequence number x, then the server responds by sending a segment with its own sequence number y and the acknowledgement number x+1, and finally the client responds by sending a segment with acknowledgement number y+1.
The reason for the client and server not using the default sequence number such as 0 for establishing connection is to protect against two incarnations of the same connection reusing the same sequence number too soon, which means a segment from an earlier incarnation of a connection might interfere with a later incarnation of the connection.

-      SMTP: The Simple Mail Transfer Protocol (SMTP) is the key Internet standard for email transmission. It includes handshaking to negotiate authentication, encryption and maximum message size.

-      TLS handshake: When a Transport Layer Security (SSL or TLS) connection starts, the record encapsulates a “control” protocol – the handshake messaging protocol (content type 22). This protocol isused to exchange all the information required by both sides for the exchange ofthe actual application data by TLS. It defines the messages formatting or containing this information and the order of their exchange. These may vary according to the demands of the client and server – i.e., there are several possible procedures to set ip the connection. This initial exchange results in a successful TLS connection (both parties ready to transfer application datawith TLS) or an alert message (as specified below).
The protocol is used to negotiate the secure attributes of a session.

Handshaking

In telephone communication, handshaking is the exchange of information between two modems and the resulting agreement about which protocol to use that precedes each telephone connection. You can hear the handshaking in those crunching and other sounds when you make a dial-out call from your computer.

From: https://en.wikipedia.org/wiki/Handshaking

From: http://searchnetworking.techtarget.com/definition/ handshaking

Programmable logic controller

A programmable logic controller, PLC, or programmable controller is a digital computer used for automation of typically industrial electromechanical processes, such as control of machinery on factory assembly lines, amusement rides, or light fixtures. PLCs are used in many machines, in many industries. PLCs are designed for multiple arrangements of digital and analog inputs and outputs, extended temperature ranges, immunity to electrical noise, and resistance to vibration and impact. Programs to control machine operation are typically stored in battery-backed-up or non-volatile memory. A PLC is an example of a “hard” real-time system since output results must be produced in response to input conditions within a limited time, otherwise unintended operation will result.

Before the PLC, control, sequencing, and safety interlock logic for manufacturing automobiles was mainly composed of relays, cam timers, drum sequencers, and dedicated closed-loop controllers. Since these could number in the hundreds or even thousands, the process for updating such facilities for the yearly model change-over was very time consuming and expensive, as electricians needed to individually rewire the relays to change their operational characteristics.

From: https://en.wikipedia.org/wiki/Programmable_logic_controller

IEEE 802.1AE

802.AE is the IEEE MAC Security standard (also known as MACsec) which defines connectionless data confidentiality and integrity for media access independent protocols. It is standardized by the IEEE 802.1 working group.

Understanding Media Access Control Security (MACsec)

Media Access Control Security (MACsec) is an industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats, including denial of service, intrusion, man-in-the-middle, masquerading, passive wire tapping, and playback attacks.

MACsec allows you to secure an Ethernet link for almost all traffic, including frames from the Link Layer Discovery Protocol (LLDP), Link Aggregation Control Protocol (LACP), Dynamic Host Configuration Protocol (DHCP), Address Resolution Protocol (ARP), and other protocols that are not typically secured on an Ethernet link because of limitations with other security such as IP Security (IPsec) and Secure Sockets Layer (SSL) to provide end-to-end network security.

From: https://en.wikipedia.org/wiki/IEEE_802.1AE

From: http://www.juniper.net/documentation/en_US/junos15.1/topics/concept/macsec.html

IEEE 802.11i-2004

IEEE 802.11i-2004, or 802.11i for short, is an amendment to the original IEEE 802.11, implemented as Wi-Fi Protected Access 2 (WPA2). The draft standard was ratified on 24 June 2004. This standard specifies security mechanisms for wireless networks, replacing the short Authentication and privacy clause of the original standard with a detailed Security clause. In the process, the amendment deprecated broken Wired Equivalent Privacy (WEP), while it was later incorporated into the published IEEE 802.11-2007 standard.

Replacement of WEP

802.11i supersedes the precious security specification, Wired Equivalent Privacy (WEP), which was shown to have security vulnerabilities. Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities. WPA implemented a subset of a draft of 802.11i. The Wi-Fi Alliance as an intermediate solution to WEP insecurities. WPA implementation of the full 802.11i as WPA2, also called RSN (Robust Security Network). 802.11i makes use of the Advanced Encryption Standard (AES) block cipher, whereas WEP and WPA use the RC4 stream cipher.

