Computer Security Concepts

Computer security is fundamentally about protecting valuable items, known as assets,

within a computer or computer system. This protection extends to hardware, software,
data, people, processes, or combinations thereof. The National Institute of Standards
and Technology (NIST) defines computer security as "The protection afforded to an
automated information system in order to attain the applicable objectives of preserving
the integrity, availability, and confidentiality of information system resources (includes
hardware, software, firmware, information/data, and telecommunications)".

The core objectives of computer security are often referred to as the C-I-A triad or the
security triad:

• Confidentiality: It involves the concealment of information or resources.

Examples of sensitive information include students' grades, financial
transactions, medical records, and diplomatic secrets.

• Integrity: This ensures that an asset is modified only by authorized parties. It

applies to individual elements of a database, the database as a whole, and its
structure and relationships.

• Availability: This ensures that an asset can be used by any authorized parties
when needed.

The field of computer security is built upon the Vulnerability–Threat–Control Paradigm:

• Vulnerability: This refers to a weakness found in products, systems, protocols,

algorithms, programs, interfaces, or designs. It is a specific failure of controls.

• Threat: This is a condition that could exploit a vulnerability. It is a potential

occurrence that can have an undesirable effect on system assets or resources.
Threats are broadly classified into disclosure (unauthorized access to
information), deception (acceptance of false data), disruption (interruption or
prevention of correct operation), and usurpation (unauthorized control).

• Attack: An attack is an action that causes a potential violation of security, by

exploiting a vulnerability. Those who execute such actions are called attackers.

• Control/Countermeasure: These are mechanisms or procedures designed to

prevent, deflect, diminish, detect, diagnose, and respond to threats. Controls
can be applied to various components of a system, including data, programs,
physical devices, and personnel.

The OSI Security Architecture

The Open Systems Interconnection (OSI) security architecture provides a systematic
framework for defining security attacks, mechanisms, and services. It helps in
understanding and addressing security concerns within a network context.

Security Attacks: These are actions that compromise the security of information. They
are categorized as either passive or active:

• Passive Attacks: Involve eavesdropping on or monitoring transmissions without

altering the data. They are difficult to detect.

o Release of message contents: Unauthorized reading of the information

being transmitted, such as payroll records or sensitive data.

o Traffic analysis: Observing patterns of communication, such as the

frequency, length, or source/destination of messages, to infer information
about the communication.

• Active Attacks: Involve the modification of the data stream or the creation of a
false data stream. They are difficult to prevent and typically require detection
and recovery measures.

o Masquerade: An entity pretends to be a different authorized entity.

o Replay: Passive capture of a data unit and its subsequent retransmission

to produce an unauthorized effect.

o Modification of messages: An attacker intercepts a message and alters its

contents before forwarding it to the recipient, leading to an unauthorized
effect.

o Fabrication: An attacker generates authentic-looking but false messages

to be delivered as if from a legitimate source.

o Denial of Service (DoS): Prevents or inhibits the normal use or

management of communication facilities. This can involve killing user
threads, flooding a system with bogus requests, filling up disk or memory,
or isolating a machine through DNS attacks. Distributed Denial-of-Service
(DDoS) attacks are a common form.

Security Services: These are processing or communication services designed to

enhance the security of data processing systems and information transfers. They
implement security policies and are, in turn, implemented by security mechanisms:

• Authentication: Provides assurance that the communicating entity is the one

claimed. This includes peer entity authentication (verifying identity in a
connection) and data origin authentication (verifying the source of a data unit).
 • Access Control: The prevention of unauthorized use of a resource. It is
fundamental to preserving confidentiality and integrity by controlling all
accesses by all subjects to all protected objects in all modes of access.

• Data Confidentiality: Protects data from unauthorized disclosure. This service

can be applied to entire connections, single messages, or specific fields within
data.

• Data Integrity: Provides assurance that received data is exactly as sent by an

authorized entity, meaning it has not been modified, inserted, deleted, or
replayed.

