Pages

Sunday, May 28, 2017

Software Quiz 3

1. What is one difference between an HTTP GET and an HTTP POST request?

Only POST requests may include parameter data in the request body

Only POST requests can encode parameters in the URL

Only GET requests use the REFERER header

Only GET requests are subject to the same-origin policy


2. Which of the following is true about static and dynamic web content?

The server often produces dynamic content based on the contents of the database

Static content may be re-generated with each request

Static pages may include PHP programs, which execute at the browser

Javascript programs embedded in HTML pages are run server-side to produce dynamic content


3. SQL injection exploits a bug in what interaction of a web application?

Network to server

Server to client

Server to database

Client to server


4. SQL injection often allows an attacker to do which of the following?

Overrun a buffer to smash the stack

All of the above

Cause memory to be used after it's freed

Access information he shouldn't


5. If you had to summarize the key (most specific) programming failure with SQL injection, it would be:

Confusing data with code

Bypassing authentication

Trusting without verifying

Circumventing the same origin policy


6. What is escaping an example of?

Blacklisting

Sanitization

Checking

Whitelisting


7. Suppose a web application implements authentication by constructing an SQL query from HTML from data using PHP's prepared statements. What would happen if an attacker entered FRANK' OR 1=1; --  in the web form's user field?

The text will modify the structure of the SQL query and possibly bypass authentication

The application will try to authenticate a user whose name is FRANK' OR 1=1; -- 

The text will corrupt the query structure and the database will view it as a syntax error

The text will be confused as the password and authentication will probably fail


8. Why is it undesirable to implement session identifiers using (only) hidden form fields?

The session ID is forgotten when the browser window is closed

Such fields cannot contain binary data

Such fields cannot include timeout information

These fields are easily modified by the user


9. Suppose a browser submits a GET request to URL http://www.mybank.com/accountinfo on 20 February 2015. Which of the following cookies, if already stored at the browser, would be sent with the request?

lang=us-english; expires=Sat, 1-Aug-2015; path=/accountinfo/; domain=.fidelity.com

sessid=ABCDEFG; expires=Sat, 21-Feb-2015; path=/; domain=.mybank.com

edition=us; expires=Thu, 19-Feb-2015; path=/accountinfo/prefs; domain=.mybank.com

edition=us; expires=Wed, 18-Feb-2015; path=/; domain=.mybank.com


10. Which of the following are ways that session cookies could be stolen or forged?

Copying a cookie by keylogging

Compromising the browser or server

Predicting the cookie's structure and reconstructing it


11. Which of the following are ways to reduce the impact of a stolen cookies?

Associate the cookie with the server's IP address

Changing a user's cookie from session to session

Prevent cookies from entering the DNS cache


12. How can the REFERER field be used to defend against CSRF attacks?

It can be used to ensure that sensitive requests are (only) initiated by interaction with a site's own pages

It can be used to check that a Javascript program is from the proper origin

It can't be used reliably because it only works for dynamic content

It ensures that requests only come from authenticated users


13. <script></script>tags in HTML pages most often identify programs written in what language?

Javascript

Java

PHP

C

14. The browser implements security for Javascript programs for what reason?

It doesn't -- Javascript programs run at the server so the browser can ignore them

It doesn't -- these programs are only used to render dynamic content but are otherwise not security-relevant

Such programs could deny service by running forever

Such programs may access browser-controlled resources, which include potentially sensitive data in HTML documents and cookies


15. XSS subverts what policy?

Whitelisting

Secure defaults

Same Origin

Availability


16. What is the difference between stored (or persistent) XSS and reflected XSS?

Stored XSS works by injecting code in a site's served content, while reflected XSS injects code in a URL

Stored XSS embeds Javascript in an a URL, while reflected XSS embeds it in a mirrored site

Stored XSS is amenable to blacklisting but reflected XSS is not

Stored XSS works on database queries while reflected XSS works on cookies, which are received from and reflected back to the server

Thursday, May 25, 2017

Curriculum

I am going to approach this learning experience by following a structured path that includes everything I need to know. Here will live the master curriculum which I will add to and update as I go along.

There are many great (and free) resources on the web. After building a list of courses I wanted to take based off of a Cyber Security masters degree curriculum, I found that cybrary had everything I needed to get started so I will be using many of their resources to fulfill my educational requirements.

