CS 461 Final Exam Study Terms
What are 2 paradigms for IDS'?
Misuse Detection (MD) IDS define "what is abnormal" using attack signtures Traffic that matches an attack signature as attack traffic Anomaly Detection (AD) IDS define "what is normal" using profiles Traffic that does not match the profile as abnormal
What is a rootkit?
Modifies the operating system to hide its existence Modifies file system exploration utilities Makes it hard to detect using software that relies on the OS itself
Describe the difficulties with key size.
Moore's law - 1 bit larger safe size every 18 months need larger values for MACs/PRFs due to birthday attack - if adversary can find any 2 messages with same MAC, then trouble - generate random values, look for coincidence -> O(2^(k/2)) time Upshot - want output of MACs/PRFs to be twice as big as cipher keys
How can we deal with bit errors?
Naive: Given K', find K with brute-force search over low Hamming distance to K' But most programs store precomputed derivatives of K (key schedules) that contain redundancy = error correcting codes Methods that aren't effective: entropy methods (most entropy data isn't key material), data structure analysis (need to know internal software details)
How do you detect metamorphic viruses?
Need to analyze execution behavior Shift from syntax (appearance of instructions) to semantic (effect of instructions) Two stages - AV company analyses new virus to find behavioral signature - AV software on end systems analyze suspect code to test for match to signature
What are some virus infection types?
Overwriting: destroys original code Prepending: keeps original code, possibly compressed Infection of libraries: allows virus to be memory resident (e.g. kernel32.dll) Macro viruses: infects MS office documents, often installs in main document template
What is a block cipher?
- Another approach to confidentiality - functions that encrypt fixed-size blocks with a reusable key - inverse function decrypts when used with same key - not a psuedorandom function because the key always remains the same, not necessarily as the seed for a more random input
Describe the benefits, drawbacks of certificate chains.
- CAs can delegate ability to generate certificates for certain names - intermediates - root CAs signs 'certificate issuing certificate' for delegated authority which can then sign a cert for a website - browser that trusts root can examine certs to establish validity - chain of trust - because each browser trusts set of CAs that can either sign certs for new CAs or for any website or both, if single CA is compromised, then entire system is compromised - place our complete trust in weakest CA
Describe the SMTP protocol and its security properties?
- Client -> mail server source -> DNS server for destination -> mail server destination -> client Security Properties - Confidentiality - active = TLS with Cert Verification, Passive = TLS, peer = --- - authenticity - active = DKIM and DNSSEC, passive = ----, peer = SPF or DKIM - integrity - active = DKIM and DNSSEC, passive = ---, peer = --- Mail Authentication - mail server source -> DKIM signature -> mail server destination -> DNS - retrieve source TXT, domain keys, rsa, DMARC
What steps can the metamorphic virus writer take to avoid detection?
- Delay analysis by taking a long time to manifest behavior - Long time = await particular condition, or even simply clock time - Detect that execution occurs in an analyzed environment and if so behave differently. E.g., test whether running inside a debugger, or in a virtual machine Note: attacker has edge as AV products supply an oracle
What is the threat model for message integrity?
- Don't fully trust the messenger or the network carrying the message - Want to make sure that what the receiver receives is actually what we sent - The adversary can see, modify, forge messages and wants to trick the receiver into accepting a message not sent by the sender
How is RSA used in practice?
- Encryption - use RSA to encrypt random x < N, compute k = PRF(x), encrypt message using symmetric cipher and key k - Signing - compute v = PRF(m), use RSA to sign carefully padded version of v
Why do we need to consider ideas such as Certificate transparency?
- HTTPS provides confidentiality, integrity, authentication but dependent on support PKI and we blindly rely on CAs - large companies have acquired smaller CAs - name constraints, length constraints, trusted for local domain (mail, exchange, intranet - no actual protection against attackers) - need web browsers to coordinate and demand change - important to consider how we help users to move to HTTPS
What are the difficulties that come with static code analysis?
- Imperfect disassembly - Benign optimizations: Constant folding, Dead code elimination, Inline expansion - Intentional obfuscation: Packing, No-ops
What is the threat model for message confidentiality?
- Keep the contents of a message secret from an eavesdropper - sender - uses encryption function with secret key on plaintext to generate cipher text - receiver - uses decryption function with secret key on cipher text to generate plain text
What is Tor?
- Low-latency anonymous communication system in which metadata is hidden and you can hide the existence of communication - Transport layer - allows for TCP connections without revealing your IP address (popular for web connections) made up of volunteer-run nodes, onion routers - Onion routing - arbitrary number of intermediaries (mixes) - as long as mixes are honest, no one can link the source to destination
What are some attacks/issues with Tor?
- Performance - message bounces a lot - Attack: rubber-hose cryptanalysis of mix operators -> Defense: use mix servers in different countries - Attack: adversary operates all of the mixes -> Defense: have a lot of mix servers - Attack: adversary observes time of send & receive -> side channel attack exploiting timing information -> Defense: pad messages and introduce significant delays - Issue: traffic leakage -> if HTTP/HTTPs traffic goes through Tor but the rest of the traffic doesn't, you can be deanonymized because DNS logs can show who looked up the website just before connection to web server arrived - Correlative information -> risk of deanonymization
What are the benefits of dynamic analysis?
- Sometimes easier to just see what code does - Unpacking - just let the code unpack itself and debug as normal - most debuggers have in-built disassemblers anyway - can always combine static and dynamic analysis
What is Heartbleed?
- TLS Heartbeat extension - vulnerability exposed private cryptographic keys, logins, other private user data - potentially affected any service that used OpenSSL for TLS - Send over a heading of information - - 01 | length | bytes | random padding - - get that similar thing back but with 02 - server trusts user provided length field and echoes back memory contents following request data - Patching wasn't enough - cryptographic keys can also be stolen so recommended replace keys, revoke vulnerable certs and deploy perfect forward secrecy
What is the timeline of a DDOS attack?
- a large set of machines are compromised - attacker identifies exploitable hosts with scanners, other techniques - attacker accesses system with automated remote exploits, sniffers, password cracking, worms, trojans - attacker installs attack tools - attacker remotely instructs compromised machines to attack target
Describe the Merkle-Damgard Construction.
- arbitrary length input, fixed length output - we add padding to our original message and split into blocks - We start with an initialization vector and for each block, hash consecutively, using the previous block to hash the next block, until we get a fixed size output
What is a router?
- bridges 2+ networks - operates at network layer - maintains tables to forward packets to appropriate network - fowarding decisions based soley on destination address
How is an encrypted SSL session generated?
- browser generates symmetric session key, encrypts it with server's public key, sends encrypted key to server. - Using private key, server decrypts session key. - Browser, server know session key - All data sent into TCP socket on either side is encrypted with the session key
What are some attacks on RSA?
- brute force - trying all possible private keys - mathematical attacks - factoring - timing attacks - using the running time of decryption - hardware-based fault attack - induce faults in hardware to generate digital signatures - chosen ciphertext attack
What are the requirements for a secure public key cryptography system?
- computationally easy for B to generate a key pair - computationally easy for sender A to generate the ciphertext for message M - computationally easy for receiver B to decrypt the ciphertext - computationally infeasible to guess the private key knowing the public key - computationally infeasible to recover M from public key and cipher text
What is code injection?
- confusing data with code - programmer thought user would supply data but instead got (and unintentionally executed) code - common and dangerous class of vulnerabilities - Shell injection, SQL injection, Cross-site scripting, control-flow hijacking (buffer overflows)
What is the threat model for this risk?
- controls infrastructure - routers, DNS, wireless access points - passive attacker: only eavesdrops - active attacker: eavesdrops, injects, blocks, and modifies packets - does not protect against intruder on server, spyware on client, SQL injection, XSS, CSRF
What is SSL/TLS?
- cryptographic protocol - most important as almost all encrypted protocols except SSH use it for transport encryption - lives between application and transport layers - goals - confidentiality (symmetric crypto), message - integrity (HMACs), authentication (public key crypto)
What is the general premise behind public key cryptography?
- different from symmetric key crypto where the encryption key = decryption key - keep a key-pair - private key and public key
Why is key management hard?
- each key should only have one purpose - vulnerability increases the more you use a key, the more places you store it, the longer you have it - keep your keys far from the attacker - protect yourself against compromise of old keys - forward secrecy - learning old key shouldn't help adversary learn new key
How is invalidation of a certificate usually handled?
