CS140 Computer Security, in 140 flashcards

Flashcards which cover (most of) the examinable content for CS140. Good luck to everyone taking the exam!

What are the two general features of Computer Security?

There is no such thing as absolute computer security.

Theory is not the same as practice.

What does CIA stand for in the CIA triad?

Confidentiality, Integrity, Availability

In CIA, what does Confidentiality intend to achieve?

Preventing access to unauthorised users

In CIA, what does Integrity intend to achieve?

Preventing unauthorised changes

In CIA, what does Availability intend to achieve?

Ensuring authorised users are not denied or delayed access when unwarranted

What are the features of a worm?

• Self-replicates

• Rapid growth

• Standalone

What are the features of a virus?

• Replicates into other executable code

• Rapid growth

What does a DDoS attack achieve?

Overwhelms a network device with enormous amounts of useless traffic data, to the point where it is inaccessible/useless to real users. Usually achieved using a botnet.

What is Hacktivism?

An attack on computer security with some motive related to protest and/or politically charged activism.

What is Social Engineering?

An attack on computer security where no technical skill is necessarily involved. Instead, the attacker exploits the trust of a user of a given network or service, typically to divulge personal information.

How is physical security a significant factor in computer security?

Often times, it is easier to steal a machine than to use technical measures to remotely access it. It is significantly easier to get someone to give the password to their laptop by threatening them, than to attempt to crack said password.

What is an Asset?

Something we wish to protect

What is a Vulnerability?

A flaw in a security system

What is a Threat?

A potential for a violation of security
(Capability x Intent)

What is an Attack?

An assault on security where a threat exploits a vulnerability

What is Risk?

The expected loss, expressed as the product of the chance of an attack and the harmful result
(Threat x Vulnerability x Harm)

What is Qualitative Risk Analysis?

An analysis of expected loss expressed in a checklist or similar format, e.g. DREAD by Microsoft.

What is Quantitative Risk Analysis?

An analysis of expected loss expressed in a mathematical model, such as a fault tree.

What is a Countermeasure?

An action that aims to reduce a threat, by preventing or detecting attacks and correcting it.

Give some examples of how a security system is dependent on at least some level of trust.

• Trusted Users (Access Control)

• Web of Trust (Public Key Encryption)

• Trusted Systems (Certificate Authorities)

What is Plaintext?

An unencrypted message

What is Ciphertext?

An encrypted message

What is Encryption and Decryption?

The process of converting plaintext into ciphertext (or vice versa)

What are the differences between Public key and Secret key encryption?

• S uses a single key known by both parties, P uses separate keys for encryption and decryption.

• S uses the same algorithm and key for encryption and decryption, P uses different algorithms and keys for each.

• S is based on very fast bitwise operations, P is based on slower mathematical operations.

What is Steganography?

The process of hiding information within another object. This is commonly done with pictures.

What is the formula for the steganographic process?

coverMedium + hiddenData + steganoKey → steganoMedium

What terms describe the following encryption method?
Plaintext: SECRET MESSAGE
Ciphertext: PASTA CARBONARA

Code Words, Dictionary, Code Book, Look-up table

What term describes the following encryption method?
Plaintext: SECRET MESSAGE
Ciphertext: SESEET SXCMAXREGX

Transposition/Permutation Cipher

How can a transposition cipher be made more secure?

• Define a keyword, and swap columns by the letters’ alphabetical order.

• Perform a second transposition.

What term describes the following encryption method, and what is it vulnerable to?
Plaintext: SECRET MESSAGE
Ciphertext: TFDSFU NFTTBHF

Monoalphabetic substitution cipher
These are vulnerable to frequency analysis, making them practically ineffective.

What encryption method uses a mapping of monoalphabetic ciphers and a text-based key in order to obfuscate messages?

Polyalphabetic substitution cipher

What encryption method is deemed to be the most theoretically secure possible, but is practically ineffective?

One-time pad

What are the key principles of a good encryption algorithm?

• Confusion

• Diffusion

• Difficult to break, even with generous assumptions

• Feasibly Maintainable

What is the difference between a block cipher and a stream cipher?

A block cipher splits data into set chunks (of bits/bytes), encrypting each, whereas a stream cipher encrypts each bit/byte on its own.

Give a brief overview of a round of DES encryption.

• Data is split into a left and right part

• The right part is run through the Feistel Function with a subkey

• The ouput is fed into the next round’s left portion.

• The output of the Feistel Function is computed in an XOR with the left part, which goes to the next round’s right portion.

What two operations are performed in subkey generation in DES?

Shifts and Shuffling of Bits.

What steps are performed in the Feistel Function of DES?

• Expansion

• Key Combination (XOR)

• Substitution

• Permutation

How is a message encrypted using DES decrypted?

