Network and Computer Security Flashcards
What does CIA stand for?
Confidentiality
Integrity
Availability
Define Identification
Associating an identity with a subject
Define Authentication
Verifying the validity of something
Define Authorization
Granting (or denying) the right or permission of a system entity to access an object
Define Access Control
Controlling the access of system entities (on behalf of subjects) to objects based on an access control policy
What are four widely used mechanisms for authentication?
- Something you know - Password/PIN
- Something you have - Smart card or one-time password
- Something you are - Biometric Characteristics/Facial Scan/Photograph
- Location
What do good systems include?
Allow for passwords and validate passwords securely
How to access systems securely that require a password
Allow passwords of arbitrary length
Store passwords hashed
Define Social Engineering
Tricking people into giving up private information or doing things they shouldn’t, usually by pretending to be someone they trust.
Define a Soft Token
A one-time use password
What is a bad example of a Hard Token?
UniCard as it could easily be duplicated
What is a Biometric Scan?
Uses characteristics of your body
- Fingerprint
- Retina scan
- Face scan
To authenticate your identity
What do Typical Access Control models focus on?
Authorization
- Specification of who is allowed to do what
- How to update/change permissions
Give an example of a simple access control model.
AC = Subject x Object x Request
List 4 key factors of access control models.
- Often depend on system state
- Subjects and permissions change over time
- Access rights might require completion of certain tasks or conditions
- Prone to implementation and configuration mistakes (bugs)
What does a security policy do?
Defines what is allowed (and/or forbidden)
- It is comparable to a set of laws
- Defined in terms of rules and/or requirements
What is a security model?
A framework that defines rules and guidelines for protecting data and resources in a system.
It helps ensure confidentiality, integrity, and availability by describing how users, processes, and systems interact securely. Examples include Bell-LaPadula.
What is a Role-based Access Control used for?
- Create roles for job functions in enterprises
- Assign users to roles
- Assign a set of permissions for each role
How is a RBAC formalized?
- A set ROLES
- A set USERS
- A relation UA ⊂ USER x ROLES
- A relation PA ⊂ ROLES x PERMISSION
What are key factors of a RBAC when it comes to changing/removing roles?
It uncommon to add/remove roles in organizations - they are more static
If people leave/change roles only one smaller, simpler table/relationship to update
- Employees leaving the company are much more in focus - don’t want them having permissions
What should be considered in a simple RBAC
- Role Hierarchies
- Who can change permission
- Context information
- User switching roles
What do most pratical RBAC applications use?
Extended/modified versions
- Role hierarchies
- Access control constraints (attributes)
What is widely used with RBAC?
XACML (attribute-based access control, very flexible)
What is a Hierarchical RBAC?
Extends RBAC with role hierarchy:
- A relation RH ⊂ ROLES x ROLES
- Describing the role hierarchy
What is Mandatory Access Control (MAC)?
Controls access to resources based on predefined policies.
Access is determined by a central authority, not by the owner or user of the data.
Used often in government or military systems.
How does MAC work?
Specifies system-wide access restriction to objects
- Mandatory because subjects may not transfer their access rights
- Shift power from users to system owner
What are the 4 security clearance levels?
Top secret
- Comprehensive backgrounc check, highly-trusted individual
Secret
- Routine background check, trust individual
Confidential/Sensitive
- No background check. Limited distribution, minimally trusted individuals
Unclassified
- Unlimited distribution and untrusted individuals
Define a compartment
A way to divide resources, data and systems into separate groups to control access and limit exposure to risks.
Each compartment has its own sets of rules, permissions and protections.
Define a partially ordered set
A set that is: Reflexive, Transitive, Anti-symmetric
What is a Reflexive set?
A reflexive set is a set in which every element is related to itself under a given relation.
What is a Transitive set?
A transitive set is a set where everything inside the set also has all of its “parts” included in the set.
(If a→b and b→c then a→c)
What is an Anti-symmetric set?
An antisymmetric relation means that if two things are related in both directions, they must actually be the same thing.
What is a Lattice?
A mathematical structure used to model relationships between security levels, access controls, or permissions.
Why use Lattices?
Recall all pairs of lattice elements have a least upper bound and a greatest lower bound
If labels form a lattice, we can uniquely answer questions like:
Given 2 objects with different labels, what is the minimal label a subject requires to be allowed to read both objects?
Given 2 subjects with different labels, what is the maximal label an object can have that can still be read by both subjects?
Well-suited for need-to-know policies, where each subject is assigned a label reflecting least privilege required for this function.
What is the Bell-LaPadula Model (BLP) ?
A security model used to protect classified information and control access to it. Considers cross-level communication where subjects may interact below their level of clearance
Main insight: prohibiting write-down is essential for confidentiality as otherwise information can effectively be reclassified.
Conclude the BLP model.
No information leakage possible (if implementation is secure)
Prevents “legitimate” communication from high-level subjects to low-level ones.
