Network and Computer Security Flashcards

1
Q

What does CIA stand for?

A

Confidentiality
Integrity
Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Identification

A

Associating an identity with a subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Authentication

A

Verifying the validity of something

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Authorization

A

Granting (or denying) the right or permission of a system entity to access an object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Access Control

A

Controlling the access of system entities (on behalf of subjects) to objects based on an access control policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are four widely used mechanisms for authentication?

A
  1. Something you know - Password/PIN
  2. Something you have - Smart card or one-time password
  3. Something you are - Biometric Characteristics/Facial Scan/Photograph
  4. Location
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What do good systems include?

A

Allow for passwords and validate passwords securely
How to access systems securely that require a password
Allow passwords of arbitrary length
Store passwords hashed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define Social Engineering

A

Tricking people into giving up private information or doing things they shouldn’t, usually by pretending to be someone they trust.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define a Soft Token

A

A one-time use password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a bad example of a Hard Token?

A

UniCard as it could easily be duplicated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a Biometric Scan?

A

Uses characteristics of your body
- Fingerprint
- Retina scan
- Face scan
To authenticate your identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What do Typical Access Control models focus on?

A

Authorization
- Specification of who is allowed to do what
- How to update/change permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Give an example of a simple access control model.

A

AC = Subject x Object x Request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

List 4 key factors of access control models.

A
  1. Often depend on system state
  2. Subjects and permissions change over time
  3. Access rights might require completion of certain tasks or conditions
  4. Prone to implementation and configuration mistakes (bugs)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does a security policy do?

A

Defines what is allowed (and/or forbidden)
- It is comparable to a set of laws
- Defined in terms of rules and/or requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a security model?

A

A framework that defines rules and guidelines for protecting data and resources in a system.

It helps ensure confidentiality, integrity, and availability by describing how users, processes, and systems interact securely. Examples include Bell-LaPadula.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a Role-based Access Control used for?

A
  • Create roles for job functions in enterprises
  • Assign users to roles
  • Assign a set of permissions for each role
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How is a RBAC formalized?

A
  • A set ROLES
  • A set USERS
  • A relation UA ⊂ USER x ROLES
  • A relation PA ⊂ ROLES x PERMISSION
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are key factors of a RBAC when it comes to changing/removing roles?

A

It uncommon to add/remove roles in organizations - they are more static
If people leave/change roles only one smaller, simpler table/relationship to update

  • Employees leaving the company are much more in focus - don’t want them having permissions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What should be considered in a simple RBAC

A
  • Role Hierarchies
  • Who can change permission
  • Context information
  • User switching roles
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What do most pratical RBAC applications use?

A

Extended/modified versions
- Role hierarchies
- Access control constraints (attributes)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is widely used with RBAC?

A

XACML (attribute-based access control, very flexible)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a Hierarchical RBAC?

A

Extends RBAC with role hierarchy:
- A relation RH ⊂ ROLES x ROLES
- Describing the role hierarchy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is Mandatory Access Control (MAC)?

A

Controls access to resources based on predefined policies.
Access is determined by a central authority, not by the owner or user of the data.

Used often in government or military systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

How does MAC work?

A

Specifies system-wide access restriction to objects
- Mandatory because subjects may not transfer their access rights
- Shift power from users to system owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What are the 4 security clearance levels?

A

Top secret
- Comprehensive backgrounc check, highly-trusted individual

Secret
- Routine background check, trust individual

Confidential/Sensitive
- No background check. Limited distribution, minimally trusted individuals

Unclassified
- Unlimited distribution and untrusted individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Define a compartment

A

A way to divide resources, data and systems into separate groups to control access and limit exposure to risks.

Each compartment has its own sets of rules, permissions and protections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Define a partially ordered set

A

A set that is: Reflexive, Transitive, Anti-symmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is a Reflexive set?

A

A reflexive set is a set in which every element is related to itself under a given relation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is a Transitive set?

A

A transitive set is a set where everything inside the set also has all of its “parts” included in the set.

(If a→b and b→c then a→c)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is an Anti-symmetric set?

A

An antisymmetric relation means that if two things are related in both directions, they must actually be the same thing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is a Lattice?

A

A mathematical structure used to model relationships between security levels, access controls, or permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Why use Lattices?

A

Recall all pairs of lattice elements have a least upper bound and a greatest lower bound

If labels form a lattice, we can uniquely answer questions like:

Given 2 objects with different labels, what is the minimal label a subject requires to be allowed to read both objects?

Given 2 subjects with different labels, what is the maximal label an object can have that can still be read by both subjects?

Well-suited for need-to-know policies, where each subject is assigned a label reflecting least privilege required for this function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is the Bell-LaPadula Model (BLP) ?

A

A security model used to protect classified information and control access to it. Considers cross-level communication where subjects may interact below their level of clearance

Main insight: prohibiting write-down is essential for confidentiality as otherwise information can effectively be reclassified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Conclude the BLP model.

A

No information leakage possible (if implementation is secure)

Prevents “legitimate” communication from high-level subjects to low-level ones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What is the Discretionary Access Control (DAC)?

A

Owners can change permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is the Break-Glass Access Control?

A

Allows to override the access control in “emergencies”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is Usage Control?

