In brief, it is safe to say that CompTIA Advanced Security Practitioner (CASP) is the most difficult of the certification exams that CompTIA offers. It is recommended that candidates taking it have 10 years of experience with IT administration, five of which relate directly to security as the questions asked on it include a mix of multiple choice and performance based scenarios.
There are five domains on the current certification exam (CAS-002) and the most heavily weighted is Enterprise Security: 30 percent. The focus this month is on 13 topics beneath the very first topic of that domain: Given a scenario, select appropriate cryptographic concepts and techniques.
In coming months, we will look at more of this domain, as well as the remaining four, but it is important to establish a solid foundation upon which to build and thus more time/space is spent here than will be in future articles. Make certain you know these concepts and are comfortable with them before going on.
1) Key Stretching
Key stretching is the processes of taking a key that might be a bit weak and making it stronger, usually by making it longer. The key, such as a password, is input into an algorithm that strengthens the key and makes it longer so it will be less susceptible to brute-force attacks. There are a great many methods of doing this but two of the most popular are PBKDF2 and Bcrypt.
PBKDF2 (Password-Based Key Derivation Function 2) applies something — such as a hash (discussed in the next section) or HMAC (Hash-Based Message Authentication Code) to the password along with Salt to come up with the derived key. PBKDF2 is part of PKCS No. 5 v. 2.01.
Bcrypt uses a derivative of Blowfish's algorithm to add Salt and is used with passwords.
In cryptography, a hash function must have three characteristics:
It must be one-way. This means that it is not reversible. Once you hash something, you cannot unhash it.
Variable-length input produces fixed-length output. This means that whether you hash two characters or two million, the hash size is the same.
The algorithm must have few or no collisions. This means that hashing two different inputs does not give the same output.
The following is a list of hashing algorithms you should be familiar with:
Secure Hash Algorithm
The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message. SHA is a one-way hash that provides a hash value that can be used with an encryption protocol. This algorithm produces a 160-bit hash value. SHA-2 has several sizes: 224, 256, 334, and 512 bit. SHA-2 is the most widely used, but SHA-3 has been released.
Although SHA3 is now a standard, there simply are no known issues with SHA2, so it is still the most widely used and recommended hashing algorithm. The algorithm was originally named Keccak and designed by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche.
Message Digest Algorithm
The Message Digest Algorithm (MD) also creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2. MD4 was used by NTLM (discussed in a moment) to compute the NT Hash.
MD5 is the newest version of the algorithm. It produces a 128-bit hash, but the algorithm is more complex than its predecessors and offers greater security. Its biggest weakness is that it does not have strong collision resistance, and thus it is no longer recommended for use. SHA (1 or 2) are the recommended alternatives.
The RACE Integrity Primitives Evaluation Message Digest (RIPEMD) algorithm was based on MD4. There were questions regarding its security, and it has been replaced by RIPEMD-160, which uses 160 bits. There are versions in existence that use 256 and 320 bits (RIPEMD-256 and RIPEMD-320, respectively), but all versions of RIPEMD remain.
GOST is a symmetric cipher developed in the old Soviet Union that has been modified to work as a hash function. GOST processes a variable-length message into a fixed-length output of 256 bits.
Prior to the release of Windows NT, Microsoft's operating systems used the LANMAN protocol for authentication. While functioning only as an authentication protocol, LANMAN used LM Hash and two DES keys. It was replaced by the NT LAN Manager (NTLM) with the release of Windows NT.
Microsoft replaced the LANMAN protocol with NTLM (NT LAN Manager) with the release of Windows NT. NTLM uses MD4/MD5 hashing algorithms. Several versions of this protocol exist (NTLMv1, NTLMv2), and it is still in widespread use despite the fact that Microsoft has pointed to Kerberos as being its preferred authentication protocol. Although LANMAN and NTLM both employ hashing, they are used primarily for the purpose of authentication.
3) Perfect Forward Secrecy
Forward secrecy is an attribute of every key exchange system that has a feature to make sure that if one key is compromised, subsequent keys will not be compromised as well. When the process is unbreakable, then it is known simply as perfect forward secrecy and a common way of implementing this is by using ephemeral keys.
