(From Book)

• Confidentiality:

● Data confidentiality: 1 Assures that private or confidential information is not made

available or disclosed to unauthorized individuals.
● Privacy: Assures that individuals control or influence what information related to them
may be collected and stored and by whom and to whom that information may be
disclosed.

• Integrity: This term covers two related concepts:

● Data integrity: Assures that information and programs are changed only in a specified
and authorized manner.
● System integrity: Assures that a system performs its intended function in an unimpaired
manner, free from deliberate or inadvertent unauthorized manipulation of the system.

• Availability: Assures that systems work promptly and service is not denied to authorized
users.

Definitions:

● Confidentiality: Preserving authorized restrictions on information access and

disclosure, including means for protecting personal privacy and proprietary information.
A loss of confidentiality is the unauthorized disclosure of information.

● Integrity: Guarding against improper information modification or destruction, including

ensuring information nonrepudiation and authenticity. A loss of integrity is the
unauthorized modification or destruction of information.

● Availability: Ensuring timely and reliable access to and use of information. A loss of
availability is the disruption of access to or use of information or an information system.

(Note that FIPS 199 includes authenticity under integrity)

● Authenticity: The property of being genuine and being able to be verified and trusted;
confidence in the validity of a transmission, a message, or a message originator. This
means verifying that users are who they say they are and that each input arriving at the
system came from a trusted source.

● Accountability: The security goal that generates the requirement for actions of an entity
to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault
isolation, intrusion detection and prevention, and after-action recovery and legal action.
Because truly secure systems are not yet an achievable goal, we must be able to trace a
security breach to a responsible party. Systems must keep records of their activities to
permit later forensic analysis to trace security breaches or to aid in transaction disputes.
Adversary(Threat agent): is individual or group, conduct or intent to conduct detrimental
Activity

Attack: is when Someone tries to break/ harm the system.

countermeasure is any action, device, procedure, or technique designed to reduce or eliminate

security risks or vulnerabilities in a system.

Risk refers to the potential for loss, damage, or harm that can occur when a vulnerability is
exploited by a threat

Security Policy: is a set of rules that defines how an organization manages and protect its
information and system\

Mechanism: Encryption or Something automated

Asset/System resources: is anything valuable to an organization that needs protection.

Threat: is any potential danger that exploits vulnerability to harm the system.

Vulnerability: is weakness or flaw In the system or process that can exploit system security
privacy.

Active Attack: where the attacker actively disrupt, modifies, and harms sys resources(causing
real damage )
Passive attack: is a security attack where the attacker monitors or intercepts data without
altering or disrupting it.
Insider attack: an attack launched or implemented by an insider.
Outsider attack:an attack launched by an individual or group from outside of the organization.

Benign is something harmless and does not pose a risk. Ex. Pop Ups (ads without links)

Corruption: is damage or destroy system files/resources

DDOS(Dose Deny Of Service): Is a type of cyber attack aimed at making a system,network, or

service unavailable to users.

Mitigation → Identification for the attack occurring → Stop the attack → Recover

PAGE 55 to 56 TYPES OF ATTACKS

PAGE 59 to 61 DEFINITIONS
PAGE 62 to 65
Open Design: Based On Trust of each member with each other, each member has same full
access privileges.

- Hazardous & Unsecure.

- Convenient.
- Acceptable for very small scale projects where everyone is trusted

We solve this issue by using the “Closed Design Principles”

Closed Design Principle: Assign the least privileges and only privileges that are needed to
complete your tasks according to your role only. (Based on the Need-To-Know Basis & Least
Privilege Principle)

- Secure.
- Inconvenient.
- For Big Projects & Corporations.

Encapsulation & Isolation (same way we understood it in OOP, principle is applied here but for
sake of security not just modularity)

Separation of Privileges/Clusters: It’s where we decompose the task to smaller tasks and assign
the smaller tasks to separate people with privileges over that specific task only instead of the
whole process being done by one person.

Fail-Safe: Safe from to failures (idk basic definition why is it included)

Attack Surface: Includes the attack, and everything related to the attack and consequences of it
and actors involved and environment the attack happened in.

