Computer Security: CIA Triad and Ransomware

Questions and Answers

Which of the following is the primary goal of data confidentiality within the CIA triad?

• Ensuring data is promptly available to authorized users.
• Assuring that private information is not disclosed to unauthorized individuals. (correct)
• Verifying that systems perform their intended functions without errors.
• Guaranteeing data integrity through controlled modifications.

In the context of computer security, what does 'integrity' primarily ensure?

• Systems operate without any interruptions.
• Data is kept secret from unauthorized access.
• Data is only modified in specified and authorized ways. (correct)
• Data remains accessible to authorized users at all times.

Which aspect of the CIA triad is directly compromised when a system is unavailable to authorized users?

• Availability (correct)
• Authenticity
• Confidentiality
• Integrity

Consider a scenario where sensitive customer data is stolen from a company's server. Which principle of the CIA triad is primarily violated?

Confidentiality (C)

What type of security attack involves an attempt to learn or make use of information from a system without affecting its resources?

Passive attack (B)

Which of the following scenarios is an example of an active security attack?

Injecting malicious code into a system to alter its functionality. (B)

Which type of active attack involves the unauthorized capture and subsequent retransmission of a data unit?

Replay (B)

What is the primary goal of 'traffic padding' as a security mechanism?

To prevent traffic analysis by inserting bits into data streams. (B)

Which security mechanism involves using a trusted third party to assure properties of a data exchange?

Notarization (D)

According to the model for network security, what role does the 'trusted third party' play?

Distributing secret information and arbitrating disputes. (C)

Which type of cryptographic algorithm is used to conceal the contents of data streams, files, and encryption keys?

Symmetric encryption (A)

Which of the following best describes the function of a 'cryptographic system'?

Schemes used for encryption and decryption. (D)

What condition must hold true for an encryption scheme to be considered 'unconditionally secure'?

It is impossible to decrypt the ciphertext, regardless of the resources available to the opponent. (C)

Under what circumstance is an encryption scheme considered 'computationally secure'?

The time required to break the cipher exceeds the useful lifetime of the information, or the cost is too high. (D)

Which type of attack on encrypted messages assumes the attacker knows both the encryption algorithm and some ciphertext?

Ciphertext Only (B)

In a 'known plaintext' attack, what information is available to the cryptanalyst?

The encryption algorithm, ciphertext, and corresponding plaintext. (D)

What is the main approach used in a brute-force attack on an encryption algorithm?

Trying every possible key until an intelligible plaintext is obtained. (A)

What distinguishes cryptanalysis from a brute-force attack?

Cryptanalysis exploits the characteristics of the algorithm, while brute-force attack tries every possible key. (A)

Which of the following is a primary characteristic used to classify cryptographic systems?

The type of operations used to transform plaintext to ciphertext. (C)

What distinguishes symmetric encryption from asymmetric encryption?

Symmetric encryption uses one key for both encryption and decryption, while asymmetric encryption uses two separate keys. (C)

In a simplified model of symmetric encryption, how does the sender ensure that only the intended recipient can read the message?

By using a secret key shared with the recipient to encrypt the message. (D)

What is the core principle behind a substitution technique in cryptography?

Replacing plaintext letters with other letters, numbers, or symbols. (D)

In the Caesar cipher, how is the encryption process performed?

By replacing each letter with the letter standing three places later in the alphabet, wrapping around to A after Z. (B)

Given the Caesar cipher algorithm $C = E(k, p) = (p + k) \mod 26$, where $p$ is the plaintext letter, $k$ is the key, and $C$ is the ciphertext letter, what is the ciphertext for the plaintext 'A' when using a key of $k = 5$?

What makes the Caesar cipher vulnerable to brute-force cryptanalysis?

There are only 25 possible keys to try. (B)

What is a key characteristic of a monoalphabetic substitution cipher?

It uses a single cipher alphabet for the entire message. (A)

How does a Playfair cipher enhance security compared to a simple monoalphabetic cipher?

It treats pairs of letters as single units for encryption. (C)

In a Rail Fence cipher, what is the key element used for encryption?

The depth of the 'rail fence'. (C)

What principle does the Row Transposition cipher rely on for encrypting messages?

Permuting the order of columns in a rectangular grid. (D)

What is a significant feature of rotor machines like the Enigma machine?

They employ multiple stages of encryption with rotating cylinders. (B)

Flashcards

Data Confidentiality

Ensuring data is not disclosed to unauthorized individuals.

Privacy (in CIA triad)

The ability to control what information is collected, stored, and shared about individuals.