A

Controlling the use of documents
For example:
- You aren’t allowed to share files but you can use them yourself
- You can watch a film 3 times in the next 2 weeks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What are 2 techniques used for usage control/DRM?

A

Watermarking
Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What are the Usage Control challenges and open questions?

A

Technical - how to implement usage control iin an open environment
Ethical - The right to read

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

How does the Bell-LaPadula Model (BLP) work?

A

No Read Up - A user cannot read information that is classified higher than their clearance

No Write Down - A user cannot write information to a lower security level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is Cryptography, Steganography and Cryptanalysis in simple terms?

A

Cryptography - Secret Writing

Steganography - Concealed Writing

Cryptanalysis - Secret Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What is the main difference between Symmetric and Asymmetric Encrpytion?

A

Symmetric Encryption - Same key is used to encrypt/decrypt

Asymmetric Encryption - Different keys used to encrypt/decrypt (a public and private key)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Define a Bijection

A

One-to-one relationship between items in sets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is a Code-book?

A

A guide that explains how data or information is encoded or translated. It lists codes and their corresponding meanings or values, helping to decode or interpret the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What is a Mono-Alphabetic Cipher?

A

Each letter in the plaintext is replaced with a different one, but the substitution pattern stays the same throughout the message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What is some key information about the Mono-Alphabetic Cipher?

A

Key-length: 26 letters
Key Space: total number of possible keys - 26!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is true about the security of Substitution Ciphers?

A
  • Brute-forcing a key is difficult
  • Trivial to crack using frequency analysis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What is a Polyalphabetic Cipher?

A

A polyalphabetic cipher is a type of cipher where each letter in the plaintext can be encrypted using different alphabets at different points in the message. This means that the same letter may be replaced by different letters at different times.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is a One-Time pad (OTP) ?

A

Uses random key that is the same length as the message, each bit is encrypted with corresponding pad using XOR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What is a Transposition (Permutation) Cipher?

A

Where the positions of the letters in the plaintext are rearranged according to a specific system, but the actual letters themselves remain unchanged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What is a Composite Cipher?

A

Combines two or more encryption methods, such as substitution and transposition, to make the encryption stronger and harder to break.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What is a Feistel Cipher?

A

Splits data into two halves and repeatedly applies a series of operations, where one half is transformed using a function and then combined with the other half. The halves are swapped after each round. This process is repeated several times, creating strong encryption. The key idea is that decryption works by reversing the steps with the same key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What is the Data Encryption Standard (DES) ?

A
  • First cryptographic standard
  • 16 round Feistel cipher and key-scheduler
  • A block cipher, encrypting 64-bit blocks
  • Was extended to triple-DES to overcome key length problem
  • Now replaced by AES
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What is the security of DES?

A

Main attack: exhaustive search
- took 7 hours with $1M pc (1993)
- took 7 days with $10,000 FGPA-based machine (2006)
No mathematical attacks (but reduced key space from 2^56 to 2^43)
No known attacks on triple DES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Define a One way function

A

Easy to compute in done direction but difficult (or pratically impossible) to reverse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Define a Trapdoor One-Way function?

A

Easy to compute in one directrion but exteremely difficult to reverse unless you have special information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What is RSA?

A

An expanded public-key encryption concept into encryption system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What does RSA depend on?

A

RSA depends on the difficulty of factoring large prime numbers
- Breaking down a prime into its factors - (because factoring numbers over 2048 bits
is computationally infeasible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

What is congruent modulo n?

A

Two numbers are congruent modulo n if they have the same remainder when divided by n

(for example 10 and 7 are congruent modulo 3, as 10 mod 3 = 7 mod 3 = 1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What is GCD?

A

GCD of 2 numbers is the greatest common divider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

What is Relatively (Co-) Prime?

A

Two numbers are relavitely prime if their gcd is 1 (don’t share any factors except 1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What is Multiplicative Inverse?

A

The multiplicative inverse of a number is a value that, when multiplied by original number, results in 1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

What are the steps on Key Generation in RSA?

A
  1. Find two (pretty large) prime numbers p & q
  2. Compute n & Φ(n)
  3. Choose public key (e)
  4. Compute (d)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What is the symbol for Euler Quotient?

A

Φ(n)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

What is Euler’s Quotient?

A

A way of evaluating the performance or efficiency of an algorithm, particularly in the context of computational complexity.
It can be understood as the ratio of the actual performance of an algorithm to its theoretical performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

In Key management, what can be used for the maximum number of keys among a group on N users?

A

N ( N - 1) / 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

In Asymmetric Cryptography what are the public and private key used for?

A

Public - encryption
Private - decryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

What is a digital signature used for?

A

Proving Identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

What is the use of MDC?

A

Modification Detection Code provides a checkable fingerprint

(also known as hash, message digest, MAC, MDC, fingerprint)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

What is are the key details of a Hash Function?

A

Used to check if data has been altered does not encrypt the data

Hashing is a pure one-way function
Generates a unique hash for a piece of data
- changing the data, changes the hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

What are two properties of a Hash Function h(x)?

A
  • Compression: h maps an input x of an arbitrary bit length to an output h(x) of fixed bit length n
  • Polynomial time computable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

When is a Hash Function cryptographic?

A

If it is additionally:
- One way (Pre-image Resistance)
- And usually either:
- 2nd Pre-image Resistance
- Collision Restistance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

What is One way (Pre-image Resistance) on a Hash Function?

