Security exam question

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What re the percent to known the next binary digit

50/50% as it may be 1 or 0 so called perfect secrecy

what are the length of message of SHA 512

512 BITS

speaking people who have the proper authority should be able to do whatever it is (and only whatever it is) they are authorised to do. Nobody else should be able to do anything on the system.

A multi-user distributed computer system offers access to objects such as resources (memory, printers), data (files) and applications (software).

what are approach take to minimise the chance of present a false key in the ring

1- alice can get the public key directly from bob (physically) but the problem are physical limitation 2-alice can verify the key via telephone 3-alice got the key from other one in which bob trusted in it 4- use trusted certificate agency to obtain the key

how alice and bob communicate through the server?

1- alice communicate with the server and send the names of alice and bob and request that session key to be generated 2-

how are 3 DES work?

1- alice encrypt M by key1 to form c 2- then alice decrypt c to form m' 3- then alice encrypt m' by key 3 to produce c' for decryption it will reverse the sequence 1- alice decrypt c' by using k3 to prosuce m' 2- alice encrypt m' by using k2 to produce c 3- alice decrypt the c by using k1 to produce m

give a list of alternative way of the authentication

1- answer a secret question 2- finger print or scan retina 3- present of something you have such as passport or credit card

what are the step of key escrow?

1- assume that the key have the binary b k=k1k2k3...kb 2-the first key is n of bits that chosen in random 3- the second part of key X2 are calcualted by XORING K and K1 4-THE ORIGINAL KEY ARE RECOVERED BY XORING K1 AND K2

steps to make certificate

1- bob generate a document which include his relevant information and present him self with a document to at CA 2-CA confirm bob identitity 3-CA hash the document using hashing secure hash algorithm function and encrypt the resulting message digest using their own private key 4-the encrypted message digest are the certificate and published together with the unencrypted message include the public key

what are five services does PGP offer?

1- confidentiality 2- segmentation 3- authentication 4-compression 5- compatibility

which method can be used to [rotect the password file?

1- cryptographic method 2- access control over the password file

what are the four properties should be in hash function to be strong?

1- easy to compute 2- no collisions 3- no preimages 4-input can be or arbitrary length

what are five properties should block cipher satisfy

1- large block size 2- large key space 3- diffusion property 4- confusion property 5-completeness

why use hashing in digital signature?

1- speed 2- confidentiality

why use digital signature?

1- to prove from who the message are 2- that message have not been corrupted or altered in any way

what are the two component of password system ?

1- user name to establish identity 2- password to confirm the authentication of identity

how PGP associate a level of trust with each public key as follow

1- when alice insert a new public key onto her public key ring ,she can specify unknown , trusted ,marginally trusted ,completely trusted 2- ligitimicy value in which give indication of what are signed it

223 mod 660 find the inverse

1-660=223*2+214 223=214*1+9 214=9*23+7 9=7*1+2 7=2*3+1 rearrange the last equation to make 1 are the subject 1=7-3(2) from equation 9-7*1+2 2=9-(7*1) substitute 1=7-3(9-7) 1=4(7)-3*(9)

Nine of the twelve mode bits are used to encode access rights.4 These access bits can be thought of as the access control matrix entry. They are divided into three groups of three bits which represent the owner, group and other users respectively. For each of these three groups, the three bits are r w x representing read access, write access

For example, the 9 bits r w - r - - r - - indicates that the owner has read and write access but not permission to execute the file, whereas the group members and all other users have read access only. The 9 bits r w x r - - - - - indicates that the owner has read, write and execute access, whereas the group members have read access only and other users have no access to the file.

example to the term of size form

For example: b(5) = b(1012) = 3 b(20) = b(101002) = 5 b(212) = b(4096) = b(10000000000002) = 13

One time pad

Is a security method that provide perfect secrecy

Random substitution cipher

Is more secure than Ceaser cipher

Cryptoanalyst

Is person who try to decrypt the ciphertext for malicious use

What are limitation. Of DAC

Is that if the file are control by the owner it have a risky that it may be unexpected propagation of acres rights suspected to malicious action. On it

What are the main aim of blocking

Is that the same letter take more than one value when using the ciphertext

One method for improving security

Is using blocking

What are one time key pad and what advantages and disadvantages of it

It amthod of summetric key cryptosystem

What does the authentication

It answer claim which who are you that you are you

Why it is called. One time pad

It called because each digit in stream are only used one time and never repeated

What are relation between one. Pad time and the key generation iteratively using XOR operation

It can generate the key stream by xor function. By generate the. Next bit by Xoring the fist bit with the last bit of the previous n bits to produce a key length of 2^n-1

What does non repudiation concern with

It concern with known the sender and receiver and can be used in digital signature

What are issue with access control. Security

It concerned with Acess control. Rights when design the security system

What does PGP confidenatilty contain

It contain combination of both public key and symmetric key cryptosystem to provide confidential to the message

What does computer security deal with

It deal with detection and reaction of unauthorized user dealing with information in computer system

What does PGP authentication depend on

It depend on that Alice only known his private key and no one other known that key

What does stream cipher security depend on

It depend on the keystream generator

What the meaning of ownership. Policy

It determine which subject have which permission on an object

What are disadvantage of the LFSR

It easy to predict so should not used alone for keystream generation

Non-repudiation

It ensure that either the sender or receiver can not denied the message

Shortly what are access control. Are

Access control are the limitation to access of authorized users by identification and authorizationn

access controls provide the limitation and control of access to authorised users through identification and authentication

Access control is crucial in computer security. All of the features that we would like a security system to provide (confidentiality, availability, integrity, non-repudiation, authentication and accountability) depend upon the proper implementation of access controls.

Authentication Authentication is proving a claim - usually that you are who you say you are, where you say you are, at the time that you say it is. Authentication may be obtained by the provision of a password or by a scan of your retina for example. See Chapter 2 for further methods of authentication.

Access controls Access controls provide the limitation and control of access to authorised users through identification and authentication. A system needs to be able to identify and authenticate users for access to data, applications and hardware. In a large system there may be a complex structure determining which users and applications have access to which objects. See Chapter 3 for further details on access control models

With this model, a process can be granted just the permissions it needs to be functional. This follows the principle of least privilege. Under MAC, for example, users who have exposed their data using chmod are protected by the fact that their data is a kind only associated with user home directories, and confined processes cannot touch files without permissions and purpose written into the policy

All interactions between subjects and objects are disallowed by default on a SELinux system. The policy specifically allows certain operations. To know what to allow, an access control matrix is used. The matrix is derived from the policy rules. The matrix clearly defines all the interactions of processes and the targets of their operations.

To implement a OTP, users generally have a token (similar to a small electrical keyring, for example) which generates the passwords either based on a

Answering a question that only you are likely to know the answer to such as your mother's maiden name or date of birth. This information is not that hard for a hacker to acquire so provides only a low level of security. Presentation of something that you have, such as a credit card or passport. These can be forged or stolen but in general are a good means of identification and authentication. Use of finger prints, retina patterns or palm prints. This is a high cost solution, but fingerprints, etc. are fairly hard to replicate and are not something that the genuine user can lose or forget! However, a determined attacker with adequate financial resources can replicate these physical attributes leading to a catastrophic failure of a supposedly high security identity system

RSA Key Generation

Bob used a strong pseudo random to generate two random primes which are p and q Then calculate n =p*q Then calculate r=(p-1)(q-1) Then choose a number e which between 1 and r and no have common factor with r Compute d which is private key by solve e*d mod(p-1)=1 Then use (e, n) as public keys and d as private key

What are aim of blocking

By blocking we decrease the statistical analysis problem

What mean by group in Acess control

It mean a group of subject which have the same access permission

What are security attacks mean

It mean intercept the transmission f message between the sender and receiver

What are integrity mean

It mean prevention of alter or. Modify information It mean that data stored in computer as it is. Intended

What are aim of availability

It mean that information should be available. And accessible when needed from authorized user

What are the confidentiality mean

It mean that prevention of unauthorized disclosure of information

What mean of statistical analysid

It mean that redundancy of English letter can be used to known the plain message from ciphertext

What is discretionary owner policy are

It mean that the owner of resource decide who have access to which object and resources

What does access control. Mean

It mean the limitation to reach to some information through identification and authentication

How man in the middle attack in diffe hellman exchange protocol occur

It occur by change the values that send from. Alice to Bob and vice versa to be 1

What advantage of MAC

It provide a frame work allow you to define all access permission. Over the objects and resource by all subjects

How the key used in substitution cipher

It shared between the sender and receiver

Whar are the key in random substitution cipher

It table of letter substitutions

What are objects in control system

It the shared resources such as printers data files or software

How we can obtain authentication.