Everything from open and closed ports, to what scripts were running to conduct the attack and
happening in parallel to the attack, employees that were present during the attack etc.
Defense of Depth:

X Axis: Depth of layering

Y Axis: Surface of attack

Shallow Med Risk Med Risk Highest Risk

Medium Med Risk Medium Risk High Risk

Deep Lowest Risk Low Risk Med Risk

Small Surface Med Surface Large Surface

Cryptography: Work on the SDES Algorithm.

Current Lecture 9/16

Cryptography deals with passive or active attacks?
- Passive attacks since it makes the text unreadable

Cryptography deals with scrambling the message, making the message unreadable.
Auth DrDrift Edit: Encryption used for dealing with scrambling the message, making the
message unreadable.

Chapter 2: (Book Notes)

DES ( Data Encryption Standard): Deprecated cuz of Brute forcing techniques can break the
algorithm cuz short key length. Block size is 64 bits

Triple DES/3DES: Repeats the DES 3 times, Key length being 168 bit overcomes brute force
attacks. Since no cryptanalysis technique was found for DES it’s safe for now. Uses block size
of 64 bit

AES (Advanced Encryption Standard): We use because 3DES is not suitable for long term use
It has a block size of 128
Practical security issues with the 3DES/DES/AES: Since they are applied on a unit of data
larger than 64/128 bit they use ECB (electronic codebook) method where plaintext is handled b
bits at a time and each block encrypted at a time by dividing all of the plaintext into n blocks.

Cryptanalysts exploit regularities (if they know certain type of msgs start with a certain phrase,
etc) in the plaintext to decrypt. This issue is solved by modes of operation (not covered yet)

Stream Ciphers: Unlike block ciphers, they process the input continuously (one byte or bit a
time) rather than splitting everything up to blocks.

It works by using pseudorandom that has a key which generates random 8 bit nums. This output
is called a keystream. It is then used to combine one byte at a time with the plaintext using
XOR operation.

Steam Ciphers are always faster and use less code than block ciphers typically used for
data communication channel/browser/web link anything with continuous stream of data

Block ciphers are used with blocks of data with fixed length, such as file transfer, emails,
database applications.

Encryption Protects against Passive (or man in the middle) attacks

Encryption doesn't help with authentication or integrity (manipulation with blocks of text can
happen, where they are re-ordered)

Encryption Algorithms: DES, AES, Caesar Cipher

AES is the standard.

Plaintext: Original Msg

Crypto-text: Encrypted/Scrambled Message
Key: Secret info known only to the sender & receiver
Encryption: Converting the Original Msg to the Encrypted/Encoded/Scrambled Msg.

Plaintext ————————>Encrypted
(convert to)

Decryption: Recovering the plaintext from the encrypted message.

OR
Converting the ciphertext to the original plaintext

Cryptography: Study of encryption principles and methods (Encryption and decryption)

Auth DrDrift Edit:Cryptography:(Encryption + Decryption)
Cryptanalysis (Code-Breaking): Knowing the plaintext from the ciphertext without knowing the
key
Cryptology: the field of both cryptography and cryptanalysis

Cryptanalysis: Knowing the plaintext from the ciphertext without knowing the key

1.) Encryption: C (confidentiality)

2.) Hashing : I (Integrity)
3.) Digital signature: A (Authenticity)

Auth DrDrift Edit: BruteForce: attack method where an attacker tries all possible keys or
combinations to crack an encrypted message, password, or system

Caesar Cipher:
Encryption Algorithim made up of all 26 alphabets (starting from 0 to 25)
Method of Encryption using caesar cipher:

Formula: C = (E (letters) + Key) Mod 26

Note: When writing caesar cipher don’t leave spaces

for ex: plaintext → “I want to go” and shift 5 letters using caesar cipher.

plaintext: I WANT TO GO

CipherText: N BFSY YT LT
(Encrypted)

(Solve it later step by step, take photos from mohaned)

Block Cipher: Takes it block by block where it encrypts it then sends it and then receiver
deciphers it and its used by most systems

Ex: Such as Caesar Cipher with a block of one [as in we take it letter by letter])
Stream Cipher: Used for Real time systems that require encryption in real time such as nuclear
weapons activation systems.
Encryption has three kinds:

- Symmetrical Encryption
They use same encryption key

O O
| <—————> |
/\ /\
Alice Bob
Key:K Key:K

Both Alice and Bob have same encryption key

- Asymmetric Encryption
They use different encryption keys
O O
| <—————> |
/\ /\
Alice Bob
Key:Z Key:F

Both Alice and Bob have different encryption key

- Classical (Caesar Cipher ????)

