Architectural Review Standards And Procedures: Fill & Download for Free

Telegram’s encryption violates one of the cardinal rules of crypto: never roll your own cryptography.Unlike Signal, WhatsApp, and other services that use industry standard algorithms (and implementations) such as AES-256, Telegram uses a custom designed encryption scheme known as MTProto to protect its messages.The reason why you don’t roll your own crypto is simple: you probably screwed up somewhere. Cryptographic security is the result of years/decades of rigorous mathematical and architectural review.AES-256 GCM was only added to the NSA Suite B suite after 5+ years of review from the global professional and academic cryptography community. Relying on an algorithm that has only been reviewed by a handful of people who don’t necessarily even have a background in professional cryptography - Telegram in their whitepaper omits any experience in cryptography highlighting instead their team’s education and experience winning the collegiate ACM ICPC programming competition - is exceptionally dangerous.As a result MTProto has a number of known problems that would allow an adversary like the police or a government, or even undergrads at MIT, to compromise Telegram.We’ll examine two problems inherent to Telegram below: Telegram’s issues with creating session keys for protecting communications from client to server and vulnerabilities in how Telegram encrypts data as a whole.Key Exchange Issues with Telegram Client->Server CommunicationMost channel encryption (cryptography protecting conversations) relies on a key exchange to ensure that both parties talk to each other over a mutually encrypted channel using the same key.Key exchanges are extremely sensitive and careful procedures. The result of a key exchange is a session key which is the secret that an adversary spying on your communication is attempting to gain. Just like one of the most dangerous time for an airplane flight is at takeoff, the key exchange is of the most dangerous times in encryption.Telegram goes against convention by not employing the Ephemeral Diffie Hellman (EDH) algorithm when it creates its session keys. This means that its conversations may use the same key for separate conversations. In contrast, most other crypto systems, such as TLS, randomize the session key each time to avoid someone using a compromised key from another exchange to decrypt recorded conversations - a practice known as Perfect Forward Secrecy.Instead of using Ephemeral Diffie Hellman, Telegram uses “plain” Diffie Hellman. It protects its session keys by combining Diffie Hellman with a salt - a random number that is generated by the server for each client. Telegram attempts to replicate some of the same protections as EDH by periodically rotating the salt, it gives no provision on how often that salt is randomized. To quote Telegram, salts are defined in MTProto as:“A (random) 64-bit number periodically (say, every 24 hours) changed (separately for each session) at the request of the server.”Given that the salt is the primary mechanism used by the client and the server to create a session key, the fact that Telegram does not rotate its salts in a very short period of time opens the window for an active Man in the Middle attack wherein an adversary steals the salt to circumvent the key derivation function (or KDF in MTProto’s diagram above) in order to perform a Rainbow Table attack on the encrypted session communication.Modern processors and advances in software engineering have made it easy to perform Rainbow Table attacks on even modest consumer computing hardware. Using ophcrack, a user on just a Macbook Pro can discover 11-digit randomized alphanumeric keys.Given that the salt used to randomize session keys are held for possibly up to 24 hours, an adversary listening at the right place and the right time could theoretically recover the session key used to protect client->server communication within Telegram.Basically, depending on how Telegram handles salt rotation and lays out its infrastructure, this could be used to decrypt recorded conversations between Telegram clients and their server. Given Telegram’s less than amicable relationship with the Russian government and it’s well-marketed use case of focusing on being censor-resistant and private, this is a huge problem.IND-CCA Vulnerabilities in TelegramMTProto does not use the HMAC process to secure its messages as part of encrypting data. This process is critical for defending against a series of attacks known as CCA - Chosen Ciphertext Attacks.CCA works by having an attacker eavesdrop messages and modify them in flight. They can then modify the content of that message to deduce the behavior of the user or application, which could be used to reveal information about the plaintext or even compromise the system the communication is running on.Ideally you stop this with HMAC, which hashes the content of the message to help ensure its integrity from server to client. Telegram doesn’t do that because it doesn’t feel like it, and instead the protocol simply includes a number that lists the length of the message. This makes sense from a performance perspective, but it’s dangerously insecure.Basically, you can work backwards from this detail to sneak in data read by the client that they can’t certify as valid. That is cruising for a security bruising right there - especially if the system doesn’t validate that input and it can be exploited to run buffer overflow attacks and the like.Telegram in principle is a good idea. Secure, private communication is a critical problem, and building a system that is easy to use and secure is a variant goal.But the team’s insistence on using their own homegrown cipher is a big problem. And as the security and cryptography has noted loudly over the last few years, it can (and has) led to vulnerabilities that compromise Telegram’s security model.

Review and understand existing bug reports, test plans, test processes.Produce documentation for improved test strategy and procedures to implement improved test processes. This includes functional, regression, performance, security, and other methodologies, and guides QA in making improved test plans.Evaluate test tools including automation for the previous step, including build verification and IDE plugins and lint programs to catch bugs earlier than waiting for the finished build.Work with project managers and development architects to define improved coding standards and test instrumentation and interfaces.Work with support team to gather end-user metrics on bugs reported, and demonstrate to management that your efforts have resulted in higher quality.Expedite audit teams reviewing software quality.Raise procedural issues to management, get budget for improved tools, advise QA on training courses.Pitch in and help out where your efforts most effectively improve quality.Perform research to improve your knowledge in areas allowing you to become more effective.Go back to step 1. Performing QA architecture means you must keep updating your knowledge, and then iteratively continue to improve quality as systems change.

