SECURITY MECHANISMS COUNTERMEASURES

avatar
Created by
Shaira <3

Cards (36)

  • Cryptography
    The practice and study of secure communication techniques in the presence of third parties, often referred to as adversaries. It encompasses various methods and techniques to ensure confidentiality, integrity, and authenticity of information.
  • Key components of cryptography
    • Encoding information in such a way that only authorized parties can access and understand it
    • Preventing unauthorized access or modifications
  • Authentication
    The process of confirming the identity of an individual or entity attempting to access a system, network, application, or resource
  • Authentication factors
    • Knowledge factor (something the user knows, e.g. password, PIN)
    • Possession factor (something the user possesses, e.g. security token)
    • Inherence factor (something inherent to the user, e.g. biometric data)
  • Two-factor authentication (2FA)

    1. Initiation
    2. First Factor Authentication (Primary Authentication)
    3. Second Factor Authentication (Secondary Authentication)
    4. Validation
  • Effective passwords
    • Length
    • Complexity
    • Unpredictability
    • Avoidance of personal information
    • Avoidance of common passwords
    • Regular updates
    • Use of passphrases
    • Unique for each account
  • Physical access control
    Measures and mechanisms used to regulate entry to physical spaces, buildings, rooms, or facilities
  • Physical access control systems
    • Locks and keys
    • Access cards or badges
    • Biometric scanners
    • Turnstiles, gates, fences
    • Security guards
  • Logical access control
    Methods and technologies used to regulate access to digital assets, systems, networks, applications, and data stored electronically
  • Logical access control mechanisms
    • Usernames and passwords
    • Biometric authentication
    • Two-factor authentication (2FA)
    • Access control lists (ACLs)
    • Role-based access control (RBAC)
    • Encryption
    • Firewalls
    • Intrusion detection/prevention systems (IDS/IPS)
    • Security tokens
  • Fingerprint recognition
    • Accuracy: High
    • Intrusiveness: Minimal
    • Efficiency: Quick
  • Facial recognition
    • Accuracy: Varies
    • Intrusiveness: Non-intrusive
    • Efficiency: Relatively efficient
  • Iris recognition
    • Accuracy: High
    • Intrusiveness: Moderate
    • Efficiency: Efficient
  • Voice recognition
    • Accuracy: Varies
    • Intrusiveness: Minimal
    • Efficiency: Efficient
  • Facial recognition
    • Can be relatively efficient, but may take slightly longer than other biometric methods due to the need for image processing and analysis
  • Iris recognition
    • Known for its high accuracy, as the pattern of the iris is unique to each individual and stable over time
    • Requires users to position their eyes close to a sensor for scanning, which may be considered moderately intrusive compared to other biometric methods
    • Can be efficient in terms of authentication speed, but the scanning process may take slightly longer than simpler methods like fingerprint recognition
  • Voice recognition
    • Accuracy can vary depending on factors such as background noise, accent variations, and health conditions affecting speech. Advanced voice recognition systems can achieve high accuracy rates under controlled conditions
    • Minimally intrusive and can be performed without physical contact, making it convenient for users
    • Can be efficient for authentication purposes, but may require slightly more time than other biometric methods due to the need to capture and analyze voice samples
  • Behavioral biometrics (e.g., keystroke dynamics, gait analysis)

    • The accuracy can vary depending on the specific trait being analyzed and the quality of data collected. Keystroke dynamics may have lower accuracy compared to physiological biometrics like fingerprints
    • Typically non-intrusive, as they analyze natural patterns of behavior rather than requiring physical contact or specific actions from users
    • Can be efficient once established, as they passively analyze user behavior without requiring additional actions during authentication
  • Symmetric Cryptosystem
    The same secret key is used for both encryption and decryption of data
  • Symmetric Cryptosystem
    • The sender encrypts the message using the secret key, and the recipient decrypts it using the same key
    • The same key must be kept confidential and securely shared between the communicating parties
    • Generally faster and more efficient for bulk data encryption
  • Symmetric encryption algorithms
    • Advanced Encryption Standard (AES)
    • Data Encryption Standard (DES)
    • Triple DES (3DES)
  • AES
    Encrypts plaintext data using a secret key to produce ciphertext, and decrypts ciphertext back into plaintext using the same secret key. It is widely adopted for its strong security, efficiency, and versatility in securing various types of information
  • AES encryption and decryption
    1. Key Generation: Alice and Bob agree on a secret key
    2. Encryption: Alice encrypts plaintext using AES with the secret key
    3. Transmission: Alice sends the encrypted ciphertext to Bob
    4. Decryption: Bob decrypts the ciphertext using the same secret key
  • DES
    Encrypts plaintext data using a 56-bit secret key to produce ciphertext, and decrypts ciphertext back into plaintext using the same 56-bit secret key. It operates on fixed-size blocks of 64 bits and consists of several rounds of permutation, substitution, and mixing operations
  • Triple DES (3DES)

    A symmetric-key block cipher algorithm that enhances the security of the original DES by applying it multiple times. It operates on 64-bit blocks of plaintext and uses a key length of 168 bits, which is achieved by using three individual 56-bit DES keys
  • Asymmetric Cryptosystem

    A pair of keys is used: a public key and a private key. The public key is freely distributed and used for encryption, while the private key is kept secret and used for decryption
  • Asymmetric Cryptosystem

    • The sender encrypts the message using the recipient's public key, and only the recipient, who possesses the corresponding private key, can decrypt the message
    • Generally slower and computationally more intensive compared to symmetric algorithms
    • Enables other cryptographic functionalities such as digital signatures and secure key exchange
  • Asymmetric encryption algorithms
    • Rivest-Shamir-Adleman (RSA)
    • Elliptic Curve Cryptography (ECC)
  • Rivest-Shamir-Adleman (RSA)

    A widely used public-key cryptosystem that allows for the encryption and decryption of messages using a pair of keys: a public key and a private key
  • Elliptic Curve Cryptography (ECC)

    A form of public-key cryptography that relies on the algebraic structure of elliptic curves over finite fields to provide cryptographic functionalities. It offers similar security to RSA but with significantly smaller key sizes, making it more efficient for many applications
  • Integrity
    The assurance that data has not been altered or tampered with during storage, transmission, or processing
  • Confidentiality
    Ensuring that sensitive information is only accessible to authorized individuals or entities
  • Authentication
    The process of verifying the identity of a user, system, or entity
  • Digital Signatures
    Cryptographic techniques used to provide authenticity, integrity, and non-repudiation to digital messages or documents
  • Certificates
    Electronic documents issued by trusted Certificate Authorities (CAs) that bind a public key to a particular entity's identity
  • Public Key Infrastructure (PKI)

    A set of policies, procedures, hardware, software, and roles used to manage digital certificates and public-key cryptography. PKI enables secure communication and authentication over insecure networks such as the internet