# Lernkarten

Karten 61 Karten 7 Lernende English Universität 31.07.2020 / 18.04.2021 Keine Angabe
0 Exakte Antworten 61 Text Antworten 0 Multiple Choice Antworten

1/61

How does counter mode (CTR) work

Encrypting a counter to produce a stream cipher

• can be parallelized
• convert a block cipher into a stream

The message is not encrypted, a number is encrypted and uses the random number that comes out to XOR the message.

Standard mode for all encryption cipher (AES)

Which problem solves Diffie-Hellman

The problem is before a message can be encrypted the “secret key” must be shared with the communication partners over an insecure channel, this problem is solved with Diffie-Hellman

How does the Diffie-Hellman algorithm work

1. Alice and Bob agree on base parameters.

p = a large prime number, is very big usually 2048-bit or 4096-bit

1. = also a prime number must be a primiteve root of p e.g. 3 is a primiteve root of 7
1. Alice and Bob select numbers as private keys

Alice chooses a private value at random

Bob chooses a private value at random

The private vlaues must be between 1 and . Is a 2048-bit number, which is never told to anyone

1. Alice and Bob each calculate a public key

Alica calculates:

Alica calculates:

The public key is created using and to mathematically hide the private version.

1. The puvlic keys are swapped over the wire

Alice sends the result of the calculation:

Bob sends the result of the calculation:

1. The private key is combined with the others public key to create the shared “secret key”

Alice computes:

Bob computes:

1. The shared secret is usually called the pre-master secret. It’s used to derive session keys

Whats the shared secret if applying the Diffi-Hlleman with the following numbers

g = 3, p = 29

Alicey private key: 23

Bob private key: 12

24, Lösungsweg in den Folien 4 S. 53

What are the two main use cases of RSA

1. Encryption that only the owner of the public key can read. If you want to send a encrypted message to another network member just take his/her public key and encrypt the data with this key.
2. Signing that must have been performed by the owner of the private key. If you want to trust a server he can send a message encrypted with his private key and you know by encrypting the message with his public key that ist him/her

What is the discrete logarithm problem

Discrete Logarithms:

3^29 mod 17 = x   x is easy to determine

3^x mod 17 = 12 x is hard to determine, especially for big numbers, because the solution can only be found with brute force

The following variables for an RSA process are given, encrypt and decrypt the message "m" (89)

p1=53

p2=59

n=53*59 = 3127

ϕ(n)= 3016

e=3

d=2011

encryption:

c(MessageBob)= 893 mod 3127=1384

decryption:

c(MessageBob) = 1384 13942011 mod 3127 = 89

This is an example from the presentation 5 starting at page 27

Tell some facts about RSA

• RSA is very weak if encrypting short messages
• Padding is added in short messages, optical asymmetric Encryption padding (OAEP) is the used
• Introduces an IV into the process and then hashes it
• The receiver will have to use the exact same padding to make sure the messages match up
• It’s not common to see encryption done in RSA
• RSA is 1000x slower than symmetric crypto systems

The following variables are given, what does a signature process look like if the signature of Alice is "SignatureAlice=42"

p1=61

p2=53 n=3233

ϕ(n)= 3016

e=17

d=2753

Tom: c(SignatureAlice)= 42^2753 mod 3233=3065

3065^17 mod 3233 = 42 => SignatureAlice=42

Bob: c(SignatureAlice)= 42^2753 mod 3233=3065

3065^17 mod 3233 = 42 => SignatureAlice=42

Alice: c(SignatureAlice)= 42^2753 mod 3233=3065

Lösungsweg Präsi 4 S.34

Signing is encrypting with the private key

Whats the problem with RSA in a few years

RSA is going to become slower because bigger keys will have to be used.

• the main alternative is DSA (Digital Signature Algorithm) which uses
• DSA only works for signing
• it acts like RSA but uses mathematics similar to Diffie-Hellman

What is a hash funciton and why is it useful

Takes a message of any length and creates a pseudorandom hash with a fixed length.

Used for Message authentication, Integrity, passwords

A good hash algorithm is fast, but not too fast

Whats a strong hash function

Any linput length results in a fixed size hash.

1. it has to be quick but not too quick

2. it has to introduce diffusion => 1 change results in many

3. Given a hash, we can’t reverse it

4. Given a message and its hash, we can’t find another message that hashes to the same thing

5. We can’t find any two messages that have the same hash

MD5: is strong but creates collisions => broken

SHA1 / SHA2: is strong and currently not broken

Whats the current hash standard

SHA-2 256 bit or 512 bit

SHA-3 is not better or worser than SHA-2

Which hash functions should be used for passwords and why is SHA-2 not a good solution

SHA-2 is to fast a attacker can generate a lot of hashes and compare the outputs to the found password

A good solution for password hashes are the following algorithms

• PBKDF2(Password-Based Key Derivation Function 2)
• bcrypt

works similar to SHA-2 but the process is repeated e.g. 5000 times this makes it 5000 times slower. also these algorithms are hard to run on a GPU which makes it more difficult to parallel create hashes to gues the password.

