Digital Signatures and Encryption Concepts

Questions and Answers

What is the primary purpose of Digital Signatures (DS)?

To generate a MAC

To identify the creator of a file (correct)

To change the contents of a file

To encrypt a message

A Message Authentication Code (MAC) can detect if a message has been altered.

True

What does public key encryption utilize to secure messages?

Public and private keys

The purpose of a Digital Signature is to provide _____________ for the sender's identity.

authentication

Which statement is true regarding MAC and DS?

Both can determine if a message has been changed.

Match the following terms with their descriptions:

Public Key Encryption = Uses a key pair for secure communication Digital Signatures = Identifies the creator of a message Message Authentication Code = Ensures message integrity Replay Request = An attempt to repeat a valid data transmission

What is the main characteristic of symmetric block encryption?

Each character has another cipher version of itself.

Digital Signatures are unable to detect which key was used to encode the message.

False

Symmetric stream encryption produces output in blocks of text.

False

What algorithm is used in combination with a secret key to encrypt messages?

MAC algorithm

What kind of key is used in symmetric encryption?

A secret key shared between two parties.

Symmetric encryption is applied to _______ groups of text data.

large

Which of the following applications could utilize symmetric encryption?

All of the above

Match the applications with their potential encryption methods:

File Encryption = Symmetric Block Encryption Email = Symmetric Stream Encryption Chat Applications = Symmetric Key Encryption Voice Chat = Symmetric Block Encryption

Symmetric stream encryption leads to better performance than traditional block encryption.

True

Name one advantage of symmetric encryption.

Better performance or less code.

What might happen if a patient does not receive their diagnosis in a timely manner?

They may not receive the correct treatment in time.

An attacker could use a DDoS attack to improve hospital server performance.

False

What are the three key principles at risk when a hospital experiences a cyber attack?

Availability, Confidentiality, Integrity

An unauthorized person gaining access to a patient's private medical information violates __________.

Confidentiality

Match the following potential attackers with their motives:

DDoS attacker = Overwhelm systems to block access Confidentiality attacker = Expose private information Integrity attacker = Modify patient records Legislation attacker = Alter laws and regulations

What can result from an attacker modifying a patient's diagnosis?

Misdiagnosis of the patient.

Flooding attacks help to enhance the availability of computer systems.

False

What type of attack relies on understanding the nature of the algorithm and plaintext?

Cryptanalysis

Cyber attacks often lead to breaches in __________, causing sensitive information to be leaked.

security

Which of the following best describes a SYN cookie?

A technique for mitigating SYN flood attacks.

Spoofing techniques are used to conceal a user's true identity online.

True

What type of law firm would likely be concerned about conflicts related to data privacy issues?

a law firm specializing in cyber law

A daily newspaper's goal in a cyber attack scenario is to prevent the system from __________.

crashing

Which of the following best describes a potential consequence of a confidentiality breach?

Legal actions against the institution.

Match the following cyber attack techniques with their descriptions:

Flooding = Overwhelms network resources Spoofing = Masquerades as a trusted entity Phishing = Tricks users into giving sensitive information DDoS = Disrupts service by sending numerous requests

Study Notes

Chapter 1 Overview

• CIA Triad: Confidentiality (data and privacy), Integrity (data and system), Availability.
• Confidentiality (Data): Private information not accessible to unauthorized users.
• Confidentiality (Privacy): Individuals control information about them, collection, storage, and disclosure.
• Integrity (Data): Data and programs changed only through authorized means.
• Integrity (System): System performs intended function without impairment.
• Availability: Services are available to authorized users in a timely manner.
• Authenticity: Property is genuine and can be verified; trust in content validity.
• Accountability: Clearly identify points of failure in systems to improve them.

Chapter 1 Overview: Threats

• Unauthorised Disclosure: An entity gains access to data not permitted.
  • Exposure: Data released to an unauthorized entity.
  • Interception: Unauthorized entity directly accesses sensitive information in transit.
  • Inference: Deriving information from limited access (e.g., traffic analysis).
  • Intrusion: Gaining access by bypassing system security.
• Deception: An entity receives false data and believes it to be true.
  • Masquerade: Unauthorized entity pretends to be authorized.
  • Falsification: Introducing false data to deceive an authorized entity.
  • Repudiation: Denying responsibility for an action.
• Disruption: Interruption or prevention of correct system operation.
  • Incapacitation: Disabling a system component.
  • Corruption: Changing system functionality or data.
  • Obstruction: Hindering system operation and service delivery.
• Usurpation: Unauthorized entity controls system services.
  • Misappropriation: Assumes unauthorized logical or physical control.
  • Misuse: Causing a system component to perform detrimental functions.

