Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
410 Cards in this Set
- Front
- Back
What is security? (3) |
Confidentiality - access to systems or data is limited to authorized parties Integrity - when you ask for data, you get the "right" data Availability - the system or data is there when you want it |
|
What is privacy? |
Any certain data that is associated with you as a natural person, and/or identifies you as a person, you should be able to control |
|
Who created the concept of privacy? |
Legal system |
|
What is data minimization? |
You’re only allowed to collect data you absolute need for the business - anything else, you can’t collect without consent |
|
What is Canada's privacy legislation? |
PIPEDA Personal Information Protection and Electronic Documents Act |
|
What is PIPEDA's Fair Information Principles? (10) |
- Be accountable - Identify purpose of data collection - Obtain consent - Limit collection - Limit use, disclosure, and retention (right to be forgotten) - Be accurate - Use appropriate safeguards - Be open (transparency) - Give individuals access - Provide recourse |
|
What are the four categories of threats? |
Interception - Intercept emails, debugger Interruption - Interfere, “jamming”, make unavailable Modification - Can change, install malware Fabrication - forge emails in your name |
|
What is a threat model? |
Identify possible threats, and how you would defend |
|
What is an attack? |
Executes threat |
|
What is control? |
Removing or reducing vulnerability |
|
What is defence in depth? |
Have different controls that protect different vulnerabilities |
|
How can you defend against a threat? |
- Prevent it - Deter it (make it harder or more expensive) - Deflect it (make less attractive to attacker) - Detect it - Recover from it (costly) |
|
How would you prevent your car being stolen? |
Immobilizer |
|
How would you deter your car being stolen? |
Store your car in secure parking facility |
|
How would you deflect your car being stolen? |
Sticker mentioning car alarm, keep valuables out of sight |
|
How would you detect your car being stolen? |
Car alarms, OnStar |
|
How would you recover your car being stolen? |
INsurance |
|
What is the Principle of Easiest Penetration? |
The attacker will go after whatever part of the system is easiest, not most convenient for you |
|
What is the Principle of Adequate Prevention? |
Don't pay $100 000 to secure a system worth $1000 |
|
What is a flaw? |
Problem with a program |
|
What is a security flaw? |
Problem that affects security (CIA) in some way |
|
What are the two types of flaws? |
Faults and failures |
|
What is a fault? |
Mistake "behind the scenes" Potential problem |
|
What is a failure? |
When something actually goes wrong Deviation from desired behaviour |
|
How can you find faults that haven't yet led to failures? |
Cause some failures! |
|
What is fuzzing? |
Automated tools that "understand" common problems in systems/code Brute-force bad inputs |
|
What are the genesis (3) of security flaws? |
Malicious intentional Nonmalicious intentional Unintentional |
|
Why target suid programs? |
You can become root, escalate permissions, do something more interesting |
|
What is ROP? |
Return-oriented programming Piecing together exploits from snippets of code executed in many return statements already in the code |
|
What is an integer overflow? |
Program assumes integer is always positive Overflow will make signed integer wrap and become negative, violating assumption |
|
What is mediation? |
Ensuring that user input constitutes meaningful request |
|
What is incomplete mediation? |
When application accepts incorrect data from the user |
|
How do you design programs such that they're less likely to have security flaws? (5) |
- Modularity - Encapsulation - Information hiding - Mutual suspicion - Confinement |
|
Why is modularity helpful for finding/preventing security bugs? |
The complexity of each piece will be smaller, soeach piece will be far easier to check for flaws,test, maintain, reuse |
|
Why is encapsulation helpful for finding/preventing security bugs? |
Have the modules be mostly self-contained,sharing information only as necessary• This helps reduce coupling |
|
Why is information hiding helpful for finding/preventing security bugs? |
Prevents accidental reliance on behaviours not promised in the API
Also hinders some kinds of malicious actions by the developers themselves |
|
Which is stronger: information hiding or encapsulation? |
Encapsulation |
|
What is information hiding? |
Implementation and internal state of one module should be hidden from developers of other modules |
|
What is mutual suspicion? |
Modules check inputs are sensible before acting on them |
|
Why is mutual suspicion helpful for finding/preventing security bugs? |
Defence against flaws in, ormalicious behaviour on the part of, other modules Corrupt data in one module should be prevented fromcorrupting other modules |
|
What is confinement? |
If Module A needs to call a potentiallyuntrustworthy Module B, it can confine it (alsoknown as sandboxing) Module B is run in a limited environment that onlyhas access to the resources it absolutely needs |
|
What is a web bug? |
Object (usually a 1x1 pixeltransparent image) embedded in a web page,which is fetched from a different server from theone that served the web page itself |
|
What do web bugs do? |
Information about you can be sent to third parties(often advertisers) without your knowledge orconsent |
|
What kind of exploit is a web bug? Why? |
Malicious Instructs your browser to behave ina way contrary to the principle of informationalself-determination (Similar to buffer overflow attack instructing browser to behave in a waycontrary to the security policy) |
|
How can your identity be leaked to advertisers? |
Being allowed to post on social media sites, need to link profile information so now has access |
|
What is a back door / trapdoor? |
Set ofinstructions designed to bypass the normalauthentication mechanism and allow access to thesystem to anyone who knows the back door exists |
|
Where can back doors come from? (5) |
- Forgot to remove - Left in for testing - Left in for maintenance (field service techs) - Left in for legal reasons (lawful access) - Left in for malicious purposes (Death Star) |
|
What is a salami attack? Example? |
Attack that is made up ofmany smaller, often considered inconsequential,attacks E.g. Send the fractions of cents ofround-off error from many accounts to a singleaccount owned by the attacker |
|
What is a privilege escalation attack? |
Attack which raises theprivilege level of the attacker (beyond that towhich he would ordinarily be entitled) |
|
Where can privilege escalation attacks originate? (2) |
- Part of the system that legitimately runs withhigher privilege can be tricked into executingcommands (with that higher privilege) on behalfof the attacker - Trick the system intothinking he is in fact a legitimate higher-privilegeduser |
|
What are the components of a rootkit? |
1. Method for gaining root privileges on a machine (either starting with a localunprivileged account, or possibly remotely), and often leaving a backdoor 2. Way to hide existence (stealth capability) |
|
How can rootkits hide their existence? (3) |
- Clean up exploited log messages - Modify ls/ps so they don't report rootkit files/processes - Modify kernel so no user program learns about rootkit files/processes |
|
Who installs keystroke loggers? |
Malware, messed up family members |
|
What type of keyboard loggers are there? (3) |
Application-specific: record only strokes for specific app System: record all pressed, maybe for specific user Hardware: sits within keyboard, undetectable by software and works with any OS |
|
What type of attack was the Conficker worm? How did it work? |
Interface illusion Dragging a scrollbar actually dragged a program into the Startup folder |
|
What is a common example of interface illusion? |
Phishing |
|
What are man-in-the-middle attacks? Examples? (3) |
Intercepts thecommunication from the user, and then passes iton to the intended other party - phishing - keyboard logging - interface illusions |
|
What is the general next step taken by man-in-the-middle attacks, after logging? |
Hijacking, and sometimes even editing displayed results to hide hijacking action |
|
What is a covert channel? |
Attacker creates a capability to transfersensitive/unauthorized information through achannel that is not supposed to transmit thatinformation |
|
What are side channel attacks? |
Usually takes advantage of being in the physical vicinity |
|
What are some ways to control security flaws while coding? (4) |
- Don't use C (lol) - Static code analysis - Formal methods - Genetic diversity |
|
What types of security bugs does static code analysis usually catch? |
Buffer overflows, TOCTTU |
|
What is one way the programmer can trend towards the "formal method" for finding security bugs? |
Assertions, hints, markup |
|
Why is genetic diversity important? |
Worms and viruses are able topropagate so quickly because many, manymachines run the same vulnerable code |
|
What different kinds of code reviews exist? (3) |
- Open-source model (just give it to them) - Guided (author explains as it's being reviewed) - Easter egg (author inserts intentional flaws) |
|
What are the two main strategies for testing security? |
- Try to make the program do unspecified things just bydoing unusual (or attacker-like) things to it -Try to make the program do unspecified things bytaking into account the design and the implementation |
|
What kind of testing can we use for finding security flaw? (2) |
- Black box (including fuzz) - White box |
|
What is fuzz testing? |
Type of black box testing Supply completely random data to the object... - As input in an API - As a data file As data received from the network - As UI events |
|
What is white box testing most useful for? |
Regression testing Make a comprehensive set of tests, and ensure theprogram passes them When the next version of the program is being tested,run all these tests again |
|
What are standards? |
Organization's rules about howthings are done at each stage of the softwarelifecycle |
|
What are processes? |
Specifications of how each ofan organization's standards should be implemented |
|
What is an audit? |
Somebody (usually external tothe organization) comes in and verifies that you’refollowing your processes properly |
|
What are the types of separation existing in OS's? (4) |
