abhi shelat

Midterm Review

Midterm Format:

Most of the questions on the exam will be short answer. These questions can be answered in 2-8 concise sentences. If you find yourself writing an essay, that means you are including way too much detail, or you are missing the simple explanation that I am looking for.

There may be questions that ask you to examine snippets of code, or consider the security connotations of hypothetical scenarios.

Cheat Sheet: You may bring a single 8.5x11 sheet of paper covered front and back in notes.

Topics

  • Kerchoff’s principle
  • Security experiments
  • Given an example scenario, be prepared to develop a threat model and a security game to capture the threat
  • Review our example cast of attackers, they may come in handy if you are asked to develop a threat model on the exam.
  • Confidentiality, Authentication, Integray, Non-repudability
  • Perfect and Shannon security
  • One time pad
  • Computational Indistinguishability
  • Pseudo-random generators
  • Symmetric key encryption
  • Pseudo-random functions
  • Message authentication codes
  • Hash functions, definitions, security experiment, examples
  • Public key encryption, IND-CPA security game, RSA cryptosystem example
  • Digital Signature security game, why textbook RSA signing is insecure
  • Password storage systems, salting and hashing, slow hash functions
  • Pros and cons of biometrics
  • two-factor authentication, U2F
  • biometrics, their strengths, and their shortcomings

Can you answer these questions?

  1. What does perfect security for an encryption scheme mean?

  2. Name an encryption scheme that achieves perfect security and why.

  3. Explain the security game embodied in the perfect security experiment. How does this experiment change when the adverasry is computationally bounded.

  4. What does computational indistinguishability mean?

  5. Why is salting the hashed password important?

  6. Why it is important to hash passwords,

  7. How can you construct a Pseudo-random generator from the Discrete Logarithm problem?

  8. What is a Pseudo-random function?

  9. Explain computational indistinguishability?

  10. Describe the security game of a message authentication code. What problem does a MAC solve?

  11. What is the job of a cryptographic hash function? (good to explain using a security experiment)

  12. What are the three main parts of a public key encryption scheme?

  13. Explain the security game of a public key encryption scheme.

  14. What is Euler’s theorem?

  15. Explain how to use the textbook RSA encryption scheme using N=143, and the sk,pk pair (e,d) to encrypt the message 14.

  16. Why is textbook RSA encryption insecure?

  17. Why is textbook RSA signature scheme insecure?

  18. Explain how U2F works.

  19. What the basic password security experiment?

  20. What should you assume about an adversary in the password security game?

  21. Explain why it is important to use a salted hash to store user passwords.

  22. Explain the purpose of a honeywords server.

  23. Explain why one should use a slower hash funtion like bcrypt instead of SHA-256 to store passwords.

  24. What is the difference between AES and SHA256?

  25. Give an example of a digital signature scheme and provide an explanation of when it is useful.