- expiration date of certs - invalidation itself - if CA's secret key leaked, we may not be able to trust old certs from that CA - if invalid, browser stops executing
What is Pond?
- forward secure asynchronous messaging system - seeks to protect against leaking traffic information against all but a global passive adversary - messages expire automatically after 1 week
What are the characteristics of a hard link?
- from a directory to a file - the same file can have hard links from multiple directories, each with its own filename but all sharing owner, group, and permissions - file deleted when no more hard links to it
What are the characteristics of a symbolic link?
- from a directory to a target file or directory - stores path to target, which is traversed for each access - the same file or directory can have multiple symlinks to it - removal of symlink does not affect target - removal of target invalidates (but not removes) symlinks to it - windows shortcut, mac alias
What is a pseudorandom permutation?
- function from n-bit input to n-bit output such that distinct input -> distinct output - practically indistinguishable from a random permutation without secret k
What are the properties of block ciphers?
- highly nonlinear ("confusion") - mixes input bits together ("diffusion") - depends on the key
What are self-signed certificates?
- issuer signs their own certificate - avoids CA fees, useful for testing - browsers display warnings that users have to override - protects against passive attacker only
What happens in the browser to verify certificates?
- lock - https cert issued by CA trusted by browser, cert is valid, common name in cert matches domain in URL - extended validation certificates: CA does extra work to verify identity - invalid cert warnings
How do you protect against cross-site scripting?
- make sure data gets shown as data, not executed as code (escape special characters - depending on context of data presented) - frameworks can let you declare what's user-controlled data and automatically escape it
What are some benefits of a VPN?
- makes separate IP sites look like one private IP network - Security - Bandwidth guarantees across ISP - Simplified network operation -- ISP can do the routing for you
What is RSA?
- pick large random primes p and q - N = pq - pick e to be relatively prim to (p-1)(q-1) - find d such that ed mod (p-1)(q-1) = 1 - public key is (e, N), private key is (d, N) - To encrypt - E(x) = x^e mod N, To decrypt - D(x) = x^d mod N - best way to compute d from e is factoring N into p and q - best known algo is general number field sieve
What is a MAC address?
- predefined with network interfaces - 48-bit number usually in hex - 1st 3 octets - IEEE-assigned organizationally unique identifiers - next 3 can be assigned by organizations as they please as long as unique - utilize MAC addresses to identify computers on network - MAC address can be reconfigured by network interface driver software
What are certificates?
- public key with SHA-256 hash belongs to a certain site - signed by a trusted authority, serves as a digital signature - browsers trust a specific set of certificate authorities as root CAs and are shipped with public keys of the root CAs
What is a One-time Pad?
- sender and receiver jointly generate a secret of very long, string of random bits - encrypt - c = p xor k, decrypt - p = c xor k for every index you should never reuse any part of the pad - - if pad bit is ki, and adversary learns a xor ki, b xor ki, then the adversary can xor those to get a xor b, which is useful - provably secure because long string of random bits makes it hard to guess and break - usually impractical because where are you going to get this long string very cheaply
For message confidentiality, how can a PRG/stream cipher be a solution for it?
- start with shared secret key k - sender, receiver each use k to seed the PRG - to encrypt, sender xors next bit of generator's output with next bit of plaintext - to decrypt, receiver xors next bit of generator's output with next bit of ciphertext - don't reuse the key or the generator output bits
What is Shellshock?
- stored bash shell script - #!program tells bash to pass the rest of the file to program to be executed - dynamic web content generation - web server receives HTTP request -> server runs program to generate response -> program output sent to browser Vulnerability - function definitions are passed as environment variables that begin with () - error in environment variable parser -> executes garbage after function definition - any environment variable can contain a function definition that the Bash parser will execute before it can process any other commands - Environment variables can be inherited from other parties, who can thus inject code that Bash will execute Web server exploit - send web server an HTTP request for a script with an HTTP header such as HTTP_USER_AGENT set to '() { :;}; echo vulnerable' - when bash runs the script it will evaluate the environment variable HTTP_USER_AGENT and run the echo command
What is a pseudorandom generator and what will make a PRG secure?
- takes a small seed that is really random and generates a long sequence of numbers that are as good as random - secure if it's indistinguishable from random. Basically, no winning strategy for the adversary other than repeated guessing.
What is a network interface?
A device connecting a computer to a network (such as an Ethernet card / WiFi adapter) that transmits packets.
Describe web-based malware, it's trends and how users can be subject to installing it.
- to compromise browser, need to compromise web server - malicious website automatically installs malware on visitor's computer usually via exploits in browser or other software in the client without consent - ceding control to 3rd party could be security risk - web server security: compromise web server and change content directly - many vulnerabilities, templating system - advertising - by definition ceding control of content to another party - sub-syndication allows delegation of advertising space - trust is not transitive - third-party widgets - can lead to malware downloads - trends: avoiding detection - obfuscating exploit code itself, distributing binaries across different domains, continuously re-packing binaries exploiting software - to install malware automatically when user visits a web page - exploit browser flaws or automatically launch external programs and extension - i.e. drive-by-download - Tricking the user - increase of exploitation over time, installed malware allows for remote control - observed botnet like structures - - pull-based - frequently checking for new commands, observed user agents like DDoSBotLoader, binary updates can be interpreted as command & control conclusion - web-based malware is a real problem - millions of potentially infected users - automatic detection of malicious web pages to secure web search results - 4 areas of content control - authored, user-based, ads, 3rd party widgets - observed botnet-like structures
How is certificate verification usually handled?
- typically domain verification - just an email based challenge to the address in the domain registration records (or some default email address) - minimally secure - cert has an expiration date
Why is it easy to hack the network?
- unencrypted transmission - eavesdropping possible at any intermediate host during routing - no source auth - sender can spoof source address - no integrity checking - entire packet, header, payload can be modified en route to destination - content forgery, redirection, man-in-the-middle - no bandwidth constraints - large number of packets can be injected into network to launch a denial-of-service attack
What are the 4 different types of "nymity"?
- verinymity - can verify a person through credit card #s, driver's license, address - pseudonymity - pen names, blogs - linkable anonymity - loyalty cards, prepaid phones - unlinkable anonymity - paying in cash, Tor
What are the difficulties of dynamic analysis?
- we are now executing potentially malicious code - use an isolated virtual machine - anti-debugging: mechanism that detects debugger and [exit | crash | modify behavior], isDebuggerPresent(), INT3 scanning, timing, VM-detection, pop ss trick, etc. - anti-anti-debugging can be tedious
What risk does Javascript sandboxing protect against?
- we don't want malicious sites to be able to trash my -files/programs on my computer - shouldn't infect my computer with malware, read or write my files Defense: Javascript is sandboxed - try to avoid security bugs in browser code, privilege separation, automatic updates
How do page tables function?
- x86 page tables entries are dense and trusted - control access to physical memory, bit flip in physical page number can give process access to a different physical page - A page table is a 4k page containing an array of 512 PTEs - Each PTE is 64 bits containing among other things a Physical Page Base Address
How are ports classified?
0 - 1023 - reserved by known protocols 1024 - 49151 - known as user ports - should be used by most user programs for listening to connections and the like 49152 - 65535 - private ports used for dynamic allocation by socket libraries
What is the procedure for DNS caching?
1) query yourdomain.org 2) receive reply and cache at local NS and host 3) use cached results rather than query the answer 4) evict cache entries upon ttl expiration
How does the handshake for an encrypted communication channel (that is symmetric) go?
1. Client: hello + supported protocols + random 2. server: hello + chosen cipher + server's random - certificate: X509 - public key + proof - random is encrypted and/or signed (verify actually the person sending it out) Cipher suite: Diffe Hellmann Exchange - Ephemeral key exchange, RSA - key exchange, AES256 - Data transfer cipher, SHA - message digest 3. client: client key exchange - encrypted (secret) - change cipher spec
How does the WEP data encryption work?
1. Host/AP share 40 bit symmetric key (semi permanent) 2. Host appends 24-bit initialization vector (IV) to create 64-bit key 3. 64 bit key used to generate stream of keys, kiIV 4. kiIV used to encrypt ith byte, di, in frame: ci = di XOR kiIV 5. IV and encrypted bytes, ci send in frame
Describe the Diffie-Hellmann key exchange.
