CIS4360 Intro to Computer Security: Midterm 1

no one value can be in the sequence can be inferred from the others

Independence (randomness & unpredictability)

Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity.

Integrity

Differences between Symmetric and Asymmetric

Key sizes are not comparable between the two approaches. 128 bit symmetric key vs 3000 bit public key. (large primes)

Combined one byte at a time with the plaintext stream using the XOR operation, a __________ is the output of the pseudorandom bit generator.

Keystream

An example of __________is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.

Masquerade

An unauthorized entity gains access to a system or performs a malicious act by posing as an authorized user

Masquerade

__________is a procedure that allows communicating parties to verify that received or stored messages are authentic.

Message Authentication

A host generated random number is often called a __________.

Nonce

Attacker only needs to find ____ weakness(es)

ONE

_________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

Privacy

A _________ strategy is one in which user is allowed to select their own password, however the system checks to see if the password is allowable, and if not, rejects it.

Proactive Password Checking

Digital signatures and key management are the two most important applications of ________ encryption.

Public-Key

pre - computed tables of hash values for all salts, a mammoth table of values - can be countered by using a sufficiently large salt and hash value length

Rainbow Table Attacks

A __________ strategy is one in which the system periodically runs its own password cracker to find guessable passwords.

Reactive Password Checking

A __________ attack involves an adversary repeating a previously captured user response.

Replay

A _____assessment is periodically assessing the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission or organizational information.

Risk

produces 160-bit hash value/message digest

SHA (Secure Hash Algorithm)

A _______is any action that compromises the security of information owned by an organization.

Security Attack

A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources

Security Policy

There are four general means of authenticating a user's identity, which can be used alone or in combination:

Something the individual: KNOWS, POSSESSES(tangible), IS (static Biometric), DOES (dynamic Biometric)

A _____________ processes the input elements continuously, producing output one element at a time.

Stream cipher

Also referred to as single-key encryption, the universal technique for providing confidentiality for transmitted or stored data is _______

Symmetric Encryption

Data contained in an information system; or a service provided by a system; or a system capability; a facility tat houses system operations and equipment

System Resource (Asset)

RSA/IDA (combination of symmetric and asymmetric)

The asymmetric keys are used for authentication and after this has been successfully done, one or more symmetric keys are generated and exchanged using the asymmetric encryption. This way the advantages of both algorithms can be used.

_____________is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.

Traffic Padding

an application or physical device masquerades as an authentic application or device for the purpose of capturing a user password, passcode, or biometric

Trojan Horse

In a __________ attack, an application or physical device masquerades as an authentic application or device for the purpose of capturing a user password, passcode, or biometric.

Trojan horse

A message authentication code is a small block of data generated by a secret key and appended to a message.

True

A smart card contains memory and microprocessor inside.

True

An individual's signature can be used in biometric authentication applications.

True

Attacks are threats carried out

True

Brute-force attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.

True

Computer Security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them.

True

Computer security is a protection of the integrity, availability and confidentiality of information system resources

True

Dictionary attacks develop a large dictionary of possible passwords and try each against the password file

True

Identifiers should be assigned carefully because authenticated identities are the basis for other security services.

True

In a biometric scheme some physical characteristic of the individual is mapped into a digital representation.

True

In the context of security our concern is with the vulnerabilities of system resources.

True

Many security administrators view strong security as an impediment to efficient and user-friendly operation of an information system.

True

Memory Cards only store data, no processing is done.

True

Public-key cryptography is asymmetric.

True

Some form of protocol is needed for public-key distribution.

True

Symmetric encryption is used primarily to provide confidentiality

True

System Availability assures that systems work promptly and service is not denied to authorized users

True

The advantage of a stream cipher is that it is faster than block ciphers.

True

The first step in devising security services and mechanisms is to develop a security policy.

True

The problem of computer generated passwords is that users have trouble remembering them.

True

The purpose of the Diffie-Hellman Key Agreement algorithm is to enable two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages.

True

The secret key is input to the encryption algorithm.