Physical: different physical resources for different users Temporal: execute different users' programs at different times Logical: user doesn't know other users exist Cryptographic: Encrypt data and make it unintelligible to outsiders |
|
What is the problem with physical separation in an OS? |
Easy, but expensive |
|
What is the problem with cryptographic separation in an OS? |
Complex |
|
What are some memory/address protection techniques? (5) |
- Fence register - Base/bounds register pair - Tagged architecture - Segmentation - Paging |
|
How does a fence register work? |
- Exception if memory access below address in fenceregister - Protects operating system from user programs - Single-user OS only |
|
How does a base/bounds register pair work? |
- Exception if memory access below/above address inbase/bounds register - Different values for each user program - Maintained by operating system during context switch - Limited flexibility |
|
How does tagged architecture work? |
- Each memory word has one or more extra bits thatidentify access rights to word - Very flexible - Large overhead - Difficult to port OS from/to other hardwarearchitectures |
|
How does segmentation work? |
- Each program has multiple address spaces (segments) - Different segments for code/data/stack - Virtual addresses contain - OS keeps segment table mapping segment name to base physical address - OS can (transparently) relocate or resize segmentsand share them between processes - Segment table also keeps protection attributes |
|
What are the pros/cons of segmentation? (4, 3) |
Pros - Each address reference checked for protection by hardware - Many different classes of data items can be assigned different protection levels - Users can share access (maybe with different access rights) to a segment - Users can't access unpermitted segment Cons - External fragmentation - Dynamic lengths of segments generates very costly out-of-bounds check - Segment names difficult to implement efficiently |
|
How does paging work? |
- Program divided into equal-sized chunks (pages) - Physical memory divided into equal-sized chunks (frames) - Frame size = page size * 2 - Virtual addresses contain - OS keeps page table mapping from page number to physical address, along with memory protection attributes |
|
What are the pros/cons of paging? (4, 2) |
Pros - Each address reference is checked for protection byhardware - Users can share access to a page, with potentiallydifferent access rights - Users cannot access an unpermitted page - Unpopular pages can be moved to disk to free memory Cons - Internal fragmentation - Assigning different levels of protection to differentclasses of data items not feasible |
|
What are the goals of access control? (3) |
Check every access: OS may fail to notice access has been revoked Enforce least privilege: access only to smallest number of objects required to perform task Verify acceptable use: limit types of activity |
|
Why are access control matrices rarely implemented as matrices? |
?? |
|
What are the usual access control matrix implementations? (3) |
- Set of access control lists (column-wise) - Set of capabilities (row-wise) - Combination of above |
|
What can we do quickly for an ACL? (2) |
- Determine set of allowed users per object - Revoke user's right to an object |
|
What is a slow action for an ACL? (2) |
- Determine set of objects user can access - Revoke user's right to all objects |
|
What is a capability? |
Unforgeable token that gives its ownersome access rights to an object |
|
How are capabilities unforgeable? |
Enforced by having OS store andmaintain tokens or by cryptographic mechanisms E.g., digital signatures (see later) allow tokens to be handedout to processes/users. OS will detect tampering whenprocess/user tries to get access with modified token. |
|
Are capability tokens transferrable? |
maybe (i.e. if anonymous) |
|
What can we do quickly for capabilities? (3) |
- Determine set of objects user can access - Revoke user's right to an object - Revoke user's right to all objects |
|
What are slow actions for capabilities? (1) |
- Determine set of allowed users per object |
|
Why would we use both ACLs and capabilities? |
- In a UNIX file system, each file has an ACL, whichis consulted when executing an open() call - If approved, caller is given a capability listing typeof access allowed in ACL (read or write) - Capability is stored in memory space of OS - Upon read()/write() call, OS looks at capability todetermine whether type of access is allowed |
|
What is Role-based access control? |
Objects that a user can access often do not depend on user's identity, but on role within company |
|
What is the advantage of RBAC? |
When a user takes over new role, need to updateonly her role assignment, not all her access rights |
|
What are some RBAC extensions? (3) |
Hierarchial roles: reduces number of role/access right assignemtns Multiple roles: users take/give up roles as required. User's current session contains currently initiated roles Separation of duty: requiring multiple roles |
|
What are different attacks on passwords? (5) |
- Shoulder surfing - Keystroke logging - Interface illusions / phishing - Password re-use across sites - Password guessing |
|
What are the four types of authentication factors? |
- Something the user knows (password, PIN) - Something the user has (key, card, badge, phone) - Something the user is (fingerprint, voice recognition, face) - Something about the user's context (location, time, devices in proximity) |
|
What's a way to make more solid authentication? |
Combine different classes of auth (two-fac) |
|
What are some usability problems with passwords? (4) |
- Forgotten passwords might not be recoverable - Entering passwords is inconvenient - If password is disclosed to unauthorized individual, theindividual can immediately access protected resource (unless multi-fac auth) - If password is shared among many people, passwordupdates become difficult |
|
How many passwords can be brute-force checked per second (on 25 AMD Radeon graphics cards)? |
350 billion 95^8 in 5.5 hours |
|
At about which length of password does it become exponentially difficult to check? |
6 (Desktop Core i7 980x) 7 (GPU Radeon 6970) 8 (cloud Amazon EC2) So just use 9 lol |
|
What are some password guessing attack assumptions? (3) |
- Password consists of root and pre/postfix appendage (e.g. password1) - Root is from dictionaries - Appendage is combinations of digits, date, single symbol |
|
What is an offline password attack? |
Attack requires that attacker has encryptedpassword file or encrypted document |
|
How can an attacker get around being detected after n failed login attempts? |
Use the same easy passwords on lots and lots of usernames |
|
What is an issue with forcing users to change their passwords? |
Leads to password cycling and similar passwords |
|
What's a good way to store passwords? |
Digital fingerprint of password in password file When logging in, system computes fingerprint of entered password and compares it with user's stored fingerprint |
|
What's a problem with digital password fingerprints? |
If the file leaks, still allows for guessing offline attacks |
|
What problem does user-specific salts solve? |
Makes guessing attacks harder for password fingerprints Salt derived from time of day + process ID of /bin/passwd, and then stored in password file Two users with same password will have different fingerprints, so can't build table of fingerprints and passwords to use for any password file |
|
Why shouldn't you use a cryptographic hash? What other hashes could you use instead? |
Cheap to compute Use an iterated hash function that isexpensive to compute (e.g., bcrypt) and maybealso uses lots of memory (e.g., scrypt) Takes hundreds of milliseconds, slowing down a guessing attack significantly,but barely noticed by user |
|
What is an additional defence to a cryptographic hash? |
MAC Mixes in secret key to compute password fingerprint If fingerprints leak, guessing attacks aren't useful anymore Secret key can be embedded in tamper-resistant hardware |
|
How can your recover passwords? |
Have to store encrypted version of the password in thepassword file, and keep encryption key away fromattacker Allowsthe system to (easily) re-compute a password ifnecessary |
|
How was the password recovery process hacked? When? |
Adobe Password Hack, November 2013 Password hints weren't encrypted (!!!) 1. NUL byte was appended to the password 2. Additional NUL bytes were appended as requiredto make the length a multiple of 8 bytes 3. Padded passwords were encrypted 8characters at a time using a fixed key (ECB mode, weakest possible encryptionmode) |
|
What is an interception attack for passwords? |
Attacker intercepts password while in transmission from client to server |
|
What are some ways to protect against password interception attacks? |
One-time passwords (fob, challenge-response protocol) |
|
How does challenge-response protocol work? What's the weakness? |
- Server sends random challenge to client - Client uses challenge and password to compute one-time password - Client sends one-time password to server - Server checks whether client's response is valid Weakness: Given intercepted challenge/response, attacker might be able to brute-force |
|
What are some issues with graphical passwords? (2) |
- Choice of place (selecting point on photo) not necessarily random - Shoulder surfing |
|
What is the major flaw of biometric authentication? |
If observed trait is sufficiently close to previously stored trait, accept user (observed will never be completely identical) Plus, your fingerprints are not really secret |
|
In which situation are biometric authentication methods well-suited? |
Local authentication (not remote auth) A guard can watch me put my own finger on the scanner, and see that I'm not holding up a picture of someone else |
|
Authentication vs identification? |
Authentication: does captured trait correspond to particular stored trait? Identification: does captured trait correspond to any of the stored traits? |
|
What can make biometrics-based identification useless? |
False positives/negatives |
|
Why should you authenticate the server? |
With the help of a password, system authenticatesuser (client), but user should also authenticate system (server)else password might end up with attacker E.g. CTRL-ALT-DEL before login because key combination cannot be overwritten by attacker |
|
What are some other problems with biometrics? (3) |