1. Sender and receiver agree on shared mods p, g both generate random secret values a, b 2. Send g^a mod p, g^b mod p to each other computes x and x' - x = (g^b mod p)^a mod p = g^ba mod p - x' = (g^a mod p)^b mod p = g^ab mod px 3. The best approach to doing passive eavesdropping is to find out a or b, then compute x.
How can the WEP encryption be broken?
1. The hole is that with 24 bit IV and one IV per frame, IV's are eventually reused 2. IV is transmitted in plaintext so the IV reuse can be detected 3. Now Trudy causes Alice to encrypt a known plaintext d1 d2 ... dn 4. Trudy will see the encrypted ci = di XOR kiIV 5. Trudy can compute kiIV 6. Now Trudy knows encrypting key sequence 7. So next time Trudy sees a repeat IV, she can decrypt
What are the 4 steps of AES?
1. non-linear step - run each byte through a non-linear function 2. shift step - circular shift each row - ith row shifted by i 3. linear-mix step - treat each column as a 4-vector; multiply by a constant invertible matrix 4. key-addition step - XOR each byte with corresponding byte of round subkey
What is MAC flooding?
A link-layer attack. send a flood of traffic with random MAC addresses, fill up switch memory -> forward packets to all links on switch
What is ARP spoofing?
A link-layer attack. send fake ARP replies to change victim's ARP table -> attacker configures his/her system to forward any traffic it receives to the router -> any traffic from target machine is sent to attacker's machine before being transferred to the local network
What is ESP?
A protocol that: - provides secrecy, host authentication, data integrity - data, ESP trailer encrypted - next header field is in ESP trailer. - ESP authentication field is similar to AH authentication field - Protocol = 50 - | IP header | ESP header | TCP/UDP segment | ESP trailer | ESP authent. - Between ESP header and trailer (inclusive) is authenticated - Between the segment and trailer (inclusive) is encrypted
How is a network modeled?
A network is modeled using a stack of layers. Higher layers use the services of lower layers via encapsulation. A communication channel between two nodes is established for each layer.
What is IP spoofing?
A network layer attack. attempt by an intruder to send packets from one IP address that appear to originate at another if server thinks it is receiving messages from the real source after authenticating a session, it could inadvertently behave maliciously
What does a packet consist of?
A packet consists of control information for addressing the packet (a header and footer) and data (the payload).
What is a botnet?
A servant process on a compromised system usually installed by a trojan, though worms have evolved to install bots as well communicates with a handler or controller, often running on public IRC servers or other compromised systems almost always unbeknownst to the system's owner a botmaster or botherder commands bots to perform any of an array of different functions systems of bots and controllers is referred to as a botnet or zombie network
What is ARP?
Address Resolution Protocol mapping between IP and MAC dynamically established with this protocol broadcast protocol, link layer, layer 2.5 protocol, used by other link layer protocols who-has requests, is-at replies no binding between ARP message and sender identity - no auth
What is ASLR and how does it work/how can you still exploit with shellcode?
Address Space Layout Randomization. address of local variables gets randomized, but if you know the range that it gets randomized, you can still execute code by placing nops and just having it return to a nop which would then execute the function
For block ciphers, AES is the most common one used. What is it?
Advanced Encryption Standard variable key size and block size, 10 rounds - splitting k into 10 subkeys, performs set of operations 10 times with different subkey
What is adware?
Adware software payload → Adware engine infects user's computer → adware engine requests advertisement from adware agent → adware agent delivers ad content to user
How can you build a secure channel using public key cryptography?
Always encrypt then add integrity Use separate keys for confidentiality and integrity - need 2 shared keys, have one - use PRG - if there's a reverse channel, use separate keys for that as well
What are the different Internet Layers from top to bottom?
Application > Transport > Network > Link > Physical
What are the implications of row hammer?
Breach of memory protection - OS page fits inside DRAM row so the adjacent DRAM row holds a different OS page Vulnerability: disturbance attack - by accessing its own page, a program could corrupt pages belonging to another program
What is a cold-boot attack?
Attack: attacker might reboot the machine to circumvent the OS The assumption is that the encryption is strong and the OS protects the key in RAM, which would be lost if the machine reboots However, dynamic RAM does not instantaneously encounter data fade after power is cut. Instead, it's gradual, unidirectional, and predictable. Thus, residual data can be captured easily however, if booting full OS, overwrites large areas of RAM
What is AH?
Authentication header protocol. provides source authentication, data integrity, no confidentiality. AH header inserted between IP header, data field. protocol field: 51. intermediate routers process datagrams as usual
What is the procedure for row hammer?
Avoid cache hits - flush X from cache Avoid row hits to X - read Y in another row
How do you defend against insider attacks?
Avoid single points of failure Use code walk-throughs Use archiving and reporting tools Limit authority and permissions Physically secure critical systems Monitor employee behavior Control software installations
What is DNS cache poisoning?
Basic idea: give DNS servers false records and get it cached DNS uses a 16-bit request identifier to pair queries with answers Cache may be poisoned when a name server: - disregards identifiers - has predictable ids - accepts unsolicited DNS records
What is the protocol for Internet inter-AS routing?
Border Gateway Protocol
What are the steps to verifying a certificate when connecting to a site?
Browser knows public key of certificate authority certificate authority keeps secret key of it secret 1. server chooses a secret and public key - the public key is proof of server integrity 2. certificate authority checks, signs certificate with secret key of certificate authority 3. server keeps certificate on file and sends it to browser 4. browser verifies signature on cert.
What are some ways to get malware onto a machine?
Buffer overflow in network-accessible vulnerable service Vulnerable client (e.g. browser) connects to remote system that sends over an attack (a driveby) Social engineering: trick user into running/installing "Autorun" functionality (like that of plugging in a USB device) Slipped into a system component (at manufacture; compromise of software provider; substituted via MITM) Attacker with local access downloads/runs it directly Backdoors - a hidden feature or command that allows a user to perform actions he/she would not normally do, if hidden feature is activated, program does something unexpected and usually violated security policies
What are registers?
Built in variables of the CPU Some general purpose ones: eax, ebx, ecx, edx, edi, esi
What is a null-termination attack?
C-style vs. Pascal-style strings if null character gets copied into browser and there's a malicious url tacked on behind a valid url with the null character, attacker gets a cert for the valid url
What is a Caesar Cipher and how can you break it?
Caesar Cipher - replace each letter with one a fixed # of places down the alphabet - can break by trying all 26 possibilities (brute force) and then use frequency analysis of the language in question to see if message is one that makes sense
What is a buffer overflow?
Can overwrite certain areas of the stack so that when popped, you don't get expected behavior
What is the difference between circuit switching and packet switching?
Circuit switching - legacy phone network - single route through sequence of hardware devices established when 2 nodes start communicating - data sent along route - route maintained until communication ends Packet switching - internet - data split into packets - packets transported independently through network - each packet handled on a best efforts basis - packets may follow different routes
What is the current way of dividing an IP address into its host and network?
Classless Interdomain Routing - allow division between network and host portion on any bit boundary, more efficient use of address space, allows division/aggregation of sub-assignments, networks now identified by network address and length of network portion, hosts identified by address and network mask
What are 2 different types of threats for web security?
Client-side - attacks target browser security weaknesses -> malware installation, document theft from corporate network, loss of private data server-side - runs at web site - XSS, CSRF, SQL injection
What are some potential attacks / damages of the public cloud computing model?
Cloud cartography - map internal infrastructure of the cloud and use this map to locate targets in the cloud (Placement vulnerability - attackers can knowingly achieve co-residence with the target) Checking for co-residence - check that the VM is on the same server as target based on network-based co-residence checks ro efficacy confirmed by covert channels Achieving co-residence - brute forcing placement, instance flooding after target launches Location-based attacks - side-channels, DoS, escape-from-VM
What is access control and what are the 3 different kinds?
