this section gives a theoretical basis to understand the different security controls available to practitioners and organizations regarding data security. Each of the items listed here will be elaborated on and explained in Part two.
Security requires an organization to implement three components.
People, policies and technology.
The people have to be trained and qualified to do the job that they're doing.
Policies should prohibit physical security bypasses.
For example. An organization could have the best security software, but somebody could take a picture of the screen with a cell phone.
Governments have a policy that cameras and cell phones are not allowed when working with classified information.
This is a good example of a policy that improves cybersecurity.
Technology serves as a way to enforce the policy and aid the people doing their jobs.
The pillars of information security, our confidentiality, integrity, availability and non repudiation
confidentiality means that private data is not disclosed to unauthorized parties.
It can be violated if an unauthorized party can see data that there were not supposed to see, such as Attackers seeing sensitive data following a data breach
dinner. Bridges are generally violations of confidentiality.
Integrity is making sure that data is not manipulated by an unauthorized party and integrity can be violated if an unauthorized party contemporary with the data,
for example, a hacker changing the account balances of a bank account in a database or ransom where modifying files by encrypting them would both be violations of data integrity
Availability is making sure that dinner can be accessed when it is needed.
Violations of availability would be if an attacker can cause a file server to crash so that nobody is able to access their files, resulting in on availability of the files.
Non repudiation means that actions have side effects, such as being audited or logged.
It would be violated if an attacker can impersonate someone and perform actions on their behalf or deny having taken action.
Authentication means proving a statement that you make.
For example, if you want to log into a system with a certain user name,
your knowledge of the password proves that you are the user whose account you are trying to log into.
The problem with authentication is that the entire authentication process relies on one password, which can be stolen, resulting in a compromise of the whole authentication process.
If all security measures depend on just a user name and password, as it often does today.
The theft of credentials would allow compromise of the whole authentication process.
Three common ways to double check authentication include something that a user has something that a user knows, or something that the user is
a trusted platform module is a physical chip inside a computer
with a unique cryptographic key and identify her burnt into the chip at manufacturing time.
Since the TPM ship is already included in the computer, the computer itself counts as something the user has without the user having to carry any additional hardware devices.
TPM is implicit multi factor authentication and is very convenient because it requires no change
in the behavior of the user. More about TPM chips later
In the mainstream computing industry today, trust is neither provable nor quantifiable.
Therefore, it is an invalid premise for any security system to assume the user device or network is trustworthy.
For example, human employees of an organization might have malicious intent and turn out to be malicious insiders like Edward Snowden at the US National Security Agency.
The insider threat vector is still an unsolved problem in the industry today,
human error by well intentioned insiders can be just as dangerous and cause the data priest just as big.
If users accident in the email or upload the wrong data to the wrong place,
computers must be assumed to be compromised because if malware or a zero day exploit is good, the user would not know about it by definition.
In fact, the line between benign and malicious software is unclear, since software that comes bundled with your operating system can often be used for malicious purposes.
A prime example is that power shell comes bundled with Windows but has shown to be usable as an attack, too.
Networks also must be assumed to be compromised, and it must be assumed that the adversary has thehe bility to monitor and manipulate network traffic.
The only valid and practical assumption is that neither the user
device nor the network is trustworthy. A strong approach would assume all three are compromised and go from there.
Since software depends on the hardware in order to run and hardware is executing the software instructions, hardware has a higher level of privilege.
If software relies on hardware that it doesn't have the capability to influence the internal in variant mechanisms off
the trust can be rooted in the hardware system.
A trusted platform module is a temper resistant physical chip inside your computer that holds secret keys.
If you use, it can ensure that nobody can copy your laptop hard drive and put it into another identical laptop.
It has a unique cryptographic key, burnt into it at manufacturing time and already comes in commodity laptops, especially enterprise computers from companies like Dell and HP.
In fact, your work computer probably already has a T p M chip installed, whether you know it or not,
because most enterprise great computers already have TPM chips installed,
routing trust in teepee and chips is an ideal way to implement multi factor authentication, along with requiring a user name and password.
Another benefit of hard work OH, processors such as A T P M. Is that its memory is isolated from the main memory, so malware on the computer cannot access the private keys on the T P M chip.
