Asymmetric Cryptography

Asymmetric Cryptography

Public Key Cryptosystems rely on a pairs of keys assigned to each user of the cryptosystem.

RSA

• 1977, Ronald Rivest, Adi Shamir, Leonard Adleman
• RSA algorithm (Patented) form the backbone of large number of well known security infrastructure

• Computational difficulty inherent in factoring large prime numbers
• Each User of the cryptosystem generates a pair of public and private keys using the algorithm below :-

1. Choose 2 large prime numbers (p and q of 200 digits length each)
2. compute the product:    n = p * q
3. Select a number  e such that
• e < n
• e and (n-1)(q-1) are relatively prime - that is, the 2 numbers have no common factors other than 1.
4. Find a number d, such that (ed-1)mod(p-1)(q-1) = 0
5. Distribute e and n as the public key to all cryptosystem users. Keep d secret as the private key.

• If Alice wants to send an encrypted message to Bob, she generates the ciphertext (C) from the plain text (P) using the formula (where e is Bob's public and n is the product of p and q created during the key generation process):

C = P (power e) mod n

When Bob receives the message, he performs tha following calculation ro retrieve the plaintext message:

P = C (power d) mod n


Merkle-Hellman Knapsack

• 1978
• Based on the difficulty of performing factoring operations, but it relies on a component of set theory known as super-increasing sets rather than on large prime numbers. Proven ineffective when it was broken in 1984.

Cryptosystem---------------------Key length
RSA---------------------1088 bits
DSA---------------------1024 bits
Elliptic curve---------------------160 bits






El Gamal

• Based on Diffie-Hellman key exchange algorithm
• Major Disadvantage - the algorithm doubles the length of any message it encrypts.
• This is a major hardship when encrypting long messages or data that will be transmitted over a narrow bandwidth communications circuit.

Elliptic Curve

• 1985
• Mathematicians - Neal Koblitz abd Victor Miller
• Elliptic Curve Cryptography (ECC) theory

y(power 2) = x(power 3) + ax + b

x,y,a and b are all real numbers





Hash Functions

• Take a long potentially long message and generate a unique output value derived from the content of the message.
• This value is commonly referred as message digest.
• Most cases, message digest is 128 bits or longer.

5 basic requirements

1. Input can be of any length
2. Output has a fixed length
3. Hash function os relatively easy to compute
4. Hash function is one-way . It is extremely hard to determine the input when provided with output
5. Hash function is collision free (it is externally hard to find two messages that produce the same hash value)

SHA, SHA-1, SHA-2

• Government Standard hash functions developed by National Institute of Standard and Technology (NIST)
• Publication - Secure Hash Standard (SHS) aka Federal Information Processing Standard (FIPS) 180
• SHA-1 takes Input length upto 2,097,152 terabytes ----> Output 160-bit message digest
• processes a message in 512-bit blocks
• therefore it pads the Input message with additional data so that length reaches tge next highest mutiple of 512.

Recent cryptanalytic attacks demontrated weaknesses in SHA-1

Four new variants

1. SHA-256 output 256-bit, 512 bit block size
2. SHA-224 output 224-bit, 512 bit block size
3. SHA-512 output 512-bit, 1024 bit block size
4. SHA-384 output 384-bit, 1024 bit block size

MD2

• 1989
• Ronald Rivest
• 8-bit processors
• pads the message with 16 bytes
• output 16-byte checksum and appends it to the end of the message
• 128-bit message digest is then generated by using the entire original message along with the appended checksum

MD4

• 1990
• Rivest
• enhanced the algorithm to support 32-bit processors and increase the level of security
• It first pads the message to ensure that the message length is 64 bits smaller than a mutiple of 512 bits
• For example, a 16-bit message will be padded with 432 additional bits of data to make it 448 bits, which is 64 bits smaller than a 512-bit message.
• MD4 then processes 512-bit blocks in three rounds of computation to produce the message digest of 128-bit 
• No longer secure