Privacy: why should my employer etc. have my biometric information? Plus, if leaks, can't make "new biometric password" Accuracy: false negs are annoying, but weaker match is unsafe. What if I grow a beard or lose a hand? Secrecy: Your fingerprint/face... not really secret... |
|
What does it mean to trust an entity? |
Trusting an entity means that if this entitymisbehaves, the security of the system fails |
|
What does a trusted OS build on? (4) |
Policy: A set of rules outlining what is secured andwhy Model: A model that implements the policy andthat can be used for reasoning about the policy Design: A specification of how the OS implementsthe model Trust: Assurance that the OS is implementedaccording to design |
|
What is trusted software? |
Software that has been rigorously developed andanalyzed, giving us reason to trust that the codedoes what it is expected to do and nothing more |
|
What does it mean for software to be functionally correct? |
Software works correctly |
|
What is enforcement of integrity? |
Wrong inputs don’t impact correctness of data |
|
What is limited privilege? |
Access rights are minimized and not passed to others |
|
What is meant by appropriate confidence level? |
Software has been rated as required by environment |
|
What are OS security policies rooted in? How do they work? |
Military policies Each object has clearance/sensitivity level Each object may also have compartments (need-to-know) |
|
What are commercial security policies rooted in? How do they work? |
Military policies Different classification levels for information Different departments/projects can call forneed-to-know restrictions Assignment of people to clearance levels typicallynot as formally defined as in military |
|
What is the Chinese Wall security policy? |
Once you have been able to access informationabout a particular kind of company, you will nolonger be able to access information about othercompanies of the same kind - Useful for consulting, legal or accounting firms - Need history of accessed objects - Access rights change over time |
|
What is the ss-property? |
Subject s can access object o iff eachobject previously accessed by s either belongs tothe same company as o or belongs to a differentkind of company than o does |
|
What is the *-property? |
For a write access to o by s, we alsoneed to ensure that all objects readable by s eitherbelong to the same company as o or have beensanitized |
|
What is the Clark-Wilson Security Policy based on? |
Well-formed transactions that transitionsystem from a consistent state to another one Also separation of duty |
|
What are two properties of the dominance relationship >= defined in the security model? What does it imply? |
Transitive and antisymmetric Defines a partial order |
|
How do you define a lattice? |
For every a and b, there is a uniquelowest upper bound u for which u ≥ a and u ≥ band a unique greatest lower bound l for which a ≥l and b ≥ l There are also two elements U and L thatdominate/are dominated by all levels U = (“Top Secret”, {“Soviet Union”, “EastGermany”})L = (“Unclassified”, ∅) |
|
How does the Bell-La Paula Confidentiality Model work? |
Regulates information flow in MLS policies Users should get information only according totheir clearance Information can only flow up Should subject s with clearance C(s) have accessto object o with sensitivity C(o)? ss-property (“no read up”): s should have readaccess to o only if C(s) ≥ C(o) *-property (“no write down”): s should have writeaccess to o only if C(o) ≥ C(s) |
|
What does the Biba integrity model do? How does it work? |
Prevent inappropriate modification of data Subjects and objects are ordered by an integrityclassification scheme, I(s) and I(o) Should subject s have access to object o? Write access: s can modify o only if I(s) ≥ I(o) (Unreliable person cannot modify file containing highintegrity information) Read access: s can read o only if I(o) ≥ I(s) (Unreliable information cannot “contaminate” subject) |
|
What is the Low Watermark Policy? |
Subject Low Watermark Property:If subject s reads object o, then I(s) = glb(I(s), I(o)),where glb() = greatest lower bound Object Low Watermark Property:If subject s modifies object o, then I(o) = glb(I(s), I(o)) Integrity of subject/object can only go down,information flows down |
|
What are the pros and cons of Bell-La Padula & Biba? (1, 2) |
Pros Very simple, which makes it possible to proveproperties about them Cons - Probably too simple for great practical benefit (Need declassification, pus both confidentiality and integrity, not just one) - Information leaks might still be possible throughcovert channels in an implementation of the mode |
|
What are the eight design principles for security? (IMPORTANT!!!) |
Least Privilege - operate using fewest privileges as possible Economy of mechanism - protection mechanism should be simple/straightforward Open design - avoid security by obscurity, using secret keys/passwords but not secret algorithms Complete mediation - every access attempt must be checked Permission based / Fail-safe defaults - default should be denial of access Least common mechanism - every shared mechanism could potentially be used as acovert channel Ease of use - if protection mechanism is difficult to use, nobody willuse it or it will be used in the wrong way |
|
What are the security features of a trusted OS? (7) |
- Identification and authentication - Access control - Object reuse protection - Complete mediation - Trusted path - Accountability and audit - Intrusion detection |
|
What is Mandatory access control (MAC)? What is it used for? |
Central authority establishes who can access what Good for military environments, and for implementing Chinese Wall, Bell-La Padula, Biba |
|
What is Discretionary access control (DAC)? What is it used for? |
Owners of an object have (some) control over who canaccess it You can grant others access to your home directory e.g., UNIX and Windows |
|
What is RBAC? |
Neither MAC nor DAC |
|
What does Object reuse protection prevent? |
If one user allocates memory in the OS, stores her password in it, and eventually calls free() on the memory, the next user who's allocated the same memory could find her password in it if the memory hasn't been wiped |
|
What is hidden data? |
Hidden data is related to object reuse protection You think that you deleted some data, but it is stillhidden somewhere e.g. deleting an email on Gmail doesn't delete on Google's backup servers |
|
What is complete mediation? What problem does it fix? |
All accesses must be checked Preventing access to OS memory is of little use if it ispossible to access the swap space on disk |
|
What is a trusted path? What problem does it fix? |
Give assurance to user that her keystrokes and mouseclicks are sent to legitimate receiver application |
|
How can an audit log help? When is it not useful? |
Provides accountability if something goes bad Does not give accountability ifattacker can modify the log |
|
How does granularity affect audit logs? |
For fine-grained logs, we might run intospace/efficiency problems or finding actual attack canbe difficult For coarse-grained logs, we might miss attack entirelyor don’t have enough details about it |
|
How does an OS detect intrusion? |
Correlating actual behaviour withnormal behaviour Alarm if behaviour looks abnormal |
|
What is a Trusted Computing Base (TCB)? |
Consists of the part of a trusted OS that isnecessary to enforce OS security policy Can be implemented either in different partsof the OS or in a separate security kernel |
|
How does the implementation location of a TCB change its effectiveness? |
Separate security kernel makes it easier to validateand maintain security functionality Security kernel runs below the OS kernel, whichmakes it more difficult for an attacker to subvert it |
|
How can rings be used for security? |
Some processors support layeringbased on “rings” If processor is operating in ring n, code can accessonly memory and instructions in rings ≥ n Accesses to rings < n trigger interrupt/exceptionand inner ring will grant or deny access |
|
What is a reference monitor? |
Crucial part of the TCB Collection of access controls for devices, files,memory, IPC, etc Interacts with other security mechanism, e.g., userauthentication |
|
What must the reference monitor be? (3) |
Tamperproof Unbypassable Analyzable |
|
What are the degrees of virtualization? |
Virtual Memory: Page mapping gives each process the impression ofhaving a separate memory space Virtual Machines: virtualize I/O devices, files, printers, etc |
|
What's a possible security flaw for virtual machines? |
A rootkit could make your OS runin a virtual environment and be very difficult to detect |
|
How does application insulation work? |
Memory encryption techniques allow applicationshielding from other apps, OS, some hardwareattacks - Application is partitioned into trusted anduntrusted code - Trusted code segment is encrypted in memoryusing a key living in secure hardware (close toCPU) - Untrusted code talks with trusted code viacompact API - Trusted computing base is reduced to securehardware, CPU and (hopefully small) trusted code |
|
Why is the principle of least privilege poor in popular OS's? |
Windows pre-NT: any user process can do anything Windows pre-Vista: fine-grained access control, but many users just ran asadministrators, which can do anything Windows Vista: Easier for users to temporarily acquire additional accessrights Traditional Unix: a root process has access toanything, a user process has full access to user’sdata |
|
How does chroot work? |
Sandbox/jail a command by changing its rootdirectory - Command cannot access files outside of its jail - Some commands/programs are difficult to run in ajail, but there are ways to break out of the jail |
|
How does compartmentalization work? |
Split application into parts and apply least privilegeto each part - OpenSSH splits SSH daemon into a privilegedmonitor and an unprivileged, jailed child - Child receives (maybe malicious) network datafrom a client and might get corrupted - Child needs to contact monitor to get access toprotected information (e.g., password file) - Monitor shuts down child if behaviour is suspicious |
|
How does the setuid/suid bit work? |
If suid bit is set for an executable, the executablewill execute under the identity of its owner, notunder the identity of the caller - /usr/bin/passwd belongs to root and has suid bit set - If a user calls /usr/bin/passwd, the program willassume the root identity and can thus update thepassword file |