Can obtain by password or scan of your retina or finger print

What are chosen message

Charles generate message and oeesude Alice to encrypt. It and then try to known the encryption key

Known message what is it

Charles known part of message and corresponding ciphertext and try to find the decryption key or encryption. Key

What are ciphertext only attack

Charles only known the ciphertext and have no idea what the message are

Probable chosen message idea

Charles predict the message may contain some word which are related to the message sender or receiver such as company name and so on

What are chosen ciphertext

Charles take apart of the chosen ciphertex abd persuade Bob to decrypt then and from that can generate the decryption key

Example of Ceaser cipher

If k is 5 then letter A become F Letter B become G

What are disadvantage of one time pad

Costly and difficult to organize

which type used by the DES

DES use festiel structure for encryption

What are method to attack

Differential analysis Try all keys

How compression works

It works by replacing the repitited in the text by a short code

What are properties of good cryptosystem

Large block Large key space High speed of execution The same algorithm for encryption and decryption to reduce the development cost and prevent the bottlenecks

It is important that no-one else gets a copy of this digit stream so to achieve perfect secrecy Alice should personally give it to Bob. When Alice wants to send her message to Bob (this may be some time later when Alice cannot physically meet Bob) she codes it into a stream of binary digits. Then for each binary digit in the message she XORs 2 it to the binary digit in the random digit stream at the corresponding position

Message 0 1 1 1 0 0 1 0 1 0 0 1 1... Random Stream 1 0 0 1 1 0 0 0 1 1 0 1 0... Ciphertext 1 1 1 0 1 0 1 0 0 1 0 0 1... Alice sends Bob the ciphertext. Bob uses his copy of the random stream to retrieve the original message. The inverse of XOR is also XOR, so all Bob has to do is XOR the ciphertext with the random stream and he will recover the message.

Communication is intercepted if the attacker interrupts the communication and receives the source information

Modification occurs when the attacker intercepts the communication, alters it in some way, and then sends it on to the destination. The attacker intends to deceive the destination into thinking that the modified communication has come directly from the source. This is also known as a Man-in-the-middle attack

Example of math problem to be solved with fermatts little theorem

Prime number p Number m between 2 and p-1 Number e between 2 and p-1 Compute c=m^e mod p The problem is to find m and you known e and c and p To solve it We calculate d by solve the equation e*d mod(p-1)=1 We can find value of d using Euclid method Then compute m =c^d mod p

What are other name of confidenality

Privacy or secrecy

what types of scheme to provide authentication for e mail

PGP and S/MIME

Examples on subjects

Persons such as Alice Bob or may be a another program or computer

This type of attack can be thwarted by using a relatively inefficient function to encrypt the passwords. Consider that the hacker may have to encrypt millions of possible passwords before a match is found. If each encryption takes one or two seconds then this will take many days. However, for a genuine individual user a time lapse of a few seconds each time they enter their user-name and password is negligible.

Rainbow tables If a well known function, such as a secure hashing function, is used to encrypt passwords then pre-computed rainbow tables can be used to find passwords very quickly

There are 5 types of operation in access control list them

Read Write Append Delete Execute

What does types of permissions on fikes

Read Write Delete Apoend Execute Change permission Change ownership

Give example of protection ring model

Ring with five with 0 in the outer level and 4 in the inner level

Whar is SSH

SH (secure shell) is a protocol which allows data to be securely exchanged between two computers. SSH uses encryption to provide condentiality and integrity of data being passed over an insecure network such as the Internet. Like TLS, SSH uses public key cryptography to authenticate the remote computer. Unlike TLS, SSH also allows the remote computer to authenticate the user if necessary.

what are types of hash function

SHA and MD5 MD5 not used recently

there are five types of secure hash function which are

SHA,SHA1,SHA 384,SHA256,SHA512

WHAT THE HSAH 512 DO IN COMPUTATION STAGE

SHA-512 uses six logical functions which involve shifts, bitstring operations (and,or) and modular arithmetic mod264.

What are the main component of LA padullaa model

Set of subjects s Set of objects o Set of permissions access A Set of security level L

This is hard to achieve although not impossible. The one-time pad is a method of encryption that offers perfect secrecy.

Suppose Alice wants to send Bob a message using the one-time pad. Alice generates a stream of random binary digits (a list of 0s and 1s occurring at random) which is as long as the message. She makes a copy of this stream of digits and gives it to Bob

Number of passwords An intelligent attacker will carry out dictionary and intelligent or modified dictionary attacks before attempting an exhaustive search. This is because, although an exhaustive search is bound to succeed eventually and a dictionary search may fail, if it succeeds, the dictionary search is much faster.

Suppose that passwords are six characters long. If the password is made up only of lower case letters, then there are 26 choices for each character in the password. Hence there are 266 = 308, 915, 776 ≈ 3 8 possible passwords of six lower case letters. If we include lower and capital letters, there are 526 ≈ 2 10 possible passwords. Adding in digits as well, gives a choice out of 62 for each character in the password and there are now 626 ≈ 5.7 10 possible passwords. Finally if we allow any keyboard character including ¡ ¿ * & etc. there are approximately 100 different choices for each character in the password and hence there are 1006 = 1012 possible passwords.

What are types of encryption algorithm

Symmetric and asymmetric types

Aim. Of access control

System. Should be able to identify and authenticate the user to. Identify it

What are TLS and ssl

TLS (Transport Layer Security) is the successor of SSL (Secure Sockets Layer) and is the security protocol used by web browsers to connect securely to web browsers. SSL was implemented by Netscape and became the de facto standard until TLS, which varies only slightly from SSL, came into use in 1999. TLS is now the ofcial version. TLS uses public key infrastructure and certicates issued by a trusted third party, the certication agency or CA. When a TLS client wants to make contact with a server, a handshake is performed which consists of several steps. If any of these steps fail,

which other we use to internet

TLS transport layer security SSH secure shell to provide authentication for internet client

how to recover the original key ?

The key K is recovered by XORing all of the key pieces together: K = X1 ⊕ X2 ⊕ X3 ⊕ . . . ⊕ Xn−1 ⊕ Xn

What types of key used in symmetric key cryptosystem

The key are shared between two parties which used in both encryption and decryption

what key do in key?

The key that is provided as input is expanded into an array of 44 32-bit words wi

Explain the difference between master key and session key

The master key is the key that are used and are stable in it generation as it not changes But session key is the key which generated every time we call. Some thing and this occur in trusted third party exchange Protocols

Which Acess permission type used in LA padullaa security model

The model access control matrix are used

What are relation between security features and access control

The relation are all features depend proper implementation of access control

How do I know that you are who you say you are? The computer must now establish that the person logging into the system as John Smith actually is John Smith. Since the user-name is not a secret, anyone could try to log into the system using the identity of John. The person logging in must somehow prove that they are the genuine John Smith. This is usually done by using a password. The password is a secret and is only known to the genuine user John Smith. By entering this secret password, in conjunction with his user-name, John proves to the computer that he is an authorised user and is allowed access to the system

Thus there are typically two stages in the process of identification. 1. A user-name is used to establish identity. 2. A password is used to establish authentication of identity

What are the benefit of added authentication to siffie hellman. Exchange to protocol

To prevent. Man in.the Middle attack

The password file can be protected by using a one-way function f(x) to encrypt the stored passwords as follows: To create a new user-name/password pair: The user inputs their user-name and password x. The system computes f(x). The password file does not store x but instead stores f(x) indexed by user-name.

To verify a user: The system asks for the user-name and password. The system computes f(x ′ ) where x ′ is the password entered by the user. The system checks to see if there is a match between the f(x) stored for the given user-name and f(x ′ ) just computed. If f(x) = f(x ′ ) then x = x ′ and the user is verified. If f(x) 6= f(x ′ ) then the password entered by the user is incorrect and access to the system is denied.

what are the differecne when use hashing in digital signature

bob create amessage then bob hashing the message with hashing function then encrypte it and then send them to alice alice decrypt the signature and then hashing the message with the same hashing function if the same then it will be good

the last step

bob decrypt the alice message with bob KBS to obtain KAB now both alice and bob known KAB

does n of n escrow protocol practicle

bot practice and not used except in emergency case

how we can encrypt password file

by do the following create user name password pair (x) the system are not tored the password as x it stored as f(x) which is indexed by user name

how we can known if the numer is prime or composite?

by using fermatts little theory

how to improve the security of message in digital signature?

by using hash function

how to inititlse initital values

by using the hash words H0 to h7 WITH HEXADECIMAL

what are ways used to determine the initialisation vector IV

fixed iv counter iv random iv nonce generated iv

how fesistel structure work?

for each round the data block are divided into two halves right and left each half are prcoessd and used as input into other half in the next round

what are one way function ?

function say to be one way if it is easy to compute in one way but hard to compute in reverse

what hash computation stage contain

generate a message schedule and use that schedule along with the functions , constants and word operations

what are methods used in password guessing?

guessing password using the user personal knowledge dictionary searching intelligent searching exhaustive searching

what are factorisation problem are?

it depend on that it is easy to multiply two numbers to produce integer but hard to find the two numbers

what are needham schroner key depend on?

it depended on trusted third party method and have use symmetric key cryptography

how encryption method are done in block cipher

it done block by block act on block to produce a cipher text with the same size

what role of certification agency are?

it gurantee the link beween the key holder and the public key by signing a document which contain user name,public key , name of agency, expire date of dicument

what are question who are you refer to?

it identification part of password method as the user put its name to get the user identification

what mechanism of rainbow tables

it is a tables of password which are fast search for the password in the table to find it

what are intelligent searching are?

many passwords are combinations of letters and numbers in which intelligent search that we try many combination of the letters and numbers apple0, apple1, apple2,....,apple9, apply0, apply1,

what are the idea of hack password guessing personal information?

many people use password that relate to their personal information such as parent name , dog name or other related information

what type of function hash function used?

many to one function are used this mean that there exist different value for for the same h(x) collisions

what are ways that the one time password can be applied?

mathematical algorithm which generate password based on previous password time synchronisation protocol mathematical equation that create password based on challenge such as random number

what type of certification agency may be?

may be governement or finaincial

what are SHA 512 PREPROCESSING CONTAIN(1)

message are padded as use equation of L + 1 + k ≡ 896 mod 1024 l length of message k=smallest non negative soln to equation l=128 bit alway append to the end of the message

ht are output feed back mode depend on ?

message not used and the block cipher are used to generate random streaam of bytes called the keystream the keystream is then cored with the stream to produce the ciphertext

How to generate keystream simply

We can create by using initial key of n bits and generate the next bit by Xoring the first bit and with the last bit of previous n bits

What are practice to generate stream cipher

We create stream cipher from small key

O1 O2 O3 O4 G1 √ √ √ G2 √ √ Table 3.3: Access control matrix with groups

We have not yet considered who has the authority to decide which subjects have which permissions over which objects. The ownership policy may either be discretionary or mandatory.

