COS 330 Exam PDF

Summary

This document appears to be an exam paper covering concepts in information security, specifically focusing on data confidentiality, integrity, and availability (CIA triad). Questions assess students' understanding of these concepts, as well as the types of threat consequences and actions related to them. The document likely belongs to a computer science course.

Full Transcript

Data confidentiality: private
information not available to
unauthorised users

Confidentiality: Privacy: Assures individuals
control what info related to
them, may be collected and
stored and by whom that info
may be disclosed.
Data integrity: Assures info and
programs only changed in
authorised manner.
System integrity: System
Integrity: performs intended function in
an unimpaired manner.
1.1 What is meant by the CIA (Example: no external program
triad? is changing the data you are
currently working with)
Prompt, services are available
Availability:
to authorised users
The property is genuine, and is
able to be verified and trusted,
must be confident it the
Authenticity:
contents validity (example.
CIA is well established but 2 verifying that users are who
others are needed for a more they say they are)
complete picture If something is to go wrong, you
need to be able to point out the
Accountability: point of failure. Since there are
no truly perfect systems this
helps to improve systems.
Data integrity ensures that only
a valid system or user is able to
change the contents of the data
(example: if you have a list of
names, only authorised users
can change it)

1.2 What is the difference Where system integrity focusing
between data integrity and more on the actually process of
system integrity? system and how it runs
(example: you have a server
running, if people spam your
server with tons of invalid
requests this will slow the
system down from being able
to process valid request, aka
DDoS)
Threat action(attack)
Exposure: data released to
unauthorised entity.
Interception: Unauthorised
entity directly access sensitive
information travelling between
entities.
Threat Consequence -
Unauthorised disclosure: A An example of inference is known as traffic analysis, in
where an entity gains access to which an adversary is able to gain information from
data to which it is not observing the pattern of traffic on a network, such as the
authorised amount of traffic between particular pairs of hosts on the
Inference: network.
Another example is the inference of detailed information from a
database by a user who has only limited access; this is
accomplished by repeated queries whose combined results enable
inference.
Intrusion: gains access by
circumventing system security.
Threat action(attack)
Masquerade: unauthorised
1.3 List and briefly define the
entity pretending to be
kinds of threat consequences Threat Consequence - authorised
and the types of threat actions Deception: an entity receiving
which cause these false data and believing it is Falsification: False data deceive
consequences. true. an authorised entity
Repudiation: deceives another
by denying responsibility for an
act
Threat action(attack)
Incapacitation: disabling a
Threat Consequence - system component
Disruption: Event that interrupts Corruption: changing the
or prevents the correct systems functions or data
operation of a system.
Obstruction: interrupts delivery
of system services by hindering
system operation
Threat action(attack)
Misappropriation: Assumes
Threat Consequence unauthorised logical or physical
-Usurpation: The control of control of a system
system services by an
Misuse: Cause a system
unauthorised entity.
component to perform a
function or service that is
detrimental to a system.
Economy of mechanism: the
security measures for both
hardware and software should
be as simple as possible.
Fail-safe default: based on
permission rather than
exclusion: rather of a listen of
who can access the system
instead of who cant.
Complete mediation: Access
decisions must be checked
against the access system, and
not rely on a cache. Which
means for example don’t trust
the information in a file is valid
rather test it before using it.
Open design: security
mechanisms should be open
rather than secret. Eg
encryption key should be secret
but the algorithm should be
public. This allows for the view
of the system by experts.
Separation of privilege: multiple
attributes needed to access a
system e.g. multi factor
authentication.
Least privilege: Every user or
process should operate with
the least amount of access
possible to perform the task.
1.4 List and briefly define the Least common mechanism:
fundamental security design minimise the functions shared
principles. by different users…
Psychological acceptability:
Security mechanism should not
interfere unduly with the work of
users. And at the same time
meet the security standards
(people might turn of security is
it hinders usage).
Isolation: separating information
(keep important info away from
public info)
Encapsulation: is a form of
isolation, also for example how
functions only belong to that
class and my have private and
public variables.
Modularity: The security should
be separated into separate
protected modules, this allows
from more plug and use
functionality and prevents from
modules interfering with one
another.
Layering: Applying security in
multiple places to ensure
continuous safety. I think this
Chapter 1 Overview still applies to using multiple
forms of security for example 2
step verification.
Least astonishment: Must
