• Information Security
• Week 1: Introduction
• Week 2: Threats, Vulnerabilities, Security Incidents and Attacks
• Week 3: No-Scheduled Classes
• Week 4: Managing Information Security
• Week 5: Identity and user authentication
• Week 6: Access Control
• Week 7: Privacy and Identity Theft
• Week 8: Symmetric Cryptography
• Week 9: Asymmetric Cryptography
• Week 10: No-Scheduled Classes
• Week 11: Public keys, trust and PKI
• Week 12: Network and Communications Security
• Week 13: Review

• Confidentiality: Preventing unauthorised disclosure of information.
• Integrity: Preventing unauthorised (accidental or deliberate) modification or destruction of information.
• Availability: Ensuring resources accessible when required by an authorised user
• Entity Authentication: The process of verifying a claimed identity (Is this person actually who they say they are? How can I be sure?)
• Data Origin Authentication: Verify the source (and integrity) of a received message (Is this message from the place/sender it claims to be)
• Non-repudiation: Create evidence that an action has occurred, so that the user cannot falsely deny the action later
• Vulnerability: Characteristics of, or weaknesses in a system that could be used to cause harm if acted on by a threat
• Threat: Sets of circumstances with the potential to cause harm by compromising stated security goals
• Attack: An attack is when vulnerabilities are deliberately exploited by someone with malicious intent

The CIA triad is a common, respected model that forms the basis for the development of security systems and policies. These are used for the identification of vulnerabilities and methods for addressing problems and creating effective solutions.

• Confidentiality: Preventing unauthorised disclosure of information.
• Integrity: Preventing unauthorised (accidental or deliberate) modification or destruction of information.
• Availability: Ensuring resources accessible when required by an authorised user.

• In Storage: Data that is stored somewhere whether that be electronically (database), physical (file cabinet), or human.
• In transmission: Data that is being sent over a network, a local transfer between devices or physical transit.
• Being processed (in use): Data that is currently being processed.

• Threats: Sets of circumstances with the potential to cause harm by compromising stated security goals
• Vulnerabilities: Characteristics of, or weaknesses in a system that could be used to cause harm if acted on by a threat

• Preventive: Aim to prevent or reduce the likelihood of an incident happening
• Detective: Monitoring to identify attempts or successfully exploited vulnerabilities
• Corrective: Aim to recover from harm to information assets or business goals

• Threat actor: Person or entity whose actions impact or have the potential to impact information security
• Threat action: What was done or intended to harm the information asset
• Passive attack: An attack done to gain information without direct interaction with the information system
• Active attack: An attack done to gain information which involves some alteration to the information asset
• DoS and DDoS: Where the objective is to make an information asset or resource unavailable to authorized users
• Malware: Malicious Software used to gain access to information
• Man-in-the-Middle attack: "A man-in-the-middle attack (MITM attack) is a cyber attack where an attacker relays and possibly alters communication between two parties who believe they are communicating directly." - Upguard
• Phishing: "Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware." - Wiki
• Replay attack: A valid data transmission is captured (recorded), stored and retransmitted at a later time
• Security incident: Occurs when threats and vulnerabilities coincide
• Spoofing: Where one entity pretends to be another to deceive others
• Social Engineering: "Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables." - Kaspersky

Common malware types

• Viruses: Programs with ability to replicate
• Spreads by copying itself into other files (infecting) and is activated when infected files are opened or exe’s run
• Worms: Programs with ability to self replicate
• Spreads from computer to computer without human interaction
• Trojan horses: Programs with known desirable properties and hidden undesirable property
• User downloads the program and knowingly uses desirable features
• Undesirable feature runs without user knowledge

Passive Attack Examples:

• Eavesdropping: Listening to the conversations of others without their knowledge or consent
• Shoulder surfing: Watching the actions of others (especially at data entry) without their knowledge or consent
• Network monitoring and eavesdropping: A packet sniffer or network analyzer can monitor network traffic

Active Attack Examples:

• Denial of Service (DoS) Attack: Where the objective is to make an information asset or resource unavailable to authorized users
• Damage the resource, so that it can not be used
• Deliberately interrupt communications between users and resource, so that it can not be accessed
• Overload the resource by making a large number of requests for service, so it cannot respond to legitimate requests
• Distributed Denial of Service (DDoS) Attack: Objective is same as DoS attack
• Use multiple sources to make resource requests
• Overloads resource, so it cannot respond to legitimate requests
• Masquerade/Spoofing: Where one entity pretends to be another to deceive others
• Caller ID spoofing
• Email address spoofing
• Webpage spoofing
• Social Engineering: Using social skills to convince people to reveal information or permit access to resources
• Phishing: "Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware." - Wiki
• Replay attack: A valid data transmission is captured (recorded), stored and retransmitted at a later time
1. Access to a system requires use of password, but password is encrypted during transmission
2. Attacker records encrypted password, and replays this information in order to gain access
3. Doesn’t matter that attacker doesn’t know the password – they can provide the expected credential on request

• Risk: Effect of uncertainty on objectives
• Consequence: Outcome of an event affecting objectives
• Likelihood: Chance of something happening
• Stakeholder: People and organizations who may affect, be affected by, or perceive themselves to be affected by, a decision or activity
• Risk Assessment: The process used to assess a risk generally using 3 principles; identification, Analysis and Evaluation of a risk
• Risk Identification: Identifying what, where and when a risk can happen, why and how it can happen and finally the tools and techniues to be used to identify risks
• Risk Analysis: Defining the magnitude of the risk through qualitatively, quantitatively, or semi-quantitatively scales
• Risk Evaluation: The process of comparing risks and deciding which need treatement first
• Risk Treatment: "The process of choosing risk treatment options, determining appropriate controls to implement such options, formulating a risk treatment plan and obtaining approval of the Risk treatment plan" - Infosavvy

• Risk Avoidance: Stop doing the activity that gives rise to the risk
• Risk Modification: Apply controls to the change the likelihood of the event or change the consequences to reduce the magnitude
• Risk Sharing: Share with another party that can effectively manage risk
• Risk Retention: Know the risk exists, but decide to do nothing

• AS/NZS 27001:2015: Information security management systems - Requirements
• AS/NZS 27002:2015: Code of practice for information security management
• AS/NZS 27005:2015: Information security risk management

Typically 27001 and 27002 are used in conjunction as 27001 is all about management and 27002 is the code of practice. When it comes to who enforces and conforms to these standards it's easy to point and say the management team of the business however the actions of any one entity can cause consequences for others. Everyone has their role to play no matter what role in the business they take, collaboration and co-operation is needed at all levels.

1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement

1. Scope
2. Normative references
3. Terms and definitions
4. Structure of this standard
5. Information security policies
6. Organization of information security
7. Human resource security
8. Asset management
9. Access control
10. Cryptography
11. Physical and environmental security
12. Operations security
13. Communications security
14. System acquisition, development and maintenance
15. Supplier relationships
16. Information security incident management
17. Information security aspects of business continuity management
18. Compliance

• Identification: The act of identifying someone or something
• Authentication: The process of verifying the identity of someone
• Authenticator: A private thing only the authentic user could provide
• Hash function: A method of encryption
• Token: A unique phrase or combination of characters that are generated to confirm an identity
• Biometric system: Automated methods of verifying or recognising a person based upon a physiological or behavioural characteristic
• False match: Mistaking biometric measurements from two different persons to be from the same person
• False non-match: Mistaking two biometric measurements from the same person to be from two different persons
• Multifactor authentication: The combination of authentication techniques from two or more different categories

• Knowledge-Based: Something you know (should be a secret only the entity knows)
• Object-Based: Something you have (physical item only the entity possesses)
• ID-Based: Something you are (physical characteristic of person - biometric)
• Location-based: Somewhere you are

• MD4 and MD5: Produce 128-bit hash values.
• SHA-1: Produces a 160-bit hash value.
• SHA-2 set of hash functions: Output lengths 224, 256, 384, and 512.
• SHA-3 set of hash functions: Output lengths 224, 256, 384, and 512.

• Clock-Based Tokens
• Token display shows a constantly changing value
• To log in to system user must provided an ID, then types in current value on token as authenticator
• System fails if clocks in token & host not synchronized
• Counter-Based Tokens
• Instead of a clock value, use an internal counter value
• Increment the counter with each successful login
• Token device generates ‘password’ value as a function of the counter value and other internal data, without external inputs

• Universality: Each person should have the characteristic
• Distinctiveness: Any two persons should be sufficiently different in terms of the characteristic
• Permanence: The characteristic should be sufficiently invariant (with respect to the matching criterion) over a period of time
• Collectability: The characteristic can be measured quantitatively