What are PGP segmentation

We segment the message before encryption. Also. In PGP segmentation

Which things used to represent access control when the system are not hierarchial

We use lists and matrix

How to prevent the high level object to be copied into lower level

We use no write down policy

Is method of certificate

X 509

what the name of standard protocol for certificate issue?

X.509 standard

2 of 2 key escrow what function used?

XOR function are used to hide the original key

what idea of n of n escrow protocol?

Xn = K ⊕ X1 ⊕ X2 ⊕ X3 ⊕ . . . ⊕ Xn−1

How authentication and confidentiality doing with each other

Yes

Can Mac provide an authentication

Yes as it provide define permissions for all processes called subjects which interact with all other objects in the system

Could we break the no read up poocy without known of the high level

Yes by Trojan horse program

Can we make flexibility without breaking the rules

Yes by downgrading all subject and objects to the lower level and then all. Can access to other objects easily

Can hash function used in output feedback mode

Yes it can be used and this give speed and confidentiality perferances than normal

Can security level. Include operations

Yes it can include operations as well

Does LA padula security model are used

Yes it on eof th famous security model used It aim to provide multi user secure operating system

what are good example of one way function?

a good example are multiplying and factorising

A rainbow table is a table that stores the encryption of all possible passwords of a given format. For example, all passwords that are eight characters long and contain lower case letters and digits. These rainbow tables are huge and require a large amount of storage space and initially a lot of time to compile.

are built they can be searched very quickly to find password matches. These tables are used to retrieve lost user passwords and they are very useful for this purpose. However, in the wrong hands they can obviously be used to find passwords for malicious purposes.

what are mechanism of modification?

attacker intercept the information and make changes and send them back to the destination

how does fabrication occur?

attacker set up a communication and send to destination pretending that it come from the source

what happened for after 16 round?

after 16 round the two halves are concatenated with each other

what are aim of CBC

aim that if two identical plaintext will produce non identical ciphertext

what happen when alice receieve all what server send in the second step?

alice decrypt all what send and now he known KAB

how use a symmetric exchange into symmetric key?

alice generate KAB symmetric key alice look for bob public key and encrypt KAB c=encrypt bob public(KAB0 alice send the ciphertext c to bob which decrypt it by it private key to known AB now both alice and bob known the key and begin to exchange them

how alice send message to bob in public key crtptosystem?

alice look for bob public key and encrypt the message using public key and send the encrypted message to bob who can decrypt it using his private keys

how bob receive from alice?

alice send to bob the name of alice and a session key encrypted with KBS

what happen if alice want to communicate with bob?

alice use the public key of the CA to decrypt the certificate she use the same hash function to CA to hash the document she checks to see whether the hash of the document is exactly equal to the decrypted certificate

what rc6 features?

allow direct analysis suitable for use by hardware or software used in number of products of RSA

what mean of key escrow?

allow two or more people to hold part of the key ans each piece of the key reveal no information and can not be used alone and when enough key pieces are available the key reassembled

how we used fixed iv as intitalisation vector

use the same iv every time with not recommended because if the first block of the message are the same it will give the same ciphertext every time give the same problem with ecb

what the action that PGP are used?

use web of trust for key management

what are IDEA FEATURES?

used in PGP in number of commerical uses not use substitution s box used three math functions xor binary addition and multiplication of 16 bit integers has 8 rounds , 6 subkeys for each round subkey used circular shifts

where use the x.509 used?

used in most network security application include ip security

what are advantage of rainbow tables?

used to restore the lost password

what are dictionary searching in it simple way?

user name may choose word to remember word may be in a natural language we can use a dictionary by run a program that try all words in that dictionary until find the password

how to claculate the value of k

value of k k=896-l-1 if l =24 bits then k =896-24-1=871 then the message become message(l) ++1+871 zeros+128 bits in binary then the message parsed in bloks of 1024 length

to prevent attack from charles in nodeham protocol?

we added another step which are signifying that alice or bob receieve the message

how we can prevent the attacker from taking the password ?

we can prevent attacker from the password by education that not give any one your password

hw we can used the hash function?

we can use the hash function to shorten and store data

what are needed in needham method for keys ?

we need trusted third party or server to exchange keys

what should do to ensure the security of public key ?

we should use a large parameter of 200 t0 600 decimal point to defend against exhaustive searching

diffie helam example

we will use equation to form x =g^a mod p y = g^b mod p then exchange x and y then use the equation k=y^a mod p k=x^b mod p generator used only in the first part and the x,y used in the second pary

what are types of trusting public key?

web of trust certificate

to solve the problem of certificate what we use?

web of trust are used to be trust the keys PGP

does rijndael use fesitel algorithm?

no it not use feistel algorithm

what are session key idea?

no need to store many keys you only need a key which are share between the Alice and server and each time invoke the protocol new session key will be form

what are relatd in public ring key

signature trust and key legitimacy

what are the add round key operation?

simple bit wise XOR of the current block with a portion of the expanded key

what shift row ?

simple permutation performed row by row

what are computational complexity in term of size ?

size of the problem are determine it

ranking of password

small letters so n of passwords 26^6 which 6 is pssword length small and capital so n is 52^6 added digits 0-9 then 62^6 allow any keyboard character so it be 100^6

how to prevent fake login

some screen have a unique patterns that cannot be repeated and will be shown to it and impossible to replicate

what are the hash vlue

the hash value the det by the hash computation represent the hash

idea of digital signtaure

the idea is that the holder only have its private key and can be decrypt the signature by it public key and this expalin why it is perfect

what are the input to rijndael

the input is block in encryption and decryption of 128 bits this blcok will copied instate array which is squre matrix of bytes and which modified at each stage in encryption and decryption

what are isea of 2 of 2 key escrow

the key are split into two pieces both of them needed to restore the key

what happen for keys k

the key is split to 16 keys each of 48 bits length

what are the main disadvantages of symmetric key cryptosystem

the number of keys grow as the users numbers grow n=n(n-1)/n

what are the simplest form of spoofing?

the simplest form of the spoofing are simply asking the user to get his password

to decry-pt the password file and verify the user?

the system ask the user for user name and password user enter the password x the system compute x' where f(x') the system check if there is a match between f(x) and f(x') if there are matched between them then the match is completed and log in completed

what are the recommended to password?

the user to change the password every three or four months

in symmetric cryptosystem the value of security are

the value in the key

What are subject and object reprsen

they represent the active and passive part if the process

what are idea of 2 of 3 key escrow

three key pieces are generated any two of three pieces are used to recover the original key we think of original key as decimal value we require a prime parameter p with graeater than k

what are the problem in x 509 certificate?

to certify the key it should have third party involved trusted third party may be corrupted and so there are problem in which all kkeys will be available to any one nnot secure

how we can fast calculate exponentiation

to compute X^n do the following y=1 and x=u repeat if n%2=1 then y=u*y n=n/2 if n not equal to 1 u=u*u until n=1 output y

how fast algorithm for modular exponentiation

to compute x^n mod m initialize y=1 and x=u mod m repeat if n%2=1 then y=y*u mod m n=ndiv 2 if n not equal 1 then u=u*umod m until n=0 output =y

what are the problem we face when use cbc

to decide the value of c0 which will be used to xored with the first plain text

why need hash function easy to compute?

to make computations fast and efficient as cryptographic protocols may need many hash to compute so it should be easy to compute

large key space why

to prevent exhaustive searching

why no collision needed?

to prevent non repudiation

why large block size needed?

to prevent statistical analysis

how to ensure that public key used are specific to certain one which needed?

to prevent the incorrect use of another public key rather than needed

why no pre image needed

to prvent that no two x have the same hash value

what required to implement one time password

token are used in generate the password

example modular inverse of 2 mod 17

.5 mod 17=

Give an example of access control matrix

--------------------------------- Prolg. Database 1. Database 2 --------------------------------- Alice {e}. {r,w} Bon ---------------------------—----

what are the basic protocol to generate three pieces protocol?