MD5

• 1991
• Rivest
• Problems again - Slow
• Subject to collisions

Hash algorithm chart

Name--------------------------------------------Hash Value Length
Hash of Variable Length(HAVAL)-an MD5 variant--------------------------------------------128,160,192,224,256
Hash Message Authenticating Code(HMAC)--------------------------------------------Variable
MD2--------------------------------------------128
MD4--------------------------------------------128
MD5--------------------------------------------128
SHA-1--------------------------------------------160
SHA-224--------------------------------------------224
SHA-256--------------------------------------------256
SHA-384--------------------------------------------384
SHA-512--------------------------------------------512


Digital Signatures
Once you have chosen a cryptographically sound hashing algorithm, you can use it to implement a digital signature system.
2 Distinct Goals

1. Digitally signed messages assure the recipient that the message truly came from the claimed sender. Nonrepudiation
2. Digitally signed messages assure the recipient that the message was not altered while in transit between the sender and recipient. 

Process:-

1. Alice generates a message digest of the original plaintext message using one of the cryptographically sound hashing algorithms, such as SHA-512.
2. Alice then encrypts only the message digest using her private key. This is Digital Signature.
3. Alice appends the signed message digest to the plaintext message.
4. Alice sends the appended message to Bob.

Bob reverses the procedure

1. Bob decrypts the digital signature using Alice's public key,
2. Bob uses the same hashing function to create a message digest of the full plaintext message received from Alice.
3. Bob then compares the decrypted message digest he received from Alice with the message digest he computed himself. If the 2 digests match, then he is assured that the message was only sent from Alice and also it was not modified in the transit.

Digital Signature Standard

NIST specifies the digital signature algorithms acceptable for federal government use in Federal Information Processing Standard (FIPS) 186-4, aka Digital Signature Standard (DSS)

1. Digital Signature Algorithm (DSA) as specified in FIPS 186-4
2. RSA algorithm as specified in ANSI X9.31
3. Elliptic Curve DSA (ECDSA) as specified in ANSI X9.62

Identity and Access Management

Identity and Access Management

Security Principles

1.     Availability
2.     Integrity
3.     Confidentiality

   
Identification -> Authentication -> Authorization -> Accountability  (IAAA)

Identification and Authentication
    One-to-One and One-to-Many
   

•         Identification Component Requirements
•         Access Control Review
•         IAAA

       
    Identity Management

•         Directories
•         Web Access Management
•         Password Management

1.             Password Synchronization
2.             Self-service password reset
3.             Assisted password reset

           
        Legacy Single sign-on
        Account Management
        Provisioning
            Authoritative System of Record
        Profile Update
        Biometrics

1.             Processing Speed
2.             Fingerprint
3.             Palm Scan
4.             Hand Geometry
5.             Retina Scan (Extremely Invasive and involve a number of privacy issues)
6.             Iris Scan
7.             Signature Dynamics
8.             Keystroke Dynamics
9.             Voice Print
10.             Facial Scan
11.             Hand Topography

        Passwords        Password Policies

1.                 Electronic monitoring
2.                 Access the password file
3.                 Brute-firse attacks
4.                 Dictionary attacks
5.                 Social Engineering
6.                 Rainbow table

Password Checkers            
Password Hashing and Encryption            
Password Aging            
Limit Logon Attempts            
Cogntive Password             
One-Time Password             
The Token Devices            
Synchronous (OneKey, RSA SecurID, Banking Devices)             
Asynchronous (challenge/response scheme to authenticate the user; challenge + nonce (random value) ; users enters the random value + username; encrypted sent to server; server decrypts; user authenticated)
      

Cryptographic Keys
            Passphrase
            Memory Cards
            Smart Card
            Smart Card Attacks
                Interoperability

1.                     ISO/IEC 14443-1 Physical Characterstics
2.                     ISO/IEC 14443-3 Initialization and anticollision
3.                     ISO/IEC 14443-4 Transmission protocol

•         Radio-Frequency Identification (RFID)
•         Authorization
•         Access Criteria
•         Default to No Access
•         Need to Know

            Authorization Creep

•         Single Sign-On

•             Kerberos

                Kerberos and Password-Guessing Attacks

•         Security Domains

       

•     Directory Services

        Thin Clients

•     Federation

        Digital Identity
   
    Access Control and Markup Languages

1.         SPML
2.         SAML
3.         OpenID
4.         OAuth
5.         Identity as a Service
6.         Integrated Identity Services
7.         Establishing Connectivity
8.         Esatblishing Trust
9.         Incremental Testing

       
    Access Control Models
        DAC - Discretionary Access Control
            Identity-Based Access Control
        MAC - Mandatory Access Control
            Sensitivity Levels
        RBAC - Role-Based Access Control
            Core RBAC
            Hierarchical RBAC
                Limited Hierarchy
                Gerneral Hierarchy
                Static Separation of Duty (SSD) Relations through RBAC
                Dynamic Separation of Duties (DSD) Relations through RBAC
        RB-RBAC - Rule-Based Access Control
   
    Access Control Techniques and Technologies

1.         Contrained User Interfaces
2.         Access Control Matrix
3.         Capability Table
4.         Access Control Lists
5.         Content-Dependent Access Control
6.         Context-Dependent Access Control

   
    Access Control Administration
        Centralized Access Control Administration
        RADIUS - Remote Authentication Dial-In User Service
        TACACS - Terminal Access Controller Access Control System
        Diameter (protocol)
            Mobile IP
        Decentralized Access Control Administration
       
    Access Control Methods
        Access Control Layers
            Administrative controls
                Personnel Controls
                Supervisory Structure
                Security-Awareness Training
                Testing
            Physical controls
                Network Segregation
                Perimeter Security
                Computer Controls
                Work Area Separation
                Cabling
                Control Zone
            Technical controls
                System Access
                Network Architecture
                Network Access
                Encryption and Protocols
                Auditing
   
    Accountability
        Review of Audit Information
        SEM & SIEM
        Protecing Audit Data and Log Information
        Keystroke Monitoring
       
    Access Control Practices
        Unauthorized Disclosure of Information
        Object Reuse
        Emanation Security
        TEMPEST
        White Noise
        Control Zone
   
    Access Control Monitoring
        IDS - Intrusion Detection Systems
        Network-Based IDSs
        Host-Based IDSs            Signature-based
                Pattern matching
                Stateful matching
            Anamoly-based
                Statistical anamoly-based
                Protocol anamoly-based
                Traffic anamoly-based
                Rule- or heuristic-based
        Knowledge- or Signature-Based Intrusion Detection
        State-Based IDSs
        Statistical Anamoly-Based IDS
        Protocol Anamoly-Based IDS
        Traffic Anamoly-Based IDS
        Rule-Based IDS
        IDS Sensors
        Network Traffic       
        IPS - Intrusion Prevention Systems

1.             Switched Environments
2.             Honeypot
3.             Intrusion Responses
4.             Network Sniffers

           
    Threats to Access Control
        Dictionary Attack
            Countermeasures
        Brute-Force Attacks
            Countermeasures
        Spoofing at Logon
        Phishing and Pharming

1.             Spear-phishing
2.             Whaling

Asset Security

Asset Security

Information Life Cycle

1.     Acquisition
2.     Use
3.     Archival
4.     Disposal

   
Information Classification
Classification Levels - Commercial Business - highest to lowest

1.     Confidential
2.     Private
3.     Sensitive
4.     Public

   
Classification Levels - Militarty purpose - highest to lowest

1.     Top Secret
2.     Secret
3.     Confidential
4.     Sensitive but unclassified
5.     Unclassified

   
Classification Controls
Layers of Responsibility

1.     Executive Management
2.     CEO
3.     CFO
4.     CIO
5.     CPO
6.     CSO/CISO
7.     Data Owner
8.     Data Custodian
9.     System Owner
10.     Security Administrator
11.     Supervisor
12.     Change Control Analyst
13.     Data Analyst
14.     User
15.     Auditor

   
Retention Policies

How ?

