Computer Security Chapter 1-4
How many keys are required for two people to communicate via a symmetric cipher?
Sender and receiver use the same key, so only one key is required.
What is a message authentication code?
Short piece of information that is used to authenticate a message, and to provide integrity and authenticity assurances on the message. Uses a secrete key to generate a small block of data that is appended to the message.
What are the two common techniques used to protect a password file?
Using a salt value. This salt is stored in plaintext with the hash from (salt + password). Password File Access Control. The hashed passwords are kept in a separate file from the user Ids referred to as shadow password file. Only privileged users have access to this file.
What are the two principle requirements for the secure use of symmetric encryption?
1. Needs to have a strong encryption algorithm, to be such that an opponent who knows the algorithm and has access to one or more ciphertexts would be unable to decipher or figure out the key. 2. Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure.
What is a public-key certificate?
A certificate consists of a public key plus a user ID of the key owner, with the whole block signed by a trusted third party (= certificate authority CA). The user can then publish the certificate and anyone needing this user's public key can obtain the certificate and verify that it is valid by means of the attached signature.
What is the difference between a private key and a secret key?
A private key is the key used in public-key (asymmetric) encryption, while the secret key is used in conventional (symmetric) encryption.
What is a protection domain?
A protection domain is a set of objects together with access rights to those objects. In terms of the access matrix, a row defines a protection domain. Although, in the protection domain model a user can spawn processes with a subset of access rights of the user. This is useful for servers to spawn processes for different classes of users and for not fully trusted processes to reduce their access rights to a safe subset. i. Objects and their rights
1.5 Explain the difference between an attack surface and an attack tree
An attack surface consists of the reachable and exploitable vulnerabilities in a system. Analysis of attack surfaces is useful for assessing the scale and severity of threats to a system. An attack tree is a branching, hierarchical data structure that represents a set of potential techniques for exploiting security vulnerabilities. The attack tree can guide both the design of systems and applications, and the choice and strength of countermeasures.
What is an access right?
An access right describes the way in which a subject may access an object (eg. Read, write, execute, delete) i. Subject permissions to access object Read, write, execute, delete
Define computer security
Computer security is the protection of data and systems to preserve the integrity, availability, and confidentiality of information system resources.
List three approaches to message authentication.
Message encryption, message authentication code, hash function.
List and briefly define categories of passive and active network security attacks.
Passive o Release of message contents - files or data with confidential information is leaked to an attacker during transit. o Traffic Analysis - Monitoring information traffic (even if the message is encrypted) in or to determine the location and identity of communicating hosts, and the frequency and length of messages being exchanged. This information can be used to guess the nature of the communication that was taking place. Active o Replay - passive capture of a data unit and its subsequent transmission to produce an unauthorized effect. o Masquerade - takes place when one entity pretends to be a different entity. o Modification of Messages - some portion of a legitimate message is altered, or messages are delayed or reordered, to produce an unauthorized effect. o Denial of Service - prevents or inhibits the normal use or management of communication facilities.
What is the difference between passive and active security threats?
Passive attacks involve monitoring of a system, and does not include any modification of data on the system being attacked. Active threats will modify data on the system that is being attacked.
Parts of a Symmetric Cipher?
Plaintext - original message that is fed into the algorithm Encryption Algorithm - the encryption algorithm performs various substitutions and transformations on the plaintext Secret key - the secret key is input to the encryption algorithm. The substitutions and transformations performed by the algorithm depend on the key Ciphertext - this is the scrambled message produced as output, depends on plaintext and secret key. Decryption algorithm - the encryption algorithm in reverse. Takes ciphertext and secret key and produces original plaintext.
How does RBAC relate to DAC and MAC?
Role-based access control: controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles. i. Role based access control ii. Based on roles users have & iii. What users with those roles can access
Consider the following general code for allowing access to a resource: DWORD dwRet = IsAccessAllowed(...); if (dwRet == ERROR_ACCESS_DENIED) { // Security check failed. // Inform user that access is denied. } else { // Security check OK. } a. Explain the security flaw in this program. b. Rewrite the code to avoid the flaw Hint: Consider the design principle of fail-safe defaults.
