Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CSE 127: Intro to Security > Midterm 2015 > Flashcards

Midterm 2015 Flashcards

1
Q

(T/F) A one-way hash function provides the property that there is only one way to verify if it is correct (i.e., using the correct cryptographic key)

A

F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

(T/F) A major advantage of public key cryptographic over shared key cryptography is that key distribution is not required

A

F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

T/F: The strength of a cryptographic key is determined by its length in bits.

A

F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

T/F: Randomly selected passwords offer protection against dictionary attacks.

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

T/F: A side channel is a flaw in the implementation of a system that allows secret information to be inferred even though it is not directly exposed via the system’s normal interface

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

T/F: Marking the memory in the heap as being non-executable (aka DEP) would protect against heap spray attacks.

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

T/F: The Diffie-Hellman key exchange protocol protects against Man-in-the-Middle attacks

A

F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

For Bob to send a confidential message to Alice using public key cryptography requires that: (select all that apply)

i. Bob know Alice’s public key
ii. Bob know Alice’s private key
iii. Alice know Bob’s private key
iv. Alice know Bob’s public key

A

i. Bob know Alice’s public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In a system with 20 computers, each of whom may need to send confidentail messages to each other, how many unique public keys must each computer maintain to support this capability? (select only one)

i. 20
ii. 19
iii. 9
iv. 10

A

ii. 19

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Suppose you wish to encrypt your own credit card number (16 numeric digits) using a standard block cipher such as AES (lets say using 256bit key size and a 128bit block size). What mode should you use the block cipher in? (select only one)

i. ECB mode
ii. CBC mode
iii. CFB mode
iv. Any of these will be equally good

A

iii. Any of these will be equally good

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A nonce is used to protect against what kind of attack in a cryptographic protocol? (select only one)

i. tampering
ii. eavesdropping
iii. replay
iv. denial-of-service

A

replay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
A

The cipher is weak because some ciphertexts excluse some potential plaintexts. For example, if E(M,K) = 3 (binary 11) then an attacker knows that M could not have been 0.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Part b) Q’s summer intern, R, suggests that James instead should use the function (M + K) mod 3. Does this solve the problem? Explain why or why not?

A

Yes because any function whose output is unform (0,1,2) for arbitrary inputs M and K will provide no information about what M is. (M + K) mod 3 will work.

Another way of saying this is:

Yes because any function whose distribution of frequency of the ciphertext is even regardless of the key will provide no information about the plaintext. (M+K) mod 3 will work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the assumptions under which stack cookies are effective at stopping buffer overflow attacks? (select all that apply)

i. The value of the stack cookie is secret
ii. The attacker must overflow the stack contiguously (i.e., they can not “skip” bytes)
iii. The stack cookie is at least as large as the largest buffer on the stack
iv. All functions validate stack cookies on function return
v. All functions validate stack cookies on function entry
vi. The stack cookie is properly salted

A

i. The value of stack cookie is secret
ii. The attacker must overflow the stack contiguously (i.e. they can not “skip” bytes)
iv. All functions validate stack cookies on function return

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the assumptions under which Address Space Layout Randomization (ALSR) is effective at stopping buffer overflow attacks? (select all that apply)

i. The layout of memory is secret
ii. Attackers need to redirect control flow to a particular address they control
iii. The stack is arranged to be lower in memory than the heap
iv. All memory pointers are encrypted in memory
v. The attacker is unable to read te contents of memory

A

i. The layout of memory is secret
ii. Attackers need to redirect control flow to a particular address they control
v. The attacker is unable to read the contents of memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the security vulnerability in this code?

A

control-flow vulnerability by off-by-one overflow

17
Q

How could an attacker exploit this vulnerability to trigger the execution of some malicious code stored at some known address X? In particular, describe how the attacker should choose for values of track and newtracklen.

A

track should be 16 or a negative value to cause overflow.

newtracklen should be a pointer to an address (of the attackers choosing)

CSE 127: Intro to Security (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions