Security Engineering Overview

Questions and Answers

PDF Questions PDF Answers

Which of the following is NOT a key aspect of security engineering?

Web Development (correct)

Applied Psychology

Cryptography

Artificial Intelligence

Security engineering only focuses on software applications and does not involve hardware considerations.

False

What is the primary goal of security engineering?

To develop resilient systems that withstand attacks or errors.

_________ refers to the practice of secure communication through the use of codes to protect information.

Cryptography

Which domain requires high reliability and security to prevent catastrophic failures?

Nuclear safety and control systems

Artificial Intelligence can be used to enhance security measures.

True

What specific domains exemplify the importance of assurance in security engineering?

Nuclear safety, cash machines, and medical records.

Match the following components of security engineering with their descriptions:

Cryptography = Secure communication through codes Tamper resistant hardware = Resists unauthorized access modifications Applied Psychology = Examining human behavior to anticipate threats Economic behavior = Understanding financial implications of security investments

What is a potential vulnerability in cheaper devices?

Improper nonce management

Two-factor authentication relies solely on a unique identifier like a PIN.

False

What is the primary purpose of Identify Friend or Foe (IFF) systems?

To identify and differentiate friendly forces from hostile ones.

The Needham-Schroder protocol uses _______ to avoid replay attacks.

nonces

Match the following security protocols with their primary function:

Two-Factor Authentication = Enhancing login security with multiple credentials CAP = Securing transactions through unique EMV chip cards Key Management Protocols = Managing shared keys for secure communication IFF = Identifying friendly or hostile forces in military operations

What does Chip Authentication Program (CAP) primarily respond to?

Phishing threats

Static PIN management was a well-received approach in past protocols.

False

What type of attacks does the IFF system's encrypted challenges help prevent?

Man-in-the-middle attacks

Which of the following is NOT a standard access right?

EXECUTE

Mandatory Access Control (MAC) allows object owners to determine access permissions.

False

What does an Access Control Matrix (ACM) represent?

Permissions of subjects over objects.

In access control, __________ specifies which users or groups have permissions to access particular resources.

Access Control Lists (ACLs)

Match the following access control mechanisms with their descriptions:

MAC = Central authority determines access DAC = Object owner controls access ACLs = Specifies user permissions Capabilities = Tickets granting access rights

Which level of access control authenticates users using methods like passwords?

Operating System Level

Groups and roles help manage access effectively in organizations.

True

What are the two main types of access control mechanisms?

Mandatory Access Control (MAC) and Discretionary Access Control (DAC).

What is the main purpose of access control mechanisms?

To ensure security in computer systems

Tamper resistance refers to a device's ability to detect unauthorized access.

False

What does the term 'tamper evidence' imply?

It indicates that there is apparent evidence of tampering if a key is extracted.

Access control mechanisms help organizations mitigate ______ against unauthorized access.

risks

Match the following terms related to access control:

Authentication = Verifying identity Authorization = Granting access rights Access Rights Management = Control of user permissions Tamper Resistance = Protection against key extraction

Which of the following scenarios could require physical tamper resistance?

PayTV cards distributed to individuals

Sensitive information such as long-term cryptographic keys requires less protection than what standard operating systems provide.

False

What kind of processors are available in the market to protect devices from unauthorized access?

Portable tamper-resistant processors

What does IBM’s μABYSS device do when it detects physical tampering?

Breaks sensing loops and destroys data

Memory remanence is the ability of data to be retained in memory even after power has been turned off.

True

What is one solution to mitigate the risks associated with memory remanence?

Temperature and radiation alarms

The __________ initiative addresses risks from monitoring electromagnetic emissions from devices.

Tempest

Which of the following features does not enhance the effectiveness of security processors?

Alarm inaccuracies

Match each security processor with its usage or characteristic:

iButton = Secure access for government laptops Dallas 5002 = Point-of-sale terminals protection Clipper Chip = Government communication encryption Smartcard = Microprocessors and memory integration

What critical threat can arise from failure in memory security?

Data recovery upon reboot

The Clipper chip has no known vulnerabilities.

False

Study Notes

Security Engineering

• Security engineering focuses on building systems resilient against attacks or errors.
• It involves designing, implementing, and testing systems to meet security requirements.
• Key aspects include:
  • Cryptography: Secure communication using codes.
  • Tamper-resistant hardware: Devices resistant to unauthorized modifications.
  • Software engineering: Incorporating security principles in software development.
  • Economics: Understanding the financial implications of security investments.
  • Applied psychology: Anticipating security threats through human behavior assessment.
  • Law: Knowledge of relevant legal frameworks.
  • Artificial intelligence: Utilizing AI for enhanced security and automation.
  • Adversarial thinking: Strategic foresight and planning to anticipate attacks.

Assurance Requirements

• Assurance is paramount in security engineering, especially in systems where failure can have severe consequences.
• Examples include:
  • Nuclear safety and control systems: High reliability and security are critical to avoid catastrophic failures.
  • Cash machines and online payment systems: Protecting users' financial information requires integrity and confidentiality.
  • Medical Records: Safeguarding patient confidentiality and data integrity is paramount.