I love information but I also love simplicity. I plan to use these resources to learn to be a security personnel as quickly and efficiently as possible.

There is a useful extension on chrome called vimeo repeat & speed that can be used to watch the HD videos sped up.

I will be posting each course with my course notes so that this blog can be searched when more information is needed on a subject.

Off we go!

Introduction to Reverse Engineering  https://www.cybrary.it/course/malware-analysis/

Introduction to Post-Exploitation  https://www.cybrary.it/course/post-exploitation-hacking/

Introduction to Vulnerabilities  https://www.cybrary.it/course/metasploit/

Cryptography

Historical uses of cryptography

-Caesar cipher -shifted character 3 spaces to the left
-Scytale -spartans used this cipher to communicate messages to generals in the field, wrapped tape around a rod, diameter of the rod is the pre-agreed upon secret
-Vignere -a polyalphabetic cipher, key word is agreed upon, first letter of the key is matched against first letter of the message
-Vernam cipher -the only mathematically unbreakable form of cryptography, one time key pad

Security services provided by cryptography

-privacy, authenticity, integrity, non-repudiation

plain text + initialization vector + algorithm + key = cipher text

Desirable qualities of an algorithm

-confusion, diffusion, avalanche, permutations, open-Kerchkoff's principle

Desirable qualities of a key
-long, random, secret

Symmetric cryptography

-the same key is used by both parties to both encrypt and decrypt
-two types of symmetric ciphers or algorithms --> stream and block
-stream is very efficient, however generally considered to be not as secure
-RC-4 is a stream cipher

-block ciphers are slower but more secure
-two main block ciphers used today are AES and 3DES

-drawbacks of symmetric cryptography -out of band key exchange, not scalable, no authenticity, integrity, or non-repudiation

Asymmetric cryptography

-every user has a key pair -public key is made available to anyone who requests it, private key is only available to that user and must not be disclosed or shared
-the keys are mathematically related so that anything encrypted with one key can only be decrypted by the other

Security Systems Architecture

Governance and Risk Management

Risk Governance -comes from executive management and the board of directors, the job is to align the risk strategy with the objectives of the organization

-Are we doing the right things?
-Are we doing things right?
-Are we getting things done well?
-Are we maximizing the benefits?

Risk Management -planning, building, running, and monitoring according to the directions established and in compliance with governance

Enterprise Risks: Databases
-code injection -only allow users to input the bare minimum, input validation, force users who are untrusted to use an interface that is trusted before they access your backend data
-scripting -regulate field size 
-aggregation -the collection of information 
-inference 
-entity, semantic, and referential integrity 

Utilities 
-power -spikes, surge, sag, brownout, fault, blackout
-HVAC, humidity, EMI, RFI 

Network Components 
-cable, hubs, switches, routers, firewalls, proxies, network services, wireless communication

Users
-internal theft, fraud, salami attacks, data diddling, falsification of time-sheets, compromise of sensitive information, disgruntled employees 
What are Enterprise Goals? 

-the COBIT 5 generic enterprise goals can provide a starting point for the strategic planning 
-the derived enterprise goals should be linked to stakeholder needs and governance objectives of value creation, namely benefits realization, risk optimization and resource optimization 

Key principles of Enterprise Architecture
-define protections that enable trust in the cloud 
-develop cross-platform capabilities and patterns for proprietary and open source providers
-facilitate trusted and efficient access, administration, and resiliency to the customer




-provide direction to secure information that is protected by regulations 

Introduction to Malware

What is malware analysis and why is it useful? 

-malicious is software that executes without permission or knowledge

-it has software problems just like every other product: compatibility issues, bugs, customer service, versions/updating issues, team development/source code control    

Anti-virus software cannot be relied on because it is a difficult task to make a program or algorithm to determine if some software is malicious. 

Anti-virus software is not dead, it does catch a lot of old stuff, but it only detects about 17% of the time

50-97% of breaches involve malware, in most breaches malware has automated some task for an attacker or increased their capabilities by taking advantage of a vulnerability, exploiting something on a system, and increasing their foothold 

Breach happens -Now what?

Typically you reimage the machine

Advanced: Incident response
-analyze logs, network traffic, strange processes etc.
-is it anywhere else?
-how did it get there

Mature: Gather intelligence
-what is the impact
-what is the risk
-financially motivated? hacktivism? opportunistic? advanced persistent threat (apt)?

