Intro to Cybersecurity

Question 1

4 types of assets

Answer 1

• hardware
• software
• data
• communication links

Question 2

7 steps of the design process

Answer 2

1) ID assets
2) ID stakeholders
3) ID adversaries
4) define attack surface
5) research each path of attack surface
6) design solutions for each path
7) analyze the proposed solution (effectiveness and whether its worthwhile)

Question 3

5 components of the NICE Framework

Answer 3

• Identify
• Protect
• Detect
• Respond
• Recover

Question 4

NICE Framework - Identify

Answer 4

ID your situation (id assets, stakeholders, adversaries, and attack surface)

Question 5

NICE Framework - Protect

Answer 5

design, analyze, implement and pen test solutions

Question 6

NICE Framework - Detect

Answer 6

constantly monitor both external and internal signals to allow for timely detection

Question 7

NICE Framework - Respond

Answer 7

what is the response protocol (what actions do you take) when something is detected

Question 8

NICE Framework - Recovery

Answer 8

• contain the damage
• assess the damage
• follow a recovery strategy

Question 9

Equation for Caesar’s Cipher and number of possible keys

Answer 9

c = (m + k) mod 26

26 possible keys

Question 10

brute force cost for breaking cipher

Answer 10

[#of possible keys * (cost per decryption attempt + cost of verification)] / parallelization factor

Question 11

Affine Cipher equation and number of possible keys

Answer 11

c = am + b

m = (c-b) * a**-1 mod 26

26 x 12 = 312 because phi(26) = 12 so then there are 26 possible values for b and 12 possible values for a

Question 12

Shannon’s Principles (3)

Answer 12

• define the objective in a rigorous manner
• determine your assumptions
• prove that your methods satisfy the objective given the stated assumptions

Question 13

equation and assumptions for one-time pad

Answer 13

c = m (XOR) k

• m and k are encoded in binary
• k is never recycled
• the key is sampled from a uniform random distribution (its truly random)

Question 14

DES specifications

Answer 14

key size: 56 bits
message size: 64 bit blocks
# of rounds: 16

key size is TOO small susceptible to brute forcing

Question 15

Meet-in-the-middle attack

Answer 15

for a double DES with keys k1 and k2.

A brute force decryption of m for all possible k1 is done in parallel to a brute force decrpytion of c for all possible k2.

adversary then can verify by looking for where Enc(m, k1) = Dec(c, k2)

Since the encrpytion and decryption are done in parallel, we only get 257 bits of security (2 * 256)

Question 16

Breaking Triple DES

Answer 16

assume the output of DES #1 is z1 and the output of DES #2 is z2

Do a brute force encryption of m for all k1 to obtain all possible z1 and brute force decryption of c for all k3 to get all possible z2 (2**57)

Then for each of the 2**56 z1 we have to a do a brute force encryption for all k2. (done in series with the brute forcing to obtain all z1)

257 * 256 = 2**113

Question 17

AES specifications

Answer 17

key size: 256 bits
block size: 128 bits
rounds: 14

Question 18

How to encrypt with CBC

Answer 18

IV (XOR) b1 then encrypt to produce c1.

c1 (XOR) b2 then encrypt to produce c2

and so on

Question 19

how to decrypt CBC

Answer 19

decrypt c2 and then
c2 (XOR) c1 to get b2

in parallel

decrypt c1 and then
c1 (XOR) IV to get b1

Question 20

how to encypt in Counter mode

Answer 20

Enc(IV) (XOR) b1 = c1

Enc(IV + 1) (XOR) b2 = c2

Question 21

decrypt in Counter mode

Answer 21

Enc(IV) (XOR) c1 = b1`

Enc(IV + 1) (XOR) c2 = b2

Question 22

2 Downsides of CBC

Answer 22

• encryption is done in series which makes it MUCH slower

- errors propagate through

Question 23

1 Downside of counter mode

Answer 23

-since blocks are encrypted in parallel, the sender and receiver of the message need to be synchronized. Without synchronization there is no way to ensure that encrypted blocks are received in the correct order

Question 24

3 benefits of Counter mode

Answer 24

• only need 1 function to encrypt and decrypt (because they are done the same way)
• parallel encryption prevents the propagation of errors
• all of the values Enc(IV + i) can be pre-computed!

Question 25

what is a stream cipher?