|
What attack does the setuid/suid bit protect against? How? |
Confused deputy attack Eve executes /usr/bin/passwd and manages toconvince the program that it is Alice who is executingthe program. Eve can thus change Alice’s password |
|
How can we convince others to trust the OS? (4) |
- Testing - Formal verification - Validation |
|
What criteria are commonly used to evaluate OS trustworthiness? (2) |
- “OrangeBook” of the U.S. Department of Defence - Common Criteria |
|
How does are the Common Criteria used to evaluate OS's? |
- Have Protection Profiles, which list securitythreats and objectives - Products are rated against these profiles |
|
How does a port scan work? |
Attacker sends queries to ports on target machineand tries to identify whether and what kind ofapplication is running on a port |
|
What is a loose-lipped system? |
Systems reveal (non-confidential)information that could facilitate an attack Login application can reveal information about OS orwhether a userid is valid, and web servers typically return version information |
|
How can a copper wire be tapped? |
Inductance allows a physically close attacker toeavesdrop without making physical contact Cutting cable and splicing in secondary cable is anotheroption |
|
Why is optical fibre cable better than copper wire? |
No inductance, and signal loss by splicing is likelydetectable |
|
What security issues does wifi create? |
- Easily intercepted by anyone with WiFi device - Physical barriers (walls) help against random devicesbeing connected to a wired network, but are (nearly)useless in case of wireless network - Need authentication mechanism to defend against freeriders |
|
How does LAN treat misdelivered information? How can that be exploited? |
Technical reasons might cause a packet to be sent tomultiple nodes, not only to the intended receiver By default, a network card ignores wrongly deliveredpackets An attacker can change this and use a packet sniffer tocapture these packets |
|
How does spoofing work? |
Object (node, person, URL, Web page, email, WiFiaccess point,. . . ) masquerades as another one, usually URL spoofing Also used in session hijacking andman-in-the-middle attacks |
|
How does session hijacking work? |
TCP protocol sets up state at sender and receiverend nodes and uses this state while exchangingpackets |
|
What is the Morris Worm? |
First Internet worm, launched by a graduatestudent at Cornell in 1988 - Use a back door left in the “sendmail” mail daemon - Try a “dictionary attack” against local users’passwords. If successful, log in as them, and spread toother machines they can access without requiring apassword |
|
What is the Code Red Worm? |
2001, Exploited a buffer overflow in Microsoft’s IIS webserver - Deface its home page - Launch attacks on other web servers (IIS or not) - Launch a denial-of-service attack on a handful of websites, including www.whitehouse.gov - Installed a back door and a Trojan horse to try toprevent disinfection Infected 250,000 systems in nine hours |
|
What is the Slammer Worm? |
2003, first Warhol worm Exploited a buffer overflow in Microsoft’s SQLServer, infected with single UDP packet 90% of vulnerable hosts infected in 10 minutes |
|
What is Stuxnet? |
2010, created by US and Israeli intelligence targeting Iranian uranium enrichmentprogram Tried to be very specific and uses many criteriato select which systems to attack after infection Very promiscuous: Used 4(!) different zero-dayattacks to spread. Has to be installed manually(USB drive) for air-gapped systems Very stealthy: Intercepts commands to SCADAsystem and hides its presence Very targeted: Detects if variable-frequency drivesare installed, operating between 807-1210 Hz, andthen subtly changes the frequencies so thatdistortion and vibrations occur resulting in brokencentrifuges. |
|
What is Flame? |
2012, Middle Eastern countries’ energysectors - Sniffs networks for passwords - Scans disks for specific content - Takes periodic screenshots - Uses attached microphone to record environmentalsounds - Records Skype conversations - Sends captured information over SSH and HTTPS tocommand center |
|
How is TCP/IP naive? Example of how it can be taken advantage of? |
Assumes nodes implement protocols faithfully. TCP includes mechanism that asks sender node to slow down if network is congested, attacker could ignore these requests |
|
What is a possible disaster to come out of implementations that do not check if a TCP packet is well formatted? |
If all implementations are from the same vendor or based on the same code base |
|
How does accessing a URL work? How can attackers exploit this process? (2) |
- Can examine code returned from web server for vulnerabilities - Send malicious URL to web server to exploit buffer overflow, invoke shell/some other program, feed malicious input to server-side script, access sensitive files, etc. |
|
What vulnerability arises from the fact that HTTP is stateless? |
Asks client to keep state, which attacker can modify before submission (incomplete mediation) |
|
What is a cross-site scripting (XSS) / request forgery (CSRF) attack? |
Code injection Attacker adds his/her own HTML code to somebody else's web page XSS: Code steals sensitive information (e.g. cookies) contained in web page and sends to attacker www.bank.com/aliceCookie=secretValue |
|
What is a DoS attack? |
Cutting a wire or jamming a wireless signal Flooding a node by overloading its Internetconnection or its processing capacity |
|
What is a Ping flood? |
Node receiving a ping packet is expected to generate areply Attacker could overload victim Different from “ping of death”, which is amalformatted ping packet that crashes victim’scomputer |
|
What is a Smurf attack? |
Spoof (source) address of sender end node in pingpacket by setting it to victim’s address Broadcast ping packet to all nodes in a LAN |
|
What is a SYN flood? |
TCP initializes state by having the two end nodesexchange three packets (SYN, SYN-ACK, ACK) Server queues SYN from client and removes it whencorresponding ACK is received Attacker sends many SYNs, but no ACKs |
|
How can you exploit knowledge of implementation details for a web node to make node perform poorly? (3) |
- Send packet fragments that cannot be reassembledproperly - SYN flood - Craft packets such that they are all hashed intothe same bucket in a hash table |
|
What is a Black hole attack? |
Packet drop attack - Routing of packets in the Internet is based on adistributed protocol - Each router informs other routers of its cost to reach aset of destinations - Malicious router announces low cost for victimdestination and discards any traffic destined for victim - Has also happened because of router misconfiguration |
|
What is a DNS attack? |
DNS cache poisoning can lead to packets being routedto the wrong host |
|
What is a DDoS attack? Why is it hard to defend? |
Distributed denial of service Use botnet (network of bots) attacking a server at once So many, hard to find out where they are |
|
What is a Reflection & Amplification DDoS attack? |
Attack where victim is flooded with legit-looking traffic originating from unsuspecting network nodes on internet Amplification: vulnerable network node runs service that responds to queries with much more data than query itself Reflection: attacker spoofs source address of queries to that of the victim so that vulnerable network nodes send (reflect) responses to victim |
|
Why are Reflection & Amplification DDoS attacks hard to combat? (2) |
- Response traffic coming from innocent nodes - Hard to identify real source due to spoofing |
|
What is SNMP? |
Simple Network Management Protocol UDP protocol, no longer used |
|
Why is SNMP awful? (4) |
- Very insecure - unencrypted communication - community string (like a pw) set to public by default, maximizing potential reflectors - allows for GetBulkRequest query, sending back order of magnitude more data as request |
|
How have today's botnets evolved? (past, present) |
Originally came from central command server, "remote-controlled," Now, able to sell services in use of botnets - Virus/worm/trojan for propagation, exploitmultiple vulnerabilities - Stealthiness to hide from owner of computer• Code morphing to make detection difficult - Bot usable for different attacks |
|
What is Fast Flux? |
- Single host name maps to hundreds of addresses of infected machines - Machines proxy to malicious websites / "mothership" - Machines constantly swapped in/out of DNS to make tracking dififcult |
|
What is the Domain Generation Algorithm? |
- Infected machine generates a large set (50,000 in the caseof Conficker) of domain names that changes every day - It contacts a random subset of these names for updates - To control the botnet, authorities would have to takecontrol of 50,000 different domain names each day |
|
How have the goals of worm hackers changed how botnets are implemented? |
Before: FAME - spread worm as fast as possible, causes disruption but easy to track Now: PROFIT - spread slowly, lie dormant for weeks, rent them out |
|
What was the Storm Worm? |
2007, millions of machines Used to send out junk emails advertising links that downloaded/installed worm, or hosted the websites Rented out for pharmacy/investment spam Ran DDoS as self-defence against addresses that scanned for it |
|
What is active code? |
To reduce load on server, server might ask clientto execute code on its behalf |
|
What's the danger with active code? |
Java 1.1 ran in a sandbox with limited capabilities,code is checked for correctness, but could still use up CPU or memory resources,wreak havoc with display, or play annoying music Java 7 runs signed applets out of sandboxby default |
|
Privileged vs Sandboxed active code? |
Privileged: The application will run with unrestricted accesswhich may put your computer and personal information atrisk. Sandboxed: The application will run with restricted accessthat is intended to protect your computer and personalinformation. |
|
What is the advantage of segmentation / separation? |
Don't put all company's servers on single machine If a machine gets broken into, only some serviceswill be affected |
|
Why is redundancy good? |
Avoids single points of failure |
|
How should you implement redundancy? |
- Servers should be deployed in redundant way on multiple machines, ideally with different software to get genetic diversity and different locations - keep in close sync os that backup servers can take over easily |