1- alice ,the holder of key k , generate a random number a ,and three random number x1,x2,x3 must be different and between in 1 and p 2-alice compute ki=((a*xi)+k)mod p for i=1,2,3 3-alice keep the value of a secret and give the each of three key holders(xi,ki)

We have the following sets: a set of subjects S a set of objects O a set of access operations A = {execute, read, append, write} a set of security levels L with a partial ordering ≤. 1 Every subject is allocated a maximum security level fs and a current security level fc. Every object has a security classification

1. A subject can read an object only if the subject's security level is greater than or equal to the objects classification. This is a no-read up policy

give ashort expression to protocol used third party

1. A −→ S : A, B 2. S −→ A : eKAS(B, KAB, eKBS(A, KAB)) 3. Alice decrypts to get B, KAB, eKBS(A, KAB) 4. A −→ B : eKBS(A, KAB) 5. Bob decrypts to get A, KAB

How we make encryption sequence

1. Alice signs the original message m as before: sig = pk:encryptApriv(h(m)) 2. Alice compresses the original message using the ZIP algorithm M = ZIP(m). 3. Alice generates a session key, K, and uses it to encrypt the compressed message and the signature. c =sk:encryptK(M;sig) 4. Alice encrypts the session key using Bob's public key to obtain K′. 5. Alice sends Bob the pair (K′;c). 6. On receiving (K′;c) from Alice, Bob decrypts K′ using his own private key to obtain K. K =pk:decryptBpriv(K′) 7. Bob decrypts the ciphertext c using the session key K to obtain M and sig. (M;sig) = sk:decryptK(c) 8. Bob decompresses M to obtain the original message m. m=UNZIP(M) 9. Bob now has the message m. In order to authenticate it he uses Alice's public key Apub to decrypt the signature and hashes the message m. If the two results match then the message is authenticated. h(m) ?= pk:decryptApub(sig)

How radix 64 system work

1. The binary input is split into blocks of 24 bits (3 bytes). 2. Each 24-bit block is then split into four smaller blocks each of 6-bits. 3. Each 6-bit block will then have a (decimal) value between 0 and 26 −1 = 63. This value is encoded into a printable character using Table 11.1.

what are towfish?

128 block length with key length of 256 bits 16 fesistel round similar to DES sbox are key dependent unlike the des

what are the second step in hash computation

2. Initialise the eight working variables a, b, c, d, e, f, g and h with the (i − 1)st hash value: a = H (i−1) 0 , b = H (i−1) 1 , . . . , h = H (i−1)

example of modularity

25 mod 7 = 4 18 mod 12 = 6 573 mod 2 = 1

What are the commercial message alphabet length

2^128 bit is the avarage message alphabet length

How much bits can be generate by simple method

2^n - 1 bits can be generated

how many many three keys

3 keys

how we can improve DES ?

3DES triple DES increase the keysize

what operation added to ensure that no interception in the message from alice to bob?

6. B −→ A : eKAB(NB) 7. A −→ B : eKAB(NB − 1)

Under DAC, there are really only two major categories of users, administrators and non-administrators. In order for services and programs to run with any level of elevated privilege, the choices are few and course grained, and typically resolve to just giving full administrator access. Solutions such as access control lists can provide some additional security for allowing non-administrators expanded privileges but for the most part a root account has complete discretion over the file system

A MAC or non-discretionary access control framework allows you to define permissions for how all processes (called subjects) interact with other parts of the system such as files, devices, sockets, ports, and other processes (called objects). This is done through an administratively-defined security policy over all processes and objects. These processes and objects are controlled through the kernel and security decisions are made on all available information rather than just user identity.

In cryptography, the one-way problems used are mathematical functions. A good example of a mathematical one way function is multiplying/factorising. A one-way function is a function f : X → Y which satisfies the following two properties: Given x in X it is easy to compute y = f(x) in Y . Given y in Y it is very difficult to find an x in X such that f(x) = y.

A good example of a mathematical one-way function is multiplying/factorising. It is very easy (especially given a computer or calculator) to multiply together two integers, even if those integers are very large. However, given the resulting number, it is very hard (even with access to a computer) to find the two numbers that were originally multiplied together. In this example, both X and Y are the set of positive integers.

what are SHA 512

ALGORITHM used message schedule of 80(64 bits)words w0 to w79 eight working variables (64 bits) a,b,c,d,e,f,g,h hash value 8 (64 bits) words H0,h7 result is message digest of 512 bits

What are steps to rsa decryption

Bob take the value of c and and decrypt it using the private key d which by the following M=c^d mod n

What are type of users under DAC

Administrators and non administrators

what are the main idea of needham shroder key exchange?

Alice and server have a shared key KAS BOB and server have shared key KBS alice and bob want to establish a shared key KAB

Steps to PGP confidentiality

Alice generate a random session key for a symmetric cryptosystem Alice encrypt k using Bob public key K′ =pk:encryptBpub(K) Alice encrypt the message using the session k to obtain c = sk:encryptK(m) Alice send the values of k- and c to Bob Bob decrypt the k by its own private key Obtain k Then decrypt the message using the session key m=sk:decryptK(c)

How steps to combine authentication and confidentiality

Alice generate a signature for his message as authentication protocol Alice generates a signature for her message as in the authentication protocol: sig = pk:encryptApriv(h(m)) 2. Alice generates a random session key K and encrypts the message m and the signature sig using a symmetric cryptosystem to obtain ciphertext c. c =sk:encryptK(m;sig) 3. Alice encrypts the session key using Bob's public key. K′ =pk:encryptBpub(K) 4. Alice sends Bob the values of K′ and c.

What are rsa encryption steps

Alice look at Bob public key in the directory which are e, n It convert the message into numbers of different length Alice Comoute the ciphertext by C=m^e mod n

Steps of PGP authentication

Alice send a message m to Bob Alice hash the message to obtain h(m) Alice encrypt the hashed message using her private key to obtain the signature Alice send to Bob m and signature When Bob receive the message he decrypt the message using public key of alice Bob compute the hash of message as same hash of alice used and obtain the message If h m is equal to message so the message are authenticated and Bob have verify that message are from bob

Access control is often not as hierarchical or clear cut as in the example above and so a protection ring may not be a suitable model. Instead we might write an access control list which gives details of a subject's particular access writes to an object, or an access control matrix which combines details of different subjects and objects and defines the rights of the subjects over the objects. We can also illustrate these access control policies by drawing an access control graph.

Alice: prog1{execute}; database1{write, read}; database2{read} Bob: prog1{write, read, execute}; database1{read}

Example of access control lists

Alice: prog1{execute}; database1{write, read}; database2{read} Bob: prog1{write, read, execute}; database1{read}

decryption in rijndael

All of the operations are easily reversible. The decryption algorithm makes use of the expanded key in the reverse order to recover the plaintext

What are the main modes in access control

Alter read and write delete Append Observe read only and execute

Describe the anarchy model

Anarchy key distribution model. Is the model on which trusted keys is used

The base of using large block size

As block size increase thus lead to more difficult to decrypt the ciphertext without using a key

Password spoofing A spoofing attack is when the user is fooled into giving the hacker their password. Spoofing attacks may be very simple or very sophisticated

Asking the user This may sound unlikely, but it is a fact that a lot of people will tell you a password if you can convince them that you need to know it.1 For example, the hacker may phone the user, and tell them that he is from their office computer staff and that there is a problem with the files. All backed-up information is going to be lost so he needs the user password in order to recover the data. Sometimes an approach as simple as this will work and the user is fooled into giving the hacker their password. This attack will fail if the user has been educated in computer security and refuses to reveal their password.

Why PGP allow user to have more than one or more public key or private key

Because it is not a cryptosystem but it is a combination of best practices of the cryptography Also public key rings are used PGP to construct public key hierarchies

Why Ceaser cipher may be easy to intercept

Because only 25 keys are avaliable and then it easy to cryptanalyst to known that plaintext by try every key until. Find the menangiful meaning

How block cipher and stream cipher encrypt data

Block cipher encrypt data block by block and stream cipher encrypt data in a key stream continously stream cipher

Symmetric key cryptosystem can be

Block cipher or stream cipher

How to improve performance of linear feed back shift register

By using combining data with each other using the output and combing function to produce the output

How we can increase security

By using single normal alphabet we have 27 letter block when make the block 2 it will have 27^2 of alphabets And so on

What are types of substitution cipher

Ceaser cipher Random substitution cipher

equation used in cbc

Ci = Encrypt(K, Pi ⊕ Ci−1)

What are relation between key stream and plain text and ciphertext are

Ci = Pi ⊕K Pi = Ci ⊕K Ki =Ci ⊕Pi

What are different types to attack cryptosystem

Cipher text only Known message Probable known message Chosen ciphertext Chosen message Chosen ciphertext and message

Accountability Accountability means that the system is able to provide audit trails of all transactions. The system managers are accountable to scrutiny from outside the system and must be able to provide details of all transactions that have occurred. Audit trails must be selectively kept (and protected to maintain their integrity) so that actions affecting security can be traced back to the responsible party

Communication is interrupted if the attacker does not allow the information to reach the destination

List the feature of security system

Confidenality Non reoudation Integrity Avaliablity Acess control Accounatbility Authentication

Information can be stolen - but you still have it. If a physical item such as a car is stolen then the thief has possession of the car and you no longer have it. If a thief steals a file from your computer, he will probably make a copy of the file for himself and leave the original on your computer. Hence you still have the file but it has also been stolen.