70-90% of malware samples are unique to an organization- Verizon data breach report 

Types of Analysis 

-Dynamic Analysis -executing the malware. Simple, Fast, Easy to miss things. 
-Static Analysis -reverse engineering. Slow, deep technical knowledge. With enough time anything can be reversed. 
-Hybrid Static/Dynamic -most analysis is a mixture: You will find something in the disassembly then you confirm/investigate while the malware is executing. 
-Memory forensics can be useful but is not the end all be all

System Security


This course provided a good introduction to system security. For those with an IT background this course may not be necessary but I thought it was useful. 

Notes

Appropriate procedures to establish host security 

Application Security

Anti-Malware -takes care of viruses, worms, and trojans
-software has been designed to find the specific signatures of the malware on a system; track, identify, deactivate 
-regularly update the signature/definition files to keep the anti-malware software effective 

Anti-Spam -organizations will use spam filters on emails and messages to prevent spam from getting to the users inbox 
-prevents/limits servers from congestion  

Anti-Spyware -spyware can track your activity online by reviewing your cookies
-anti-spyware eradicates tracking cookies from your system 

Pop-up blockers- pop ups are usually how you get adware, you can turn on pop-up blockers by going to your internet options page 

Host-based firewalls -a firewall that resides on a computer system that protects traffic coming in or leaving the system 
-this is something to monitor periodically to prevent intrusion into the system and to facilitate the generation of alerts 

Patch management -patches are produced to fix flaws that exist within software
-individuals in an organization should be responsible for validating the source of a patch, testing it for sufficiency, and migrating the patch to the production systems once it has been found to be robust
-never download a patch and install it directly on your real system 

Hardware Security

-cable locks- prevent rearrangement of the infrastructure you have; most likely used for laptops
-safe -lock away spares, documents
-locking cabinets -used for servers, switches, patch panels, and server racks to prevent unauthorized access and modification

-unauthorized access could change config = loss of integrity 

-mobile device -screen lock, strong password

-devices should support encryption so that keys are required before anyone has access
-this way if you lose your device, you know that nobody else has access to the content 
-encryption is the best form of security for mobile devices
-another option is remote wipe which allows your providers or device administrators to send a script to the phone that can either erase or cause damage to the content on the phone so that it cannot be accessed anymore 

-devices should be returned to IT before they are shared between users; sanitization is very important 

-voice encryption is another best practice 
-one voice solution is VoIP (Voice over internet protocol) 
-a malicious person can packet sniff our transmission, when we use voice encryption our packets are encrypted as they move on data lines which prevents eavesdropping 

-another best practice is GPS tracking on mobile devices
-if GPS is disabled, you can still sync the picture content with your email to try to identify the location of the device 

Virtualization

-a hypervisor is the software environment within which we build virtual machines
-it shares resources with your host PC such as memory, processor, ports etc
-virtualization is different from multi booting where you have multiple operating systems on the host PC, but can only run one at a time
-with virtualization we can run all the machines at the same time provided there is sufficient memory and a reliable processor that supports virtualization  

Benefits -allows for maximum utilization of hardware, cost saving (buy less machines, less space, less licenses)

Data Security

-data loss prevention -financial, medical, trade secret, PII(personal identifiable information)

Data in motion -email, network, chat sessions 

Data at rest -database, file sharing, desktop or laptop

Data in use -copiers, printer, removable media, screen, clipboard

storage area networks -devoted to storage and useful during disaster recovery situations 

handling big data -some companies now employ security incidents events managers so that data that is of concern can be put on one management interface

Data Encryption

-this is required to ensure confidentiality 
-encrypting data changes it from plain text to cipher text

Full disk encryption -you encrypt the entire content of the hard drive, unless unauthorized users provide encryption keys, they don't have access to the data

Database encryption -unless keys are provided, no access to database

Individual files -moving a file off an encrypted disk can make it vulnerable, if you want to sent one file or a group of files, encrypting them ensures that they are still encrypted while in transit or storage 



This is an interesting lecture about rootkits

Hello World!

This blog will be where I document my journey to become a security analyst.

I am creating this site to

(1) Hold myself accountable to study and stay on track

(2) Learn by teaching and explaining what I am learning

(3) Get to know others with similar interests and career goals

I'm excited to get started and hope you enjoy the blog!