What is the Discretionary Access Control (DAC)?
Owners can change permissions
What is the Break-Glass Access Control?
Allows to override the access control in “emergencies”
What is Usage Control?
Controlling the use of documents
For example:
- You aren’t allowed to share files but you can use them yourself
- You can watch a film 3 times in the next 2 weeks
What are 2 techniques used for usage control/DRM?
Watermarking
Monitoring
What are the Usage Control challenges and open questions?
Technical - how to implement usage control iin an open environment
Ethical - The right to read
How does the Bell-LaPadula Model (BLP) work?
No Read Up - A user cannot read information that is classified higher than their clearance
No Write Down - A user cannot write information to a lower security level
What is Cryptography, Steganography and Cryptanalysis in simple terms?
Cryptography - Secret Writing
Steganography - Concealed Writing
Cryptanalysis - Secret Analysis
What is the main difference between Symmetric and Asymmetric Encrpytion?
Symmetric Encryption - Same key is used to encrypt/decrypt
Asymmetric Encryption - Different keys used to encrypt/decrypt (a public and private key)
Define a Bijection
One-to-one relationship between items in sets
What is a Code-book?
A guide that explains how data or information is encoded or translated. It lists codes and their corresponding meanings or values, helping to decode or interpret the data
What is a Mono-Alphabetic Cipher?
Each letter in the plaintext is replaced with a different one, but the substitution pattern stays the same throughout the message.
What is some key information about the Mono-Alphabetic Cipher?
Key-length: 26 letters
Key Space: total number of possible keys - 26!
What is true about the security of Substitution Ciphers?
- Brute-forcing a key is difficult
- Trivial to crack using frequency analysis
What is a Polyalphabetic Cipher?
A polyalphabetic cipher is a type of cipher where each letter in the plaintext can be encrypted using different alphabets at different points in the message. This means that the same letter may be replaced by different letters at different times.
What is a One-Time pad (OTP) ?
Uses random key that is the same length as the message, each bit is encrypted with corresponding pad using XOR
What is a Transposition (Permutation) Cipher?
Where the positions of the letters in the plaintext are rearranged according to a specific system, but the actual letters themselves remain unchanged.
What is a Composite Cipher?
Combines two or more encryption methods, such as substitution and transposition, to make the encryption stronger and harder to break.
What is a Feistel Cipher?
Splits data into two halves and repeatedly applies a series of operations, where one half is transformed using a function and then combined with the other half. The halves are swapped after each round. This process is repeated several times, creating strong encryption. The key idea is that decryption works by reversing the steps with the same key.
What is the Data Encryption Standard (DES) ?
- First cryptographic standard
- 16 round Feistel cipher and key-scheduler
- A block cipher, encrypting 64-bit blocks
- Was extended to triple-DES to overcome key length problem
- Now replaced by AES
What is the security of DES?
Main attack: exhaustive search
- took 7 hours with $1M pc (1993)
- took 7 days with $10,000 FGPA-based machine (2006)
No mathematical attacks (but reduced key space from 2^56 to 2^43)
No known attacks on triple DES
Define a One way function
Easy to compute in done direction but difficult (or pratically impossible) to reverse
Define a Trapdoor One-Way function?
Easy to compute in one directrion but exteremely difficult to reverse unless you have special information
What is RSA?
An expanded public-key encryption concept into encryption system
What does RSA depend on?
RSA depends on the difficulty of factoring large prime numbers
- Breaking down a prime into its factors - (because factoring numbers over 2048 bits
is computationally infeasible
What is congruent modulo n?
Two numbers are congruent modulo n if they have the same remainder when divided by n
(for example 10 and 7 are congruent modulo 3, as 10 mod 3 = 7 mod 3 = 1)
What is GCD?
GCD of 2 numbers is the greatest common divider
What is Relatively (Co-) Prime?
Two numbers are relavitely prime if their gcd is 1 (don’t share any factors except 1)
What is Multiplicative Inverse?
The multiplicative inverse of a number is a value that, when multiplied by original number, results in 1.
What are the steps on Key Generation in RSA?
- Find two (pretty large) prime numbers p & q
- Compute n & Φ(n)
- Choose public key (e)
- Compute (d)
What is the symbol for Euler Quotient?
Φ(n)
What is Euler’s Quotient?
A way of evaluating the performance or efficiency of an algorithm, particularly in the context of computational complexity.
It can be understood as the ratio of the actual performance of an algorithm to its theoretical performance.
In Key management, what can be used for the maximum number of keys among a group on N users?
N ( N - 1) / 2
In Asymmetric Cryptography what are the public and private key used for?
Public - encryption
Private - decryption
What is a digital signature used for?
Proving Identity
What is the use of MDC?
Modification Detection Code provides a checkable fingerprint
(also known as hash, message digest, MAC, MDC, fingerprint)
What is are the key details of a Hash Function?
