Chapter 8 Flashcards
What is the importance behind information security?
Keep information safe
Control access to authorized people only
What are physical aspects of security?
lock doors
maintain control of devices
What are some aspects of online security?
Secure assembly language
Secure operating system
Secure network
Are threats online more or less dangerous than threats to physical items?
Online threats are often more dangerous
What are hackers generally after
easily accessible data
What is the purpose of identification?
establishing identity
What two pieces of information are generally required for authentication
Usernames and Passwords
How are password files usually secured
Using a hash function and one way encryption
What is an example of a hashfunction/one way encryption
Example: password = badboy2
Replace letters by numbers: 2 1 4 2 15 25 2
Add digits: 2 + 1 + 4 + 2 + 15 + 25 + 2 = 51
Remainder of sum/7: 51 mod 7 = 2
Add 1 and multiply by 9: (2 + 1) × 9 = 27
Reverse digits and convert to letters: 72 = gb
Is storing passwords in plaintext considered secure?
no
What occurs on login during the authentication process
Read username and password
Look up entry for username in a password file
Hash input password and compare
What is the more secure method of password storage
Keep password creation time
Add creation time to password before hashing
Identical passwords won’t hash to identical values
What are three common ways that passwords are targeted and attacked
- Guess password, brute force or from knowledge
- Steal password file and use password cracking software
- Social engineering: get a person to tell their password
What are some common ways to guess someones password or brute force it
Try common passwords (e.g,123456)
Try personal references (e.g., pet name)
Try all possible passwords (computationally difficult)
How does password cracking software work
Tries words and word combinations, millions of password possibilities per second
How do you use social engineering to attack someones password
get a person to tell password
What are some other authorization authentication methods
Answer personal information question
Biometric information (fingerprint or retinal scans)
One-time password scheme
Dual authentication
Describe the one-time password scheme
User enters ID and a partial password
System or user device generates last half of the password
Last half of the password is good for only a few seconds
Describe dual authentication
Temporary code or password is sent to a trusted device
What is authorization
set of permitted actions for each authorized person
What type of control access is maintained in the operating system
Read access (read a file) Write access (modify a file) Execute access (run a program) Delete access (remove a file)
What type of access does a system administrator or superuser have
They have universal access and can set up authorization
What is malware
malicious software arriving from the network
What is a virus
program embedded within another program or file, replicates itself and attacks other files
What is a worm
program that can send copies of itself to other nodes on the network
What is a trojan horse
program that seems beneficial but hides malicious code within it
What is a keystroke logger trojan horse
Records all keys typed
What is a keystroke drive-by-exploit/drive by download
Trojan horse downloaded by simply visiting an infected website
What does DOS stand for
Denial of service
What occurs during a denial of service attack
many computers try to access the same URL at the same time
Why is a denial of service attack a problem
Clogs the network, prevents legitimate access, and causes the server to crash
Distributed DoS uses thousands of computers
What is the use of a zombie army in a denial of service
Uses a zombie army (botnet): many innocent computers infected with malware
What is phishing
Obtain sensitive information by impersonating legitimate sources
What is the most common phishing technique
By email
What are “white hats”
White hats are security experts and those who work to help protect systems from attackers.
What are “black hats”
Black hats are individuals or groups who work toward getting around security to steal information, get money, or do other nefarious, immoral, and illegal acts.
What is cryptography
science of “secret writing”
What is encryption and decryption
Convert from plaintext to ciphertext and back again
What is a symmetric encryption algorithm
A secret key shared by the sender and the receiver
Same key is used to encrypt and decrypt
What are the two types of keys used in asymmetric encryption algorithm
Uses two keys: public and private
What is the public key used for in asymmetric encryption algorithms
The public key (generally known) is used to encrypt
What is the private key used for in asymmetric encryption algorithms
The private key (known only to the receiver) is to decrypt
What is the caesar cipher (Shift cipher)
Map characters to others a fixed distance away in the alphabet - shift 3 characters forwards
Example: AE, BF, CG…UY, VZ, WA
How does a stream cipher work
encode each character as it comes
How does a substitution cipher work
Similar to a caesar cipher but implements other mapping techniques
What are the pros of a substitution cipher
Easy and fast, can do it character by character
What are the cons of a substitution cipher
Letter frequency, double letters, still pertain and make it easy to break
What is a block cipher
Block of plaintext encoded into a block of ciphertext
Each character contributes to multiple characters
Describe a (matrix based) block cipher
Group characters into blocks n characters long
Find invertible n by n matrix, M, and its inverse, M′ as keys
Map characters to letters A1, B2, etc.
Wrap values 26 and above back to zero: 260, 271, etc.
What is the algorithm for encoding
Apply S mapping to plaintext block.
Multiply result times M, applying wraparound.
Apply S’ to the result.
What is the algorithm for decoding
Apply S mapping to ciphertext block.
Multiply result times M’, applying wraparound.
Apply S’ to the result.
What is the data encryption standard
Symmetric encryption algorithm
What type of data was the data encryption standard designed for
Digital data
What type of encryption standard was designed for plain text?
Binary String
What does the Data encryption standard use as a key
Uses 64-bit binary key (56 bits actually used)
How many rounds of manipulations does the data encryption standard perform
Sixteen rounds of the same series of manipulations
How does decryption work with the data encryption standard
Decryption uses the same algorithm; keys in reverse
Describe the efficiency, speed and drawbacks of using the data encryption standard
Fast and effective but requires shared key
56 bits is too small for modern technology
What is similar and different about the advanced encryption standard
uses a similar approach; longer keys than the data encryption standard
What are the manipulations that occur during the data encryption standard
Split string Duplicating some bits Omit some bits Permute bit order Combine bit strings with XOR (exclusive OR)
How do you create a RSA key for public key systems
Pick 2 large prime numbers: p and q
Compute n = p× q, and m = (p - 1)× (q - 1)
Choose large number e at random so that e and m are relatively prime (no common factors except 1)
Find unique value d, between 0 and m, such that
(e × d) modulo m = 1
Public key = (n, e); Private key = d
Describe the process of RSA encryption
Given public key (n, e)
Convert message to integer P
Calculate C = Pe modulo n
Describe the process of RSA decryption
Given private key d
Calculate Cd modulo n
What does ecommerce require
Ecommerce requires secure transmission of names, passwords, and credit card numbers
What are the web protocols involved in ecommerce
SSL (Secure Sockets Layer) and TLS (Transport Layer Security)
What occurs when SSL (Secure Sockets Layer) and TLS (Transport Layer Security)
are used
Client-server applications
Server provides certificate of authentication and server’s public key
Client sends its DES key, encrypted using RSA
Data is sent encrypted by the (now shared) DES key
What are the general steps for web transmission security?
- client initiate TLS/SSL, request RSA/DES encryption
- Authentication certificate, acknowledge RSA/DES and server public key by web server
- client sends DES key, encrypted with server’s public key
- Web server sends acknowledgement encrypted with DES key
- SECURE DATA EXCHANGE BETWEEN CLIENT AND WEB SERVER
What is an embedded computer
special-purpose, limited computers in other systems
What are some examples of embedded computers
Examples: automobiles, smart appliances, remote controls, and patient monitoring systems
What is the new trend with embedded computers
Connect embedded computers to a network to allow for the transmission of data and receive updates
What could occur if embedded systems were targeted
Targeting embedded systems could cause chaos
Change thermostats, disrupt patient care, or disable aircraft or automobiles
What is the most common asymmetric algorithm?
RSA is the most common asymmetric algorithm
What are DES, AES based on (mathematically)
XOR (its true if an odd number are true, if it is an even number it isn’t true)