|
What are ACLs? |
Access controls All traffic to company goes through single (or a few) router(s), and in case of flooding attack, filter through ACL definition |
|
What's the issue with ACLs? |
- Expensive for high-traffic routers - Difficult to gather logs for forensics analysis - Source addresses of packets in flood are typically spoofed and dynamic |
|
What is a firewall? |
All traffic in/out of company has to go through small number of gates (choke points) |
|
Where does a wireless access point need to be in relation to a firewall? |
Outside |
|
What do choke points do? |
Carefully examine traffic, especially incoming, and may refuse access |
|
What are the two strategies available at choke points? |
- permit everything unless explicitly forbidden - forbid everything unless explicitly allowed |
|
What do company firewalls not protect against? How can you remedy this? |
Attacks on company hosts that originate within company Need defense in depth |
|
What types of firewalls exist? (4) |
- Packet filtering gateways / screening routers - Stateful inspection firewalls - Application proxies - Personal firewalls |
|
How are firewalls typically deployed? |
On designated computers that have been stripped of all unnecessary functionality to limit attack surface |
|
How do packet filtering gateways work? |
Make decision based on header of a packet - Header contains source/destination addresses, as well as port numbers which can be used to infer type of packet - Ignores payload of packet Can drop spoofed traffic (drop all packets originating from uWaterloo whose source address is not 129.97.x.y) |
|
How do stateful inspection firewalls work? |
Keep state to identify packets that belong together IP layer can fragment packets, so firewall may have to re-assemble packets for stateful inspection When a client within company opens TCP connection to server outside company, firewall must recognize response packets from server and let ONLY them through Some application-layer protocols require additional (expensive) inspection of packet content to figure out what kinWd of traffic should be let through |
|
Which is more expensive? Packet filtering firewalls or stateful inspection firewalls? |
Stateful inspection firewalls |
|
How do application proxy firewalls work? |
Client talks to proxy, proxy talks to server - Intercepting proxy requires no explicit configuration byclient (or knowledge of this filtering by client) - All other traffic is blocked - Proxy has full knowledge about communicationand can do sophisticated processing - Limit types of allowed database queries, filter URLs,log all emails, scan for viruses |
|
Who must go through an application proxy firewall? |
- Users within the company wanting to access aserver outside the company (forward proxy) - vice versa (reverse proxy) |
|
What else can application proxy firewalls do? |
Strong user authentication |
|
What are personal firewalls? |
Firewall that runs on a home user's computer Especially important for computers that are always online |
|
How do personal firewalls usually work? |
Typically “forbid everything unless explicitlyallowed” - Definitely for communication originating from othercomputers - Maybe also for communication originating on the user’scomputer |
|
What was a vulnerability of Windows XP that was fixed by a firewall? |
Server was running unnecessarily Personal firewall protected against attacks on servers running on computers |
|
How do personal firewalls help protect servers? (3) |
- Servers that are running unnecessarily - Servers that are wrongly configured and that allowaccess from other computers (or that cannot beconfigured to disallow this) - Servers that have a remotely exploitable bug |
|
What is a Demilitarized Zone? (DMZ) |
Subnetwork that contains organization's external services, accessible to internet |
|
What does a DMZ do? |
Deploy external and internal firewall External: protects DMZ Internal: protects internal network from attacks lodged in DMZ |
|
What are honeypots / honeynets? |
Traps for attackers by setting up unprotected computer / network System has no production value, so any activity is suspicious |
|
How are honeypots / honeynets useful? |
Observe attacker to learn about new attacks, identify/stop attacker, or divert from attacking real system |
|
What is the danger with honeypots / honeynets? (2) |
- Attacker may learn that attacked system isn't real - Attacker may be able to use honey[pot, net] to break into real system |
|
What is a honeytoken? |
Data items from a regular system that isn't used E.g. Account for student that doesn't exist |
|
What are the two types of honey[pots, nets]? |
Low interaction - Daemon that emulates one or multiple hosts, runningdifferent services - Easy to install and maintain - Limited amount of information gathering possible - Easier for the attacker to detect than high interactionhoneynets High interaction - Deploy real hardware and software, use stealth networkswitches or keyloggers for logging data - More complex to deploy - Can capture lots of information - Can capture unexpected behaviour by attacker |
|
What is the first thing you do when you find out that someone has attacked your system? |
- Pull the plug - Put the disk in a new machine and try to figure out what happened |
|
What are Intrusion Detection Systems (IDSs)? |
Next line of defence against inside attackers or insiders making mistakes Monitor activity to identify malicious/suspicious events - receive events from sensors - store and analyze them - take action if necessary |
|
What are the 4 types of IDSs? |
- Host-based - Network-based - Signature-based - Heuristic/anomaly-based |
|
How do Host-based IDSs work? |
- Run on a host to protect this host - Can exploit lots of information (packets, disk,memory,. . . ) - Miss out on information available to other (attacked)hosts - If host gets subverted, IDS likely gets subverted, too |
|
How do Network-based IDSs work? |
- Run on dedicated node to protect all hosts attached toa network - Have to rely on information available in monitoredpackets - Typically more difficult to subvert |
|
What are distributed IDSs? |
Combination of host- and network-based |
|
How do signature-based IDSs work? |
- Each (known) attack has its signature (e.g. many SYNs to ports that are not open could bepart of a port scan) - Signature-based IDSs try to detect attacksignatures - Fail for new attacks or if attacker manages tomodify attack such that its signature changes (polymorphic worms) - Might exploit statistical analysis |
|
How do heuristic/anomaly-based IDSs work? |
- Look for behaviour that is out of the ordinary - By modelling good behaviour and raising alertwhen system activity no longer resembles thismodel - Or by modelling bad behaviour and raising alertwhen system activity resembles this model - All activity is classified as good/benign, suspicious,or unknown - Over time, IDS learns to classify unknown eventsas good or suspicious(machine learning) |
|
What is Tripwire? |
Anomaly-based, host-based IDS which detects file modifications Initially computes digital fingerprint of each system file and stores fingerprints at safe place Periodically recomputes fingerprints and compares to stored one Malicious file modifications will result in mismatches |
|
Why is it a bad idea to recompute fingerprints re: Tripwire directly on the production system? |
If machine is infected, they could subvert program computing checksum Must get to clean state first |
|
What is the possible issue with false positives/negatives for IDSs? |
False positives might lead to real alarms being ignored Trying to reduce false positives might increase false negatives |
|
How can you implement stealth mode for IDSs? |
Two network interfaces, one for monitoring traffic and another for admin/raising alarms First one has no published address, so doesn't exist for routing purposes |
|
What is cryptanalysis? |
Breaking secret messages (recovering plaintext from ciphertext) |
|
What does Cryptology study? (2) |
- Cryptography - Cryptanalysis |
|
What are the three major types of components of cryptography? |
Confidentiality: Preventing Eve from reading Alice's messages Integrity: Preventing Mallory from modifying Alice's messages without being detected Authenticity: Preventing Mallory from impersonating Alice |
|
Kerckhoff's Principle? |
The security of a cryptosystem shouldn't rely on a secret that's hard (or expensive) to change |
|
What can you do instead of breaking Kerckhoff's principle? (3) |
- Have a large class of encryption methods - Make class public information - Use secret key to specify which one you're using (key is easy to change) |
|
What was the traditional size of keys, and is still for some cases? |
1024 |
|
What is the relation between a system's security and keys? |
A system is at most as secure as the number of keys |
|
What's a strong cryptosystem? |
One which forces Eve to try every single key |
|
What information might Eve have while she's trying to break our system? (4) |
- Knows the algorithm - Knows some part of the plaintext - Knows a number of corresponding plaintext/ciphertext pairs - Has access to encryption/decryption oracle |
|
What is secret-key encryption? |
Also called symmetric encryption Simplest form of cryptography |
|
What is a completely unbreakable cryptosystem? |
One-Time Pad - Key is truly random bitstring of same length as the message - Encrypt/Decrypt are just XOR |
|
Why does trying every key not work for one-time pads? |
Since it's truly random, you can get every message of that length |
|
How do you share the very secret key for the one-time pad? |
Has to be given physically |
|
What is the modern standard of cryptography? How long would it take one computer to crack? |
128-bit cryptography 635 thousand million million million years |
|
What does Moore's law say about 128-bit crypto? |
If we wait 132 years, computers will get 2^88 times faster, and 128-bit crypto can be broken in 18 hours |
|
What is the point of cryptography? |
Make sure information transfer is not the weakest link |
|
What is a stream cipher? |
Take the one-time pad, but use pseudorandom keystream instead of truly random one |
|
What is the most common used stream cipher? |
RC4 |
|
What are bad implementations of stream ciphers? (2) |
WEP, PPTP |
|
What is a MAC? |
Message Authentication Code Keyed hash function (only those who know the secret key can check/compute hash value) |
|
What strategies exist for combining ciphers and MAC? |