Used to check if data has been altered does not encrypt the data
Hashing is a pure one-way function
Generates a unique hash for a piece of data
- changing the data, changes the hash
What are two properties of a Hash Function h(x)?
- Compression: h maps an input x of an arbitrary bit length to an output h(x) of fixed bit length n
- Polynomial time computable
When is a Hash Function cryptographic?
If it is additionally:
- One way (Pre-image Resistance)
- And usually either:
- 2nd Pre-image Resistance
- Collision Restistance
What is One way (Pre-image Resistance) on a Hash Function?
Given a hash output y=h(x), it is computationally hard to find the original input x
What is 2nd Pre-image Resistance on a Hash Function?
Given an input x, it is computationally infeasible to find another x’ (x!=x’) such that both inputs produce the same hash output –> h(x) = h(x’) (its very hard to find another input that produces the same output hash)
What is Collision Resistance on a Hash Function?
It is difficult to find any two distinct inputs x and x’, such that h(x) = h(x’)
How could you construct Cryptographic Hashes?
Block Chaining techniques can be used:
- Divide message M into fixed size blocks b1,…bn
- Use symmetric encryption algorithm (such as DES)
What is the Application of Hashing Passwords?
Instead of storing passwords in plaintext, we store only its cryptographic hash:
- For password p, store h(p) in password file
- Requires only pre-image resistance
What is the purpose of a cryptographic hash function?
To provide data integrity
How is symmetric encryption different from a cryptographic hash function?
Symmetric encryption is reversible, while hash functions are not
Which algorithm is used to provide confidentiality, not integrity?
AES (Advanced Encrpytion Standard)
Which of the following is NOT a use case for hash functions?
1. Verifying data integrity
2. Password hashing for secure storage
3. Securing communication between two parties
4.Digital signatures for message verification
- Securing communication between two parties
What is Public Key Infrastructure (PKI) used for?
To know if the private/public key pair belongs to the right person
How does Public Key Infrastructure work (PKI)?
To join PKI, Alice
- Generates her own public/private key pair
- Takes her public key Ka to private certification authority (CA) that everybody trusts and states she is Alice and this is her public key
The CA verifies that Alice is who she says she is, and then signs a digital certificate
- That says “Ka is Alice’s public key”
What is a Public Key Infrastructure (PKI)?
An infrastructure that allows principles to recgonise which public key belongs to whom
What are the core services of a PKI?
Linking public keys to entities (certificates)
Key life-cycle management (key revocation, recovery, updates)
What are the core components of a PKI?
- Certification Authority (CA)
- Creates Certificates and publishes them in the directory
- Directory
- Makes user certificates and CRLs available
- Must identify users uniquely (needs fresh/accurate user data)
- Backs up certain keys
- Registration Authority (RA)
- Manages process of registering users and issuing certificates
- Ensures proper user identification
What does the Certification Authority (CA) do?
- Creates certificates and publishes them in directory
- Maintains Certificate Revocation List (CRL) in directory. CRL checked actively by single clients or by validation services
- Backs up certain keys
Define a Certificate
A token that binds an identity to a key
Define X.509
A standard that defines a framework for authentication services
How would you Establish an Authentic Channel (NSPK Protocol)?
Goal: Ensure Alice can securely communicate with Bob and verify it’s genuinely him.
Key Concept:
- Nonce (Number Used Once):
- A fresh, unique value known only to the entity that generated it.
- Helps to verify message authenticity and freshness.
What are the steps of the NSPK Protocol Attack?
- Eve intercepts communication between Alice and Bob
- Eve uses her own keys to impersonate Alice to Bob and vice versa
Result: Bob thinks he’s securely communicating with Alice, but Eve is the intermediary
What is a Protocol?
A protocol is a set of rules governing communication between two or more participants
What do Security Protocols do?
Security protocols utilize cryptographic methods to achieve:
1. Authentication: Verifying identities.
2. Key Establishment: Securely sharing cryptographic keys.
3. Integrity: Ensuring messages are not tampered with.
4. Non-repudiation: Preventing denial of actions.
Define an Honest Agent in Security Protocols
- Follows the protocol rules strictly.
- Always generates fresh, unique nonces.
- Does not respond to invalid or malformed messages.
What are the Potential Vulernabilities in Initial Key Exchange?
Key Problem:
- Kab contains no information about A or B, only a random bit-string representing the session key.
Risk:
- If intercepted, an attacker can misuse the session key without knowing its intended context.
What are the strategies for Improving Key Establishment Protocols?
- Embed context in the session key (e.g., identities or usage scope)
- Use encryption to ensure the key exchange is secure
- Introduce mutual authentication steps
Example:
- A protocol can include signed or encrypted messages between parties to verify
their identities
Why are Nonces Critical in Protocols?
Role of Nonces:
- Nonces ensure the “freshness” of a session or message.
- Prevents replay attacks by verifying that a received message is recent and unique.