Wednesday, January 25, 2017

Software Security Quiz 1

1. What is penetration testing?

A procedure for testing libraries or other program components for vulnerabilities

Whole-system testing for security flaws and bugs

A security-minded form of unit testing that applies early in the development process

All of the above


2. Which of the following are benefits of penetration testing?

Results are often reproducible
Full evidence of security: a clean test means a secure system

Compositionality of security properties means tested components are secure even if others change

They specifically consider adversarial thinking, which is not usually necessary for normal tests


3. What does it mean to "be stealthy" during a penetration test?

Performing the tests from an undisclosed location

Using encryption during tests to make the source of attacks impossible to determine

Performing penetration testing without the target organization knowing

Taking care to avoid activities during a penetration test that might attract attention, e.g., by operators or IDS services


4. What is a web proxy?

A piece of software that intercepts and possibly modifies requests (and responses) between a web browser and web server

An agent that makes decisions on the client's behalf when interacting with web applications

A piece of software that makes a web application look like a standalone application, making it easier to test

A simulator for the web, for use when off-line


5. What is Nmap?

It is a scanner which works by injecting packets to a range of addresses, and inferring what hosts and services might be at those addresses, based on the responses

It is a network fuzz testing tool

It is a map of the Internet

It is a suite of tools for scripting attacks: probe, construct, encode, inject, wait for response


6. What is ethical hacking?

"Hacking" ethics so they justify unintended selfish behavior

Hacking systems (e.g., during penetration testing) to expose vulnerabilities so they can be fixed, rather than exploited

Hacking into systems run by those whose ethics you disagree with

A slang term for rapid software development, e.g., as part of hackathons


7. Which of the following statements describe fuzz testing (aka fuzzing)?

It is concerned with finding known-bad behaviors, like crashes and hangs

It is always black-box, in being indifferent to the software's functionality

It is a cost-effective replacement for functional testing

It has been used to find security vulnerabilities in many commodity programs

8. Which of the following are true of whitebox fuzzing?

It makes no sense to combine it with grammar-based fuzzing since the latter is just another way to consider the program's semantics

SAGE is (at least in part) a whitebox fuzzer

Radamsa is (at least in part) a whitebox fuzzer

It takes into account the program's internals in some manner when deciding which inputs to choose


9.
Which of the following is true of mutation-based fuzzing?

It generates each different input by modifying a prior input

It works by making small mutations to the target program to induce faults

Each input is mutation that follows a given grammar

It only makes sense for file-based fuzzing, not network-based fuzzing


10. Which of the following styles of fuzzer is more likely to explore paths covering every line of code in the following program?

Generational

Blackbox

Whitebox

Mutation-based


11. Which of the following are functions of a network-based fuzzer?

Acting as a client

Acting as a server

Acting as a "man in the middle"


12. Suppose you want to use fuzzing on a program to try to find memory errors; which of the following statements is true?

You should not use a grammar-based fuzzer, because its adherence to the grammar means it will not find memory errors

Compiling the program with address sanitizer (ASAN) will make errors harder to reproduce

Compiling the program with address sanitizer (ASAN) will make the source of a memory error easier to find

Fuzzing doesn't find memory errors, it finds crashes and hangs

Hardware Quiz 2

1. Which of the followings are the goals of IP protection? Check all that apply.

Ensure that the IP is compatible with other IPs

Improve the quality of the IP

Protect IP against unauthorized use

Trace IPs

Protect testing data associated with the IP


2. You want to minimize a 4-variable function F(a,b,c,d) with two don't care conditions, {a=b=c=d=1} and {a=d=1,b=c=0} (or abcd and ab′c′d). To embed your signature with the watermarking approach described on slide "Watermarking a Boolean Formula" (page 1 in "Watermarking Examples"), you decide to minimize F(a,b,c,d)+abcd instead, what is your signature?

01

11

00

10


3. A good watermark will be difficult or impossible to be removed by any adversary without detailed knowledge about the watermark, this property is known as

easy detectability

high credibility

resilience

transparency


4. A good watermark should not require major modification to the industrial design tools and design software, this property is known as

resilience

low overhead

fairness

transparency


5. In the slide of "Public Watermarking GP Problem" (page 6 in "Good Watermarks"), which of the followings should be made to the public? Check all that apply.

