1 e 2

Question 1

problemi di oggi (cybersecurity)

Answer 1

tanti sistemi, molto complessi, attacchi diretti, attacchi indiretti, kiss rule

Question 2

risk estimation

Answer 2

asset->vulnerability->threat (volontario attacco, involontario incidente), security requirement e control

Question 3

security process

Answer 3

security è processo non prodotto, security set-up e day2day security

Question 4

woe window of exposure

Question 5

motivazioni e relativi attaccanti

Question 6

principi sicurezza

Question 7

security properties

Answer 7

cia, peer authN(single/mutual), data origin authN, identification , non-repudiation, authZ, data integrity

Question 8

dov’è l’enemy

Answer 8

zero trust architecture, enemy ovunque

Question 9

attacchi e contromisure

Answer 9

replay attack, ip spoofing, packet sniffing, DoS,DDoS, fake server, connection hijacking, trojan, virus/worm, ransomware, phishing

Question 10

framework for cybersecurity

Question 11

kerchoff principle

Question 12

symm crypto

Question 13

des (3des,2des e relativo attacco)

Question 14

rc2 e rc4

Question 15

ecb

Question 16

cbc

Question 17

padding (cosa fare quando data>blocco e data<blocco?)

Answer 17

integrity check

Question 18

cts

Question 19

ctr

Question 20

stream algo

Question 21

salsa20 e chacha20

Question 22

aes

Question 23

asymm crypto -> funzionalità

Question 24

rsa (attacco)

Question 25

dh e ecdh (attacco)

Question 26

message integrity-> hash (caratteristiche)

Answer 26

fast to compute, pre-image resistant, collision resistant

Question 27

collisioni e birthday attack

Answer 27

dipende da lunghezza hash p[aliasing] proporzionale a 2^-N, 50% se generati 2^N/2 hash, parametro sicurezza hash rispetto a symm enc

Question 28

kdf

Answer 28

chiavi devono essere casuali,kdf(pwd,salt,n°iterazioni),usano hash

Question 29

keyed digest

Answer 29

no non repudiation

Question 30

cbc-mac e attacco

Question 31

secrecy e integrity

Question 32

ae

Question 33

aead e esempi

Answer 33

ige,gcm,ccm,aeskw

Question 34

lightweight crypto , quali sono problemi?

Question 35

authN con asymm crypto

Answer 35

non-repudiation, + strong di firma cartacea

Question 36

x.509 certificate alcuni campi e a cosa serve

Question 37

crl e ocsp

Answer 37

è dovere del receiver stabilire se la firma was valid at signature time

Question 38

problema ricorsivo certificati chiavi pubbliche