Plaintext is the message (plus any headers etc) before it is encrypted. It may not be human readable (ie in come computer format) but is decodable without any secret knowledge.
Cleartext is an unencrypted (plaintext) message that is transmitted. It is assumed that cleartext is vulnerable to eavesdropping and other forms of attack.
Ciphertext is the message after it is encrypted.
The cipher is the mechanism and the method by which encryption and decryption occur.
The key is a value, usually secret, used by the encryption algorithm to convert the plaintext into ciphertext and back again. Without a key the cipher would need to be kept secret, and be replaced if an eavesdropper discovered it. By using a secret key to encrypt and decrypt, a cipher can be made public without threatening the message security.
Define Key Length
The key is a sequence of bits, such that any sequence of the right length is a possible key. An encryption algorithm will define the required key length.
Define Key Space
Key space is the range of all possible values that a key can have. The size of the keyspace has an impact on the security of the ciphertext as the security resides entirely in the key.
Entropy refers to the degree of unpredictability or uncertainty inherent in a system or value. If we have a 10 bit value derived from a truly random source, we have 10 bits of entropy. If it's derived from a non-random source the actual entropy will be less than 10 bits.
What is Kerchkhoff's Assumption?
Kerchkhoff's assumption is that the security must reside entirely in the key. Making all details of the encryption algorithm public should not in any way threated the security of messages encrypted with that algorithm.
What is a block cipher?
A cipher that operates on whole chunks of data at a time. Make sense when encrypting files off disk that are read as blocks anyway. Whole block must be encrypted together.
What is a stream cipher?
A cipher that operates on single bits (or bytes) at a time. Efficient in hardware but less in software where it's harder to deal with individual bits and bytes at a time.
What is a hybrid cryptosystem?
A simple public key protocol is significantly slower than symmetric cryptography, and vulnerable to chosen plaintext attacks. A hybrid cryptosystem uses a random session key generated by the initiator, which is used as the key to a symmetrically encrypt the message. The small session key is encrypted using the receiver's public key, and sent to the receiver along with the symmetrically encrypted message. The receiver decrypts the encrypted session key with their private key, and then decrypts the message with the session key.
What is Vernam Encryption?
Vernam encryption is sometimes called a "one time pad" and it is an unconditionally secure cipher. It relies on a completely random key the same length as the message. Each bit of plaintext is XOR'ed against the corresponding bit of the key. Decryption is identical.
What is a one-way hash function, and what two properties are they required to have?
A hash function is a cryptographic primitive which doesn't encrypt anything. It takes a variable length input called a pre-image, and produces a fixed length output known as a hash. It has two important properties: 1) Non invertibility. It is impossible to calculate a pre-image from a hash value. However an attacker can make guesses at the pre-image and compare it to the hash value. 2) collision resistance. The likelihood of two pre-images hashing to the same value is vanishingly small.
What is an ephemeral key?
A key that is generated for each execution of a key establishment process.
What is a non-ephemeral (or static) key?
A key which is used for a relatively long period of time.
What are 3 disadvantages of the X.509 PKI?
- 1) Problems assigning certificates. Not a universal solution as not everyone has one. DN (distinguished name) component can't work as names aren't unique.
- 2) Lack of certificate heirachy. Tree structure has not eventuated. There are over 650 CA's. Only one needs to be comprimised for complete security failure, at least until revocation occurs.
- 3) Difficulty in determining the CA's role. How should they validate an identity? Just filling in a form and getting an identity undermines the whole authentication process. Just limited handers-out of certs, where is the certification?
- 4) Revocation problems. CRL's must be checked on every transaction, and not just those with new certificates. So local caches are used, but this slows dissemination speed. Also many implementations don't use CRL's!
What are the differences between privacy and confidentiality? Give an example where each is the primary concern.
Confidentiality is about maintaining secrecy/control of a collection of abstract data. Privacy is about maintaining secrecy/control of data concerning a specific individual.
What are the differences between the Java and ActiveX security models for local execution of network code?
Java uses a "sandbox" architecture to prevent malicious code from executing on the host computer. ActiveX is native code that isn't platform independent, and will only run on intel/windows machines. ActiveX uses "authenticode" for security which is digital signing of activex controls. A user can verify it is from a trusted company and choose to execute it.
How does the PGP web of trust work? Give examples.