Data Integrity

Ensuring that data and systems are accurate and protected from unauthorized modification.

Availability

Assuring that systems work promptly and service is not denied to authorized users.

Passive Attack

An attempt to learn or make use of information from the system, without affecting system resources.

Active Attack

An attempt to alter system resources or affect their operation.

Masquerade Attack

One entity pretends to be a different entity.

Replay Attack

Passive capture of a data unit is resent to produce an unauthorized effect.

Modification of Message

Some portion of a legitimate message is altered, or messages are delayed or reordered.

Denial of Service (DoS)

Prevents or inhibits the normal use or management of communications facilities.

Encipherment

Transforming data into a non-readily intelligible form using algorithms and encryption keys.

Digital Signature

Data appended to a data unit that allows a recipient to prove the source and integrity of the data.

Access Control

Mechanisms that enforce access rights to resources.

Data Integrity (Mechanism)

A variety of mechanisms used to assure the integrity of a a data unit or stream of data units.

Authentication Exchange

Ensures the identity of an entity by means of information exchange.

Traffic Padding

Insertion of bits into gaps to frustrate traffic analysis attempts.

Notarization

Using a trusted third party to assure properties of a data exchange.

Symmetric Encryption

Algorithms and protocols to conceal data.

Asymmetric Encryption

Used to conceal content of encryption/hash keys used for digital signatures.

Data Integrity Algorithms

Algorithms used to protect blocks of data from alteration.

Authentication Protocols

Schemes to verify the identity of entities using crypto algorithms.

Plaintext

The original, unencrypted message.

Ciphertext

The coded message.

Enciphering (Encryption)

Process of converting plaintext to ciphertext.

Cryptanalysis

Techniques used for deciphering a message without knowing the enciphering details.

Cryptographic system or cipher

Schemes used for encryption

Unconditionally secure

It is impossible to decrypt the ciphertext because the required information is not there

Computationally secure

The cost/time of breaking the cipher exceeds the value/lifetime of the encrypted information

Cryptanalysis Attack

Attacker relies on the algorithm plus some knowledge of plaintext.

Brute-Force Attack

Attacker tries every possible key until the plaintext obtains

Study Notes

• Guangsheng (Saber) Yu can be contacted at [email protected] for queries

Computer Security Objectives

• CIA stands for Confidentiality, Integrity, and Availability.

Confidentiality

• Ensures private information isn't accessible to unauthorized individuals.
• Assures control over how personal data is collected, stored, and disclosed.

Integrity

• Guarantees data and programs undergo modifications in a specified, authorized manner only.
• Confirms a system's operations align with the intended function, preventing unauthorized interference.

Availability

• Ensures systems operate promptly without denial of service to authorized users.

Ransomware Scenario

• A user unknowingly downloads ransomware disguised as a legitimate software update.
• Upon execution, the ransomware encrypts files, like documents and photos.
• Encryption is robust, making decryption without a key nearly impossible.
• Attackers demand cryptocurrency for the decryption key.
• Such an attack is a breach of confidentiality, integrity, and availability.

Security Attacks Classification

• Security attacks are classified as either passive or active, as defined in X.800 and RFC 4949.

Passive Attack

• Aims to learn or use system information without altering resources, like sniffing wireless signals.

Active Attack

• Attempts to alter system resources or affect their operations, which includes man-in-the-middle attacks.

Nature of Passive Attacks

• Eavesdropping on or monitoring transmissions.
• The goal of a passive attach is obtaining transmitted information.
• Prevention is key since detection is difficult.
• Passive attacks include the release of message contents and traffic analysis.

Active Attacks Overview

• Involve modifying data streams or creating false ones.
• Difficult to prevent due to diverse vulnerabilities in software, hardware and networks.
• The goal of active attacks is detecting and recovering disruptions or delays.
• Detection is favored over prevention.

Masquerade

• When an entity pretends to be a different entity.
• Usually includes another form of active attach.

Replay

• Involves capturing data, then retransmitting it to cause an unauthorized effect.

Modification of Messages

• Involves altering or reordering messages to produce unauthorized effects.

Denial of Service

• Prevents or inhibits the normal use of communication facilities.

Cryptographic Algorithm Groupings

• Symmetric encryption provides data confidentiality using a single key.
• Asymmetric encryption conceals small data blocks, like encryption keys.
• Data integrity algorithms protect data blocks from alteration.
• Authentication protocols verify the identity of entities using cryptographic algorithms.

