Untitled Quiz

Questions and Answers

What is the first step in the ECDSA key generation process?

Compute e using a hash function

Select a random integer d from the interval [1, n − 1] as the private key (correct)

Publish Q = dG as the public key

Select a random integer k from the interval [1, n − 1]

In ECDSA signing, what must be done if the computed value r equals 0?

Publish Q = dG

Goto step 1 (correct)

Accept the signature

Stop the process

During ECDSA verification, which condition must be satisfied for the signature to be accepted?

v must equal r (correct)

s must be less than n

v must not equal r

e must equal h(m)

What is the purpose of the k−1 mod n calculation in the ECDSA signing process?

To generate the signature s (A)

What is a requirement for fixed password schemes mentioned in the content?

At least one character from each of a set of categories (A)

Which mechanism ensures that only authorized users can access specific resources within a system?

Access Control (A)

What is the primary function of a firewall in a network security context?

Blocking unauthorized access (D)

Which type of intrusion detection system primarily relies on predefined signatures for identifying threats?

Signature-based IDS (A)

Which feature of message authentication codes (MAC) helps to verify both the integrity and authenticity of a message?

Combination of a key with the message (D)

Which property of hash functions indicates its resistance to finding two different inputs that yield the same hash value?

Collision resistance (B)

How does an anomaly-based intrusion detection system function?

By comparing traffic against normal behavioral patterns (B)

What does a hashing function do when processing a long document?

Maps the document into a fixed length digest (D)

Which method of authentication uses cryptographic mechanisms to validate the identity of a user or entity?

Digital signatures (B)

What is the purpose of padding a message to a multiple of 512 bits in the MD5 algorithm?

To ensure the message length is compatible for hashing. (C)

In the context of HMAC, what role does the secret key play?

It is combined with the message to form the hash. (B)

How is the hash function H(D) computed in the given algorithm?

By performing a repeated operation involving XOR on the message blocks. (B)

What distinguishes SHA-1 from MD5?

SHA-1 has a hash size of 160 bits, while MD5 has a hash size of 128 bits. (A)

Which statement is true regarding Message Authentication Codes (MAC)?

MAC provides assurances about both the message's source and integrity. (D)

What is the result of modifying the buffer in the MD5 algorithm according to the next 512-bit block?

It updates the buffer for the subsequent block processing. (B)

What is the primary function of a hash function like MD5 and SHA-1 in cryptography?

To generate fixed-size hash values from arbitrary length input. (A)

What is the purpose of the extra zero bits appended to the document in hashing?

To ensure the document's length is an even multiple of n bits. (D)

Study Notes

Information Security Tools

• Authentication, Access Control, Encryption, Firewalls, Intrusion Detection System are tools for information security.

Authentication

• Message authentication & Integrity: Integrity using Modification Detection Codes (MDC), unsigned hash functions, message authentication codes (MAC), signed hash functions are examples.
• Entity authentication (Digital signatures): This is another aspect of authentication.

Hash Function Algorithm

• Hash function H maps a string (message or document) D of arbitrary length to an integer d = H(D) with a fixed number of bits (digest of D).
• The digest, d, has specific properties: Given a string D, the digest of D can be computed quickly; Given the digest d of D, but not D, it is computationally infeasible to find D; Hash H should be collision resistant (hard to find two documents with the same hash functions).
• Most hash functions use a mixing algorithm, M that transforms a bit string of length n into another bit string of length n; Break a long document into blocks and successively use M to combine each block with the previously processed material.
• To compute H(D), append extra 0 bits to document D, D is written as a concatenation of bit strings of length n H(D) is computed with an initial bit string Ho and an operation like H₁ = Hi-1 xor M(D₁) for 1 ≤ i ≤ k.
• Examples of hash functions include Message Digest 5 (MD5) and Secure Hashing Algorithm 1 (SHA-1). MD5 algorithm involves padding a message into a multiple of 512 bits, initialization of a 128-bit buffer to a given value, modifying the buffer content at each step according to the next 512-bit block, and finally obtaining a 128-bit "hash" code. SHA-1 works with a block size of 512 bits and a hash size of 160 bits.

Message Digest 5 (MD5)

• The MD5 algorithm is detailed.

Secure Hashing Algorithm 1 (SHA-1)

• The SHA-1 algorithm details are given.

Message Authentication Codes (MAC)

• MAC aims to ensure the source and integrity of a message.
• MAC uses a message input and a secret key.
• MAC algorithms involve keyed hashed algorithms.
• Hashed message authentication code (HMAC) is a method for increasing the strength of the hash function

HMAC

• The details of the HMAC algorithm are given including steps for computing HMAC using MD5.

DES MAC

• Input data is a 64-bit length and the key is a 56-bit length. Output is a 64-bit MAC.
• Message is padded and divided into 64-bit blocks and encrypted sequentially using the key.

Entity Authentication (Digital Signatures)

• Detailed set-up and nomenclature for digital signature.
• Digital Signature Schemes are described.

RSA Scheme

• The RSA scheme for digital signatures is outlined.

Digital Signature Algorithm (DSA)

• DSA algorithm details for key generation, signing, and verification

ECDSA (Elliptic Curve Digital Signature Algorithm)

• Key generation steps are given for the ECSDA algorithm
• Signature process steps are described.
• Verification steps of the ECDSA Algorithm are outlined.

User ID & Passwords

• Fixed password schemes are described.
• Password schemes and techniques are described.
• Password attacks like exhaustive search are also discussed.
• Entropy for 7 bit ASCII character are presented.

Personal Identification Numbers (PINs)

• PINs are fixed, time-invariant passwords.
• Used in conjunction with chipcards.
• Short and numeric (e.g., 4 to 8 digits).
• Additional constraints are used to prevent exhaustive search.
• Constraints on PINs are also presented

Multi-Factor Authentication (MFA)

• MFA uses 2 or more verification methods.
• MFA decreases likelihood of successful cyberattacks.

Three Main Types of MFA Methods

• Knowledge-based factors (passwords, PINs)
• Possession-based factors (badges, smartphones)
• Inheritance-based factors (biometrics like fingerprints, voice recognition)

Access Control

• Access control ensures authenticated users access appropriate resources.
• It determines what actions authorized users can perform.

Access Control Models

• Access matrices, Access Control Lists (ACLs), Role-based access control (RBAC)

Access Control Matrices

• Access control matrix is a two-dimensional matrix.
• Rows represent subjects (users) and columns represent objects (files).
• Entries contain access attributes (e.g. read, write, execute, owner).

Access Control Lists (ACLs)

• ACL is a list of users and their access rights for each resource.
• ACL advantages: determined access
• ACL disadvantages : complex and laborious to maintain

Role-based Access Control (RBAC)

• RBAC assigns users to roles, and roles have specific access rights.
• RBAC advantages: simplified administration.
• RBAC disadvantages: Roles themselves can become difficult to manage.

Discretionary Access Control (DAC)

• DAC allows an individual user to set access control to an object, deciding whether the user or object can access it.
• Strengths of DAC: flexibility. Usage : widely implemented in operating systems.

Mandatory Access Control (MAC)

• MAC is a system-wide policy deciding who has access and individual users have no control over the access policies.
• MAC strengths : secure but inflexible. Usage: Used where flexibility is not the main concern.

I-node data Structure in Minix

• The structure of i-nodes in Minix is explained.