CSB - Lecture 1

These are all the content questions

What is logging in systems?

Tracking and recording actions/events in a system

What is the standard purpose of logs?

To record system activity for debugging, monitoring, auditing, and security

What should be considered when deciding what to log?

Log as much as possible while respecting privacy

Why must logs be protected?

Attackers may delete or modify them to hide activity

What does append-only logging mean?

Existing log data cannot be modified, only new data added

Why should logs be stored redundantly and securely?

To prevent loss or tampering after compromise

What is proof-carrying code?

Code that carries a proof of correctness or authorisation with it

Why is proof-carrying code efficient?

Checking proofs is faster than deriving them

What is authentication?

Verifying identity before granting access

What are the three authentication factors?

Something you know, have, and are

Give examples of "something you know."

Passwords, PINs, and security questions

Give examples of "something you have."

Keys, smart cards, tokens, and badges

Give examples of "something you are."

Biometrics like fingerprints, face, iris, and voice

What are behavioural biometrics?

Patterns like mouse movement or usage habits

What is MFA?

Using two or more authentication factors

Why use salts in password storage?

To randomise hashes and prevent precomputed attacks

Why use strong hashing (e.g. bcrypt)?

To make brute-force attacks computationally expensive

Why must password practices evolve?

Because attack methods improve over time

What are authentication keys typically based on?

Digital signatures (e.g. PGP)

What is a key challenge with authentication keys?

Loss, revocation (replacement), and distribution

Why are biometrics hard to reset?

They are permanent (e.g. fingerprints)

What accessibility issue exists with biometrics?

Not everyone can provide usable biometric data

What privacy concern exists with biometrics?

They store permanent personal data

What accuracy issues exist in biometrics?

False positives and false negatives

What is federated identity management?

Delegating authentication to a third party

Give examples of federated identity systems.

Kerberos, LDAP, and OAuth2

What is an advantage of federated identity?

Centralized management and easier implementation

What is a disadvantage of federated identity?

Single point of failure and privacy concerns

What is a replay attack?

Reusing a captured authentication message

What is a timestamp replay attack?

Replaying a message within a valid time window

What is a backward replay?

Exploiting symmetric encryption where messages are indistinguishable

What is the impact of replay attacks?

Full impersonation and account access

What is an impersonation attack?

Attacker pretends to be a legitimate user by replaying sessions

What can an attacker do after impersonation?

Send messages, access data, and act with user privileges

What is authorisation?

Determining access rights after authentication

What is distributed access control?

Using third parties and trust chains to decide access

What is a "can-say" rule?

A delegation of authority to assert claims

What is confidentiality?

Preventing unauthorised access to information

What is integrity?

Ensuring data is only modified in authorised ways

What is availability?

Systems are accessible to authorised users when needed

What is accountability?

Actions can be traced to a specific entity

"Repudiation" is an attack specifically listed as a threat to which security property?

Integrity

"The release of message contents" and "Traffic analysis" are both examples of what?

Passive Attacks

According to the NIST definition, "Computer Security" focuses on protecting which three objectives?

Integrity, Availability, and Confidentiality

What is the difference between a "Security Mechanism" and a "Security Service"?

A mechanism is a process designed to detect/prevent attacks; a service uses mechanisms to enhance data security.