IntroSec

Added.

1 files changed, 192 insertions, 0 deletions

diff --git a/en_GB/Introduction to Information Security/introduction_to_information_security.md b/en_GB/Introduction to Information Security/introduction_to_information_security.md
new file mode 100644
index 0000000..88bb06f
--- /dev/null
+++ b/en_GB/Introduction to Information Security/introduction_to_information_security.md
@@ -0,0 +1,192 @@
+# Introduction to Information Security - Lernzettel
+
+## Security
+
+### Security objectives
+
+- Confidentiality
+  Contents of objects cannot be read by third parties.
+- Integrity
+  Whether or not a message has been modified between origin and receiver.
+- Availability
+  Guaranteed access to the information for permitted parties.
+- Access Control
+  Only permitted parties are allowed to access the information.
+- Non-repudiation
+  Proof that an entity was involved in some event.
+
+### CIA
+
+- Confidentiality
+- Integrity
+- Availability
+
+### Perkerian hexad
+
+- Confidentiality
+- Integrity
+- Availability
+- Utility
+  Ensures that the information is useful and insensitive to e.g. lost keys.
+- Possession or Control
+  Be sure that the possessor is in control of the information at all times.
+- Authenticity
+  Verification of claimed identities. Notice: In most cases, this just proves entities (e.g. machines), not humans.
+  Also, there must be a point in time where authentication starts. If this step is taken automatically by a machine (e.g. session start),
+  there is no valid inference to the actual human.
+
+### Secrecy
+
+Confidentiality+.
+Not only provides hidden contents, but also hides the fact that there is content at all.
+
+### Strategy
+
+1. Prevention
+2. Detection
+3. Reaction
+
+## Reliability
+
+Reliability addresses consequences of accidential errors. Reliability checks if service interruptions cause low or medium disturbance.
+
+## Safety
+
+Safety addresses catastrophic influences on the environment (e.g. human life). Safety checks if service interruptions cause very high disturbance and even harm.
+
+## Authentication
+
+### Modes
+
+As a user, you can be authenticated on the basis of
+
+- Something you know (e.g. password)
+- Something you hold (e.g. ID card)
+- Who you are (e.g. biometrics)
+- What you do (e.g. behaviour analysis)
+- Where you are (e.g. geo-location)
+
+### Passwords
+
+- Assure correct receiver of the initial password. Communication might be intercepted.
+- Call back already authenticated entities, which are authorized to hand over the password.
+- Force the user to change the password immediately after first login.
+- Provide multi-factor authentication to let the user to be able to reset forgotten passwords without costly helpdesks.
+
+### Guessing passwords
+
+- Brute force
+- Intelligent search (alphabet limits, length limits)
+
+### Password protection
+
+- No expiry dates
+  Studies have shown that this results in worse passwords.
+- No restrictions in password alphabet
+  Studies have shown that this leads to less possibilities in exhaustive guessing and therefore leads to worse passwords.
+- Set a minimum length instead
+  Has a higher impact than complexity. Set the maximum to at least 64.
+- No hints
+- Show passwords while typing
+  Doing the opposite motivates the user to choose shorter passwords.
+- Allow passwords to be pasted
+  This enables secure password managers to be used.
+- Forbid commonly used passwords
+  Makes dictionary attacks difficult.
+- Limit number of failed password attempts
+
+### Biometrics
+
+#### Use cases
+
+| Use case | Cardinality | Description |
+| -------- | ----------- | ----------- |
+| Identification | 1:n | Identify the user from a set of users in a database. |
+| Verification | 1:1 | Verifies the single claimed identity by comparing captured patterns to the stored patterns. |
+
+#### False match rate (FMR)
+
+How often is a false match attempt successful, which it should not be? Best case: $\text{FMR} = 0$.
+
+$\text{FMR} = \frac{\text{\# successful false matches}}{\text{\# attempted false matches}}$
+
+#### False non-match rate (FNMR)
+
+How often is a genuine match attempt rejected, which it should not be? Best case: $\text{FNMR} = 0$.
+
+$\text{FNMR} = \frac{\text{\# rejected genuine matches}}{\text{\# attempted genuine matches}}$
+
+#### Fitting Rate
+
+A value (in %) indicating how much the captured pattern fits the stored pattern in the database.
+
+##### Examples
+
+A *Fitting Rate* of 100% indicates that all of the captured pattern data fits the data stored in the database (unlikely, due to noise).
+A *Fitting Rate* of 50% indicates that half the pattern data fits the data stored in the database.
+
+#### Matching Threshold
+
+A value (in %) determining the minimum *Fitting Rate* for an matching check to be considered as matching.
+A lower *Matching Threshold* raises the amount of false positive matching checks, but lowers the amount of rejected genuine matching checks.
+*FMR* raises, *FNMR* lowers.
+A higher *Matching Threshold* raises the amount of rejected genuine matching checks, but lowers the amount of false positive matching checks.
+*FMR* lowers, *FNMR* raises.
+
+#### Equal Error Rate (EER)
+
+The value of *Matching Threshold*, at which $\text{FMR} = \text{FNMR}$.
+
+#### Failure-To-Capture Rate (FTC)
+
+Frequency of failing to capture a sample.
+
+#### Failure-To-Extract Rate (FTX)
+
+Frequency of failing to extract a feature of a sample.
+
+#### Failure-To-Acquire Rate (FTA)
+
+Frequency of failing to acquire a biometric feature.
+
+$\text{FTA} = \text{FTC} + \text{FTX} \times (1 - \text{FTC})$
+
+#### False Accept Rate (FAR)
+
+$\text{FAR} = \text{FMR} \times (1 - \text{FTA})$
+
+#### False Reject Rate (FRR)
+
+$\text{FRR} = \text{FTA} + \text{FNMR} \times (1 - \text{FTA})$
+
+#### False Positive Identification Rate (FPIR)
+
+Probability of some sample to match at least one of the entries in the database.
+
+$\text{FPIR} = (1 - \text{FTA}) \times (1 - (1 - \text{FMR})^{n})$
+
+## Threat scenarios
+
+No security issues without threat models! E.g. a password is considered safe without any provided threat model.
+
+### Smurf attack
+
+Attacker sends out ICMP ping request with spoofed sender IP address of the victim to the broadcast of some network.
+All recipients will answer the ping, and send the answer packets to the IP address they think was the sender, which is the victims IP address.
+In a network with 100 nodes, a single broadcast ICMP request results in 100 answers sent to the victim, causing a denial of service.
+
+### Password compromise
+
+Old threat model: One machine, one password. One compromised password means one compromised machine.
+New threat model: Multiple machines, one or similar passwords. One compromised machine can cause other compromised passwords.
+
+### Password spoofing attack
+
+Attacker presents a fake login screen to the victim.
+Victim enters his password and the attacker captures the data forwarded by the fake login screen.
+
+#### Countermeasures
+
+- System authentication to the user
+- Display number of failed logins
+  Indicates compromised password to the user.