Collection of methods and components that supports confidentiality and integrity Goal: allow only authorized subjects to access permitted objects Least Privilege Philosophy - a subject is granted permissions needed to accomplish required tasks and nothing more define rules for users accessing files or devices Mandatory Access Control - restrictive scheme that does not allow users to define permissions on files, regardless of ownership - instead security decisions are made by a central policy administrator - common implementation: rule-based access control, subject demonstrates need-to-know in addition to proper security clearance, need-to-know indicates that a subject requires access to object to complete a particular task - Security-Enhanced Linux (SELinux) incorporates mandatory access control Discretionary Access Control - scheme where users are given the ability to determine the permissions governing access to their own files (users and groups, allow users to grant privileges on resources to other users on the same system) - most common design in commercial OS - generally less secure than mandatory control but easier to implement and more flexible Role-based access control - evolution of the notion of group-based permissions in file systems - defined with respect to an organization (such as company), a set of resources (such as documents), print services and network services, and a set of users (such as employees, suppliers, and customers). - Users a subject's role or task to grant or deny object access
What are the 3 options available to defend against these processes?
Completely kernel space - ptrace - process tracing, wakes up when pid makes sys call - - monitor kills application if request is disallowed - - if app forks, monitor must also fork with forked monitor monitoring forked app - - if monitor crashes, app must be killed - - monitor must maintain all OS state associated with app - - not well suited because trace all system calls or none - - monitor cannot abort sys-call without killing app - - race condition of symlinks (time-of-check/time-of-use) Completely user space Hybrid - Systrace - only forwards monitored sys-calls to monitor, resolves sym-links and replaces sys-call path args by full path to target - if execve called, monitor loads new policy file - systrace can auto-generate policy by learning how app behaves on good inputs and if doesn't cover, ask user (hard)
What is a virus?
Computer code that can replicate itself by modifying other files or programs to insert code that is capable of further replication
What is the Internet Protocol?
Connectionless - packet is transported independently from other packets - delivery on best effort basis, no acknowledgement, unreliable, packets may be lost, reordered, corrupted, or duplicated IP Packets - encapsulate TCP or UDP packets, encapsulated within link-layer frames
What is a booter?
DDoS as a service. Instead of setting their own DDoS attacks, people can essentially purchase them online in an industry that's become commoditized. A subscription based service coming with tiered pricing, easy to use website interface, and ability to DDoS webservers. On the client side it's a really simple web interface form where you just enter the parameters
What kinds of attacks do booters tend to use?
DNS amplification attacks
What is an encrypted virus / how does it work?
Decryption engine + encrypted body Randomly generate encryption key Detection looks for decryption engine
What are 2 types of entry that physical security tries to protect against?
Destructive entry - involves using force to defeat physical security - negative impact on IT resources is apparent - remediation steps also obvious Nondestructive entry - compromises security without leaving signs of a breach - defeats intrusion detection - greater and long-term threat
What is a metamorphic virus?
Different virus bodies Approaches include code permutation and instruction replacement Challenging to detect Every time the virus propagates, generate semantically different version of it! - Different semantics only at immediate level of execution; higher-level semantics remain same - Include with the virus a code rewriter: Inspects its own code, generates random variant such as renumber registers, change order of conditional code, reorder operations not dependent on one another, replace one low level algorithm with another, Remove some do-nothing padding and replace with different do-nothing padding ("chaff")
What attacks are made possible at the network layer?
DoS, session hijacking, man in the middle
What is the DOM?
Document Object model (also known as DOM tree) platform, language-neutral interface allowing programs and scripts to dynamically access and update the content, structure, and style of documents
What is DNS?
Domain Name System distributed database implemented in hierarchy of many name servers application-layer protocol host, routers, name servers to communicate to resolve names (address/name translation)
What is Kerckhoff's Principle?
Don't rely on secret functions because if the function is found out, we have to create an entirely new function and that is a lot of work / really hard. Use a secret key, to choose from a function family. If the key is found out, then we know that we can replace it.
What are the phases of a virus?
Dormant phase: virus just exists, lays low and avoids detection Propagation phase: During this phase, the virus is replicating itself, infecting new files on new systems Triggering phase: some logical condition causes to virus to move from an earlier phase to perform its intended action Action phase: the virus performs the malicious action that it was designed to perform, called payload
What is a polymorphic virus?
Encrypted virus with random variations of the decryption engine (e.g., padding code) Detection using CPU emulator [decryptor -- key -- encrypted glob] → [decryptor -- key -- main virus code -- encryptor] → [decryptor -- key -- different encrypted glob] Once running virus uses an encryptor with a new key to propogate. New virus instance bears little resemblance to original
What are the different types of VPNs?
End to end VPNs solves problem of how to connect remote hosts to a firewalled network Customer-based Network VPNs: customer buys equipment, configures tunnels over the global internet, manages addressing and routing. ISP plays no role Provider-based Network VPNs: provider manages all the complexity of the VPN. Customer simply connects to the provider equipment
Based on the procedure for connecting via Tor, what is the current trust model? AKA, what does each machine know?
Entry node: knows source is using Tor and identity of middle node, but not destination. Exit node: knows some Tor user is connecting to destination, but doesn't know which user Destination: knows a Tor user is connecting to it via exit node
What does the Physical Internet Layer consist of?
Ethernet, Fiber Optics, Wi-Fi
True/False - Public key encryption is a general purposes technique that has made symmetric encryption obsolete
False. Speed/block size are some advantages of symmetric encryption.
True/False - Key distribution is trivial when using public-key encryption, compared to the cumbersome handshaking involved with key distribution centers for symmetric encryption.
False. Somewhere in this process, you have to obtain the public key Key distribution problem has not gone away
True/False - Public key encryption is more secure than cryptanalysis than symmetric encryption.
False/We don't know. Cryptanalysis - trying to break a property of the crypto system Both have hard problems - we don't know how hard they are Having k in symmetric, you have everything, but in public-private key, having one doesn't necessarily mean it's advantageous
Which kind of ports are more often attacked?
Gaming
What is an Access Control List?
For an individual resource, an Access Control List is a sorted list of zero or more Access Control Entries ACEs refers and specifies that a certain set of access (R, W, EXEC) to resources is allowed or denied for a user or group
What are some desirable communication properties for an OTR conversation?
Forward secrecy: even if key material is compromised, past messages should be safe Deniability: ability to deny having sent a message - Deniable authentication: be confident of who you are talking to, but unable to prove to a third party what was said
Give an example of an HTTP Request that is sent by a browser to a web server.
GET /index.html HTTP/1.1 - GET - method - /index.html - file - HTTP/1.1 - HTTP version
What is the goal of the kernel exploit with row hammer and how is it achieved?
Goal is to utilize bit flip(s) to give access to all of physical memory - when mapping a file with read-write permissions, there is indirection that occurs via page tables - if done repeatedly, several virtual pages will map to same page in physical memory via PTEs in physical memory that help resolve virtual addresses to physical pages - Therefore, we can fill the physical memory with PTEs that point to pages in the same physical file mapping - If a bit in the right place in the PTE flips, the corresponding virtual address now points to a wrong physical page which could contain a page table itself. - An attacker that can read/write page tables can use that to map any memory read-write
Give an example of an HTTP Response that is sent back from a web server to the browser.
HTTP/1.1 200 OK - HTTP/1.1 - HTTP version - 200 - Status code - OK - Reason phrase Headers - Date, Server, Last-Modified, Content-Length, Set-Cookie, Content-Type Data - HTML
What is the best solution for message integrity?
Hash-based MAC (HMAC) - HMAC-SHA256 - SHA256 - cryptographic hash function: input arbitrary length data -> output of 256 bits, built with a compression function that is designed to be super hairy
What are some malware defenses?
Have signature scans - scan compares the analyzed object with a database of signatures - signature = virus footprint (string with sequence of instructions specific to each virus) - a file is infected if there is a signature inside its code - all the signatures together create the malware database white/black listing - maintain database of cryptographic hashes for Operating System files, popular apps and known infected files - compute hash and look up in database need to protect the integrity of the db heuristic analysis - useful to identify new and "zero day" malware based on instructions, can determine whether it is malicious or not - emulates execution by running the code in an isolated emulation environment, monitoring the actions that the target file takes and if the actions are harmful, marks it as a virus - tends to have false alarms Good labeling system properties - consistency - identical items must and similar items should be assigned same label - completeness - label should be generated for as many items as possible - conciseness - labels should be sufficient in number to reflect unique properties of interest, while avoiding superfluous labels
What is another solution for message integrity?