—---------------------------------------------------

9/18

Caesar Cipher
→ Substitution Cipher
→ Monoalphabetic AKA Block Size = 1 letter (Each letter is a block for a cipher)
→ Shifting is by key

Caesar Cipher isn’t used because u can cryptanalyze it easily (Break the code easily meaning)

Auth DrDrift: Any Encryption Algorithm (Cipher) uses two types of operations
- Substitution (aka caesar cipher)
- Permutation/Transposition (DES, SDES)
- Cartesian Product (Substitution AND Permutation )
(one step is substitution next is permutations, as in a mixture of both such as DES, AES
algorithms and so on)
Ex.) You are given a ciphertext encrypted using a mono alphabetically cipher.
Solve the problem (Usually an assignment question)

- Perform Textual Analysis (Frequency Analysis) [conduct it for each letter in the alphabet]
1.1.) Calculate the frequency of each letter in the ciphertext
1.2.) Divide by the total number of letters in the alphabet (whichever it maybe) and let that be
the function
1.3.) Create the function of each letter

2.) Sort the frequencies in descending order

High —> Low

3.) Relative Comparison between list of sorted frequencies and the table/figure of frequencies
of english letters (or other alphabets)
[You can google the letter frequency for each language]

4) Find the letter that has the most frequencies in the cipher & correlate it to the letter in
frequency table of the language, (it is likely to be correct not necessarily correct)

5.) Replace each letter in the ciphertext with the most likely letter to match the frequency from
high to low (based on step 4)

6.) Trial & error to fix the errors in the ciphertext.

Note: When trying to change one meaningless letter in the text, you have to repeat the change
in the whole cipher text.

For ex: ik doesn't make sense so we try what makes sense (such as if, it, is) but the letter we
changed we have to apply to all the “k” and turn them into “f” or “t” or “s” to see what fits best
and makes most sense for all the ciphertext to decrypt (cryptanalyze it) to plaintext.

Note: you can use this not just mono, but bi tables to attempt to keep track of different
permutations after you fixed the error and resulted in a meaningful decrypting (which we call
cryptanalysis)
Playfair Cipher has two dimensions and is bi-block cypher (meaning encryption block = 2, we
take two letters at a time)
(a table with dimensions of 5 x 5), resulting in a table of 25 squares.

How to encrypt example:

Suppose that the key is wireless:

1.) Start with the key’s letters filling it in the table 1 by 1, each letter in each cell of the table.
(Make sure not to repeat the letter twice for example letter S do not repeat it)

Note: the point is to fill in alphabets but we start with the key then we try to fill alphabetically
without repeating

2.) Whenever you run into i put the j right next to it in the same cell (I/J)

3.) Fill in with the rest of the letters

W I/J R E L

S A B C D

F G H K M

N O P Q I

U V X Y Z

4.1) If the two letters occur in the same row in the plaintext then replace each letter with the
letter to the right. (decryption to the left of the letter)

For example AC → BD
SD → AS
To get the S we wrap to the beginning of the row.

4.2) If the two letters are in the plaintext fall in the same column then replace each letter with the
one below it.

WS → SF
FU → NW

And wrap from if it is the last letter in the column to the first one at the top.
4.3.) If they are not in the same column or row. (Ex. LX)

4.3.1) Find the intersection between them starting with the first letter in the sequence (L in this
case)
4.3.2) Then move in the row till you find the intersection with the column that the letter is in (X in
this case) and then drop down the intersection.

or (we go left/right on the row of the first one then up/down to reach the second letter)

Then repeat with the other letter but this time, repeat in that letter’s (X in this case) row to get
the cipher

W I/J R E L

S A B C D

F G H K M

N O P Q I

U V X Y Z

LX → RZ

(you can use this tool for practice Online calculator: Playfair cipher (planetcalc.com) )

Adding Filler to the playfair cipher is useful as it allows you to avoid repeated letters in the block
which can help the encryption process and not make it obvious that some letters are repeated.