- Encrypt-then-MAC (recommended) - MAC-then-Encrypt - Encrypt-and-MAC |
|
What is repudiation? When would you want a conversation to be repudiatable? Non-repudiatable? |
Lack of ability to prove that the message was from the person who sent it Reputiatable: Private conversations Non-reputiatable: E-commerce |
|
What is a way to guarantee non-repudiation? What does that prove? (3) |
Digital signature - Alice, and not an impersonator, sent the message (likea MAC) - the message has not been altered since it was sent(like a MAC) - Bob can prove these facts to a third party (additionalproperty not satisfied by a MAC) |
|
How do you make and verify digital signatures? |
Give everyone a copy of the encryption key, keep the decryption key private - Alice signs the message with her private signature key - To verify Alice’s signature, Bob verifies the message with his copy of Alice’spublic verification key - If it verifies correctly, the signature is valid |
|
How can you combine public-key encryption and digital signatures? |
Both Alice and Bob have two different key-pairs: an encryption/decryption key pair, and signature/verification key pair 1. Alice uses Bob’s encryption key to encrypt amessage destined for Bob 2. She uses her signature key to sign the ciphertext 3. Bob uses Alice’s verification key to check thesignature 4. He uses his decryption key to decrypt theciphertext |
|
What is the lifespan of Alice's signature/verification key pair vs encryption/decryption key pair? |
Signature/verification long-lived Encryption/decryption short-lived => gives perfect forward secrecy |
|
How can you create a new encryption/decryption key pair using a signature/verification key pair? |
Alice uses signing key to sign new encryption key, Bob uses Alice's verification key to verify signature on new key |
|
What is a very difficult problem of public-key cryptography? What possible solutions exist? (3) |
Key management How can Bob find Alice's verification key? Manual keying - he knows it personally, like SSH Web of trust - trusts a friend to tell him, like PGP CA's - can trust some third party to tell him, like TLS / SSL |
|
What is a certificate authority (CA)? |
Trusted third party who keeps a directoryof people’s (and organizations’) verification keys - Alice generates a (signature, verification) key pair,and sends the verification key, as well as a bunchof personal information, both signed with Alice’ssignature key, to the CA - The CA ensures that the personal information andAlice’s signature are correct - The CA generates a certificate consisting ofAlice’s personal information, as well as herverification key - The entire certificate is signedwith the CA’s signature key |
|
Who has a copy of the CA verification key? |
Everyone, so that they can verify signature on certificate |
|
How do multi-level CA's work? |
- Level n CA issues certificates for leveln+1 CAs - Public-key infrastructure (PKI) needs only verification key of root CA toverify certificate chain |
|
What are some common mistakes in building cryptographic protocols? (3) |
- Using the same stream cipher key for two messages - Assuming encryption also provides integrity - Falling for replay attacks or reaction attacks |
|
What is a possible issue with secret-key cryptography re: web browsers? |
If your web browser can decrypt its file containingyour saved passwords, then an adversary who canread your web browser probably can, too |
|
How would an encrypted-code processor work? |
- Processor decrypts instructions before executing them - decryption key processor-dependent - malware won't be able to spread without knowing processor's key |
|
What does encrypted data not prevent? (3) |
- Data against other users who legitimately use the laptop - Someone installing malware - Physically extracting decryption key from laptop's memory |
|
What is the primary use for cryptography? |
Separating security of the medium from the security of the message |
|
What are link-layer security controls supposed to protect? Example? |
Local area networks Wired Equivalent Privacy (WEP) |
|
What were the three security goals of WEP? |
Confidentiality: prevent adversary from learning contents of wireless traffic Access Control: prevent adversary from using wireless infrastructure |
|
What problems are associated with WEP? (5) |
Widely shared "secrets": The random number to generate the keystream is 24 bits long, can be cracked quickly The adversary can execute auth protocol: wat RC4 is weak: When RC4 is used with similar keys, output keystream has subtle weakness, such that the keys can be recovered in under a minute |
|
How does CRC work? |
- independent of k and v |
|
Why is the linearity of CRC a bad idea when used with a stream cipher? |
??? |
|
How could an adversary inject a new message F onto a WEP-protected network? |
All he needs is a single plaintext/ciphertext pair - This gives him a value of v and the correspondingkeystream RC4(v, k) - Then C' = (F, c(F)) XOR RC4(v, k), and hetransmits v, C' - C' is in fact a correct encryption of F, so themessage must be accepted |
|
How doe WEP auth protocol work? |
- The access point sends a challenge string to the client - The client sends back the challenge, WEP-encryptedwith the shared secret k - The wireless access point checks if the challenge iscorrectly encrypted, and if so, accepts the client |
|
What does the ability to modify and inject packets lead to for WEP? |
The ability to decrypt packets! |
|
How does WPA compare to WEP? (5) |
- Replaces CRC-32 with a real MAC (here called a MICto avoid confusion with a Media Access Controladdress) - IV is 48 bits - Key is changed frequently (TKIP) - Ability to use 802.1x authentication server (but maintains less-secure PSK (Pre-Shared Key) modefor home users) - Able to run on most older WEP hardware |
|
What problem does a VPN usually solve? |
Needing end-to-end security across networks |
|
How do VPNs work? |
Connect two (or more) networks that arephysically isolated, and make them appear to be asingle network |
|
What is the goal of a VPN? |
Adversary between the networks should notbe able to read or modify the traffic flowing acrossthe VPN |
|
How is a VPN set up? |
- One host on each side is VPN gateway (could be firewall, DMZ, laptop, etc) - Traffic destined for "other side" sent to local VPN gateway - Gateway uses cryptography to send traffic to remote VPN gateway (tunnelling) - Remote VPN gateway decrypts messages and passes them on |
|
What is tunnelling? |
Sending of messages of one protocolinside (that is, as the payload of) messages of anotherprotocol, out of their usual protocol nesting sequence |
|
Is TCP-over-IP tunnelling? Why or why not? |
Not tunnelling You’resupposed to send TCP (a transport protocol) over IP(a network protocol; one layer down in the stack) |
|
Is IP-over-TCP tunnelling? Why or why not? |
Is tunnelling (going up the stackinstead of down), as are IP-over-IP (same place in thestack), and PPP (a link layer protocol; bottom of thestack) over DNS (an application layer protocol; top ofthe stack) |
|
What is a common way to set up a VPN? |
IPSec |
|
What modes exist for IPSec VPN setup? |
Transport mode - Useful for connecting a single laptop to a home network - Only the contents of the original IP packet are encryptedand authenticated Tunnel mode - Useful for connecting two networks - The contents and the header of the original IP packet areencrypted and authenticated; result is placed inside anew IP packet destined for the remote VPN gateway |
|
What other ways exist to set up VPNs? |
Microsoft’s PPTP - older protocol - had about as many design flaws as WEP - most users now migrating to IPsec VPNs based on ssh - Tunnel PPP over ssh (IP-over-PPP-over-ssh-over-TCP-over-IP) - Some efficiency concern, but extremely easy to set up ona standard Unix/Linux box - OpenSSH v4 supports IP-over-SSH tunnelling directly |
|
How was the protocol Secure Sockets Layer (SSL) used? |
Meant for protecting HHTP (=> HHTPS) General and could be used to protect any TCP-based connection Went through a few revisions, and waseventually standardized into the protocol knownas TLS |
|
How does TLS work? (6) |
1. Client connects to server, indicates it wants tospeak TLS, and which ciphersuites it knows 2. Server sends its certificate to client, whichcontains: host name, verification key, other administrative information, signature from a CA 3. Server also chooses which ciphersuite to use 4. Client validates server’s certificate (is its signature from a CA whose public key isembedded in the client (e.g., browser or app)? Does the host name in the certificate match the hostname of the web site that client wants to access?) 5. Client and server run a key agreement protocol toestablish keys for symmetric encryption and MACalgorithms from the chosen ciphersuite (Server signs its protocol messages with its signaturekey) 6. Communication now proceeds using chosensymmetric encryption and MAC algorithms |
|
What security properties are offered by TLS? (4) |
- Server authentication - Message integrity - Message confidentiality - Client authentication (optional) |
|
Why is TLS the most successful Privacy Enhancing Technology ever? (3) |
- It comes with your browser (encouraged web server operators to bother paying$$ for their certificates) - It just works, without you having to configure anything - Most of the time, it even protects the privacy of yourcommunications (increasingly important due to the success of WiFi) |
|
What else may we want to protect beyond the content of messages? (2) |
- Metadata (who's sending the message to whom?) - Existence of message |
|
What does unlinkably (long-term) and linkably (short-term) anonymity look like w/ Tor? (3) |
- no long-term identifier for Tor user - if web server gets a connection from Tor today, and another tomorrow, can't tell if they're from the same person - two connections in quick succession from same Tor node likely from the same person |
|
What are the levels of nymity for transactions? (4) |
Verinymity Government ID, SIN, credit card #, address Persistent pseudonymity Noms de plume, may blogs Linkable anonymity Prepaid phone cards, loyalty cards Unlinkable anonymity Cash payments, Tor |
|
How is ssh usually used? (5) |
1. Client connects to server 2. Server sends its verification key(client should verify that this is the correct key 3. Client and server run a key agreement protocol toestablish session keys, server signs its messages (all communication from here on in is encrypted andMACd with the session keys) 4. Client authenticates to server 5. Server accepts authentication, login proceeds (underencryption and MAC) |