1.     Taxonomy
2.     Classification
3.     Normalization
4.     Indexing

   
How Long ?

1.     Business Documents - 7 years
2.     Invoices - 5 years
3.     Accounts payable and receivable - 7 years
4.     Human Resource Files - 7 years (Hired and Leave) or 3 years (candidates not hired)
5.     Tax records - 4 years after the taxes are paid
6.     Legal correspondence - Permanently

   
What Data ?
    e-Discovery

1.         Identification
2.         Preservation
3.         Collection
4.         Processing
5.         Review
6.         Analysis
7.         Production
8.         Presentation

   
Protecting Privacy
Data Owners    
Data Processers    
Data Remanence

1.         Overwriting
2.         Degaussing
3.         Encryption
4.         Physical Destruction

    Limits on Collection
   
Protecting Assets
    Data Security Controls

1.         Data at Rest
2.         Data in Motion
3.         Data in Use

    Media Controls

1.         Tracking
2.         Effectively implementing access controls
3.         Tracking the number and location of backup versions
4.         Documenting the history of changes on media
5.         Ensuring environmental conditions do not endanger media
6.         Ensuring media integrity
7.         Inventoring the media on a scheduled basis
8.         Carrying out secure disposal activities
9.         Internal and external labeling

       
Data Leakage
Date Leak Prevention
    General Approaches to DLP

1.         Data Inventories
2.         Data Flows

   
    Data Protection Strategy

1.         Backup and recovery
2.         Data life cycle
3.         Physical Security
4.         Security Culture
5.         Privacy   
6.         Organizational change

       
    Implementation, Testing, and Tuning

1.         Sensitive data awareness
2.         Policy Engine
3.         Interoperability
4.         Accuracy

   
    DLP Resiliency
       

1.     Network DLP
2.     Endpoint DLP
3.     Hybrid DLP

Protecting Other Assets

1.     Protecting Mobile Devices
2.     Paper Records
3.     Safes

Quanitative Risk Analysis

Quantitative Risk Analysis

Assign Asset Value (AV) -> Calculate Exposure Factor (EF) -> Calculate Single Loss Expectancy (SLE) -> Assess the Annualized Rate of Occurrence (ARO) -> Derive the Annualized Loss Expectancy (ALE) -> Perform Cost/Benefit analysis of countermeasures

Exposure Factor = %
Asset Value (AV)
Single Loss expectancy (SLE)  SLE = AV * EF
Annualized rate of occurrence (ARO) = # / year
Annualized loss expectancy (ALE) = SLE * ARO or ALE = AV * EF * ARO
Annual cost of the safeguard (ACS) = $/year
Value or benefit of a safeguard = (ALE before safeguard - ALE after safeguard) - ACS

Functions and Protocols in the OSI Model

Functions and Protocols in the OSI Model

Application Layer
The protocols at the application layer handle the file transfers, virtual terminals, network management, fulfilling networking requests of applications.

1. FTP - File Transfer Protocol
2. TFTP - Trivial FTP
3. SNMP - Simple Network Management Protocol
4. SMTP - Simple Mail Transfer Protocol
5. Telnet
6. HTTP - Hypertext Transfer Protocol

Presentation Layer
The services of the presentation layer handle translation into standard formats, data compression and decompression, and data encryption and decryption.
No protocol work at this layer, just services. Presentation layer standards are as below :-

