Lecture 18: 13th November 2019

Question 1

What is Wifi?

Answer 1

= Wireless Fidelity = a family of wireless networking technologies, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access.

Question 2

What is cloud computing?

Answer 2

The practice of using a network of remote computers hosted on the Internet to perform computational tasks, rather than doing so locally.

Question 3

What is RFID?

Answer 3

Radio-frequency identification = using the engineered electromagnetic fields of objects to automatically identify and track tags attached them. The tags contain electronically stored information.

Question 4

What is WEP? What cipher does it use?

Answer 4

Wired Equivalent Privacy = an obsolete security algorithm for IEEE 802.11 wireless networks. It was designed to provide a wireless local area network (WLAN) with a level of security, confidentiality, and privacy comparable to what is usually expected of a wired LAN.

it uses RC4.

Question 5

What is RC4?

Answer 5

Rivest Cipher4 = an obsolete stream cipher used for encrypting data. It is very simple and fast but is very insecure, having multiple vulnerabilities.

Question 6

What is TKIP?

Answer 6

Temporal Key Integrity Protocol = an encryption protocol used in the IEEE 802.11 wireless networking standard to replace WEP in WPA. It was a temporary fix to WEP’s vulnerabilities that extended its functionality without having to replace legacy hardware.

Question 7

What is WPA?

Answer 7

Wi-Fi Protected Access = a security standard for 802.11 that has more sophisticated data encryption and better user authentication than WEP. The first version was designed to be backwards-compatible and able to be implemented on the same hardware as WEP to quickly fix its vulnerabilities.

Question 8

What is WPA2?

Answer 8

The second version of the WPA which fixed issues in WPA arising from plugging the gaps of WEP - it made it a lot harder to exploit vulnerabilities but it was still possible. it did this with the introduction of the AES algorithm over TKIP.

Question 9

What is a MIC?

Answer 9

Message Integrity Code = a digest of a hash algorithm applied to data that ensures its integrity and authenticity

Question 10

What are the differecnes between WEP, WPA, and WPA2?

Answer 10

WEP was original, used RC4, and is very insecure. WAP was a WEP fix compatible on old hardware and introduced TKIP which extended WEP and made it a lot harder to exploit. WPA2 made a more robust and stable solution, using AES instead of TKIP (though it can also support TKIP).

Question 11

What are the modes of WPA2?

Answer 11

personal and enterprise

Question 12

What is personal mode in WPA2?

Answer 12

Uses a Pre Shared Key (PSK) and therefore does not require separate authentication. This is the same as WPA.

Aka WPA2PSK, a method of securing your network using WPA2 with the use of the optional Pre-Shared Key (PSK) authentication, which was designed for home users without an enterprise authentication server.

Question 13

What is enterprise mode in WPA2?

Answer 13

uses IEEE 802.1X based authentication, the Extensible
Authentication Protocol (EAP) which has various levels such as Transport Level Security (EAP-TLS), or Tunneled TLS (EAP-TTLS), Protected EAP versions – some with token cards or an identity module.

greater level of security than personal mode. not just 1 password for everyone, makes encrypted tunnels for each device after authentication

Question 14

What is an AP?

Answer 14

Access Point = WAP = a networking hardware device that allows other Wi-Fi devices to connect to a wired network. The AP usually connects to a router (via a wired network) as a standalone device, but it can also be an integral component of the router itself. An AP is differentiated from a hotspot, which is the physical location where Wi-Fi access to a WLAN is available.

Question 15

What is RADIUS?

Answer 15

Remote Authentication Dial-In User Service = a networking protocol, operating on port 1812 that provides centralized Authentication, Authorization, and Accounting management for users who connect and use a network service. A RADIUS server utilizes a central database to authenticate remote users. RADIUS functions as a client-server protocol, authenticating each user with a unique encryption key when access is granted.

Question 16

What is a PAE?

Answer 16

Port Access Entity = The protocol entity associated with a port. May support functionality of Authenticator, Supplicant or both. A conceptual controller to allow or drop network traffic ingress and egress to/from a controlled port.

Question 17

What is EAPoL?

Answer 17

Extensible Authentication Protocol (EAP) over LAN (EAPoL) = a network port authentication protocol used in IEEE 802.1X (Port Based Network Access Control) developed to give a generic network sign-on to access network resources.

Extensible Authentication Protocol (EAP) over LAN (EAPoL) is a network port authentication protocol used in IEEE 802.1X (Port Based Network Access Control) developed to give a generic network sign-on to access network resources.

It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

Question 18

How does WPA2 authentication work?

Answer 18

In WPA2 Personal mode, authentication is between the client and an Access Point (AP) with the AP generating a PSK from a plain text passphrase that is used for all devices.

