Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Modern Cryptography for Cybersecurity Professionals

You're reading from   Modern Cryptography for Cybersecurity Professionals Learn how you can leverage encryption to better secure your organization's data

Arrow left icon
Product type Paperback
Published in Jun 2021
Publisher Packt
ISBN-13 9781838644352
Length 286 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Lisa Bock Lisa Bock
Author Profile Icon Lisa Bock
Lisa Bock
Arrow right icon
View More author details
Toc

Table of Contents (16) Chapters Close

Preface 1. Section 1: Securing Our Data
2. Chapter 1: Protecting Data in Motion or at Rest FREE CHAPTER 3. Chapter 2: The Evolution of Ciphers 4. Chapter 3: Evaluating Network Attacks 5. Section 2: Understanding Cryptographic Techniques
6. Chapter 4: Introducing Symmetric Encryption 7. Chapter 5: Dissecting Asymmetric Encryption 8. Chapter 6: Examining Hash Algorithms 9. Section 3: Applying Cryptography in Today's World
10. Chapter 7: Adhering to Standards 11. Chapter 8: Using a Public Key Infrastructure 12. Chapter 9: Exploring IPsec and TLS 13. Chapter 10: Protecting Cryptographic Techniques 14. Assessments 15. Other Books You May Enjoy

Understanding security services

Today, there are many threats to the security of our data. Therefore, it's imperative that we remain vigilant in protecting our networks and data from attack or unauthorized access. In this section, we'll take a look at some of the security services designed to assure our data is protected. We'll also see how cryptographic techniques can help ensure data is not modified, lost, or accessed in an unauthorized manner.

There are many guidelines that outline how to provide data security. One document that helps list security concepts is the International Telecommunications Union (ITU) Security architecture for Open Systems Interconnection for CCITT applications, also known as X.800. Let's take a look.

Investigating X.800

The Consultative Committee for International Telephony and Telegraphy (CCITT), now known as the International Telecommunications Union - Telecommunication Standardization Sector (ITU-T), recognized the need to provide a secure architecture when dealing with data transmission. More specifically, they wanted to outline the general framework of security services that should be implemented within the Open Systems Interconnection (OSI) model.

Important note

The OSI model is a seven-layer representation of how systems communicate with one another. The OSI model is well recognized among network professionals, as it breaks down the function of each layer.

X.800 outlines recommended security services, along with best-practice logical and physical controls that help protect each service. In addition to logical and physical controls, the document outlines various cryptographic techniques that should be used, such as the following:

  • Encryption: Transforms plaintext into ciphertext by using a cryptographic algorithm and key.
  • Hashing: Functions that take a given input (of any size) and produce a fixed-length output. The output size will depend on the algorithm. This is also called a one-way function, in that you cannot derive the original input from the hash value.
  • Digital signature: A cryptographic technique using asymmetric encryption to ensure message authenticity and non-repudiation.

The document lists the main security services designed to protect data, which include confidentiality, integrity, authentication, and non-repudiation.

Let's take a look at each of these and how they can be achieved, starting with confidentiality.

Ensuring confidentiality

While we may not feel that all data should be rigorously protected, in today's world, it's best to keep most, if not all, data protected from prying eyes. Confidentiality means keeping private data private by protecting against unauthorized disclosure.

An example of a violation of confidentiality would be if a malicious actor were to gain access to a company's proprietary trade secrets or customer database.

A data breach of client information can cause business harm and result in a tarnished reputation and loss of trust. To ensure confidentiality, businesses and individuals should restrict access by using access control methods that allow only authorized people, devices, or processes to have access to the data.

In addition, we can protect data confidentiality by using encryption. That way, if someone were to gain access to the information, it would be meaningless, unless they have a key to decrypt the data.

Another service is to ensure data integrity, as we'll see next.

Safeguarding integrity

Providing integrity ensures that data is not modified, lost, or destroyed in either an accidental or unauthorized manner.

An example of a violation of integrity would be someone gaining access to their payroll file and changing their salary from $30,000 to $40,000.

To protect integrity, use access control methods and employ strong audit policies. In addition, monitor the network for unusual or suspicious activity and use software designed to compare cryptographic hash values for unauthorized changes to the data.

One example of software that monitors for unauthorized changes in the filesystem is called Tripwire, which acts as a software intrusion detection system.