|
How can you authenticate with SSH? (2) |
Send a password over the encrypted channel Server needs to know (a hash of) your password Sign a random challenge with your private signature key Server needs to know your public verification key |
|
Which is the better authentication method for ssh? Why? |
??? |
|
What do remailers allow you to do? |
Send email without revealing own email address (pseudonymity useful for context) |
|
How did anon.penet.fi work? (4) |
1. Send email to anon.penet.fi 2. It is forwarded to your intended recipient 3. Your “From” address is changed toanon43567@anon.penet.fi (but your original address isstored in a table) 4. Replies to the anon address get mapped back to yourreal address and delivered to you |
|
What must be true for anon.penet.fi to work? (3) |
- No one’s watching the net connections to or fromanon.penet.fi - The operator of anon.penet.fi and the machine itselfremain trustworthy and uncompromised - The mapping of anon addresses to real addresses iskept secret |
|
What are type 1 remailers? How did they work? |
(cypherpunk) Removed central point of trust, instead sending messages through a "chain" of several remailers with dozens to choose from Each step in chain encrypted, remailers also delay/reorder messages NO PSEUDONYMITY, NO REPLIES |
|
What are type 2 remailers? How did they work? |
- Constant-length messages - Protections against replay attacks - Improved message reordering - Requires special email client to construct message fragments |
|
What was the purpose of nym servers? |
Mapped pseudonyms to "reply blocks" contained a nested encrypted chain of type 1 remailers Attaching message to end of a reply block causes it to be sent down the chain to the nym owner |
|
What are type 3 remailers? How did they work? |
Native support for pseudonymity, no longer reliant on type 1 reply blocks Improved protection against replay/key compromise attacks |
|
What is a problem with type 3 remailers? |
Not well deployed or mature |
|
What is Pretty Good Privacy? |
Protects contents of email messages Uses public-key cryptography to provide: - encryption of email messages (using hybrid encryption) - digital signatures on email messages (hash-then-sign) |
|
What was the first popular implementation of public-key cryptography? |
Pretty Good Privacy |
|
How does hybrid cryptography work? (4) |
1. Pick random 128-bit key K for secret key crypt 2. Encrypt large message with K 3. Encrypt K using public key crypt 4. Send encrypted message and encrypted key |
|
How does public key cryptography work? |
Publicize public key, which people use to send encrypted messages to you Use your private key to decrypt |
|
What is the difference between a stream cipher and One-Time Pad? |
One-Time Pad is assumed to be size of message (i.e. correct size) Stream cipher takes in random key of any size and generates pseudorandom keystream of correct size |
|
What are the advantages (1) / problems (2) with stream ciphers? |
Advantage: - can be very fast, useful for lots of data Problems: - Ineffective if same key used to encrypt different messages - How do you get around generating new shared secret key for each message? |
|
How do block ciphers work? |
Operate on the message one block at a time, usually size 64-128 bits long |
|
What are some examples of modes of operation for multiple blocks in block ciphers? (4) |
Electronic Code Book ECB (will show repeating patterns for repeated blocks) Require initial value (like salt): Cipher Block Chaining CBC Counter CTR Gaolis Counter GCM |
|
What's the problem with checksums in encryption? |
Mallory can change the message in such a way that the checksum stays the same |
|
What three properties should cryptographic hash functions hold? |
Preimage-resistance Given y, it’s hard to find x such that h(x) = y Second preimage-resistance Given x, it’s hard to find x' != x such that h(x) = h(x') Collision-resistance It’s hard to find any two distinct values x, x' such thath(x) = h(x') (a “collision”) |
|
When can hash functions provide integrity guarantees re: cryptography? |
Onlywhen there is a secure way of sending and/orstoring the message digest |
|
How do Message Authentication Codes (MAC) work? |
1. Have alarge class of hash functions, and use a sharedsecret key to pick the “correct” one 2. Only those who know the secret key can generate,or even check, the computed hash value 3. These “keyed hash functions” are called MACs |
|
How can we hybridize signatures? |
Alice sends the (unsigned) message, and also asignature on a hash of the message The hash is much smaller than the message, and so itis faster to sign and verify |
|
What is the relationship between someone's (signature, verification) key pair and (encryption, decryption) key pair? |
When creating new (encryption, decryption) key pair, use signing key to sign public encryption key and other party uses her verification key to verify the encryption key |
|
What is harddrive encryption useful for? What does it not protect against? (3) |
Protects data when laptopgets lost/stolen - Does not protect data against other userswho legitimately use laptop - Somebody installing malware on laptop - Somebody (maybe physically) extracting thedecryption key from the laptop’s memory |
|
What handy thing does PGP automatically handle? |
Web of Trust |
|
What's an issue with PGP? |
Creates lots of incriminating records - Key material that decrypts data sent over the publicInternet - Signatures with proofs of who said what |
|
How does Perfect Forward Secrecy improve PGP? |
Use secret-key encryption with short-lived (session) key Discard session key after use |
|
What does Perfect Forward Secrecy use long-term keys for? |
Authenticating Diffie-Hellman protocol messages |
|
What can you use if you don't want to use digital signatures (want repudiation), but want authentication? |
MACs |
|
What is OTR Messaging? |
Off-the-Record Messaging Provides confidentiality and authentication Uses Perfect Forward Secrecy and Deniability |
|
What is the most popular DBMS model? |
Relational |
|
What is a subschema? |
Result of a query |
|
What are the security requirements for databases? (8) |
- Physical database integrity - Logical database integrity - Element integrity - Referential integrity - Auditability - Access control - User authentication - Availability |
|
What does logical and physical database integrity entail? |
Protect against corruption Recovery from physical problems (power outage, disk crashes) - periodic backups - log of transactions |
|
What does element database integrity entail? (4) |
Ensure correctness/accuracy of database elements - Access control to limit who can update element - Element checks to validate correctness - Change log to undo erroneouschanges - Error detection codes to protect against OS orhard disk problems |
|
How does two-phase update work for databases? |
1. Gather info required for change, but don't perform updates 2. Make changes permanent |
|
What does referential database integrity entail? (3) |
- Each table has a primary key, which is a minimalset of attributes that uniquely identifies each tuple - A table might also have a or multiple foreign keys,which are primary keys in some other table - Referential integrity ensures that there are nodangling foreign keys |
|
What does auditability re: databases entail? |
Keep an audit log of all database accesses, allows to retroactively identify users who accessedforbidden data |
|
What kinds of data disclosure exist? (5) |
- Exact data - Bounds - Negative result - Existence - Probable value |
|
Security vs precision? |
Security Forbid any queries that access sensitive data, even if (aggregated) result is no longer sensitive Precision Aggregated result should reveal as much non-sensitive data as possible |
|
Direct vs indirect attack re: data inference? |
Direct Queries that directly yield sensitive info, possibly obfuscated to fool the DBMS Indirect Infer sensitive data from statistical results |
|
What are possible statistical inference attacks? (4) |
- Sum - Count - Mean - Median E.g. SELECT SUM(salary) SELECT SUM(salary) WHERE lastname != 'Adams' |
|
What is a tracker attack re: DBMS? |
Use "tracker" queries to break down a forbidden query into multiple allowed queries |
|
What are seven controls applied to data items re: statistical inference attacks? |
Suppression Suppress sensitive data from result Concealing Answer is close to actual value, but not exactly n-item k-percent rule For the set of records that were included in the result, ifthere is a subset of n records that is responsible for overk percent of the result, omit the n records from result Combined results Report set or range of possible values Random sample Compute result on random sample of db Random data peturbation Add/subtract small random error before computing result Query analysis Maintain history of user's queries and observe possible inferences (costly, and fails for collusion) |
|
What is differential privacy? How can it be achieved? |
The response to a query should not depend on anindividual (not) being part of the dataset Achieved by addingnoise to the result of a query before releasing it |
|
What's are 2 issues with data aggregation re: DBMS? |
Can build sensitive results from less sensitive information Aggregation can take place outside DBMS making it difficult to control |
|
How do Multilevel Security Databases work? |
Each object has sensitivity classification (sensitive vs not sensitive), and possibly a set of compartments An object can be an element, aggregate, column, or row |
|
Why is it difficult to implement *-property (no read up, no write down) in MLS database? |
- User doing a write-up, even though the user cannotread the data having higher sensitivity (Blind writes) - Write-downs need a sanitization mechanis - Trusted processes that can do anything (DBMS must have read and write access at alllevels to answer user queries, perform back-ups,optimize database, etc) |
|
How can polyinstantiation happen in a MLS database? |
Keeping existence hidden can lead to havingmultiple records with the same primary key, butdifferent sensitivity Existence of the record itself could be confidential |
|
What are 3 other possible solution to polyinstantiation? What other issues does they each bring? |