• Nonrepudiation: Offers protection against denial by an entity of having

participated in a communication. This includes nonrepudiation of origin (proof of
sender) and nonrepudiation of delivery (proof of recipient).

• Availability Service: Ensures that a system or resource is accessible and usable

upon demand by an authorized entity.

Security Mechanisms: These are processes or devices designed to detect, prevent, or

recover from a security attack. They can be integrated into specific protocol layers or
operate independently. Common mechanisms include:

• Encryption algorithms (e.g., DES, AES, RSA, ElGamal).

• Digital signatures.

• Access control mechanisms.

• Authentication protocols.

• Data integrity mechanisms.

• Traffic padding, routing control, and notarization.

A Model for Network Security: This model describes how security is provided in a
networked environment, primarily focusing on protecting information transmission from
opponents. It consists of two main components:

1. A security-related transformation applied to the information to be sent, such as

encryption to scramble messages or adding a code to verify the sender's identity.

2. The generation and distribution of secret information (e.g., encryption keys) used
with the security algorithm. This involves steps like generating the secret
information, developing methods for its distribution and sharing, and specifying
a protocol for its use by communicating parties. An extended model also
addresses protecting information systems from unwanted access, whether from
human intruders or malicious software.
Classical Encryption Techniques

Symmetric Cipher Model: Also known as conventional encryption, this cryptosystem

performs encryption and decryption using the same secret key.

• Plaintext: The original, intelligible message or data that serves as input to the
encryption algorithm.

• Ciphertext: The coded or encrypted message, which is the output of the

encryption algorithm.

• Enciphering (Encryption): The process of converting plaintext into ciphertext.

• Deciphering (Decryption): The process of restoring the plaintext from the

ciphertext.

• Secret Key: A piece of information known only to the sender and recipient,
essential for both encryption and decryption.

Classical encryption techniques primarily rely on two basic operations:

• Substitution Techniques: In these techniques, each element in the plaintext (bit,

letter, or group of bits/letters) is mapped into another element.

o Caesar Cipher: A simple shift cipher where each letter in the plaintext is
replaced by a letter some fixed number of positions down the alphabet
(e.g., "A" becomes "D" with a shift of 3).

o Monoalphabetic Ciphers: Use a single, fixed substitution alphabet across

the entire message.

o Playfair Cipher: Encrypts pairs of letters (digraphs) rather than single

letters, based on a 5x5 matrix derived from a keyword.

o Hill Cipher: Uses linear algebra, specifically matrix multiplication, to

encrypt blocks of plaintext.

o Polyalphabetic Ciphers: Employ multiple substitution alphabets, often

based on a keyword that determines which alphabet to use for each letter
(e.g., Vigenère cipher).

o One-Time Pad: An encryption scheme considered perfectly secure if the

key is truly random, never reused, and at least as long as the plaintext.

• Transposition Techniques: These methods rearrange the positions of the

plaintext elements without changing the elements themselves.
 • Steganography: This involves hiding the very existence of a message or other
data, in contrast to cryptography, which conceals the meaning of a message
while the message itself remains visible.

Foundations of Modern Cryptography

Modern cryptography builds on theoretical concepts to design robust encryption

algorithms.

• Perfect Security: A cryptosystem is deemed unconditionally secure (or to have

perfect secrecy) if, regardless of how much ciphertext an opponent has, it does
not provide enough information to uniquely determine the corresponding
plaintext. This means the system is secure even against adversaries with
unlimited time and computational power. The One-Time Pad is an example of an
unconditionally secure cipher.

• Information Theory: This field, particularly as applied by Claude Shannon in his

"Communication Theory of Secrecy Systems", provides a mathematical
foundation for understanding secrecy and the theoretical limits of cryptography.
Concepts like entropy are used to measure the uncertainty or randomness within
a system, which is crucial for assessing security.

• Product Cryptosystem: Most modern encryption algorithms are product

systems, which means they involve multiple stages of both substitutions and
transpositions. This combination of transformations (also known as confusion
and diffusion) significantly increases the difficulty for cryptanalysts to uncover
the original plaintext.