The public watermark you want to embed in the solution

The rules on how each public watermarking bit will be embedded

The scheme that public watermark head and body will be constructed

The pairs of nodes selected to embed the public watermark bits


6. In the node duplication example for fingerprinting graph coloring solutions, (see slide "Fingerprinting: Node Duplication", page 4 in "Fingerprinting"), if we add a new node B' as the duplicate of node B, which nodes should B' be connected to? Check all that apply.

A

D

F

B

C

E


7. Bob decides to use the clique manipulation method to generate fingerprinting solutions to the graph coloring problem, (see slide "Fingerprinting: Clique Manipulation", page 5 in "Fingerprinting"). He finds a clique of 4 nodes and apply the method. How many distinct solutions can Bob generate?

24 = 16

4

1

4! = 24

44 = 256


8. In the slide "Fingerprinting: Don’t Cares (I)" (page 6 in "Fingerprinting"), Alice decides to create fingerprinting copies of the original circuit by adding a new connection to the OR gate, which of the followings are correct? Check all that apply.

connect signal X' to the OR gate

connect signal A to the OR gate

connect signal X to the OR gate

connect signal B to the OR gate


9. When we use serial number as the tag for a device, which property does this tag have? Check all that apply.

unclonable

functional

passive

reproducible

intrinsic

10.
IC metering methods that can also be used to lock, unlock, enable, disable, or controll the IC are known as ________ metering method.

active

passive


11. IC tags that are based on fabrication variations have the property of ____________ and therefore will be a good candidate to countermeasure foundry overbuilding.

extrinsic

intrinsic

reproducible

unclonable

Hardware Quiz 1

1. As her Christmas gift, Joyce received a toy doll with a small computer chip embedded. When she presses the tummy of the doll, it says "Hello, Joyce!"; when she presses again, it says "Merry Christmas!"; on the next press, it says "I love you!"; and whenever Joyce presses twice quickly, it says "Good-bye!".

Which of the following statements about the doll are correct? Check all that apply.

the chip is a synchronous system

the chip contains memory elements

the chip can recongize two different inputs

the chip is a combinational system


2. Bob is designing a digital system to implement the multiplication table. When two single-digit integers (0-9), e.g. 4 and 7, are entered, the system will output their product (28 in this case). When both input and output are expressed in binary, the system should have 8 bits as input (4 bits for each number) and 7 bits as output (the largest output is 81 and needs no more than 7 bits).

There are 2^8 = 256 combinations for the 8 input bits. However, for the multiplication table, there will be only 100 entries (axb with both a and b go from 0 to 9). So there will be 256-100 = 156 don't care conditions.

Please enter 1 to show that you have understood this and earn the point :)




3. Which of the following gate(s) are universal? Check all that apply.

hint: A universal gate should be able to implement {AND, OR, NOT}

{OR, NOT}

NAND

XOR

{AND, OR}


4. For the 3-input gate f(x,y,z)=x′yz+xy′+y′z, what is the value of f(x,0,1)?

0

none of the others

x'

1

x


5. f(x,y,z) is a 3-input 2-output function. How many different f(x,y,z) can we have to make f(0,0,1)=01,f(0,1,0)=10,f(1,0,0)=11 ?

(hint: Two functions are different if there is an input combination on which the two functions give different output. Think about what could be the output of f on each of the input combinations other than the 3 specified cases).

1024


6. For the four 2-input logic gates (NAND, NOR, XOR, XNOR), each with x and y as their inputs, which of the following statements about observability don't care (ODC) are true? Check all that apply. (If you forget the definition of these standard logic gates, you can find them in the slide "Example: System Implementation").

when y=0, x input is ODC for NAND gate

when y=0, x input is ODC for XOR gate

when x=0, y input is ODC for NOR gate

there is no ODC for XNOR gate


7. Consider the following two functions, S and C, defined on three inputs x, y, z: S(x,y,z)=x⊕y⊕z, C(x,y,z)=x∙y+z∙(x⊕y), where ⊕ is the XOR gate, + is the OR gate, and ∙ is the AND gate.
Which of the following conditions are satisfiability don't cares? Check all that apply.

x=1, y=1, z=0, C=1

x=0, y=0, z=1, S=0

x=1, y=1, z=1, S=1

x=0, z=0, C=1

Tuesday, January 24, 2017

Week 2 Quiz

1. Two ASCII messages containing English letters and spaces only are encrypted using the one-time pad and the same key. The 10th byte of the first ciphertext is observed to be 0xB7 and the 10th byte of the second ciphertext is observed to be 0xE7. Let m1 (resp., m2) denote the 10th ASCII character in the first (resp., second) message. What is the most you can conclude about m1 and m2?