An EA maturity model is a capability maturity model applied to enterprise architecture. Like all the other capability maturity models, there are 5 levels ranging in maturity from none to optimizing & continuous improvement.See this page from Open Group. Also look into TOGAF.http://www.opengroup.org/architecture/togaf8-doc/arch/chap27.htmlhttp://en.wikipedia.org/wiki/The_Open_Group_Architecture_FrameworkCapability Maturity Models (CMMs) address this problem by providing an effective and proven method for an organization to gradually gain control over and improve its IT-related development processes. Such models provide the following benefits:They describe the practices that any organization must perform in order to improve its processes.They provide a yardstick against which to periodically measure improvement.They constitute a proven framework within which to manage the improvement efforts.The various practices are typically organized into five levels, each level representing an increased ability to control and manage the development environment.The benefits of capability maturity models are well documented forsoftware and systems engineering. Their application to enterprise architecture has been a recent development, stimulated by the increasing interest in enterprise architecture in recent years, combined with the lack of maturity in this discipline.This section introduces into TOGAF the topic of capability maturity models and their associated methods and techniques, as a widely used industry standard that is mature enough to consider for use in relation to enterprise architecture.Example: IT Architecture Process Maturity LevelsThe following example shows the detail of the IT architecture maturity levels as applied to the first of the ninecharacteristics, IT architecture process.Level 0: NoneNo IT architecture program. No IT architecture to speak of.Level 1: InitialInformal IT architecture process underway.Processes are ad hoc and localized. Some IT architecture processes are defined. There is no unified architecture processacross technologies or business processes. Success depends on individual efforts.IT architecture processes, documentation, and standards are established by a variety of ad hoc means and are localizedor informal.Minimal, or implicit linkage to business strategies or business drivers.Limited management team awareness or involvement in the architecture process.Limited operating unit acceptance of the IT architecture process.The latest version of the operating unit's IT architecture documentation is on the web. Little communication exists about theIT architecture process and possible process improvements.IT security considerations are ad hoc and localized.No explicit governance of architectural standards.Little or no involvement of strategic planning and acquisition personnel in the enterprise architecture process. Little or noadherence to existing standards.Level 2: Under DevelopmentIT architecture process is under development.Basic IT architecture process is documented based on OMB Circular A-130 and Department of Commerce IT Architecture Guidance.The architecture process has developed clear roles and responsibilities.IT vision, principles, business linkages, baseline, and Target Architecture are identified. Architecture standards exist, butnot necessarily linked to Target Architecture. Technical Reference Model (TRM) and Standards Profile framework established.Explicit linkage to business strategies.Management awareness of architecture effort.Responsibilities are assigned and work is underway.The DoC and operating unit IT architecture web pages are updated periodically and are used to document architecturedeliverables.IT security architecture has defined clear roles and responsibilities.Governance of a few architectural standards and some adherence to existing Standards Profile.Little or no formal governance of IT investment and acquisition strategy. Operating unit demonstrates some adherence toexisting Standards Profile.Level 3: DefinedDefined IT architecture including detailed written procedures and TRM.The architecture is well defined and communicated to IT staff and business management with operating unit IT responsibilities.The process is largely followed.Gap analysis and migration plan are completed. Fully developed TRM and Standards Profile. IT goals and methods areidentified.IT architecture is integrated with capital planning and investment control.Senior management team aware of and supportive of the enterprise-wide architecture process. Management actively supportsarchitectural standards.Most elements of operating unit show acceptance of or are actively participating in the IT architecture process.Architecture documents updated regularly on DoC IT architecture web page.IT security architecture Standards Profile is fully developed and is integrated with IT architecture.Explicit documented governance of majority of IT investments.IT acquisition strategy exists and includes compliance measures to IT enterprise architecture. Cost benefits are considered inidentifying projects.Level 4: ManagedManaged and measured IT architecture process.IT architecture process is part of the culture. Quality metrics associated with the architecture process are captured.IT architecture documentation is updated on a regular cycle to reflect the updated IT architecture. Business, Data,Applications, and Technology Architectures defined by appropriate de jure and de facto standards.Capital planning and investment control are adjusted based on the feedback received and lessons learned from updated ITarchitecture. Periodic re-examination of business drivers.Senior management team directly involved in the architecture review process.The entire operating unit accepts and actively participates in the IT architecture process.Architecture documents are updated regularly, and frequently reviewed for latest architecture developments/standards.Performance metrics associated with IT security architecture are captured.Explicit governance of all IT investments. Formal processes for managing variances feed back into IT architecture.All planned IT acquisitions and purchases are guided and governed by the IT architecture.Level 5: OptimizingContinuous improvement of IT architecture process.Concerted efforts to optimize and continuously improve architecture process.A standards and waivers process is used to improve architecture development process.Architecture process metrics are used to optimize and drive business linkages. Business involved in the continuous processimprovements of IT architecture.Senior management involvement in optimizing process improvements in architecture development and governance.Feedback on architecture process from all operating unit elements is used to drive architecture process improvements.Architecture documents are used by every decision-maker in the organization for every IT-related business decision.Feedback from IT security architecture metrics are used to drive architecture process improvements.Explicit governance of all IT investments. A standards and waivers process is used to make governance-processimprovements.No unplanned IT investment or acquisition activity.