Answer 25

produce a “stream” of bits from a PRNG using a true random seed (denoted tr) (each bit from the PRNG is denoted as pr) and do

c= m (XOR) pr

THEY ARE SUPER FAST

Question 26

How to do CBC Mac

Answer 26

do CBC as with encryption but only keep the last ci that is generated as the tag

Question 27

what is the Merkle-Damgard approach?

Answer 27

its a paradigm used to create collision resistant hash functions

h represents a compression function (take two inputs and output something that is the length of one of the inputs)

h(IV, m1) = z1 and then
h(z1, m2) = z2
h(z2, (m2 || padding)) = hash function digest

Question 28

HMAC equation

Answer 28

H’(k0 || H(m || ki))

• H & H’ are cryptographic hash functions
• k0 and ki are two keys derived from k (typically 256-bits) that have been XOR with two carefully selected prime numbers that are constants

Question 29

3 different ways to combine encryption and integrity

Answer 29

• MAC then Enc (generate tag from plaintext and then encrypt m || t and send only the ciphertext)
• Enc then MAC (generate tag from ciphertext and send ciphertext and tag)
• Enc and MAC in parallel (generate tag from plaintext and send off tag and ciphertext)

Question 30

What is the benefit of encrypt then MAC?

Answer 30

The system receiving the message does not perform decrpytion until the message has been verified. As a result, we stop the chosen ciphertext adversary because if they try to feed some ciphertext into our system (to see the decrpyted output) the verification will fail (because they cannot generate a valid tag) and they will not be able to see the resulting decryption. This elevates the confidentiality of our system

Question 31

How does Kerberos key exchange work?

Answer 31

Person A sends a request to the KDC (it include a random nonce N)

the KDC (using a master key that both it and A have denoted ka) replies back with Enc[ka](ks, N, Enc[kb](IDb, ks))
ks = the session key generated by the KDC
N = the nonce sent to the KDC by A (prevents a replay attack)
kb = the master key of Person B
IDb = the ID of person B
Enc[kb](IDb, ks) = the "ticket"

Person A sends the ticket to Person B. Person B can use their master key kb to decrypt the ticket and get the session key ks. Since B is able to decrypt the ticket, B knows that it must have come from the KDC.

Person B sends Encks to Person A. If person A is able to decrpyt this message, then A knows that it must have come from B because encrypting with the proper ks implies that the sender has kb (i.e. decrpyted the ticket)

Then communication continues using ks

Question 32

What is the discrete logarithm?

Answer 32

k = log[a]b mod N

given a, b and N, find k

Question 33

what is Diffie-Hellman?

Answer 33

a “key exchange” method in which both side derive the key independently

A and B have secret values xa and xb respectively. Assume there are two agreed upon prime numbers P and G such that xa < P and xb < P

A and B also have public values Ya and Yb such that

Ya = gxa mod P and Yb = gxb mod P

A and B then exchange their public values with one another.

A can derive a secret key k = Ybxa
B can derive the same secret key k = Yaxb

Ybxa = Yaxb

Question 34

Issues with diffie-hellman?

Answer 34

• it relies on the assumption that the discrete logarithm is a difficult problem (it is not always difficult)
• the communication channel between A and B does not have any form of authentication making it succeptible to man-in-the-middle attacks

Question 35

RSA setup

Answer 35

• pick two prime numbers p and q
• generate N = pq (where N is at least 2048 bits in size)
• phi(N) = (p-1)(q-1)
• e is a number coprime with phi(N) (aka the only prime number that both are divisible by is 1) (e is normlly 65537)
• define d such that (e*d) mod phi(N) = 1

Enc(m) = m**e mod N = c
Dec(c) = m**d mod N = m

public key (e, N)
private key (d, N)

Question 36

4 issues with RSA

Answer 36

• integer factorization is not diffiucult for quantum computers [has O(n) complexity]
• the performance is terrible because m**e is a HUGE number and then mod N (which is also huge) is also an expensive operation
• since encryption is done in parallel the ordering of the block is difficult to manage
• having to frequently call the PRNG for OAEP padding drains the entropy pool

Question 37

Concept of digital signatures using RSA

Answer 37

what if I could show that I am the sender of a given message in way that my signature is completely unique to me but anyone can verify that it is in fact my signature.

In other words a valid signature (denoted sigma)-message pair should only be able to generated if my RSA private key value d is known

Question 38

Equation for generating digital signatures

Answer 38

Sign Message
sigma = H(m)**d mod N

Verify Signature
sigma**e mod N = H(m)

Question 39

3 authentication types

Answer 39

What you know = passwords
What you have = some object
Who you are = biometrics