One of m1 or m2 is the space character, and the other is the character 'p'.
m1 is the space character and m2 is the character 'p'.
m1 is the character 'p' and m2 is the space character.
m1 is the character 'B' and m2 is the character 'E'.
Nothing can be determined about m1 or m2 since the one-time pad is perfectly secret.


2. Three ASCII messages containing English letters and spaces only are encrypted using the one-time pad and the same key. The 10th byte of the first ciphertext is observed to be 0x66, the 10th byte of the second ciphertext is observed to be 0x32, and the 10th byte of the third ciphertext is observed to be 0x23. Let m1 (resp., m2, m3) denote the 10th ASCII character in the first (resp., second, third) message. What is the most you can conclude about m1, m2, and m3?

Nothing can be determined about m1, m2, or m3 since the one-time pad is perfectly secret.
m1 is the character 't', m2 is the space character, and m3 is the character 's'.
m1 is the space character, m2 is the character 't', and m3 is the character 'e'.
Exactly one of m1, m2, or m3 is the space character, but nothing else can be determined.


3. Which of the following is true about computational secrecy? (Select all that apply.)

Computational secrecy means that it is trivial for an attacker to always learn the entire message.
Computational secrecy currently relies on unproven assumptions.
Computational secrecy only ensures secrecy against attackers running in some bounded amount of time.
Computational secrecy allows an attacker to learn information about the message with small probability.


4. Let G be a function mapping n-bit inputs to 2n-bit outputs. Which of the following is true of the pseudo one-time pad encryption scheme based on G? (Check all that apply.)

The scheme is computationally secret if G is a pseudorandom generator.
The key space of the scheme is at least as large as the message space.
The scheme can be used securely to encrypt multiple messages using the same key.
The scheme is perfectly secret.


5. Which of the following attackers can be used to demonstrate that the shift cipher for 3-character messages does not satisfy perfect indistinguishability?

Output m0 = 'aaa' and m1 = 'abc'. Given challenge ciphertext C, output 0 if the first character of C is 'a'.
Output m0 = 'aaa' and m1 = 'bbb'. Given challenge ciphertext C, output 0 if the first character of C is 'a'.
Output m0 = 'aaa' and m1 = 'abc'. Given challenge ciphertext C, output 1 if the three characters of C are all different.
Output m0 = 'abc' and m1 = 'bcd'. Given challenge ciphertext C, output 1 if the three characters of C are all different.


6. Which of the following is a negligible function? (Check all that apply.)

f(n) = 1/n.
f(n) = 1/2^n
f(n) = 1/2
f(n) = n/2^n


7. Define the following function G taking n-bit inputs and producing (n+1)-bit outputs: G(x)=x∥0, where ∥ denotes concatenation. Which of the following attackers shows that this G is not a pseudorandom function?

On input an (n+1)-bit string y, output 0 if the last bit of y is 0.
On input an (n+1)-bit string y, output 1 if the first bit of y is 0.
On input an (n+1)-bit string y, output 0 if the first bit of y is 0.
On input an (n+1)-bit string y, output 0 if the first bit of y is equal to the last bit of y.


8. Say G is a pseudorandom generator taking n-bit inputs and producing 2n-bit outputs. Which of the following are necessarily true? (Check all that apply. The symbol '|' is used here for string concatenation.)

G(r) | G(r+1) is computationally indistinguishable from a uniform, 4n-bit string if r is a uniform n-bit string.
G(r) is computationally indistinguishable from a uniform, 2n-bit string if r is a uniform n-bit string.
r | G(r) is computationally indistinguishable from a uniform, 3n-bit string if r is a uniform n-bit string.
G(0 | r) is computationally indistinguishable from a uniform, 2n-bit string if r is a uniform (n-1)-bit string.