• Cryptanalysis: This is the branch of cryptology dedicated to breaking ciphers to

recover information or to forge encrypted information that appears authentic.

o Kerckhoffs' Principle: A foundational principle stating that the security of

a cryptosystem should depend solely on the secrecy of the key, not on the
secrecy of the algorithm itself. It assumes the adversary knows the
encryption and decryption algorithms and the set of possible keys, but
not the specific key.

o Types of Cryptanalytic Attacks:

▪ Brute-force attack: Involves exhaustively trying every possible key

until the correct one is found and the intelligible plaintext is
recovered.

▪ Known plaintext attack: The cryptanalyst possesses pairs of

plaintext and their corresponding ciphertext.
 ▪ Chosen plaintext attack: The cryptanalyst can choose specific
plaintexts and obtain their corresponding ciphertexts to analyze
patterns.

▪ Plaintext-only attack: The cryptanalyst only has ciphertext to work

with .

▪ Differential cryptanalysis: This technique involves encrypting

carefully chosen plaintexts with specific XOR difference patterns
and analyzing the resulting ciphertext difference patterns to
deduce the key. It has been famously used against DES.

▪ Linear cryptanalysis: A known-plaintext attack that uses linear

approximations to describe the behavior of a block cipher.

▪ Statistical analysis: Involves analyzing patterns in the ciphertext,

such as letter frequencies, to infer information about the plaintext
or key .

▪ Timing attacks: Exploit variations in the time it takes for

cryptographic operations to complete, which can reveal
information about the secret key.

▪ Mathematical attacks: Focus on breaking the underlying

mathematical structure of the cryptographic algorithm.

o Confusion and Diffusion: These two properties are crucial for the strength
of a cipher:

▪ Confusion: Aims to hide the relationship between the plaintext and

the ciphertext, often by replacing parts of the plaintext with other
data.

▪ Diffusion: Seeks to spread the influence of a single plaintext bit

across many ciphertext bits, scrambling the original content
throughout the message.

Zero Trust Security

The provided sources do not contain specific information or a definition for "Zero Trust
Security" as a distinct concept or paradigm.

Security in Operating Systems

The operating system (OS) is a critical component for enforcing security. It acts as the
"traffic cop" of a computing system, protecting users from each other, ensuring critical
memory is not overwritten, performing identification and authentication, and managing
hardware resources fairly. Its fundamental position makes it a primary target for
attackers seeking complete control over a machine.

Security in the Design of Operating Systems:

• Simplicity and Early Integration: Security must be an integral part of the OS's
initial design, not an afterthought "shoehorned" in later. Good software
engineering principles, such as simplicity, modularity, and loose coupling, lead
to fewer opportunities for attackers. Complex designs are more prone to errors
and vulnerabilities.

• Layered Design: Operating systems are often designed in layers, with the most
critical functions (like the security kernel) in the innermost or lowest layers. This
layering helps ensure that a security problem in one layer affects only less
sensitive layers.

• Kernelized Design and Reference Monitor: The security kernel is the portion of
the OS specifically responsible for enforcing security mechanisms. Its design
aims for compactness and verifiability, making it small enough to be rigorously
analyzed and tested. The reference monitor is the most important part of a
security kernel, responsible for monitoring all accesses to protected objects. It
must be unbypassable.

• Correctness and Completeness: Security enforcement in an OS must be both

correct (implementing defined security properties) and complete (included in all
necessary places).

• Self-Protection: An OS must protect itself from compromise to effectively

protect its users and resources. Vulnerabilities can arise from the OS's inherent
complexity, especially with legacy code and numerous add-ons from different
sources. This complexity creates "interface mismatches" that exploit authors
can capitalize on.

Rootkit:

• A rootkit is a highly pernicious form of malicious code that embeds itself within
the operating system kernel, effectively gaining the privileges and position of an
OS component. In Unix systems, "root" refers to the most privileged user, hence
the name.