Best Practice:
- Always generate a new, unpredictable nonce for every session or transaction.
What is the Notation in Protocol Modelling?
Roles:
- A, B: Represent principals like Alice and Bob
- a, b, i: Represent agents
Key:
- Symmetric Keys: K, Kab, …
- Asymmetric Keys:
- Public Keys: pk(A)
- Private keys: inv(pk(A))
Encryption:
- Symmetric: {M}k (Message M encrypted with key K)
- Asymmetric: {M}pk(A) (Message M encrypted with pk(A))
Other Notations:
- Nonces(NA, NB): Fresh values for challenge-response
- Timestamps (T): USed for key expiration
- Message concatenation: M1, M2, M3
Define Communication
Communication between principals A and B is represented as:
A→B:{A,T1,Kab} pk(B)
What is the Structure of Protocols?
Combine prose, specifications, diagrams, and message sequences.
Example sequence:
- A → B: {NA, A}{pk(B)}
- B → A: {NA, NB}{pk(A)}
- A → B: {NB}_{pk(B)}
Purpose: Define evefnt sequences (traces) and describe the conditions for secure
communication
What is the steps of a Protocol Execution (Role A’s Perspective)?
Steps:
1. Generate a fresh nonce (NA), attach identity, and encrypt with pk(B)
2. Wait for response:
- Decrypt with inv(pk(A))
- Verify contents match expected format
3. Encrypt NB with pk(B) and send back to B
Checks:
- Verify nonce values.
- Reject messages that fail decryption or validation.
What are the 7 Common Attacks on Security Protocols and what do they do?
- Person-in-the-Middle Attack:
- An attacker intercepts and modifies messages between A and B
- Oracle Attack:
- Exploits normal responses to derive encryption/decryption results
- Replay Attack:
- Reuses parts of old messages to fool the system
- Type Flaw Attack:
- Substitutes fields with unexpected message types
- Masquerading Attack:
- Pretends to be another principal
- Reflection Attack:
- Sends received data back to the originator
- Binding Attack:
- Uses messages out of context for unintended purposes
What are 4 Defensive Strategies when transmitting data?
- Use timestamps and nonces to prevent replay attacks
- Employ key-specific contexts to mitigate binding attacks
- Ensure strict type checks to prevent type flaw attacks
- Validate all received data thoroughly
What are Formal Methods?
Formal methods use mathematical notation to model and verify systems, ensuring they work as intended
Building Problems
1. Why?
2. What?
3. How?
- Why? Lack of resources or awareness
- What? Issues that arise during the developing and maintenance of secure systems
- How? Poor development of systems
How would you build an Automated Verification Tool?
- Create models for the system
- Define specifications (properties to check)
- Use a tool to verify properties (e.g., automated theorem provers)
What is the Purpose of Protocol Model Checker?
Used to check security protocols by checking the flow of information between parties
What are the Roles in Role-Based Verification (RBV) and what is the Verification Goal?
Roles:
- Initiator: Begins the interaction
- Responder: Responds to the initiator
Verification Goal:
- Ensure every message and response align with protocol rules
What is Random Bit Verification and what are 3 Common Attacks Verified with Random Bit Verification (RBV)?
By adding random bits or values in messages, it becomes difficult for an attacker to reuse or replay intercepted messages without detection
- Man-in-the-Middle Attack:
- Intercepts and modifies communication between two parties.
- Replay Attack:
- Reuses valid messages to trick the system.
- Reflection Attack:
- Sends the same message back to its sender.
What are the Core Elements of a Basic Access Control Model?
- Subjects: The entity requesting access
- Objects: The resource being accessed
- Rules: Define which subjects can access which objects
What is the Bell-LaPadula Model?
Enforce confidentiality through access control
Key Concepts:
- No Read-Up: Subjects cannot read data above their clearance
- No Write-Down: Subjects cannot write data below their clearance level
What is the Biba Integrity Model?
Enforce data integrity through access control
Key Rules:
- No Read-Down: Subjects cannot read lower integrity data
- No Write-Up: Subjects cannot write to higher integrity levels
- (Its the inverse of Bell-LaPadula Model)
What are the Tools and Benefits of using Automated Tools for Verification?
Tools:
- SPIN: Checks model specifications for concurrent systems
- Alloy: Lightweight modeling language for analyzing structures
Benefits:
- Reduces human error in verification
- Speeds up analysis and testing
Give an Example and Prevention of a Substitution Attacks in Cryptographic Protocols
Example:
- Malicious entity replaces a legitimate key with their own
Prevention:
- Use certificates and trusted key exchanges
What is the purpose of Theorem Provers in Verification?
Automate proof generation to check the correctness of system properties
What are Role Scripts and their components?
A protocol is defined by role scripts for each role name
Components:
- Role names are agent variables.
- Signal events are used to define properties.
What are Free Variables in Protocol Roles?
