Chapter 7: Security in pervasive systems

Question 1

What is Information Systems Security?

Answer 1

• Processes and methodologies to protect information and information systems against unauthorized access
• It is essentially risk management

Question 2

How can you manage the risk of information systems?

Answer 2

Risk = Probability x Impact
Probability: f(threats, vulnerabilities)
Impact: f(assets)

Asset: anything that could be of value
Threat: Potential danger to information life cycle
Vulnerability: Weakness that provides an opportunity for a threat to be exploited

Question 3

What countermeasures / safeguards are available to mitigate potential risks?

Answer 3

• Administrative, operational or logical measures

Question 4

Is there a perfect security?

Answer 4

• No because with enough time and resources every security technology is breakable

Question 5

How can you determine Good Enough Security

Answer 5

• you need to find the minimum cost between cost for security enhancing mechanisms and expected total cost for violations
• At a certain point towards 100 % security, the costs for security mechanisms increase exponentially

Question 6

What are the components of security

Answer 6

• Security Services

- Security mechanisms

Question 7

Explain Security Services

Answer 7

A service that enhances the security of the information systems. Uses one or more security mechanisms
CIA
- Confidentiality
- Integrity
- Availability
- Authentication

Question 8

Explain Security mechanisms

Answer 8

Mechanism designed to prevent or recover from a security attack

• Encryption
• Hashing
• Digital Signatures
• Passwords

Question 9

What means confidentiality?

Answer 9

Ensuring that only authorized principals can read the information

Threat: Disclosure
Security Mechanism: Encryption

Question 10

What is encryption?

Answer 10

A transformation of plain text to cypher text

Decryption is the reverse transformation into plain text

Question 11

How does the Caesar encryption work?

Answer 11

Encryption + 3 letters shift in the alphabet
Decryption - 3 letters shift in the alphabet

Hallo -> KDOOR

Question 12

How does a symmetric cryptography work in general?

Answer 12

Message Source P ->
Encryption Algorithm E -> C=E(K,P)
Decryption Algorithm D -> P=D(K,C)

C= Cypher Text
P = Plain Text
K =  Key

Algorithms are public; security due to secrecy of the key, same key for encryption and decryption

Question 13

What are potential methods to attack encrypted data?

Answer 13

Brute Force: Try all possible decryption key until finding the correct one

Cryptanalysis: Analyze information of the cryptosystem to reduce the space of possible decryption keys

Question 14

Why do we need (public key) asymmetric cryptography

Answer 14

• Modern encryption algorithms are computationally secure (brute-force is computationally unfeasible)
• Key distribution must be secure

-> Public key (asymmetric) cryptography allows to exchange keys over an insecure channel

Question 15

How does (public key) asymmetric cryptography work?

Answer 15

Two keys per user:

• Public key can be distributed over insecure channels
• Private key is kept secret

1) Encrypt plain text with receivers public key
2) Transmit cryphertext
3) Receiver decrypts the text using its private key to obtain plain text

Question 16

Explain integrity

Answer 16

Ensures that only authorized principals can modify the information

Threat: Corruption
Mechanism: Hash, MAC code, digital signature

Question 17

What is a hash?

Answer 17

• Mathematical function that converts arbitrary long string into a string of fixed length that guarantees integrity
• easy to compute in forward direction but impossible to compute in reverse direction
• Collision resistant: no two string generate same hash

Question 18

How can attackers influence the hash?

Answer 18

• They can’t modify the hashed message that satisfies the hash
• But attackers could modify the hash

Question 19

Explain how message authentication code can create integrity

Answer 19

Message Authentication Code (MAC):

• Hash parameterized with a secret key
• Sender needs key for computation
• Receiver needs key for verification
• Attacker can’t manipulate the hash

Question 20

Explain how digital signature can create integrity

Answer 20

• Tries to recapture properties of handwritten signature
• Only the signer may generate it
• Anybody can verify its validity
• Based on Public Key Cryptography

(Encryption with senders private key and decryption with senders public key)

Question 21

Explain Availability

Answer 21

• Ensures that authorized principals can access and use the system without undue delays
  Threat: Denial of Service (DoS)
  Mechanism: redundancy, load balancing

Question 22

How can redundancy guarantee availability

Answer 22

• copies of components that take over workload in the event of failure

Question 23

How can load balancing guarantee availability

Answer 23

• Transfer workload from overloaded components to others with lighter load
• Need to take care of (System monitoring, minimize impact of maintenance, optimize performance)

Question 24

Explain Authentication

Answer 24

• Identify and verify a principals claimed identity
• Threat: Impersonation
• Mechanism: username/password

Question 25

How are passwords stored in a machine?

Answer 25

• Not directly but the hashed of a password
• Attackers can’t get a list of passwords
• Salt (extra bytes) add protection against dictionary attacks

Password + Salt Value -> Hash algorithm -> Hash value

Question 26

In what way does pervasive computing make a difference to security?

Answer 26

These dimensions are fairly new for security:
Extended Computing Boundaries:
- IoT
- 1 user-N devices

Non-intrusive

Adaptive

Context-Aware
- Location

Question 27

What are the new attack vectors emerging from ubiquitous computing?

Answer 27

• Networked computer systems become deeply embedded in the fabric of society
• New usage patterns open up new vulnerabilities (but also opportunities)
• Damage of malicious attacks become more varied and more pervasive

Question 28

Give some examples for new attack vectors of ubiquitous computing

Answer 28

• Track people through geolocated dating apps
• Internet of (evil) things (devices talk behind your back)
• Denial of Life attack (pace maker / wearables)

Question 29

What is the problem with some geolocated dating apps?

Answer 29

• They send distance of a single to the client (before that they sent the exact coordinates)

Problem:

• Create a profile in the app
• Fake three different locations
• Query the service API to find distance to a particular user
• -> Exact user location can be calculated using trilateration

Question 30

Whats the difference between Positioning and Tracking

Answer 30

Determine the spatial position of a system / person:

Positioning: entity determines its own location
Tracking: system determines entities location (privacy concern)

Question 31

What potential security issues can emerge from an wireless pacemakers?

Answer 31

Privacy:
- Access of sensitive health data

Integrity, Availability

• Change settings (disable therapies)
• Deliver command shock

Question 32

How can you track user behavior with ultrasonic?

Answer 32

• High-frequency tones (not hearable for humans) embedded in ads, web pages, retail stores
• Ultrasound beacons are gathered by user devices
• User behavior can be profiled (ads seen, physical location visited)

Question 33

What are the general security challenges?

Answer 33

Extended computing boundary:

• More computing devices increases complexity
• Heterogenous devices make standard security mechanisms harder to implement

Security services musst be context-aware too

Security needs to be integrated from the very start