A

Given a hash output y=h(x), it is computationally hard to find the original input x

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

What is 2nd Pre-image Resistance on a Hash Function?

A

Given an input x, it is computationally infeasible to find another x’ (x!=x’) such that both inputs produce the same hash output –> h(x) = h(x’) (its very hard to find another input that produces the same output hash)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

What is Collision Resistance on a Hash Function?

A

It is difficult to find any two distinct inputs x and x’, such that h(x) = h(x’)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

How could you construct Cryptographic Hashes?

A

Block Chaining techniques can be used:
- Divide message M into fixed size blocks b1,…bn
- Use symmetric encryption algorithm (such as DES)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

What is the Application of Hashing Passwords?

A

Instead of storing passwords in plaintext, we store only its cryptographic hash:
- For password p, store h(p) in password file
- Requires only pre-image resistance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

What is the purpose of a cryptographic hash function?

A

To provide data integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

How is symmetric encryption different from a cryptographic hash function?

A

Symmetric encryption is reversible, while hash functions are not

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Which algorithm is used to provide confidentiality, not integrity?

A

AES (Advanced Encrpytion Standard)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

Which of the following is NOT a use case for hash functions?
1. Verifying data integrity
2. Password hashing for secure storage
3. Securing communication between two parties
4.Digital signatures for message verification

A
  1. Securing communication between two parties
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

What is Public Key Infrastructure (PKI) used for?

A

To know if the private/public key pair belongs to the right person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

How does Public Key Infrastructure work (PKI)?

A

To join PKI, Alice
- Generates her own public/private key pair
- Takes her public key Ka to private certification authority (CA) that everybody trusts and states she is Alice and this is her public key
The CA verifies that Alice is who she says she is, and then signs a digital certificate
- That says “Ka is Alice’s public key”

85
Q

What is a Public Key Infrastructure (PKI)?

A

An infrastructure that allows principles to recgonise which public key belongs to whom

86
Q

What are the core services of a PKI?

A

Linking public keys to entities (certificates)
Key life-cycle management (key revocation, recovery, updates)

87
Q

What are the core components of a PKI?

A
  1. Certification Authority (CA)
    • Creates Certificates and publishes them in the directory
  2. Directory
    • Makes user certificates and CRLs available
    • Must identify users uniquely (needs fresh/accurate user data)
    • Backs up certain keys
  3. Registration Authority (RA)
    • Manages process of registering users and issuing certificates
    • Ensures proper user identification
88
Q

What does the Certification Authority (CA) do?

A
  • Creates certificates and publishes them in directory
  • Maintains Certificate Revocation List (CRL) in directory. CRL checked actively by single clients or by validation services
  • Backs up certain keys
89
Q

Define a Certificate

A

A token that binds an identity to a key

90
Q

Define X.509

A

A standard that defines a framework for authentication services

91
Q

How would you Establish an Authentic Channel (NSPK Protocol)?

A

Goal: Ensure Alice can securely communicate with Bob and verify it’s genuinely him.

Key Concept:
- Nonce (Number Used Once):
- A fresh, unique value known only to the entity that generated it.
- Helps to verify message authenticity and freshness.

92
Q

What are the steps of the NSPK Protocol Attack?

A
  1. Eve intercepts communication between Alice and Bob
  2. Eve uses her own keys to impersonate Alice to Bob and vice versa

Result: Bob thinks he’s securely communicating with Alice, but Eve is the intermediary

93
Q

What is a Protocol?

A

A protocol is a set of rules governing communication between two or more participants

94
Q

What do Security Protocols do?

A

Security protocols utilize cryptographic methods to achieve:
1. Authentication: Verifying identities.
2. Key Establishment: Securely sharing cryptographic keys.
3. Integrity: Ensuring messages are not tampered with.
4. Non-repudiation: Preventing denial of actions.

95
Q

Define an Honest Agent in Security Protocols

A
  • Follows the protocol rules strictly.
  • Always generates fresh, unique nonces.
  • Does not respond to invalid or malformed messages.
96
Q

What are the Potential Vulernabilities in Initial Key Exchange?

A

Key Problem:
- Kab contains no information about A or B, only a random bit-string representing the session key.

Risk:
- If intercepted, an attacker can misuse the session key without knowing its intended context.

97
Q

What are the strategies for Improving Key Establishment Protocols?

A
  1. Embed context in the session key (e.g., identities or usage scope)
  2. Use encryption to ensure the key exchange is secure
  3. Introduce mutual authentication steps

Example:
- A protocol can include signed or encrypted messages between parties to verify
their identities

98
Q

Why are Nonces Critical in Protocols?

A

Role of Nonces:
- Nonces ensure the “freshness” of a session or message.
- Prevents replay attacks by verifying that a received message is recent and unique.

Best Practice:
- Always generate a new, unpredictable nonce for every session or transaction.

99
Q

What is the Notation in Protocol Modelling?

A

Roles:
- A, B: Represent principals like Alice and Bob
- a, b, i: Represent agents

Key:
- Symmetric Keys: K, Kab, …
- Asymmetric Keys:
- Public Keys: pk(A)
- Private keys: inv(pk(A))

Encryption:
- Symmetric: {M}k (Message M encrypted with key K)
- Asymmetric: {M}pk(A) (Message M encrypted with pk(A))

Other Notations:
- Nonces(NA, NB): Fresh values for challenge-response
- Timestamps (T): USed for key expiration
- Message concatenation: M1, M2, M3

100
Q

Define Communication

A

Communication between principals A and B is represented as:
A→B:{A,T1,Kab} pk(B)

101
Q

What is the Structure of Protocols?

