Chapter 8: Security in Computer Networks Flashcards
Which property of secure communication is described below?
Only sender & intended receiver should “understand” message contents.
1. Sender encrypts message
2. Receiver decrypts message
Confidentiality
Which property of secure communication is described below?
Sender & receiver want to confirm each other’s identity
Authentication
Which property of secure communication is described below?
Sender & receiver want to ensure message not altered, in transit / afterwards, without detection
Message integrity
Which property of secure communication is described below?
Services must be accessible & available to users
Access & availability / Operational security
What act that a “bad guy” can do, is described below?
Intercept messages, or delete or modify them
Eavesdrop
What act that a “bad guy” can do, is described below?
Putting message into connection
Insertion
What act that a “bad guy” can do, is described below?
Faking (spoofing) source address or other fields in a packet
Impersonation
What act that a “bad guy” can do, is described below?
“Taking over” ongoing connection by removing sender/receiver, and inserting themselves in their place
Hijacking
What act that a “bad guy” can do, is described below?
Preventing a service from being used by others
Denial of service
Which type of attack for breaking an encryption scheme is described below?
When the “bad guy” has a ciphertext that they can analyze
Ciphertext-only attack
Which type of attack for breaking an encryption scheme is described below?
A cipher text-only attack where the attacker search through all keys
Brute force
Which type of attack for breaking an encryption scheme is described below?
When the attacker has a plaintext corresponding to a ciphertext
Known-plaintext attack
Which type of attack for breaking an encryption scheme is described below?
When the attacker can get the ciphertext for a chosen plaintext
Chosen-plaintext attack
What is the type of cryptography where the sender and receiver share the same key, K, called?
Symmetric key cryptography
What’s this cipher called?
A cipher that substitutes one thing for another
Substitution cipher
What’s this cipher called?
A cipher that substitutes one letter for another
Monoalphabetic cipher
What is the US encryption standard with a 56-bit symmetric key, 64-bit plaintext input and block cipher with cipher block chaining called?
Data Encryption Standard (DES)
What do we call chaining where data is encrypted in specific blocks, and each block is dependent on the blocks before it for decryption?
Cipher block chaining
What do we call the symmetric key NIST standard that replaced DES, processes data in 128 bit blocks & uses 128, 192, or 256 bit keys?
Advanced Encryption Standard (AES)
What do we call the sort of cryptography where the sender & receiver don’t share a secret key, but use a public encryption key known to all & a private decryption key known only to the receiver?
Public key cryptography
If given the public key in public key cryptography, should one be able to compute the corresponding private key?
No, the fact that this should be impossible is one of the requirements for public key encryption algorithms
What do we call the cryptographic technique analogous to hand-written signatures?
Digital signatures
What attribute of digital signatures is described below?
The recipient can prove to someone that the sender & no one else must’ve signed the document
Verifiable / non-forgeable
What cryptography technique that ensures message integrity has the following goal?
Fixed-length, easy-to-compue digital “fingerprint”
Message digest
What do we call the cryptography technique that ensures message integrity by giving a fixed sized result after applying a hash function, H, to a message, m?
Message digest
Given a message digest x, it should be computationally infeasible to find another m such that…
x = H(m)
Is internet checksum a good or bad cryptopgrahy function?
Bad
What hash function has the following fault?
It’s easy to find two messages with the same hash value given a message with a hash value
Internet checksum
Give the definition:
An authority that binds a public key to a particular entity
Certification Authority (CA)
Which attribute(s) of secure communication does sending an e-mail in the following way ensure?
Using symmetric key cryptography
Confidentiality
Which attribute(s) of secure communication does sending an e-mail in the following way ensure?
Using symmetric key cryptography & a digital signature
Integrity & authentication
Which attribute(s) of secure communication does sending an e-mail in the following way ensure?
Using 3 keys; one private key for the sender, one public key for the receiver & one new symmetric key
Integrity, authentication & confidentiality
Which protocol is this?
A widely deployed security protocol that adds security to the transport layer and is above this layer. Provides an API that any application can use & secures a stream of any data.