Basic Terminology

• Plaintext is the original message.
• Ciphertext is the coded message.
• Enciphering/encryption is the process of converting plaintext to ciphertext.
• Deciphering/decryption is restoring ciphertext to plaintext.
• Cryptography studies encryption.
• Cryptographic systems/ciphers are encryption schemes.
• Cryptanalysis involves deciphering messages without key knowledge.
• Cryptology encompasses cryptography and cryptanalysis.

Encryption Scheme Security

• Unconditionally Secure: Ciphertext cannot be decrypted, regardless of available time.
• Computationally Secure: The cost/time to break the cipher exceeds the encrypted information's value/lifetime.

Types of attacks on encrypted messages

• Ciphertext Only: Only the encryption algorithm and ciphertext are known.
• Known Plaintext: The encryption algorithm, ciphertext, and plaintext-ciphertext pairs are known.
• Chosen Plaintext: The encryption algorithm, ciphertext, and chosen plaintext with corresponding ciphertext are known.
• Chosen Ciphertext: Algorithm, ciphertext, and chosen ciphertext with corresponding decrypted plaintext are known.

Cryptanalysis

• Attacks rely on the algorithm's nature and plaintext characteristics.
• Successfully exploits the algorithm to deduce plaintext or the key being used.

Brute-Force Attack

• The attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.
• On average, half of all possible keys must be tried to achieve success.

Cryptographic System Dimensions

• Type of Operations: Substitution or transposition.
• Number of Keys: Symmetric(single key) or asymmetric(two keys).
• Plaintext Processing: Block or stream cipher.

Symmetric Encryption

• It is referred to as conventional or single-key encryption.
• It was the only encryption type before public-key encryption in the 1970s.
• Remains the most used encryption type.
• Examples: DES (Data Encryption Standard), AES (Advanced Encryption Standard).

Substitution Technique

• Plaintext letters are replaced by other letters, numbers, or symbols.
• Plaintext bit patterns replaced with ciphertext bit patterns.

Caesar Cipher

• It is one of the simplest/earlist substitution cipher, used by Julius Caesar.
• Every letter is replaced by the letter three places down the alphabet.
• The alphabet wraps around in the Caesar Cipher, so the letter after is A.

Caesar Cipher Algorithm Details

• Each letter is given a number based on its location in the alphabet.
• C = E(k, p) = (p + k) mod 26 where 'C' is the cipher, 'E' is encryption, 'k' is the key. 'p' is the plaintext.
• p = D(k, C) = (C - k) mod 26 where 'D' is decryption.

Brute-Force Cryptanalysis of Ceasar Cipher

• Encryption and decryption algorithms are known.
• There is only 25 keys to try.
• The plaintext is known or easily recognizable.

Monoalphabetic Cipher Definition

• A permutation of a finite set of elements S is an ordered sequence of all the elements of S, with each element appearing exactly once.
• If "cipher" can be any permutation, 26 alphabetic characters yield 26! (over 4 x 10^26) keys.
• Has 10 more orders of magnitude than DES regarding keyspace.
• Employs a single cipher alphabet per message.

Monoalphabetic Cipher Vulnerabilities

• Easy to break because they reflect frequency data of the original alphabet.
• Digram: Most common two-letter combo is "th."
• Trigram: Most common three-letter combo is "the."
• Countermeasures: Using multiple substitutes (homophones) for a single letter.

Playfair Cipher

• It is a multiple-letter encryption cipher.
• Digrams are treated in plaintext as single units translated into ciphertext digrams.
• Based on a 5x5 letter matrix with a keyword.
• The British and US Armies used it in World War 1 and 2.

Playfair Key Matrix Construction

• Fill with keyword letters (no duplicates), left to right, top to bottom.
• Then fill the rest of the matrix with remaining alphabet letters.
• Rules for encryption
• Repeating letters in a pair are separated by "x."
• If 2 letters are in the same row: replace each with the letter to its right (wrap to start if needed).
• If 2 letters are in the same column: replace each with the letter below it (wrap to top if needed).
• Otherwise replace a letter with the one in its own row, but in the column of the other letter.

Rail Fence Cipher

• Simplest transposition cipher.
• The algorithm writes plaintext as diagonals, then reads them off as a sequence of rows.

Row Transposition Cipher

• More complex transposition.
• Writes the message in a rectangle, row by row.
• Then reads the message off by column but permutes column order.
• The column order is the key to the transposition.

Rotor Machines

• Enigma was used in WWII.
• Offers multiple stages of encryption.
• Each cylinder has 26 input/output pins linked internally.
• Results in 262626 = 17,576 different substitution alphabets.
• Points the way to modern ciphers like Data Encryption Standard (DES).