If data can be routed to TPM chips, it is possible to lock down files to be OpenTable in a specific enterprise. Only
you will get to this later.
The Intel SI pues V TX, instruction said, also allow a software to root trust and internal hardware isolation mechanisms
that the software does not have the capability to influence the internal mechanisms.
Hard work could be more difficult to administer and more expensive if it does not already come. Pre installed
security through isolation is the age old idea that one should partition their valuable assets away from the public eye.
The same idea applies to processing sensitive data.
One example of this idea is air gapped computer networks.
Another example of this idea is that Intel V. T X, Instruction said,
which allows mutually distrusting virtual machines to isolate their memory from each other again using trust rooted in the CPU hardware
Amazon Web service is also uses the Intel V TX isolation mechanism.
If they were hosting VM from, let's Say, Pepsi and Coca Cola on the same physical server where it would be disastrous, a Pepsi and Coke could see each other's data.
Security through isolation can be seen yet again. We're looking at T P M ship design.
TPM is a separate, discreet co processor that does not share sensitive memory with the rest of the computer.
All of its sensitive computations are isolated from the main memory of the computer.
Again, it is partitioning valuable assets away from the quote unquote public eye.
Steganography is the practice of hiding in plain sight.
Let's say, for example, a malicious insider wants to steal a Social Security number out of the organization. The number is 999961770
This can be expressed in an infinite number of ways, and two examples are given here.
Greatest T H R 33 digit integer
number of C three and T s in a dollar minus four
year. The U. S declaration of
in the three p three and d three NC three was signed minus a fuzzy picture.
If you think about it to a human, this makes sense. They would be able to decode this and get that Social Security number out. But there's no way a machine would be able to detect this. You cannot write any signatures for this.
Another example is just in a story format.
I can see 999 green ducks sitting in a row
96 of them have extra long beaks.
There are 1770 ducks total in the flock of ducks.
That sounds like a story. It could have been what somebody did this weekend. There's no obvious clue that it could be steganography.
The point here is that artificial intelligence, natural human intelligence, machine learning behavior analysis can all be bypassed by steganography because it's impossible to list all the different variations of encoding some data.
As a result, it is impossible to detect or train artificial intelligence for all of the different variants of steganography.
If there is one way to bypass
aye, aye, it would be through steganography.
Although the previous slide had an example of steganography through text,
steganography does not always have to be through text.
In this example, you can see a new image on the left side of a tree.
But what you cannot see is that there is actually another image embedded inside
the cat picture that you see on the right
is actually embedded inside of the tree picture. The hidden image of the tat is revealed from the tree
by removing all but the two least significant bits of each color component and following normalization of the image,
and the link is on the bottom if you want to know more about how that could be done,
an algorithm is a set of well defined steps to solve a problem.
It can be written in software, and it can be proven to be 100% correct.
An example of an over them is
if data is created or modified by an employee of the organization
A heuristic is an educated guess or a rule of thumb.
I guess his cover general cases, but not exceptions and are not provable.
Some examples of purest IX include artificial intelligence, machine learning and detections.
A concrete example of a heuristic is if it's three digits, followed by a dash, followed by two digits, followed by another dash, followed by four digits. It's probably a social Security number. It's an educated guess, so encrypted.
But as we discussed earlier, steganography can bypass all heuristics.
As a result, heuristics really keep the good guys good, but they don't do anything to stop the bad guys.
While both heuristics and algorithms have their places
in the information security industry, defenders are competing with intelligent human adversaries at the end of the day who are handling the data, writing the malware and probing the networks.
Humans are smarter than machines and can and do and will continue to
be creative to outsmart heuristics using anomalies and steganography.
For this reason, it is dangerous to try to use heuristics to compete with intelligent human Attackers who are trying to steal data.
It is better to use provable algorithms rather than heuristics that can be fooled by Attackers,
especially in open ended problems, like identified all the possible ways to encode a Social Security number as seen in the previous example,
artificial intelligence and machine learning require training sets to learn on
thes training. Sets cannot be exhaustive. For example,
they cannot identify all the possible ways of expressing the Social Security number.
Remember, artificial intelligence tools are now being used by both Attackers and defenders.
Secured by default and insecure by exception, is a basic engineering principle for building fault tolerant systems.