It is also used when you are left with one letter at the end so you add the filler

P.S make sure to use the same character for filler.

Example:

Hello one and all

Here double L’s in hello and all, thus you add the filler to each block to avoid repetition and on
the last letter.

He lx lo on ea nd al lx

Now Encrypt using Playfair with a key of Monarchy

HE → CF

LX → SU

LO → PM

ON → NA

EA → IM

NO → RY

AL → MS

LX → SU

Ciphertext: CFSUPMNAIMRYMSSU

Decryption for the playfair cipher is in the exam Online calculator: Playfair cipher
(planetcalc.com)

1.) Decompose into dual letters the ciphertext

2.) Add the filler as it goes fit, typically for repeating letters
3.) Go in opposite direction, in same column go above instead of down
4.) Same Row go left instead of right
5.) For diff rows & columns it doesn't matter
DES: Data Encryption Standard

Symmetric Cipher → Uses a single key (Symmetric Key)

The one symmetric key has 16 round key keys where each key is an iteration of the
original/primary key

- Block Cipher
- Block Size = 64-Bits
- Key Size = 64-Bits
- Ciphertext block size = 64-Bits

(no clue what does this mean search it up later)

P → 64 Bits

K → Key-64 bits

C → 64 bits

Ex Question.)
Suppose that plaintext is 517 bits, in order to run it through the DES encryption algorithm.

We split the 517 into 64 bit blocks and we end up with 8 blocks and 5 bits remaining.

The remainder we create a block for them alone and we fill the rest of the bits with either 0’s or
1’s making sure that they are all are 0’s or 1’s (which is called padding)

So the 64 bit block would contain the remaining 5 bits and the rest of the block with padding (1’s
or 0’s).

How to generate a 16 iteration round key from the original symmetrical key ?

Key (64-Bits) → Permuted Count 1 (for Scrambling and Encoding in 8 bit) →

Permuted Count 2.. all the way to till key 16

Look this up, I don't get the details however there are lookup tables that are fixed that we use as
is.
DES (EXPLANATION, KEY GENERATION, ETC) SDES AND EVERYTHING RELATED TO IT
(MISSED CLASSES REVISE)

1.) Text block 64 bits

There are 3 approaches for authentication without encryption: (From book copy paste just read)

1. There are a number of applications in which the same message is broadcast to a number of
destinations. Two examples are notification to users that the network is now unavailable and an
alarm signal in a control center. It is cheaper and more reliable to have only one destination
responsible for monitoring authenticity. Thus, the message must be broadcast in plaintext with
an associated message authentication tag. The responsible system performs authentication. If a
violation occurs, the other destination systems are alerted by a general alarm.

2. Another possible scenario is an exchange in which one side has a heavy load and cannot
afford the time to decrypt all incoming messages. Authentication is carried out on a selective
basis, with messages being chosen at random for checking.

3. Authentication of a computer program in plaintext is an attractive service. The computer

program can be executed without having to decrypt it every time, which would be wasteful of
processor resources. However, if a message authentication tag were attached to the program, it
could be checked whenever assurance is required of the integrity of the program.

MAC (Message Authentication Code): A Small block of data generated by a secret key that is
attached to the message used for authentication.

1. A sends a msg to B using MAC [MACM = F(KAB,M)]

2. B (receiver) generates a new MAC using the same key shared between them
3. B compares values of MAC from A, If it is the same then message has not been altered
AND is the message is from receiver (Integrity and Authenticity respectively)
Alternative to MAC is One-Way Hash Function:(Using math to Scramble Data to Encrypt it)
Takes a msg (M) with padding to make it L long (typically, some multiple of an int w fixed length)
to make hash value. Unlike MAC, it doesn’t need a secret key. Relies only on hash function.