Partitioning: separate database for each classification level - Could store data redundantly in multiple db's - Doesn't help high-level users access all level data Encryption: encrypt data with key unique to class level - Processing of a query becomes expensive, manyrecords might have to be decrypted Integrity lock: data item has integrity level and cryptographic signature over the integrity level, attribute name, and record number - This scheme does not protect against replayattacks - Any (untrusted) database can be used to storedata items and their integrity locks - Locks can consume lots of space (maybe multiple locksper record) - Expensive trusted procedure handles access control andmanages integrity locks - Have to encrypt items and locks if there are otherways to get access to data in database, even more expensive |
|
How does a trusted front end work re: DBMS? Advantage/Disadvantage? |
1. Front end authenticates user and forwards query to old-style DBMS 2. Front end gets result and removes what user shouldn't see Advantage: allows use of existing DBMS and db's Disadvantage: inefficient if returns lot of items that are eventually dropped |
|
How do commutative filters work re: DBMS? Advantage/Disadvantage? |
Front end rewrites user query according to classification (removing restricted attributes, add constraint with user's class) Advantage: uses DBMS' superior query processing and discards forbidden data early on Disadvantage: front end may still have to do post processing |
|
How do distributed/federated db's work re: DBMS? Disadvantages? |
Based on partitioning, front end forwards user query only to database according to user's classification Disadvantages: - Front end may have to combine results from multiple db's, complex process that essentially makes front end a DBMS - Doesn't scale to lots of classifications |
|
How do views work re: DBMS? What can they be used for? |
Logical database that represents a subsetof some other database - Element in view can correspond to an element inunderlying database or be a combination ofmultiple elements - A user’s view of a database consists of only the datathat the user is allowed to access - Hide attribute/row unless user is allowed to access atleast one element, set to UNDEFINED any elementsthat user can’t access |
|
Truman vs non-Truman semantics? |
Truman semantics: DBMSpretends that the data the usercan access is all thedata there is - All queries will succeed, even ifthey return incorrect results Non-Truman semantics: theDBMS can reject queries thatask for data the user is notallowed to access - Any queries that succeed willproduce precise answers - Some queries will fail |
|
What does data mining try to do? |
Tries to automatically find interestingpatterns in data using a plethora of technologies |
|
What security problems arrive wrt. CIA for data mining? |
Confidentiality Data mining can reveal sensitive info Integrity Mistakes in data can lead to wrong conclusions that can make a negative impact Availability (In)compatibility of different db's make combining difficult, have to distinguish between inability to combine vs inability to find correlation |
|
How may you preserve privacy in data release? |
Anonymize data records before releasing, though simple anonymization may not be sufficient (hashed info may be easier to crack than thought, k-anonymity) |
|
How many ppl can be uniquely identified by ZIP, gender, and DoB? |
87% of US population |
|
What is k-anonymity? |
For each released record, at least k-1 other released records from which record cannot be distinguished (k >= 2) |
|
What is a particular difficulty with k-anonymity? |
Choosing quasi-identifier (which attributes are to be omitted such that they are highly identifying) |
|
What is a homogeneity attack? |
If you know Bob (902**,1965-*-*) is in the table, thenBob has cancer |
|
What is a background knowledge attack? |
If you know Dave (9043*,195*-*-*) is in the table, andthat his risk for heart disease is very low, then Davehas cancer |
|
What is the l-diversity property? |
For any quasi-identifier, there should be at least l “well-represented” values of the sensitive fields |
|
What is an improvement on l-diversity? |
t-closeness Ensure that the distributions of the values for anyquasi-identifier are within t of the distribution for thewhole table |
|
How does value swapping help re: DBMS inference? |
- Any linking done on the released records can nolonger considered to be necessarily true - Trade off between privacy and accuracy - Statistically speaking, value swapping will makestrong correlations less strong and weakcorrelations might go away entirely |
|
How does adding noise help re: DBMS inference? |
- Given distribution of data after perturbation andthe distribution of added errors, distribution ofunderlying data can be determined , but not its actual values - Protects privacy without sacrificing accuracy |
|
What is involved in sampling/synthetic data? |
Release only a subset of respondents’ data (e.g., a 1% sample) with geographic coarsening and top/bottom coding Geographic coarsening: restrict geographic identifiers to regions containing at least a certain population(e.g., 100,000 people) Top/bottom-coding: if there are sufficiently few respondents over age 90, top-coding would replace all ages ≥ 90 with the value 90 - Build a distribution model based on gathered data and use the model to generate synthetic data with similar characteristics to original data - Release one (or a few) sets of synthetic data |
|
What is a security plan? |
A document put together by anorganization that explains what the security goalsare, how they are to be met, and how they’ll staymet Description of current state + plans for improvement |
|
What are the 7 parts of a security plan? |
- Policy - Current state - Requirements - Recommended controls - Accountabilty - Timetable - Continuing attention |
|
What should the policy statement in a security plan include? (3) |
- Goals - Responsibility - Commitment |
|
What should the current state statement in a security plan include? (3) |
- Risk analysis with current status - List limits of security responsibility - Privacy Impact Assessment (PIA) |
|
What should the requirements statement in a security plan include? (4) |
- What needs does the organization have? - Who is allowed/not allowed to do what? - What audit logs should be kept? - Should ongoing effectiveness be measured? |
|
What should the recommended controls statement in a security plan include? |
List mechanisms to control vulnerabilities described in current state, satisfy needs in requirements, and take into account priorities in policy |
|
What should the accountability statement in a security plan include? |
Who is accountable if security controls aren't implemented, aren't implemented properly, or fail? |
|
What should the timetable statement in a security plan include? (3) |
- Lists how and when elements of plan will be performed - Notes dependencies and order - Includes milestones to track progress |
|
What should the continuing attention statement in a security plan include? |
List process for periodic review and updating of plan itself |
|
Who writes the security plan? Who should be included? (6) |
Security planning team - Upper management (for setting policy) - IT - Systems and application programmers, DB admins - Data entry personnel - Physical security personnel - Representative users |
|
What is a BCP? |
Business Continuity Plan Focuses on availability Deals with catastrophic or long-duration situations |
|
What should a BCP include? (3) |
- Who is in charge when catastrophe occurs - What needs to be done - Who will do it |
|
What can you do in addition to creating a BCP? (4) |
- Acquire redundant equipment - Arrange for regular data backups - Stockpile suppliezs - Train employees to react to situation |
|
What should be included in an Incident Response Plan? |
- Legal issues - Preserving evidence - Records - Public relations |
|
What are the two characteristics of risk? |
Probability Impact: what harm will happen? |
|
What is risk exposure? |
Probability x impact |
|
What are the steps for risk analysis? (6) |
1. Identify assets 2. Determine vulnerabilities 3. Estimate likelihood of exploitation 4. Compute risk exposure 5. Survey applicable controls 7. Project savings due to control |
|
What assets may we want to protect? (6) |
- Hardware - Software - Data - People - Documentation (including security plans) - Supplies |
|
What is something you can use to help identify likelihood of risk? |
Frequency analysis |
|
What are the two major classes of physical threats? |
Nature & Human |
|
What are tiger teams? |
Teams of security professionals that you hire to try to hack your system |
|
How can reverse engineering impact a trade secret? |
If someone successfully reverse engineers the trade secret, you lose the trade secret protection |
|
What are some examples of patented cryptographic algorithms? (4) |
- Diffie-Hellman (expired 1997) - RSA (expired 2000) - IDEA (block cipher used in early PGP, expired 2012) - Lots of patents on elliptic curve cryptography |
|
What is the difference between copyright and patent? |
Patent protects invention Copyright protects expression/implementation of invention |
|
What are the four tests for fair use in the US? |
- the purpose and character of the use, including whethersuch use is of a commercial nature or is for nonprofiteducational purposes; - the nature of the copyrighted work; - the amount and substantiality of the portion used inrelation to the copyrighted work as a whole; and - the effect of the use upon the potential market for orvalue of the copyrighted work |
|
What are the appropriate uses under fair dealing in Canada? (8) |
- Private study - Reserach - Criticism - Review - News reporting - Education - Parody - Satire |
|
What is the DMCA? What were the problems (2) with it? |
Digital Millennium Copyright Act It didn’t make any additional acts of making copiesillegal; rather, it made illegal the circumvention ofa technological copy protection mechanism thatmight be in place Problem: this applies even when the copyprotection mechanism is broken to make a “fairuse” copy! Problem: Also made illegal the manufacture, selling, or“traffic” of devices that might help you circumventsuch mechanisms |
|
Full disclosure vs Responsible disclosure? |
Full disclosure (preferred by people, not vendors) When you find a problem, post to full disclosure mailing list of security professionals Responsible disclosure (preferred by vendors) Tell the vendor, tell no-one else for 30 days |