Network Security Principles Quiz

Questions and Answers

Which of the following best describes the focus of network security?

• Ensuring the reliability of information through non-repudiation.
• Protecting networks and their services from unauthorized activities. (correct)
• Preserving the confidentiality of all digital information.
• Maintaining data integrity across all systems.

Which of the following is primarily concerned with ensuring that data has not been altered during transmission or storage?

• Authenticity
• Availability
• Confidentiality
• Integrity (correct)

What does 'authenticity' primarily verify in the context of network security?

• The ability to trace actions of a network entity.
• The genuineness and verifiability of a property or entity. (correct)
• The secrecy of transmitted data.
• The timely and reliable access to network resources.

Which of the following is a key concern of information security but not directly classified under primary 'network security' objectives?

Non-repudiation (B)

Which standardization organization is a US federal agency?

National Institute of Standards and Technology (D)

Which objective refers to ensuring timely and reliable access to information and resources?

Availability (B)

What does the security objective 'confidentiality' primarily address?

The protection of data from unauthorized disclosure (A)

According to the provided content, what is an essential component of 'accountability' in network security?

Making sure a user cannot deny performing an action. (D)

Which of the following statements is true about symmetric encryption algorithms?

Symmetric algorithms require a shared secret key known only to the communicating parties. (A)

What is the main point of Kerchoff's Principle regarding encryption?

The security of a cipher should rely solely on the strength of the secret key. (C)

What is the greatest common divisor (GCD) of 595 and 408, according to the Euclid Algorithm provided in the text?

17 (C)

In the context of Fermat's Theorem, what is the value of $5^{3-1}$ modulo 3?

1 (D)

How does proving Fermat's Theorem rely on the concept of modular arithmetic?

It's used to demonstrate that the product of elements in X taken modulo p is equal to (p-1)! modulo p. (C)

Which of the following is NOT a valid use case for asymmetric encryption algorithms?

Protecting confidential information stored on a server. (D)

What is the practical benefit of combining symmetric and asymmetric encryption algorithms in a secure communication system?

It allows for faster communication speeds while still providing security. (B)

Why are symmetric algorithms generally considered faster compared to asymmetric algorithms?

They involve fewer computations for encryption and decryption. (A)

Which of the following best describes a security mechanism?

A process designed to detect, prevent, or recover from security attacks. (C)

What is the primary purpose of a security service?

To enhance the security of a system using security mechanisms. (D)

Which of the following is considered a network security design principle focusing on reducing complexity?

Economy of mechanism (C)

What security design principle focuses on granting only necessary access rights?

Least privilege (D)

What does 'end to end security' typically imply?

Security between endpoints of communication. (D)

Which of these systems is responsible for limiting access between a network and its devices?

Firewall (D)

Which type of security attack involves making changes to information?

Modification (C)

What is the main goal of an intrusion prevention system?

To detect and then stop malicious activities after they are detected. (C)

Which of the following describes a passive attack in computer security?

Detection of data during transmission (B)

What is a common example of an active attack?

IP Spoofing (A)

Which type of attack involves the unauthorized impersonation of a user or device?

Masquerading (A)

Which type of algorithm generates the same key for both encryption and decryption?

Symmetric Encryption (B)

Which of the following is NOT considered a service provided under network security services?

Code execution (B)

What type of cryptographic algorithm is used for verifying the integrity of a message?

Message Authentication Codes (C)

What is the purpose of traffic analysis in network security?

Interpret packet lengths and endpoints (D)

Which of the following is a characteristic of Denial-of-Service attacks?

Preventing user access to services (B)

Which encryption type allows decryption keys to be derived from the encryption key?

Symmetric Encryption (C)

What is the main purpose of a digital signature?

To ensure data integrity and authenticity (B)

How does key management contribute to network security?

It ensures data confidentiality and integrity (B)

Which of the following surfaces is NOT generally categorized under network security vulnerabilities?

Virus protection software (B)

Which mechanism helps protect communication over insecure channels?

Encryption (B)

Which of the following algorithms is an example of symmetric encryption?

AES (D)

In asymmetric encryption, what is true about the encryption and decryption keys?

They are entirely separate and different (D)

Which of the following does NOT describe a block cipher?

Outputs a continuous stream of symbols (B)

Flashcards

Security attack

Actions compromising the security of information.

Security mechanism

Processes to detect, prevent, or recover from security attacks.

Security service

Processing to enhance security using security mechanisms.

Threat

Circumstance or event that can impact organization operations.

Attack

Malicious activity to collect, disrupt, deny, degrade, or destroy information/systems.

Interception

A type of attack affecting confidentiality.

Interruption

An attack that affects availability of services.

Modification

An attack compromising integrity of information.

Information Security

Preservation of confidentiality, integrity, and availability of information.

Network Security

Protection of networks and their services from unauthorized access and harm.

