Network, Wireless, and Cloud Security Flashcards

A vocabulary-style flashcard set covering core principles of network security, privacy, WSN routing protocols like RPL, Zigbee architecture, mobile generations, and cloud security models.

Complete mediation

A security principle requiring that every access point is monitored, including users and programmers, to ensure controlled entry.

Shannon's Maxim

The principle of 'no security through obscurity,' stating that one should assume the attacker knows the system.

Separation of Responsibility

A security principle that requires multiple parties to collude in order to misuse a privilege.

Defense in Depth

The strategy of layering multiple defenses so an attacker must breach all of them to succeed.

Least Privilege

The principle of granting only the specific permissions needed for a task.

CIA Triad

A model consisting of Confidentiality (authorized access), Integrity (unchanged data), and Availability (accessible system) used to evaluate security.

PPTMA

Privacy Preserving Solutions that address the core question of how to use data without directly exposing it.

Trusted Base Station (TBS)

A WSN key establishment solution where each node shares one key with the TBS, creating a single point of failure.

Random key distribution

A method where WSN nodes receive a random subset from a key pool to find a common communication key; mass compromise can reconstruct the full pool.

TingSec

A software cryptography implementation for WSN that creates a $5-10\%$ overhead without increasing packet size.

Node Capture

A physical attack in WSN where an attacker captures nodes in open locations to extract secrets or replace them with malicious ones.

RPL

The Routing Protocol for low power and Lossy networks, an IETF standard (RFC 6550) used in WSN.

DODAG

Destination Oriented Directed Acyclic Graph; a graph structure in RPL where each node aims to reach a single destination root.

DIS (DODAG Information Solicitation)

An RPL control message broadcast by new nodes to find and join an existing DODAG.

DIO (DODAG Information Object)

An RPL control message multicast downward to advertise the DODAG and recruit nodes.

DAO (DODAG Advertisement Object)

An RPL control message sent upward by a child node to request joining and establish downward routes.

ZC (Coordinator)

The Zigbee device type that acts as the Trust Centre and network root, assigned the address $0x0000$.

Zigbee Alliance09

A well-known global Trust Centre link key still used in many devices that allows attackers to decrypt NWK layers during joining.

APS (Application Support Sublayer) Layer Security

In Zigbee, this layer provides true end-to-end encryption using a Link key known only by two communicating peers.

MIC (Message Integrity Check)

An integrity feature in the Zigbee protocol stack used to prevent modification attacks.

LINDDUN

A privacy threat model consisting of Linkability, Identifiability, Non-repudiation, Detectability, Disclosure of information, Unawareness, and Non-compliance.

STRIDE

A security threat model consisting of Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

Sinkhole Attack

A WSN-specific attack where an adversary advertises a fake best route to cause all traffic to be routed through it.

Sybil Attack

An attack where a single adversary fakes multiple node identities within a network.

SUCI (Subscription Concealed Identifier)

A 5G security feature where the IMSI (SUPI) is encrypted with the home network's public key to prevent identity exposure.

Zero Trust model

A cloud security approach based on 'never trust, always verify,' removing implicit trust for entities inside the network.

Shared Responsibility Model

A cloud security principle where the provider secures the infrastructure and the customer is responsible for securing their own data and configurations.

IaC (Infrastructure as Code)

The use of automation to manage and maintain secure cloud configurations.