Protocol operation

IEEE 802.11i enhances IEEE 802.11-1999 by providing a Robust Security Network (RSN) with two new protocols, the 4-Way Handshake and the Group Key Handshake. These utilize the authentication services and port access control described in IEEE 802.1X to establish and change the appropriate cryptographic keys. The RSN is a security network that only allows the creation of robust security network associations (RSNAs), which are a type of association used by a pair of stations (STAs) if the procedure to establish authentication or association between them includes the 4-Way Handshake.

The standard also provides two RSNA data confidentiality and integrity protocols, TKIP and CCMP, with implementation of CCMP being mandatory.

The initial authentication process is carried out either using a pre-sharedkey (PSK), or following an EAP exchange through 802.1X (known as EAPOL, which requires the presence of an authentication server). This process ensures that the client station (STA) is authenticated with accesspoint (AP). After the PSK or 802.1X authentication, a shared secret key is generated, called the Pairwise MasterKey (PMK). The PSK is derived from a password that is put through PBKDF2-SHA1 as the cryptographic hash function. In a pre-shared-key network, the PSK is actually the PMK. If an 802.1X EAP exchange was carried out, the PMK is derived from the EAP parameters provided by the authentication server.

802.11i

802.11i is a standard for wireless local area networks (WLANs) that provides improved encryption for networks that use the popular 802.11a, 802.11b (which includes Wi-Fi) and 802.11g standards. The 802.11i standard requires new encryption key protocols, known as Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES). The 802.11i standard was officially ratified by the IEEE in June of 2004, and thereby became part of the 802.11 family of wireless network specifications.

The 802.11i specification offers a level of security sufficient to satisfy most government agencies. However, AES requiresa dedicated chip, and this may mean hardware upgrades for most existing Wi-Fi networks. Other features of 802.11i are key caching, which facilitates fast reconnection to the server for users who have temporarily gone offline, and pre-authentication, which allows fast roaming and is ideal for use with advanced applications such as Voice over Internet Protocol (VoIP)

From: https://en.wikipedia.org/wiki/IEEE_802.11i-2004

From: http://searchmobilecomputing.techtarget.com/definition/80211i

NTFS

NTFS (New Technology File System) is aproprietary file system developed by Microsoft. Starting with Windows NT 3.1, it is the default file system of Windows NT family.

NTFS has several technical improvements over FAT and HPFS (High Performance File System), the file systems that it superseded, such as improved support for metadata, and the use of advanced data structures to improve performance, reliability, and disk space utilization, plus additional extensions, such as security access control lists (ACL) and file system journaling.

Mac OS X kernels also have a limited ability to read NTFS; Linux and BSD kernels have a free and open-source driverfor the NTFS file system with both read and write functionality.

From: https://en.wikipedia.org/wiki/NTFS

Encrypting File System

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

EFS is available in all versions of Windows developed for business environments from Windows 2000 onwards. By default, no files are encrypted, but encryption can be enabled by users on a per-file, per-directory, or per-drive basis. Some EFS settings can also be mandated via Group Policy in Windows domain environment.

Cryptographic file system implementations for other operating systems are available, but the Microsoft EFS is not compatible with any of them.

Basic ideas

As long as the operating system is runningon a system without file encryption, access to the files will have to go through OS-controlled user authentication and access control lists. If an attacker gains physical access to the computer, however, this barrier can be easily circumvented. One way would be to remove the disk and put it in another computer with an OS installed that can read the filesystem, or simply reboot the computer from a boot CD containing an OS that is suitable to access the local filesystem.

The most widely accepted solution is to store the files encrypted on the physical media (disks, USB pen drives, taps, CDs and so on).

In the Microsoft Windows family of operation systems EFS enables this measure, although on NTFS drives only, and does so using a combination of physical media encryption and symmetric key cryptography to make decrypting the files extremely difficult without the correct key.

However, the cryptography keys for EFS are in practice protected by the user account password, and therefore susceptible to most password attacks. In other words, the encryption of a file is only as strong as the password to unlock the decryption key.

Security

-      Decrypting files using the local Administrator account: In Windows 2000, the local administrator is the default Data Recovery Agent, capable of decrypting all files encrypted with EFS by any local user. EFS in Windows 2000 cannot function without a recovery agent, so there is always someone who can decrypt encrypted files of the users. Anynon-domain-joined Windows 2000 computer will be susceptible to unauthorized EFS decryption by anyone who can take over the local Administrator account, which is trivial given many tools available freely on the Internet.
In Windows XP and later, there is no default local Data Recovery Agent and no requirement to have one. Setting SYSKEY to mode2 or 3 (syskey typed in during bootup or stored on a floppy disk) will mitigate the risk of unauthorized decryption through the local Administrator account. This is because the local user’s password hashes, stored in the SAM file, are encrypted with the Syskey, and the Syskey value is not available to an offline attacker who does not possess the Syskey pass phrase/floppy.