Key Security Objectives

Main goals of network security: confidentiality, authenticity, integrity.

Confidentiality

Ensures data is kept secret and accessed only by authorized individuals.

Authenticity

Property of being genuine and verifiable.

Integrity

Ensures data is accurate and unchanged during storage or transfer.

Availability

Timely and reliable access to information and resources.

Standardization Organizations

Groups that create and maintain standards for information and network security.

Symmetric Algorithms

Encryption algorithms requiring a shared secret key for both parties.

Asymmetric Algorithms

Encryption algorithms using a public and a private key for secure communication.

Kerchoff’s Principle

A cipher's security should rely solely on the secrecy of the key, not on obscurity.

Euclid's Algorithm

A method for finding the greatest common divisor (gcd) of two integers.

Fermat's Theorem

If p is prime and a is not divisible by p, then a^(p-1) ≡ 1 (mod p).

Proof of Fermat’s Theorem

Shows that positive integers multiplied by a modulo p yield unique non-zero results.

Shared Secret

A key known only by the parties communicating using symmetric encryption.

Modular Arithmetic

A system of arithmetic for integers, where numbers wrap around upon reaching a certain value.

Cryptographic Algorithms

Mathematical procedures for encrypting and decrypting data.

Symmetric Encryption

Encryption where the same key is used for both encryption and decryption.

Asymmetric Encryption

Encryption using a pair of keys: one for encryption and a different one for decryption.

Block Ciphers

Encryption that processes data in fixed-size blocks.

Stream Ciphers

Encryption that processes data as a continuous stream of symbols.

Digital Signatures

Cryptographic value that authenticates the sender and integrity of a message.

Data Integrity

Ensuring information remains accurate, consistent, and trustworthy over its lifecycle.

Notarization

The service of verifying the authenticity of a digital document or signature.

Passive Attacks

Attacks that monitor data transmission without modification, like packet sniffing.

Packet Sniffing

A technique for capturing data packets traveling over a network.

Traffic Analysis

Inspecting data flow patterns to determine traffic type and endpoints.

Active Attacks

Attacks that involve altering data or pretending to be someone else, such as IP spoofing.

IP Spoofing

Masquerading by using a foreign IP address to impersonate another device.

Denial-of-Service (DoS)

An attack that aims to make a service unavailable by overwhelming it with requests.

Data Confidentiality

Protects the content of messages from unauthorized access.

Study Notes

Network Security Introduction

• Course title: Network Security
• Instructor: Prof. Dr. Torsten Braun, Institute for Informatics, University of Bern
• Dates: September 16, 2024 – September 23, 2024

Table of Contents

• Concepts
• Security Attacks
• Security Services and Mechanisms
• Encryption
• Number Theory

1. Concepts: Information and Network Security

• Information Security: Preservation of confidentiality, integrity, and availability of information
• Network Security: Protection against unauthorized modification, destruction, or disclosure of networks and their services. Provides that network functions correctly without side effects
• Additional factors: Authenticity, accountability, non-repudiation, and reliability

1. Concepts: Standardization Organizations

• National Institute of Standards and Technology (NIST): US federal agency
• Internet Society: Professional membership society
• International Telecommunication Union (ITU): Telecommunication
• United Nations:
• International Organization for Standardization (ISO): Federation of national standard organizations

1. Concepts: Key Security Objectives

• Confidentiality: Ensuring only authorized parties can access information
• Authenticity: Ensuring that data originates from the claimed source
• Integrity: Ensuring data is not altered during transmission

1. Concepts: Essential Information/Network Security Objectives

• Confidentiality: (plus privacy)
• Authenticity: Property of being genuine and verifiable
• Integrity: Data integrity, system integrity
• Availability: Timely and reliable access
• Accountability: Requirement for actions to be traced, including non-repudiation, deterrence, fault isolation, and intrusion detection

1. Concepts: Terminology

• OSI Security Attack: Actions compromising security information
• Security Mechanism: Processes for detecting, preventing, or recovering from attacks
• Security Service: Processing or communication services to enhance security
• Threat: Circumstance or event with potential to impact organizational operations
• Attack: Malicious activity to collect, disrupt, deny, degrade, or destroy information or system resources

1. Concepts: Security Design Principles

• Economy of mechanism, complexity
• Fail-safe defaults
• Complete mediation
• Open design
• Separation of privilege
• Least privilege
• Least common mechanism
• Psychological acceptability
• Isolation
• Encapsulation
• Modularity
• Layering
• Least astonishment

1. Concepts: Securing Networks

• Placement of security in protocol stack
• Practical considerations include end-to-end security and no operating system modifications

1. Concepts: Device Security

• Concern: Intrusions gaining access to network devices or end systems
• Systems: Example systems are:
  • Firewall: Hardware/software that limits access between networks
  • Intrusion Detection: Analysis of network traffic to identify malicious access attempts
  • Intrusion Prevention: Stopping malicious activities after detection