Confidential information may be copied and sold - but the theft might not be detected. If your car has been stolen it is not hard to detect the fact - the car is missing! However as mentioned above, a thief who steals computer files may leave the files on your computer and only copy them for himself. Nothing appears to have changed on your computer so you may not be aware that anything untoward has happened

The criminal may be on the other side of the world. If a thief steals your car you at least know where he was when he stole the car. However, it is possible to hack into computer systems remotely from anywhere in the world. This makes it very hard to know who is responsible for catching a computer criminal. Is it the police in the country where the computer is, or the police in the country where the criminal is?

Computer security deals with the prevention and detection of unauthorised actions by users of a computer system.

List five types of security model.

He bell LA padula Chinese wall Clark Wilson Harisson Biba model

Which attack are common against availability

Denial of service attack are the most one against it availability of information

Eat are the symmetric system used today

Des AES rijandael Rc6 Blowfish Idea

What are other properties should block cipher and what they mean and why they are needed

Diffusion Confusion Completeness

What are types of ownership policy

Discretionary or mandatory

These permissions are from the set {read, write, execute}. Three different sets of access rights are defined for the file: one is for the file's owner (usually the user who created the file), one is for the file's group (usually the principal group of the file's owner but sometimes the directory group if this has been set using Set GroupID3 ), and the last is for all other users (i.e., those users who are neither the owner nor in the file's group).

Each file in Unix is really a pair consisting of the filename and the i-node number of the file. The i-node number contains a lot of information about the file including: where the file is stored the length of the file the last time the file was read the last time the file was written the last time the i-node was read the last time the i-node was written the owner - generally the UID of the user who created the file a group - the GID of the group that the file belongs to 12 mode bits which encode a set of access rights

What are substitution cipher re

Each letter in the plain text are substituted for another letter to make the ciphertext

The model should have some flexibility

Enable some subject to break the rule. Of both no read up or no write down by temporiately upgrading the security level trust subjects

What are the main idea in protection ring model

Every subject and object have a security level

The rule that are used in protection ring model

Every subject can access any object with the same level or less than it's level

Password guessing Suppose that a hacker wants to access a system which is protected by a user-name/password identification system. We will assume that the hacker knows the user-name of an authorised user since this information is not generally secret. Therefore if the hacker can guess the user's password he will gain access to the system

Guessing using personal knowledge of the user Many people use passwords which relate to them personally. For example, they may use the name of their spouse or child or pet. They may use their football team or street name or birth date. If the hacker can find out personal information about the user, then they may be able to guess a personal password without too much difficulty. This attack will fail if the user is careful not to use a password which is personally related to them in any way.

What if the ownership policy are mandatory

If the ownership is mandatory so the Acess permission are determine by the company security policy under regulations

If the ownership policy is discretionary the owner of the resource decides who has access permission. For example, I could write a web page and post it openly on the Internet so that everyone has access. Alternatively, I could post the web page with a password access control system and then decide to whom I give the password.

If the ownership policy is mandatory then the security system manager allocates permissions according to the security policy of the organisation.

Temporarily downgrade a subject's level from fs to fc where fc < fs. Identify a set of subjects which are allowed to violate the no-write down policy. These are called trusted subjects.

If the three rules are satisfied then the state of the model is called secure. Furthermore the basic security theorem states that if you start with a secure state and all transitions are secure then every subsequent state will also be secure.

Should the security system be simple or sophisticated? As discussed above, there are disadvantages to having a security system, not least in terms of time and cost. The more sophisticated a system the costlier it is likely to be. On the other hand, a system which is too simple may not provide the necessary level of security

In a distributed system should the security be centralised or spread? Should a security manager have ultimate control, for example over access control issues (this will make it easier to achieve a consistent and rigorous approach, but may cause time delays if the security manager has to be applied to for every change of access rights)? Alternatively, should individual users be allowed to choose who has access to their files? See section 3.3.3 for a description of how SELinux implements mandatory access control.

prog1 database1 database2 Alice {e} {w,r} {r} Bob {w,r,e} {r} { } Table 3.1: Access control matrix

In a large organisation, it is likely that several subjects will all have the same access control permissions. These subjects can be grouped together and the group access permissions listed.

When can we use the one time pad method

In critical situations

What are aim of PGP aurhentication

In e mail if Alice send e mail to Bob then Bob should ensure that e mail are from Lice and not third party

Risk analysis When designing or implementing a computer security system it is very important to bear in mind the level of risk involved and the value of the information that is to be protected. As an illustration, consider that you may be willing to leave £50 in a changing room locker, but you would not be likely to leave £5,000 unattended. You would assess the risk involved before deciding whether to leave the money or not. On the other hand, it would be foolish to pay someone, say £20, to look after your £50, but this might be a good investment in the case of the £5,000 (assuming that you totally trust the person charged with keeping your money safe of course!).

In terms of computer security, the disadvantages of security systems are that they are time consuming, costly, often clumsy, and impede management and the smooth running of the system. Risk analysis is the study of the cost of a particular system (in terms of effort and time as well as cost) against the benefits of the system (the level of security offered).

In order to prevent and detect unauthorised actions by its users a good security system should provide (some of) the following features: confidentiality integrity availability non-repudiation authentication access controls accountability

In this context, the term unauthorised implies not only malicious or criminal, but could also be accidental. For example, a breach of confidentiality arises maliciously if a spy deliberately hacks into a computer and looks at confidential material stored there. It happens accidentally if the material is left out on a desk and is seen by the office cleaner.

Protection ring model If access control is strictly hierarchical, this can be illustrated by a simple protection ring model.

In this model, every subject and object is given a security level. Subjects can access all objects at their own level or lower. A security level may involve operations as well. For example, read and write permission may be at a higher level than read only

What we mean by term of collision in hashing function

In which hashing function have the hashing many to one function i . Which many value can hashing to the same value

Information security different from the traditional security discuss these statement

Information are stolen but still present Confidential information can be copied and sold The criminal may be on the other side of the world

What type. Of stream generated in one time pad

It is random stream which are binary

Confidentiality Confidentiality is the prevention of unauthorised disclosure of information. In other words, confidentiality means keeping information private or safe. Confidentiality may be important for military, business or personal reasons. Confidentiality may also be known as privacy or secrecy

Integrity Integrity is the prevention of unauthorised writing or modification of information. Integrity in a computer system means that there is an external consistency in the system - everything is as it is expected to be. Data integrity means that the data stored on the computer is the same as what is intended.

Dictionary searching Another favourite method of generating easy to remember passwords is for the user to choose a word, usually in their own language. If the hacker cannot directly guess the user's password then he may set up a dictionary attack. This means that he will run a computer programme which tries every word in a dictionary as the password of the user until he finds a match. This attack will fail if the user does not use a word which appears in a dictionary as their password.

Intelligent searching Some user-name/password systems insist that the user's password contains a mix of letters and numbers. The most common thing for a user (who has not been educated in password security) to do is add a number onto the end of a word. For example, using a password such as banana1. An intelligent dictionary search might try all words with numbers added. Thus if the hacker knows that a particular password system insists that passwords are a minimum of six characters long and must contain at least one number, then the hacker may try all five letter words with each of the digits 0,..,9 attached. Thus apple0, apple1, apple2,....,apple9, apply0, apply1,... and so on would form part of this search.

What are types of attacks

Intercepted Interrepted Modification fabrication

What are the component of PGP authentication protocol

It is a digital signature with hashing

What does unauthorized action refer to

It is not refer to only a malicious but also can be accidental

What are jet in Ceaser cipher

It is number called k and it is between 1 and 25

iv not resused

K0 = IV Ki = Encrypt(K, Ki−1) Ci = Pi ⊕ Ki

What are PGP key issues

Key generation Key identifiers

What are the problem with one time pad method

Key stream are random it is good But it can not be generate simultaneously

What are idea of Ceaser cipher

Letter of alphabet are moved by certain number to another letter to form ciphertext

What are kind of method that can generate the keystream

Linear feedback shift register

what are the example of communication modification

Man in the middle attack

Why need email. Compatability

Many electronic mail systems can only transmit blocks of ASCII text

Accountability meaning in security

Mean that should known the accountable party for security in transaction and determine which party responsible on it

give an example of prototcol which make key exchange using trusted third party?

Needham-Schroeder protocol

Password shadowing means that the encrypted password field of /etc/password is replaced with a special token and the encrypted password is stored in a separate file (or files) which is not readable by normal system users

Networked systems may also use NIS (Network Information System) which allows many machines on a network to share configuration information, including password data. On a machine with NIS there will be a very short /etc/password entry and the real password file is elsewhere. Note that NIS is not designed to promote system security.

Does access control always hierarchial

No it not often hierarchial

After encryption what happen to the message if it obtain by interceptro

No thing interceptor not known the meaning of ciphertext and so the original message winot known

Availability Availability is the prevention of unauthorised with-holding of information. Information should be accessible and usable upon appropriate demand by an authorised user. Denial of service attacks are a common form of attack against computer systems whereby authorised users are denied access to the computer system. Such an attack may be orchestrated by the attacker flooding the system with requests until it cannot keep up and crashes. Authorised users are unable to access the system. Consider the damage that such an attack may cause to an electronic commerce site such as an internet shop

Non-repudiation Non-repudiation is the prevention of either the sender or the receiver denying a transmitted message. Non-repudiation is often implemented by using digital signatures

In general, if a password is n characters long and is made up from an alphabet of A different characters, then there are An possible different passwords.