Chapter 1 Overview: Security Design Principles

• Economy of Mechanism: Security measures should be as simple as possible.
• Fail-safe Defaults: Based on explicit permissions, not exclusions.
• Complete Mediation: Access decisions checked against the access system, not caches.
• Open Design: Security mechanisms public (algorithms), secrets (keys).
• Separation of Privilege: Multiple attributes required for system access (e.g., multifactor authentication).
• Least Privilege: Users/processes have minimum necessary access.
• Least Common Mechanism: Minimise shared functionality among users.
• Psychological Acceptability: Security mechanisms do not hinder user workflows.
• Isolation: Separating sensitive information from public information.
• Encapsulation: Information and functions contained within logical boundaries.
• Modularity: Security separated into modules to prevent interference.
• Layering: Multiple layers of security to enhance protection.
• Least Astonishment: Security responses should be intuitive and not surprising.

Chapter 1 Overview: Security Policy

• Security Policy: A formal statement of security rules and practices.
• Security Policy Development: Considers asset value, system vulnerabilities, potential threats, and trade-offs (security vs use).
• Security Implementation: Includes prevention, detection, response, and recovery measures.

Chapter 1 Overview: Attack Surfaces

• Attack Surfaces: Reachable and exploitable vulnerabilities in a system.
  • Network Attack Surfaces: Vulnerabilities within a network (e.g., open ports).
  • Software Attack Surfaces: Vulnerabilities in software (e.g., code).
  • Human Attack Surfaces: Vulnerabilities due to human error.

Chapter 2 Cryptographic Tools

• Cryptanalysis vs Brute-force: Cryptanalysis exploits algorithm weaknesses, brute-force tries all possible keys.
• Symmetric Encryption Schemes: Shared secret key between sender and receiver.
  • Block Encryption: Encrypts blocks of data; used for file encryption, email.
  • Stream Encryption: Encrypts data one character at a time; used for real-time communication, voice chats.
  • Examples: DES (weak), Triple DES, AES (strong).
• Symmetric Encryption Requirements: Robust algorithm, secure key exchange.
• Data Authentication Aspects: Protection against passive (eavesdropping) and active (data modification) attacks.
• One-way Hash Function: Transform variable-length data into fixed-length hash; designed to be one-way.
• Message Authentication Codes (MACs): Append MAC to message for integrity verification.
• Digital Signatures: Use private key to sign message, verified with public key; ensures authenticity and integrity.
• Public Key Cryptosystems: Use pair of keys (public, private) for encryption/decryption; critical for secure key exchange.

Chapter 2 Cryptographic Tools: ECC and Certificates

• ECC (Elliptic Curve Cryptography): Offers equal security with smaller key sizes than RSA.
• Public Key Certificate: Contains public key, user ID, and trusted third party's signature; verifies public key ownership.

Chapter 3 User Authentication

• User Authentication Means: Password-based, token-based, biometric authentication, remote user authentication.
• Password Secrecy Threats: Offline dictionary attacks, specific account attacks, popular password attacks, password guessing, workstation hijacking, user mistakes, multiple password use, and electronic monitoring.
• Shadow Password File: Separates passwords from user IDs for enhanced security.
• Proactive Password Checker: System checks for validity before accepting passwords.
• Smart Token Authentication Classifications: Static, dynamic password generator, challenge-response models.
• Biometric Identification Characteristics: Facial, fingerprint, hand geometry, retinal, iris, signature, and voice.
• Biometric Terms: Enrollment (creating a biometric profile), verification (comparing data with profile), and identification (matching against profiles).
• Remote vs Local Authentication: Remote authentication over a network or Internet raises more security threats like eavesdropping and replay attacks.

Chapter 4 Access Control

• Authentication vs Authorization: Authentication verifies credentials, authorization grants access.
• RBAC: Role-based access control; users belong to roles; roles have permissions.
• DAC/MAC/RBAC: DAC relies on user discretion, MAC is mandatory, RBAC is role-based.
• Access Control Elements: Subject (accessing entity), object (resource), access right (permission).
• Owners/Groups/World: Hierarchical access control based on ownership, assigned groups, and general public access.
• ABAC (Attribute-Based Access Control): Access based on user, resource, and environmental attributes.
• ACLs vs Capability Tickets: ACLs define permissions for files, whereas capability tickets grant permissions to users.

Chapter 5 Database and Data Centre Security

• Database/DBMS/Query Language: Structured data collection, software maintaining the database, and the uniform interface for accessing data.
• Relational Databases: Tables with rows (data) and columns (attributes).
• SQL Injection Attacks: Injecting SQL commands into input fields to extract or modify data in a database.
• SQL Injection Attack Consequences: Data extraction, modification, or deletion, arbitrary operating system commands, and denial-of-service.
• SQL Injection Attacks Types: Tautologies, end-of-line comments, piggybacked queries, preventing the intended query from being analysed.
• RBAC for Database Access Control: Management approach for classifying database users into roles, easing administration, and improving security.
• Database Encryption Levels: Encryption applied to entire database, records, attributes, or fields.
• Data Center Availability Tiers: Standardized methodology defining uptime, from single to multi-redundant systems, in terms of uptime guarantees.

