Midterm 1

Question 1

What does STRIDE stand for?

Answer 1

Spoofing user identify
Tampering
Repudiation
Information disclosure (privacy breach or data leak)
Denial of service (DoS)
Elevation of privilege

Question 2

What names do they use for the bad guys in computer security? What do they mean?

Answer 2

Eve – eavesdropper (passive attacker)
Mallory – active attacker
Trudy – intruder

Question 3

What names do they use for the good guys in computer security?

Answer 3

Alice and Bob (no apparent meaning)

Question 4

What kinds of defenses are there in computer security?

Answer 4

Confidentiality – prevent unauthorized access to data (reading)
Integrity – detect unauthorized modification/creation of data (writing)
Availability – prevent DoS attack, data delivered in timely manner and available when requested.

CIA is the acronym

Question 5

What two components are there to access control? What do they entail?

Answer 5

Authorization – Is this really Alice or Bob?

Authentication – Does this user have authorization to complete the requested action?

Question 6

What does repudiation/non-repudiation mean as a computer security threat?

Answer 6

Ability to later deny that an activity took place, or prevent someone from denying that an activity took place. In other words, covering your crimes or framing others for crimes. Involves cryptographic evidence used in court.

Question 7

What are the three facets (sides) to security?

Answer 7

Prevention
Detection
Reaction

PDR

Question 8

What is the principle of least privilege?

Answer 8

A system, application, or user should have permissions to do just what it needs to do and no more.

Question 9

Why should there be redundancy in security?

Answer 9

You should always assume partial failure. Assume one layer of security will not always work. Use firewall, antivirus, disk encryption, and more all on top of each other.

Question 10

What is an attack tree?

Answer 10

Used to reason about the threats to a system. Root node is the goal of attacker while child nodes are all the ways to achieve that goal. (More child nodes = more risk? Slide isn’t clear.)

Question 11

What is security through obscurity?

Answer 11

Relying on the secrecy of the design of a system/sub-system as the main source of security. (Closed source code with/using code obfuscation – making it nonsensical?)

Question 12

What is security through minority?

Answer 12

Using an unpopular tool. Attackers won’t know their way around it.

Question 13

What does cryptography mean?

Answer 13

Hidden writing

Question 14

What are the four cryptographic primitives (with acronyms)?

Answer 14

Symmetric Encryption (AES)
Public-Key Cryptography (RSA)
Secure One-Way Hash (SHA-256)
Message Authentication Code (MAC)

Question 15

Name the three modern, strong encryption ciphers in the slides.

Answer 15

AES
RSA
Salsa20

Question 16

What does encryption mean?

Answer 16

Transforming information so that its meaning is hidden. Requires “special knowledge” to retrieve.

Question 17

What is the Caesar Cipher?

Answer 17

Shifting each letter in a message down a fixed number of spaces in the alphabet. (3 shifts right would turn A’s into D’s, D’s into G’s, ect.). Easily broken with a brute force approach. Only 25 different combinations in the English alphabet.

Question 18

What is the Vigenère cipher

Answer 18

Using many Caesar Ciphers based on a key. Using a table of the alphabet, showing all 26 different combinations in tables and rows, use the row for the plaintext letter and the column of the corresponding key letter. The intersection of the row and column is the ciphertext letter. To decrypt, use the letter in the key to determine the column and find the corresponding letter in the ciphertext in that column. The row you end up on is the plaintext from the original message.

Question 19

Describe the symmetric encryption model.

Answer 19

Alice and Bob both have the same key to lock and unlock a message. Alice encrypts the message with her key and sends a message to bob. The message is secure on the way to Bob, and then bob decrypts the message with the same key. Bob can now read the plaintext. The key must be kept secret for this to be secure.

Question 20

What is a cryptographic hash function?

Answer 20

A function that takes data of any size and converts it into a “hash” (unreadable characters) that is a fixed size. This is typically one way and cannot be converted back to its original plaintext. Useful for passwords.