Note that the average time for a hacker to find a particular kind of password is only half the time taken to do a complete search (i.e. if a user has chosen a dictionary word as their password, then the hacker will, on average, only have to search through half of the dictionary in order to find the password). Likewise, on average, a hacker using an exhaustive search will only have to search through half of the possible passwords before finding a match.

Unix access control Subjects in Unix are users. Each user belongs to at least one group, their principal group. They may also belong to other groups. If a user belongs to more than one group then they will have a designated principal group. For example, a user may belong to the groups Staff and Project1 where Staff is their principal group.

Objects in Unix are files. Unix thinks of all resources as files. Each file belongs to a user and a group, and has a set of permissions associated with it.

examples of objects in access control

Objects such as data files. Or any other shared resources

One-time passwords Given enough time and attempts, a static password (i.e. a password which remains the same) may be accessed by an unauthorised attacker. To counter this, some systems are now making use of one-time passwords or OTP. By constantly changing the password, the risk of the password being discovered is greatly reduced. Furthermore, an attacker who does find a password, will only be able to use it to gain access to the system once. The next time the attacker tries to use the password it will be rejected.

One-time passwords typically work in one of three ways. A mathematical algorithm is used to generate a new password based on the previous password. A time synchronisation protocol is used between the authentication server and the client providing the password. A mathematical algorithm is used to create each new password based on a challenge such as a random number chosen by the authentication server and a counter.

cryptographic protection A password file can be encrypted by using a one-way function. After encryption, the password file is just a list of garbled characters. Even if a hacker manages to view the file, it will not help him to gain access to the system.

One-way functions A problem is said to be one-way if it is easy to do one way but hard to do in reverse. A non-mathematical example is making a cup of instant coffee. It is easy to put coffee granules, boiling water and milk into a mug and stir them together to make a cup of coffee. However, given a cup of coffee, it is difficult to reverse the operation and retrieve the separate components of milk, coffee granules and water.

What are the type. Of one. Pad time

One. Pad time. Is a kind of stream cipher

For example, suppose that Alice, Bob and Charles are subjects and a database is an object. We could either say that Alice has write and read access, Bob has read only access and Charles does not have any access to the database

Operations and modes Operations that the system may offer include: read write (which may or may not automatically include read access) append execute delete

Modes that the system may offer include: observe (look at the contents) alter (change the contents)

Operations are defined by the security model. Modes are basic notions of what can be done to an object. The relationship between operations and access modes can be summarised as follows:

What are padding

Padding is complete the plaintext block before encryption to complete the block size according to the normal division of it

To avoid pre-compiled rainbow tables being used on a security system, the function used to encrypt the passwords should be somehow unique to the system. Pre-compiled tables will therefore not be available. If a user loses or forgets their password it will be irretrievable. An alternative secure method for resetting the lost password to a new value will have to be devised.

Password salting Password salting is a process used to ensure that all passwords in a system are unique. Most systems insist that all user-names are unique. If a new user tries to create an account with a user-name that is already in use, they will be informed that the user-name is already used and that they should choose another. However, the system cannot inform a new user that the password they have chosen is already in use - that would be a gift for a hacker! Instead, the system adds some salt which is another piece of information such as the user-name to all the passwords before encryption. This ensures that every password is unique.

Other name for one pad time

Perfect secrecy

each message process to general rule ?

Prepare the message schedule (W0, W1, . . . , W79) by expanding the 1024-bit message block M(i) into 80 64-bit words using the following algorithm. Wt = Mi t 0 ≤ t ≤ 15 σ 512 1 (Wt−2) + Wt−7 + σ 512 0 (Wt−15) + Wt−16 16 ≤ t ≤ 79

What are the main cornerstone of security

Prevention Detection Reaction

What are the main goal. Of security

Prevention of attacks from cryptanalyst

What is availability

Prevention of unauthorized with holding. Of information

What are encryption are

Process of ransformation of plaintext which are readable to ciphertext which are not readable text

HOW THE Decryption of fesistel are processed

Ri=LI+1 LI=Ri+1 xored (ki,Ri)

3. An access control matrix M is defined and subject s can only perform operation a on object o if (s, o, a) is (ticked) in the access control matrix. This is called a secure transition.

Rules 1 and 2 mean that subjects could in theory write a document which they cannot read. Also a subject at a high security level cannot send messages to a subject at a lower level. Obviously this is not very practical so the model allows the ability to: Temporarily downgrade a subject's level from fs to fc where fc < fs. Identify a set of subjects which are allowed to violate the no-write down policy. These are called trusted subjects.

How do you secure the levels below the level of the security system? An attacker may manage to gain access to the operating system and from there make alterations to access control limitations giving themselves access to other parts of the system. The logical access controls of the system may be by-passed by gaining direct access to the physical memory. It is therefore important to ensure that physical security measures are in place as well as the logical computer security mechanisms.

Security models Computer security protects the computer system and the data it processes. Success depends on the implementation of security controls designed for the system. A security model is a means of formally expressing the rules of the security policy. The model should: be easy to comprehend be without ambiguity be possible to implement reflect the policies of the organisation

What re condition required in any stream key

Should be unpredictable stream

What re the rule which related to access matrix

Subject can only perform operation a on object I if s, o, a are in the access matrix

What are non read up policy are

Subject can read the object only if the subject have a security level. More than the object

What are subjects in Acess contril

Subject is what the person do or who do the action. On the object

Example of access in protection ring model

Subject with level 4 can access any object with level of 4 or less than

How to get around the non read up policy

Subject with low securitylevel persuade the subject of high security model to copy the content and take it a copy with new document with low security model

The system offers this access of subjects such as users, processes and other applications.

Subjects and objects represent respectively the active and passive parties in a request for access. In defining access controls, we can either specify: what a subject is allowed to do; or what may be done with an object.

What are the main component of the access control security

Subjects, objects, modes, permissions, operations

What are PGP compression are

The PGP compress the message using zip and decompress using unzip

Encryption is the process of transforming a plaintext message (a message that can be read) into an unreadable encrypted form called a ciphertext message.1 The intention of encryption, is that if the encrypted message is intercepted, then the interceptor will not be able to interpret the ciphertext.

The aim of anyone encrypting a message is to ensure that no-one viewing the resulting ciphertext will be able to decrypt or make any sense of the ciphertext,

What are the basic idea of Le padullaa model

The basic idea is that information can not flow from high security to low security level

What is block cipher idea

The data are divided

what are block size and key size in DES?

block size are 64 key size are 56

ttacking an encrypted password file If a hacker manages to access a password file which has been encrypted using a one-way function, all he will see is the encrypted passwords, indexed by user-names. These encrypted passwords will not enable the hacker to access the system, and the actual passwords are not stored anywhere.

The function used to encrypt the passwords is not usually a secret, so the hacker may try to find an actual password by running a computer program that encrypts a dictionary list or an exhaustive list of passwords and then check to see if the result matches any of the stored encrypted passwords. If a match is found then the hacker has a password and can now gain access to the system

How stream cipher work

The plain text are encrypted bit by bit by adding a keystream

What are the main component of one time pad method

The plain text in binary format Stream of keys which generate by Alice and send it to Bob Xor the plain text with the stream key and the result will be ciphertex To decrypt with Bob Bob xoring the ciphertext with stream key to obtain the original. Message

what are new in AES?

block size of 128 key size of 192,128,256

the final step in hash 512

The values of H (N) 0 , H (N) 1 , . . . , H(N) 7 are concatenated to produce the 512-bit message digest

what third step in hash computation

The values of a, b, c, d, e, f, g and h are operated on using the six logical functions and with input of the eighty W values and temporary variables T1 and T2

Permissions for files may include: read write execute append delete change permission change ownership.

There are different ways of expressing access control permissions including lists, matrices and graphs.

The password file, where the system stores the data for verifying passwords, is very sensitive to attack. In an insecure system, the password file will be a list of passwords indexed by user-name. A hacker with access to this file has potential knowledge of every password. It is therefore essential that the password file is protected.

There are essentially two ways in which the password file can be protected: using cryptographic protection implementing access control over the password file. Ideally, the password file should be both encrypted and protected from unauthorised access by the implementation of access controls.

A basic identification system consists of a database of passwords indexed by user-names. This is called the password file. When a user logs into the system, the computer checks that the user-name and password input match an entry in the password file. If a match is found, the process is complete and the user is allowed access to the system. If not, access is denied although the user may be given another chance to enter their user-name and password.

There are various ways in which a user-name/password identification system can be abused. The simplest attacks include the hacker looking over the user's shoulder when they are typing in their password, or finding a written note that the user has 12 Threats made of their password. I

Exhaustive searching If the user has been clever enough to use a random, meaningless string of characters as their password, then the hacker may have to resort to trying an exhaustive search attack. An exhaustive search is similar to a dictionary search, but in the exhaustive case, the computer programme used by the hacker will try every possible combination of permissible characters as the password in order to find a match. Thus if searching for a six character password, the hacker might try aaaaaa, aaaaab, aaaaac, ....., aaaaaz, aaaaa0,...., aaaaa9, aaaaa*, etc. and move systematically through all possible permutations.

This attack will always succeed eventually. Since every possible password is tried in turn sooner or later a match will be found. However, there are ways of making an exhaustive search so time consuming for the hacker that it is not successful during the life of the password (i.e. before the exhaustive search is successful the password has been changed). Some password systems insist that the users change their passwords every three months, for example.