• Controls: The countermeasures that companies implement to detect, prevent, reduce, or counteract security risks.
• Countermeasures: Control measures are the things we put in place to help reduce the risk of security incidents happening.
• Whitelist: Whitelisting is a cybersecurity strategy under which a user can only take actions on their computer that an administrator has explicitly allowed in advance.
• Blacklist: Access generally permitted unless expressly forbidden.
• Need to know principle: The principle of least privledge (or the need to know principle) is the method of restricting all but whats needed for the task (or needed to know to complete said task).
• Separation of duties: The separation of duties method is that for any critical task that needs to be done, divide up the task into a series of steps and ensure that no single entity is authorised to complete all steps needed.
• Subjects: Entities requesting access to a resource.
• Objects: Resources or entities which contain information.
• Resource owners: The owners of the resources.
• Discretionary access control (DAC): Access rights to an object or resource are granted at the discretion of the owner.
• Mandatory access control (MAC): A central authority assigns attributes to objects and to subjects
• Role-based access control (RBAC): Access rights based on the role of the subject, rather than the subject’s individual identity.

• Technology: Hardware and software applied to protect assets
• Policy and Practices: Policies, procedures and guidlines defining how people can use information systems and assets
• Education, Training and Awareness: So human users interacting with information assets understand the security implications of their actions, know what they need to do, and are trained appropriately

Control measures can also be categorised on how they can be implemented:

• Preventive Controls: Aim to prevent the incident from happening in the first place
• Detective Controls: Monitor to receive warning of attempts to exploit vulnerabilities, indicators of incident in progress or has occurred
• Corrective Controls: Aim to correct errors or irregularities that have been detected, repair damage

Blacklist: Access generally permitted unless expressly forbidden

• If your name is on the list, you will be denied access
• These are the sites that you are not permitted to visit
• This software must not be installed

• If your name is on the list, you will be granted access
• These are the only sites that you are permitted to visit
• These are the only applications that you are permitted to install

• Discretionary access control: Decision at the discretion of some individual, possibly the information asset owner
• Mandatory access control: System wide set of rules applied
• Role-based access control: Access permissions based on the role of the individual, rather than the individual identity

1. Policy definition phase where privilege is allocated and administered
1. Authorise subject by defining the AC policy
2. Distribute access credentials/token to subject
3. Change/revoke authorisation whenever necessary
2. Policy enforcement (grant access) phase where privilege is required to gain access
1. Authenticate subject
2. Grant access as authorised by policy
3. Monitor access

• How are users informed of their access privileges: Which assets does the user have access to and are there any conditions on use of privileges
• Is the handover of privileges secure: Are identities check through ID badges or passwords
• How are details of users and privileges recorded: Are the records secure from modification and can you easily identify privileges associated with a user or recourse
• How will he privileges be revoked when needed: is there an expiry time or a procedure for automatic revocation under certain conditions

• Identification: Who are you? (provide user ID)
• Authentication: Is it really you? (provide credentials)
• Authorization: Are you allowed to access this resource and in what mode (read/write)? (check system records)

• Privacy: The interest that individuals have in sustaining 'personal space', free from interference by other people and organisations.
• Information Privacy: The relationship between the collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them.
• Personal information: Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
• Sensitive information: Sensitive information is defined in the Privacy Act to mean information or an opinion about an individual’s: racial or ethnic origin; political opinions; membership of a political association;religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual preferences or practices; or criminal record.
• Cookies: Small text files used to store personal info or unique identifying fields.
• Web bugs: Used to keep track of which users view web pages or read email messages.
• Identity theft: A crime where one person uses another person’s key personal information to fraudulently impersonate them.

However, the definition of privacy greatly depends on the context its presented in:

• Privacy of the person:
• Physical or bodily privacy: about the integrity of the body and consent to physical procedures
• Privacy of personal behaviour:
• Including political, religious and sexual practices and preferences
• Privacy of personal communications:
• Being able to communicate with other individuals without routine monitoring by others
• Privacy of personal data:
• Control over personal data and how it will be used, even when it is held by another organisation
• privacy of personal experience:
• Experience monitored and analysed: reading, viewing, interactions