Having a secure PRF and using a random k known only to the sender and receiver - We still compute a value v = fk(m) for the sender to attach to message m - The receiver still needs to verify v' = fk(m') and accept iff this is true - The important assumption is that k is shared only between sender and the receiver - We're not sure if secure PRFs exist though.
What are the 2 types of IP addresses?
IPv4 (32-bit) and IPv6 (128-bit)
How can we detect a polymorphic virus and what are some issues that come along with it?
Idea #1: use narrow sig. that targets decryptor - Less code to match against, more false positives - Virus writer spreads decryptor across existing code Idea #2: execute (or statically analyze) suspect code to see if it decrypts! - Legitimate "packers" perform similar operations (decompression) - How long do you let the new code execute? - If decryptor only acts after lengthy legit execution, difficult to spot
What is the development cycle for a worm?
Identify vulnerability still unpatched Write code to - Exploit vulnerability - Generation of target list: Random hosts on internet, Hosts on LAN, Divide-and-conquer - Install and execute payload - Querying/reporting if host is infected Initial deployment on botnet Worm template - Generate target list For each host on list: Check if infected, Check if vulnerable, Infect, Recur Distributed graph search algorithm - forward edge: infect - back edges: already infected or not vulnerable
What are some techniques to still execute code with hard to guess addresses?
If you have a hard to guess address, you can usually still execute your code via a padding of nops at the beginning. That way, if you end up at a nop, you can just fall right through to the shellcode itself. The x86 call instruction also supports relative addresses, as well as jump. So we can have a bunch of nops, and then a jump instruction that tells us to go to a certain function, which then calls another function, which executes the shellcode. This way, we don't need to know where the function is exactly in memory.
What are 2 types of wireless networks?
Infrastructure networks - client machines establish a radio connection to special network device = access point (connected to wired network which provides gateway to internet) Peer-to-peer networks - multiple peer machines connect to each other, used in ad-hoc and connection sharing
What are some UI interface based attacks and defenses?
Invalid certificates - defense: browser warnings, anti-usability to bypass Picture-in-picture attack - spoof the UI, attacker page draws fake browser window with lock icon - defense: individualized images
How can you defend against stealth malware?
Lie detector check - Goal: detect stealth malware that hides processes and network activity - VMM lists processes running in GuestOS - VMM requests GuestOS to list processes - if mismatch: kill VM Application code integrity detector - VMM computes hash of user app code running in VM - Compare to whitelist of hashes - Kills VM if unknown program appears Ensures GuestOS kernel integrity - detect changes to sys_call_table Virus signature detector - run virus signature detector on GuestOS memory
What does the stack look from top to bottom for a main function that calls a function foo?
Local variables -- SP Main's FP -- FP <<< associated with foo() return address function args Local variables <<< associated with main()
What is the history of a DDOS attack?
Locally-induced crash - exploit OS or server software bug local resource consumption - fork() bomb, fill disks, deep directory nesting Deny service to individual hosts - force crash or outage of critical services Remotely-induced crash - "magic" packets - ping of death, teardrop remote resource consumption - syslog, SYN, fragment flood, UDP storm Deny service to an entire network - target vulnerable links or critical network infrastructure / information remotely induced network outage - attacks against routers, DNS servers, redirected routes - forged routing information Remote network congestion - forged directed broadcasts - smurf, fraggle, remote control of compromised hosts ('zombies') for coordinated flooding
What purpose does a VPN serve?
Making a shared network look private because Private networks have advantages but building private networks is expensive
Why do people decide to go through reverse engineering, even though it could be time-costing?
Malware analysis Vulnerability or exploit research Check for copyright/potent violations Interoperability (understand a file/protocol format) Copy protection removal
What is a Trojan Horse?
Malware program that appears to perform useful task, also does something with negative consequences Can be installed as part of the payload of other malware, but often installed by user or administrator, either deliberately or accidentally
What is a worm?
Malware that spreads copies of itself without the need to inject itself in other programs, and usually without human interaction
What attack is Diffie-Hellmann privy to?
Man in the Middle Attack - You can do DH exchange with the adversary and you can still get the same values / messages, so it can seem like you're talking to the other end, but really, you're talking to the adversary - DH gives secure connection, but you don't know who's at the other end
What are the 3 categories of security controls?
Management (Administrative) Controls - Policies, standards, processes, procedures, guidelines Physical Controls - Physical security (facility or infrastructure protection) - structured barriers - perimeter structure, walls and fencing (specific gauge and fabrication specifications, specify height or need for "top-guard") - entry points Technical (logical) controls - access controls, identification & authorization, confidentiality, integrity, availability, non-repudiation
What is a MAC and how is it computed?
Message Authentication Code Using a function that both the receiver and the sender know and only they know, compute a value v = f(m) to be appended to the message contents. Then, sending over the message + value, the receiver can then verify that the message is from the sender if and only if v' = f(m') where v' and m' are the received value and message from the messenger. This function should be easily computable by sender, receiver, but not computable by adversary. If adversary were to learn what it is, then we are doomed.
What is IPSec?
Network layer secrecy - sending host encrypts the data in IP datagrams Network layer authentication - destination host can authenticate source IP address
How can the attacker take advantage of a hibernating machine?
OS stores contents of memory into hibernation file - attacker can copy hibernation file to discover unencrypted passwords stored in memory
Where can we obtain true randomness?
Obtained by gathering a lot of details about the computer that the adversary would have trouble guessing - like keyboard presses, mouse clicks, etc. - /dev/random - blocks until sufficient - /dev/urandom - PRG output, nonblocking, seeded from /dev/random eventually
What are the differences between stateless and stateful firewalls?
Original firewalls are stateless - Maintain static filter list, but no per flow state - For TCP, only look at SYN, means that no-SYN TCP packets are allowed even if should be blocked - No concept of conversation Modern firewalls are typically stateful - Maintains dynamic list of all allowed flows - Better capability, harder to scale
What is PGP?
Pretty Good Privacy - Lets you hide email content via encryption by having hybrid encryption to conceal messages as well as digital signatures on messages (hash-then-sign) - Each user has a public encryption key, paired with privacy decryption key, as well as a private signature key, paired with a public verification key - To send a message, sign with signature key, encrypt message and signature with recipient's public encryption key - To receive a message, Decrypt with private key to get message and signature, use sender's public verification key to check signature - Hard problem of obtaining the public key - verification using out-of-band communication, Web of Trust, or use fingerprints (cryptographic hashes of keys) - Hard problem of just encryption - if Bob's machine is compromised, get all key material and sender's signature (identity)
How can you achieve privilege escalation with this kernel exploit?
Privilege Escalation Steps - Allocate a large chunk of memory - Search for locations prone to flipping - Check if they fall into the "right spot" in a PTE for allowing the exploit - Return that particular area of memory to the operating system - Force OS to re-use the memory for PTEs by allocating massive quantities of address space - Cause the bitflip - shift PTE to point into page table - Abuse R/W access to all of physical memory
What is a covert channel?
Processes on different VMs sharing a L2 cache can covertly communicate by manipulating cache content - The sender writes and then sleeps. - The receiver busy loops until the CPU counter hits big jump assuming sender and receiver share the same physical CPU - However, 2 CPUs may not share L2 Cache (counter trick works only on shared CPU)
What are logic bombs?
Program that performs malicious action as a result of a certain logic condition
What is the lifecycle of a worm?
Propagation: to recruit new members, bots rely on an array of built-in propagation vectors. Communication: after a new infection, a bot establishes a C&C connection with a controller Attacks: malicious bots attack internet users and infrastructure
What are 2 cryptographic methods for HTTPS key exchange?
RSA key exchange - use RSA for encryption to achieve confidentiality Ephemeral Diffie Hellamn - use RSA for signature to achieve authentication RSA is simpler, EPH is more work EPH - forward secrecy is guaranteed generate 4 keys - public private, confidentiality + integrity
What are some possible candidates for MACs?
Random function - Arbitrary size input -> fixed size output, defined by giant lookup table that's filled in by doing random action - Completely impractical because it's really hard to generate true randomness / hard to come by, and also the lookup table will be gigantic - Provably secure because it makes it very very very hard to guess the output or input Psuedorandom function - Have a big family of functions that are all known to the adversary - Have k be a secret value known only to sender/receiver and chosen randomly - this is the key and we'll choose the function associated with this key, fk - A psuedorandom function is secure if the adversary has no advantageous strategy other than just random guessing. It will be indistinguishable in practice from a random function unless k is known.