Question 21

Describe message authentication code (MAC)

Answer 21

A message is sent through a MAC algorithm, which produces a unique output that only that message can produce. The message is sent with its unique output to a destination. The message is then sent through the same MAC algorithm. If the outputs are different, the message is proven different from the original and has been tampered with. Verifies the integrity of a message.

Question 22

Describe public-key encryption (asymmetric encryption)

Answer 22

Alice and Bob each have a different public and private key. Information encrypted with the public keys can only be decrypted using the private keys, and information encrypted with the private keys can only be decrypted using the public keys. That means Alice can send a message encrypted with her private key, and only those with her public key can see it. Alice can also access messages Bob sends if she has access to his public key. (Might be incomplete definition.)

Question 23

What does AES stand for?

Answer 23

Advanced Encryption Standard

Question 24

What is affine transformation?

Answer 24

A transformation consisting of multiplication by a matrix followed by the addition of a vector

Question 25

What is a “block” in the context of the AES?

Answer 25

A sequence of binary bits that comprise the input, output, State, and Round Key. The length of a sequence is the number of bits it contains. Blocks are also interpreted as arrays of bytes.

Question 26

What is a cipher?

Answer 26

Series of transformations that converts plaintext to ciphertext using the Cipher Key

Question 27

What is a cipher key?

Answer 27

Secret, cryptographic key that is used by encryption algorithms to make the output unique to that key. In AES, the key is used in the Key Expansion routine to generate a set of Round Keys; can be pictured as a rectangular array of bytes, having four rows and Nk columns. (Nk is the number of 32-bit words in the key. For reference, byte is 8 bits, word is 16 bits, doubleword is 32 bits, quadword is 64 bits. So Nk is number of doublewords. Total bits in cipher key divided by 32. Nk can be either 4, 6, or 8 in this standard, total of 128, 192, or 256 bits in the key.)

Question 28

What does Nk represent in the AES? What are its possible values?

Answer 28

Nk is the number of 32-bit words in the cipher key. For reference, a byte is 8 bits, a word is 16 bits, a doubleword is 32 bits, and a quadword is 64 bits. So Nk is number of doublewords, the total bits in the cipher key divided by 32. Nk can be either 4, 6, or 8 in this standard, for a total of 128, 192, or 256 bits in the key.

Question 29

What does Nb represent in the AES? What are its possible values?

Answer 29

Number of columns (32-bit words) comprising the State, or number of doublewords in the original plaintext. For this standard, Nb = 4, or 128 total bits. In other words, the plaintext to be encrypted or decrypted must be 16 characters long.

Question 30

Define inverse cipher

Answer 30

Series of transformations that converts ciphertext to plaintext using the Cipher Key

Question 31

What is ciphertext?

Answer 31

The unreadable product of plaintext put through a cipher so unauthorized individuals cannot interpret it. Also used an input to the inverse cipher to be converted back to plaintext.

Question 32

Describe the state and its use in the AES

Answer 32

For this cipher implementation, the state is a 4 by Nb (also 4) byte array which the cipher’s transformations are performed on. It takes the 128 bit input and stores it appropriately into its 16 row and column spaces. The state indices S[r,c] are placed from the 128 bit input[r + 4c]. The cipher’s transformations are done on this two-dimensional byte array/matrix and then copied to the output like so: output[r + 4c] = state[r,c].

Question 33

What does the xtime() function do according to the FIPS 197 spec?

Answer 33

This performs a polynomial multiplication of 2. It is done by passing in the bits associated with the polynomial, performing a left shift, and performing an XOR bitwise operation on the result by {1b} (or 27, or 00011011). The XOR only happens if the most significant bit is set.

Question 34

What is the irreducible polynomial in the AES and what is it referred to as? Why is it irreducible?

Answer 34

It is referred to as m(x) = x^8 + x^4 + x^3 + x + 1, or 0x11b in hexadecimal notation. (Fill in why this is the irreducible polynomial)

Question 35

What does Nr represent in the AES? What are its possible values?