• At the federal level:
• Commonwealth Privacy Act 1988 & subsequent amendments
• Deals with privacy of personal information
• Regulates how your personal information can be collected, used, and disclosed, and how it should be maintained
• Privacy Amendment (Private Sector) Act 2000
• Extended coverage of the Privacy Act to parts of the private sector
• Had to comply with 10 National Privacy Principles
• Not all businesses had to comply, some had exemptions (i.e. small businesses worth a turnover of < $3000000 per annum, etc)
• Privacy Amendment (Enhancing Privacy Protection) Act 2012
• A single set of principles that applied to:
• Australian federal government agencies
• ACT and Norfolk Island government agencies
• Private-sector businesses with annual turnover > $3000000
• All private sector health service providers
• 13 Australian Privacy Principles, grouped into five parts:
1. Consideration of personal information privacy
• APP1 - Open and transparent management of personal information
• APP2 - Anonymity and pseudonymity
2. Collection of personal information
• APP3 - Collection of solicited personal information
• APP4 - Dealing with unsolicited personal information
• APP5 - Notification of collection of personal information
3. Dealing with personal information
• APP6 - Use or disclosure of personal information
• APP7 - Direct marketing
• APP8 - Cross-border disclosure of personal information
• APP9 - Adoption, use or disclosure of government related identifiers
4. Integrity of personal information
• APP10 - Quality of personal information
• APP11 - Security of personal information
5. Access to, and correction of, personal information
• APP12 - Access to personal information
• APP13 - Correction of personal information
• Privacy Amendment (Notifiable Data Breaches) Act 2017
• Applied to all agencies and organisations with privacy obligations under APPs
• If a breach is likely to result in serious harm, the organisation has an obligation to notify both: Individuals whose personal information is involved and Australian Information Commissioner
• At a state level:
• Information Privacy Act 2009 (Qld)
• 11 Information Privacy Principles
• Controls the way Qld government agencies handle information

• Within organsiations (insiders)
• Employees (Information users)
• Employers (Management)
• External to organisations
• May have gained access (criminals, hackers, etc)
• Family and friends (sharing your information)
• Governments

• Make decisions/policy on
• Personal information to collect:
• What should be collected & what business process uses it?
• How is information collected?
• How that information will be treated through its lifecycle
• How could/should it be used?
• Who will have access to it, and how will that be managed
• Will it be shared with third parties?
• What happens at the end of the life stage - disposal

So what are the benefits of monitoring and surveillance? Monitoring and surveillance helps the government understand what is happening, identify issues and resolve them efficiently.

• Example: Smart City
• Make use of CCTV, IoT, sensors to monitor temperature, air quality, water, traffic flow
• Improved physical safety in public areas
• Direct law enforcement/emergencies services to incidents
• Efficient use of resources - manage traffic flows, divert from accidents and bottlenecks
• Improve environmental conditions - use climate control
• Connected neighbourhoods
• Example: Network Monitoring
• Know when components are functioning or failing
• Identify traffic flow issues
• Detect abnormal behaviour

• Phone Calls: number dialed, location data, time and duration of calls
• Internet Access: URLs visited, time spent, site visited previously
• Social Media: Contents of posts, facial recognition for image data, network of friends/contacts, frequency of messaging
• Email: Sent, recipient, contents of email
• Keystroke Logging: Hardware and software keystroke loggers

• Dumpster Diving: Digging through rubbish bin contents to try find hardcopy items that reveal personal information (credit card receipts, pre-approved credit forms, paperwork from another organisation, etc)
• Raiding Letterboxes: Mail may include unique identifiers such as Tax File Numbers
• Social Engineering: Phone calls, email messages, phishing scams, romance scams, fake jobs, fake lottery wins, etc
• Obtaining credit reports on victims

A persons information can also be stolen online through data leaks, using malware to compromise a user's PC or personal web pages and social networking sites.

• Cryptography: The study of methods for ‘secret’ writing. Transforming messages into an unintelligible form, and recovering them
• Cryptanalysis: Analysis of cryptographic systems, inputs and outputs. To derive confidential information, usually without using the secret knowledge
• Plaintext: The original message or data, sometimes called cleartext
• Ciphertext: Encrypted plaintext, transformed so message is now ‘hidden’
• Encryption: Transforming plaintext into another form so the meaning is not obvious, using an algorithm and some secret knowledge
• Decryption: Transforming ciphertext back to original plaintext, using the algorithm and key
• Cryptographic key: A string of characters used within an encryption algorithm for altering data so that it appears random
• Encoding: Transforming data from one form to another using an encoding algorithm
• Steganography: Hiding information within a document or image, so that the presence of the message is not detected
• Symmetric cipher: A cipher that uses the same key for encryption and decryption
• Stream cipher: A cipher that uses an encryption algorithm that processes an individual bit, byte, or character of plaintext at a time
• Block cipher: A cipher that uses an encryption algorithm that processes one block (64-bits or 128-bits) at a time

Cryptography is the study of methods for 'secret' writing; transforming messages into an unintelligible form and recovering them. Cryptanalysis on the other hand is the analysis of cryptographic systems, inputs and outputs to derive confidential information, usually without using the secret knowledge.