True

The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm.

True

User authentication is the basis for most types of access control and for user accountability.

True

User authentication is the process of verifying an identity claimed by or for a system entity.

True

X.800 architecture was developed as an international standard and focuses on security in the context of networks and communications.

True

measuring unpredictable natural processes: (rolling dice, thermal noise, radiation, gas discharge) increasingly provided on modern processors

True Random Number Generator (TRNG)

frequency of occurrence of each of the numbers should be approximately the same

Uniform Distribution (randomness & unpredictability)

IF the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to

Use Longer Keys

In __________ strategy, users are told the importance of using hard-to-guess passwords and are provided with guidelines for selecting strong passwords.

User Education

A circumstance that results in control of system services or functions by an unauthorized entity.

Usurpation

In user authentication, the __________ step is presenting or generating authentication information that corroborates the binding between the entity and the identifier.

Verification

Presenting or generating AUTHENTICATION INFORMATION that corroborates the binding between the entity and the identifier

Verification Step (example: that the username and password matches)

Replay, masquerade, modification of messages, and denial of service are example of

active attacks

A _______is a threat that is carried out and, if successful, leads to an undesirable violation of security, or threat consequence.

attack

An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a

attack

A ___________ authentication system attempts to authenticate an individual based on his or her unique physical characteristics.

biometric

adversary attempts to achieve user authentication without access to the remote host or the intervening communications path

client attack

A loss of _____ is the unauthorized disclosure of information

confidentiality

A ____________is any means taken to deal with a security attack

countermeasure

A _________ attack attempts to disable a user authentication service by flooding the service with numerous authentication attempts.

denial-of-service

DSS (Digital Signature Standard)

digital signature functions with SHA cannot be used for encryption or key exchange.

The assets of a computer system can be categorized as (4 things)

hardware, software, communication lines and networks, and data.

The two criteria used to validate that a sequence of numbers is random are (2 things)

independence and uniform distribution

RSA (Rivest, Shamir, Adleman)

most widely approach to public key encryption -block cipher with 1's and 0's

A ______ is an attempt to learn or make use of information from the system that does not affect system resources.

passive attack

Release of message contents and traffic analysis are two types of

passive attacks

Security implementation involves four complementary courses of action:

prevention, detection, response, and recovery

encrypting with Private Key and decrypting with Public Key

provides authenticity Bob(Bob Private) --> Sue(Bob Public) encrypt __________--> _________decrypt (anyone who knows the corresponding public key will be able to decrypt the message)

encrypting with Public Key and decrypting with Private Key

provides confidentiality Bob(Sue Public) --> Sue(Sue Private) encrypt ________-->______ decrypt

A _________ stream is one that is unpredictable without knowledge of the input key and which has an apparently random character.

pseudorandom

sequences produced that satisfy statistical randomness tests. -likely to be predictable

pseudorandom numbers

In public key encryption, the __________ is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption.

public and private key

adversary repeats a previously captured user response

replay

The OSI security architecture focuses on (3 things)

security attacks, mechanisms, and services

Authentication protocols used with smart tokens can be classified into three categories:

static, dynamic password generator, and challenge-response

A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy is

vulnerability

ASYMMETRIC ENCRYPTION

-Pair of keys, Private and Public, can use one for encryption and the other for decryption. (and vise versa) -The private key cannot be reconstructed from the public key. -Diffie and Hellmann. -RSA, DSA, ELGAMAL -Any message that is encrypted by using the private key can only be decrypted by using the matching public key. -Digital Certificates is used to discover other public keys.

Message Authentication Code (MAC) Symmetric

-Protects against active attacks -verifies message is authentic, not altered, from authentic source, timely and correct sequence -only sender and receiver share a key -is a function of an input message and a secret key.