Answer 35

Nr is the number of rounds to be performed during the execution of the
algorithm. Nr is a function of Nk and Nb (just Nk in the AES implementation because Nb is constant):

Nr = 10 when Nk = 4, Nr = 12 when Nk = 6, and Nr = 14 when Nk = 8

Question 36

What are the four transformations performed on the state in the AES cipher?

Answer 36

1) Byte substitution using a substitution table (S-box) – subBytes()
2) Shifting rows of the State array by different offsets – shiftRows()
3) Mixing the data within each column of the State array – mixColumns()
4) Adding a Round Key to the State – addRoundKey()

Question 37

What are the transformations involved when making the AES key schedule?

Answer 37

With columns divisible by 4:
1) Like shift rows except with columns. Each value shifts up once in the column and wraps – rotWord()
2) Substitutes bytes with values in the sbox – subWord()
3) XOR with round constant – rcon()
Other columns after above transformations:
Equals column 4 spaces before XOR’ed with column 1 space before.

Question 38

What are the Authentication Encryption modes and how to choose them?

Answer 38

GCM – best rule of thumb. OpenSSL implementation, free and reliable, although a pain to implement personally
OCB – patented, so must pay a small fee. Sometimes used in commercial products
EAX – personal implementation (not recommended)
CCM – personal implementation (not recommended)

Question 39

What does “on-line” mean regarding Authentication Encryption modes?

Answer 39

“On-line” means you do not need to know the length of the message in advance before performing the encryption using the cipher mode.

Question 40

Describe the ECB cipher mode

Answer 40

Electronic Code Book Mode

If you need, for example, a strings of 256 bits put through the AES algorithm (only works on 128 bit strings), cut the long string in half, put them both through the algorithm, and reunite them.

Simple, can be run in parallel, but very vulnerable to attacks

Question 41

Describe the CTR cipher mode

Answer 41

Counter Mode

Encrypt values 0-n (counter) that have been concatenated with an IV/nonce (sort of like another key) through AES. Then XOR the result with the plaintext in segments.

Parallel encryption and decryption, preprocessing able to generate the keystream in advance

Question 42

Describe the CBC cipher mode

Answer 42

Cipher Block Chaining Mode

For each block of plaintext, XOR the current block with the ciphertext created from the previous block and then encrypt using AES. The first will XOR with an IV/nonce since i-1 does not exist yet.

Conceals plaintext patterns (fixes ECB), but need sequential encryption. Parallel decryption though.

Question 43

Describe the CFB cipher mode

Answer 43

Cipher Feedback Mode

x_0 is the nonce. Encrypt x_0, then XOR the first s plaintext bits with the first s result bits. Take that ciphertext and append it to the end of x_1. The beginning of x_1 that is empty is filled with the end of x_0, n-s values. Continue for all x values, where each x value is the end of the last x value + the portion s of previous cipher text.

Parallel decryption only

Question 44

Describe the OFB cipher mode

Answer 44

Output Feedback Mode

Just like CFB except the portion s placed on the end of the next x value is taken from the encryption result – not the ciphertext resulting after the XOR with the plaintext.

Preprocessing able to generate the keystream in advance

Question 45

What does IV mean in relation to cipher modes?

Answer 45

Initialization Vector
Used in some cipher modes to further encrypt a long message.
Must be known to sender and recipient
Must be random and unpredictable
Most importantly, never reuse a IV/nonce with the same key

Question 46

Which three cipher modes create a stream cipher with a block cipher?

Answer 46

CTR
CFB
OFB

Question 47

What is padding?

Answer 47

Adding bytes at the end of a plaintext input so all the blocks are of correct size. Both sending a receiving sides must be aware of the padding scheme used.

Question 48

What is a collision attack in hashing?

Answer 48

When an attacker finds two separate source messages that both hash to the same value. The expected time for this attack is 2^(n/2) where n is the number of bits in the hash digest.

Question 49

What is a pre-image attack in hashing?

Answer 49

When an attacker is given a specific hash value (usually the hash value of an intercepted message) and is asked to find a source message that hashes to that value. The expected time for this attack is 2^n where n is the number of bits in the digest.