• Plaintext (P): The original message or data, sometimes called cleartext
• Encryption (E): Transforming plaintext into another form so the meaning is not obvious, using an algorithm and some secret knowledge
• Cryptographic Key (K): A string of characters used within an encryption algorithm for altering data so that it appears random
• Ciphertext (C): Encrypted plaintext, transformed so the message is now 'hidden'
• Decryption (D): Transforming ciphertext back to original plaintext, using the algorithm and key

Example:

Steganographic techniques can include:

• Using invisible ink
• Microdots
• Character arrangement and selection
• Hiding information in pixels

• In Storage: If you can't prevent unauthorised access to data files, then encrypting the files can prevent unauthorised access to the information (that is, the attacker can't read the file contents)
• Being Transmitted: Information sent over network communication links can be encrypted to prevent eavesdroppers gaining unauthorised access to information

• If there is a bitflip error (0 to 1 or vice versa) only that bit will be decrypted incorrectly
• If a ciphertext bit is inserted or deleted this causes a loss of synchronization, and the message cant be recovered from the insertion/deletion point onward

• Electronic Code Book (ECB)
• Cipher Block Chaining (CBC)
• Output Feedback (OFB)
• Cipher Feedback (CFB)
• Galois Counter Mode (GCM)
• And more...

• If there is a bitflip error (0 to 1 or vice versa) only that bit will be decrypted incorrectly
• Insertion or deletion of a single ciphertext bit (or even a character) will be detected because of the incorrect ciphertext length
• Insertion or deletion of an entire block or multiple blocks - ECB can't detect
• Re-ordering of ciphertext blocks results in corresponding re-ordering of plaintext blocks

Another problem ECB mode suffers from is that for a given key, the same plaintext block always encrypts to the same ciphertext block meaning it doesn't hide repetitive, some information leakage occurs and or attackers may construct a code book of known plaintext/ciphertext blocks and use to insert, delete, reorder or replay blocks within the message.

• If there is a bitflip error (0 to 1 or vice versa) that block and one bit in the following block will decrypt incorrectly
• If a ciphertext bit (or even a character) is inserted or deleted this will still be detected because of the incorrect ciphertext length
• Inserting or deleting a block will cause an incorrect decryption

1. Fixed length output H(M) for arbitrary length input M
2. H(M) is one-way: Given M, it is easy to compute H(M), but given H(M) it is infeasible to compute M
3. H(M) is collision-resistant: Hard to find two messages M and M' so that H(M) = H(M')
4. If you make a small change in M, it produces a major change in H(M)

1. Alice and Bob agree on a hash function H() to use
2. Alice (message sender):
1. Generates her message M
2. Calculates H(M)
3. Sends both M and H(M) to Bob
3. Bob (message receiver)
1. Receives M' and H(M)
2. Uses M' as an input to H() and calculates H(M')
3. Compares H(M) and H(M')
• If H(M) != H(M') then Bob knows the message M' is not what Alice sent: it has been altered
• If H(M) == H(M') then Bob assumes the message M' is the message Alice sent: assumes unaltered

1. Intercepts the message {M, H(M)} sent by Alice
2. Changes M to M'
3. Recalculates the has H(M')
4. Then sends {M', H(M')} to Bob

Now when Bob receives the message and compares the hash he will be non the wiser that anyone has intercepted the message.

• Confidentially: The key must only be available to those authorised to use it
• Integrity: If a key is altered, the altered key will not decrypt ciphertext formed using the original key. If an attacker alters the key (replaces it with a key they know) potentially they have unathorised access to all the information that is encrypted with the new key
• Availability: If an attacker destroys a stored key, all information currently encrypted with that key will be unavailable

If we use symmetric ciphers to provide security services for information, then we must also provide security services for the symmetric keys used with the ciphers (effectively replacing one security problem with another). Cryptographic techniques can be used to provide security for cryptographic keys such as storing keys in a file which we encrypt to provide confidentiality (this forms a hierarchy of keys: Master keys, Session keys, etc). Another technique we can do is store hash values or MACs of secret key files and use those to detect modifications to the key files.