Fake log-in screens A more sophisticated spoofing attack is when the hacker sets up a fake log-in screen which exactly resembles the genuine log-in screen for the system. The user is presented with this log-in screen and unsuspectingly enters their user-name and password. The hacker captures this information and then typically gives the user an error message saying that they have incorrectly typed in their password. The genuine log-in screen is then displayed. The user cannot be sure that they did not make a typing mistake, so they type in their user-name and password again and gain access to the system. The user may have no idea that they have been the victim of a spoofing attack

This attack will fail if the user notices that there is something wrong with the log-in screen and so does not enter their user-name and password. Some log-in interfaces contain patterns or pictures which are impossible to replicate accurately. The attack can be detected (although not prevented) if the user is informed, at every log-in, of the time of the last failed log-in attempt. After a spoof attack, the user thinks that they had a failed log-in. If when the user successfully logs in, the system does not inform them of this failed log-in then the user is alerted to the fact that they may have been the victim of a spoof attack.

Every subject which have the same operation permission will grouped

This lead to decrease the database size and easy to control.

What are idea of random substitution cipher

This time we replace the letter with random letter

How many steps RSA required

Three step Key generation Encryption Decryption

WHT are aim. Of confidentiality

To make information private and safe

What are type of ownership inSlinux

Type are mandatory

A real life example of access control is SELinux (Security-enhanced Linux). SELinux is an implementation of a mandatory access control mechanism. This mechanism is in the Linux kernel and checks for allowed operations after standard Linux discretionary access controls are checked.

Under DAC, ownership of a file object provides potentially crippling or risky control over the object. A user can expose a file or directory to a security or confidentiality breach with a misconfigured chmod command and an unexpected propagation of access rights. A process started by that user, such as a CGI script, can do anything it wants to the files owned by the user

However, it is possible, without breaking any of the rules, to: downgrade all subjects to the lowest level downgrade all objects to the lowest level give all subjects permission to perform any operation on any object by completely filling in the access control matrix.

Unix - access control in practice Finally we will look at an actual control access model and see what happens in real life rather than in theory. We will be looking at how Unix deals with access control.

Which system. Is example to deal. With access control

Unix is deal with access control

what are the key exchange type in el ammal ?

diffie hellman key exchange

Unix users and superusers In Unix every user has an identifier, their user name, and each user belongs to one or more groups. Every Unix system has one user with special privileges. This superuser has user ID 0 and usually the user name root. The root account is used by the operating system for essential tasks like login, recording the audit log, or accessing I/O devices. Almost all security checks are turned off for the superuser. The root account is required to perform certain tasks such as installing certain software. The system manager who holds the root password should never use the root account as their personal account but should change to user root as and when necessary to perform a superuser task

Unix security measures Users are authenticated by user name and password. Passwords are encrypted using a one-way function which is based on the DES algorithm and run 25 times. The encrypted passwords were traditionally stored in the /etc/password file. However, most modern Unix systems use either password shadowing or NIS and much of the Unix password data is stored elsewhere.

How to overcome email compatability problem

Use radix 64 system conversion

PGP use what

Web of trust model. For key management so. It. Lead to have more than one or private public keys

Why linear feedback are widely used in keystream generator

Well use in implementation in hardware produce a sequence of a large period with no Repetition up to 2n _1

To send confidential email between two parties

What are PGP confidenatilty

Does the system focus on the data, operations or users of the system? For example, is it more important to have a data focused rule such as: Only data of type A can be inserted in data box A or a user focused rule such as: Only section managers are able to access the information in data box A?

What level should the security system operate from? The security system may consist of a software package that runs on top of the operating system, such as Norton Internet Security which runs on top of Windows. Alternatively, it may be part of the hardware and have physical control over the data such as where it is stored and how it is manipulated, for example Security Enhanced Linux (SELinux).

Entries in the password file have the following form: accountname : encryptedpassword : U ID : groupID : IDstring : homedirectory : loginshell and so may look something like this: RS : ru78Pjey : 92 : 4 : Shipsey,R : /usr/RS : /bin/sh

When changing their password, users must supply the old password first to guard against another person changing the password. The new password must be entered twice in order to confirm that it has been typed correctly. The actual characters of the password are never shown on the screen but appear as * or • characters instead. Passwords may be salted if required. Controls can be set so that weak passwords are rejected. Password expiry dates can also be set, together with enforced rules on the re-use of old passwords. Root login can be restricted to specially nominated terminals only.

When use the protection ring model

When the security system are strictly hierarchy

User-names and Passwords When a computer system has to verify a user's identity, there are two basic questions that have to be asked and answered appropriately

Who are you? The computer system has to establish somehow who is trying to gain access to its files. This is usually done by use of a user-name which, although probably unique to the user, is not a secret. The user-name is often simply produced using all or part of the user's actual name. For example, the user-name of John Smith might be JSmith or johnsmith. When John Smith correctly enters his user-name, the computer can establish, by looking in a database of authorised user-names, that John Smith is an authorised user of the system.

what does AES mean

advanced encryption standard

which operations are performed at the begin and end of the process

add round key

what are sequence of fesistel structure

block are divides into two parts the half left of the output at next round is the right haldf of the previous round li+1=R the new right half is the xored of the left half with f(RI,KI)

why should compute any length?

because hash function should able to process data of any length

why key chaining is not very efficient ?

because if cryptoanalyst known one key so he can known the key changing after that key

why should public keys authorised to be related to person

because if with mistake use anther public key or person it will lead to malicious action by that person which the message are understandable to him

why hash function are strong

because it is one way function which compute in one way and difficult to solve in reverse

why computational complexity?

because there are several algorithms to perform certain task so we need to judge the efficiency of ecah algorithm comparing to another one

which property hash function contain

diffusion property small change in message will produce a large change in the hash function value

computer security model should be?

can be comprehend be without ambiguity be possible to implement

Equations for rsa

cd = (me)d modp = m(ed) mod p = m(k(p−1)+1) mod p = mk(p−1) ×m1 mod p = (mp−1)k ×mmodp = 1k×mmodp = m

what are mode to resolve the problem of electronic codebook

cipher block chaining mode (cbc)

what are phishing ?

communication such as instant messages and email are pretained to that the same as fake login sites such as e pay and paypal which ask to give their names and passwords and other details

what does PGP provide?

confidentiality authentication compression segmentation

what are component of certificate??

consist of public key together with an identification of key holder

What are one-time passwords?

constantly changed password will lead to decrease the problem of making the password changed

what are DES ?

data encryption standard in which used to encrypte data

what are password file composition

database of passwords indexed by users name

numbers of passwords?

depend on the combination of the password that doing by the user

how A legitimacy value is given to the key

depend on who signed it

are there a question should be asked ?

does the systems focus on data , operations or users of system?

what hash function intital features ?

easy to compute easy to find collisions easy to fine pre image should be crypt graphically strong

what features of RSA

easy to implement and hard to break

what are strengths in rijnadeal

eay to implement and flexible , very efficient and require less memory can be implemeted in hardwre

what are method used to calcuate modular inverse

eculid algorithm

what are the key chaining?

encrypt the new key according to the previous key

what are idea of exhaustive searching ?

exhaustive searching are similar to the dictionary searching it try all possible permutations combination of numbers and letters in the dictionary

what are other method in spoofing?

fake log in screen

what happedned to the block at the final stage

it copied in the output matrix

There are many security models which can be used to describe how access control is to be managed. These include: the Bell-LaPadula Model the Harrison-Ruzzo-Ullman Model the Chinese Wall Model the Biba Model the Clark-Wilson Model.

he Bell-LaPadula model The Bell-LaPadula security model (BLP) is one of the most famous security models. It was developed by Bell and LaPadula and aims to provide a secure multi-user operating system. Access permissions are defined by an access control matrix and security levels. The basic idea is that information cannot flow from a high security level to a lower security level.

how to attack password file system encrypted?

if attacker can known the function in which used to store thepassword file

why it is not recommended to use electronic codebook mode

if blocks are repeated and block use the same key so it will produce the same hypertext which it is easy to cryptoanalyst

when we say that number is prime ?

if it has only two factor it self and number 1

when say that hash function are collision resistance ?

if it is impossible to find two value which give the same hash function

what are the main equation to fermats little theorem

if p is integer and a is integer between 1 and p-1 then the following should be right a^p-1 mod p =1

the general method of computing password?

if password n of n length and of alphabet A characters so the number of passwords possible are A^n

what are congruent number ?

if r mod s = m mod s then r and m are congruent

What are rainbow tables?

if secure hashing function used pre computed tables can be used to find the password easily

what are the number make the problem of factorisation impossible to solve?

it decimal number which are about 200 decimal value

why we need block cipher modes

if the plain text is greater than length of on block cipher so it should be in specific mode in order to encrypt the whole message

what happen if need to create a user name repeated?

if try to make this this will lead to error that it is it already present

what are mean of interrupted attack?

in which attacker does not allow information to reach destination

what benefits of using euclid algorithm

include only multiplications and division computational complexity of ob^2

Password Salting

insist that used names are also unique

how to use trusted third parties?

instead of alice generating its key it rely on third party to do this and to delivery to bob and herself

what are the benefit of modular arithmetic

instead of use the whole number we use only the modulus of this number by using mod

what is substitution bytes operation in rijndael?

is look up table in s box is used to perform a byte to byte substitutions of the block

what does the computational complexity of calculating mod?