A

Combine prose, specifications, diagrams, and message sequences.

Example sequence:
- A → B: {NA, A}{pk(B)}
- B → A: {NA, NB}
{pk(A)}
- A → B: {NB}_{pk(B)}

Purpose: Define evefnt sequences (traces) and describe the conditions for secure
communication

102
Q

What is the steps of a Protocol Execution (Role A’s Perspective)?

A

Steps:
1. Generate a fresh nonce (NA), attach identity, and encrypt with pk(B)
2. Wait for response:
- Decrypt with inv(pk(A))
- Verify contents match expected format
3. Encrypt NB with pk(B) and send back to B

Checks:
- Verify nonce values.
- Reject messages that fail decryption or validation.

103
Q

What are the 7 Common Attacks on Security Protocols and what do they do?

A
  1. Person-in-the-Middle Attack:
    • An attacker intercepts and modifies messages between A and B
  2. Oracle Attack:
    • Exploits normal responses to derive encryption/decryption results
  3. Replay Attack:
    • Reuses parts of old messages to fool the system
  4. Type Flaw Attack:
    • Substitutes fields with unexpected message types
  5. Masquerading Attack:
    • Pretends to be another principal
  6. Reflection Attack:
    • Sends received data back to the originator
  7. Binding Attack:
    • Uses messages out of context for unintended purposes
104
Q

What are 4 Defensive Strategies when transmitting data?

A
  1. Use timestamps and nonces to prevent replay attacks
  2. Employ key-specific contexts to mitigate binding attacks
  3. Ensure strict type checks to prevent type flaw attacks
  4. Validate all received data thoroughly
105
Q

What are Formal Methods?

A

Formal methods use mathematical notation to model and verify systems, ensuring they work as intended

106
Q

Building Problems
1. Why?
2. What?
3. How?

A
  1. Why? Lack of resources or awareness
  2. What? Issues that arise during the developing and maintenance of secure systems
  3. How? Poor development of systems
107
Q

How would you build an Automated Verification Tool?

A
  1. Create models for the system
  2. Define specifications (properties to check)
  3. Use a tool to verify properties (e.g., automated theorem provers)
108
Q

What is the Purpose of Protocol Model Checker?

A

Used to check security protocols by checking the flow of information between parties

109
Q

What are the Roles in Role-Based Verification (RBV) and what is the Verification Goal?

A

Roles:
- Initiator: Begins the interaction
- Responder: Responds to the initiator

Verification Goal:
- Ensure every message and response align with protocol rules

110
Q

What is Random Bit Verification and what are 3 Common Attacks Verified with Random Bit Verification (RBV)?

A

By adding random bits or values in messages, it becomes difficult for an attacker to reuse or replay intercepted messages without detection

  1. Man-in-the-Middle Attack:
    • Intercepts and modifies communication between two parties.
  2. Replay Attack:
    • Reuses valid messages to trick the system.
  3. Reflection Attack:
    • Sends the same message back to its sender.
111
Q

What are the Core Elements of a Basic Access Control Model?

A
  1. Subjects: The entity requesting access
  2. Objects: The resource being accessed
  3. Rules: Define which subjects can access which objects
112
Q

What is the Bell-LaPadula Model?

A

Enforce confidentiality through access control

Key Concepts:
- No Read-Up: Subjects cannot read data above their clearance
- No Write-Down: Subjects cannot write data below their clearance level

113
Q

What is the Biba Integrity Model?

A

Enforce data integrity through access control

Key Rules:
- No Read-Down: Subjects cannot read lower integrity data
- No Write-Up: Subjects cannot write to higher integrity levels
- (Its the inverse of Bell-LaPadula Model)

114
Q

What are the Tools and Benefits of using Automated Tools for Verification?

A

Tools:
- SPIN: Checks model specifications for concurrent systems
- Alloy: Lightweight modeling language for analyzing structures

Benefits:
- Reduces human error in verification
- Speeds up analysis and testing

115
Q

Give an Example and Prevention of a Substitution Attacks in Cryptographic Protocols

A

Example:
- Malicious entity replaces a legitimate key with their own

Prevention:
- Use certificates and trusted key exchanges

116
Q

What is the purpose of Theorem Provers in Verification?

A

Automate proof generation to check the correctness of system properties

117
Q

What are Role Scripts and their components?

A

A protocol is defined by role scripts for each role name

Components:
- Role names are agent variables.
- Signal events are used to define properties.

118
Q

What are Free Variables in Protocol Roles?

A

Variables in a chord that first occur in a non-receive event are free variables

Example:
- In A→B:{NA,NB}pk(A), 𝑁𝐴, 𝑁𝐵. NA, NB are free variables.

119
Q

What are the steps for Role-Based Protocol Execution?

A
  1. Instantiate free variables (agents, values)
  2. Replace these in the role description to create a “closed role”
120
Q

What are the Operational Semantics State Definition?

A

State = Trace × IntruderKnowledge × Threads
- Trace: History of events
- IntruderKnowledge: Messages the attacker knows
- Threads: Map thread IDs to roles

121
Q

What are they 3 Key Rules in Operational Semantics?