• Secure channel: "Secure channels guarantee both the authenticity and confidentiality of information" - Olvid
• Insecure channel: "Unsecure channels do not guarantee anything: neither authenticity nor confidentiality" - Olvid
• Symmetric cipher key establishment problem: How can people establish a shared secret key securely, if the communication channel they are using is not secure?
• Pre-distribution: Distribute the shared secret key ‘out-of-band’ (i.e. Not over the insecure communication channel, but over a different and secure channel)
• Trusted third party: Have one trusted party where everyone holds shared secret keys to communicate with that trusted party. If you want to communicate securely with someone else you ask the trusted third party (TTP) to send you a key
• Modular exponentiation:
• Asymmetric cryptography: "Asymmetric cryptography, otherwise known as public-key cryptography, is when two keys – private and public ones – are used to encrypt and decrypt data" - NordVPN
• Key pair: A blanket term for both a public and private key
• Public key: A public encryption key
• Private key: A private encryption key
• Digital signature: "A cryptographic value that is calculated from the data and a secret key known only by the signer. A digital signature is a technique that binds a person/entity to the digital data." - TutorialsPoint
• Non-repudiation: "Non-repudiation is the assurance that someone cannot deny the validity of something. In other words, non-repudiation makes it very difficult to successfully deny who/where a message came from as well as the authenticity and integrity of that message." - Cryptomathic

1. Have already set up a shared secret key k with Bob
2. Encrypt the plaintext message P using k and the symmetric cipher
3. Send the resulting ciphertext C = E(P, k) to Bob

For Bob to recover the message:

1. He must use the same shared secret key k that Alice used to encrypt
2. He must decrypt the ciphertext C using k and the corresponding decryption algorithm to recover the plaintext P = D(C, k)

• 2 people, only 1 secret key is needed
• 3 people, and each participant may possibly communicate securely with every other participant, 3 secrete keys are needed
• 4 people, 6 secrete keys are needed
• n people, n(n-1)/2 secrete keys are needed

• You ask the trusted third party (TTP) to send you a key (encrypted using the secret key you share with the third party)
• Then you decrypt the TTP message to obtain that new key (the other person you want to communicate with needs it too)
• Now you can use this key in communications with the other party

1. Chooses their own secret value
2. Sends the other a mathematical function of their chosen value
3. Combines their own value with the received information to form the shared secret value

• Setup:
• Alice and Bob agree on using p = 71 and g = 7
• Protocol:
• Alice selects a random integer, say a = 5, and sends 7⁵ mod 71 = 51 to Bob
• Bob selects a random integer, say b = 12, and sends 7¹² mod 71 = 4 to Alice
• Alice computes 4⁵ mod 71 = 30 as the secret key
• Bob computes 51¹² mod 71 = 30 as the secret key

So how would we go about finding out someones public key? They could either directly give it to you or could put it up to access through some other means (like a website or through a public keyserver).

1. Know Bob’s public key
3. Encrypt the plaintext message P using the asymmetric encryption algorithm and Bob’s public key K_{B_pub}
4. Send the resulting ciphertext to Bob

For Bob to recover the message

1. Bob uses his private key K_{B_priv} and the asymmetric decryption algorithm to decrypt the ciphertext

Notation:

• Encryption: C = E(P, K_{R_pub})
• Decryption: P = D(C, K_{R_priv})
• Public key of the recipient K_{R_pub} used for encryption
• Private key of the recipient K_{R_priv} used for decryption

• RSA: Exploits symmetry in RSA encryption/decryption algorithms; Relies on the difficulty factoring large numbers
• DSA (Digital Signature Algorithm): Also referred to as DSS (Digital Signature Standard); Relies on the difficulty of solving the discrete log problem
• ECDSA (Elliptic Curve DSA)

It's important to note that RSA, DSA and ECDSA are currently the only FIPS-approved methods for digital signatures.

Valid digital signatures provide:

• Authentication of message sender
• Some assurance of message integrity
• Non-repudiation

• Asymmetric key pair: A key pair consisting of 1 public and 1 private per person
• Public key fingerprint: "A short sequence of bytes used to identify a longer public key" - Wikipedia
• Public key spoofing problem:
• Public key trust model: "A trust Model is collection of rules that informs application on how to decide the legitimacy of a Digital Certificate" - Ezinearticles
• User centric trust mode: Public keys are made available by users and each user collects public keys for other users
• Public key ring:
• Trusted Authority model: Have trusted authorities perform checks and issue certificates endorsing the public keys of entities
• Digital certificate: A (verifiable) certificate of authority containing the user’s public key, the user’s ID and more
• Certificate Authority: A Certificate Authority (CA) creates and digitally signs the certificate