If you don’t know the hash

function used, then you can’t
unscramble the hashed
message (or message digest)

Use this to read some more

Extra Explanation
Three ways to authenticate using a hash function:

1.
Symmetric Keys would be used by both sender and receiver thus guaranteeing the authenticity
and the hash function guarantees integrity since any modification to the hash function would
result in a different output.

2.
In the next section using asymmetric encryption.
3.
This method bypasses encryption entirely by combining MAC & Hashing, Why?
Because its computationally expensive, doesn’t work efficiently on small chunks of data,
creates load on networks.

HMAC uses integrity (since algo is not reversible and any modifications would ruin the msg)
and Authenticity since the secret key is shared by both

This method is called a keyed Hash MAC (HMAC Hashed MAC):

1. Sender and receiver share a key.

2. Sender’s message has the key attached before and after the message.
3. Key (both pre & post) + msg is used to generate hash value.
4. Hash value from msg + key is attached to the msg.
5. Send to the receiver the message + hash value.
6. Receiver gets the message and adds the key values before and after the message.
7. Receiver calculates the hash value for the message + key (pre & post) on his own.
8. If values match, he guarantees authenticity since they have the same keys and hash
function guarantees the integrity.
Hash Function Requirements:

1. H can be applied to a block of data of any size.

2. H produces a fixed-length output.

3. H(x) is relatively easy to compute for any given x, making both hardware and software
implementations practical.

4. For any given code h, it is computationally infeasible to find x such that H(x) = h. A hash
function with this property is referred to as one-way or preimage resistant.

5. For any given block x, it is computationally infeasible to find y≠x. with H (y) = H
(x). A hash function with this property is referred to as second preimage resistant.
This is sometimes referred to as weak collision resistant.

6. It is computationally infeasible to find any pair (x, y) such that H (y) = H (x). A hash function
with this property is referred to as collision resistant. This is sometimes referred to as strong
collision resistant.

4th Property is what makes it one way since u can’t generate a msg from the output.

5th Property makes it impossible to find an alternative msg with the same hash value

If FIRST 5 are satisfied its a weak hash, if all 6 are satisfied its strong hash

Strong hash guarantees authenticity and non-repudiation.

**Page 99 and 100 (Hash algorithms such as SHA)**

SHA-1, 1st version, produces 160 bits
SHA-2, 2nd version similar to the 1st, produces 256 or 384, 512 (512 is best security)
SHA-3, 3rd version with new hashing function.

Secure Hash Algorithms Uses:

- Passwords are stored as a hash in the Operating system rather than as plaintext
- Intrusion detection: Stores a hash value for a file and then save the values, you can
check later if it has been modified by recomputing the hash value of the file and see if it
has been modified.
Asymmetric Encryption: Usage of Two Different Keys.

Public-Key/Symmetric encryption is better ? No, Encryption depends on key length and

computation work needed to break the cipher. Neither is better than the other.

Public keys make symmetric encryption obsolete ? no, because of the computational overhead
needed for public keys it’s not feasible to use them all the time.

CA: Certificate Authority that generates the public keys and holds everyone’s public keys and
it’s tables are referenced whenever anyone wants to use another’s public keys
Public keys have certificates from the CA and they consist of public key + user ID of the owner
and it is signed by a trusted 3rd party, guaranteeing their authenticity and integrity.

How Public Keys are Made:

The Steps are written below:

The key steps can be summarized as follows:

1. User software (client) creates a pair of keys: one public and one private.

2. Client prepares an unsigned certificate that includes the user ID and user’s public key.

3. User provides the unsigned certificate to a CA in some secure manner. This might require a
face-to-face meeting, require the use of registered e-mail, or happen via a Web form with e-mail
verification.

4. CA creates a signature as follows:

a. CA uses a hash function to calculate the hash code of the unsigned certificate. A hash
function is one that maps a variable-length data block or message into a fixed-length
value called a hash code that we described in Section 2.2, such as SHA family that we
discuss in Section 21.1.

b. CA generates a digital signature using the CA’s private key and a signature
generation algorithm.