Tripwire works in the following manner:

  1. Prior to activating the monitoring feature, you must first flag the files that need to be checked on all filesystems and devices.
  2. Once the appropriate files are identified, the software will baseline the existing filesystem and generate a hash value for all files.
  3. After baselining, the software will scan the filesystem and generate another hash value for all flagged files.
  4. The software then compares each file's hash value against the baseline.
  5. If the hash value does not match the baseline, the system will send an alert, which will indicate that the file has been modified in an unauthorized manner.

In the following figure, the hash value of the baseline file is not the same as the hash value of the checked file:

Figure 1.2 – A hash value that does not match the baseline

Figure 1.2 – A hash value that does not match the baseline

If the hash value does not match, this will send an alert that there is a violation of the integrity of the file.

Another service that is paramount on a network is authentication, as we'll see next.

Providing authentication

When something or someone is authentic, we are assured that it is true or genuine. For example, when you go to a bank to cash a check, the bank will require you to produce identification to prove who you are.

A violation of authentication occurs when spoofing techniques are used. For example, malicious actors often use an email address that spoofs the name to look like someone you know. This is a social engineering technique that is used to get you to open a file or complete some action.

When dealing with an entity on a network, it's especially important to guarantee authenticity, as this assures both parties that the message has originated from an authorized source. One way to prove authentication is by using a message authentication code, which is a small block of code used to authenticate the origin of the message.

Another security service is non-repudiation, which prevents an entity from denying that they either sent or received a communication.

Certifying non-repudiation

Non-repudiation is preventing a party from denying participation in a communication and can be used in both sides of a conversation to prevent either party from denying their involvement. By using a digital signature, non-repudiation can be achieved in the following manner:

  • Proof of origin: Assurance that the message was sent by a specific entity
  • Proof of receipt: Assurance that the message was received by a specific entity

To understand the importance of providing non-repudiation, let's outline the concept using a scenario in the following section.

Denying involvement

Every day, busy professionals send and receive emails. So that you can better understand how this works, I'll outline the concept in a story where using a digital signature when sending an email could help provide non-repudiation.

Bob is an office manager for a large payroll department. The supervisor is Jessica, who oversees the day-to-day operations of the department. Jessica is generally busy, with many tasks and meetings throughout the day.

Jessica's administrative assistant, Paul, notices that Jessica's birthday is in 2 days. Paul emails Bob to purchase a birthday cake and plan a surprise party and invite the whole office. Bob completes all the necessary arrangements and lets Paul and the department know that everything is ready for Friday.

On Friday, Jessica returns from her morning meeting, where she is greeted by the entire department wishing her a happy birthday. Jessica looks around the room and is visibly upset, and states, "you shouldn't have done this." She then retreats to her office and closes the door.

Later that morning, Jessica calls Bob and Paul into her office and tells them that she knows they meant well, but she didn't appreciate the attention. Paul states that he has no idea how this happened. Bob replies to Paul, "you sent me an email telling me to plan the event!" Paul answers, "no I didn't."

At that point, Bob has no recourse but to take the blame, as Paul has repudiated the fact that he had requested the party.

While Bob could have printed the email from Paul to attempt to prove that Paul requested the party, this may not be sufficient, as it is possible to spoof (or recreate) an email. However, if Paul had sent the email using a digital signature, this would prove that he had sent the email. At that point, Bob could have defended himself and let Jessica know what really happened.

Using a digital signature to prevent non-repudiation is not always required; however, in a high-stakes situation, such as a financial transaction, this can be especially important.

On any network, it's also important to ensure availability, as we'll see next.

Assuring availability

Availability is the assurance that resources are available to authorized devices, users, and/or processes on the network.

A violation of availability would be a DoS attack designed to interrupt or suspend services to legitimate users.

Although ensuring availability is an important concept, we cannot use a cryptographic method to ensure this service. However, there are other ways to protect availability, such as using intrusion detection and prevention. In addition, the network administrator should also keep systems up to date with all security patches, and upgrade systems and devices when necessary.

As outlined, encryption and cryptographic techniques are some of the ways through which we can protect against the constant threats to the security of our data. In the next section, let's take a look at a few of the cryptographic concepts that you might encounter.

You have been reading a chapter from
Modern Cryptography for Cybersecurity Professionals
Published in: Jun 2021
Publisher: Packt
ISBN-13: 9781838644352
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image