CS642 Midterm 1 PDF

Summary

This document is a midterm exam for CS642. It contains questions about security, cryptography, encryption, and related computer science topics.

Full Transcript

What is security?

Terms:
Adversary - any entity trying to circumvent the security infrastructure, ranging in goals and sophistication
Risk - at-risk valued resources that can be misused
○ Ex: data, time, confidence, trust, reputation
Threats - a specific means by which an attacker can put a system at risk
○ Ex: an ability/goal of an attacker
○ Threat Model - a collection of threats that are deemed important for a particular environment

Vulnerability - a systematic artifact that exposes the user, data, or system to a threat ( a weakness in a system)
○ Sources of vulnerability? → bad software/hardware, bad design, bad policy/configuration, system misuse, unintended purpose or environment
○ Ex: buffer-overflow, WEP key leakage
Attack - when someone attempts to exploit a vulnerability
○ Compromise - occurs when an attack is successful

Trust - the degree to which an entity is expected to behave
○ Trust model - describes, for a particular environment, who is trusted to do what?

CIA model
○ Confidentiality
Info becomes known only to authorized people
○ Integrity
Info stored in a system is correct (not modified)
○ Availability
Info, or service, is available when needed

Information Security goals
Prevent misuse, but don’t stop good things from happening
Strategies to deal with attacks
○ Prevention
Prevent an attack (ex: firewalls)
○ Detection
Detect an ongoing attack; alert (ex: intrusion detection)
○ Recovery
Recover from an attack (ex: backup)
CIA model

—---------
What can cryptography do/not do?
What is a caesar cipher (ROTX)?
What is a substitution cipher?
- Why are they breakable?
What is a polyalphabetic cipher (Vigenere)?

What is shared key cryptography?
What is the unbreakable cipher?
What are Kerckhoffs’ principles
Explain DES (Data Encryption Standard)
Is a block cipher (fixed sized input)
8-byte input and an 8-byte key (56-bits+8 parity bits)
Explain AES (Advanced Encryption Standard)
Replacement for DES/accepted symmetric key cipher
○ Variable key lengths
○ Small code and memory footprint
What are block ciphers and stream ciphers?
Block → input is fixed blocks of some length
Stream → stream of input (bitwise encryption)

What are the two principles of cipher design?
Confusion - make the relationship between the input and the output asa complex (non-linear) as possible
○ Mainly accomplished by substitution (Ex: s-box)
Diffusion - Spread the influence of each input bit across many output bits
○ Mainly accomplished by permutation (Ex: Fiestal structure
What are birthday attacks?
A name used to refer to a class of brute-force attacks
What are one way and collision resistant hashing algorithms?
One way - (computationally) hard to invert h()
○ You cannot go backward
Collision resistant - hard to find two data x1 and x2 such that h(x1) == h(x2)
○ Cannot find two items that hash to the same value
- How do hashes work as authenticators?
What are the rules/principles of crypto use?

Terms:
Cryptography - the art/science of developing and using cryptosystems
Cryptosystem - method of disguising (encrypting) plaintext messages so that only select parties can decipher (decrypt) the ciphertext
Cryptanalysis - the art/science of breaking cryptosystems
Cryptology - the combined study of cryptography and cryptanalysis
Encryption Algorithm - Algorithm used to make content unreadable by all but the intended users
○ E(plaintext, key) = ciphertext
○ D(ciphertext, key) = plaintext
Algorithm → public | Key → private (principle of open design)
Unconditional or probabilistic security - cryptosystem offers provable guarantees, irrespective of computational abilities of an attacker
Conditional or computational security - cryptosystem is secure assuming a computationally bounded adversary, or under certain hardness assumptions
Ciphertext-only attack - adversary only has the ciphertext available and wants to determine the plaintext encrypted
Known-plaintext attack - adversary learns one or more pairs of ciphertext/plaintext encrypted under the same key, tries to determine plaintext based on a different ciphertext
Chosen-plaintext attack - adversary can obtain the encryption of any plaintext, tries to determine the plaintext for a different ciphertext
Chosen-ciphertext attack - adversary can obtain a plaintext of any ciphertext except the one the adversary wants to decrypt
Hash chain
MAC (Message Authentication Control) - used in protocols to authenticate content, authenticates integrity for data d
○ Flaw: block hash algorithms means new content can be added
HMAC - MAC that is collision resistant and attacker cannot computer proper digest without knowing k
○ HMAC(K, d) = H(K + H(K + d))
Hash algorithm - the compression of data into a hash value
—--------------

What is encryption using a private key?
What are digital signatures?
Models physical signatures in digital world
○ Association between private key and document
Asserts that document is authentic and non-reputable
Secret vs. public key crypto?
Secret key cryptography - Symmetric keys, where A single key (k) is used for E and D
○ D(E(p, k), k) = p
Public key cryptography - Each key pair consists of a public and private component
○ K+ (public key), k - (private key)
○ D(E(p, k+), k-) = p
○ D(E(p, k-), k+) = p
Terms:
Diffie-Hellman Protocol
○ For two participants p 1 and p 2
○ Setup: Pick a prime number p and a primitive root* of p g (