Security & Encryption
Steps in AES:
1) Add round key (XOR plaintext block and round key) 2)Nine Rounds (Byte Substitution, shift row, mix column, add round key) 3) Last round (Byte Substitution, shift row, add round key) Results in 128 bit Ciphertext
Steps in DES Encryption (4) :
1. An initial permutation. 2. 16 rounds of substitution and transposition. 3. 48-bit sub-key added to each round, each sub-key is derived from the 56-bit DES key. 4. A final permutation.
Steps in One-Time Pad encryption (4) :
1. Choose a random bit string as the key. 2. Convert plaintext into bits (e.g. ASCII). 3. Ciphertext is bit-by-bit XOR of the two. 4. Decryption: XOR with same key
5 Steps in establishing a circuit with Tor:
1. Client get a list of relays from a directory server 2. For each connection, the client select 3 or more relays at random. 3. An encrypted connection to the first relay is established. 4. Subsequent connection are established by piping them through the previous relays. 5. The final relay performs a TCP handshake with the destination server.
What are the three User Authentication Approaches?
1. Knowledge-based (e.g. password) 2. Token-based (e.g. passport) 3. Biometric (e.g. fingerprint)
How does an P-Box work?
A P-Box simply permute the order of bits within a block, aiming to cause diffusion.
What is A Trojan Horse?
A Trojan horse is a program that has two purposes: one obvious and benign, the other hidden and malicious
What is a Message Digest function?
A collision resistant one-way hash function which takes a single input (a message) and produces a message digest (aka hash) allowing for the validity of the message to be checked
What is a MAC (Message Authentication Code) function?
A key dependant message digest function which takes two inputs (message & secret key) and produces a MAC which proves the integrity of the message.
What is a P-Box?
A permutation box is a method of bit shuffling used to permute or transpose bits
What s a Root-Kit?
A root kit is collections of Trojan Horse programs that replace widely used system utility programs.
What is the 'Weakest Link Property'?
A security system is only as strong as its weakest link
What is a Worm?
A stand-alone program that can replicate itself and spread
What is a S-Box?
A substitution-box is a basic component of symmetric key algorithms that simply perform a substitution of bits.
Example of the weakest link property:
A system may be only as secure as its root password, because root access would allow other security measures to be bypassed
What are Viruses?
A virus is a fragment of code created to spread copies of itself to other programs
What is AES?
Advanced Encryption Standard A symmetric block cipher designed to improve upon DES through wider support options (Larger key and block values)
What is a Public Key Certificate?
Allow key exchange without real-time access to public key authority. Binds an identity to a public key. Signed by a trusted private key (Certificate Authority).
What is a SSL Handshake?
Allows server & client to: - Authenticate each other. - To negotiate encryption & MAC algorithms. - To negotiate cryptographic keys to be used.
How does an S-Box work?
An S-Box takes some number of input bits, m, and transforms them into some number of output bits, n, where n is not necessarily equal to m
What is a SSL 'Session'?
An SSL session is an association between a client and a server Sessions are stateful; the session state includes security algorithms and parameters A session may include multiple secure connections between the same client and server
What is Cross Site Request Forgery?
An attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
What is a Dictionary Attack?
An attacker can compile a dictionary of several thousand common words and compute the hash for each one. Look for matches between the dictionary and the password table.
What is Cross Site Scripting?
An attacker injects client-side scripts into web pages viewed by other users
What are Injection Attacks?
An attacker provides bad input and the web server does not check the input format. This enables the attacker to execute arbitrary code on the server
What is a 'Man-in-the-Middle' attack?
An attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other
What is the Access Control Matrix?
Basis of protection within many operating systems. Resources to be protected are called objects and every object is within one or more protection domain. Authorization to perform an operation on an object in a domain is called an access right
What sort of attack can be used against message digest functions?
Birthday attack - Generate random messages and compute digests for them until two are found that produce the same digest. Complexity: 2^n/2
What is Bitcoin?
Bitcoin is a decentralized digital currency. Bitcoin uses peer-to-peer technology to operate with no central authority: transaction management is carried out collectively.
Example of Block Cipher:
CBC Mode - Where each ciphertext block depends on all plaintext blocks processed so far Also S-Boxes & P-Boxes
Three types of attacks that Tor is vulnerable to:
Colluding Relays - What if several relays co-operate? Sybil Attacks - Many nodes collude, user creates circuit within these to de-anonymize users. Exit node vulnerability - Exit node has access to unencrypted traffic, meaning it could be used to tamper with data.
What does a Reference Monitor do?
Control access to system objects
What is DES?
Data Encryption Standard A Symmetric block cipher with 64-bit blocks and a 56-bit key
How does Asymmetric Key Encryption work?