2. Security Attacks: Attacks and Concepts

• Interception: (confidentiality)
• Interruption: (availability)
• Modification: (integrity)
• Fabrication: (authenticity)

2. Security Attacks: Kent's Classification: Passive Attacks

• Packet Eavesdropping: Detection of data (e.g., passwords, credit card numbers)
• Traffic Analysis: Detection of end points and traffic type (e.g., addresses, packet lengths)

2. Security Attacks: Kent's Classification: Active Attacks

• Imitation of wrong identities: (masquerading), e.g. IP Spoofing
• Modification of messages: Altering the content of messages transmitted
• Replay Attacks: Repeated transmission of data
• Denial-of-Service Attacks: Blocking network or server functions like repetition of TCP SYN packets

2. Security Attacks: Surfaces

• Categories: Network, Software, Humans
• Examples: Open ports in servers, services inside firewalls, code processing incoming data, interfaces, SQL, web forms, employees

3. Security Services and Mechanisms: Network Security Services

• Peer-entity and data-origin authentication: Assures that the recipient's message is valid
• Access control: Limits access to authorized users
• Data confidentiality: Protects against unauthorized release
• Data integrity: Guarantees a message isn't altered
• Non-repudiation: Protects against sender/receiver denying sending/receiving a message
• Availability: Guarantees system services are accessible when needed
• Security audit: Keeps track of transactions

3. Security Services and Mechanisms: Security Mechanisms

• Cryptographic algorithms: (reversible, non-reversible), data integrity, digital signatures
• Authentication exchange:
• Traffic padding:
• Routing control:
• Notarization:
• Access control:

3. Security Services and Mechanisms: Cryptographic Algorithms

• Keyless Algorithms: Cryptographic hash functions, cryptographic random number generation
• Single-Key Algorithms: Symmetric encryption (e.g., AES), message authentication codes (e.g., HMAC)
• Two-Key Algorithms: Asymmetric encryption (e.g., RSA), digital signature (e.g., RSA), key exchange, user authentication

3. Security Services and Mechanisms: Relationship of Security Services and Mechanisms

• Table showing relationships between services and mechanisms

4. Encryption: Operation

• Communication over an insecure channel
• Encryption by sender
• Decryption by receiver
• Attacker cannot understand communication

4. Encryption: Algorithm Types - Block Ciphers

• Input: Block of n bits
• Output: Block of n bits
• Example: AES
• Can be used to build stream ciphers

4. Encryption: Algorithm Types - Stream Ciphers

• Input: Stream of symbols
• Output: Stream of symbols
• Example: GSM

4. Encryption: Models - Symmetric Encryption

• Encryption key = Decryption key
• Decryption key derived from encryption key
• Example: AES

4. Encryption: Models - Asymmetric Encryption

• Encryption key ≠ Decryption key
• Decryption key cannot be derived from encryption key
• Example: RSA

4. Encryption: Symmetric vs Asymmetric Algorithms

• Symmetric algorithms are much faster (e.g., 1000 times faster)
• Symmetric algorithms require shared secret (impractical if no secure channel)
• Both types are combined for practical secure communication (e.g., establish secret session key using asymmetric crypto, encrypt traffic with symmetric crypto)

4. Encryption: Kerchoff's Principle

• Cipher should be secure even if attacker knows all encryption details except for the secret key
• No security by obscurity

5. Number Theory: Finding Prime Numbers

• Euclidean algorithm for finding greatest common divisors (GCD) of two integers

5. Number Theory: Fermat Theorem

• If p is a prime and a > 0, and a isn't divisible by p, then ap-1 = 1 (mod p).
• Alternative form: If p is prime and a > 0, then ap = a (mod p).

5. Number Theory: Proof of Fermat's Theorem

• Proof demonstrates theorem with positive integers less than p (set P) by considering other positive integers less than p (sets X) and taking the results (mod p)

5. Number Theory: Euler's Totient Function

• Function ø(n) counts positive integers less than n that are relatively prime to n

5. Number Theory: Euler's Theorem

• For any a and n that are relatively prime, aø(n) = 1 (mod n)
• Alternative form: aø(n) + 1 = a (mod n)

5. Number Theory: Miller-Rabin Algorithm

• Used to test large numbers for primality
• Probability of a failed test < 1/4¹⁰

5. Number Theory: Miller-Rabin Algorithm (Example)

• Example usage of the algorithm for numbers 29 and 221

5. Number Theory: Deterministic Primality Algorithm

• Prior to 2002, no efficient method for proving primality of large numbers existed. Previous methods often produced probabilistic results.
• AKS algorithm (2002) provides a deterministic method for efficient primality testing of large numbers.

5. Number Theory: Discrete Logarithm

• Given y = gx (mod p), calculating x is computationally difficult, especially for large primes
• Used in Diffie-Hellman key exchange