Variables in a chord that first occur in a non-receive event are free variables
Example:
- In A→B:{NA,NB}pk(A), 𝑁𝐴, 𝑁𝐵. NA, NB are free variables.
What are the steps for Role-Based Protocol Execution?
- Instantiate free variables (agents, values)
- Replace these in the role description to create a “closed role”
What are the Operational Semantics State Definition?
State = Trace × IntruderKnowledge × Threads
- Trace: History of events
- IntruderKnowledge: Messages the attacker knows
- Threads: Map thread IDs to roles
What are they 3 Key Rules in Operational Semantics?
- Send Rule: Adds a message to the trace and updates the intruder’s knowledge
- Receive Rule: Matches incoming messages
- Signal Rule: Processes specific protocol events (e.g., verification)
What is an example Attack on NSPK Protocol?
Steps:
- Eve intercepts 𝐴→𝐵:{𝑁𝐴,𝐴}𝑝𝑘(𝐵)A→B:{NA,A} pk(B)
- Uses it to deceive 𝐵 into thinking Eve is 𝐴
Key Takeaway:
- Without mutual authentication, protocols can be attacked.
What is Rice’s Theorem?
Let S be any non-empty, proper subset of the computable functions. Then the verification problem for S is undecidable.
Define the Halting Problem
Deals with determining whether a computer program will eventually stop (halt) or keep running forever, given a specific input
What is the Dolev-Yao-Style Intruder Model?
A way to describe how an attacker behaves when trying to break a cryptographic protocol; helps us understand security by assuming a very powerful but simple adversary.
What are the Attackers Capabilities in the Dolev-Yao-Style Model?
- Full Control of the Network: Attacker can eavesdrop, modify, block, or replay any message sent between two parties.
- Can See All Messages: Attacker can see all messages being exchanged over network
- Can Create New Messages: Attacker can create new messages using any information they have (e.g., encrypting or signing messages using known methods).
- Can Use Public Keys: Attacker can use public keys (but not private keys) to encrypt or verify messages.
- Cannot Break Cryptography: Attacker cannot break strong cryptographic systems unless they have the secret key. So, if encryption is strong, the attacker can’t decrypt messages without the correct key.
How would the Attacker Act in Dolev-Yao-Style Model?
- Intercepts messages between honest parties
- Modifies messages or injects new ones into the conversation
- Replays old messages to confuse or trick the parties
- Can encrypt or sign messages they create using public information or knowledge of cryptographic operations (like encrypting plaintext)
What can’t the Attacker do in Dolev-Yao-Style Model?
- Cannot break encryption or cryptographic systems unless it already has the keys
- Cannot guess secret information like private keys or secret session keys unless it’s exposed
Why is Software Hard to Secure in Software Security?
- Large Codebases: Modern applications contain millions of lines of code
- High Adoption Rates: Technologies evolve rapidly, introducing more vulnerabilities
(e.g., Apple iOS adoption) - Defects in Coding Phase: 80% of software defects are introduced during coding
What is Key with the Cost of Fixing Defects in Code?
Fixing Defects earlier (such as in the coding phase) is much easier and cheaper to fix (640x cheaper)
Later on in the development process the cost to fix defects grows exponentially
What is Shifting Left with Defects in Code?
Shifting the process of fixing defects to towards the start of the development process (left) makes it much cheaper and easier
What is the Motivation for Threat Modelling?
- Securing systems is expensive; prioritization based on value-risk analysis is essential
- Helps allocate resources effectively:
- High-Value, High-Risk Assets: Require immediate protection
- Low-Value, Low-Risk Assets: Lower priority
What is the Purpose for Threat Modelling?
To identify and mitigate potential security concerns
What are the Benefits of Threat Modelling?
- Built-in Security:
- Embeds security measures early in the system
- Early Detection:
- Identifies vulnerabilities before deployment
- Security Mindset:
- Encourages thinking critically about system weaknesses
What is Threat Modelling Process?
- Scope Definition:
- Identify:
- Representation
- Assets
- Entry points
- Trust boundaries
- Identify:
- Determine Threats:
- Use structured methodologies (e.g., STRIDE framework) - Countermeasures and Mitigation:
- Strategies include:
- Accept risk
- Eliminate risk
- Mitigate risk
- Transfer risk
- Strategies include:
- Evaluation:
- Assess the effectiveness of implemented measures
What is the STRIDE Framework’s Key Objectives?
Preserve Confidentiality, Integrity, Availability (CIA)
What are the STRIDE Threat Types?