By passing the ciphertext into the same encryption algorithm, with the private key (the order of subkeys reverses)

Why is DES considered insecure, and AES secure?

DES uses shorter keys, whereas AES uses longer keys of size 128, 192 or 256 bits long.

AES uses a similar algorithm to DES. What steps are performed in AES?

• Substitution (Using a look-up table)

• Permutation (Shifts)

• Mixing (By multiplying by a matrix)

• XOR with the round key

Give the properties of modular (%) arithmetic.

(A + B) % n = ((A % n) + B) % n
(A + B) % n = ((A % n) + (B % n)) % n
(A * B) % n = ((A % n) * B) % n
(A * B) % n = ((A % n) * (B % n)) % n
x ^ (A * B) % n = (((x ^ A) % n) ^ B) % n
(((x ^ A) % n) ^ B) % n = (((x ^ B) % n) ^ A) % n

What is the expression (y ^ x) % p referred to as?

Modular Exponentiation

What is a primitive root for some % p?

Some value that when raised to increasing powers and modularly divided by p, gives all the values 1, 2… p-1 in a repeating sequence.

Determine if 2 is the primitive root % 5 and % 10.

% 5 - Yes (2, 4, 3, 1, 2, …)
% 10 - No (2, 4, 8, 6, 2, 4, …)

When is the expression k = (y ^ x) % p a one-way function?

Where y is the primitive root % p, and p is a large number (e.g. 512 bits, or 64 bytes)

Suppose we are generating keys for RSA encryption. Let p = 7, q = 17, what is the public key produced (n), and what are the possible values of e?

n = 7 × 17 = 119
(p-1) x (q-1) = 6 × 16 = 96
e = 5, 7, 11, 13, 17, …

What is the contents of an HTTP request?

1. Request Line - States request type (GET, POST, etc.) and HTTP version

2. Headers, including host site, accepted encodings, languages, etc.

What is the contents of an HTTP response?

1. Status Line - Includes status code (200, 404, etc.) and reason phrase.

2. Headers, including the length of the content, E-Tag, content, type, etc.

3. The requested content, if applicable.

What does CGI stand for, and what does it allow for?

Common Gateway Interface. This is a standard way to allow the running of other programs on a web server to fulfill a request.

Why can public key encryption be described as “symmetric”?

We can apply either the secret or public key first, followed by the other, and still achieve the same plaintext. This follows from the following property:
((x ^ a) % n) ^ b == ((x ^ b) % n) ^ a

For public key encryption, we typically encrypt with the public key, then decrypt with the private key. However, we can swap the keys so that we encrypt with the private key. Why might we want to do this?

• Integrity - We do not care about the privacy of the information (since anyone can decrypt), but we don’t want anyone to tamper with the message (as only the owner knows the private key)

• Authentication - We can be absolutely sure who the message came from.

• Non-repudiation - If the message we send is malicious, the system can prove it came from us.

If we use public key encryption for integrity and not confidentiality, encrypting an entire message can be costly. What function can we apply to the message to form a smaller representation of it?

Hash

Describe the process of using a digital signature to ensure integrity.

1. The hash of the plaintext is calculated.

2. The hash is encrypted using a private key. This is the signature.

3. The signature is attached to the plaintext and sent to the recipient.

4. The recipient decrypts the signature with the public key, hashes the plaintext, and compares the two signatures.

Why are encryption and digital signing not interchangeable terms?

Encryption maintains confidentiality and must be decryptable. Digital signing involves a one-way function and provides integrity. Both functions achieve different, yet complementary outcomes.

What does MAC stand for, and how is it different from a digital signature?
Hint: NOT Media Access Control, or Mandatory Access Control.

Message Authentication Code. This function computes a hash of an input file and encrypts it, but uses secret key authentication instead of public key.

Can Message Authentication Code (MAC) ensure Integrity and Non-repudiation?

• Integrity - Yes

• Non-repudiation - No, as more than one person knows the secret key.

Why would we want to use Message Authentication Code instead of Digital Signatures?

Secret Key algorithms are faster than Public Key algorithms, so MAC can be computed faster than a digital signature.

What is a digital certificate?

A digital certificate is an electronic document that proves the ownership of one’s public key.

What is a certificate authority?

A certificate authority is a third party that issues and signs digital certificates.

What is the contents of an X.509 certificate?

• Subject: John Appleseed

  • Includes Organisation, O. Unit, Name.

• Subject’s Key: 123456789abcdef0…

• CA’s subject: C. Author.

• Signature of the CA: c0ffee12345678…

What is a web of trust?

A web of trust is a system of managing digital certificates where there is no centralised authority. Instead, each user creates their own “chain of trust”, where each user certifies themselves and signs other users’ certificates.

What are the two attributes applied to users in a web of trust?

Values can be FULL, MARGINAL or UNKNOWN.

• Validity - Are we sure that this key definitely belong to this user?