always respond in a way that is
least likely to astonish the user.
A security policy is an informal
description of desired desired
system behaviour, may
reference requirements for
security, integrity and availability.
A formal statement of rules and
practises that specify or
regulate how a system or
organisation provides security
to protect sensitive and critical
resources.
value of the asset being
protected
Things to consider when
Vulnerabilities of the system
developing a security policy:
Potential threats and likelihood
of attacks
1.5 What is a security policy?
What are the actions involved Ease of use vs security:
when implementing a security Trade offs to consider Cost of security versus cost of
policy?
failure and recovery
Prevention: If you don't want
people to read your data
encrypting it would be a way to
prevent someone from being
able to read it.
Detection:If you cant prevent
you would then need a way to
Security implementation determine who is the attacker.
Response: The system may
respond to to prevent the
attack once it is detected.
Example just shutting the
system down.
Recovery:The use of backup
system
Attack surfaces: is a reachable
and exploitable vulnerability of
the system:
open ports on outward facing
servers, the code listening to
the port
Services inside the firewall
E.g. Code that processes incoming
data
interfaces , sql and web forms
Employee with sensitive
information
Network attack surfaces: are
vulnerabilities of a network,
wide area network, internet.
Network protocol
1.6 Differentiate between a
vulnerabilities.
network attack surface and a
software attack surface. Software attack surfaces:
Types of attack surfaces:
vulnerabilities in application,
utility or operating system code.
Human attack surface:
vulnerabilities created by
personal or outside. E.g. human
error and trusted insiders.
Confidentiality is important for
student records because
students will most likely prefer
Confidentiality
to keep their marks private.
Freely available marks could
effect their ability to be hired.
Lack of integrity in marks would
defeat the whole point of being
graded due to the fact that the
marks would not be accurate.
Integrity Data integrity = user file security
A)
How does Integrity of service differ from System integrity = system file
availability? security
Availability = system uptime
Availability is important because
without being able to access
their marks, students would be
Availability unable to gauge how they are
doing throughout the semester,
or see whether they have
passed or not.
Someone other than yourself
Confidentiality publishes your marks online, in
a public forum
Someone gains access to the
Integrity University student records and
B)
changes their marks
A DDoS attack overwhelms the
University servers and
Availability
subsequently makes it difficult
for student to check their marks
Patients will likely want to keep
their medical history private and
not in the public domain. Some
Confidentiality reasons for this may be
personal privacy (avoiding
embossment) and/or practical
reasons (insurance, work etc)
Patients’ lives are quite literally
at risk if they receive incorrect
Questions information. For example, a
patient who is diagnosed with
Integrity
HIV/Aids but never learns this
due to a fault in the system will
likely die, and infect others
before they do so.
If a patient does not receive
their diagnosis within a timely
Availability fashion it may be ‘too little too
late’ and they may not receive
the correct treatment in time.
An unauthorised person may
gain access to a patients
Confidentiality
private medical information and
post it on a public forum
An attacker could gain access
to the hospitals medical records
Integrity and modify a patients’
diagnosis, resulting in them
being misdiagnosed
An attacker could use a DDoS
attack to overwhelm the
hospitals servers and make it
difficult for medical staff to
Availability
query a patients record, thus
blocking staff from learning
critical history information about
a patient
Publish proprietary corporate
material
A) We don’t want the next iPhone
being leaked in our press
release about Stores
Publish laws and regulations
A law firm
B)
We don’t want laws being
altered
A daily newspaper

C) We don’t want the system
crashing and preventing us
from printing
Cryptanalysis attacks rely on
understanding the nature of the
algorithm, plus some general
knowledge of the plaintext or
even some sample code. If an
attack is successful the
algorithm can be used to
successfully read all further
uses of the algorithm. This is
basically what Alan Turing did
with the Nazi encryption
algorithm Engima.
Brute-force attacks on the other
hand try every possible key on
a piece of ciphertext until a
solution into plaintext is
achieved. On average half of all
2.1 How is cryptanalysis possible keys must be tried to
different from brute-force achieve success. Short
attack? passwords are susceptible to
brute force attacks because of
this, whereas longer passwords
become exponentially more
difficult to break as they grow
longer.
Symmetric block encryption,
this basically means that every
character has another cipher File encryption
version of itself. WE encrypt Email
A symmetric encryption uses a blocks of text at a time. Applied
secret key that is shared to large groups of text data.
between two parties. There are
two versions of this: Symmetric stream encryption,
Whatsapp
produces output one character
at a time. Better performance + Voice chat
less code. Typically used on
small amounts of text. Stream of data

DES, can be brute forced due
to low key size 56 with ±hour
search. Poor performance.
Most studied encryption
Firstly, what is a symmetric algorithm in history, so there is
encryption scheme? the possibility to exploit its
2.2 List and briefly explain the characteristics through
different approaches to cryptanalysis.
attacking a symmetric
encryption scheme. Triple DES, solves the brute
force issue by repeating the
There are three types of
DES algorithm three times.
symmetric block encryption:
However DES is slow and Triple
DES compounds this. It’s
encryption is great, but
performance makes it less
attractive.
AES, improved on both of the
above with better performance
and 128, 192 and 256 block
lengths. Was the result of a
competition.
So, now that we know all of
this, we can use Brute force or
Cryptanalysis, however it
depends on the implementation
(DES, Triple DES, AES).
We need a strong encryption
algorithm. A would be
opponent should not be able to
decrypt it even if they know the
2.3 What are the two principal algorithm and possess seme
requirements for the secure use cipher text.
of symmetric encryption?
The sender and receiver must
each have obtained copies of
the secret key in a secure
manner.
Protection against passive
Eavesdropping
attack
2.4 List the two important
aspects of data authentication. Deleting of data
Protection against active attack
Modifying of data
Hash the message
Append a Message
Symmetric Authentication Code
Use secret key to encrypt
Append to message and send
2.5 What is one-way hash There are three techniques for Each user has a private keys,
function? hash functions: and a public key. Users can
Public key, (uses two separate share data to them via their
keys) unique public key and only they
can open with the associated
private key
Secret value, Hash + (Key + Secret key is incorporated into
Message) the hash process

Plaintext is inserted into MAC
algorithm to generate a unique
key. This is then appended to
the end of the plaintext and
sent along with it. This is
basically to be able to tell us
when data has been tampered
2.6 Briefly describe the three with.
schemes illustrated in Figure
2.3.
Can be applied to a block of
data of any size
Fixed length output
2.7 What properties must a Relatively easy to compute
hash function have to be useful
for message authentication? One-Way
You must always get the same
value after the hash
Can’t have duplicates
Plain text
Encryption algorithm
2.8 What are the principal
ingredients of a public-key Public and private key
cryptosystem?
Ciphertext
Decryption algorithm
Create a hash of the message,
h
Digital signature // to determine Run h through a digital
whether a message is valid or signature generation algorithm
not with your private key, S
Append this to the original
message.
Digital envelopes use the
recipient’s public key to create a
one-way sealed message.
2.9 List and briefly define three First you encrypt the message
uses of a public-key with a random symmetric key
cryptosystem.
Then encrypt the random
How do we send a secret key in symmetric key with a user’s
Symmetric key distribution
Chapter 2 Cryptographic a secure way? public key
Tools
And include this encrypted key
along with the message. So the The user will use then use their
“envelope” has two contents: private key to obtain the
The random symmetric key random symmetric key and
encrypted message, and public then unlock the message.
key random symmetric key.
Encryption of secret keys //
means what it says
The principal attraction of ECC
2.10 What advantage might compared to RSA is that it
elliptic curve cryptography appears to offer equal security
(ECC) have over RSA? for a far smaller bit size, thereby
reducing processing overhead
The digital signature does not
provide confidentiality. That is,
the message being sent is safe
from alteration, but not safe
from eavesdropping. This is
obvious in the case of a
signature based on a portion of
2.11 Do digital signatures
the message, because the rest
provide confidentiality?
of the message is transmitted in
the clear. Even in the case of
complete encryption, there is
no protection of confidentiality
because any observer can
decrypt the message by using
the sender’s public key.
A public-key certificate consists
of a public key plus a user ID of
the key owner, with the whole
block signed by a trusted third
party. The certificate also
includes some information
about the third party plus an
indication of the period of
validity of the certificate.
User software (client) creates a
pair of keys: one public and one
private.
Client prepares an unsigned
certificate that includes the user
ID and user’s public key.
User provides the unsigned
certificate to a CA in some
secure manner. This might
require a face-to-face meeting,
the use of registered e-mail, or
happen via a Web form with e-
mail verification.
CA uses a hash function to
calculate the hash code of the
unsigned certificate. A hash
2.12 What is a public-key function is one that maps a
certificate? variable-length data block or
message into a fixed-length
CA creates a signature as value called a hash code, such
follows: as SHA family that we will
discuss in Sections 2.2 and
21.1.
CA generates digital signature
using the CA’s private key and a
signature generation algorithm.
CA attaches the signature to
the unsigned certificate to
create a signed certificate.
CA returns the signed certificate
to client.
Client may provide the signed
certificate to any other user.
User calculates the hash code
of certificate (not including
signature).
Any user may verify that the User verifies digital signature
certificate is valid as follows: using CA’s public key and the
signature verification algorithm.
The algorithm returns a result of
either signature valid or invalid.
Generation of keys for public-
key algorithms.
Generation of a stream key for
symmetric stream cipher. (a key
is input to a pseudorandom bit
generator that produces a
stream of 8-bit numbers that
are apparently random. A
pseudorandom stream is one
that is unpredictable without
2.13 What are three different knowledge of the input key and
ways in which random numbers which has an apparently
are used in cryptography? random character (see Section
2.5). The output of the
generator, called a keystream,
is combined one byte at a time
with the plaintext stream using
the bitwise exclusive-OR (XOR)
operation.)
Generation of a symmetric key
for use as a temporary session
key or in creating a digital
envelope.
Public key encryption
Digital signatures (DS) Uses Public/Private keys to
identify the creator of a file
Key terms
Message A user will encrypt a message
Authentication Codes in combination with a secret key
(MAC) using the MAC algorithm
MAC would see that the MAC
number is different once
running the plain text through
A) Both MAC and DS would the MAC algorithm
determine that the message
has been changed DS would see that the public
key does not match the private
key that the message has been
encoded with
B) Neither MAC nor DS are able
to detect Replay requests. This
can be remedied by the use of
timestamp within messages
DS, by using the public key of
Questions the real sender Bob will see
who the message if from
C)
MAC, Bob will simply need to
ask for the key that was used to
encrypt
DS, Alice can see if bob’s public
key can be used to decrypt the
message -- this will work
because if he encrypted it it will
D) unlock.
Alice cannot claim otherwise
because no personal
information of hers is bing used
to generate the MAC address
Password-based
authentication: the system
compares the password to a
previously stored password for
that user ID, maintained in a
system password file.
Token-based authentication:
objects that a user possesses
3.1 In general terms, what are for the purpose of user
four means of authenticating a authentication.
user’s identity?
Biometric authentication:
attempts to authenticate an
individual based on their
physical characteristics.
Remote user authentication:
takes place over the Internet, a
network or a communication
link.
Offline dictionary attack: the
attacker obtains the system
password file and compares the
password hashes against
hashess of commonly used
passwords.
Specific account account:
attacker targets a specific
account and submits password
guesses until the correct
password is discovered.
Popular password attack: a
variation of the preceding attack
is to use a popular password
and try it against a wide range
of user IDs.
Password guessing against a
3.2 List and briefly describe the single user: attacker attempts
principal threats to the secrecy to gain knowledge about the
of passwords account holder and system
password policies and uses
that knowledge to guess the
password.
Workstation hijacking: the
attacker waits until a logged-in
workstation is unattended.
Exploiting user mistakes:
reading a written down
password, users sharing their
password etc.
Exploiting multiple password
use: different network devices
use the same or similar
passwords for a given user.
Electronic monitoring:
intercepting a password
communicated over a network.
Often, the hashed passwords
are kept in a separate file from
the user IDs, referred to as a
3.3 What is the significance of a
shadow password file. Special
shadow password file?
attention is paid to making the
shadow password file protected
from unauthorized access.