9. Which of the following is a setting in which a pseudorandom generator could be applied?

You have a 1 MB file that you would like to compress.
You have a way to generate random bits at the rate of 100 bits/second, but you need 1,000,000 random bits to run a statistical simulation.
You have a 1 MB file and you would like to make sure that it has not been tampered with.

10. Consider a pseudo one-time pad encryption scheme Π constructed using some function G. Which of the following did our proof of security for the pseudo one-time pad show?

Π is always perfectly secret, for any G.
If G is a pseudorandom generator, then Π is computationally secret.
If G is a pseudorandom generator, then Π is perfectly secret.
Π is always computationally secret, for any G.

Cryptography Quiz 1

1. Consider the Vigenere cipher over the lowercase English alphabet, where the key length can be anything from 8 to 12 characters. What is the size of the key space for this scheme?

4 * 26^12
26^8 + 26^9 + 26^10 + 26^11 + 26^12
26!
26^12


2. Consider the Vigenere cipher over the lowercase English alphabet, where the key has length 8. For which of the following message spaces will this scheme be perfectly secret? (Check all that apply.)

The set of all 8-character strings of lowercase English letters.
The set of all 7-character strings of lowercase English letters.

The set of all 9-character strings of lowercase English letters.
The set of all strings of lowercase English letters containing at most 8 characters.


3. What is the result of encrypting the ASCII plaintext "cool!" using the variant Vigenere cipher (where encryption is done using byte-wise XOR) and key 0x01 3F?

0x62 50 6E 53 20
0x62 50 6F 6C 21
0x63 6F 6F 6C 21
0x26 05 E6 35 02


4. Say we have a scheme with a claimed proof of security with respect to some definition, based on some assumption. The scheme was successfully attacked when used in the real world. What are possible reasons for this? (Check all that apply.)

The proof might be incorrect.
The assumption may be false.
The definition of security may not correctly capture the real-world threat model.

The attacker did not read the proof of security.


5. In the definition of perfect secrecy, what threat model is assumed?

The attacker can eavesdrop on as many ciphertexts as it likes.
The attacker can eavesdrop on a single ciphertext.
The attacker is able to interfere with the communication channel between the two honest parties.
The attacker can carry out a chosen-plaintext attack.

6. Consider the Vigenere cipher over the lowercase English alphabet, where the key can have length 1 or length 2, each with 50% probability. Say the distribution over plaintexts is Pr[M='aa'] = 0.4 and Pr[M='ab'] = 0.6. What is Pr[C='bb']? Express your answer to 4 decimal places with a leading 0, i.e., if your answer was 1/2 then you would enter 0.5000 (without a trailing period).

0.0084


7. Consider the Vigenere cipher over the lowercase English alphabet, where the key can have length 1 or length 2, each with 50% probability. Say the distribution over plaintexts is Pr[M='aa'] = 0.4 and Pr[M='ab'] = 0.6. What is Pr[M='aa' | C='bb']? Express your answer to 4 decimal places with a leading 0, i.e., if your answer was 1/2 then you would enter 0.5000 (without a trailing period). Note: carry out the calculation exactly (i.e., do not use the truncated result that you entered as your answer in the previous question) before truncating your answer to 4 decimal places.

0.9473


8. Which of the following are true for obtaining perfect secrecy using the one-time pad, assuming the message space contains messages all of some fixed length? (Check all that apply.)

The all-0 key must be avoided, since when the all-0 key is used the ciphertext is equal to the message being encrypted.
The key must be as least as long as the messages in the message space.
The key should be shared between the two communicating parties, and kept secret from any potential attacker.
The key should be chosen uniformly.


9. Consider the one-time pad over the message space of 5-bit strings, where Pr[M=00100] = 0.1 and Pr[M=11011] = 0.9. What is Pr[C=00000]? Express your answer to 5 decimal places with a leading 0. I.e., if your answer was 1/2, then you would enter 0.50000 (without a trailing period).

0.03125

10. Which of the following are true about the Vigenere cipher? (Check all that apply.)

The Vigenere cipher is computationally infeasible to break if the key has length 100, even if 1000s of characters of plaintext are encrypted.
The Vigenere cipher can always be broken, regardless of the length of the key and regardless of the length of plaintext being encrypted.
A Vigenere cipher with key of length 100 can be broken (in a reasonable amount of time) using exhaustive search of the key space.
The Vigenere cipher is perfectly secret if the length of the key is equal to the length of the messages in the message space.