Why do we prefer pseudorandomness to randomness?
Randomness - hard to achieve because we depend on the output of a physical process that is inherently random
What is the key component to the implementation of confinement?
Reference Monitor mediates request from applications by implementing protection policy and enforcing isolation and confinement must always be invoked - every application request must be mediated tamperproof - reference monitor cannot be killed or if killed, then monitored process is killed too small enough to be analyzed and validated Example: chroot - used for guest accounts -> prevents access to apps within jail Jailkit - all utility programs must live inside jail - so jailkit exists to autobuild files, libraries, and directories needed within jail environment chroot should only be executable by root, but there were abilities to escape that via relative paths coarse policies - all or nothing access to parts of file system and inappropriate for apps that need read access to files outside their "jail" does not prevent malicious apps from accessing network and messing with other machines and trying to crash the host OS
How do different worms propagate?
Scanning worms: choose "random" address coordinated scanning: different worm instances scan different addresses Flash worms: assemble tree of vulnerable hosts in advance, propagate along tree meta-server worm: ask server for hosts to infect topological worm - use information from infected hosts contagion worm - propagate parasitically along with normally initiated communication
What is the RootkitRevealer?
Scans the file system High level and raw scan Discrepancy reveals presence of rootkit Could be defeated by rootkit that intercepts and modifies results of raw scan operations
What is SSL?
Secure Sockets Layer - transport layer security to any TCP-app Used for https ecommerce transactions security services: - server authentication - data encryption - client authentication (optional) Server authentication: - SSL enabled browser includes public keys for trusted CAs - Browser requests server certificate, issued by trusted CA - Browser uses CA's public key to extract server's public key from certificate
What is a security policy?
Set of guidelines established to safeguard the organization from attacks, both from inside and outside the organization (usable, not impede/interfere with the business, enforceable with security tools) Includes: security education, training and awareness, backups, business continuity plans, physical security, access controls, authentication, encryption, network security, auditing and reviews, compliance
What is malware?
Set of instructions that run on your computer and do something an attacker wants it to do
How does return-oriented programming / function chaining work?
So, even though NX-enabled bits could potentially prevent executing code from the stack, you can still find ways to execute your code via function chaining, especially functions into libc (hence return-to-libc) you can dump the executable and see the byte code and thus, jump to different functions and place needed values into registers and so on. Return-oriented programming - don't have to jump only to function starts - can jump in the middle of any code (x86 variable instruction lengths) - construct Turing-complete set of "gadgets" out of in-memory code - use return-to-libc-like chaining to run multiple gadgets
What is spyware?
Spyware software payload → spyware engine infects a user's computer → spyware process collect keystrokes, passwords, and screen captures → spyware process periodically sends collected data to spyware data collection agent
What is the difference between static analysis and dynamic analysis?
Static analysis: Analyze structure - Disassemblers - Converting bits to hex bytes to instructions (human readable) - Now we can construct control flow diagram Dynamic analysis: Analyze operation - Tracing /hooking - Debuggers - Trace every instruction a program executes in single steps - Or let program execute normally until an exception - At every step or execution, can observe/modify: instructions, stack, heap, and register set, May inject exception at arbitrary code locations, INT 3 instruction generates a breakpoint exception
Compare and contrast statistical analysis versus being rule-based for an IDS.
Statistical analysis Constantly capture packets, watch logs, note typical flows Set off alarms when traffic not matching the typical patterns This also alerts against configuration problems Does allow a global picture of the system Rule-based Systems Monitor logs and network for behavior violating or matching static rules Require some knowledge of attack behaviors Less prone to false alarms Often combined with anomaly detectors As with most things that are rule based, new attacks can slip through
What are the goals of malware?
Steal private data Display ads, send spam, extortion Damage local machine Congest network Attack other systems (DoS, relays) Commit online fraud (click fraud, spam) Grand unauthorized access (back door)
What is the setup process for a booter?
Step 1: Website code Step 2: Attack Infrastructure (Rent or use compromised servers) Step 3: Establish payment via Paypal Step 4: Advertise on Hackforums and Gamer sites Step 5: Profit
How do you hijack a prefix?
The hijacking AS has router with eBGP sessions and is configured to originate the prefix 1. Getting access to the router - network operator makes configuration mistake - disgruntled operator launches an attack - outsider breaks in to the router and reconfigures 2. Getting other ASes to believe bogus route - neighbor ASes not filtering the routes ex. by allowing only expected prefixes but specifying filters on peering links is hard
What is the setup for a Tor Hidden Service?
The setup - Imagine there are a bunch of machines in a Tor cloud. - Bob wants to advertise his hidden service. - Alice wants to access Bob's hidden service. - There's a database that has information about all of the available hidden services. Bob first picks some introduction points within the Tor cloud and builds circuits to them (sending request). Bob advertises his hidden service at the database. He sends information about the introduction points as well as his public key. Alice hears that Bob's hidden service exists, and she requests more information from the database. The database send her the introduction points information as well as the public key. She also sets up a rendezvous point (another machine within Tor cloud). Alice writes a message to Bob, encrypted with the public key she gets back from the database. In this message, she lists the rendezvous point, and a one-time secret, and asks an introduction point to deliver it to Bob. Bob connects to Alice's rendezvous point and providers her one-time secret. Bob and Alice proceed to use their Tor circuits like normal.
What differentiates worms from viruses?
They don't infect other programs, but they do self-replicate.
In a switch tree, what happens to fragments to unknown MAC addresses?
They get broadcast.
In a switch tree, what happens to frames to MAC addresses in the same segment as the sender?
They get ignored.
How are TCP connections established?
Through a 3-way handshake. server = passive listener waiting for request client requests connection - SYN server responds - SYN/ACK client responds - ACK
How are TCP connections terminated?
Through a 4-way handshake. the client which wishes to terminate connection sends FIN message other client sends ACK other client sends FIN original client sends ACK
What was the previous way of determining an IP address?
Through classes, but this got really restrictive in terms of available addresses.
How does DNS resolve a name?
Through iterative name resolution - local name server to google.com, .com, or . (root)
What is the procedure for connecting via Tor?
Tor client of source obtains list of Tor nodes from a directory server Source's Tor client picks a random path to destination server. If at a later time, the source visits another site, source's tor client selects a second random path.
What is TCP?
Transmission Control Protocol - guaranteeing reliable data transfer, in-order delivery of messages and the ability to distinguish data for multiple concurrent applications on the same host - most popular protocols built on top - stream of 8-bit byte data, packages it into appropriately sized segment, calls on IP to transmit those packets - delivery order maintained by marking each packet with sequence number - every time TCP receives packet, send ACK to acknowledge successful receipt - generally checks data transmitted by comparing checksum of data with checksum encoded in packet
What is TLS?
Transport Layer Security. SSL is the basis of TLS.
What are some unsafe functions and what should you use instead?
Unsafe functions - strcpy and friends - sprintf - gets Use instead - strncpy and friends - snprintf - fgets
What is the procedure to start / maintain an OTR conversation?
Use authenticated Diffie-Hellman to establish a (short-lived) session key EK Then use secret-key encryption on message M and authenticate using a MAC Re-key using Diffie-Hellman Publish the old MK
Describe the public cloud computing model.
Users run Virtual Machines on cloud provider's infrastructure Cloud provider owns and operates all of these servers Multitenancy - users share physical resources Virtual Machine Manager - manages physical server resources for VMs so that the VM should look like a dedicated server Trust Models - No spying on running VMs/data - secure infrastructure from external and internal attackers
What is an Amplification DDoS attack and what is a specific example?
Volumetric attacks that seek to overwhelm victim with traffic. Often rely on properties of several UDP-based protocols: - Spoofability, broad deployment, and large responses to small requests - Attacker → Botnet → Amplifiers → victims. - What begins on the byte level reaches the gigabyte level through this process An example is NTP (network time protocol, used for synchronizing system clocks) DDoS. Normally used with a small client and small server packets and not very often. But as an attack, the requests are small, but the responses are big and instead of being infrequent, are very frequent. So we send big requests, which amplify into bigger responses, very frequently, etc.
What is WEP?