Question 50

What properties are hash functions supposed to have?

Answer 50

1) It can be applied to a block of data of any size
2) It produces a fixed length of output
3) It is relatively easy to compute for any input
4) They should be one-way, meaning they can’t be converted back into the original message
5) Given a block of input, you should not be able to find another input that will result in the same hash value (weak collision resistance)
6) With no given inputs, you should not be able to find two inputs that will produce the same hash value (strong collision resistance)

Question 51

What do you call the inputs and outputs of a hash function?

Answer 51

Input – pre-image

Output – message digest, d, hash code, or hash value

Question 52

What is a pre-image attack?

Answer 52

First
Given a message digest, find a pre-image that produces the same digest
Property #4

Second
Given a pre-image, find another pre-image that will produce the same hash value as the first when put through the hash function
Property #5

Question 53

What is a collision attack?

Answer 53

Without any given pre-images, find two different pre-images that will produce the same hash value after being put through the hash function
Property #6

Question 54

What is GCM?

Answer 54

Galois Counter Mode

Authenticated Encryption method

It uses counter mode along with a MAC in order to encrypt a message and also authenticate it. This way, attackers can’t read the data or tamper with it. If they do tamper with it, the MAC will be different on the receiving end and the recipient will know the message has been changed.

Question 55

What is EtM?

Answer 55

Encrypt-then-MAC

Encrypt plaintext to get the ciphertext. Put the ciphertext through the hash function to get the MAC and append it to the ciphertext.

Used in SSHv2

Question 56

What is E&M?

Answer 56

Encrypt-and-MAC

Put the plaintext through both the encryption and hash function. Concatenate the results.

Used in SSH

Question 57

What is MtE

Answer 57

MAC-then-Encrypt

Put the plaintext through the hash function and append it to the original plaintext. Put that through the encryption process to get the ciphertext.

Question 58

What is EAX mode?

Answer 58

Uses counter mode and OMAC (One-key MAC) as an AEAD like GCM

Question 59

What is AEAD?

Answer 59

Authenticated Encryption with Associated Data

Provideds confidentiality, integrity, and authentication with associated data (e.g. message header), unlike just AE which doesn’t offer integrity. In other words just authenticated encryption ensures nobody will read data, but AEAD makes sure nobody has tampered with the data being sent either.

Question 60

What other uses are there for padding besides making message blocks appropriate sizes?

Answer 60

Disguise identical messages

Disguise message length

Question 61

What is diffusion in cryptography?

Answer 61

1 different bit making a big difference in the result after being encrypted.

Question 62

What are some useful applications of hashes?

Answer 62

Human-readable method to compare/verify data
Chaining events together – blockchain (ie Bitcoin)
Digital signatures and message authentication codes
Fundamental building block of many secure protocols

Question 63

Which current hash functions have been broken? Which are safe?

Answer 63

MD5 and SHA-0 have been broken and are not safe

SHA-1 has a weakness found and is not recommended

SHA-2 and SHA-3 have no known flaws (SHA-3 is backup plan if SHA-2 fails)

Question 64

Describe Merkle-Damgard Construction:

Answer 64

Look this up and describe

Question 65

What is a bit flipping attack?

Answer 65

An attacker flips bits on a ciphertext, so although they cannot read the message, the message has been altered so the receiver cannot read the real thing.

Question 66

What is an HMAC algorithm?

Answer 66

A shared key is attached to a message and the whole thing is sent through a hashing algorithm. The result is appended to the message and the shared key is left out went sent to its destination. When the message is received, the receiver can attach their shared key to the message without the MAC and compare the result with the message’s MAC. If they are the same, the message is authentic.

Question 67

What is recommended for use regarding encryption and using a MAC?

Answer 67

If you just need a MAC, use HMAC. If you need encryption and a MAC, use AEAD.

Question 68

What is Kerckhoff’s Principle?

Answer 68

A cryptosystem should be secure even if everything about the system, except the key, is public knowledge