5. CA attaches the signature to the unsigned certificate to create a signed certificate.

6. CA returns the signed certificate to client.

7. Client may provide the signed certificate to any other user.

8. Any user may verify that the certificate is valid as follows:

a. User calculates the hash code of certificate (not including signature).

b. User verifies digital signature using CA’s public key and the signature verification
algorithm. The algorithm returns a result of either signature valid or invalid.
 - Public Keys: Everyone in the CA can view it
- Private Keys: Only the owner has it
- Both private keys and private keys can encrypt and decrypt

O O
| <—————> |
/\ /\
Alice Bob
Public Key:eA Public Key:eB
Private Key:dA Private Key:dB

1.Each user generates a pair of keys to be used for the encryption and decryption of messages.

2. Each user places one of the two keys in a public register or other accessible file. This is the
public key. The companion key is kept private. each user maintains a collection of public keys
obtained from others.

3. If Bob wishes to send a private message to Alice, he encrypts the message using Alice’s
public key.

4. When Alice receives the message, she decrypts it using her private key. No other recipient
can decrypt the message because only Alice knows her private key.

Public Key is public to the certificate authority table’s & is used as an identifier for the user

[Bonus Point Not Important: Assume Alice is CA1 certified & Bob is CA2 Certified, they cannot
contact each other unless both certificates are compatible with each other and engage in chain
certification where they hit an intersection(??).

If Encryption is done using a key then a decryption will be using the other key to decrypt for the
other user. (if alice uses public key to encrypt, bob uses private key),

1.E(M)eA (impossible) [you don't know the other’s private key]

2.E(M)dA [feasible]

3.E(M)eB [feasible]

4.E(M)dB (impossible) [you don't know the other’s private key]

E(M)eA —> D(M)dB (correct)
Encryption of message using alice public key and it was decrypted using bob’s private key

E(M)dA=C
1.) A —------—---—---—---> B
D(C)eA=M

(This method is for confidentiality since it relies on alice’s private key meaning only she can
access the msg)

Using Alice’s private key to encrypt would mean the decryption would be using the public
key (Which is available for everyone) meaning there is a confidentiality issue but there is
authenticity (because private key is known by only alice and she’s encrypting using it
only)
 E(M)eB=C
2.) A —------—---—---—---> B
D(C)dB=M

This method guarantees authenticity and data/msg integrity because only bob could
have encrypted the msg but anyone can open the msg since his key is public to
everyone in the CA

Best Practice to maintain confidentiality is to use the other’s public key to encrypt it so that he
will have to use his own private key.

Best practice for authenticity/integrity is to encrypt using a private key.

There remains an issue of non-repudiation, authenticity & accountability.
If we need both confidentiality & authentication there

E(E(M)dA)eB
1. ) A ————————>B (Correct)

E(E(M)eB)dA
2. ) A ————————>B (Incorrect)

Translation: Encryption using bob public key then with encryption using alice private key

Everyone knows that alice sent the message which is unnecessary information

Sign it with your private key

BEST AND MOST KNOWN ENCRYPTION ALGORITHMS TO USE IS RSA.

Quiz: Chp1 (Basics, definition etc) Caesar Cipher, Playfair, DES (ex. If u have 6 bits do
the conversions or steps), encryption/decryption msgs.
Midterm: Mon 9:30 AM E101 & E109 → 28/10/2024
Digital Signatures: It’s defined as a cryptographic transformation of data that provides a
mechanism for authentication, data integrity, and signatory non-repudiation.

Digital signature verifies that:

1. The data block has been signed by the sender (non-repudiation/authenticity)
2. Data block has not been altered since the signing (integrity)

Public keys can be used for decryption

Digital Envelopes: Its Public keys are used to protect a symmetric key which can be used to
protect a message without arranging a sender and receiver to have the same secret key.

