Revision Lecture: 6th December 2019 Flashcards
What is the Chinese Wall?
A security model grouping commercial information into a centralised repository and basing authorisation to access information based on previous activity in order to avoid spying and conflicts of interest.
How does the Chinese Wall perform authorisation?
Essentially people are authorised to access an object if they have never accessed information from a company in a shared conflict class with the company whose info is being accessed.
The ss-property means that you may only read sanitised (public) information or information from companies whose competitors’ information you have not previously accessed.
The star-property means that subjects may only write to an object if they are unable to read any objects of any other companies which have competitors.
How does the Chinese Wall work?
You have a single centralised store of commercial data. Objects are files or data pertaining to one company. Groups are made of the objects, company wise (i.e. all their objects). Conflict classes are made which hold all groups for a set of competing companies, e.g. oil companies or social media companies.
Objects are labelled by their owning company and competitor companies, from conflict classes.
Essentially people are authorised to access an object if they have never accessed information from a company in a shared conflict class with the company whose info is being accessed.
Sanitised information which can be made public has no competitor company.
What is the Clark-Wilson Framework?
An integrity model that seeks to allow the integrity policies of computer systems to be specified and analysed.
How does the Clark-Wilson Framework work?
Have states and transitions when subjects perform actions on objects. Actions possible performed by valid and consistent end states, only being via intermediary programs, order, and user privileges based on role/job.
Transactions are groups of actions made by users on object/s. Restrictions on nobody doing two successive actions, only certain permitted order, and only being allowed to do certain actions implemented with triples: only some actions are allowed by certain subjects on certain objects.
What are MLS systems?
MLS = Multilevel security = a security model in which data and users have different classifications (levels) in which users may only access objects if they have a security level classificaiton greater than or equal to that of the object
What is security policy?
A set of rules and practices governing how a system
will manage and protect files with especial regard to sensitive data or code. Some companies will write a Security Policy document that defines the security (and safety) of the system. This can be considered as a legal
document if the company has an intrusion.
What is Kerberos?
The distributed Access Control system which was the default option in Windows 2000. It provides authentication to users on the basis of tickets.
How does Kerberos work?
The protocol for ticket granting is a variant of Needham-Schroeder:
Alice logs onto server Sam using a password and requests resource B:
- A ->S: A, B
The client software in her PC fetches a ticket encrypted under her password and which contains the key KAS. For access to resource B, the ticket KAB with timestamp TS and lifetime L is given.
- S->A: {TS, L, KAB, B, {TS, L, KAB, A}KBS }KAS
Alice gets a copy of the ticket to read encrypted under KAS. She verifies the ticket by sending the timestamp TA to B which confirms its liveness by sending back the timestamp incremented by 1.
- A->B: {TS, L, KAB , A}KBS , {A, TA}KAB
- B->A: {TA + 1}KAB
What can and cannot Kerberos do?
It can’t protect against MITM attacks. It provides a ticket-based authentication mechanism using keys in a variant of the Needham–Schroeder protocol. it uses timestamps and lifetimes to try to stop key stockpiling, a problem in normal N-S.
What is WPA2?
The second version of WPA (Wi-Fi Protected Access), a security protocol designed to secure connections to wireless access points.
How does WPA2 work?
In WPA2 Personal mode, authentication is between the client and an Access Point (AP) with the AP generating a PSK from a plain text passphrase that is used for all devices.
In Enterprise mode, the AP provides access control to the authentication (RADIUS) server. The AP has 2 logical parts: service and authentication and Port Access Entity (PAE). The authentication PAE is always open. The service is opened after successful authentication using
EAPoL (EAP over LAN). Because each device is authenticated before it connects, a personal, encrypted tunnel is effectively created between the device and the network.
How do WPA2 handshakes work?
Handshakes between user (supplicant) and WAP (authenticator) and WAP (supplicant) and router (authenticator) to make a path user -> WAP -> router.
In a 4-way handshake:
- Both already have PMK which is secret and never sent
- authenticator (A) to supplicant (S): EAPOL-KEY msg 1 with Anonce (authenticator nonce) => PTK made in S
- S to A: EAPOL-KEY msg 2 with Snonce (supplicant nonce) => PTK made in A
- GTK made in A and then sent to S in E-K msg 3 => S installs the GTK
- S to A: E-K msg 4 confirming temporal keys (PTK and GTK) installed in both => A installs GTK
Steps 2-4 are MIC protected
PTK = pairwise transient key = unicast GTK = group temporal key = multicast
Each device makes PTK from its PMK and a nonce from the other device
Why are periodic reauthentications used in WPA2?
Redo the authentication process every 15-20s because then an attacker would have to as well to keep eavesdropping. This would be difficult to do within that time period due to strong security and also limits data leakage to one of those periods if one ever is compromised.
How often to periodic reauthentications happen in WPA2?
every 15-20 seconds
What is SNA?
SNA = Social Network Analysis = the process of gathering, investigating, and assessing data from social networks and social media platforms and trying to understand them in terms of relationships.
How do you find the monetary value of a social network?
From Metcalfe’s law, the monetary value of a network is directly proportional to the square of the size of the network (no of nodes in it).
What is a hub?
A central node, connected to all (or many) others, as in a star computer network.
What is the core of a network?
The node or nodes in the centre of a social network which has a high level of closeness, betweenness, and product of the in degree and out degree: number of inbound and outbound vertices.
What is a clique?
A total (completely adjacent - connected) group of nodes on a social network graph. They will have shared views. Cliques on social media have shared views, beliefs, or opinions. Think echo chamber. Note if you can monitor one, since all connected, you can monitor them all.
What is a cluster?
A collection of individuals with dense friendship patterns internally and sparse friendships externally.
What is the difference between a cluster, group, and clique?
Group = a collection of multiple nodes in a social network.
Cluster = a group of individuals with dense friendship patterns internally and sparse friendships externally.
Clique = A total (completely adjacent - connected) group of nodes on a social network graph. They will have shared views. Cliques on social media have shared views, beliefs, or opinions. Think echo chamber. Note if you can monitor one, since all connected, you can monitor them all.
So a group is any selection of nodes, clusters are groups more connected inwards v out, and cliques are groups in which all nodes are connected to all the others.
What is a triad?
A clique of 3 nodes.
What is a bridge?
A node or nodes connected to multiple cliques or clusters and forming connections between them.
What is a bridge endpoint?
Nodes which form the initial connection of a bridge which connects a clique or cluster it to one or more other cliques or clusters.
What is degree?
The number of nodes a given node is connected to.
What is closeness?
How “close” a node is to others. Closeness = 1 / (mean length of shortest paths from that node to all others)
What is betweenness?
A representation of how often a node is a bridge: the proportion of the number of times a given node is on the shortest path or paths between each other pair of nodes other than the given node.
What is reach?
The number of people who will view a social media post.
What is distance?
The minimum number of the edges in the shortest path between two nodes.
How do the degree of nodes on social networks affect the effect they would have if breached?
Higher degree have higher effect: can intercept/spoof messages more as connected to more other nodes.