CS-3310 - 05 Security - Models and Cryptography

What is the Bell-LaPadula model?

Confidentiality: no read up, no write down.

What is the Biba model?

Integrity: no write up, no read down.

What is a covert channel?

Unintended information leak path.

What is the confinement problem?

Preventing hidden communication.

What is steganography?

Hiding data inside other data.

What is cryptography?

Encoding data for secrecy.

What is plaintext?

Original readable data.

What is ciphertext?

Encrypted output.

What is a cryptographic key?

Value controlling encryption.

What is Kerckhoff's principle?

Algorithms public; keys secret.

What is secret-key (symmetric) cryptography?

Same key for encryption/decryption.

What is a drawback of symmetric keys?

Key distribution problem.

What is public-key cryptography?

Separate public/private keys.

Who invented public-key crypto?

Diffie and Hellman.

What is RSA based on?

Difficulty of factoring.

What is a one-way function?

Easy forward, hard reverse.

What is a hash function?

One-way fixed-length digest.

What is a digital signature?

Encrypted hash for authenticity.

What ensures non-repudiation?

Private key signature.

What is a digital certificate?

Public key signed by CA.

What is a Certification Authority (CA)?

Trusted public-key signer.

What is a Public Key Infrastructure (PKI)?

System for managing keys/certs.

What is a Trusted Platform Module (TPM)?

Hardware for secure key storage.

Why is the TPM controversial?

Restricts user control.

What are the three authentication factors?

Know, have, are.

What is the most common authentication method?

Password login.

What are weak passwords vulnerable to?

Brute-force guessing.

How does UNIX secure stored passwords?

Salted hashing.

What is a salt?

Random bits added to passwords.

What is a one-time password (OTP)?

Password valid once.