It makes it easier to be secure and harder to be insecure and makes human errors less destructive.
For example, Ahh high power electricity line only has current flowing when the operator presses and holds a button
When the operator let's go, there is no current
rather than the opposite, where the operator has to press the button in order to stop current.
In this system, If the operator makes a mistake and does not press a button, there is no catastrophe because there is no current flowing if they don't press the button.
Separation of duties requires multiple parties authorization in order to allow something to happen
this way, If one of the parties mistakenly or purposefully goes rogue and does something bad, the other parties can act as a safeguard from a negative outcome.
Change is hard because it requires users till relearn things.
It is important to make minimal changes to user experience.
Otherwise, users would do things like disabling security features or complaining to the I T department.
For example, People who are not in I t and that don't work with technology all day, such as people may be in legal or finance might not learn technological changes as fast
changes expensive and people actively avoid replacing their technology. If they can.
Why did the adopted technology is rarely changed,
especially if the argument is for more security
history has shown time and time again that the industry is not willing to rebuild technology, especially if the same features will come out of it just in a more secure manner.
The industry would rather build on top of what is already there and fix problems with a patchwork of interoperable band aids such as I p *** Band Aid for eyepiece Fours insecurity.
The same can be said about complex file formats, applications and operating systems that have evolved through decades of engineering.
An extreme example is if somebody came up with a perfect operating system that had no security vulnerabilities
in order to make it usable, they would first need to build a Web browser and then productivity applications and then the rest of the ecosystem to match other Richard ecosystems that are already out there today.
Then they would have to convince everyone to throw away what they're currently using and used the new platform, even though it's a matching feature set
and they don't get any new features out of it.
Hyper visors provide an inter operable way to get under the mature operating system and applications for additional security
without having to rebuild or rewrite or redesign or re engineer anything.
If we are assuming malicious insiders compromise devices and compromising networks,
we must also assume that the data has is and will continue to be expatriated from an organization
in which case encryption and protection should follow the data.
This threat model is particularly relevant in today's world of Bring Your Own device and cloud where did a legitimately can end up on the devices and servers of others that the enterprise does not own or control?
Full disk encryption allows protection to follow Thio a limited extent, because the protection follows the disc around.
But the protection has stripped. If the data is shared from the device, such as through email attachments or uploads of files that are on the device is encrypted. Disk
security increases as the encryption becomes more granular from the disk level, down to the file or database. Sell double because data is encrypted wherever it ends up.
In a world where we must assume data exfiltration is occurring, protection should follow the data because we don't know where the data will end up.
For example, it can be stored in the Cloud provider, server and adversary server or an employee's device. In all cases, it would be protected
enterprises often one proof that their security is working.
This proof can be provided by auditing operations following the concept of non repudiation discussed earlier.
For example, if a user creates, modifies or shares a file and the server records analytics about this example, event
management can gain confidence and comfort that the security is working
on Lee. If it can be seen on the management server that this operation occurred,
structure data is machine understandable. It is organized into machine accessible pieces, and this organization allows the data to be algorithmic lee parsed and, for example, stored in databases.
Often you can tell if the data is structured if it is organized into tags, fields or offsets. Some examples include XML formatted or delimited text for file formats.
Unstructured data is human. Understandable.
It is ambiguous to computers and disorganized and has unformed added structure.
Some examples include human languages, rast, arised, images, audio and graphics.
In the example here, you can see on the bottom of the screen that the word credit is wavy and has different boldness is and thicknesses,
and this is not a standard in this structured an organized format.
The word credit has one format in the word card. Number is
has different formats, and so a human can understand it because it looks like the word credit. But machines have a more difficult time when you're trying to tell it that it looks like something when you're trying to express that something is similar to something else, but not the same
as security research advances, the industry sees new attacks on cryptographic algorithms
as computers become faster, smaller key sizes of lose their security properties and longer key sizes need to be used
as geopolitical situations arise and evolve.
Different cryptography standards are approved and rejected by different organizations, and this all evolves over time.
This ephemeral cryptography trend should be taken into account when implementing security and systems.
Crypto agility expects algorithms to be obsolete, ID or rejected and key sizes to become too short, and plans plug will cryptography into systems because of the expectation of evolution of cryptography. Over time,