















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A review for the final exam of the Computer Security course (CS 426) in Fall 2010. It covers basic concepts such as confidentiality, integrity, availability, authenticity, non-repudiation, and privacy. It also discusses block ciphers, cryptographic hash functions, public key cryptography, operating system security, and user authentication. examples of different encryption modes and hash functions, as well as threats to passwords and their defenses.
Typology: Study notes
1 / 23
This page cannot be seen from the preview
Don't miss anything!
















CS
Fall 2010/Lecture 40
-^
-^
-^
Authenticity
Integrity (in communications)
Non
-repudiation
Non repudiation
-^
Privacy (general concept, need to defined for differentcontexts)contexts)– K-Anonymity? CS
Fall 2010/Lecture 40
One
Time Pad (OTP)
One
-Time Pad (OTP)
Two time pad is insecure
Stream cipher– Simulate OTP by using PRNG
y^
g
becoming two-time pad
PRNG: should satisfy the next-bit test. CS
Fall 2010/Lecture 40
Block ciphers
-^
Block
ciphers
Aim at providing Pseudo Random Permutation (PRP)
DES: 56-bit key size, 64-bit block size, consideredinsecure now b/c bruteforce attack
-^
Brute-force: exhaustive key search, dictionary attack
-^
ES: block size, key sizes, no known weaknesses
y^
Encryption modes: ECB, CBC, CTR– How they work?
y
from block cipherfrom block cipher
CS
Fall 2010/Lecture 40
PK Encryption: two keys can check whether two keys
-^
Encryption: two keys, can check whether two keys are a pair, but cannot compute private key from pubic key
-^
How RSA works: pub key: (n=pq e) pri key (d)
-^
How RSA works: pub key: (n=pq,e), pri key (d)
-^
RSA security: depends on factoring, how long should themodulus n=pq bemodulus n pq be.
-^
RSA security: direct usage violates IND, use OAEP (howit works)
Usage of RSA & secret-key encryption
-^
Diffie
-Hellman key agreement (subject to active attacks)
Diffie Hellman key agreement (subject to active attacks)
-^
How El Gamal encryption works? CS
Fall 2010/Lecture 40
Non
repudiation (why MAC doesn’t work)
Non
-repudiation (why MAC doesn’t work)
How RSA signatures work?H
t^
i^
h
h^
f^
ow to sign hashes of messages?
-^
Why want the hash function to be collision resistant?I^
k^
di t ib ti
h t d
th
d t
d^
i^
th
In key distribution, what does the TTP need to do in thesymmetric key setting?
Scalability of the approach
Public key distribution– Weaknesses of directory & public announcements
Weaknesses of directory & public announcements
Fall 2010/Lecture 40
-^
-^
-^
-^
-^
-^
CS
Fall 2010/Lecture 40
Types of authentication: know have are
-^
Types
of authentication: know, have, are
Threats to passwords
Online guessing offline dictionary spoofing shoulder surfing
social engineering
UNIX storage of passwords
g
p
Other defenses– Disabling account after multiple failed attempts– Mechanisms to avoid weak passwords
-^
Trusted pathL
t’^
ti^
d^
h
amport’s One-time Passwords scheme
CS
Fall 2010/Lecture 40
Buffer overflow
-^
Buffer
overflow
function pointers, heap overflow
p^
,^
p
Effectiveness of different defenses– Type safe languages, safe library functions, non-executable
stack, StackGuard (using canary), Address space layoutrandomization, Instruction set randomization
Integer overflow
-^
Integer overflow
-^
No question on types of malwares and their details
-^
No question on types of malwares and their details. CS
Fall 2010/Lecture 40
-^
-^
early, no liability, patching costs little,testing/debugging expensive, buggy software forcesusers to ungradeusers to ungrade
-^
CS
Fall 2010/Lecture 40
-^
-^
other details required)
l scale
-^
CS
Fall 2010/Lecture 40
Integrity levels different from security levels in BLP
-^
Integrity
levels different from security levels in BLP
Five policies in Biba (what they are)T
i^
f i t
it^
l^
l^
bj
t
wo meanings of integrity levels on objects
-^
Difference between confidentiality and integrity
Integrity has to trust subjects
Clark & Wilson
Two high level mechanisms: Well formed transactions and
separation of duty
Chinese wall: avoid COI CS
Fall 2010/Lecture 40
-^
roles can be activated.S
ti^
f^
l^
hi
hi
CS
Fall 2010/Lecture 40
-^
-^
-^
CS
Fall 2010/Lecture 40