1. ASCII - American Standard Code for Information Interchange
2. EBCDIC - Extended Binary-Coded Decimal Interchange Mode
3. TIFF - Tagged Image File Format
4. JPEG - Joint Photographic Experts Group
5. MPEG - Motion Picture Experts Group
6. MIDI - Musical Instrument Digital Interface

Session Layer
The session layer protocols set up connections between applications; maintain dialog control; and negotiate, establish, maintain, and tear down the communication channel , Some of the protocols that work at this layer include

1. NetBIOS - Network Basic Input Output System
2. PAP - Password Authentication Protocol
3. PPTP - Point-to-Point Tunneling Protocol
4. RPC - Remote Procedure Call

Transport Layer
The protocols at the transport layer handle end-to-end transmission and segmentation of the data stream.

1. TCP - Transmission Control Protocol
2. UDP - User Datagram Protocol
3. SPX - Sequenced Packet Exchange

Network Layer
The responsibilites of the network layer protocols include internetworking service, addressing, and routing.

1. IP - Internet Protocol
2. ICMP - Internet Control Message Protocol
3. IGMP - Internet Group Management Protocol
4. RIP - Routing Information Protocol
5. OSPF - Open Shortest Path First
6. IPX - Internetwork Packet Exchange

Data Link Layer
The protocols at the data link layer convert data into LAN or WAN frames for transmission and define how a computer access a network.
This layer is divided into the Logical Link Control (LLC) and the Media Access Control (MAC) sublayers.

1. ARP - Address Resolution Protocol
2. RARP - Reverse Address Resolution Protocol
3. PPP - Point-to-Point Protocol
4. SLIP - Serial Line Internet Protocol
5. IEEE 802.3 - Ethernet
6. IEEE 802.5 Token Ring
7. IEEE 802.11 - Wireless Ethernet

Physical Layer
Network interface cards and drivers convert bits into electrical signals and control the physical aspects of data transmission, including optical, electrical, and mechanical requirements.

1. RS/EIA/TIA-422, RS/EIA/TIA-423. RS/EIA/TIA-449, RS/EIA/TIA-485
2. 10Base-T, 10Base2, 10Base5, 100Base-TX, 100Base-FX, 100Base-T, 1000Base-T, 1000Base-SX
3. ISDN - Integrated Services Digital Network
4. DSL - Digital subscriber line
5. SONET - Synchronous Optical Networking

COSO Internal Control-Integrated Framework

COSO Internal Control-Integrated Framework

COBIT was derived from the COSO Internal Control-Integrated Framework, developed by the Committee of Sponsoring Organizations (COSO) that sponsored the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting. The COSO IC framework, first released in 1992 and last updated in 2013, identifies 17 internal control principles that are grouped into five internal control components as listed here.

Control Environment

1. Demonstrates commitment to integrity and ethical values
2. Exercises oversight responsibilites
3. Extablishes structure, authority, and responsibility
4. Demonstrates commitment to competence
5. Enforces accountability

Risk Assessment

6. Specifies suitable objectives
7. Identifies and analyzes risk
8. Assess fraud risk
9. Identifies and analyzes significant change

Control Activities

10. Selects and develops control activities
11. Selects and develops  general controls over technology
12. Deploys through policies and procedures

Information and Communication

13. Uses relevant, quality information
14. Communication internally
15. Communicates externally

Monitoring activities

16. Conducts ongoing and/or separate evaluations
17. Evaluates and communicates deficiencies

Security Program Development

Security Program Development

ISO/IEC 27000 Series : International standards on how to develop and maintain an ISMS developed by ISO and IEC.

Enterprise Architecture Development:

1.     Zachman Framework : Model for the development of enterprise architectures developed by John Zachman.
2.     TOGAF : Model and methodology for the development of enterprise architectures developed by The Open Group.
3.     DoDAF : U.S. Department of Defense architecture framework that ensures interoperability of systems to meet military mission goals.
4.     MODAF : Architecture framework used mainly in military support missions developed by the British Minsitry of Defence.
5.     SABSA Model : Model and methodology for the development of information security enterprise architectures.