Bob wants to send a digital envelope to alice. The steps are as follows:

1. Prepare a message.

2. Generate a random symmetric key that will be used this one time only.

3. Encrypt the message using symmetric encryption and the one-time key.

4. Encrypt the one-time key using public-key encryption with Alice’s public key.

5. Attach the encrypted one-time key to the encrypted message and send it to Alice.
(Only Alice can decrypt the msg since it was encrypted with her public key)

Quantum Computing may be able to break public key cryptography in the future.
(LECTURE NOTES)
Encryption done by the sender’s private key and receiver’s public key.

Sender A has the msg hashed and then encrypts it using his private key hash value generated
by the encryption algorithm. And it attaches it to the msg and it’s called digital signature.
(encrypted hash value is known as digital signature)

Digital signature are used for authenticity, the drawings are used to illustrate the process of
which everything is done
Public Certificates:
Authored by the CA (Certificate Authority, a trusted 3rd Party)

Bob’s Info

Public Key Bob (eBob)

CA’s Info

Hashed

How do they make sure that data is not tampered with ? They hash it using a hash value
and a checksum is performed then an encryption using the public key of the certificate.
Once the encrypted hash value is done it is added to the user’s (bob in this case) table
of info and then it is sent to the receiver (alice in this case)

Afterwards the receiver performs hashing and generates a hash value and it compares
the encrypted hash value received from bob by decrpyting it using the public key of the
certificate and then doing the comparison, if they match they can begin communicating.
 Symmetric Encryption is mostly aimed at confidentiality (that doesn’t mean it’s only
limited)

Asymmetric encryption is used

- Authenticity & integrity: Done by hashing
- Digital signature: Done by Confidentiality
- Symmetric key distribution which can be relied upon with

Digital Envelope

Sender → Send a message to Bob that includes a symmetric key to use for a new
future communication between sender and receiver.

Steps in order:
Alice is sender, Bob is receiver.
Chapter 4:
Access Control is defined as a process in which use of system resources is regulated by a
security policy that permits only authorized entities according to that policy.

Access Control Implements a security policy that specifies who or what may have access to
each specific system's resource and the type of access that is permitted in each instance.

CUI = Controlled Unclassified Information.

Access Control Context: In addition to access control, there is the context which is:

● Authentication: Verification that the credentials of a user or other system entity are valid.

● Authorization: The granting of a right or permission to a system entity to access a

system resource. This function determines who is trusted for a given purpose.

● Audit: An independent review and examination of system records and activities in order
to test for adequacy of system controls, to ensure compliance with established policy
and operational procedures, to detect breaches in security, and to recommend any
indicated changes in control, policy, and procedures.

Security administrator maintains an authorization database that specifies what type of access to
which resource is allowed for the user.
Types of Access Control Policies: (From Book)

Discretionary access control (DAC): Controls access based on the identity of the requestor
and on access rules (authorizations) stating what requestors are (or are not) allowed to do. This
policy is termed discretionary because an entity might have access rights that permit the entity,
by its own volition, to enable another entity to access some resource.

Mandatory access control (MAC): Controls access based on comparing security labels (which
indicate how sensitive or critical system resources are) with security clearances (which indicate
that system entities are eligible to access certain resources). This policy is termed mandatory
because an entity that has clearance to access a resource may not, just by its own volition,
enable another entity to access that resource.

Role-based access control (RBAC): Controls access based on the roles that users have
within the system and on rules stating what accesses are allowed to users in given roles.

Attribute-based access control (ABAC): Controls access based on attributes of the user, the
resource to be accessed, and current environmental conditions.

Subject: an entity (users or applications) capable of accessing objects.

If the subject uses a process to access an object, that process takes on the attributes of the
user thus having the same access rights.
Access Control Mon 10/14/2024

Access Control List/Matrix (ACL/ACM) is what determines what privileges the user gets when
he accesses the system.

It’s a process of either granting or denying access privileges according to a predefined policy

ACL/ACM’s goal is to grant authorized rights/privileges & denying unauthorized rights/privileges.

ACL/ACM’s operate by the least privilege principle.

ACL/ACM’s Mechanisms:

1. ACL/ACM’s can operate by DAC (Discriminatory Access Control): Rights are granted
based on the user’s discretion/identity, as long as the system policy allows that.