Wired Equivalent Privacy. authentication as in protocol ap4.0 - host requests authentication from access point - access point sends 128 bit nonce - host encrypts nonce using shared symmetric key - access point decrypts nonce, authenticates host no key distribution mechanism authentication: knowing the shared key is enough
What differentiates a worm from a virus or Trojan Horse?
Worms are self-contained and may spread autonomously while both viruses and Trojan horses rely on human intervention
Should you obtain certificates from 2+ certification authorities?
Yes can obtain SSL server certs from 2+ CA because admin can apply for cert from 2+ CA. however, only one cert is returned to client as part of HTTPs protocol
Can switches be arranged into a tree?
Yes, each port learns the MAC addresses of the machines in the segment (subtree) connected to it.
Why is evasion so common? What is the taxonomy of evasion of dynamic analysis?
You can detect evidence of monitoring systems (look for fingerprints on machine) and hide real malicious intents if necessary. taxonomy of evasion - application - installation, execution - hardware - device name, drivers - environment - memory and execution artifcats - behavior - timing
What is a DDOS attack?
attacks against availability - attempt to consume finite resources, exploit weaknesses in software design or implementation, or exploit lack of infrastructure capacity affects the availability and utility of computing and network resources
What is an insider attack?
a security breach caused or facilitated by someone who is a part of the organization that controls or builds the asset that should be protected
What is an autonomous system and how does that fit with the Internet?
a set of routers and networks under same admin control Internet = collection of AS
What are the specifics behind SSL certificates?
a trusted authority vouches that a certain public key belongs to a particular site - format called x.509 - browsers ship with CA public keys for a large number of trusted CAs - common name (explicit or wildcard), expiration date, subject's public key, issuer, issuer's signature
How do you encrypt longer messages with AES?
add padding to the message until it's multiples of block size - must be able to recognize and remove padding afterwards - add n bytes to have value n - if we end in a block boundary, add an entire block unit of padding
What is spear phishing?
art of getting user to compromise their own systems
What are the attack vectors for attacking certificate authorities?
attack weakest CA, browser implementation, notice a bug in keygen library that leads you to discovering all private keys, attack crypto primitives
What is row hammer?
repeatedly opening and closing a row induces disturbance errors in adjacent rows
What are 2 principle protocols of IPSec?
authentication header (AH) protocol encapsulation security payload (ESP) protocol For both AH and ESP, source, destination handshake: create network-layer logical channel called a security association (SA)
What are two types of IP spoofing?
blind spoofing - attack from any source non-blind spoofing - attack from the same subnet
What is an example of an integer casting bug?
difference between variables used and variables passed in memcpy uses unsigned length signed to unsigned, drop the sign if length is signed, and negative, memcpy will drop the sign and you could exceed your buffer length. (-128 -> 128)
What is TCP connection hijacking?
can hijack TCP connection by - silencing one participant - sending spoof packets to other participant - if B accepts spoof, connection becomes desynchronized - useful to silence one participant because A may RST the connection if they observe a desynchronization or unsolicited packets
What is a limitation of firewalls?
cannot prevent IP spoofing because router can't know if data "really" comes from claimed source
What is DNS hijacking/pharming?
changing IP associated with a server maliciously
What are some ways to change permissions?
chmod - only the file owner or root can change permissions if a user owns a file, the user can use chgrp to set its group to any group of which the user is a member root can change file ownership with chown (optionally change group) chown, chmod, chgrp can take -R
What is a switch?
common network device operating at link layer and has multiple ports, each connected to a computer operation of a switch - learn the MAC address of each computer connected to it, forward frames only to the destination computer
What makes MD5 a vulnerable hashing algorithm and how does that affect web security?
make colliding messages A, B with same MD5 - makes attacker a CA
What does HTTPS provide?
confidentiality and integrity
What does the header include?
connection identifier authentication data: source-signed message digest calculated over original IP datagram next header field: specifies type of data (e.g., TCP, UDP, ICMP)
How are protocols classified?
connectionless - sends data out as soon as there is enough data to be transmitted connection-oriented - provides reliable connection stream, consists of set up, transmission, and teardown, creates virtual circuit-switched network
How can RSA be used for confidentiality?
encrypt with public key, decrypt with private key
What does a protocol do?
defines the rules for communication between computers
What is the root account?
super-user, multiple possible file permissions don't restrict root dangerous but necessary, ok with good practices
What is the structure of an IP address?
divided into 2 parts: network and host - network part - used to route packets - host part -used to identify an individual host - dotted decimal notation - each number 8 bits
How can RSA be used for integrity?
encrypt with private key, decrypt with public key - digital signature
How does onion routing work?
encrypting with the public keys of all of the mixes + the HMA and as the connection gets bounced around the mixes, each layer of the key is decrypted until the message is received by the destination
What doesn't Tor provide?
encryption between exit and destination
What is a Vigenere Ciphere and how can you break it?
encrypts successive letters using sequence of Caesar ciphers determined by letters of a keyword if we know the keyword length, we can break the ciphertext into n slices and check each as a caesar cipher To find n, Kasiski method - repeated strings in long plaintext will sometimes by coincidence be encrypted with same key letters - distance between repeated strings in the ciphertext is likely a multiple of key length
What are characteristics of Unix permissions?
every file owned by a user, has an associated group, 10-character notation, ls -l - rwx (read, write, execute) for owner, group, world
What are the steps after cooling the RAM for a cold-boot attack?
extract memory locate keys in memory reconstruct decayed keys decrypt hard drive
What is the ebp register?
frame/base pointer
What are some ways passwords can be stolen?
from the user via key loggers (hardware, malware, shoulder surfing), phishing attacks, network attacks from the website via malware on website and database dump (sql injection, shell injection) from other websites via password reuse
Describe confinement at different levels.
hardware - run application on isolated hardware virtual machines - isolate OS's on a single machine process - system call interposition - isolate a process in a single operating system
How does a stack canary work?
have a secret value right above or somewhere above the function pointer as part of a local variable during the first part of the function call, set that secret before any local variables get pushed then, after the vulnerability get executed, check and see if the secret is still the original expected value if it isn't, then buffer overflow has occurred
What is the structure of a URL?
http://www.unc.edu:81/class?name=cs535#homework http:// - protocol class - path name=cs535 - query #homework - fragment
How is data transferred through TCP?
initial sequence # exchanged during connection initialization 16 bit checksum of data and parts of header including source and dest acknowledgement or lack thereof is used by TCP to keep track of network congestion, control flow, etc.
What is the eip register?
instruction pointer
What is an example of an integer overflow bug?
integer boundaries - if exceeded, then we encounter wrapping to small numbers, so the malloc wouldn't have malloced very much compared to what was expected. -> whatever is max int minus the overflow can also happen if len * sizeof(int) > maxint
How does a rootkit operate?
intercept system calls for listing files, processes, etc Filter out malware's files and processes Applications → System Call → (Rootkit) → Kernel ← Results -- if call is from rootkit application, don't filter!
What is a proxy?
intermediary that relays our traffic (3rd party / encrypted VPN) - bad guys can use compromised machines as proxies Alice -> {M, Bob}KHMA -> HMA -> M -> Bob Bob doesn't know that M is from Alice, Eve can't determine that Alice is indeed communicating with Bob
What is a IDS?
intrusion detection system - make systems sensitive to threatening actions and make them capable of alerting authorities when they notice anomalies - necessarily post-hoc
What is a firewall?
isolate organization's internal net from larger Internet, allowing some packets to pass, blocking others. prevent denial of service attacks prevent illegal modification/access of internal data allow only authorized access to inside network (set of authenticated users/hosts) 2 types of firewalls: application-level, packet-filtering
Why is the distinction between a MAC and a cryptographic hash now needed?
length extension attacks. Cryptographic hash functions are not strong PRFs
What are the two types of name servers for DNS?
local name servers - each ISP, company has local default name server - host DNS query first goes here authoritative name server - for a host, stores host's IP address, name, can perform translation for host name
How do you protect against SQL injection?
make sure data gets interpreted as data - basic approach: escape control characters (single quotes, escaping characters, comment characters) - better approach: prepared statements - declare what is data
What is a security assumption made with having a VM and what are some ways to guard if the assumption is false?
