465 midterm Flashcards
midterm
Confidentiality
Prevent unauthorized access to information. Example: Encryption, Access control.
Integrity
Ensure data is accurate and unaltered unless authorized.
Example: Checksums, Backups.
Availability
Ensure authorized users can access data when needed.
Example: Computational redundancies, Physical protections.
Encryption
Transforms plaintext into ciphertext using a key.
Example: AES, RSA.
Access Control
Limits access to authorized users only.
Example: Role-based access control (RBAC).
Authentication
Verifies a user’s identity.
Example: Passwords, Biometrics.
Authorization
Determines what an authenticated user can access.
Example: Access Control List (ACL).
Physical Security
Prevents unauthorized physical access.
Example: Locks, Security guards.
Backups
Copies of data stored for recovery purposes.
Example: Cloud backups, RAID.
Checksums
Detects accidental data corruption.
Example: MD5, SHA-256.
Data Correcting Nodes
Reverts small unauthorized modifications.
Example: Error-correcting codes.
Physical Protections
Prevents damage or destruction of hardware.
Example: Fireproof safes, Server rooms.
Computational Redundancies
Extra resources to maintain availability.
Example: Load balancers, Clustering.
Assurance
Trust in a security system’s effectiveness.
Example: Policies, Permissions.
Authenticity
Ensures a message or user is genuine.
Example: Digital signatures.
Anonymity
Hides the sender’s identity.
Example: Proxies, Pseudonyms.
Eavesdropping
Unauthorized interception of communication.
Example: Wiretapping, Packet sniffing.
Man-in-the-Middle Attack
Attacker alters communication between parties.
Example: HTTPS downgrade attacks.
Denial-of-Service (DoS)
Overloads a system to make it unavailable.
Example: DDoS attacks.
Masquerading
Pretending to be someone else.
Example: Phishing, Spoofing.
Repudiation
Denying having sent or received a message.
Example: Digital signatures prevent this.
Correlation & Traceback
Linking anonymous actions to a specific user.
Example: Traffic analysis.
Economy of Mechanism
Keep security systems simple.
Example: Minimal, well-documented code.
Fail-Safe Defaults
Default access should be restrictive.
Example: No default admin privileges.
Complete Mediation
Every access attempt should be checked.
Example: Session timeouts.
Open Design
Security should not rely on secrecy.
Example: Open-source cryptography.
Separation of Privilege
Require multiple conditions for access.
Example: Multi-factor authentication.
Least Privilege
Users get only necessary permissions. Example: Principle of least authority (PoLA).
Least Common Mechanism
Reduce shared system resources. Example: Separate user processes.
Psychological Acceptability
Security should be user-friendly. Example: Intuitive UI design.
Work Factor
Security measures should be proportionate to the attack difficulty.
Example: Strong encryption for sensitive data.
Compromise Recording
Logging and monitoring to detect breaches.
Example: Security cameras, Intrusion Detection Systems (IDS).
Access Control Matrix
A table defining subjects, objects, and their permissions.
Example: Each row = user/system, each column = resource.
Access Control List (ACL)
A list defining which users can access an object and what permissions they have.
Example: A file system ACL defines read/write/execute rights.
Role-Based Access Control (RBAC)
Assign permissions to roles rather than individuals.
Example: Admin role has full access, User role has limited access.
Nonrepudiation
Ensures that a sender cannot deny sending a message.
Example: Digital signatures provide nonrepudiation by binding a user’s private key to a message.
Correlation & Traceback
Techniques used to link anonymous online activities to an individual.
Example: Traffic analysis on Tor networks.
Social Engineering
Psychological manipulation to trick users into revealing sensitive information.
Example: Pretexting, phishing, baiting.
Man-in-the-Middle (MITM) Attack
An attacker intercepts and possibly alters communication between two parties.
Example: An attacker intercepting HTTPS traffic by stripping encryption.
Denial-of-Service (DoS) Attack
An attack that overwhelms a system to make it unavailable.
Example: A botnet flooding a web server with excessive traffic.
Salting Passwords
Adding a unique random value to each password before hashing to prevent precomputed attacks.
Example: A user’s password is hashed with a salt so two users with the same password have different hashes.
BIOS Password
Prevents unauthorized users from modifying firmware settings before the OS loads.
Example: Prevents booting from unauthorized USB devices.
Hibernation File Risks
Hibernation files store system memory contents and may contain sensitive data.
Example: Encryption keys or passwords could be extracted from a dumped memory file.
What is the meet-in-the-middle attack on Double-DES?
Double-DES encrypts with two separate keys (K1, K2):
C = E(K2, E(K1, P))
Meet-in-the-Middle attack reduces security from 2^112 to 2^56 by:
Encrypting P with all 2^56 possible K1 values, storing intermediate results.
Decrypting C with all 2^56 possible K2 values and checking for matches.
Since only 2^56 encryptions + 2^56 decryptions are needed, security is not doubled.
Triple-DES
Triple-DES avoids the meet-in-the-middle attack by encrypting three times:
E(K1, D(K2, E(K1, P)))
Since the attack needs to store 2^56 intermediate values, but now there are three independent operations, brute-forcing remains at 2^112, making it significantly harder to break than Double-DES.
ECB Mode
Each block is encrypted independently: C_i = E(K, P_i)
Identical plaintext blocks produce identical ciphertext blocks, making patterns visible.
Weakness: Doesn’t provide diffusion, making it vulnerable to pattern analysis (e.g., encrypted images reveal structure).
CBC Mode
Uses an IV (Initialization Vector) and XORs previous ciphertext block with plaintext before encryption:
C_i = E(K, P_i ⊕ C_(i-1))
Weakness: Susceptible to bit-flipping attacks—modifying ciphertext bits affects plaintext predictably after decryption.