- Spoofing Identity: Impersonating another user
- Tampering with Data: Altering data/code unauthorized
- Repudiation: Denying actions without proof
- Information Disclosure: Exposing unauthorized data
- Denial of Service (DoS): Disrupting service availability
- Elevation of Privilege: Gaining unauthorized higher permissions
Explain the Threats in STRIDE Framework
- Spoofing Identity:
- Unauthorized access using another user’s credentials (e.g., stolen passwords) - Tampering with Data:
- Modifying database entries or code files without authorization - Repudiation:
- Example: Denying the transfer of funds while records say otherwise - Information Disclosure:
- Accidentally exposing sensitive information, such as private customer data - Denial of Service (DoS):
- Examples: Flooding a server to make it unresponsive - Elevation of Privilege:
- Exploiting system flaws to gain admin-level access
What is the Qualitative Risk Model’s Risk-Impact Evaluation?
- High impact + high ease of attack = Critical Risk
- Helps prioritize mitigation efforts effectively
Define a Business Logic Flaw
A flaw in application logic that allows unintended or malicious behaviour
Example: Payment system increases balance when a negative amount is entered
Impact: Can lead to financial loss or exploitation
Define a SQL Injection
A vulnerability where malicious SQL is executed by injecting it into user input
Impact: Bypasses authentication and exposes sensitive data
Example: SELECT * FROM users WHERE name = ‘admin’ OR ‘1’=’1’;
What is an Exploit Example for an SQL injection when logging in?
Username: admin
Password: ‘ OR ‘1’=’1
Result: Always evaluates as TRUE, bypassing authentication.
How to prevent SQL Injection?
- Use prepared statements.
- Validate and sanitize inputs.
- Use ORM (Object-Relational Mapping) tools.
What is Common Weakness Enumeration?
A catalog of software weaknesses to standardize vulnerability descriptions.
Purpose: Provides a shared language for security discussions.
Examples: Includes SQL injection, XSS, and buffer overflow.
What is the CWE Top 25?
The most critical and common software weaknesses
Examples:
1. Improper Input Validation.
2. SQL Injection.
3. Buffer Overflow.
What is CWE’s usage?
Purpose:
- Identify and categorize vulnerabilities.
- Link to specific attack patterns.
Tool Integration: Used by tools like static analyzers to flag potential weaknesses.
What are Common Vulnerabilities and Exposures (CVE)?
A database of real-world vulnerabilities with unique identifiers
Contents:
- Vulnerability description.
- Affected software and versions.
- Fixes and patches.
What is CVSS?
Common Vulnerability Scoring System for rating severity
What are the types of CVSS Access Vector (AV)?
- Network (N): Exploitable remotely.
- Adjacent (A): Exploitable within the same subnet.
- Local (L): Requires local access.
- Physical (P): Requires physical access.
What are the levels of CVSS Attack Complexity (AC)?
- Low (L): Exploit requires no special conditions.
- High (H): Exploit depends on specific conditions.
What are the levels of CVSS Privileges Required (PR)?
- None (N): No authentication needed.
- Low (L): Requires basic access.
- High (H): Requires admin-level access.
What are the types of CVSS User Interaction (UI)?
- None (N): No user action needed.
- Required (R): User must perform an action.
What are the CVSS Impact Metrics?
- Confidentiality (C): Data exposure levels.
- Integrity (I): Data modification risk.
- Availability (A): System uptime impact.
Define XSS
Injecting malicious scripts into a web page to execute in the victim’s browser
What are the types of XSS?
- Reflected XSS: Immediate reflection of input.
- Stored XSS: Input stored and executed later.
- DOM-Based XSS: Execution via client-side scripts.
How would you prevent XSS?
- Sanitize and validate inputs.
- Use frameworks that auto-encode outputs (e.g., Jinja2, React).
What are the OSWASP Top Ten?
- Broken Access Control.
- Cryptographic Failures.
- Injection.
- Insecure Design.
- Security Misconfiguration.
- Vulnerable Components.
- Identification Failures.
- Software Integrity Failures.
- Logging Failures.
- SSRF
What is Fuzzing?
Sending random or malformed inputs to a system to find vulnerabilities
What are the 3 types of Fuzzing and what do they do?
- Random Fuzzing: Purely random inputs.
- Mutation-Based Fuzzing: Modify valid inputs.
- Generation-Based Fuzzing: Create inputs from specifications.
What is Responsible Disclosure?
Notify vendors and give them time to fix vulnerabilities before publicizing
Typical Period: 90 days.
What are Bug Bounty Programs?
Rewards for finding and reporting vulnerabilities
What is Static Security Testing (SAST) and its Pros and Cons?
Analyzes source code for vulnerabilities
Pros: Identifies issues early
Cons: May miss runtime issues
What is Dynamic Security Testing (DAST) and its Pros and Cons?
Tests a running application for vulnerabilities
Pros: Identifies runtime flaws
Cons: Requires a deployed environment
What is Input Validation?
Ensuring that user inputs follow expected formats
Example Rules:
Only allow numeric values for a “quantity” field
Disallow special characters in usernames
What are Allow-Lists and Deny-Lists and whats the best use of them?
- Allow-Lists: Define what is allowed (e.g., [0-9]+ for numeric input)
- Deny-Lists: Define what is disallowed
Best Practice: Use allow-lists whenever possible for stricter control
What are Prepared Statements and what is their benefit?