A
  1. Send Rule: Adds a message to the trace and updates the intruder’s knowledge
  2. Receive Rule: Matches incoming messages
  3. Signal Rule: Processes specific protocol events (e.g., verification)
122
Q

What is an example Attack on NSPK Protocol?

A

Steps:
- Eve intercepts 𝐴→𝐵:{𝑁𝐴,𝐴}𝑝𝑘(𝐵)A→B:{NA,A} pk(B)
- Uses it to deceive 𝐵 into thinking Eve is 𝐴

Key Takeaway:
- Without mutual authentication, protocols can be attacked.

123
Q

What is Rice’s Theorem?

A

Let S be any non-empty, proper subset of the computable functions. Then the verification problem for S is undecidable.

124
Q

Define the Halting Problem

A

Deals with determining whether a computer program will eventually stop (halt) or keep running forever, given a specific input

125
Q

What is the Dolev-Yao-Style Intruder Model?

A

A way to describe how an attacker behaves when trying to break a cryptographic protocol; helps us understand security by assuming a very powerful but simple adversary.

126
Q

What are the Attackers Capabilities in the Dolev-Yao-Style Model?

A
  • Full Control of the Network: Attacker can eavesdrop, modify, block, or replay any message sent between two parties.
  • Can See All Messages: Attacker can see all messages being exchanged over network
  • Can Create New Messages: Attacker can create new messages using any information they have (e.g., encrypting or signing messages using known methods).
  • Can Use Public Keys: Attacker can use public keys (but not private keys) to encrypt or verify messages.
  • Cannot Break Cryptography: Attacker cannot break strong cryptographic systems unless they have the secret key. So, if encryption is strong, the attacker can’t decrypt messages without the correct key.
127
Q

How would the Attacker Act in Dolev-Yao-Style Model?

A
  • Intercepts messages between honest parties
  • Modifies messages or injects new ones into the conversation
  • Replays old messages to confuse or trick the parties
  • Can encrypt or sign messages they create using public information or knowledge of cryptographic operations (like encrypting plaintext)
128
Q

What can’t the Attacker do in Dolev-Yao-Style Model?

A
  • Cannot break encryption or cryptographic systems unless it already has the keys
  • Cannot guess secret information like private keys or secret session keys unless it’s exposed
129
Q

Why is Software Hard to Secure in Software Security?

A
  1. Large Codebases: Modern applications contain millions of lines of code
  2. High Adoption Rates: Technologies evolve rapidly, introducing more vulnerabilities
    (e.g., Apple iOS adoption)
  3. Defects in Coding Phase: 80% of software defects are introduced during coding
130
Q

What is Key with the Cost of Fixing Defects in Code?

A

Fixing Defects earlier (such as in the coding phase) is much easier and cheaper to fix (640x cheaper)
Later on in the development process the cost to fix defects grows exponentially

131
Q

What is Shifting Left with Defects in Code?

A

Shifting the process of fixing defects to towards the start of the development process (left) makes it much cheaper and easier

132
Q

What is the Motivation for Threat Modelling?

A
  • Securing systems is expensive; prioritization based on value-risk analysis is essential
  • Helps allocate resources effectively:
    • High-Value, High-Risk Assets: Require immediate protection
    • Low-Value, Low-Risk Assets: Lower priority
133
Q

What is the Purpose for Threat Modelling?

A

To identify and mitigate potential security concerns

134
Q

What are the Benefits of Threat Modelling?

A
  1. Built-in Security:
    • Embeds security measures early in the system
  2. Early Detection:
    • Identifies vulnerabilities before deployment
  3. Security Mindset:
    • Encourages thinking critically about system weaknesses
135
Q

What is Threat Modelling Process?

A
  1. Scope Definition:
    • Identify:
      • Representation
      • Assets
      • Entry points
      • Trust boundaries
  2. Determine Threats:
    - Use structured methodologies (e.g., STRIDE framework)
  3. Countermeasures and Mitigation:
    • Strategies include:
      • Accept risk
      • Eliminate risk
      • Mitigate risk
      • Transfer risk
  4. Evaluation:
    - Assess the effectiveness of implemented measures
136
Q

What is the STRIDE Framework’s Key Objectives?

A

Preserve Confidentiality, Integrity, Availability (CIA)

137
Q

What are the STRIDE Threat Types?

A
  1. Spoofing Identity: Impersonating another user
  2. Tampering with Data: Altering data/code unauthorized
  3. Repudiation: Denying actions without proof
  4. Information Disclosure: Exposing unauthorized data
  5. Denial of Service (DoS): Disrupting service availability
  6. Elevation of Privilege: Gaining unauthorized higher permissions
138
Q

Explain the Threats in STRIDE Framework

A
  1. Spoofing Identity:
    - Unauthorized access using another user’s credentials (e.g., stolen passwords)
  2. Tampering with Data:
    - Modifying database entries or code files without authorization
  3. Repudiation:
    - Example: Denying the transfer of funds while records say otherwise
  4. Information Disclosure:
    - Accidentally exposing sensitive information, such as private customer data
  5. Denial of Service (DoS):
    - Examples: Flooding a server to make it unresponsive
  6. Elevation of Privilege:
    - Exploiting system flaws to gain admin-level access
139
Q

What is the Qualitative Risk Model’s Risk-Impact Evaluation?

