01 Introduction

Question 1

What is a threat?

Answer 1

A threat is any possible event or sequence of actions that might lead to a violation of one or more security goals.

Question 2

What is an attack?

Answer 2

An attack is the actual realisation of a threat.

Question 3

Which are examples of an attack?

Answer 3

• A hacker breaking into a computer
• Disclosure of private emails
• An unauthorized change in financial data
• A hacker shutting down a website
• Impersonation of people to order services or goods

Question 4

How can security goals be defined (in which ways)?

Answer 4

1. Depending on the application environment
2. On a more general, technical way (CIA + AC)
   
   • Confidentiality
   • (Data) Integrity
   • Availability
   • Accountability
   • Controlled Access

Question 5

Name some examples of Security Goals based on the application environment.

Answer 5

• Banking (fraud detection, transactions identification, PIN protection, customer’s privacy)
• Government (protect sensitive information, electronic signature of documents)
• Public Telecom Providers (restrict access, prevent service interruptions, customer’s privacy)
• All networks (prevent outside penetrations).

Question 6

How “Security goals” are also called? (synonym)

Answer 6

Security objectives.

Question 7

Name some examples of Security Goals technically defined:

Answer 7

CIA

• Confidentiality (intended audience only, confidentiality of entities = anonymity)
• (Data) Integrity (data modification can be detected, data creators identifiable).
• Availability (services available and function correctly).

Question 8

Which are additional Security Goals:

Answer 8

AC

• Accountability (identify the entity responsible for a communication event)
• Controlled Access (authorized entities have access to services/information).

Question 9

Mention some threats Technically Defined:

Answer 9

MEALDFS

• Masquerade (entity claiming being another)
• Eavesdropping (entity reading unauthorized information)
• Authorization Violation (usage of service/resources not intended to be used)
• Loss / Modification of (transmitted) Information (data altered or destroyed)
• Denial of Communication Acts (repudiation, entity falsely denying participation)
• Forgery of Information (entity creating information in the name of another)
• Sabotage (actions reducing availability/correct function of services/systems).

Question 10

Explain the cross-table of Threats and Technical Security Goals:

Answer 10

Question 11

What does a Network Security Analysis perform?

Answer 11

1. Evaluates the risk potential of the general threats to user entities.
2. Estimates the expenditure (resources, time, etc.) to perform known attacks.

Question 12

Can unknown attacks be assessed?

Answer 12

No, it is generally impossible.

Question 13

What are other uses of a Network Security Analysis?

Answer 13

• Receive funding for security enhancements.
• Network can be better structured according to attacks on the message level.

Question 14

Name the two attacking communication types on the Message Level:

Answer 14

• Passive attacks.
• Active attacks.

Question 15

An example of a passive attack:

Answer 15

Eavesdropping (entity reading unauthorized information).

Question 16

Mention examples of Active attacks:

Answer 16

DRDMI

• Delay of PDUs
• Replay of PDUs
• Deletion of PDUs
• Modification of PDUs
• Insertion of PDUs.

Question 17

What are PDUs?

Answer 17

Protocol Data Units.

Question 18

What does a successful attack launch requires?

Answer 18

1. No detectable side effects on other communications or transmissions (connection/connectionless)
2. No side effects to other PDUs of the same transmission (connection/connectionless) between same entities.

Question 19

Mention some Safeguards against Information Security Threats:

Answer 19

• Physical Security (lock or physical access control).
• Personnel Security (identification, screening, training).
• Media Security (safe storage, reproduction and destruction of information, scanning for viruses).
• Lifecycle Controls (programming standards and documentation controls).
• Computer Security (protect devices and information while being stored/processed in computers systems).
• Communications Security (protection of information during system-to-system transport, protection of the communication infrastructure).

Question 20

What are some Safeguards from Communications Security?

Answer 20

1. Protection of information during system-to-system transport.
2. Protection of the communication infrastructure itself.