• Concealment and Persistency: Rootkits are designed to remain undetected and,

if removed, to reestablish themselves. They achieve this by gaining control early
in the system boot cycle, before most detection tools are active. They can
intercept and modify basic OS calls (e.g., directory listings), effectively hiding
their own files and activities from users and even audit logs.
 • Impact: Rootkits can replace other parts of the operating system, rewrite
pointers to interrupt handlers, or remove security programs from startup lists,
making them undetectable and unconstrained. They are a significant threat,
comprising a measurable percentage of malicious code.

• Vulnerabilities Exploited: The complexity and lack of transparency of operating

systems contribute to the successful installation of rootkits.

Network Security Attacks

Network security attacks involve threats to communications between computer

systems. These attacks stem from the two-way nature and inherent complexity of
networks, which offer many points of vulnerability.

Threats to Network Communications:

• Interception: Unauthorized viewing of data, often called wiretapping or

eavesdropping, even in wireless environments.

• Modification: Unauthorized alteration of data or messages in transit.

• Fabrication: Unauthorized creation or insertion of false data.

• Interruption: Prevention of authorized access or loss of service.

• Port Scanning: While not an attack itself, it's a first step for attackers to identify
vulnerabilities in a target system by determining the OS name, versions of
applications, and open services that might contain known flaws.

• Routing Attacks: Malicious interference with network routing mechanisms can

prevent access requests from reaching a server.

• Session Hijack: An attacker can divert an authenticated communication session

between two parties.

Wireless Network Security:

• Wireless networks, such as WiFi, are particularly vulnerable to all three

fundamental security properties: confidentiality, integrity, and availability.

• Confidentiality Risks: Data signals transmitted in the open air can be easily
intercepted by unintended recipients, revealing not just data values but also
communication patterns, traffic type, and even encryption methods.

• Inadequate Protocols: Early protocols like WEP (Wired Equivalent Privacy) were
found to have significant vulnerabilities. Stronger protocols like WPA (WiFi
Protected Access) were developed, but still face specific attacks like MAC
address spoofing and man-in-the-middle attacks.
 • Rogue Access Points: An attacker can set up a rogue access point to
impersonate a legitimate one, luring users to connect and then intercepting their
traffic.

Denial of Service (DoS):

• DoS attacks are attempts to prevent legitimate users from accessing a service.
Unlike confidentiality and integrity (which are often binary), availability can be a
matter of degree, ranging from complete loss of access to unacceptable slowing
of service.

• Causes: DoS attacks can be caused by:

o Insufficient Capacity/Overload (Flooding): Overwhelming the system with

more demand or traffic than it can handle. This can exploit weaknesses in
network protocols (e.g., SYN flood attacks).

o Blocked Access: Physically or logically disabling communication links.

o Unresponsive Components: Causing hardware or software failures that

render a service unusable.

• Exploitation: DoS attacks often initiate by exploiting software vulnerabilities to

cause system crashes or disruptions.

Distributed Denial-of-Service (DDoS):

• A DDoS attack is a more sophisticated and severe form of DoS, involving multiple
compromised machines (zombies) coordinated by an attacker (botmaster) to
launch a simultaneous attack on a target.

• Attack Construction: The attacker first infiltrates numerous machines, installing

"zombie software" (often a Trojan horse) designed to conceal itself and
communicate with the attacker. Once a sufficient "army" of zombies is amassed,
the attacker signals them to launch a coordinated attack, which can involve
various methods.

• Countermeasures: While challenging, DDoS attacks are theoretically

preventable if all systems are regularly patched against well-known
vulnerabilities. Worm monitoring software, such as ingress monitors and
honeypots, can help detect them in their early "slow start" phase.

In essence, complexity is the enemy of security. The "ease" of using an app from a
security perspective (as discussed in our previous conversation) means designing it
with understandable security features, psychological acceptability, and simplicity of
design and implementation [previous response]. If these principles are not followed, an
app (or any system component, including the OS itself) becomes more susceptible to
the vulnerabilities and attacks described, making it inherently "not easy" to secure in
practice.