CS 465: Computer Security, Week 1

What is the literal definition of cryptography?

"Hidden writing".

What are the 3 requirements for asymmetric encryption to be effective?

1) A strong algorithm (aka cipher). 2) Must be fast. 3) Must operate under the ASSUMPTION that the sender and receiver must securely obtain and store the secret key.

What are the two types of ciphers and how do they work? Name an example cipher of each type, and describe said cipher.

1) Block cipher (3DES aka Triple Data Encryption Algorithm which uses a cipher three times to encrypt its data, AES): In which plaintext is broken up into blocks of a fixed size, such as 64 or 128 bits. 2) Stream cipher (RC4, which generates pseudorandom bits XORed with the plaintext, similar to a one-time pad): In which plaintext is processed continuously, usually one byte at a time.

What are the 2 steps to creating a threat model?

1) Determine the threats that are relevant; 2) Analyze how well the system thwarts those threats. / Find solutions to them.

What are the key three learning objectives of this course?

1) Gain a breadth of knowledge in computer security. 2) Understand the basic principles of cryptography, and how they're used in security services. 3) Understand the basic principles of secure software design.

What can go wrong with cryptographic algorithms? Name 2 examples.

1) Relying on the secrecy of the algorithm (someone discovering a substitution cipher). 2) Using an algorithm incorrectly, or in a way it wasn't designed to be used (i.e. WEP using RC4 incorrectly).

What are attack trees?

A hierarchal tree with the root node representing the goal of an attacker. The child nodes contain all the ways the goal could be accomplished, complete with probabilities.

What is Salsa20 encryption?

A lesser-known stream cipher (involves random numbers).

What is PyChromecast?

A library to add Chromecast functionality to your own Python stuff.

What is the principle of least privilege?

A process, system, or user should have enough permissions to do JUST what they need to do, and NOTHING MORE.

What is the weakest link property?

A security system is only as strong as its weakest link.

What is MAC (Message Authentication Code)?

A short piece of information that authenticates a message. Generally a checksum. Verify that your message hasn't been meddled with or corrupted.

What is a cryptographic hash function?

A way of storing ciphered text instead of a password directly. Mapping it.

What is Repudiation (Deniability) and Non-Repudiation?

Ability to deny that an action took place, OR preventing that denial (i.e. we have EVIDENCE that you illicitly logged into this Venmo and sent yourself money, because it's your profile that the money was sent to). (Or, we have EVIDENCE that it was you, not someone else, who tried to deposit this fake check).

Who are the two good guys in the security world, and what do they want to accomplish?

Alice and Bob! All they want is to exchange messages securely, or shop securely, etc. They want to do secure things.

Explain digital signatures in the context of class.

Alice can sign it using her private key, and publish her signature. Bob can get her public key off her website, and use it to verify the digital signature and see the data.

What is RSA encryption?

An asymmetric (two keys, one for encrypting, one for decrypting) cipher. It is based on the fact that prime factorization is extremely difficult to do computationally.

What is AES (Advanced Encryption Standard)?

An encryption cipher. It uses the same key to encrypt and decrypt data, so it's a symmetric cipher. It has a 128-bit encryption key, which would take billions of years to break through. It is also (relatively) fast.

What is the difference between authorization and authentication (for access control)?

Authentication = Is this really Alice? Authorization = Does Alice really have permission to do this?

How does public key encryption work?

Bob has a private and public key. Alice has a different private and public key. Alice takes Bob's public key, and encrypts her plaintext using an algorithm. She sends the text to Bob. He uses his private key to decrypt (along with the decryption algorithm) and receives the plaintext.

What are cryptographic primitives?

Building blocks, or tools, of cryptographic systems.

Name 3 kinds of cyberattacks that we need to defend from. Hint: CIA

Confidentiality (preventing unauthorized access to data), Integrity (detecting unauthorized data), Availability (protecting against denial of service, making sure data is delivered on time, making sure system is up and available.)

Explain the CIA defense model in the context of secure email. What kind of attacks for each letter? What kind of defense?

Confidentiality: Attack = eavesdropping, hacking the mail server. Defense = End-to-end encryption (using keys). Integrity: Attack = changing the content of the email. Defense = Having a digital signature. Availability: Attack = the mail server could be DDoSed, or there could be a TLS downgrade attack

What are the 3 big ideas to understand cryptography?

Confusion, Diffusion, and Secrecy only in the key.

What are the three topics of study in this course?

Cryptography, systems, and software security.

Name 4 examples of public key cryptography, and describe them.

Diffie-Hellman (in which keys are not exchanged, but rather jointly derived), RSA, Elliptic Curve Cryptography (ECC) (uses the mathematical properties of elliptic curves), and Identity-Based Encryption (IBE) (in which pretty much anything can be a public key, such as an email address or date).

What are some use cases of hashing?

Digital signatures, file integrity verification, password hashing, rootkit detection (a type of software that allows administrative access when it shouldn't).

What is a Caesar cipher?

Each letter is encrypted by shifting it to a different letter, later in the alphabet (using an offset of, say, 13).

Who are the three bad guys in the security world, and how do they attack?

Eve (the eavesdropper and passive attacker), Mallory (the active, malicious attacker), and Trudy (the intruder).