Where are hashes used

• Digital signatures
• message tampering is a common attack and with hashes it can be ensured that the message wasn't altered.
• The hash of the message is added to the packet the receiver applies the hash function on the content and compares it to the received hash, if both of them are the same it's more likely that the data hasn't been changed

How does a DNS zone transfer attack work and why can it be harmfull

A DNS Zone transfer is a process where one DNS server copys parts of its databse to another DNS. This helps to have more than one server which can answer questions about a zone. The slaves ask for a copy by the master.

A DNS Zone transfer attack, is that you pretend to be a slave an get a copy of the DNS zone records.

Risk: The zone records, show a lot of internal topology information about the network, if someone wants to subvert (untergraben) the DNS with spoofing (falsche Identität verwenden) and poisoning, this is very helpful.

What is Red Team in the context of Cybersecurity

Offensive Cybersecurity, focus on penetration testing, assume the role of a hacker, show organizations what could be backdoors or exploits, common practice is that they are outside of the organization.

What is Blue Team in the context of Cybersecurity

Defensive Cybersecurity, Assessment (Bewertung) of network security, identification of possible vulnerabilities, find ways to defend, change and re-group defence mechanisms to make incidents responses much stronger. They are continuously improving the digital security infrastructure using security audits, log and memory analysis, pcap, risk intelligence data

Whats the idea behind risk management?

Reduce risk and support the mission of the organization.

• It is impossible to design a risk-free environment
• Significant risk reduction is possible often with little effort

Process:

• Identifying factors that could damage or disclose data
• Evaluating those factors in light of data value and countermeasure (Gegenmassnahme) cost
• Implementing cost-effective solutions for mitigating(mildern) or reducing risks

Whats part of a risk analysis?

• Evaluation, assessment, and the assignment of value for all assets of an organization
• Examining (untersuchen) an environment for risks
• Evaluating each threat event as to its likelihood of occurring and the cost of damage it would cause if it did occur
• Assessing (bewerten) the cost of various countermeasures for each risk and creating a cost benefit report for safeguards to present upper management

Whats Risk mitigation?

reducing risk, implementation of safeguards and countermeasures to eliminate vulnerabilities

Whats Risk assignment

moving risk to another entity or organization

Whats Risk acceptance

risk tolerance, cost/benefit analysis shows that countermeasure costs too much

Whats Risk Deterrence

Deterrence: Abschreckung

security cameras, security guards, instructional signage

Whats Risk avoidance

selecting alternate options or activities that have less associated risk than the default e.g.: removing the FTP protocol from a server to avoid FTP attacks.

Whats Risk Rejection

to reject risk or ignore risk.

Whats Residual risk

• once a countermeasure is implemented the risk that remains is called a residual risk.

What is the Patriot act

• the way government agencies obtain wiretapping authorizations
• allow authorities to obtain a blanket authorization for a person and then monitor all communications to or from that person under the single warrant.
• ISPs may have to provide the government with a large range of information.

nicht so wichtig

What is the European Union General Data Protection Regulation

• The new law applies to all organizations that collect data from EU residents or process that information on behalf of someone who collects it.
• The law even applies to organizations that are not based in the EU, if they collect information about EU residents.
• The ability of the EU to enforce this law globally remains an open question
• A data breach notification requirement that mandates that companies inform authorities of serious data breaches within 24 hours
• The creation of centralized data protection authorities in each EU member state
• Provisions that individuals will have access to their own data
• Data portability provisions that will facilitate the transfer of personal information between service providers at the individual’s request
• The “right to be forgotten” that allows people to require companies to delete their information if it is no longer needed

nicht so wichtig

What does STRIDE stand for

STRIDE is a model of threats

Spoofing: attack with the goal to gain access and target the system with a falsified identity

Tampering: unauthorized change or manipulation of data whether in transit or storage, to falsify communication or alter  static information

Repudiation: The ability of an attacker to deny having performed an action or activity

Information disclosure: the revelation or distribution of private, confidential, or controlled information to external or unauthorized entities.

Denial of Service (DoS): prevents use of a resource, could reduce throughput or introduce latency in order to hamper productive use of a service

Elevation of privilege:  transform a limited use account into an account with greater privileges, powers and access.