Advantages:

• Simple and free
• Works well for a small number of users
• Does not require expensive infrastructure to operate
• User-driven operation

Disadvantages

• Relies on human judgment on trust decisions
• Not appropriate for trust-sensitive areas (such as finance and government)

• Most widely used format: X.509 standard
• Recommended by International Telecommunication Union (ITU-T)
• Important fields in X.509 digital certificates:
• Version number
• Serial Number (set by the CA)
• Signature Algorithm identifier (Algorithm used for dig sigs)
• Issuer (Name of the CA)
• Subject (Name of entity to which certificate has been issued)
• Public Key Information
• Validity period (certificate should not be used outside this time)
• Digital signature (of the certificate, signed by the CA)

So how would Alice obtain a digital certificate for her public key?

1. Alice generates a key pair
2. Alice keeps the private key secret and sends to the CA:
• her identity details, ID_A
• her public key, K_{A_pub}
• any other information required by the CA
3. The CA then
• performs any required checks to verify Alice’s identity
• creates and signs a certificate containing ID_A and K_{A_pub}
• sends the certificate, Cert_A, to Alice

• Tree structure
• Single root CA
• Users are leaves of the tree
• Each node is certified by its immediate parent CA
• Highly regulated
• Each CA must follow rules regarding to whom they may issue certificates
• Root CA
• Starting point for trust
• All users trust the root CA, and must receive its public key through a secure out-of-band channel

Advantages:

• Works well in highly-structured setting such as military and government
• Unique certification path between two entities (so finding certification paths is simple)
• Scales well to larger systems

Disadvantages

• Need a trusted third party (root CA)
• single point-of-failure’target
• If any node is compromised, trust impact on all entities stemming from that node
• Does not work well for global implementation (who is root TTP?)

• Interconnection of multiple hierarchies
• No single root CA, multiple cross-certified root CAs
• Trust is distributed among the root CAs

• Cross certification and revocation may not be supported leaving limited opportunity for expansion and limited trust options available
• No formal legal agreement established between users and CAs meaning the liability rests with the users and not the CAs

• Communications Protocol:
• Internet Protocol Suite:
• Client-Server Communications Model:
• HTTP:
• HTTP Authentication (Basic and Digest):
• SSH:
• TLS:
• IPSec:
• Transport Mode:
• Tunnel Mode:

• Hubs (multiple ports to plug in cables)
• Switches (multiple ports, can direct transmission only out relevant port)
• Routers (connect networks, can program to control how they route traffic)

Different applications operate on different ports. To enable communication between devices, addressing is needed:

• IP address gives unique identifier for a device in a network
• Format is hostname.subdomain.domain.topleveldomain

• ISO Open Systems Interconnection (OSI) Model
• 7 layer model
• IETF Internet Protocol Suite
• 4 layer model
• Commonly known as TCP/IP (Transmission Control Protocol / Internet Protocol)

• Application: User level data
• Presentation: Data standardisation, blocking, compression
• Session: Message sequencing
• Transport: Flow control, error detection and correction
• Network: Routing, blocking messages into uniformly sized packets
• Data Link: Separating packets into frames, error recovery
• Physical: Actual communication - bit transmission

• Application: Prepares user messages; Each application protocol has unique message format
• Transport: Converts messages to packets; Uses ports for different applications on same host
• Internet: Converts packets to datagrams to send to destination; Hosts have unique IP addresses (IPv4: 32 bit, IPv6: 128 bit)
• Link: Physical layer, associated with computer hardware; Transmission of communication as bits

• Clients identify
• Program they want to use (by port number)
• Machine they want to connect to (by IP address)
• Application servers listen for messages on particular ports
• Common ports:
• Web servers: port 80 (HTTP), 443 (HTTPS)
• Email servers: port 25 (SMTP), 110 (POP)
• Remote login: port 22 (SSH), 23 (Telnet)
• File transfer: port 20/21 (FTP), 22 (SFTP/SCP)

• Basic: Server decodes (Base64) to recover password and compares to entry stored in its password database
• Digest: Server computes a hash value and compares this to the received value. The ‘password’ file contains the hash of the username, realm and password

1. SSH Transport Layer Protocol (RFC4253): Provides server authentication, data confidentiality, and data integrity assurance
2. SSH User Authentication Protocol (RFC4252): Authenticates the user to the server
3. SSH Connection Protocol (RFC4254): Multiplexes multiple logical communications channels over a single underlying SSH connection