The code checks to see if the access denied error is returned. If it is not, then the security check is ok. This would also let someone in if IsAccessAllowed() fails. Instead, the code should check for success and only allow the user in if access is allowed. DWORD dwRet = IsAccessAllowed(...); If (dwRet = ACCESS_ALLOWED) { //Security check OK. } else { //Security check failed. //Inform user that access is denied. }
Describe the general concept of a challenge-response protocol.
The host generates a random number r and returns it to the user (=challenge). In addition, the host specifies two functions, a hash function h() and another function f() to be used in the response. The user calculates f(r', h(P')), where r' = r and P' is the user's password. When the response arrives, the host compares the incoming result to the calculated f(r, h(P)) and if it matches the user is authenticated. Advantages: Only the hashes of the passwords have to be stored and they do not have to be transmitted directly, so i cannot be captured during transmission. Summary: the computer system generates a challenge, such as a random string of numbers. The smart token generates a response based on the challenge.
Suppose that someone suggests the following way to confirm that the two of you are both in possession of the same secret key. You create a random bit string the length of the key, XOR it with the key, and send the result over the channel. Your partner XORs the incoming block with the key (which should be the same as your key) and sends it back. You check, and if what you receive is your original random string, you have verified that your partner has the same secret key, yet neither of you has ever transmitted the key. Is there a flaw in this scheme?
The scheme is flawed because someone monitoring the system can collect the XOR of the key and random bit string, and the random bit string, then they can recover the secret key.
What is a digital signature?
This is a mechanism in which a message is authenticated, ensuring that the message came from the source that it claims to have come from. This also may help to ensure that the original content of the message or document has been unchanged.
It was stated that the inclusion of the salt in the UNIX password scheme increases the dif- ficulty of guessing by a factor of 4096. But the salt is stored in plaintext in the same entry as the corresponding ciphertext password. Therefore, those two characters are known to the attacker and need not be guessed. Why is it asserted that the salt increases security?
This is because salting increases the amount of time needed to crack a password. It prevents the use of rainbow and hash tables on cracking the password, and can be used more than once for each password.
Suppose H(m) is a collision-resistant hash function that maps a message of arbitrary bit length into an n-bit hash value. Is it true that, for all messages x, x′ with x ≠ x′, we have H(x) ≠ H(x′)? Explain your answer.
This is not true because the function won't be one to one, due to the arbitrary length of the number of inputs. In this case, the same output with have multiple inputs that map to it.
How can public-key encryption be used to distribute a secret key?
You can use a digital envelope to i. Prepare a message ii. Generate a random symmetric key that will be used this one time only. iii. Encrypt that message using symmetric encryption with the one-time key iv. Encrypt the one-time key using public-key encryption with Alice's public key. v. Attach the encrypted one-time key to the encrypted message and send it to Alice.
List and briefly describe the principal physical characteristics used for biometric identification.
a. *Facial characteristics b. *Fingerprints c. *Hand geometry d. *Retinal pattern e. *Iris f. *Signature g. *Voice
Define the terms false match rate and false non-match rate, and explain the use of a threshold in relationship to these two rates.
a. *False match rate: the frequency with which biometric samples from different sources are erroneously assessed to be from the same source. b. *False non-match rate: the frequency with which samples from the same source are erroneously assessed to be from different sources. By moving the threshold, the probabilities can be altered but note that a decrease in false match rate necessarily results in an increase in false non-match rate, and vice versa.
Explain the difference between a simple memory card and a smart card.
a. *Memory Card: Stores but does not process data. b. *Smart Card: Has a microprocessor, different types memory, I/O ports etc. May also have a crypto coprocessor and an embedded antenna.
List and briefly describe the principal threats to the secrecy of passwords?
a. *Offline dictionary attack: The attacker obtains the system password file and compares the password hashes against hashes of commonly used passwords. If a match is found, the attacker can gain access by that ID/password combination. b. *Specific account attack: The attacker targets a specific account and submits password guesses until the correct password is discovered. c. *Popular password attack: A variation of the preceding attack is to use a popular password and try it against a wide range of user Ids. d. *Password guessing against single user: The attacker attempts to gain knowledge about the account holder and system password policies and uses that knowledge to guess the password. e. *Workstation hijacking: The attacker waits until a logged-in workstation is unattended. f. *Exploiting user mistakes: Strict polices force more complicated password and the user is more likely to write it down because it is difficult to remember. An attacker may trick the user or an account manager into revealing a password (also: preconfigured passwords for system administrators are a threat) g. *Exploiting multiple password use Electronic monitoring: If a password is communicated across a network to log on to a remote system, it is vulnerable to eavesdropping."