Chapter 6 Malicious Software

• Malware Propagation Mechanisms: Infected existing content, software vulnerabilities, and social engineering.
• Malware Payloads: Data corruption, theft of services (botnets), information theft, and stealth.
• APT (Advanced Persistent Threat): Targeted, sustained cyberattacks by well-funded groups (often state-sponsored).
• Virus/Worm Operation Phases: Dormant, triggering, execution, and propagation.
• Blended Attack: Using multiple malware types together for increased speed and impact.
• Worms vs Zombies: Worms self-propagate; zombies perform attacks in a botnet.
• Fingerprinting (Network Worms): Identifying vulnerable systems for infection.
• Drive-by Downloads: Exploiting browser vulnerabilities for malware downloads through compromised websites.
• Trojans: Masquerade as legitimate programs, enabling malware propagation via social engineering.
• Logic Bombs: Malicious code activated under predetermined conditions.
• Malware Types (Backdoors/Bots/Keyloggers/Spyware/Rootkits): Multiple types are often found together; backdoors are designed to bypass security; bots are automated attacks; keyloggers capture keystrokes; spyware collects user information, and rootkits hide malware from detection.
• Phishing vs Spear-phishing: Phishing targets large groups, spear-phishing targets specific individuals.
• Clickjacking: Tricking users into clicking on unintended buttons, links, or elements of a web page.
• Rootkit Characteristics: Persistent, memory-based, user-mode, kernel-mode, virtual machine-based, and external mode.
• Generic Decryption Scanner Elements: Policy, awareness, vulnerability mitigation, threat mitigation (detection, identification, removal).

Chapter 7 Denial-of-Service Attacks

• Denial-of-Service (DoS): Preventing legitimate users from accessing service by exhausting critical resources.
• SYN Flooding vs Spoofing: Flooding overwhelms server resources, while spoofing fills connection tables.
• HTTP Flood: Overwhelms Web servers with HTTP requests.
• Poison Packet Attacks: Packets that trigger system bugs.
• Spoofed Source Addresses (DoS): Hide originator of attacks to obscure the real source and evade detection/tracking.
• Backscatter Traffic: Responses to spoofed packets provide information about DoS attack specifics/victims.
• DDoS vs. Classic DoS: DDoS utilizes multiple systems (botnets), classic DoS comes from a single system.
• DDoS Architecture: Control hierarchy allows attacker to command multiple systems.
• Slowloris Attacks: Monopolize threads on a Web server with incomplete requests.

Chapter 8 Intrusion Detection

• Intrusion: Unauthorized act bypassing security mechanisms.
• Intrusion Detection: Software/hardware analysing system and network logs to identify intrusions.
• Host/Network/Distributed IDSs: Host-based focus on a single host, network-based monitors network traffic, and distributed combines both.
• Intrusion Detection Techniques: Anomaly detection (unusual behavior), knowledge-based (rules), machine learning (patterns), and signature/heuristic (known malicious patterns).
• IDS Requirements: Continuous operation, fault tolerance, resistance, limited overhead, and configuration adaptability.

Chapter 9 Firewalls and Intrusion Prevention Systems

• Firewall Design Goals: Control all network traffic, permit only authorized traffic, and be immune to penetration.
• Firewall Characteristics: Use IP addresses and protocols, application protocols, user identity, network activity, and network activity constraints.
• Firewall Capabilities: Support for VPNs and other network functions.
• Firewall Limitations: Cannot protect against attacks that bypass it, vulnerabilities, internal threats, and wireless connections between physically separate systems.
• Firewall Types: Packet filtering, stateful inspection, application-level gateway, and circuit-level gateway.
• Bastion Host: Secure system central in the network.
• Host/Personal Firewalls: Protect individual hosts and/or workstations.

Chapter 10 Buffer Overflow

• Buffer Overflow: Input exceeds buffer capacity, overwriting adjacent data/control information.
• Buffer Overflow Consequences: Data corruption, control transfer, memory access violation, and code execution.
• Buffer Overflow Exploit Needs: Identifying vulnerability, understanding memory layout, and crafting malicious code (shellcode).
• Buffer Overflow Defences: Compiled-time (using safer language features), safe coding practices, safe libraries, stack protection (canaries), executable address space protection (non-executable memory), address space randomization, and guard pages.
• Stack/Heap/Global Data Overflow Variants: Replacement stack frames, off-by-one attacks, return-to-system call.

Chapter 11 Software Security

• Software Security Issues: Unvalidated input, cross-site scripting (XSS), buffer overflow, injection flaws, and improper error handling.
• Vulnerability Reduction Approaches: Improved software development, testing techniques, and resilient architectures.
• Defensive/Secure Programming: Designing software resilient to attacks, never assuming anything about input.
• Input Handling: Validate data source types and sizes to prevent overflows.
• Injection Attacks: Input data affecting program flow, often involving external programs or utilities or CGI scripting.
• XSS Attacks: Injecting script code into HTML content displayed to other users.
• Input Validation: Whitelisting (accepting only valid inputs), blacklisting (blocking known malicious inputs), canonicalisation (standardized representation), and validation techniques for numbers.
• Input Fuzzing: Random data inputs to test robustness.

Description

This quiz covers the fundamental concepts of digital signatures, message authentication codes (MAC), and symmetric encryption. Test your understanding of how these technologies secure communication and the characteristics that differentiate them. Perfect for students studying computer security or cryptography.