In Enterprise mode, the AP provides access control to the authentication (RADIUS) server. The AP has 2 logical parts: service and authentication and Port Access Entity (PAE). The authentication PAE is always open. The service is opened after successful authentication using
EAPoL (EAP over LAN). Because each device is authenticated before it connects, a personal, encrypted tunnel is effectively created between the device and the network.

Question 19

What is a PTK?

Answer 19

Pairwise Transient Key = a key containing keys that are used to encrypt unicast data frames that traverse the wireless medium. Used for the broadcast/multicast of neighbour-to-neighbour keys.

Question 20

What is a GTK?

Answer 20

Group Transient Key = a key used to decrypt multicast and broadcast traffic. Used for the broadcast/multicast of neighbour-to-neighbour keys.

Question 21

How does key generation work in WPA2?

Answer 21

There are 2 sets of 2 handshakes to try and ensure fresh key generation and distribution, problems with previous WPA generations. The 4-way handshake is for Pairwise Transient Key (PTK) and Group Transient Key (GTK).

There are four EAPoL messages between the client and the Access Point (AP) to confirm the client knows the Pairwise Master Key. From this a PTK is generated which should be fresh for each transaction, nonces are generated by both client and AP.

GTK and MTK are used for the broadcast/ multicast neighbour-to-neighbour keys.

Question 22

How do WPA2 handshakes work?

Answer 22

In a 4-way handshake:

• authenticator (A) to supplicant (S): EAPOL-KEY msg 1 => PTK made in S
• S to A: EAPOL-KEY msg 2 => PTK made in A
• GTK made in A then sent to S in E-K msg 3
• S to A: E-K msg 4 confirming temporal keys (PTK and GTK) installed in both

Question 23

What are some vulnerabilities of WPA2?

Answer 23

DOS can be frequency jamming, data flooding, layer 2 session hijacking.

Deauthentication can happen by forcing the client to reauthenticate. The attacker could spoof MAC addresses.

Disassociation is when the authenticated client with multiple APs disassociate from some of them.

Question 24

How does RFID work?

Answer 24

An RFID (dumb) tag is read from an EM field by a reader to get its info; in shops, they are searched against a database to locate and monitor goods.

Question 25

What are some vulnerabilities of RFID? What are some defensive measures?

Answer 25

Tags can be eavesdropped, traffic analysed, spoofed or even subjected to DoS.

Tag memory can be password protected or locked with a unique ID. Special readers or detectors can be used to read/ detect groups of RFID tags.

Some tags can have a kill command embedded to protect privacy or shielded within a Faraday Cage to stop scanning. A Hash-lock integrity value could be added to the RFID memory. Active jammers could be used to protect against reading.

Question 26

What are some security issues with cloud computing?

Answer 26

• Many users, operating systems, servers, clients, and applications
• Many transactions using Virtual Machines and Virtual Networks
• Separation of VMs, VNs
• Storage issues, Insecure APIs
• Service Level Agreements (SLAs)

Question 27

What are some services provided on the cloud? (xaaS)

Answer 27

infrastructure, software, platform, network, storage, data, desktop, mobile backend, security, etc

Question 28

How can you defend cloud-based systems?

Answer 28

• Firewall (inc. IDS)
• AntiVirus
• Authentication
• Access Control
• Application/ Web
• Monitoring/ Response etc.

Be sure to apply defence in depth and have a multilayered approach: no 1 tool can protect against all vulnerabilities

Question 29

What are the 5 top threats facing cloud computing systems in 209 according to the Cloud Security Alliance?

Answer 29

1. Data Breaches
2. Misconfiguration and inadequate change control
3. Lack of security architecture and strategy
4. Weak or Insufficient Identity, Credentials, Access and Key Management
5. Account Hijacking

Question 30

What steps can be taken to defend cloud-based systems from their top threats?

Answer 30

• Reinforce internal security
• Demand transparency
• Consider legal and commercial implications

Gartner considers the following security concerns:

• User / privileged access
• Compliance
• Data location
• Data segregation
• Disaster recovery
• Long term Viability
• Investigative support (for any nefarious activity

Question 31

What is virtualisation?

Answer 31

Virtualisation is the process of making software-based, or virtual, representations of things, such as servers, applications and networks.

In computing, virtualisation refers to the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms, storage devices, and computer network resources.

Question 32

What are VMs?

Answer 32

Virtual Machine.

An emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve specialized hardware, software, or a combination.

A virtual machine is a software computer that, like a physical computer, runs an operating system and applications. The virtual machine is comprised of a set of specification and configuration files and is backed by the physical resources of a host.

Question 33

What are VNs?

Answer 33

Virtual Network.

Collectins of Virtual Machine computers that communicate with each other. VMs can be accessed by remote hosts and communicate in a way that makes the remote hosts appear to be connected in a real physical network even if they are remote from each other.

Question 34

How have Wifi standards changed over time?

Answer 34

Started with WEP in 1997. It used RC4, and is very insecure.