A
  • High impact + high ease of attack = Critical Risk
  • Helps prioritize mitigation efforts effectively
140
Q

Define a Business Logic Flaw

A

A flaw in application logic that allows unintended or malicious behaviour

Example: Payment system increases balance when a negative amount is entered

Impact: Can lead to financial loss or exploitation

141
Q

Define a SQL Injection

A

A vulnerability where malicious SQL is executed by injecting it into user input

Impact: Bypasses authentication and exposes sensitive data

Example: SELECT * FROM users WHERE name = ‘admin’ OR ‘1’=’1’;

142
Q

What is an Exploit Example for an SQL injection when logging in?

A

Username: admin
Password: ‘ OR ‘1’=’1

Result: Always evaluates as TRUE, bypassing authentication.

143
Q

How to prevent SQL Injection?

A
  1. Use prepared statements.
  2. Validate and sanitize inputs.
  3. Use ORM (Object-Relational Mapping) tools.
144
Q

What is Common Weakness Enumeration?

A

A catalog of software weaknesses to standardize vulnerability descriptions.

Purpose: Provides a shared language for security discussions.

Examples: Includes SQL injection, XSS, and buffer overflow.

145
Q

What is the CWE Top 25?

A

The most critical and common software weaknesses

Examples:
1. Improper Input Validation.
2. SQL Injection.
3. Buffer Overflow.

146
Q

What is CWE’s usage?

A

Purpose:
- Identify and categorize vulnerabilities.
- Link to specific attack patterns.

Tool Integration: Used by tools like static analyzers to flag potential weaknesses.

147
Q

What are Common Vulnerabilities and Exposures (CVE)?

A

A database of real-world vulnerabilities with unique identifiers
Contents:
- Vulnerability description.
- Affected software and versions.
- Fixes and patches.

148
Q

What is CVSS?

A

Common Vulnerability Scoring System for rating severity

149
Q

What are the types of CVSS Access Vector (AV)?

A
  • Network (N): Exploitable remotely.
  • Adjacent (A): Exploitable within the same subnet.
  • Local (L): Requires local access.
  • Physical (P): Requires physical access.
150
Q

What are the levels of CVSS Attack Complexity (AC)?

A
  • Low (L): Exploit requires no special conditions.
  • High (H): Exploit depends on specific conditions.
151
Q

What are the levels of CVSS Privileges Required (PR)?

A
  1. None (N): No authentication needed.
  2. Low (L): Requires basic access.
  3. High (H): Requires admin-level access.
152
Q

What are the types of CVSS User Interaction (UI)?

A
  1. None (N): No user action needed.
  2. Required (R): User must perform an action.
153
Q

What are the CVSS Impact Metrics?

A
  1. Confidentiality (C): Data exposure levels.
  2. Integrity (I): Data modification risk.
  3. Availability (A): System uptime impact.
154
Q

Define XSS

A

Injecting malicious scripts into a web page to execute in the victim’s browser

155
Q

What are the types of XSS?

A
  1. Reflected XSS: Immediate reflection of input.
  2. Stored XSS: Input stored and executed later.
  3. DOM-Based XSS: Execution via client-side scripts.
156
Q

How would you prevent XSS?

A
  1. Sanitize and validate inputs.
  2. Use frameworks that auto-encode outputs (e.g., Jinja2, React).
157
Q

What are the OSWASP Top Ten?

A
  1. Broken Access Control.
  2. Cryptographic Failures.
  3. Injection.
  4. Insecure Design.
  5. Security Misconfiguration.
  6. Vulnerable Components.
  7. Identification Failures.
  8. Software Integrity Failures.
  9. Logging Failures.
  10. SSRF
158
Q

What is Fuzzing?

A

Sending random or malformed inputs to a system to find vulnerabilities

159
Q

What are the 3 types of Fuzzing and what do they do?

A
  1. Random Fuzzing: Purely random inputs.
  2. Mutation-Based Fuzzing: Modify valid inputs.
  3. Generation-Based Fuzzing: Create inputs from specifications.
160
Q

What is Responsible Disclosure?

A

Notify vendors and give them time to fix vulnerabilities before publicizing

Typical Period: 90 days.

161
Q

What are Bug Bounty Programs?

A

Rewards for finding and reporting vulnerabilities

162
Q

What is Static Security Testing (SAST) and its Pros and Cons?

A

Analyzes source code for vulnerabilities

Pros: Identifies issues early
Cons: May miss runtime issues

163
Q

What is Dynamic Security Testing (DAST) and its Pros and Cons?

A

Tests a running application for vulnerabilities

Pros: Identifies runtime flaws
Cons: Requires a deployed environment

164
Q

What is Input Validation?

A

Ensuring that user inputs follow expected formats

Example Rules:
Only allow numeric values for a “quantity” field
Disallow special characters in usernames

165
Q

What are Allow-Lists and Deny-Lists and whats the best use of them?

A
  • Allow-Lists: Define what is allowed (e.g., [0-9]+ for numeric input)
  • Deny-Lists: Define what is disallowed

Best Practice: Use allow-lists whenever possible for stricter control

166
Q

What are Prepared Statements and what is their benefit?