Pre-compiled SQL queries where user input is passed as parameters
Benefit: Prevents SQL injection
What are examples of Cryptographic Failures and what software can prevent them?
- Using outdated algorithms (e.g., MD5, SHA-1)
- Insecure key storage
- Weak random number generators
Prevention: Use modern libraries like OpenSSL and robust algorithms like AES
What is a Content Security Policy (CSP) and what is its benefit?
A browser policy that restricts resources a page can load
Benefit: Reduces risk of XSS and other attacks
What is Buffer Overflow, and what are its impacts?
Overwriting memory by exceeding buffer size
Impacts:
- Corrupts data
- Executes arbitrary code
How to prevent Buffer Overflow?
- Use memory-safe languages like Rust
- Implement bounds-checking in C/C++
What is Broken Access Control and how to prevent it?
Users accessing resources outside their permissions
Prevention:
- Use role-based access controls (RBAC)
- Implement server-side checks
Examples:
- Viewing another user’s profile without authorization
- Modifying sensitive data via ID tampering
How to prevent Security Misconfiguration?
- Regularly check configurations
- Use security benchmarks (e.g., CIS)
Examples of Security Misconfiguration:
- Default credentials left unchanged
- Unnecessary services enabled
- Insecure default settings in frameworks
How to prevent Vulnerable Components?
- Regular dependency checks using tools like Snyk
- Update software promptly
Examples of Vulnerable Components:
- Outdated libraries
- Known vulnerabilities in third-party tools
What is Identification and Authentication Failures and how to prevent it?
Examples:
- Weak passwords.
- Broken session management.
Prevention:
- Enforce strong password policies.
- Use secure token-based authentication (e.g., OAuth).
What is Software and Data Integrity Failures and its prevention?
Insecure methods for software updates or data integrity
Prevention:
- Use signed certificates for updates
- Implement cryptographic checks for files
What is Security Logging and Monitoring Failures?
Insufficient or non-existent logging of security events
Impact: Delayed response to breaches
Best Practices:
- Enable logging for sensitive operations
- Regularly review logs
What is Server-Side Request Forgery (SSRF)?
A vulnerability where attackers force servers to make requests to unintended destinations
Prevention:
- Validate and sanitize user-supplied URLs
- Use allow-lists for accessible domains
Example: Accessing internal services via manipulated URLs
What are the Types of Security Testing and what do they do?
- Static Application Security Testing (SAST):
- Examines source code.
- Dynamic Application Security Testing (DAST):
- Tests running applications.
- Interactive Application Security Testing (IAST):
- Combines SAST and DAST.
What are False Positives in Security Testing?
Incorrectly flagged vulnerabilities that aren’t real issues
Impact: Wastes developer time
Mitigation:
- Use accurate configuration settings
- Manually review critical findings
What are False Negatives in Security Testing?
Real vulnerabilities that are not detected
Impact: Leaves systems exposed to attacks.
Mitigation:
- Combine multiple testing tools (SAST + DAST).
- Regularly update tools to detect new patterns.
Random Fuzzing vs Mutation Fuzzing
Random Fuzzing:
- Purely random inputs.
- Example: aaaa… or #$%@.
Mutation-Based Fuzzing:
- Modifies existing valid inputs.
- Example: Altering a valid JSON.
What is Generation based Fuzzing?
Create test cases using input specifications.
Advantages: High coverage for valid inputs.
Examples: Using RFCs to design test inputs for protocols.
How does Responsible Disclosure Process?
- Identify the vulnerability
- Contact the vendor
- Provide sufficient details for reproduction
- Wait for the vendor’s fix before publicizing
What is a Full Disclosure Process?
Publish all details of a vulnerability immediately
What are the Pros and Cons of a Full Disclosure Process?
Pros:
- Forces vendors to act quickly.
Cons:
- Increases risk for users before a fix is available.
Define Evolutionary Fuzzing?
Generates test cases based on coverage metrics
What is the Best Practices for Cryptographic Key Management?
- Rotate keys regularly
- Use hardware security modules (HSMs) for key storage
- Avoid embedding keys in source code
What are some OWASP Secure Coding Practices?
- Validate inputs.
- Use parameterized queries.
- Avoid hard-coded secrets.
- Implement error handling securely.
- Regularly test and review code.
What is the Importance of Secure Design?
Incorporating security from the start of the software lifecycle
Principles:
1. Identify potential risks early.
2. Design with defense-in-depth.
3. Document security requirements alongside functional ones.
Define Hard-Coded Credentials
Storing usernames or passwords directly in code
Why it’s bad: Easily accessible in version control systems
Fix: Use environment variables or secret management tools
How to prevent Data Leakage?
- Remove sensitive data from logs
- Encrypt data at rest and in transit
- Implement strict access controls for sensitive files
What should be logged when Security Logging?