Question 21

What is the definition of a Security Service and its properties?

Answer 21

• Security Service: an abstract service seeking to ensure a specific security property. Realized with the help of algorithms and protocols and other conventional means.

Question 22

What is a Cryptographic Algorithm?

Answer 22

A mathematical transformation of input data to output data, it can be used in cryptographic protocols.

Question 23

What is a Cryptographic Protocol?

Answer 23

A series of steps and message exchanges between entities to achieve a specific security objective.

Question 24

Mention and define some Security Services:

Answer 24

• Authentication (the most fundamental, verifies the identity claimed by an entity).
• Integrity (ensures that data created by entities is not modified without detection).
• Confidentiality (ensures secrecy of protected data).
• Access Control (ensures that each identity accesses only authorized or corresponding services/informations).
• Non repudiation (prevents from entities falsely denying participation in a communication exchange).

Question 25

How are Security Supporting Mechanisms classified?

Answer 25

* **General mechanisms** * Key Management * Random number generation * Event detection/security audit trail * Intrusion detection * Notarization * **Communication specific mechanisms** * Traffic Padding * Routing Control

Question 26

Define some Security Supporting **General mechanisms**:

Answer 26

* **Key management** (lifecycle of cryptographic keys). * **Random number generation** (cryptographically secure random numbers). * **Event detection/security audit trail** (detection and recording of events that could be used for attacks). * **Intrusion detection** (analysis of recorded security data to detect successful intrusions/attacks). * **Notarization:** registration of data by a trusted third party that confirms properties (content, creator, time) of the data.

Question 27

Define some Security Supporting **specific** mechanisms:

Answer 27

* **Traffic Padding:** creation of bogus traffic to prevent traffic flow analysis. * **Routing Control:** influence routing of the PDUs in a Network.

Question 28

What are the different **layers** of Communication Protocol Architectures?

Answer 28

5) **Application** layer 4) **Transport** layer 3) **Network** layer 2) **Data Link** layer 1) **Physical** layer \*A variation of the OSI Model is used in the lecture.

Question 29

In which 2 **behaviours** are **attack techniques** based on?

Answer 29

* **Passive behaviour** * **​Eavesdropping** * **Active behaviour** * **Delay** of PDUs (Protocol Data Units) * **Replay** of PDUs * **Deletion** of PDUs * **Modification** of PDUs * **Insertion** of PDUs

Question 30

Describe the use of a **(not very) systematic threat analysis** and its drawbacks.

Answer 30

* A technique where an arbitrary threat list is produced by **brainstorming**. * Drawbacks: * Questionable **completeness** * Rationale based on **experience** * Potential **inconsistencies**

Question 31

Describe what is a **Threat Tree**, its elements and why is it useful.

Answer 31

* Threat Trees are a **systematic threat analysis approach**. * It postpones the creation of arbitrary threat lists as much as possible. * It is a tree with: * **Nodes** (threat levels) * **Subtrees and child nodes** * Achieved through refinement for demonstrable **completeness** (so nothing is missing). * It is useful to gain insight **where to spend resources to decrease system's vulnerability**.

Question 32

How is a Threat Tree created?

Answer 32

Technique: 1. **General threats** are described 2. **Iteratively** introduce details 3. **Nodes** become a root of a subtree to describe threats represented by it 4. Each **leaf** node describes a **threat**

Question 33

Graphically explain the following a threat tree (A):

Answer 33

Question 34

Graphically explain the following a threat tree (B):

Answer 34

Question 35

Describe the steps of a **High Level System Security Engineering Process**:

Answer 35

1. Identify system **architecture** (components and interrelations) 2. **Identify threats, vulnerabilities and attack techniques** (threat tree) 3. Estimate **component risks** using attributes (criticality/effort = risk) 4. **Prioritize** vulnerabilities 5. Identify and install **safeguards** (protection techniques to counter high priority vulnerabilities) 6. Perform potential **iterations** (re-assess risks of the modified system).