CSY450 Pervasive Computing Lecture 6

Questions and Answers

What is the primary concern regarding routing in ad hoc networks from a security perspective?

Ad hoc networks rely heavily on broadcasting, which makes them vulnerable to eavesdropping.

Routing protocols can be easily exploited to redirect traffic to malicious nodes.

Routing protocols in ad hoc networks are inherently inefficient and prone to errors.

The lack of a central authority makes it difficult to ensure the authenticity of routing information. (correct)

What is the central idea behind the 'man in the middle' attack in the context of ad hoc networks?

A malicious node attempts to overload the network by sending excessive data packets.

A malicious node uses network vulnerabilities to bypass security measures and gain unauthorized access.

A malicious node intercepts and modifies data between two legitimate nodes. (correct)

A malicious node tries to gain access to the network by impersonating a legitimate device.

Which of the following security risks are directly related to the use of pre-keying in ad hoc networks?

The vulnerability of pre-keying to traffic analysis attacks.

The need for frequent key updates to prevent key compromise. (correct)

The possibility of attackers exploiting known key weaknesses.

The difficulty of managing and distributing encryption keys. (correct)

How does 'traffic analysis' compromise the security of ad hoc networks even without decrypting data?

By identifying patterns in communication to infer sensitive information.

What is the main vulnerability exploited in a 'buffer-overflow' attack?

The lack of proper input validation leading to data overwriting.

What is the most significant security issue associated with ad hoc networks in comparison to traditional networks?

The absence of a central authority for managing network security.

Which of the following is NOT a security concern related to ad hoc networks?

The reliance on centralized authentication servers for secure communication.

Which of the following is a potential consequence of a successful 'man in the middle' attack in an ad hoc network?

All of the above.

What does data integrity ensure regarding the data received?

Data has been sent without any alteration.

Which of the following best describes confidentiality?

Data is protected so only intended recipients can access it.

What is the primary purpose of nonrepudiation in electronic transactions?

To ensure the sender cannot deny sending the data.

What is a common form of attack that poses a risk to system availability?

Denial-of-service (DoS) attack.

Which traditional security issue involves protecting data from unauthorized alteration or manipulation?

Integrity

What additional problem do mobile and wireless systems introduce to traditional security?

Greater risk of data interception.

What security issue is characterized by unauthorized persons being able to block legitimate users from accessing resources?

Availability

What is a major concern in terms of mobile and wireless security?

Limited resources can complicate security measures.

What distinguishes a DDoS attack from a DoS attack?

DDoS attacks employ multiple machines.

Which attack is designed to flood a local network with replies?

Smurf attack

What does the exhaustion of battery resources entail?

The battery is completely drained abruptly.

Which of the following attacks sends oversized ping packets to crash systems?

Ping of death

Why might mobile users not want their wireless systems to be detected?

For privacy and security reasons.

What is a consequence of physical interception (packet sniffing) in wireless systems?

It allows unauthorized reading of data.

What problem arises from the detectability of wireless systems?

It may result in unauthorized data access.

What issue does theft-of-service typically involve in a mobile context?

Connecting to a stronger neighbor's wireless network.

Study Notes

CSY450. Pervasive Computing - Lecture 6: Security Issues

• Lecture presented by Heba KH. Ahmed, Ph.D., Associate Professor, Computer Systems Department, Faculty of Computer & Information Science
• Agenda items include Security, Traditional Security Issues, Mobile and Wireless Security Issues, and Ad Hoc Networks Security Issues

Traditional Security Issues

• Integrity: System integrity means a system performs its intended function without unauthorized interference. Data integrity means data hasn't been altered after transmission.
• Confidentiality: Only intended recipients can access data, secured through mechanisms like encryption.
• Nonrepudiation: The sender cannot deny sending the data, vital for e-commerce.
• Availability: Systems and resources should be accessible to authorized users. Denial-of-service (DoS) attacks interfere. Distributed DoS (DDoS) involves multiple machines flooding a target with traffic, causing unavailability.

Mobile and Wireless Security Issues

• Detectability: Wireless signals are easily detectable; this is a concern for mobile device security.
  • Mobile users often don't want their systems identified.
• Limited Resources: Mobile devices have limited processing power, storage, and battery life, impacting security measures.
• Interception: Wireless transmissions are vulnerable to interception; encryption is essential.
• Theft-of-service: A user might connect to a network mistakenly believing they are connecting to the desired network.

Ad Hoc Networks Security Issues

• Networks established without a fixed infrastructure.
• Data often passes through multiple intermediate devices.
• Man-in-the-middle attacks: A malicious device can place itself in the path of communication and manipulate or eavesdrop on the exchange.
• Routing issues: Spoofing (impersonation) is a risk. Key routing nodes can be disabled through resource-exhaustion attacks.
• Pre-keying Management: Key creation, distribution, storage, and revocation require careful management to maintain secure encryption/authentication processes. Compromised keys should be replaced to prevent exposure. High cost protocols may not be suitable for many applications. Public key encryption can help avoid key exchange

Additional Common Attacks

• Traffic analysis: Attackers can interpret data exchange even without decryption by analyzing data patterns. Examples include increased pizza deliveries to a location before a military action.
• Buffer-overflow attacks: A program tries to put more data into a buffer than it was designed to hold and this data can alter or harm the system.

Description

This quiz focuses on security issues discussed in Lecture 6 of CSY450 Pervasive Computing. Topics include traditional security issues such as integrity, confidentiality, nonrepudiation, and availability, as well as mobile and wireless security concerns. Test your understanding of these critical concepts related to computer security!