-      Accessing private key via password reset: In Windows 2000, the user’s RSA private key is not only stored in a truly encrypted form, but there is also a backup of the user’s RSA private key that is more weakly protected. If an attacker gains physical access to the Windows 2000 computer and resets a local user account’s password, the attacker can logis as that user (or recovery agent) and gain access to the RSA private key which can decrypt all files. This is because the backup of the user’s RSA private key is encrypted with an LSA secret, which is accessible to any attacker who can elevate their login to Local System.
In Windows XP and beyond, the user’s RSA private key is backed up using an offline public key whose matching private key is stored in one of two places: the password reset disk (if Windows XP is not a member of a domain) or in the Active Directory (if Windows XP is a member of a domain). This means that an attacker who can authenticate to Windows XP as Local System still does not have access to a decryption key stored on the PC’s hard drive.
In Windows 2000, XP or later, the user’s RSA private key is encrypted using a hash of the user’s NTLM password hash plus the user name – use of a salted hash masks it extremely difficult to reverse the process and recover the privative key without knowing the user’s passphrase. Also, again, setting Syskey to mode 2 or 3 will mitigate this attack, since the local user’s password hash will be stored encrypted in the SAM file.

From: https://en.wikipedia.org/wiki/Encrypting_File_System

Malware

Malware, short for malicious software, is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising. Malicious software was called computer virus before the term malware was coinedin 1990 by Yisrael Radai. The first category of malware propagation concerns parasitic software fragments that attach themselves to some existing executable content. The fragment may be machine code that infects some existing application, utility, or system program, or even the code used to boot a computer system. Malware is defined by its malicious intent, acting against the requirements ofthe computer user, and does not include software that causes unintentional harm due to some deficiency.

Malware may be stealthy, intended to steal information or spy on computer users for an extended period without their knowledge, as for example Regin, or it may be designed to cause harm, often as sabotage, or to extort payment (CyptoLocker). ‘Malware’ is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is often disguised as, or embedded in, non-malicious files. As if 2011 the majority of active malware threats were worms or troans rather than viruses.

Spyware or other malware is sometimes found embedded in programs supplied officially by companies, e.g., downloadable from websites, that appear useful or attractive, but may have, for example, addition hidden tracking functionality that gathers marketing statistics. An example of such software, which was described as illegitimate, is the Sony rootkit, a Trojan embedded into CDs sold by Sony, which silently installed and concealed itself on purchasers’ computers with the intention of preventing illicit copying; it also reported on user’s listening habits, and unintentionally created vulnerabilities that were exploited by unrelated malware.

Software such as anti-virus, anti-malware, and firewall are used to protect against activity identified as malicious, andto recover from attacks.

Purposes

Many early infectious programs, including the first Internet Worm, were written as experiments or pranks. Today, malware is used by financial or business information.

Malware is sometimes used broadly against government or corporate websites to gather guarded information, or to disrupt the operation in general. However, malware is often used against individuals to gain information such as personal identification number or details, bank or credit card numbers, and passwords. Left unguarded, personal and networked computers can be ay considerable risk against these threats. (These are most frequently defended against by various types of firewall, anti-virus software, and network hardware).

Since the rise of widespread broadband Internet access, malicious software has more frequently been designed for profit. Since 2003, the majority of widespread viruses and worms have been designed to take control of users’ computers for illicit purposes. Infected “zombie computers” are used to send email spam, to host contraband data such as child pornography, or to engage in distributed denial-of-service attacks as a form of extortion.

Programs designed to monitor users’ web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues are called spyware. Spyware programs do not spread like viruses; instead they are generally installed by exploiting security holes. They can also be hidden and packaged together with unrelated user-installed software.

Ransomeware affects an infected computer in some way, and demands payment to reverse the damage. For example, programs such as CryptoLocker encrypt files securely, and only decrypt them on payment of a substantial sum of money.

Some malware is used to generate money by click fraud, making it appear that the computer user has clicked an advertising link on a site, generating a payment from the advertiser. It was estimated in 2012 that about 60 to 70% of all active malware used some kind of click fraud, and 22% of all ad-clicks were fraudulent.