Transport Layer Security (TLS)
How does TLS provide confidentiality?
Via symmetric encryption
How does TLS provide integrity?
Via cryptographic hashing
How does TLS provide authentication?
Via public key cryptography
Give the definition:
Data as a series of records, not just one-time transactions
Stream data transfer
What requirement of a TLS protocol is this?
Sender & receiver use their certificates & private keys to authenticate each other, exchange or create shared secrets.
Handshake
What requirement of a TLS protocol is this?
Sender & receiver use shared secret to derive set of keys
Key derivation
In the key derivation stage of a TLS protocol it uses two different keys for what 2 purposes?
- Message Authentication Code (MAC)
- Encryption
What requirement of a TLS protocol is this?
Stream data transfer
Data transfer
What requirement of a TLS protocol is this?
Special messages to securely close connection
Connection closure
To resolve the issue of where MAC goes, since if it’s at the end there’s no message integrity until all data’s received and the connection’s closed, when encrypting data “in-stream” as written into TCP socket, the stream is broken into a series of…
records
Give the definition:
Algorithms that can be used for key generation, MAC & digital signatures
Cipher suite
Which version of TLS is this?
Combined encryption & authentication algorithm that only has 5 cipher choices, requires Diffie-Hellmann for key exchange & uses HMAC, that uses SHA as its cryptographic hash function.
TLS 1.3
Give the definition:
A disjoint network dedicated to a particular institution
Private network
Give the definition:
When an institution’s inter-office traffic is sent over public Internet, and the traffic is encrypted before entering the public Internet & logically separate from other traffic
Virtual Private Network (VPN)
Give the definition:
Provides datagram-level encryption, authentication & integrity for both user and control traffic
IPsec
Which mode of IPsec is this?
Only datagram in payload is encrypted & authenticated
Transport mode
Which mode of IPsec is this?
1. Entire datagram is encrypted & authenticated
2. Encrypted datagram is encapsulated in new datagram with new IP header & tunneled to destination
Tunnel mode
Which protocol for an IPsec service model is this?
Provides source authentication & data integrity but not confidentiality
Authentication Header (AH) protocol
Which protocol for an IPsec service model is this?
Provides source authentication, data integrity & confidentiality. More widely used then the AH protocol.
Encapsulation Security Protocol (ESP)
Is this a step in authentication & encryption for a 4G or a 5G network?
MME in visited network makes authentication decision
4G
Is this a step in authentication & encryption for a 4G or a 5G network?
Home network provides authentication decision
5G
Is this a step in authentication & encryption for a 4G or a 5G network?
Uses shared-in-advance keys
4G
Is this a step in authentication & encryption for a 4G or a 5G network?
Keys not shared in advance for IoT
5G
Is this a step in authentication & encryption for a 4G or a 5G network?
Device IMSI transmitted in cleartext to BS
4G
Is this a step in authentication & encryption for a 4G or a 5G network?
Public key crypto used to encrypt IMSI
5G
Give the definition:
Isolates an organization’s internal network from larger Internet, allowing some packets to pass & blocking others
Firewall
Give the definition:
Attacker establishes many bogus TCP connections, so that there are no resources left for “actual” connections
SYN flooding
What type of firewall is this?
Internal network is connected to Internet via router firewall. Filters packet-by-packet, and makes the decision to forward/drop a packet based on several criteria.
Stateless packet filtering
Give the definition:
Table of rules that’s applied top to bottom of incoming packets: action & condition pairs
Access Control Lists (ACL)
What type of firewall is this?
Tracks the status of every TCP connection and determines whether an incoming or outgoing packet “makes sense” by tracking connection setup (SYN) and teardown (FIN). No longer admits packets after timeout of inactive connections at firewall. Augments ACL to indicate need to check connection state table before admitting packet.
Stateful packet filtering
What type of firewall is this?
Filters packets on application data as well as on IP/TCP/UDP fields
Application gateway
Give the definition:
When the router can’t know if the data “really” comes from the claimed source
IP spoofing