2. Mandatory Access Control (MAC): Privileges/Rights are granted based on system policy
MAC has a set of classifications & clearances.

Users are considered clearances & Objects are considered a set of classifications

(think of military documents as objects with classifications (secret, top secret, confidential) and
the military rankings with clearances that allow you to view the classifications.)

3. Role Based Access Control (RBAC): Rights are granted based on the user role

4. Attribute Based Access Control (ARAC): Rights are given based on attributes & subject
& object & relation

2 Types of Systems:

1. Military Systems
They are security focused systems.

2. Commercial Systems
Focused on customer satisfaction.
Access Capability List: For users’ actions on the files
Where User A has access to F1 file and with specific privileges and then what behaves as a
linked list linking F3 together as capabilities he can perform on F3
(o = own, r=read, w=write)
Access Control List: It’s for the files on the system and who has privileges for them.

Example Question: Write the set of Access Control Lists (meaning work on the files and
who has access to them and what is their privileges on each file)

Access Control List & Capability Control List Performed on the matrix as solved example

Extended ACM example:

IMPORTANT: Between Subjects is either own [o] (meaning they created it and have full
rights meaning they can delete instances of the object) or Control [c] (Meaning they have
control over the privileges of the users that they control, They CANNOT delete the
objects, and they can revoke/give rights)

ALSO: No Transitive property for control, meaning that S3 does NOT have control over
S1 bec he controls S2.

HOWEVER: For owner classes it has transitive property, where the owner OWNs the
subclasses or child classes. (basically inheritance applied)
 r* [read it as (read star)]
S1 —---------------------------------------->F1

The star is called the copy flag, Meaning the capability of delegating the rights to another user,
however without the full control over the file. Meaning it can delegate to S2 or S3 to read the file
F1. AND they can TRANSFER the delegation right (copy flag) and let them delegate as well but
the original owner of that right loses it along with their original privilege and they can revoke it
even if they give read only without read start.

(we use alpha notation to denote any right)

(Discretionary [DAC]) Access Control Rules:

1. Transfer (explain in prev paragraph)

2. Grant: In order to grant permissions, you need ownership (when granting you keep your
permissions)
Can you grant ownership ? yes
Can you transfer ownership ? yes with o* (own star)
Do you delete other rights when you are given ownership? No, in case your ownership
right is revoked.

3. Delete Rights: Can be done only if S1 has control/ownership over S2

Notation A[S1,S2] = C v O
4. Screenshot

5. Create Object add a new column to ACM and assign an owner to this new object
New Object → A[S1,F1] = 0 → Given that S1 created F1 (idfk what that
means)

6. Destroy Object , delete column from ACM

7. Create a subject, Add a new row and a new column to the ACM and add control to the
subject who control the new subject
● E.g S1 — (Create) —> S3 → A[S1,S3]=C

8. Destroy Subject, deletes a row and a column of the subject from the ACM who needs
Own
● S1 —(Deletes)—>S2 → A[S1,S2] = 0
● The Rights that the deleted subject has over the files will be transferred as per
the system policy. (If there is no system policy They will go to the owner of the
subject]
Access Control Graph:

→ For Each Subject & object

Vertex (Node)

Each Right → a Directed Edge

- We Might get asked to generate the graph.

Steps to draw the ACM

1. Columns are made of subjects first then files
2. Rows are made of subjects only
Example:

System Policy:
Example Questions:
Is it allowed to grant cindy (C) the write right on F3 and why ?

No, Because Bob owns Cindy, and as such he has her rights, if she is granted that right then
using transitivity Bob will get her rights and he will be able to write F2 and F3 violating system
policy

Is it allowed to grant Eve (E) the right to write on F1 and why ?

No, Because if eve has the write and bob has the own right on eve, that means bob has the
write on f1 and f2 violating system policy

Is it allowed for eve to transfer the read (R*) star of cindy to bob and why ?
Yes, because Eve owns Cindy and as such Eve can transfer it to bob and it does not violate the
system policies.
RBAC (Role Based Access Control):

Made up of two matrices

1.) Assigns roles to subjects
2.) The normal ACM

He’s teaching this shit from the slides look them up