Potential Vulnerabilities

• Vulnerabilities can still arise even with strong protocols:
  • Cheaper devices might use nonces that are not truly random, opening the door to denial-of-service attacks.
  • Weak cryptographic practices can compromise security; for example, Eli Biham's attack on the Keeloq cipher in 2008.

Two-Factor Authentication

• Two-factor authentication enhances security by adding an extra layer of verification.
• It involves using multiple credentials, such as a unique identifier (like PIN) and nonces, to authenticate users and servers.

Identify Friend or Foe (IFF)

• IFF systems play a vital role in military contexts.
• They involve a challenge-response mechanism to identify allies and prevent unauthorized access.
• Considerations for potential man-in-the-middle attacks require encrypted challenges to prevent tampering.

Issues in Previous Protocols

• Past errors in protocols, like those in 1993 IBM ATM systems, highlight the importance of dynamically generated challenges and robust encryption.
• These errors emphasized the need for fresh challenges and strong encryption to defend against attacks.

Chip Authentication Program (CAP)

• CAP was developed to combat phishing threats.
• It uses unique EMV chip cards for secure transactions, incorporating varying levels of security based on transaction complexity.

Key Management Protocols

• Secure communication using shared keys requires effective key management protocols.
• A trusted server can encrypt a new key for Bob, allowing Alice and Bob to communicate securely with fresh keys and messages.

Access Rights and Typical Manipulations

• Access rights control operations that can be performed on objects.
• These typically include:
  • READ: Viewing the content of an object.
  • MODIFY: Changing the content of an object.
  • CREATE: Generating a new object.
  • CHANGE: Altering the properties of an object.
  • DELETE: Removing an object.

Types of Access Control

• Access control mechanisms can be categorized into two main types:
  • Mandatory Access Control (MAC): Central authority determines access permissions based on predefined policies.
  • Discretionary Access Control (DAC): Object owners control access permissions, providing a decentralized approach.

Access Control and Objects

• Common objects in access control include:
  • Files
  • Directories (or folders)
  • Memory segments
• An entity can serve both as a subject and an object depending on the context.

Access Control Mechanisms in a System

• Access control happens at multiple levels in a computing environment:
  • Application Level: Restrictions based on application-specific policies.
  • Middleware Level: Bridge between operating system services and application requests.
  • Operating System Level: Authentication via passwords or Kerberos, and regulating access to objects and resources.
  • Hardware Level: Foundation for implementing access controls.

Access Control Matrix (ACM)

• The Access Control Matrix is a structured representation of permissions.
• Each row represents a subject (user/program); each column, an object (file/resource).
• Cells indicate a subject's access rights over an object.
• It's a policy model, not a direct enforcement tool.

Groups and Roles in Access Control

• Groups and roles are crucial for managing access in large organizations:
  • Groups: Users sharing common access rights.
  • Roles: Defined sets of permissions assigned to users based on responsibilities.

Access Control Lists (ACLs) vs Capabilities

• ACLs define which users/groups have access to resources.
• Capabilities are tickets that grant permission to interact with a resource, enabling rights delegation.

Conclusion

• Access control mechanisms are integral to computer security.
• Understanding these models, principles, and technologies allows organizations to safeguard sensitive information and maintain operational integrity.

Physical Tamper-Resistance

• Protecting computers and devices holding sensitive information is crucial, even in complex situations.
• Tamper resistance refers to the ability of a device to safeguard confidential keys from extraction.
• Tamper evidence indicates that if a key is extracted, there's evidence of tampering.

High-end Physically Secure Processors

• The need for physical security escalated with the rise of multi-user operating systems and vulnerabilities.
• Sensitive information, like cryptographic keys and PINs, requires greater protection than standard commercial operating systems provide.
• IBM's μABYSS device uses physical tampering to trigger data destruction, but it remains vulnerable to slow attacks like sandblasting.

Memory Remanence Exploitation

• Memory remanence refers to the retention of residual data in computer memory after power off.
• Temperature and radiation alarms can counter this issue, but failures in memory security can expose data during reboot.

Tempest and Power Analysis

• The Tempest initiative addresses the risk of monitoring electromagnetic emanations from devices.
• Solutions like solid aluminum shielding and low-pass-filtering power sources protect sensitive information from leaking during computations.

Design Constraints for Security Processors

• Security processors face balancing security robustness against potential alarm inaccuracies.
• Self-destructive features enhance security but could impair functionality in standard operating environments.

Commercial Security Processors and Their Vulnerabilities

• iButton Projects: Innovative in design and functionality but lack a tamper-sensing barrier.
• Dallas 5002 Attacks: Memory address observation can be exploited; therefore, strong encrypted key protocols are crucial.
• Clipper Chip Vulnerabilities: Enabled lawful decryption of encrypted communications, highlighting trust issues due to the design.

Smartcards and Advanced Attacks

• Smartcards combine microprocessors and memory, facing challenges such as erasure charges in EPROM memory.

Description

This quiz covers essential concepts in security engineering, focusing on the design and implementation of resilient systems. Key topics include cryptography, software engineering, and the impact of human behavior on security. Test your knowledge of principles that safeguard against attacks and system failures.