• Trust - Are we sure that this user will be careful and follow good security practices? (Also has value ULTIMATE)

Web of Trust

• A → B - V = FULL, T = FULL

• B → C - V = FULL, T = FULL

• A → C - V = ?, T = ?

V = FULL, T = FULL
C’s key has been signed by someone who A fully trusts (B)

Web of Trust

• A → B - V = FULL, T = FULL

• B → C - V = FULL, T = MARGINAL

• A → C - V = ?, T = ?

V = MARGINAL, T = MARGINAL
Validity of a user is only considered full if their key has been signed by someone who is fully trusted. (In some cases, if n users marginally trust C, A will fully trust C.)

Web of Trust (Threshold is 2)

• A → B - V = FULL, T = FULL

• B → C - V = FULL, T = FULL

• C → D - V = FULL, T = FULL

• A → D - V = ?, T = ?

V = MARGINAL, T = MARGINAL
The threshold prevents full trust of users if they are not directly trusted/signed by a given user.

How is ultimate trust distinct from full trust?

Ultimate trust ignores any threshold limits, which result in marginal trust and validity being applied to users who are a set distance away from another.

Explain briefly how the SHA-256 hash function works.

• Message is padded, so its length is a multiple of 512 bits.

• Message is split into 512-bit long blocks.

• Eight H-Variables are initialised.

• For each block, a H-function updates the eight H-Variables.

• The eight H-Variables are joined together.

Explain how in SHA-256 hashing, a message is padded.

1. A bit 1 is added.

2. k bits 0 are added until (L % 512) + 1 + k == 448.

3. The length of L as a 64-bit integer is appended.

4. (If L % 512 > 448 then we pad until the next block contains 448 bits.)

We want to hash a message of length (L) 1280 bits using SHA-256. How is this message padded?

1. Find L % 512 = 256

2. Add a 1 bit.

3. 448 - 257 = 191, so add 191 zero bits.

   1. Append the length 1280 as a 64-bit integer.

What is the equation for the Entropy (x) of a password?

x = L x log2(W)
L - Length of Password, W - Size of Character set

What does entropy of a password measure, and why may it be deemed an unsuitable measure of security?

Entropy is a measure of maximum uncertainty in a password. It may not be a good measure of security as passwords are mostly not random: people tend to pick certain patterns when setting passwords, such as using a combination of words.

How are passwords stored on a server?

As a hash. This way, the original data cannot be visible/identified, yet it is still possible to compare to future inputs for authentication.

Passwords may be cracked in an online or offline attack. Describe which method is more likely to result in success.

• Online - Repeated logon attempts on a website. This is generally less successful, as most sites will prevent this (typically through allowing limited attempts)

• Offline - Done through obtaining a password file and utilising a compromised system. The passwords are guessed from each hash.

What are the five ways of cracking passwords?

• Brute Force

• Dictionary Attack

• Look-up Tables

• Reverse Look-up Tables

• Rainbow Tables

Explain the similarities and differences between a brute-force and dictionary attack for password cracking.

Similarities: Both methods try several permutations of combinations in order to crack a password.
Differences: Brute-force tries every possible combination of characters, which is more computationally expensive and inefficient, although this guarantees that a password is found if enough time is given. Dictionary attacks use common words and phrases, including permutations such as chocolate → ch0co1at3

How does a Look-up table “build upon” a dictionary attack?

With dictionary/brute-force attacks, each guess is hashed as it is tried. Look-up tables pre-compute the hashes and compare them with items in a hash file. The hashes and passwords can then be mapped and identified.

Why are look-up tables typically not used for password cracking?

Look-up tables can take up vast amounts of space, especially at larger password lengths. For every character added to a password, the number of possibilities grow exponentially!

How does a Reverse Lookup Table work, and how is it different from a normal Lookup Table?

A Reverse Lookup Table uses a structure called a “Hash Chain”. It takes an arbitrary set of inputs (e.g. all possible length five character combinations), hashes one at a time, identifies printable characters (from ASCII or another encoding), hashes that result, and repeats until the first hash is found. The last text input is the output.
With Reverse Lookup Tables, the aim is not to match a specific input to an output, it is to find any sort of input that reaches the same output.

How is a Reverse Lookup Table used to crack passwords?

1. Create hash chains of a set length to form each record in the table, only storing the first and last text inputs of each.

2. Take a hash from the hash file, and create a hash chain.

3. If a password created matches an ending password in the table, go to that row’s starting password and create its hash chain.

4. Once we reach the same hash that was originally sourced in the hash file, take the password that was used to create that hash, and output it.

What issue can occur in a Reverse Lookup Table?
Hint: Hash Maps in CS126 encounter a similar problem.

Chain Collisions. A hash in one chain may occur in another, causing the same sequence to be repeated and for duplicate data to be stored, wasting space.