A

Pre-compiled SQL queries where user input is passed as parameters

Benefit: Prevents SQL injection

167
Q

What are examples of Cryptographic Failures and what software can prevent them?

A
  1. Using outdated algorithms (e.g., MD5, SHA-1)
  2. Insecure key storage
  3. Weak random number generators

Prevention: Use modern libraries like OpenSSL and robust algorithms like AES

168
Q

What is a Content Security Policy (CSP) and what is its benefit?

A

A browser policy that restricts resources a page can load

Benefit: Reduces risk of XSS and other attacks

169
Q

What is Buffer Overflow, and what are its impacts?

A

Overwriting memory by exceeding buffer size

Impacts:
- Corrupts data
- Executes arbitrary code

170
Q

How to prevent Buffer Overflow?

A
  1. Use memory-safe languages like Rust
  2. Implement bounds-checking in C/C++
171
Q

What is Broken Access Control and how to prevent it?

A

Users accessing resources outside their permissions

Prevention:
- Use role-based access controls (RBAC)
- Implement server-side checks

Examples:
- Viewing another user’s profile without authorization
- Modifying sensitive data via ID tampering

172
Q

How to prevent Security Misconfiguration?

A
  • Regularly check configurations
  • Use security benchmarks (e.g., CIS)

Examples of Security Misconfiguration:
- Default credentials left unchanged
- Unnecessary services enabled
- Insecure default settings in frameworks

173
Q

How to prevent Vulnerable Components?

A
  • Regular dependency checks using tools like Snyk
  • Update software promptly

Examples of Vulnerable Components:
- Outdated libraries
- Known vulnerabilities in third-party tools

174
Q

What is Identification and Authentication Failures and how to prevent it?

A

Examples:
- Weak passwords.
- Broken session management.

Prevention:
- Enforce strong password policies.
- Use secure token-based authentication (e.g., OAuth).

175
Q

What is Software and Data Integrity Failures and its prevention?

A

Insecure methods for software updates or data integrity

Prevention:
- Use signed certificates for updates
- Implement cryptographic checks for files

176
Q

What is Security Logging and Monitoring Failures?

A

Insufficient or non-existent logging of security events

Impact: Delayed response to breaches

Best Practices:
- Enable logging for sensitive operations
- Regularly review logs

177
Q

What is Server-Side Request Forgery (SSRF)?

A

A vulnerability where attackers force servers to make requests to unintended destinations

Prevention:
- Validate and sanitize user-supplied URLs
- Use allow-lists for accessible domains

Example: Accessing internal services via manipulated URLs

178
Q

What are the Types of Security Testing and what do they do?

A
  1. Static Application Security Testing (SAST):
    • Examines source code.
  2. Dynamic Application Security Testing (DAST):
    • Tests running applications.
  3. Interactive Application Security Testing (IAST):
    • Combines SAST and DAST.
179
Q

What are False Positives in Security Testing?

A

Incorrectly flagged vulnerabilities that aren’t real issues

Impact: Wastes developer time

Mitigation:
- Use accurate configuration settings
- Manually review critical findings

180
Q

What are False Negatives in Security Testing?

A

Real vulnerabilities that are not detected

Impact: Leaves systems exposed to attacks.

Mitigation:
- Combine multiple testing tools (SAST + DAST).
- Regularly update tools to detect new patterns.

181
Q

Random Fuzzing vs Mutation Fuzzing

A

Random Fuzzing:
- Purely random inputs.
- Example: aaaa… or #$%@.
Mutation-Based Fuzzing:
- Modifies existing valid inputs.
- Example: Altering a valid JSON.

182
Q

What is Generation based Fuzzing?

A

Create test cases using input specifications.

Advantages: High coverage for valid inputs.

Examples: Using RFCs to design test inputs for protocols.

183
Q

How does Responsible Disclosure Process?

A
  1. Identify the vulnerability
  2. Contact the vendor
  3. Provide sufficient details for reproduction
  4. Wait for the vendor’s fix before publicizing
184
Q

What is a Full Disclosure Process?

A

Publish all details of a vulnerability immediately

185
Q

What are the Pros and Cons of a Full Disclosure Process?

A

Pros:
- Forces vendors to act quickly.
Cons:
- Increases risk for users before a fix is available.

186
Q

Define Evolutionary Fuzzing?

A

Generates test cases based on coverage metrics

187
Q

What is the Best Practices for Cryptographic Key Management?

A
  1. Rotate keys regularly
  2. Use hardware security modules (HSMs) for key storage
  3. Avoid embedding keys in source code
188
Q

What are some OWASP Secure Coding Practices?

A
  1. Validate inputs.
  2. Use parameterized queries.
  3. Avoid hard-coded secrets.
  4. Implement error handling securely.
  5. Regularly test and review code.
189
Q

What is the Importance of Secure Design?

A

Incorporating security from the start of the software lifecycle

Principles:
1. Identify potential risks early.
2. Design with defense-in-depth.
3. Document security requirements alongside functional ones.

190
Q

Define Hard-Coded Credentials

A

Storing usernames or passwords directly in code

Why it’s bad: Easily accessible in version control systems
Fix: Use environment variables or secret management tools

191
Q

How to prevent Data Leakage?

A
  1. Remove sensitive data from logs
  2. Encrypt data at rest and in transit
  3. Implement strict access controls for sensitive files
192
Q

What should be logged when Security Logging?