Definition: Using different keys for encryption and decryption The sender writes a message and encrypts it with a public key.. The message is sent to the receiver, who is able to decrypt it using a separate secret key, which should only be known by the receiver.
How does Symmetric Key Encryption work?
Definition: Using the same key to encrypt & decrypt a message The sender writes a plaintext message and encrypts it using a secret key. The encrypted message is sent to the receiver, who is able to decrypt the message using the same secret key.
What is DDoS?
Distributed denial-of-service Perpetrator attacks using more than one unique IP address, often thousands of them.
What is a Block Cipher?
Encrypts an entire block of plaintext bits at a time with the same key. Meaning the encryption of any plaintext bit in a given block depends on every other plaintext bit in the same block.
What is a Stream Cipher?
Encrypts bits individually, by adding a bit from a key stream to a plaintext bit
Steps in Diffie Hellman Key Exchange:
Given a prime number 'P' and a primitive root 'R' (e.g. P = 7, R = 3) 1) Alice chooses a secret integer 'a' and Bob chooses a secret integer 'b' (e.g. a = 2, b = 4) 2) Alice computes: A = R^a modulo P and sends it to Bob (e.g. A = 3^2 modulo 7 = 2) 3) Bob Computes: B = R^b modulo P and sends it to Alice (e.g. B = 3^4 modulo 7 = 4) 4) Alice computes S = B^a modulo P (e.g. 4^2 modulo 7 = 2) 5) Bob computes S = A^b modulo P (e.g. 4^6 modulo 7 Now Alice and Bob share a secret integer.
Example of a Hash Collision:
H("Jumpsuit") = 25 H("TCB") = 25
What is HTTPS?
Hypertext Transfer Protocol Secure (HTTPS) is an application-specific implementation that is a combination of the Hypertext Transfer Protocol (HTTP) with the SSL/TLS. HTTPS is used to provide encrypted communication with and secure identification of a Web server.
What is a 'Birthday Attack'?
If we have n bit keys, then there are 2^n possible values, but under the birthday paradox, we can expect a collision after 2^n/2
How does SSL provide message integrity and confidentiality?
Integrity: using a MAC with a shared secret key. Confidentiality: establishing a shared session key, which encrypts data sent with symmetric encryption.
What feature does most encryption algorithms have to prevent brute-force attacks?
Large key sizes
What is the disadvantage of Asymmetric Key Encryption?
Less computationally efficient and in such is often too expensive to be used all the time
Problem with Digital Signatures:
No proof that a person generated the message themself, only that their computer did.
Example of Stream Cipher?
One-time pad - A random bit string is chosen as a key, the plaintext is converted into bits and the ciphertext is formed via bit by bit XOR of the two
What is a Hash Function?
One-way, collision resistant functions that map an arbitrary length input to a fixed-size output
How does Tor anonymize traffic?
Passing traffic between multiple nodes within the network. Traffic is encrypted multiple times and each node the traffic passes through removes a layer of encryption. The exit node the final layer of encryption and sends the request to the internet
What is Phishing?
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
Three ways of distributing public keys:
Publicly available directories, which associate public keys with the owner Certificate signed by authority, where every user's public key is signed by a trusted certificate authority Web of trust, such as that used by PGP
Example Injection Attack?
SQL Injection - to obtain passwords of users SELECT * FROM Users WHERE Username='Admin' AND Password='' OR '1'='1'
What is SSL?
Secure Socket Layer SSL is designed to provide security and compression services to data generated from the application layer.
Two types of protection domains:
Static: A user always operates in the same domain Dynamic: A user can switch from one domain to another
How does a Brute-Force Algorithm work?
Systematically trying every possible encryption key until the correct one is found.
What are Digital Signatures?
The public key equivalent of message authentication codes
What is Kerckhoff's Principle?
The security of the encryption scheme must depend only on the secret of the key and not the algorithm
How hard is it to crack a ciphertext that has been encrypted with a shift cipher?
The shift cipher works modulo 26 (length of the standard alphabet). This means that there can only be 26 possible variations of an encryption for a single message. So there are only 26 possible keys, which can be tried one by one until the correct key is found.
What is Tor?
Tor is a distributed anonymous communication service using an overlay network that allows people and groups to improve their privacy and security on the Internet.
What is TLS?
Transport Layer Security
What are Trap-Doors?
Trap doors are flaws that designers place in programs so that specific security checks are not performed under certain circumstances
What does the term collision mean in term of hash functions?
When two different inputs produce the same putput
What is WEP?
Wired Equivalent Privacy Provides authentication, confidentiality and integrity checks. No key management or protection against replay attacks.
What is WPA?
Wireless Protected Access Provides authentication, confidentiality, integrity checking and protection against replay attacks.