CPSC4200 Midterm

What does CIA stand for in cybersecurity?

confidentiality, integrity, availability

What does AAAA stand for in cybersecurity?

assurance, authenticity, anonymity, accountability

What is a classical substitution cipher?

letters of plaintext are replaced by other letters or by numbers or symbols

What is a caesar cipher?

a substitution cipher that involves replacing each letter of the alphabet with the letter standing three places further down the alphabet

What is a transposition cipher?

encrypts a message by rearranging the letters instead of changing them

What is a Rail Fence Cipher?

a cipher that writes the letters from the message out diagonally over a number of rows, then the cipher is read off row by row

What is a Row Transposition Cipher?

letters from the message are written in a rectangle, row by row, and then each column is given a number, columns are then written into a new string in order of the random number they were given

What are the three types of functions in cryptography?

cryptographic hash function, secret-key functions, public-key functions

How many keys does a cryptographic hash function have?

zero

How many keys does a secret-key function have?

one

How many keys does a public-key function have?

two

What are cryptographic hash functions?

How do digital signatures work?

What is the birthday attack?

a class of brute-force techniques that target a pair of input values that produce the same hash, instead of a specific hash

What are the steps of the birthday attack?

a large number of good and fraudulent documents are prepared and matched to find two with equal hashing code; the "boss" signs the good document with authentic signature; while on it's way to the receiver, the good document is replaced with the fraudulent one

How many people do you need for a 50% chance that two people share the same birthday?

23

What is symmetric key distribution?

requires that each pair of communicating parties to share a (separate) secret key (so every pair in a group shares a secret key)

What is the formula for symmetric key distribution?

n(n-1)/2 keys

What is public-key cryptography?

when a user has both a private key and a public key, in which the public key is used to encrypt and the private key is used to decrypt

In public-key cryptography, do you use your own or the receiver's public key to encrypt a message?

the receivers

What is public key distribution?

only one key is needed for each recipient

How many types of symmetric encryption are there?

two (block and stream)

What is a block cipher?

data is encrypted one block at a time as a single message

What is a stream cipher?

data is encrypted one bit or one byte at a time

When are stream ciphers normally used?

if data is a constant stream of information

In terms of block ciphers, different ciphers use different ____________ and _____________.

block size and key length

What are modes in block ciphers?

deal with how to encrypt a message of arbitrary length using a block cipher

What are three of the most common modes for block ciphers?

electronic code book (ECB)

cipher block chaining (CBC)

cipher feedback (CFB)

output feedback (OFB)

counter (CTR)

What is ECB mode?

(electronic code book) each plaintext block is encrypted independently with the block cipher

What is CBC mode?

(cipher-block chaining) each plaintext block is XORed with the previous ciphertext block and then encrypted

What is the Diffie-Hellman Key Agreement Protocol?

uses modular arithmetic; publicly agree to use a modulus p and generator base g to send secret messages

How do you create your public/private key pair for RSA?

choose two large prime numbers p and q; n = pq; z = (p-1)(q-1); and then choose e which has no common factors with z, and choose d so that ed-1 is exactly divisible by z

{n,e} is the public key, and {n,d} is the private key

What is the formula to encrypt for RSA?

c = m^e mod n

What is the formula to decrypt for RSA?

m = c^d mod n

How do you generate a signature?

hash your message and then "sign" the hash with the private key to create a signature (encrypted hash)

How do you verify a digital signature?

you decrypt the signature on the hashed message; it's valid if the hash of the message matches the decrypted signature

In a file permissions string, what is the order of people's permissions listed?

owner, groups, everyone else

What is an access control model?

defines how access control policies are configured and managed

What is Discretionary Access Control (DAC)?

an individual user can set an access control mechanism to allow or deny access to an object (object owner controls access)

What is Mandatory Access Control (MAC)?

a system-wide policy that decrees who is allows to have access (individual users have no say in altering it, even if they have root access)

What is Role Based Access Control (RBAC)?

access depends on what your role is

What is race condition?

occurs when two or more process access the same data or resources at the same time, which can be used by attackers to trick privileged programs

Can you use this program from the SetUID lab to run other commands with the root privilege? (see slide 46)

yes, system(command) opens up the ./bin/cat file, which could allow an attacker to write to that file using something like "./program "secret.txt; rm -rf /""

How can you get to the root shell using a specific input after running a program?

a statement with a ; can open the root shell, like "aa;/bin/sh"

How can you invoke programs safely using execve()?

execve(v[0], v, 0)

the command name is provided by the program, the input data is provided by the user

code (command name) and data are clearly separated, there is no way for the user data to become code