- Failed login attempts
- Privileged operations
- Changes to configurations
- Suspicious activity (e.g., rate-limited actions)
What should not be logged when Security Logging?
- User passwords
- Cryptographic keys
- Session tokens or sensitive personal data
What is Multi-Factor Authentication (MFA)?
Combines two or more authentication methods
Examples:
- Password + OTP
- Password + Biometric (fingerprint/face ID)
Benefit: Reduces risk of credential theft
What is OWASP ZAP and what can it do?
A tool for detecting vulnerabilities in web applications
Capabilities:
1. Automated vulnerability scanning.
2. Manual penetration testing.
3.Fuzzing input fields.
What is Burp Suite? Whats its features?
A web security testing tool
Features:
1. Proxy for intercepting and modifying traffic
2. Scanner for vulnerabilities like XSS and SQL injection
3. Intruder module for brute-force testing
What are the 4 Injection Attack Categories?
- SQL Injection: Manipulating SQL queries
- Command Injection: Executing OS commands
- LDAP Injection: Manipulating directory queries
- XML Injection: Altering XML data
What are the phases in the Secure Software Development Lifecycle (SDLC)?
- Requirements: Include security needs
- Design: Incorporate secure architecture
- Development: Use secure coding practices
- Testing: Perform security tests
- Maintenance: Regularly update and patch
What are the 3 Vulnerability Disclosure Models?
- Full Disclosure: Publish immediately
- Responsible Disclosure: Notify vendors, allow time for a fix
- Bug Bounty Programs: Incentivize researchers to report vulnerabilities
What makes a secure API Design?
- Use API keys and authentication
- Rate-limit requests
- Validate all inputs
What is Evolutionary Fuzzing?
Uses code coverage metrics to generate smarter inputs
What is Threat Modelling and whats the steps involved?
Identifying potential security threats during design
Steps:
- Identify assets
- Identify threats
- Define controls to mitigate threats
In the context of Public Key Infrastructures (PKIs) for securing web sites,
discuss briefly why many advocate certificates with a short (only a few
weeks/months) validity.
- Shorter certificate validity periods limit the time frame in which a compromised certificate can be exploited by an attacker, enhancing security by minimizing the potential damage.
- Certificates with shorter lifespans encourage website administrators to renew them regularly, ensuring they stay up-to-date with the latest security standards and practices.
- Shorter certificate validity reduces the reliance on CRLs, which can be difficult to manage and less reliable, as frequent renewals minimize the risk of using an outdated or revoked certificate.
In the context of Public Key Infrastructures (PKIs) for securing web sites, discuss briefly why many experts advocate for the use of Extended Validation (EV) Certificates despite their higher cost and longer issuance time.
Experts advocate for the use of Extended Validation (EV) Certificates despite their higher cost and longer issuance time because they offer several important benefits.
- They increase user trust by displaying the organization’s name in the browser’s address bar, helping to distinguish legitimate websites from phishing sites.
- EV Certificates require a more thorough validation process, ensuring the website’s identity is verified, which enhances security.
- Additional verification reduces the risk of fraud and phishing attacks, providing greater protection for both website owners and users.
Many modern websites allow users to log-in using external services such as
Google, Facebook, or Github. This mechanism is called single sign-on.
Briefly explain two threats to the core information security goals
(confidentiality, integrity, and availability) of a user using such a single sign on service. Name which goal is violated by each of your threats
Threat 1: Phishing Attack
Description: A user might be tricked into entering their login credentials on a fake SSO login page created by an attacker. Once the credentials are entered, the attacker can access the user’s accounts.
Goal Violated: Confidentiality. The attacker gains access to the user’s login credentials, compromising the confidentiality of their personal information.
Threat 2: Service Provider Breach
Description: If a major SSO provider, such as Google or Facebook, is breached, the attacker may access the accounts of users who use that provider for authentication. This can affect all connected services.
Goal Violated: Availability. The breach may result in users being unable to access websites or services, violating the availability of those services.
How do Hybrid Encryption Systems work?
Use asymmetric encryption to securely exchange the symmetric key and symmetric encryption to encrypt the actual data
What are the 2 main benefits of a Hybrid System?
- Has greater security as it uses Asymmetric Encryption to securely transfer the symmetric key which is used to transfer the data.
- Symmetric encryption is computationally faster for large data, ensuring quick and efficient data processing.
Do you consider the Dolev-Yao attacker model appropriate for security protocols that require a physical proximity between the agents (e.g.,
Bluetooth).
It’s not entirely appropriate as it:
- Assumes the attacker can fully control the communication network, including eavesdropping, intercepting, and injecting messages. However, in proximity-based protocols, physical distance and signal range constraints limit an attacker’s capabilities, making the model too negative
- Focuses on symbolic message manipulation and ignores real-world physical-layer attacks, such as signal jamming or relay attacks, which are relevant to protocols like Bluetooth.