For every public key system, authentication of the public key is a problem. PGP trust relationships are like the "6 degrees of separation" idea, where it's suggested that any person in the world can determine a link to any other using 6 or less intermediaries. In PGP this is a web of introducers. PGP uses digital signatures as the form of introduction. When any user signs another's key, they become an introducer of that key. At the process goes on, it establishes a web of trust. Any user can act as a certifying authority, by validating another PGP user's public key certificate. But the certificate is only valid to another user if the relying party recognises the validator as a trusted introducer.
Why is deny-all by default the recommended policy for firewalls?
Deny all will cause any traffic not explicitly allowed in to be dropped by the firewall. This is the most secure way to configure a firewall, because the only ways in (or out) will be a known quantity, and efforts can be directed into ensuring that these services are implemented correctly, rather than having to proactively update firewalls to combat threats for a firewall where allow all is the default policy.
What is a trusted component in a security system?
Any component that would comprimise the security of the system were it to fail.
Which cipher has a 128 bit block size?
List some C library functions that are vulnerable to buffer overflows.
gets(), sprintf(), strcpy(), strcat()
Describe the Bell and LaPadula model.
- The Bell & LaPadula model is made up of three properties. The first two only apply to systems that enforce MAC (mandatory access control).
- 1) Simple Security Property. A subject at one clearance cannot access an object with a higher classification, or an object in a category for which they aren't authorised.
- 2)Star Property. A subject can't WRITE to an object that has a lower classification than the subjects clearance. (No write down rule) This prevents data being transferred (leaked) to a lower classification.
- 3)Discretionary Security Property. For a subject to access an object they must have been granted permission to do so by the owner of the object.
- The second part of the BLP model is the basic security theorem. It states that given a initial secure state, all that is need to keep it secure is to monitor all transitions between states to ensure the new state is secure.
What is the maximum size of an AES key?
256 bits. Other valid key lengths are 128 and 192 bits. The block size is 128 bits.
What is the maximum amount of entropy in an AES key?
What is the common criteria?
The common criteria represents an international standard which incorporates ideas from various other evaluation standards. It advocates independence of functionality and assurance requirements to maintain flexibility. It uses the concept of protection profiles which are set requirements for a general type of product. So a person inexperienced in security can select a protection profile without necessarily having to determine what levels of functionality and assurance are needed.
Which security problem do one-time passwords solve
One time passwords are valid for only one session. They solve the problem of replay attacks.
Why is the "owner trust" field never revealed in PGP?
Explain the stages of the "window of exposure" model
- Phase 1) Undiscovered. Vulnerability hasn't yet been discovered.
- Phase 2) Discovered. After is is discovered but before it is announced. Risk level depends on if it's discovered by a black or white hat.
- Phase 3) Announced but unfixed. If vendor was contacted at previous stage this phase might be brief or not exist. Otherwise risk escalates rapidly.
- Phase 4) Easily exploitable. Someone writes and publishes an exploit or attack tool.
- Phase 5) Patched. Vendor releases patch so risk falls as admins install it. Some won't install patch so risk will remain until system no longer in use.
For a one-way hash function with an output length of 256 bits, birthday attacks reduce the complexity of finding two colliding pre-images to?
It reduces the complexity from 2^n-1 down to 2^n/2. So 2^128
What is the highest protection class provided by TCSEC?
A1. This is verified protection, implements MAC and DAC.
What is the difference between reliability and security?
Something can be considered to be reliable if it behaves as expected. This does not imply security though. For something to be secure, it has to behave normally under all possible input (attack) not just all plausible input.
What is the purpose of Set UID in unix? Why would be the impact if is wasn't available?
The purpose of SUID is to enable users to run programs that may temporarily require elevated privleges to complete a task. An example is the unix passwd program. Only root can read/write the shadow password file, so how does someone with user priveleges change their own password?
What is a trusted path?
A trusted path is a way to securely access the TCB (trusted computing base). This is necessary to prevent attacks where the interface to the TCB is spoofed.
What are the steps to exploit a buffer overflow attack? What are the prerequisites?
- The prerequisite for a buffer overflow attack is a flaw in program code where there is no limit to the amount of data that can be copied into a fixed length buffer.
- If user supplied input to a fixed length buffer that exceeded the buffer size, it will overflow the allocated space for the buffer and overwrite whatever else is on the stack at the end of the buffer. This might include a function return address! So an attacker could overwrite the return address with a pointer to malicious code (usually shell code). When the function returns, it will run the shell code with the priveledge of the original program.
What level of functional access control applies to unix?
Unix provides user-programmable sharing controls. They allow a high degree of control over the access allowed to an object.
What is the US Advanced Encryption Standard also known as?
Rijnadael (rhine-dahl). Block cipher that was selected to become the official AES cipher from six finalists.
What access control architecture does Kerberos use?
Why are one-time pads rarely used?
Because they require keys as long as the message itself, and require a large stream of high quality random numbers to encrypt. Keys can only be used once and must then be discarded.
Why is SET less popular than SSL?
- 1) SET is generic, SSL is specific
- 2) SET separates payment from shopping
- 3) SET does not provide a choice of ciphers
- 4) SET's advantages serve the card issuer, not the card holder
- 5) SET demands all parties, including clients have X.509 certificates.
What is a virus?
A virus is a malicious piece of code that becomes attached to another larger piece of code (usually a useful program). It may do things like destroy data but many are relatively harmless.
What is a worm?
A worm is similar to a virus, in that it infects a system - however it is an independent piece of code that can travel of it's own accord from system to system over a network.
What is a trojan horse?
A trojan horse is a program that performs some useful and desirable operation, but has malicious code hidden inside it. An example may be a trojan that runs on the background listening to a TCP port. A remote attacker can connnect to this port and issue commands gaining control over the system.
What is a backdoor?
A backdoor is a generic way for an attacker to get back into a system. A system may be built with an undocumented entry point, or it may be added after a user compromises the system, in the form of a "root kit".
What is the difference between symmetric and assymetric encryption?
- Symmetric encryption is the oldest and best known technique. A secret key is applied to the text of a message to change the content in a particular way. As long as both sender and recipient know the secret key, they can encrypt/decrypt messages that use this key.
- Symmetric encryption has an inherent problem with exchange of keys. How does one exchange keys and prevent them from falling into the wrong hands?Assymetric encryption uses a pair of keys, one private and one public. The public key is freely available to anyone who wants to send you a message. The private key is kept secret. A message encrypted by the public key can only be decrypted by the matching private key. This solves the key exchange problem inherent with symmetric encryption. But it is much slower and requires more processing power to encrypt and decrypt messages.
What are the differences between ethics and laws?
Ethics deals with judgment of right or wrong with respect to established societal views and criteria. Laws provide a set of specific requirements for behaviors and tend to be black and white. There are many scenarios where behaviour is technically legal, but on a societal level may not be considered acceptable. Ethics deals with these other criteria.
Why are pseudorandom number generators important?
Because keys must be chosen randomly. Any key chosen must be just as likely as any other key. Generating random numbers on deterministic machines is hard!
What makes passwords vulnerable to dictionary attacks, and why are we still using them?
There are 3 ways to authenticate a user - what you have (a token, ID card etc), what you are (biometric eg fingerprint) or what you know (password). These can be used individually or as a combination. "What you know" is still the most popular form of authentication as it doesn't have the logistical issues of tokens or technological challenges of biometrics. Passwords must be easy to remember, which for humans means it will probably be based on known text. Unfortunately this massively reduces the entropy or randomness of the password, and allows targeted attacks based on dictionary words.
Name and describe the three different general categories of authentication scheme.
WYH, WYA, WYK
How can TCP ISN prediction make it possible to forge network connection source addresses?
- The TCP handshake mechanism uses ISNs (initial sequence numbers) during the handshake as a redimentry means to prevent forged client IP addresses.
- C -> S: SYN(ISNc)
- S -> C: SYN(ISNs), ACK(ISNc)
- C -> S: ACK(ISNs), data
- The forger won't see the server SYN,ACK as it will go to the spoofed IP. So without the ISNs any subsequent ACK from the forger will fail.
- ISN's are often not very random though and can be predicted. EG some old implementations init at 1 after boot and increment by 128,000 every second. Also increment ISN by 64000 every connection. This allows prediction of the servers ISN. Used to exploit trust relationship based on IP address. An attacker may SYN flood the real client IP to prevent them responding with a RST.
What is the difference between a username and a UID in unix, and which is most important in relation to security?
A username maps to a unique UID, and is only used at the authentication stage. The UID is used by the operating system after login.
Outline two different ways in which network eavesdropping can become possible.
- 1) Packet sniffing. Over the internet data passes through untrusted nodes, any of these could potentially read plaintext transmissions. As it's a passive attack you wouldn't even know that it's happening.
- 2) Man-in-the middle attacks.
How many cryptographic primitives are there?
- There are 5.
- -Symmetric Ciphers
- -One Way hash functions
- -Public Key Encryption
- -Digital Signatures
- -Pseudorandom number generators (PRNGs)
What dimension of security is most applicable to a military agency?