is ob^2 because taking mod isdivision and subtraction so tke 2 sp to reach the result

what are difference between DES and AES?

is possible to think of the data in Rijndael as being polynomials with co-efficients of either 0 or 1. This means that, unlike DES, it is possible to write a Rijndael encryption as an algebraic formula

what are the mean of exponentiation

is raising to the power important part in RSA and ELgamal

what mean to find collisions?

is that hard to find x1 and x2 as h(x1)=h(x2) in which these collision in feasible amount of time

what does rijndael formed of ?

it be 128 bit block size and 128,192,256 bits length

how to make identification more secure??

it become more secure as put password to it as it is easy to login with the user name only

how the digital signature work?

it calculated using the private key of the signer and decrypted using the public key of the signer

hat are the first value to be xored called

it called italicisation vector

what happen if the block size greater than normal

it compromise the speed

given y in Y

it is hard to find x where y=f(x)

what are the idea of electronic codebook mode

it is simplest method and include divide the plaintext into blocks and then encrypt each one individually Ci = Encrypt(K, Pi)

how use nonce generated key

it is solution to iv problem nonce is number used once and each message assigned a number with a counter this is nonce instead of using nonce as iv the nonce are encrypted by the block cipher in ECB mode to generate the IV nonce generated iv

what are the risk analysis ?

it is the study of the cost of implement a security system versus the benefit of that system

what are disadvantages of computer security?

it is time consuming costly money

what are new in output feedback mode

it is used block cipher as stream cipher

what should consider when implement computer security system?

it is very important to bear in mind the level of security needed and the value of information to be secure

WHAT HAPPEN TO MESSAGE with hash function

it iterative and message are processed and condensed to produce message digest

what are disdavtage of rainbow tables?

it may be used by malicious used to known the password

what are diffusion property

it mean that any small change in plain text will produce large change in the cipher text this prevent chosen message and chosen cipher text attack through differential analysis

what mean that attacker intercept communication?

it mean that attacker intercept the communication to receive information

what are completeness property and why it is needed?

it mean that every bit in cipher text should depend on every bit of the key this prevent divide and conquer attack

the computer security is computerised-social?

it need to persons conscious about computer security and how to set up passwords

does PGP is cryptosystem

it not cryptosystem but conatin the best avaliable cryptgraphic algorithms

what does digital signtaure provide?

it provide a mean of identification and authentication

what password resemble ?

it resemble your identity as passport which give you identification for travelling to another r country

how to use random iv

it s more secure than others in which use random number but have a problem in how to generate random number and how we can exchange that with the others

what we should do with password file?

it should be encrypted and implementing access control to prevent any unauthorised access to password file

what are the pseudo number generator ?

it take a seed and then begin to generate the key generation

how to use counter iv

it the same fixed but we use cunter iv=0 iv=1 and so on and this will lead to problem that it can be expected

what are computational complexity mean ?

it used to determine the efficiency of algorithm

how cbc are worked

it worked by xored the plain text with the previous block of the ciphertext

what are t in n key escreow

key are split into pieces any t of n (1<t<n) can be used to recover key

what are the key management issues?

key generation(how and by whom the key generated) key storage(how are the key stored) key distribution(how are the keys distributed to appropriate users) key replacement (how often the key often be replaced)

what are the modular inverse of a mod p

modular inverse of a mod p is b in which b<p-1 also a*b mod p=1 denoated by a^-1 modp

what are other method to transfer the keys?

more time consuming and costly use convert channels in place in a regular basis

whic protocol used trusted third party?

needham shroedor protocol

what are the computational complexity of modular multiplication?

o b^3

how we can encrypt password file?

one way function can be used to encrypt the password file

what are the heart of rsa ?

one way function in which depend on factorization

what happen if the attacker find the password?

only one time the password are used by the user if try to use it again it will be not use it and rejected

which operation only use the key?

only operation of add round key use the key

given two integers

p*q=n

what does pre processing involve ?

padding the message parsing the padded message into m bits setting initialisation values

what are the most method used in break password?

password guessing

what are the two stage of hash

pre processing hash computation

what are the mean of PGP?

pretty good privacy

what are password salting?

process that ensure that are password used are unique

what are asymmetric cryptosystem are?

public key cryptosystem

what are the practice pf web of trust

public key ring are used as web of trust model

how many keys in public key cryptosystems?

public key that known and present in dictionary private key which are specific to the user and it owner

what are the idea of cipherblock chaning mode

randomised the plain text using the previous cipher text

why complexity is important when study cryptography?

rsa and elgammal need modular calcuation so it is important to use an efficient method for calculation

what are the definition of S/MIME

secure multipurpose internet mail extension use public key certificate x.509

what does server send to alice in the step 2?

server send to alice the following all encrypted by the KAS 1- name of bob 2-a session key for alice and bob to be shared 3-the name of alice and a session key both encrypted using KBS

alwhat alice do if want to use PGP TO USE IN EMAIL?

she will have to build up the public key ring containing the public key of other users

what are other

should system be implemented simple or sophisticated

what are password spoofing?

spoofing attack when the user are fooled to give the attacker their password

what are the first operation used in encryption and decryption?

start with add round key operation which followed by nine round include four operations followed by tenth round of three operation

how to find inverse of b mod a

static long find inverse(long a , long b){ long store =a long temp long q int sign =1 long r=1 long s=0 while b(!=0){ q=a/b temp=r r=temp*q+r s=temp temp=b b=a-q*temp a=temp sign=-sign} long answer = (r − (sign ∗ s))%store; return answer } }

what are feature of public keys?

stored openly should be genuine related to person with declared person

what are mix columns ?

substitution algorithm in which that alter each byte in a column using a function which take all inouts in the column

what are the different operations are used

substitution bytes shift rows mix columns add round key

what are operation used

substitutions and permutations

examples on digital signature

suppose alice want to send to bob the digital signature dig=encryptbobpriv(message) bob send to alice the message and signature alice use bob public key to decrypt the signature and then check if the message after decrtption are the same message unencrypted so he message orginiate from bob

who is faster public key or symmetric key

symmetric key more faster than public key

Phishing Phishing is similar to the above. Communications such as emails or instant messages purporting to be from reliable sites such as eBay, PayPal or online banks direct users to a fake website which looks very like the genuine one. Here the user is asked to input their username, password and perhaps their bank details. Phishing is a growing problem and attempts to deal with it include legislation, user training, public awareness and technical security measures.

t is important that the users are informed of the following measures: The user should always set up a password and not leave the password option as blank. The user should change the default password. The user should change their password frequently. The user should not use the same password for all systems. When changing a password, the user should not just add a digit onto the end of the old password. The user should not choose a password that relates to them personally such as their date of birth or the name of their child. The user should not choose a dictionary word as their password. The user should not choose a password that is too short. The user should choose a password that contains a mix of letters and numbers. The user should not write their password down or reveal it to anyon

what does hash function work?

take data of arbitrary size and return a value in a fixed range , if you hash the same data at different time it will produce the same hash

example of hash function ?

take the full name of person and return two letters which represent the first name and last name , if we hash the same name in different date it will produce the same two character

what are confusion property and why needed

that mean if the key is nearly correct should not given any indication about this make exhaustive searching more harder

what are construction of 3 DES

that mean that key size are tripled and the 2^168 this will defeat the exhaustive search but the block size remain the same unchanged 64 bits block size

what mean that it hard to find pre images

that mean there hard to find x in which y = f(x) by exhaustive search in definite time

what are the advantage of public key over symmetric key

that private key are required to be stored

Cryptography

the art of protecting information by transforming it into an unreadable format, called cipher text

what are the average time for searching in ?

the average time for a hacker to find a particular kind of password is only half the time taken to do a complete search

what are the currently used block size

the currently are 256 and it related directly to alphabet size

how to avoid the pre compiled rainbow table

the function should be unique to the system

what are the base to security

the greater the block size the greater the security

what are the idea of fake log in screen

the hacker set up a fake log in screen which are resemble the genius log in system screen the users presented with this fake login and gve user name and password then give message that you put the password wrong then the original fake login displayed

who issue the certificate ?

trusted third party which called certification agency

what are the type of RSA?

type of RA arepublic key cryptosystem

An attacker may also make up a communication and send it to the destination pretending that it has come from the source. This is called fabrication.

types of attack

from where does block cipher use key?

use a key from key space with a particular size

what are the realtion of symmetric and a symmetric key ?

use asymmetric key method to exchange key and then use

png is cryptographcally strong?

when cryptoanalyst can not

what happen when the user login the system ?

when the person log into the system then it show if the system are gin the system and match the password in the password file with that used name if matched the the user name will be login

what are the two question asked ?

who are you? how to known that you what you say ?

what intelligent attacker do before do exhaustive searching?

will carry dictionary attack and modified dictionary attack before attempting exhaustive searching

which commerical cmapy use SHA

windows use hash function to hash the [assword of users

given x in X it easy to find

y=f(x)

does keysize is important?

yes if key size is small so the key space will also small and this may lead to easy exhaustive searching

is there way to break and hack the password system ?

yes there are many ways

example of getting password by asking the user?

you may receive a call from the attacker that tell you that system company will be fail so we need your password to retrieve information and save that


Ensembles d'études connexes

Psychology Chapter 9: Lifespan Quiz

View Set