malware can infect guest OS and guest apps but malware cannot escape from the infected VM and cannot infect host OS or other VMs - requires VMM to protect itself and not be buggy. The VMM is much simpler than full OS but the device drivers run in host OS. - Run Intrusion Detection / Antivirus as part of the VMM, IDS - runs as part of OS kernel and user space process, kernel root kit can shutdown protection system, common practice for modern malware, VMM can monitor virtual hardware for anomalies, Virtual Machine Introspection - allows VMM to check Guest OS internals
What is stealth root-kit malware?
malware that creates processes that are invisible to ps and opens sockets that are invisible to netstat
What is a routing table?
maps ranges of address to LANs or other gateway routers
How does an NX bit work?
mark pages as EITHER read/write (stack/heap) executable (.text/code segments) never both requires hardware support attacker cannot return to stack but you could return to other code / functions
What does OTR provide?
message confidentiality authentication perfect forward secrecy deniability
How do you protect against Cross-site Request Forgery?
need to authenticate each user action originated from our site - one way: each "action" gets a token associated with it - - on a new action (page), verify the token is present and correct - - Attacker can't find token for another user, and thus can't make actions on the user's behalf
What is DNS spoofing?
no auth of responses, any DNS response is generally believed, no attempt to distinguish valid data from invalid, responses can contain entries that should not be trusted but are, responses are cached, just one false root server could disrupt entire DNS so you can do the following: - inject bogus DNS responses - attach additional bogus entries in valid DNS responses (especially for internal names)
What describes an off-the-record conversation?
no one else can hear unless being recorded no one else knows what's said unless told no one can prove what was said
What are some caveats of our shellcode that we have to make sure we take care of?
null characters in shellcode halt strcpy line breaks halt gets any whitespace halts scanf
What does BGP provide each AS?
obtain subnet reachability information from neighboring AS's propagate the reachability information to all routers internal to the AS determine good routes to subnets based on reachability information and policy allows subnet to advertise its existence to rest of internet
What is the Common Gateway Interface?
oldest method of generating dynamic web content - operator of a web server designates a directory to hold scripts that can be run on HTTP GET, PUT or POST requests to generate output to be sent to browser - CGI input - PATH_INFO (holds any path that appears in HTTP request after script name), QUERY_STRING (holds key=value pairs that appear after ?) - - HTTP headers passed as environment variables - - PUT or POST - user submitted data provided to script via STDIN - CGI output - anything the script writes to standard output is sent to browser
What is suid?
on executable files, causes the program to run as file owner regardless of who runs it ignored for everything else in 10 char display - replaces 4th char with s (or S if not exec
What is Subvirt?
once on victim machine, virus installs malicious VMM and hides in VMM -> invisible to virus detector running inside VM
Describe the Javascript click-jacking attack.
onmouseup / onclick events that trigger window.open events to evil sites where as href goes to trusted site
What is a mixed content attack and how do you defend against this?
page loads over HTTPs but contains content over HTTP therefore active attacker can tamper with HTTP content to hijack session Defense: browser warnings
How does BGP work?
pairs of routers exchange routing info over semi-permanent TCP connections called BGP sessions when AS2 advertises a prefix to AS1, AS2 is promising it will forward any datagrams destined to that prefix towards the prefix
What is the lifecycle of a botnet?
propagation - to recruit new members, bots rely on an array of built-in propagation vectors - attacks moving "up" (i.e. social engineering), web centric - targeted behaviors, people tend to be weakest link, piggybacking on other's trust communication - after a new infection, a bot establishes a C&C connection with a controller attacks - malicious bots attack Internet users and infrastructure
What is the SSLstrip attack and how do you defend against this?
proxy through content without HTTPs Defense: - default HTTPs for all websites if possible - HSTS - hypertext strict transport security - header says, always expect HTTPs, enforced by browsers - HTTPS everywhere - browser extension - EV - extended validation
How do Unix permissions affect directories?
read bit allows listing names of files in directory, but not properties like sizes and permissions write bit allows creating and deleting files within the directory execute allows entering the directory and getting properties of files in the directory
What are the different modes for local area networks?
regular mode - gets the frames intended for it promiscuous mode - traffic sniffing, get all frames
What distinguishes a virus from other malware?
self replication, also replications requires some kind of user assistance to initiate
What is a TCP RST attack?
server port typically known, client port must be guessed older OSs accepted a wide range of plausible seq/ack numbers with RST modern OSs are more conservative - seq. must be reasonable - ack must be within sender's window
What is a Tor hidden service?
servers that provide some kind of application but can only be reached via communication through Tor
What are special permission bits?
set-user-id, set-group-id, sticky bit
What are the characteristics of a hash function?
should be difficult to find: - first pre-image - given h(m), find m - second pre-image - given m1, find m2 s.t. h(m1) = h(m2) - collision - find any m1 != m2 s.t. h(m1) = h(m2)
How can the attacker know what's on a person's screen / what a person is typing and what is one defense against the screen reading?
signal emissions - radio frequencies from computer screens or visible light reflections from wall / eyeglasses -> display what is on screen (need to be close enough) Acoustic emissions from keyboard - Faraday cage - block EM emanations with conductive shielding or mesh of such material where holes in mesh are smaller than wavelengths of the EM radiation we wish to block
What is a rainbow table and how can you defend against this?
similar to a lookup table attackers can trade-off disk-space vs. CPU time Can attack hashed passwords storage via repeated trials of words Defense: Salted hashs (H(password + user-specific salt)) Better defense: slow hash functions - bcrypt, scrypt (large amounts of memory requred)
What is the esp register?
stack pointer
What are password managers?
store passwords that generally are encrypted under master password, generate passwords and allows easier unique passwords per site
How can you become root?
su - changes home dir, PATH, shell to that of root, but doesn't touch most of environment and doesn't run login scirpts su- - logs in as root just as if root had done so normally sudo command - run just one command as root su [-] user - become another non-root user, root doesn't require password entrance
What countries tend to be affected by STARTTLS?
those which tend to have censorship
How can one defend process confinement?
to damage host system / persist changes, app must make system calls to delete/overwrite files and do network attacks the idea is to monitor app's system calls and block unauthorized calls
Why are attacks at the network layer possible
to take over TCP stream, sequence and ACK numbers must be sniffed or predicted send fin packet - triggers multi-packet, graceful shutdown send rst packet - only works if you can guess both ports and the seq/ack numbers security of TCP relies on randomness of initial sequence numbers - if an attacker knows them, they can spoof packets problem: many OSs used to have low-entropy ISN generators Attacker can measure victim's ISN generators (NTP query, repeatedly open connections)
How can you avoid social engineering?
training - individuals with access must be trained property (escort + id check) staff must also be trained properly eliminate phishing attacks via regular and repeated training
What are some different cipher modes for AES?
useful for multiblock messages ECB - encrypt independently CBC - cipher-block chaining - add a random block to start - initialization vector, but we can then just use the encrypted blocks to continue the process Counter mode - mimicks PRG - xor ith block with Ek(message_id || i)
What are some defenses to this attack?
user auth digital signature hope there isn't an active adversary
What is the recommended way for authentication?
user sends password hopefully over encrypted channel like TLS/SSH Challenge-based authentication - server sends challenge (nonce) and user sends response (H(password, nonce)
What risk does the same-origin policy protect against?
we don't want a malicious site to be able to spy on or tamper with my information or interactions with other websites Defense: same-origin policy: - a security policy grafted on after-the-fact and enforced by web browsers - intuition - each web site is isolated from all others multiple pages from same site aren't isolated - Granularity of protection - the origin - - origin = protocol + hostname + port - - only scripts received from a web page's origin can have access to page's elements
What risk does HTTPS protect against?
we don't want a network adversary to modify our pages or eavesdrop
What risk does server-side security protect against?
we want data stored on a web server to be protected from unauthorized access
How can attackers find bugs in code in general?
white box - code review - automated compiler checks black box - fuzzing - test case generation - - random fuzzing - - "dumb" mutation-based fuzzing: Mutate an existing input, add some randomness into the inputs - smart (generation-based) fuzzing - - Generate an input based on a model (grammar) - application execution - exception detection and logging reverse engineering - process of discovering the technological principles of a program through analysis of its structure, function, and operation - The development cycle, backwards
What is HTTP?
widely used, stateless protocol for websites to communicate between client and server
Can you encapsulate packets within packets?
yes, within payload of encapsulating packet.