How many rounds does the AES cipher use?
- It depends on the key size.
- Length 128 bits - 10 rounds
- Length 192 bits - 12 rounds
- Length 256 bits - 14 rounds
What is the difference between a hacker, cracker and attacker?
- 1) Hacker - someone who attempts to compromise system security. Traditional meaning is someone who like to explore things in detail and/or someone who enjoys programming.
- 2) Cracker - replacement term for hacker, referring specifically to someone who maliciously attempts to compromise computer system security.
- 3) Attacker - A more generic and formal term for someone who attempts to compromise security.
What is the difference between controlled sharing, and user programmable sharing?
- Controlled sharing - individual subjects specify who may or may not access objects. Usually includes type of access eg r/w.
- User programmable - very high degree of control over access allowed eg. access time windows, r/w certain parts of a file, retrieve calculations from a file's data but not see the data itself. Common in DBMS. SUID also an example of this.
What are the key differences between TCSEC and ITSEC?
ITSEC is more flexible, in that it is able to deal twith varying security requirements instead of being so military focussed. It differs from TCSEC in that it separates functionality requirements from assurance requirements.
What is an encryption based mechanism that secures network communications at the transport layer?
SSL. SSl record protocol sits directly above the TCP layer and takes TCP frames and breaks them up into SSL plaintext records, which are optionally compressed and then encrypted with a MAC attached.
Why is revocation an important characteristic of an authentication system? Give examples of two systems - one where revocation is easy, and another where it is problematic.
Revocation enables the cancellation of certificates where
Why would using voice prints to authenticate internet banking be problematic?
Replay attacks! Biometrics need to have trusted authentication hardware.
Why might an ethical reasoning strategy be useful?
In a situation where the "right" decision is not immediately evident, an ethical reasoning strategy can help identify it. Once we know what the "right" decision is, using an ethical reasoning strategy can assist in justifying it to others.
Why is X.509 an important PKI?
Because of it's popularity. It's used by S/MIME, IPSEC and SSL. ITU standard for binding public keys to individuals.
How would you verify the integrity of a PGP key you have just received from someone you don't know?
By establishing a chain of trust from yourself to the unknown key. The idea is that the unknown key gets signed by others that can vouch for it's authenticity.
The ethical reasoning approach that seeks to find the outcome which will bring the greatest good to the greatest number of people is?
- Utilitarianism (greatest good)
- Teleological (outcome of one decision "better" than another)
- Egoism - which decision is better for the decision maker
- Deontology - some things are just "right" like justice, peace, freedom
What is multi-level security in relation to TCSEC?
Multi level security refers to subjects and objects at different security classifications being able to exist securely on the same computer system.
What is a PKI, and why is is necessary?
Assymetric encryption solves the key exchange problem inherent to symmetric encryption. But there is still a vulnerability to man-in-the middle attacks. If alice wants to send bob a secure message, she can request bob's public key. But what guarantee is there that she is actually talking with bob, and not someone masquerading as him? The problem is now one of authentication and integrity. This is inherently difficult between untrusted parties. A PKI is a public key infrastructure, and it provides a mechanism for obtaining a public key and verifying that the key belongs to the right person.
What is the size of the output from SHA1?
What is security through obscurity? Is it effective?
STO is the idea that by keeping the details of a program's implementation secret, security will be increased because potential attackers will have no knowledge of how the program operates. This is an ineffective approach because keeping these details secret doesn't prevent attackers exploiting and finding holes. It also makes it harder for legitimate users to secure their systems. Vulnerabilities may exist that are known by not only the implementors, but by malicious attackers.
What are the differences between transport and tunnel modes in IPSEC ESP protocol?
In PGP, if the "owner trust" field on Bob's public key in Alice's key ring is set as fully trusted, what does this mean?
What are the typical sizes for the moduli of the host and server keys in the SSH protocol?
In order to obtain approximately the same security level when using a one-way hash function in conjunction with a symmetric cipher with a 128 bit block size, what should the output length from the hash function be?
What is confidentiality? Name a security mechanism that can provide it.
The premise that data, either as a whole or in part cannot be viewed by unauthorised people (no information leakage).
What is integrity? Name a security mechanism that can provide it.
Data cannot be modified by unauthorised people or be modified in an unauthorised way by thoise who may otherwise modify it.
What is availability? Name a security mechanism that can provide it.
Allocation of, and access to computing resources will be "reasonable" and in accord with security policy and expected service quality levels.