Learning Security with Mayur

“Trust” is what was the starting point of the discussion on PKI. The public key infrastructure is based on the premise to enable trust between unknown parties to ensure the secure transmission of information. Another element that ensures trust is the Trusted Platform Module. The previous discussion ended with questions about key management and key security. Keys are one of the PKI's most critical components; hence, keeping them secure and maintaining their history is of paramount importance. What would you do if you have to keep a piece of information ( in this case - keys) secure? Keep it under lock and key (pun intended). Whenever we face such difficult questions, intelligent minds have always come to our rescue. Trusted Platform Module (TPM) was conceived by a computer industry consortium called Trusted Computing Group (TCG), and was standardized by International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) in 2009 as ISO/IEC 11...

In the previous blog post, we learnt about the various pieces of the puzzle called the public key infrastructure. It’s time to learn how these pieces work after fitting together. The PKI is made up of the following different components. • Certification authority • Registration authority • Certificate repository • Certificate revocation system • Key backup and recovery system • Automatic key update • Key Management To help understand the workings of a PKI, let’s try to take a day to day example and then try to learn through it on the workings of the PKI. Let’s say that Oslo wants to get him a passport. He needs this to prove to everyone that he is Oslo when he visits another country. The passport issued by the Government will be his way to enable trust with another country’s systems and people. They may not know him, but they will trust the passport that he is carrying. Now Oslo wants to apply for the passport. So he goes to the registration authority or the passport offi...

Quite often in the world of cryptography will you hear the term, PKI or Public Key Infrastructure. While people often use this term loosely without understanding ( and even appreciating) the whole gamut which this word entails, it is extremely important for a security professional to understand what PKI represents. Have you ever visited a store like that of Best Buy or Big Bazaar etc? They provide you with almost everything you can imagine. Public Key Infrastructure, henceforth referred to as PKI in the blog post, is a set of programs, procedures, algorithms, communication protocols, security policies that work together to enable secure transmission of information. PKI is an ISO authentication framework that uses public-key cryptography and the X.509 standard. PKI is not just an encryption standard or a technology, it is a complex assortment of various aspects that work together. We have learnt about confidentiality, integrity, privacy, non-repudiation and PKI offers all of t...

The foundation of information security is controlling how resources are accessed so they can be protected from unauthorized modification or disclosure. The controls that enforce access control can be technical, physical, or administrative in nature. These control types need to be integrated into policy-based documentation, software and technology, network design, and physical security components. This mind map covers all the major aspects of the domain of access control. A caveat here that this mind map is just a helping tool for revision of the concepts and is not a replacement of the book/resources you need to study to get a detailed understanding of all the concepts. There are 2 parts to this mind map. You can d ownload the high-quality pdf from the downloads section.

In the previous blog post , we learnt about the Electronic Code Book (ECB), Cipher Block Chaining (CBC) and Cipher Feedback (CFB) modes of operation. While the ECB mode has been made for very small blocks, the CBC mode works the best with large blocks and the CFB stands somewhere in the middle with handling mainly streams of data. In this blog post, we will learn about the remaining modes of operation. So strap in and let’s get going. Output Feedback (OFB) To appreciate and better understand the OFB mode’s operations, we need to relook at what was offered by the Cipher Feedback mode (CFB). To reiterate, let’s look at the diagram of the CFB mode. Here, the ciphertext from the previous block is used to encrypt the next block of plaintext. If a bit in the first ciphertext gets corrupted, then this corruption can get carried on. Now let’s look at how the output feedback mode. It looks at extremely similar to the CFB mode , the only difference is that the values used to encr...

While every individual has his/her own way of learning various concepts, certain learning tools such as mind maps do help the individual remember the concepts in stressful situations in a better manner. To help you out, I have prepared a set of mind maps ( available for download in the Downloads Section ). While this is surely an excellent learning tool, please note that it is not a replacement of the book you may refer to understand various concepts. This mind maps will cover various domains for the SSCP/ CISSP / CompTIA Security+ exams. All these concepts are extremely important from an exam point of view. How to use this mind map? The Yellow Circle represents the concept while the White Box next to it represents a short explanation for it. Move from LEFT to RIGHT to study this. Let me know your thoughts on this in the comments section below...

Block ciphers have several modes of operation and each mode works in a specific way. Each mode of operation has its own utility and performs well under specific circumstances. Sometimes you may find that there is a trade-off between security and convenience when one of the modes is implemented. For the CISSP exam, we need to learn about the following 5 modes of operation. Electronic Code Book (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB) Counter Mode (CTR) In part 1 of this blog post, we will learn about ECB, CBC and CFB mode. The next part will cover the OFB and CTR modes. Electronic Code Book Mode It’s important to understand the meaning of KEY before any of the modes is understood. KEY is not a password that protects your information. A key is basically instructions for the use of a codebook that dictates how a block of text will be encrypted and decrypted. It’s not the codebook itself, just the instructions on how to use that codebo...