In general terms, what are four means of authenticating a user's identity?
a. *Something the individual knows: Examples includes a password, a personal identification number (PIN), or answers to a prearranged set of questions. b. *Something the individual possesses: Examples include electronic key-cards, smart cards, and physical keys. This type of authenticator is referred to as a token. c. *Something the individual is (static biometrics): Examples include recognition by fingerprint, retina, and face. d. *Something the individual does (dynamic biometrics): Examples include recognition by voice pattern, handwriting characteristics, and typing rhythm.
List and briefly describe four common techniques for selecting or assigning passwords.
a. *User education b. *Computer-generated passwords c. *Reactive password checking: The system periodically runs its own password cracker and notifies the user if it was able to crack his or her password. d. *Proactive password checking: The user chooses his password based on rules given by the system (eg. at least eight characters long etc.)
In the context of access control, what is the difference between a subject and an object?
a. A subject is an entity capable of accessing objects (eg. User, application, process). i. Subject = User or process b. An object is an entity used to contain information (eg. Records, files, directories) i. Object = Files
What is the difference between an access control list and a capability ticket?
a. An ACL lists users and their permitted access rights i. User list ii. Access rights for each user b. A capability ticket specifies authorized objects and operations for a user. i. List of objects and operations ii. Users that can do each of these
In this problem we will compare the security services that are provided by digital signatures (DS) and message authentication codes (MAC). We assume that Oscar is able to observe all messages sent from Alice to Bob and vice versa. Oscar has no knowledge of any keys but the public one in case of DS. State whether and how (i) DS and (ii) MAC protect against each attack. The value auth(x) is computed with a DS or a MAC algorithm, respectively. a. (Message integrity) Alice sends a message x = "Transfer $1000 to Mark" in the clear and also sends auth(x) to Bob. Oscar intercepts the message and replaces "Mark" with "Oscar." Will Bob detect this? b. (Replay) Alice sends a message x = "Transfer $1000 to Oscar" in the clear and also sends auth(x) to Bob. Oscar observes the message and signature and sends them 100 times to Bob. Will Bob detect this? c. (Sender authentication with cheating third party) Oscar claims that he sent some message x with a valid auth(x) to Bob but Alice claims the same. Can Bob clear the question in either case? d. (Authentication with Bob cheating) Bob claims that he received a message x with a valid signature auth(x) from Alice (e.g., "Transfer $1000 from Alice to Bob") but Alice claims she has never sent it. Can Alice clear this question in either case?
a. Bob will detect this change in both cases because auth(x) will not match x. With DS the data is signed with your private key, and anyone with the public key can check whether the data is authentic. With MAC, the key is used to sign data and is shared between all parties, protecting from modification from those without the key. b. Bob will not detect this, unless the computation of auth(x) included a time-stamp or sequence number. c. Bob will clear the question in either case for both DS and MAC. With DS, Alice has her private key, which matches her public key, which is used by Bob to authenticate x. With MAC, Alice and Bob share the secret key for auth(x), so Oscar's auth(x) will not match the auth(x) calculated by Bob. d. For DS, Alice will clear the question because auth(x) is generated with Alice's private key, and verified by her public key, meaning she is the only one who can generate auth(x). For MAC, Alice will not clear the question because auth(x) is generated and verified with the secret key, and Alice and Bob both have this.
Difference between DAC and MAC?
a. Discretionary access control is controls based on the identity of the requestor and on access rules stating what requestors are or are not allowed to do. i. Discretionary access control ii. Based on identity of requestor and access rules stating iii. What requestors can and can't do b. Mandatory access control: controls access based on comparing security labels with security clearances. i. Mandatory access control ii. Compares security labels with security clearances
List and briefly define three uses of a public key cryptosystem.
a. Encryption/decryption: the sender encrypts the message with the recipient's public key b. Digital signature: the sender signs the message with their own private key c. The two sides cooperate to exchange a session key. There are several approaches, like involving the private key of one or both parties
In the context of biometric user authentication, explain the terms, enrollment, verification, and identification.
a. Enrollment: Each individual who is to be included in the database of authorized users must first be enrolled in the system. b. Verification: The user enters a PIN and also uses a biometric sensor. c. Identification: The individual uses the biometric sensor but presents no additional information.