Server authentication occurs during the key exchange step:

• Server has asymmetric key pair (private key, public key)
• Server uses server private key in certain ways to allow client to authenticate server, either
• Explicitly
• Key exchange messages include a signature formed with the server private key
• Client can use server public key to verify
• Or implicitly
• Client uses server public key to encrypt symmetric key
• Server proves it knows corresponding private key by recovering the shared secret key and sending a message and MAC formed using the key, that the client can verify

1. Establish the SSH version and identification information
2. Negotiate the cryptographic algorithms to be used
• Each entity provides list of algorithms for key exchange, encryption, MAC and data compression, in order of preference
3. Perform key exchange (DH) for keys to use with algorithms
4. Final message from client to server to request use of either SSH User Authentication Protocol or SSH Connection Protocol

1. The client sends a user authentication request message which includes username
2. The server responds and if the username is valid the server sends list of authentication methods (either a public key or password)
3. Client responds with authentication method selected and required information
4. When required authentication is performed successfully the server sends a user authentication successful message

An advantage to using public keys with SSH is that each account can have multiple associated public keys meaning users could have different keys for each devices they own, if one is lost/compromised it's easy to revoke its access. Another advantage is that multiple users can login to a single account without using a shared password. Each user has their own key pair meaning we can revoke one users access independently of others. Lastly users an associate the same key with multiple accounts giving a form of single sign-on.

• Peer Authentication
• Ensures that network traffic is being sent from the expected party
• Server to client authentication based on public keys
• Client to server authentication based on passwords or public keys
• Message Confidentiality
• Uses encryption to protect against unauthorised disclosure
• Message Integrity
• Data integrity assured using message authentication code (MAC)
• SSH can determine if data has been changed during transit
• Message Replay Protection
• The same data is not delivered multiple times

1. Internet Key Exchange (IKE): Negotiate, create, and manage security associations (agreeing on cryptographic algorithms, establishing cryptographic keys and sequence numbers)
2. Encapsulating Security Payload (ESP): Encryption used to provide confidentiality, MAC for authentication, integrity and replay protection (but does not cover header fields)
3. Authentication Header (AH): Authentication, integrity and replay protection for entire payload, and for header fields not changed by routers. However, there is no confidentiality provided

• Transport mode
• Operates primarily on the payload (data) of the original packet
• Original packet header kept as header and new IPSec header (AH or ESP) inserted between original header and payload
• Generally only used in host-to-host architectures
• Tunnel mode
• Original packet with header encapsulated as payload in anew packet, with new IPSec Header added
• Typical use is gateway-to-gateway architecture

• Message Confidentiality
• Uses encryption to protect against unauthorised data disclosure
• Message Integrity
• Integrity of data can be assured by using a message authentication code (MAC)
• IPsec can determine if data has been changed (intentionally or unintentionally) during transit
• Traffic Analysis Protection
• Provided by concealing IP datagram details (such as source and destination addresses)
• A person monitoring network traffic cannot know which parties are communicating, how often, or how much data is being sent
• Peer Authentication
• IP addresses are used as host identifiers
• Each IPsec endpoint confirms the identity of the other IPsec endpoint it wants to communicate with (ensuring that network traffic is being sent from the expected host

• Final Examination Weight: 40%
• Exam Duration: 10 minute perusal | 3 hours of working time
• Things to Bring:
• Student ID
• Writing Implements (blue/black pen, pencils, erasers, highlighters, etc)
• Prepared Notes - One double sided A4 page [~! Handwritten Only !~]

• Part A (Content related to L4-L10
• Fifty multiple choice questions (50 x 1 mark = 50 marks)
• Answer on mark sense sheet (by colouring circle in pen)
• Part B (Content related to whole semester
• Five questions, each 10 marks (5 x 10 marks = 50 marks)
• Each question has multiple parts, these require short answer
• For example, Q51 may have parts a), b), c), etc
• Marks for each part of the question are indicated - use this as a guide to the level of detail required in your answer

• Review the weekly materials: activities, lecture recordings
• Attempt all tutorial questions
• Reflect on weekly Kahoot results
• Review your assessment task 1: quiz results
• Questions on the standards (AS27001, 27002, 27005)
• "We don't expect you to rote learn the contents of these standards. We do [however] expect you to know [the] purpose of each, relationship[s] between standards, and details discussed in class"