4) Digital Signature
A digital signature serves the same purpose as any other signature — to validate the integrity of the message and the sender. Some form of encryption (choices vary) is used to encrypt the message and then a digital signature is added to the message.
If a sender wants to send a message to another, they would use a private key to create a digital signature (thus signing the message with the private key). The sender would then send the message to the receiver who would use the public key attached to the message to validate the digital signature. As long as the values match, the receiver knows the message is authentic.
Most digital signature implementations also use a hash to verify that the message has not been altered, either intentionally or accidently, while in transit. The receiver compares the signature area referred to as a message digest in the message with the calculated value. If the values match, the message hasn't been tampered with and the originator is verified as the person they claim to be.
Non-repudiation prevents one party from denying actions they carried out. To use an analogy, imagine coming home to find your house's picture window broken. All three of your kids say they didn't do it, and the babysitter says it must have been broken when she arrived. All the parties who could be guilty are "repudiating" the fact that they did it, and it's their word against common sense.
Now, imagine that you had a nanny-cam running and were able to review the video and see who actually broke it. The video cancels out their saying that they knew nothing about the broken window and offers "nonrepudiation" of the facts.
In the electronic world, a similar type of proof can be achieved in a two-key system. The problem is that anyone can claim to be a legitimate sender, and if they have access to this type of system, they can send you a public key. So although you have received the message, you would have no way of verifying that the sender is really who they say they are, and you need nonrepudiation to verify that the sender is who they say they are.
Third-party organizations called certificate authorities (CAs) manage public keys and issue certificates verifying the validity of a sender's message. The verifying aspect serves as nonrepudiation; a respected third party vouches for the individual. The goal of any effective cryptography system must include nonrepudiation. However, the implementation is a little more difficult than the concept.
One of the major reasons to implement a cryptographic system is to ensure the confidentiality of the information being used. Confidentiality may be intended to prevent the unauthorized disclosure of information in a local network or to prevent the unauthorized disclosure of information across a network. A cryptographic system must do this effectively in order to be of value.
The need to keep records secure from internal disclosure may be just as great as the need to keep records secure from outside attacks. The effectiveness of a cryptographic system in preventing unauthorized decryption is referred to as its strength: A strong cryptographic system is difficult to crack. Strength is also referred to as the algorithm's work factor: The work factor describes an estimate of the amount of time and effort that would be needed to break a system.
The system may be considered weak if it allows weak keys, has defects in its design, or is easily decrypted. Many systems available today are more than adequate for business and personal use, but they are inadequate for sensitive military or governmental applications.
The second major reason for implementing a cryptographic system involves providing assurance that a message wasn't modified during transmission. Modification may render a message unintelligible or, even worse, inaccurate. Imagine the consequences if record alterations weren't discovered in medical records involving drug prescriptions. If a message is tampered with, the encryption system should have a mechanism to indicate that the message has been corrupted or altered.
Integrity can be accomplished by adding information such as redundant data that can be used as part of the decryption process. A common method of verifying integrity involves adding a message authentication code (MAC) to the message. The MAC is derived from the message and a shared secret key. This process ensures the integrity of the message.
The MAC would be encrypted with the message, adding another layer of integrity checking. From the MAC, you would know that the message came from the originator and that the contents haven't been altered. The receiver also calculates the MAC value and compares it to the value sent in the message. If the values are equal, the message can be assumed to be intact and genuine.
Steganography is the process of hiding a message in a medium such as a digital image, audio file, or other file. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another file or message and use that file to hide your message.
The most common way this is done today is called the least significant bit (lsb) method. As you know, everything on a computer is stored in bits that are organized into bytes. For example, a single pixel on a Windows computer screen is stored in 3 bytes/24 bits. If you changed the very last bit (the least significant bit), then that would not make a noticeable change in the image.
In other words, you could not tell that anything had been changed. Using this fact, you can store data by putting it in the least significant bits of an image file. Someone observing the image would see nothing out of the ordinary.
It is also possible to hide data in audio files, video files, or literally any digital file type. There are even programs available on the Web for doing steganography. QuickStego is a free and easy-to-use program. Invisible Secrets is fairly inexpensive and quite robust.