What properties must a hash function have to be useful for message authentication?
a. H can be applied to a block of data of any size. b. H provides a fixed-length output c. H(x) is relatively easy to compute for any given x, making both hardware and software implementation practical. d. For any given code h, it is computationally infeasible to find x such that H(x) = h. A hash function with this property is referred to as one-way or preimage resistant.
Describe three types of role hierarchy constraints.
a. Mutually exclusive roles: These are roles such that a user can be assigned to only one role in the set. i. Mutually exclusive ii. User can be assigned only 1 role in the set b. Cardinality: This refers to a maximum number with respect to roles. Ex: Set a maximum number of users that can be assigned to a given role. i. Cardinality ii. Max number for roles iii. Ex: Max number of users assigned to a role c. Prerequisite roles: May dictate that a user can only be assigned to a particular role if it is already assigned to some other specified role. i. Prerequisite roles ii. User needs a specific role to be assigned another
List and define the three classes of subject in an access control system.
a. Owner: Creator of a resource (file). b. Group: Group of users may also be granted access rights c. World: Amount of access granted to users who can access the system but are not owners or group.
What are the principal ingredients of a public-key cryptosystem?
a. Plaintext b. Encryption Algorithm c. Public and private keys d. Ciphertext e. Decryption algorithm
Briefly define the four RBAC models of figure 4.9a (see textbook for image)
a. RBAC0: contains the minimum functionality for an RBAC system b. RBAC1: includes the RBAC0 functionality and adds role hierarchies, which enable one role to inherit permissions from another role. c. RBAC2: includes RBAC0 and adds constraints, which restrict the ways in which the components of a RBAC system may be configured. d. RBAC3: contains the functionality of all the other three models
In the NIST RBAC model, what is the difference between SSD and DSD?
a. Static separation of duty relations: SSD enables the definition of a set of mutually exclusive roles. SSD can place a cardinality constraint on a set of roles i. Static separation of duty relations ii. Defines set of mutually exclusive roles b. Dynamic separation of duty relations: DSD limit the availability of the permissions by placing constraints on the roles that can be activated within or across a user's session. i. Dynamic separation of duty relations Places constraints on roles that can be activated within user's session
List and define the four types of entities in a base model RBAC system.
a. User: An individual that has access to this computer system. Everyone has a user ID. b. Role: a named job function within the organization that controls this computer system. c. Permission: An approval of a particular mode of access to one or more objects. d. Session: A mapping between a user and an activated subset of the set of roles to which the user is assigned.
List and briefly define the fundamental security design principles
• Economy of mechanism - the design of security measures embodied in both hardware and software should be as simple and small as possible. • Fail-safe defaults - access decisions should be based on permission rather than exclusion. • Complete mediation - every access must be checked against the access control mechanism. Systems should not rely on access decisions retrieve from a cache. • Open design - the design of a security mechanism should be open rather than secret. • Separation of privilege - a practice in which multiple privilege attributes are required to achieve access to a restricted resource. • Least privilege - every process and every user of the system should operate using the least set of privileges necessary to perform the task. • Least common mechanism - the design should minimize the functions shared by different users, providing mutual security. • Psychological acceptability - the security mechanisms should not interfere unduly with the work of users, while at the same time meeting the needs of those who authorize access. • Isolation - Public access systems should be isolated from critical resources to prevent disclosure or tampering. • Encapsulation - a specific form of isolation based on object oriented functionality. Protection is provided by encapsulating a collection of procedures and data objects in a domain of its own so that the internal structure of a data object is accessible only to the procedures of the protected subsystem and the procedures may be called only at designated domain entry points. • Modularity - the development of security functions as separate, protected modules and to the use of a modular architecture for mechanism design and implementation. • Layering - use of multiple, overlapping protection approaches addressing the people, technology, and operational aspects of information system. • Least astonishment - a program or user interface should always respond in the way that is least likely to astonish the user.