1 / 22

Exam 1 Review

Exam guidelines. A single page of supplementary notes is allowed8.5x11. Both sides. Write as small as you like.Closed bookA calculator is allowed. Students should show work on the exam. They can use supplementary sheets of paper if they run out of room.Students can use scratch paper if desir

ron
Download Presentation

Exam 1 Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Exam 1 Review CS461/ECE422 Fall 2008

    2. Exam guidelines A single page of supplementary notes is allowed 8.5x11. Both sides. Write as small as you like. Closed book A calculator is allowed. Students should show work on the exam. They can use supplementary sheets of paper if they run out of room. Students can use scratch paper if desired.

    3. Exam logistics Exam will be given during normal lecture time in 1310 DCL You will be given 50 minutes to complete the exam.

    4. Topics Introductory definitions Security Policies Risk Analysis Historical Cryptography Symmetric Cryptography Public or Asymmetric Cryptography Key Management Authentication Access Control

    5. Risk Analysis Understand Assets Vulnerabilities Threats Risk Qualitative vs Quantitative Analysis Quantitative identifies absolute numbers for risk probability and asset value, so can calculate risk exposure, risk leverage

    6. Security Policy Defines what needs to be done, not how How is mechanism or control Organizational or natural language policies Read and identify components in an organizational policy or standard Did not cover formal policy languages

    7. Historical Ciphers Transposition Rail cipher/N-columnar transposition Substitution Caesar, Vigenere, book, one-time pad, enigma Language-based statistical attacks Character frequency analysis N-gram frequency analysis

    8. Symmetric Encryption Block vs stream encryption P = b0, b1, .. bn E(P,k) = E(b0, k0) || E(b1, k1) || .... If all ki's are equal and sizeof(bi) generally > 1, E(P,k) is a block cipher DES Feistel network Combination of p-boxes and s-boxes 56 bit key and 64 bit block

    9. Symmetric Encryption AES Iterative encryption Multiple key sizes: 128, 192, 256 Block size: 128 1 S box and various permutations

    10. Block Encryption Modes Described in text and section 7.2.2 of the Handbook of Applied Cryptography http://www.cacr.math.uwaterloo.ca/hac/about/chap7.pdf Electronic Codebook (ECB) Cipher Block Chaining (CBC) Output Feedback (OFB) Counter Cipher Feedback (CFB)

    11. 11 Mode ?

    12. 12 Mode ?

    13. 13 Mode ?

    14. 14 Mode ?

    15. Multiple Encryptions Double Encryption doesn't gain much Meet-in-the-middle Both decrypt and encrypt with test key Save both and check against the other for middle values as you check new keys

    16. Public/Asymmetric Encryption Two keys One key public, eases some bootstrap issues Based on “hard problems” RSA – factoring composites of large primes Diffie Hellman – computing discrete logarithms Know equations for RSA and DH What values are public and what are private

    17. Cryptographic hashes Difference from regular checksums Keyed and keyless When is each appropriate Brute force attack Find another message with the same hash value Birthday attack Standard algorithms SHA, MD5, block ciphers in CBC mode HMAC to make keyless hash keyed

    18. Key Management Long lived vs session keys Randomness and pseudo random Basic key distribution Trusted third party, public key Kerberos slides in deck, but hidden Certificates Hierarchical and web of trust Digital signatures Several reasons why it is bad to encrypt first

    19. Key management Key storage Key escrow Should be integrated in to the user's crypto system, authenticated to access escrow system, time bounded message access on unescrow ESS/Clipper example

    20. Authentication Establish ID What you know What you have What you are Spent a lot of time on passwords On line vs off line attacks Salt Anderson's formula Challenge Response Biometrics

    21. Access control Access Control Matrix Common model for encoding protection state of system HRU commands and the safety property Access Control Lists ACM by column Unix and windows examples Capabilities ACM by row Protection and propagation issues

    22. Access control Memory Protection Rings Intel implementation example

    23. Good luck!

More Related