   
Security Controls Development:

1.     COBIT 5 : A business framework to allow for IT enterprise management and governance that was developed by Information Systems Audit and  Control Association (ISACA).
2.     NIST SP 800-53 : Set of controls to protect U.S. federal systems developed by the National Institute of Standards and Technology.
3.     COSO Internal Control-Integrated Framework : Set of internal corporate controls to help reduce the risk of financial fraud developed by the committee of Sponsoring Organizations (COSO) if the Treadway Commission.

Process Management Development:

1.     ITIL : Processes to allow for IT Service management developed by the United Kingdom's Office of Government Commerce.
2.     Six Sigma : Business management strategy that can be used to carry out the process improvement.
3.     Capability Maturity Model Integration (CMMI) : Organizational development for process improvement developed by Carnegie Mellon University. (I.R.D.M.O) - Initial, Repeatable, Defined, Managed, Optimized

   
ISO/IEC 27000 Series

1.     ISO/IEC 27000 Overview and vocabulary
2.     ISO/IEC 27001 ISMS requirements
3.     ISO/IEC 27002 Code of practice for information security management
4.     ISO/IEC 27003 ISMS implementation
5.     ISO/IEC 27004 ISMS measurement
6.     ISO/IEC 27005 Risk Management
7.     ISO/IEC 27006 Certification body requirements
8.     ISO/IEC 27007 ISMS auditing
9.     ISO/IEC 27008 Guidance for auditors
10.     ISO/IEC 27011 Telecommunications organizations
11.     ISO/IEC 27014 Information security governance
12.     ISO/IEC 27015 Financial sector
13.     ISO/IEC 27031 Business continuity
14.     ISO/IEC 27032 Cybersecurity
15.     ISO/IEC 27033 Network security
16.     ISO/IEC 27034 Application security
17.     ISO/IEC 27035 Incident management
18.     ISO/IEC 27037 Digital evidence collection and preservation
19.     ISO/IEC 27799 Health organizations

Communication and Network Security

Open Systems Interconnection Reference model

1. Protocol
2. Application Layer
3. Presentation Layer
4. Session Layer
5. Transport Layer
6. Network Layer
7. Data Link Layer
8. Physical Layer
9. Functions and Protocols in the OSI Model
10. Tying the Layers Together
11. Multilayer Protocols

TCP/IP Model

1. TCP
2. IP Addressing
3. IPv6
4. Layer 2 Security Standards
5. Converged Protocols

Types of Transmission

1. Analog and Digital
2. Asynchronous and Synchronous
3. Broadband and Baseband

Cabling

1. Coaxial Cable
2. Twisted-Pair Cable
3. Fibre-Optic Cable
4. Cabling Problems

Networking Foundations

1. Network Topology
2. Media Access Technologies
3. Transmission Methods
4. Network Protocols and Services
5. Domain Name Service
6. E-mail Services
7. Network Address Translation
8. Routing Protocols

Networking Devices

1. Repeaters
2. Bridges
3. Routers
4. Switches
5. Gateways
6. PBXs
7. Firewalls
8. Proxy Servers
9. Honeypot
10. Unified Threat Management
11. Content Distribution Networks
12. Software Defined Networking

Intranets and Extranets
Metropolitan Area Networks

1. Metro Ethernet

Wide Area Networks

1. Telecommunications Evolution
2. Dedicated Links
3. WAN Technologies

Remote Connectivity

1. Dial-up Connections
2. ISDN
3. DSL
4. Cable Modems
5. VPN
6. Authentication Protocols

Wireless Networks

1. Wireless Communication Techniques
2. WLAN Components
3. Evolution of WLAN Security
4. Wireless Standards
5. Best Practices for Securing WLANs
6. Satellites
7. Mobile Wireless Communication