What are some use cases for HMAC (an algorithm used for MAC)?

HTTPS integrity, integrity of messages in authentication protocols, integrity of cookies, web application remote procedure calls (which is: calling functions on remote systems using the client-server model).

What are some technologies that use symmetric encryption?

HTTPS, chat, email, file/disk encryption

What is encryption?

Hiding data. Transforming information such that its true meaning is hidden. Requires special knowledge to retrieve.

What is steganography?

Hiding something inside of something else that is innocuous, like the first letter of every paragraph being a hidden message (think TSwift).

What are 2 things that can go wrong with a cryptographic key?

It can be 1) too big, which will slow things down and make storage difficult. Or, 2) too small, which makes brute force attacks possible.

What does WiFi Pineapple do?

It can spoof access points, do MITM attacks...

Why is "Is this system secure?" a bad question to ask? (1 principle, 2 facets)

It is too broad. Secure from what? Secure from whom?

What is a Vigenere cipher?

It uses a table with 26 Caesar ciphers, all on top of each other. The shifts start at 0 and go up to 25. There is a keyword. You write this keyword repeatedly over the cipher. Then you find the column containing the keyword letter, and search for the cipher letter, then look at the corresponding ROW letter. This is the decrypted letter.

How do MACs work, using the given diagram in class?

K is the secret key. You take a message and K and stick it in the MAC algorithm, which gives us something secure we can transmit. We transmit it across the internet, and the receiver takes it. He splits off the MAC, he has his own copy of the PRE-EXCHANGED secret key, runs it through the MAC algorithm, then compares it with the one sent to him and the one computed. Now he knows that the message is legit and not corrupted or modified.

What should you do if uploading isn't working for you, close to the deadline?

Make a SHA1-sum and send it to him, then submit it when you can.

When are homework generally do? Labs?

On Tuesdays (before class starts, online, as a PDF). Labs = Fridays.

What are the 3 facets to security (and not just computer security)?

Prevention, Detection (Notice when something goes wrong), and Reaction (Having a plan in place, automated or otherwise).

What is one of the biggest non-technical threats to security?

Social engineering!

What does the STRIDE threat model (determining what you may need for defense), from Microsoft, stand for?

Spoofing user identity, Tampering (modifying data or code), Repudiation (claiming to have/have not performed an action, was it really me who connected? i.e. my check bounced, oh the check was forged! = but we can tell that it wasn't), Information disclosure (stealing password), Denial of service, Elevation of privilege (getting admin access to, say, reconfigure an access point)

What are the 4 cryptographic primitives we'll be learning about this semester, and what are their abbreviations?

Symmetric Encryption (AES) up to midterm 1, Public-Key Cryptography (RSA), Secure One-Way Hash (SHA-256), and Message Authentication Code (MAC).

10^51 is how many iterations we need to cycle through a 219-bit counter. What is this comparable to, and why is it beneficial?

The energy of a supernova. This ensures extremely effective security.

What is a one-time pad? What are the 4 conditions for it?

The only mathematically unbreakable encryption. Plaintext is combined with a truly random key, using the XOR operator. It's also a type of Vigenere cipher. *Technically*, a perfect encryption scheme assuming you only ever use it once. From Wikipedia... 1) The key must be truly random. 2) The key must be at least as long as the plaintext. 3) The key must never be reused in whole or in part 4) The key must be kept completely secret.

Why are one-time pads impractical?

The random key must be sent securely. The efficacy of OTP is mathematical; it operates on the basis that the random key isn't out where anyone can see it. The only real way to ensure this is a physical meeting (and even that isn't perfect), and this isn't generally practical. Also, it can only be used once. Additionally, large blocks of data require a MASSIVE key -- problem of storage more than it is runtime.

What is Kerckhoffs' Principle?

The security of the symmetric encryption depends on the secrecy of the KEY, not the secrecy of the ALGORITHM. (After all you can't really complete the algorithm without the key! So that's why we can publicize those algorithms.) (Read: Caesar Cipher is not secure.)

Describe the public key digital signature model.

There is both a signing and a verification algorithm. Signing = A hash is created, which is then encrypted using the private key. This is the signature which we send, along with the actual data. Verification = Computes a hash on the signature/public key (using a verification algorithm) and computes a hash (using that same algorithm) on the data. The two resultant hashes should equal each other.

Explain symmetric encryption.

They both arranged to have a copy of the key ahead of time, like at dinner. A pre-shared key. Alice runs her plaintext through an encryption algorithm, which results in ciphertext. Bob receives the ciphertext and runs the decryption algorithm (usually the inverse of the encryption algorithm) and receives the plaintext.

How many midterms do we have, and when are they?

Two. We have Thursday - Saturday to take the test around October 13th. Then, in November.

What is security through minority?

Using an unpopular tool.

Why do we need redundancy in security?

We need to assume that there will always be a partial failure. That's why we have, for example, both firewall AND antivirus.

What is security through obscurity?

When you rely on the secrecy of the design/implementation as the main method of providing security. Example: Obscure URL, or hiding your key somewhere on your front lawn.

Is public key encryption the same thing as asymmetric encryption?

Yes.