FUNDAMENTAL

OF INFORMATION
SECURITY
Best Practices
Content

ON-THE-FLY DISK ENCRYPTION ELECTRONIC CODE BOOK (ECB), ONE-TIME PASSWORD (OTP),
(OTFE) CIPHER BLOCK CHAINING (CBC), HMAC-BASED ONE-TIME
CIPHERTEXT FEEDBACK (CFB) PASSWORD (HTOP)
 Best Practices in
Information Security

Kredit:https://www.it.ucsb.edu/password-best-practices
12 Top Tips for Information Security

Credit: https://www.contextis.com/us/blog/12-top-tips-for-cyber-security
Credit: https://www.contextis.com/us/blog/12-top-tips-for-cyber-security
Credit: https://www.contextis.com/us/blog/12-top-tips-for-cyber-security
Credit: https://www.contextis.com/us/blog/12-top-tips-for-cyber-security
Also known as “Live encryption, “transparent
encryption”, “real-time encryption”

When you open a file from the safe, the data is

decrypted instantly. When you save it back, the file is
re-encrypted automatically (on-the-fly).

ON-THE-FLY DISK ENCRYPTION

(OTFE)
ON-THE-FLY DISK ENCRYPTION (OTFE)
• One of the major advantages that a live-encryption program has over
a classic file encryption program is that you don’t have to remember
to re-encrypt the files you work with after you’re done.
• Live-encryption programs are the next generation of encryption
programs.
• Used in situations when you want the encryption process to be totally
transparent
 ELECTRONIC CODE BOOK (ECB)
• A mode of operation for a block cipher
• With the characteristic that each possible block of plaintext has a
defined corresponding ciphertext value and vice versa.
• Has the ability to support a separate encryption key for each block
type.
CIPHER BLOCK CHAINING (CBC)
• In CBC mode, each block of plaintext is XORed with the previous
ciphertext block before being encrypted.
• This way, each ciphertext block depends on all plaintext blocks
processed up to that point.
• To make each message unique, an initialization vector must be used in
the first block.
CIPHERTEXT FEEDBACK (CFB)
• The cipher feedback (CFB) mode, a close relative of CBC, makes a
block cipher into a self-synchronizing stream cipher.
• Operation is very similar
• CFB decryption is almost identical to CBC encryption performed in
reverse
ONE-TIME PASSWORD (OTP)
• Also known as one-time pin or dynamic password
• A password that is valid for only one login session or transaction, on a
computer system or other digital device.
• The most important advantage that is addressed by OTPs is that, in
contrast to static passwords, they are not vulnerable to replay attacks.
• OTP systems also aim to ensure that a session cannot easily be
intercepted or impersonated without knowledge of unpredictable data
created during the previous session, thus reducing the attack surface
further.
HOW OTPS ARE GENERATED AND DISTRIBUTED
• OTP generation algorithms typically make use of randomness
• Various approaches for the generation of OTPs are listed below:
Based on time-synchronization between the authentication server and the
client providing the password (OTPs are valid only for a short period of time)
Using a mathematical algorithm to generate a new password based on the
previous password (OTPs are effectively a chain and must be used in a
predefined order).
Using a mathematical algorithm where the new password is based on a
challenge (e.g., a random number chosen by the authentication server or
transaction details) and/or a counter.
Methods of delivering the OTP

A common technology used

Phones for the delivery of OTPs is text
messaging.

Authentication-as-a-service
providers offer various web-
Web-
based methods for delivering based
one-time passwords without
the need for tokens. methods
HMAC-BASED ONE-TIME PASSWORD (HTOP)
• Is a one-time password (OTP) algorithm based on hash-based
message authentication codes (HMAC)
• Also known as Event-based OTP
• The original One-Time Password algorithm and relies on two pieces of
information
• The first is the secret key, called the "seed", which is known only by the token
and the server that validates submitted OTP codes.
• The second piece of information is the moving factor which, in event-based
OTP, is a counter.
HOTP is calculated by first creating an HMAC hash from the seed and
counter. The result output is too long though, it’s a 160-bit long string. Thus,
next, it is shortened to a reasonable 6 or 8 digits, which is the OTP displayed
on the token.
Multi Level Security

Kredit:https://www.it.ucsb.edu/password-best-practices
MULTI LEVEL SECURITY
• The application of a computer system to process information with:
a) Incompatible classifications (i.e., at different security levels)
b) Permit access by users with different security clearances
c) Needs-to-know and prevent users from obtaining access to information for
which they lack authorization.
• There are two contexts for the use of multilevel security:
A system that is adequate to protect itself from subversion and has robust
mechanisms to separate information domains, that is, trustworthy
An application of a computer that will require the computer to be strong
enough to protect itself from subversion and possess adequate mechanisms
to separate information domains, that is, a system we must trust.
TRUSTED OPERATING SYSTEMS
• An OS which has been tested by Common Criteria labs’ based to the
ISO /IEC 15408 criteria and passed the test to call certified to be a
Secure OS.
• Trusted Operating System (TOS)generally refers to an operating
system that provides sufficient support for multilevel security and
evidence of correctness to meet a set of government requirements.
An OS IS TRUSTED if it can provide:
1. Memory Protection
2. File Protection
3. User Authentication
4. Policy
5. Identification and Authentication