Network Encryption

1. Link Encryption vs. End-to-End Encryption
2. E-mail Encryption
3. Internet Security

Network Attacks

1. Denial of Service
2. Sniffing 
3. DNS Hijacking 
4. Drive-by Download

Security and Risk Management

Fundamental Principles of Security

1.     Availability
2.     Integrity
3.     Confidentiality
4.     Balanced Security

Security Definitions
Control Types
Security Frameworks

1.     ISO/IEC 27000 Series
2.     Enterprise Architecture Development
3.     Security Controls Development
4.     Process Management Development
5.     Functionality vs. Security

The Crux of Computer Crime Laws
Complexities in Cybercrime

1.     Electronic Assets
2.     The Evolution of Attacks
3.     International Issues
4.     Types of Legal Systems

Intellectual Property Laws

1.     Trade Secret
2.     Copyright
3.     Trademark
4.     Patent
5.     Internal Protection of Intellectual Property
6.     Software Piracy

Privacy

1.     The Increasing Need for Privacy Laws
2.     Laws, Directives and Regulations
3.     Employee Privacy Issues

Data Breaches

1.     U.S. Laws Pertaining to Data Breaches
2.     Other Nations' Laws Pertaining to Data Breaches

Policies, Standards, Baselines, Guidelines, and Procedures

1.     Security Policy
2.     Standards
3.     Guidelines
4.     Procedures
5.     Implementation

Risk Management

1.     Holistic Risk Management
2.     Information Systems Risk Management Policy
3.     The Risk Management Team
4.     The Risk Management Process

Threat Modeling

1.     Vulnerabilities
2.     Threats
3.     Attacks
4.     Reduction Analysis

Risk Assessment and Analysis

1.     Risk Analysis Team
2.     The Value of Information and Assets
3.     Costs That Make Up the Value
4.     Identifying Vulnerabilities and Threats
5.     Methodologies for Risk Assessment
6.     Risk Analysis Approaches
7.     Risk Analysis Approaches
8.     Qualitative Risk Analysis
9.     Protection Mechanisms
10.     Putting it Together
11.     Total Risk vs. Residual Risk
12.     Handling Risk
13.     Outsourcing

Business Continuity and Disaster Recovery

1.     Standards and Best Practices
2.     Making BCM Part of the Enterprise Security Program
3.     BCP Project Components

Personnel Security

1.     Hiring Practices
2.     Termination
3.     Security-Awareness Training
4.     Degree or Certification

Security Governance

1.     Metrics

Ethics

1.     The Computer Ethics Institute
2.     The Internet Architecture Board
3.     Corporate Ethics Programs

   

Security Engineering

Security Models

1) Bell-laPadula Model
2) Biba Model
3) Clark-Wilson Model
4) Noninterference Model
5) Brewer and Nash Model
6) Graham Denning Model
7) Harrison-Ruzzo_Ullman Model

Types of Symmetric Systems

1) Data Encryption Standard
2) Triple-DES
3) Advanced Encryption Standard
4) International Data Encryption Algorithm
5) Blowfish
6) RC4
7) RC5
8) RC6

Types of Asymmetric Systems

1) Diffie-Hellman Algorithm
2) RSA
3) El Gamal
4) Elliptic Curve Cryptosystems
5) Knapsack
6) Zero Knowledge Proof

Message Integrity

1) The One-Way Hash
2) MD4
3) MD5
4) SHA
5) Digital Signature Standard

PKI

1) CA
2) Certificates
3) RA

Attacks on Cryptography

1) Ciphertext-Only Attacks
2) Known-Plaintext Attacks
3) Chosen-Plaintext Attacks
4) Chosen-Ciphertext Attacks
5) Differential Cryptanalysis
6) Linear Cryptanalysis
7) Side-Channel Attacks
8) Replay Attacks
9) Algebraic Attacks
10) Analytic Attacks
11) Statistical Attacks
12) Social Engineering Attacks
13) Meet-in-the-Middle Attacks