Malware is usually used for criminal purposes, but can be used for sabotage, often without direct benefit to the perpetrators. One example of sabotage was Stuxnet, used to destroy very specific industrial equipment. There have been politically motivated attacks that have spread over and shut down large computer networks, including massive deletion of files and corruption of mater boot records, described as “computer killing.” Such attacks were made on Sony Pictures Entertainment and Saudi Aramco.

Virtual private network

A virtual private network also known as a(VPN) is a private network thatextends across a public network or internet. It enables users to send andreceive data across shared or public networks as if their computing deviceswere directly connected to the private network.

VPNs can provide functionality, securityand/or network management benefits to the user. But they can also lead to newissues, and some VPN services, especially “free” ones, can actually violatetheir users’ privacy by logging their usage and making it available withouttheir consent, or make money by selling the user’s bandwidth to other users.

Some VPNs allow employees to securelyaccess a corporate intranet whilelocated outside the office. Some can securely connect geographically separatedoffice of an organization, creating one cohesive network. Individual Internetusers can use some VPNs to secure their wireless transactions, to circumventgeo-restrictions and censorship, and/or to connect to proxy servers for thepurpose of protecting personal identity and location. But some Internet sitesblock access via known VPNs to prevent the circumvention of their geo-restrictions.

A VPN is created by establishing a virtualpoint-to-point connection through the use of dedicated connections, virtualtunneling protocols, or traffic encryption. A VPN available from the publicInternet can provide some of the benefits of a wide area network (WAN). From a user perspective, the resourcesavailable within the private network can be accessed remotely.

Traditional VPNs are characterized by apoint-to-point topology, and they do not tend to support or connect broadcast domains,so services such as Microsoft Windows NetBIOS may not be fully supported orwork as they would on a local areanetwork (LAN). Designers have developed VPN variants, such as VirtualPrivate LAN Service (VPLS), and layer-2 tunneling protocols, to overcome this limitation.

From: https://en.wikipedia.org/wiki/Virtual_private_network

Security information and event management

In the field of computer security, securityinformation and event management (SIEM) software products and services combinesecurity information management (SIM) and security event management (SEM). Theyprovide real-time analysis of security alerts generated by network hardware andapplications.

Vendors sell SIEM as software, asappliances or as managed services; these products are also used to log securitydata and generate reports for compliance purposes.

The acronyms SEM, SIM and SIEM have beensometimes used interchangeably. The segment of security management that dealswith real-time monitoring, correlation of events, notifications and consoleviews is commonly known as security event management (SEM). The second areaprovides long-term storage as well as analysis and reporting of log data, andis known as security information management (SIM). As with many meanings anddefinitions of capabilities, evolving requirements continually shapederivatives of SIEM product-categories. The need for voice-centric visibilityor vSIEM (voice security information and event management) provides a recentexample of this evolution.

The term security information event management(SIEM), coined by Mark Nicolett and Amrit Williams of Gartner in 2005,

-      The product capabilities ofgathering, analyzing and presenting information from network and securitydevices

-      Identity and access-managementapplications

-      Vulnerability management andpolicy-compliance tools

-      Operating-system, database andapplication logs

-      External threat data

A key focus is to monitor and help manageuser and service privileges, directory services and other system-configurationchange; as well as providing log auditing and review and incident response.

Capabilities

-      Data aggregation: Log managementaggregates data from many sources, including network, security, server,databases, applications, providing the ability to consolidate monitored data tohelp avoid missing crucial events

-      Correlation: looks for common attributes,and links events together into meaningful bundles. This technology provides theability to perform a variety of correlation techniques to integrate differentsources, in order to turn data into useful information. Correlation istypically a function of the Security Event Management portion of a full SEIMsolution

-      Altering: the automated analysis ofcorrelated events and production of alerts, to notify recipients of immediateissues. Alerting can be to a dashboard, or sent via third party channels suchas email.

-      Dashboards: tools can take event dataand turn it into information charts to assist in seeing patterns, oridentifying activity that is not forming a standard pattern.

-      Compliance: applications can be employedto automate the gathering of compliance data, producing reports that adapt to existingsecurity, governance and auditing processes.

-      Retention: employing long-term storageof historical data to facilitate correlation of data over time, and to providethe retention necessary for compliance requirements. Long term log dataretention is critical in forensic investigations as it is unlikely thatdiscovery of a network breach will be at the time of the breach occurring.

-      Forensic analysis: the ability to searchacross logs on different nodes and time periods based on specific criteria.This  mitigates having to aggregate loginformation in your head or having to search through thousands and thousands oflogs.

From: https://en.wikipedia.org/wiki/Security_information_and_event_management