A
  1. Failed login attempts
  2. Privileged operations
  3. Changes to configurations
  4. Suspicious activity (e.g., rate-limited actions)
193
Q

What should not be logged when Security Logging?

A
  1. User passwords
  2. Cryptographic keys
  3. Session tokens or sensitive personal data
194
Q

What is Multi-Factor Authentication (MFA)?

A

Combines two or more authentication methods

Examples:
- Password + OTP
- Password + Biometric (fingerprint/face ID)

Benefit: Reduces risk of credential theft

195
Q

What is OWASP ZAP and what can it do?

A

A tool for detecting vulnerabilities in web applications

Capabilities:
1. Automated vulnerability scanning.
2. Manual penetration testing.
3.Fuzzing input fields.

196
Q

What is Burp Suite? Whats its features?

A

A web security testing tool

Features:
1. Proxy for intercepting and modifying traffic
2. Scanner for vulnerabilities like XSS and SQL injection
3. Intruder module for brute-force testing

197
Q

What are the 4 Injection Attack Categories?

A
  1. SQL Injection: Manipulating SQL queries
  2. Command Injection: Executing OS commands
  3. LDAP Injection: Manipulating directory queries
  4. XML Injection: Altering XML data
198
Q

What are the phases in the Secure Software Development Lifecycle (SDLC)?

A
  1. Requirements: Include security needs
  2. Design: Incorporate secure architecture
  3. Development: Use secure coding practices
  4. Testing: Perform security tests
  5. Maintenance: Regularly update and patch
199
Q

What are the 3 Vulnerability Disclosure Models?

A
  1. Full Disclosure: Publish immediately
  2. Responsible Disclosure: Notify vendors, allow time for a fix
  3. Bug Bounty Programs: Incentivize researchers to report vulnerabilities
200
Q

What makes a secure API Design?

A
  1. Use API keys and authentication
  2. Rate-limit requests
  3. Validate all inputs
201
Q

What is Evolutionary Fuzzing?

A

Uses code coverage metrics to generate smarter inputs

202
Q

What is Threat Modelling and whats the steps involved?

A

Identifying potential security threats during design

Steps:
- Identify assets
- Identify threats
- Define controls to mitigate threats

203
Q
A
204
Q

In the context of Public Key Infrastructures (PKIs) for securing web sites,
discuss briefly why many advocate certificates with a short (only a few
weeks/months) validity.

A
  1. Shorter certificate validity periods limit the time frame in which a compromised certificate can be exploited by an attacker, enhancing security by minimizing the potential damage.
  2. Certificates with shorter lifespans encourage website administrators to renew them regularly, ensuring they stay up-to-date with the latest security standards and practices.
  3. Shorter certificate validity reduces the reliance on CRLs, which can be difficult to manage and less reliable, as frequent renewals minimize the risk of using an outdated or revoked certificate.
205
Q

In the context of Public Key Infrastructures (PKIs) for securing web sites, discuss briefly why many experts advocate for the use of Extended Validation (EV) Certificates despite their higher cost and longer issuance time.

A

Experts advocate for the use of Extended Validation (EV) Certificates despite their higher cost and longer issuance time because they offer several important benefits.

  1. They increase user trust by displaying the organization’s name in the browser’s address bar, helping to distinguish legitimate websites from phishing sites.
  2. EV Certificates require a more thorough validation process, ensuring the website’s identity is verified, which enhances security.
  3. Additional verification reduces the risk of fraud and phishing attacks, providing greater protection for both website owners and users.
206
Q

Many modern websites allow users to log-in using external services such as
Google, Facebook, or Github. This mechanism is called single sign-on.
Briefly explain two threats to the core information security goals
(confidentiality, integrity, and availability) of a user using such a single sign on service. Name which goal is violated by each of your threats

A

Threat 1: Phishing Attack
Description: A user might be tricked into entering their login credentials on a fake SSO login page created by an attacker. Once the credentials are entered, the attacker can access the user’s accounts.
Goal Violated: Confidentiality. The attacker gains access to the user’s login credentials, compromising the confidentiality of their personal information.

Threat 2: Service Provider Breach
Description: If a major SSO provider, such as Google or Facebook, is breached, the attacker may access the accounts of users who use that provider for authentication. This can affect all connected services.
Goal Violated: Availability. The breach may result in users being unable to access websites or services, violating the availability of those services.

207
Q

How do Hybrid Encryption Systems work?

A

Use asymmetric encryption to securely exchange the symmetric key and symmetric encryption to encrypt the actual data

208
Q

What are the 2 main benefits of a Hybrid System?

A
  1. Has greater security as it uses Asymmetric Encryption to securely transfer the symmetric key which is used to transfer the data.
  2. Symmetric encryption is computationally faster for large data, ensuring quick and efficient data processing.
209
Q

Do you consider the Dolev-Yao attacker model appropriate for security protocols that require a physical proximity between the agents (e.g.,
Bluetooth).

A

It’s not entirely appropriate as it:

  1. Assumes the attacker can fully control the communication network, including eavesdropping, intercepting, and injecting messages. However, in proximity-based protocols, physical distance and signal range constraints limit an attacker’s capabilities, making the model too negative
  2. Focuses on symbolic message manipulation and ignores real-world physical-layer attacks, such as signal jamming or relay attacks, which are relevant to protocols like Bluetooth.