WAP was a WEP fix compatible on old hardware and introduced TKIP which extended WEP and made it a lot harder to exploit. It was introduced in 1999.

WPA2 made a more robust and stable solution, using AES instead of TKIP (though it can also support TKIP). It was released in 2002.

Question 35

What is isolation?

Answer 35

Segregating elements of a cloud computing system

Question 36

How can isolation be achieved?

Answer 36

Segregate threads, users, storage, processing, VMs, etc. Isolation can be done through different ports, masking and addressing, VPNs.

Question 37

What is a slice?

Answer 37

A computer network split by its topology (e.g. at a port or switch), a mapping (of links or ports), or packet predicates.

Question 38

What is a predicate?

Answer 38

Boolean atomic variables stored on packets which determine how they are routed in predicate routing.

Question 39

What were the key findings of the Ristenpart experiments on cloud security? What does it mean for two VMs to be co-resident?

Answer 39

• it is possible to map the internal cloud infrastructure
• it is possible to identify where a particular target VM is likely to reside
• it is possible to instantiate new VMs until one is placed co-resident with a targeted one
• it is possible to extract information from a target VM with another controlled one that is co-resident with it

Co-resident VMs = running on the same physical machine.

Question 40

What is risk assessment?

Answer 40

The process of identifying threats and vulnerabilities
and their impacts.

The analysis that leads to identifying threats and
determining the costs and actions required.

A cybersecurity risk assessment identifies the various information assets that could be affected by a cyber attack (such as hardware, systems, laptops, customer data, and intellectual property), and then identifies the various risks that could affect those assets.

Risk assessments are used to identify, estimate, and prioritize risk to organizational operations (i.e., mission, functions, image, and reputation), organizational assets, individuals, other organizations, or a nation, resulting from the operation and use of information systems.

Question 41

What is qualitative risk assessment?

Answer 41

Involves experts judging, analysing, and forming a consensus on the implications of the results of tests involved in a risk assessment, based on historical evidence. Involves describing problems and not getting/presenting data (though can cite it as evidence).

Question 42

What is quantitative risk assessment?

Answer 42

Gathering numeric data regarding the possibility of events harmful to a computer system and their impact should they occur. Makes no judgement - just getting raw data.

It involves the gathering of metrics, measurements, and probabilities of the impacts of possible events that may affect the system under analysis. Tools and techniques used may include cause and effect analysis, cost and benefit analysis, parto charts or baseline identification.

Question 43

What are some technology risks not involving security or privacy?

Answer 43

• engineering aspects such as systems testing, systems control, and basic IT operations
• physical safety such as flooding, break-ins, etc
• corporate safety: going broke or being outcompeted

Question 44

Why can cloud-based services amplify the magnitude of risks?

Answer 44

A vulnerability in the cloud platform will then effectively be present in all who use it. Even on the scale of one server machine (physical or VM) in the cloud, this would affect many users, let alone a whole cloud services provider.

Question 45

What is the difference between a risk, a threat, and a vulnerability?

Answer 45

Vulnerability = weaknesses or security gaps in computer systems that may be exploited for attacks.

Threat = An attack vector: a means by which an attacker may exploit system vulnerabilities.

Risk = the likelihood of a threat and the resulting impact should it occur

Question 46

What priorities did ENISA recommend for future research in cloud computing?

Answer 46

• effects of breach reporting
• end-to-end data confidentiality
• higher assurance clouds
• incident handling
• a comparison of regulation differences for data protection and privacy
• resource isolation mechanisms
• resilience and interoperability

Question 47

What security problems did ENISA find with risk assessments for cloud computing?

Answer 47

• most methodologies are not specific or considerate enough to cloud systems
• a lack of structured analysis approaches for risk
• a lack of shared data of vulnerabilities and approaches

Question 48

What did ENISA identify as top security risks related to cloud computing?

Answer 48

• loss of governance
• lock-in
• isolation failure
• compliance risks
• management interface compromise
• data protection
• incomplete data deletion
• malicious insiders

Question 49

What are the 4 types of risk defence Tanimoto identified in their research?

Answer 49

• Risk Avoidance
• Mitigation
• Transference
• Acceptance

Question 50

What is 802.11i?

Answer 50

An amendment to the original 802.11 (Wifi) standard that aimed to improve its security against known vulnerabilities.

it brought TKIP, WPA, WPA2, and AES overWEp and RC4.

Question 51

What is a PSK?

Answer 51

PSK = Pre-Shared Key = a shared secret that was previously shared between the two parties using some secure channel before it needs to be used. To build a key from a shared secret, the key derivation function should be used. Such systems almost always use symmetric key cryptographic algorithms.

The term PSK is used in Wi-Fi encryption such as Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), where the method is called WPA-PSK or WPA2-PSK, and also in the Extensible Authentication Protocol (EAP), where it is known as EAP-PSK. In all these cases, both the wireless access points (AP) and all clients share the same key.