SYMMETRIC ENCRYPTION:

-Universal technique for providing confidentiality -Both parties share the SAME key for both encryption and decryption. Key needs to be kept secret. -Block Ciphers: DES, 3-DES, AES -Faster than Asymmetric. Less computing power. Attacks: Cryptanalysis and Brute Force -Message Authentication Code (MAC)

Hash Function "finger-print" of data

-can be applied to a block of data of any size -produces a fixed length output

DES takes a plaintext block of 64 bits and a key of ______ bits to produce a ciphertext block of 64 bits.

56

Digital Certificates (Public Key)

A certificate is a package of information that identifies a user or a server, and contains information such as the organization name, the organization that issued the certificate, the user's e-mail address and country, and the user's public key.

-The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity - Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes

Accountability

verifying that users are who they say they are each input arriving at the system came from a trusted source

Authenticity (under Integrity)

A loss of __________ is the disruption of access to or use of information or an information system.

Availability

ensuring timely and reliable access to and use of information

Availability

A _________ is to try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.

Brute-Force Attack

-binds public key to individual -person registers their public key with this.

Certification Authorities

To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol.

Challenge-Response

______ is the scrambled message produced as output

Ciphertext

A _________ is when an adversary attempts to achieve user authentication without access to the remote host or to the intervening communications path.

Client Attack

Messages are destroyed/deleted/read/ modified/delayed/recorded/duplicated fabricated

Communication Lines Threat

__________is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources.

Computer security

Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information

Confidentiality

Vulnerabilities (3 types)

Corrupted (loss of Integrity) Leaky (loss of confidentiality) Unavailable or slow (loss of availability)

A __________ attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.

Cryptanalytic

The most important symmetric algorithms, all of which are block ciphers, are (3 of them)

DES (Data encryption standard), Triple DES, and AES (Advancted encryption standard)

The assurance that data received are exactly as sent by an authorized entity is

Data Integrity

Files are deleted, unauthorized analysis or reading is performed.

Data threat

The _______ algorithm takes the ciphertext and the secret key and produces the original plaintext.

Decryption

The __________prevents or inhibits the normal use or management of communications facilities.

Denial Of Service

attempts to disable a user authentication service by flooding the service with numerous authentication attempts

Denial-of-Service

develop a large dictionary of possible passwords and try each against the password file -each password must be hashed using each salt value and then compared to store hash values. - a lot of computational power

Dictionary attacks

The purpose of the __________ algorithm is to enable two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages.

Diffie-Hellman Key Agreement

-authenticating both source and data integrity. -hash code and private key encrypted together -does NOT provide confidentiality, eavesdropping.

Digital Signature

A ______ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key. Data appended to or a cryptographic transformation of a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery.

Digital Signature

_________ used for authenticating both source and data integrity.

Digital Signatures

adversary attempts to learn the password by some sort of attack that involves the physical proximity of user and adversary: Keylogging

Eavesdropping

use of mathematical algorithms to transform data into a form that is not readible

Encipherment

Keylogging is a form of host attack.

FALSE Not Keylogging (dictionary attack / exhaustive search)

(Contingency planning) is a functional area that primarily requires computer security technical measures.

FALSE access control; identification & authentication; system & communication protection; and system & information integrity functional areas that primarily require management controls and procedures include: awareness & training; audit & accountability; certification, accreditation, & security assessments; CONTINGENCY PLANNING; maintenance; physical & environmental protection; planning; personnel security; risk assessment; and systems & services acquisition

Privacy ensures that information and programs are changed only in a specified and authorized manner.

False (Confidentiality)

Like the MAC, a hash function also takes a secret key as input.

False The MAC is a function of an input message and a secret key.

On average, _____ of all possible keys must be tried in order to achieve success with a brute-force attack.

Half

_________systems identify features of the hand, including shape, and lengths and widths of fingers.

Hand Geometry

The purpose of a _____ is to produce a "fingerprint" of a file, message, or other block of data.

Hash Function

A widely used password security technique is the use of ___________ passwords and a salt value.

Hashed (Unix uses Salt Value)

A __________ is directed at the user file at the host where passwords, token passcodes, or biometric templates are stored.

Host Attack

presenting an identifier to the security system

Identification Step (example: you match your username)