OFB Mode
Uses an IV and encrypts it iteratively to generate a keystream:
S_i = E(K, S_(i-1))
C_i = P_i ⊕ S_i
Weakness: Since encryption depends only on the key and IV, if IV is reused, the keystream is the same, making it vulnerable to plaintext recovery.
CTR Mode
Uses a counter value instead of chaining:
C_i = P_i ⊕ E(K, Counter_i)
Weakness: If the same counter and key are reused, the ciphertexts can be XORed together to reveal plaintext.
Birthday Paradox
If a hash function has N = 2^n outputs, collisions happen at sqrt(N)=2^(n/2) rate
Weak collision resistance
Given a specific key X, it’s infeasible to find a X’ where they hash to the same
Strong collision resistance
It’s infeasible to find any X and X’ where they hash to the same value
Global Offset Table
Stores the addresses of library functions, lazy so only resolves when first called
GOT Risks
Overwriting a GOT entry lets us redirect to malicious code
LD_PRELOAD hijacking
Replace a library function with a custom shared library to run instead
Linux ACM
DAC: Users control file permissions
Linux file permissions
Uses UGO model (user, group, other), each FILE has read, write, execute permissions for each of those
Linux ACLs
Access control lists used in linux, we can grant fine-grained permission to specific users
Linux Root/Sudo
Root has full control, sudo lets non-root run as root
Windows ACM
Uses access control lists for everything, can use role-based in some scenarios
Windows ACLs
Each file and object has a ACL, explicit allow/deny rules
Windows NTFS
Uses ACLs to define our granular permissions, like read/write/modify/execute
Windows Inheritance ACLs
Child objects inherit permission from their parent directories
How are RWX permissions set
chmod, u+rwx,g+rwx,o+rwx file.text
What are setUID/setGID?
u+s lets you run with file owner privileges, g+s lets you run with group priveleges/make files inherit group, if misconfigured allows for escalation
File copies in Windows
File inherits permissions from DESTINATION not original file, also same if you move a file between different volumes
Linux sticky bit
Ensures only the owner can delete/rename even if world-writeable, stops meddling in shared dirs
Integer overflow
When we pass our int-max we overflow into int-min
Two’s complement
Most significant bit is the sign bit, 01111111 (127)+1=10000000 which is -128
Format string attack
printf can allow us to use %x to read memory addresses, %n to write to memory if we forget to explicitly include our format strings.
Caesar cipher
Shift forward by fixed secret key n spaces.
Cracking Caesar cipher
Shift by all 25 possible shifts, or frequency analysis if we reuse keys
Substitution cipher
Fixed mapping for each letter to another letter, for example A->M, B->H, C->P…
Cracking substitution cipher
Frequency analysis and pattern recognition, notice common letters like words ending in S, one-letter words being A or I, repeating phrases like signatures or common words
Vigenere Cipher
Take a word or string of numbers, use that repeated shift. For example we have 3 12 4 1, shift the first letter by 3, second one by 12, third by 4, fourth by 1, fifth by 3 again, and so on
Cracking Vigenere cipher
Find the key length via repeated patterns, treat it like a Caesar cipher for each letter mod n
Reusing a OTP
Let us have two plaintexts P1, P2, OTP key K. Encrypt both with K into P1 and P2. Now, if we XOR these together the keys cancel out and we end up with P1 XOR P2, which is usually close enough to allow us to crack it
Block cipher
Encrypt in fixed-size blocks instead of bit-by-bit
DES
56-bit key 64-bit blocks, but brute-forcing is easy since we have relatively few keys and our computers are way better than the 70s
3DES
Apply 3 different keys to it but still slower and weaker than AES, plus if we’re not careful we can meet-in-the-middle it
AES
128-block, key sizes 128, 192, or 256 bits, brute-forcing currently impossible
RSA Finding Keys
- Pick primes p, q
- Compute n=p*q
- Compute phi(n)=(p-1)(q-1)
- Pick public key e coprime with phi(n)
- Pick private key d which is equal to e inverse mod phi(n), so d*e is 1 mod phi(n)
RSA Encryption/Decryption
Start with message m, public key pair (e,n). Compute m^e mod n to get our encrypted message c.
Decrypt with private key pair (d,n), take c^d mod n to get m.
Totient Computation
n(1-1/p1)(1-1/p2)(1-1/p3) and so on.
For example, if we have 2^53^75^2, we take 2^53^75^2(1-1/2)(1-1/3)(1-1/5) which equals 2^51/23^72/35^24/5 = 2^53^654=2^73^6*5=466560
How does Diffie-Hellman work?
Agree on prime p and base g Alice picks secret A, sends g^A mod p to Bob
Bob picks secret B, sends g^B mod p to Alice
Alice computes (g^B mod p)^A = g^(BA) mod p
Bob computes (g^A mod p)^B = g^(AB) mod p
If they’re equal we’ve done it
Euler’s Theorem
If a, n coprime, then a^phi(n) mod n is 1. Therefore, a^x mod n is equal to a^(x mod phi(n)) mod n.
Example: 3^111 mod 11, phi(11)=11-1=10, so 3^10 mod 11 is 3^0=1. Now, 111 mod 10 is 1, so 3^111 mod 11 = 3^1 mod 11 = 3.
What is a rootkit?
A stealthy malware that enables attackers to maintain privileged access to a system while hiding its presence.
What is the difference between a virus and a worm?
A virus attaches to files and needs execution, while a worm spreads independently over networks.
What is the difference between polymorphic and metamorphic viruses?
Polymorphic viruses mutate encryption each infection. Metamorphic viruses rewrite their own code.