What additional set of functions are used in a Rainbow Table, which make it more efficient than a Reverse Lookup Table?

A set of Reduction Functions.
A Reverse Lookup Table uses the same reduction procedure after every hash, which can be a factor in causing collisions. Rainbow Tables reduce collisions by sequencing different reduction strategies (e.g. take characters 1,2,3,4, then 2,4,6,8, and alternate).

How is a Rainbow Table used to crack passwords?

1. Create hash chains of a set length to form each record in the table, only storing the first and last text inputs of each.

2. Take a hash from the hash file, and create a hash chain.

3. If a password created matches an ending password in the table, go to that row’s starting password and create its hash chain, starting with reduction Rk.

4. If not found, try starting from Rk-1, then Rk-2 up to R1.

5. Once we reach the same hash that was originally sourced in the hash file, take the password that was used to create that hash, and output it.

What is applied to password hashes in order to render hash chain-based attacks less effective?

Password Salt, i.e. a randomly generated number, which is connected to the password and hashed together with it. The hash and its salt are stored together in the password file. This renders attacks less effective as an attacker needs to compute lookup tables for every possible salt value.

Biometric Authentication is becoming increasingly common. What is the predominant issue with this form of authentication?

False Positives and Negatives. It is possible for two biometric scans to have very similar results, or a scan could be registered incorrectly due to many different factors.

What is Access Control?

The process of specifying which subject (Who?) has what permission to access which object (What?).

What are the two general principles of Access Control?

• Least Privilege - Where we need to grant a subject access to an object, we apply only the least rights necessary

• Fail-safe Defaults - If we are not sure of a subject’s rights, assume they have no permissions, verify, then grant access

What are the two access control models?

• Discretionary Access Control (DAC) - The owner of objects (files) control access.

• Mandatory Access Control (MAC) - “Across the board” policy that is enforced by the system.

Describe the three methods of storing permissions under the Discretionary Access Control (DAC) Model.

• Access Matrix - Objects are stored in the columns, subjects are stored in the rows, and each cell contains each subject and object’s permissions. Likely to be sparsely populated.

• Access Control List (ACL) - A list in which each object is represented as an index. Each field contains each user with their permissions.

• Capability List - A list in which each subject is represented as an index. Each field contains the objects that the subject has permissions in.

Is an Access Control List (ACL) or Capability List preferable for storing permissions?

Neither is necessarily better than the other: the answer is dependent on whether it is more important to access object-specific or subject-specific permissions. Both use opposing directions for storing permissions.

Which commands can we use to get and set ACL permissions on Linux systems?

• setfacl

• getfacl

List some operating systems that use ACL to store permissions.

• Linux (and other Unix-based systems)

• Windows NT (NT describes XP and later, or workstation specific OSes, including NT 4.0 in 1996)

• macOS (Which itself is Unix-based)

List some operating systems that use a Capability List to store permissions.

• Fuchsia (Google, used in IoT hubs)

• Genode (Genode Labs, Consumer OS)

• Midori (Microsoft, Discontinued in 2015)

Why may an organisation wish to use Mandatory Access Control (MAC) over Discretionary Access Control (DAC)?

DAC allows for each user to set permissions on their files. In an organisation, there may not necessarily be set owners of files, other than the organisation itself. As such, it may be more suitable for the organisation to apply a set of common rules to all users.

What are the four security levels in Multi-level Security?

Using the Bell Lapadula Model,

• Top Secret

• Secret

• Confidential

• Unclassified

What components make up a Security Label in Multi-level Security?

L = (S, C)
S - Security Level (e.g. Confidential)
C - Category, a specific name or project the label relates to (e.g. Government Project, or GP for short)

Each Object and Subject are given a Security Label in the Multi-level security model. What are these labels referred to in these contexts?

• L(o) Object - Classification

• L(s) Subject - Clearance

What are the access rules for Multi-level security?
Hint: Let classification refer to L(o) and clearance refer to L(s).

ALLOW READ if L(s) >= L(o)
ALLOW APPEND if L(o) >= L(s)
ALLOW WRITE if L(s) == L(o)

Multi-level Security:
A subject with Secret clearance on categories AP and BP wishes to read an object with Confidential classification, and is tied to the BP category.
Should the subject be granted access? If not, why?

Yes, Secret > Confidential, and the subject has clearance on BP.

Multi-level Security:
A subject with Secret clearance on categories AP and BP wishes to read an object with Confidential classification, and is tied to the XP category.
Should the subject be granted access? If not, why?

No, as the subject has no clearance on the XP category.

Multi-level Security:
A subject with Secret clearance on categories AP and BP wishes to write to an object with Confidential classification, and is tied to the BP category.
Should the subject be granted access? If not, why?

No, as the subject has secret clearance. Only those with confidential clearance on BP can write to the object.