Steganography can also be used to accomplish electronic watermarking. Mapmakers and artists have used watermarking for years to protect copyrights. If an image contains a watermark placed there by the original artist, proving that copyright infringement has occurred in a copy is relatively easy.
Pretty Good Privacy (PGP) is a freeware email encryption system introduced in the early 1990s that is widely used for email security. PGP uses both symmetrical and asymmetrical systems as a part of its process; it is this serial combination of processes that makes it so competent.
During the encryption process, the document is encrypted with the public key and also a session key, which is a one-use random number, to create the ciphertext. The session key is encrypted into the public key and sent with the ciphertext.
On the receiving end, the private key is used to ascertain the session key. The session key and the private key are then used to decrypt the ciphertext back into the original document.
An alternative to PGP that is freeware is GPG (GNU Privacy Guard). It is part of the GNU project by the Free Software Foundation and is interoperable with PGP. Like its alternative, PGP, it is considered a hybrid program since it uses a combination of symmetric and public-key cryptography. This free replacement for PGP can be downloaded here.
Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method of establishing a session. The number of steps in the handshake depends on whether steps are combined and/or mutual authentication is included. The number of steps is always between four and nine, inclusive, based on who is doing the documentation.
One of the early steps will always be to select an appropriate cipher suite to use. A cipher suite is a combination of methods, such as an authentication, encryption, and message authentication code (MAC) algorithms used together. Many cryptographic protocols such as TLS use a cipher suite.
When a connection request is made to the server, the server sends a message back to the client indicating that a secure connection is needed. The client sends the server a certificate indicating the capabilities of the client. The server then evaluates the certificate and responds with a session key and an encrypted key. The session is secure at the end of this process.
This session will stay open until one end or the other issues a command to close it. The command is typically issued when a browser is closed or another URL is requested.
As a security administrator, you will occasionally need to know how to configure SSL settings for a website running on your operating system.
You should also know that, in order for SSL to work properly, the clients must be able to accept the level of encryption that you apply. Modern browsers can work with 128-bit encrypted sessions/certificates. Earlier browsers often needed to use 40- or 56-bit SSL encryption. As an administrator, you should push for the latest browsers on all clients.
VeriSign used a clever advertising strategy that makes this point readily comprehensible: It mailed flyers in a clear bag with the lines "Sending sensitive information over the Web without the strongest encryption is like sending a letter in a clear envelope. Anyone can see it." This effectively illustrates the need for the strongest SSL possible.
Transport Layer Security (TLS) is a security protocol that expands upon SSL. Many industry analysts predict that TLS will replace SSL in the future. The TLS protocol is also referred to as SSL 3.1, but despite its name, it doesn't interoperate with SSL. The TLS standard is supported by the IETF. Think of TLS as an updated version of SSL. TLS is based on SSL, and it is intended to supersede it.
Secure Shell (SSH) is a tunneling protocol originally used on Unix systems. It's now available for both Unix and Windows environments. The handshake process between the client and server is similar to the process described in SSL. SSH is primarily intended for interactive terminal sessions.
Phase 1: The first phase is a secure channel to negotiate the channel connection.
Phase 2: The second phase is a secure channel used to establish the connection.
Secure Multipurpose Internet Mail Extensions (S/MIME) is a standard used for encrypting email. S/MIME contains signature data. It uses the PKCS #7 standard (Cryptographic Message Syntax Standard), and it is the most widely supported standard used to secure email communications.
MIME is the de facto standard for email messages. S/MIME, which is a secure version of MIME, was originally published to the Internet as a standard by RSA. It provides encryption, integrity, and authentication when used in conjunction with PKI. S/MIME version 3, the current version, is supported by IETF.
S/MIME is defined by RFC 2633. For the exam, know that it's a secure version of MIME used for encrypting email. Know, as well, that it uses asymmetric encryption algorithms for confidentiality and digital certificates for authentication.
The CompTIA Advanced Security Practitioner (CASP) is the most difficult of the certification exams that CompTIA offers and it is a combination of multiple choice and scenario-based questions. This month, we looked at 13 of the topics beneath the Enterprise Security domain — the most heavily weighted on the exam — and we will look at more in coming months.