1. Security Review Q&A Session May 1

2. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class 4 Key Management  Class 5 Secure Code Execution

3. Class 1 Security Overview  What is Security?  Attacker Model  Readings Mitigating Routing Misbehavior Sybil Attack 802.11 Insecurity

4. What is Security?  Managing a malicious adversary  Guaranteeing properties in the presence of a determined malicious adversary  Basic security properties Authenticity Integrity Confidentiality Availability  Trust assumptions & security mechanisms & attacker model give security properties

5. Attacker Model  Passive & active attackers  Active attack examples Node compromise Denial-of-service attacks  Wired communication environment Eavesdropping possible Packet injection (source address spoofing) easy  Wireless communication environment Eavesdropping easy Packet injection (source address spoofing) easy Sybil attack Jamming attack

6. Sample Exam Questions  Mitigating Routing Misbehavior What are the challenges for using IDS in ad hoc networks to detect selfish nodes?  Sybil Attack How could we use the Sybil attack against system X?  802.11 Insecurity What is the danger of re-using the same pseudo-random stream to encrypt different messages with a stream cipher?

7. Class 2 Security Introduction  Security Properties  Security Primitives  Readings SPINS Payword and MicroMint

8. Security Properties  Confidentiality (secrecy) Eve cannot get any information Semantic security – Even if Eve knows plaintext/ciphertext pairs, she cannot learn any new information  Integrity Prevent modification  Authentication Prevent impersonation Bob knows that Alice sent message

9. Security Properties (cont)  Non-repudiation Alice cannot deny having created message  Freshness Bob knows that Alice’s message is recent Replay protection – Mallory cannot replay Alice’s messages

10. Security Primitives  Asymmetric (public-private key) Diffie-Hellman key agreement Public-key encryption Digital signature  Symmetric (shared-key, same-key) Block cipher (pseudo-random permutation PRP) Stream cipher (pseudo-random generators PRG) Message authentication code (MAC)  Others (unkeyed symmetric) One-way function Cryptographic hash function

11. Sample Exam Question  Bob and Carol want to authenticate information broadcast by Alice. Alice sets up a key K, sends it to Bob and Carol, and uses K to compute a MAC on each message she broadcasts. Is this secure?

12. Class 3 Advanced Security Constructions  One-time signatures  Merkle hash trees  Readings Stream Signatures Zhou and Haas key management

13. One-time Sig Construction  Uses 1-bit signature construction to sign multiple bits S0 P0 Bit 0Bit 1Bit 2Bit n S0’ P0’ S0’’ P0’’ S0* P0* … c0 p0 c0’ p0’ c0* p0* … Bit 0Bit 1Bit log(n) Sign messageChecksum bits: encode # of signature bits = 0

14. Sample Exam Question  How could we use one-way chains to solve problem X?

15. Class 4 Key Management  Key management scenarios Closed networks, centralized deployment (trusted authority controls and deploys nodes) – All-pairs shared keys, or all public keys – PKI, TTP (Kerberos, SPINS) – Zhou & Haas threshold key management – Randomkey predistribution Open networks, autonomous deployment – Resurrected duckling – PGP web of trust – Key infection

16. Sample Exam Question  Given a deployment scenario Y, what are the tradeoffs for using key distribution technique X?

17. Class 5 Secure Code Execution  Techniques for securing mobile code execution Process separation Code signing Sandboxing Software Fault Isolation (SFI) Proof-Carrying Code (PCC)

18. Sample Exam Questions  Open book: why is the address sandboxing technique in SFI not secure if we only use 4 registers? How could we fix it to make it secure with 4 registers?  Closed book: what are the tradeoffs for using technique X to secure mobile code in environment Y?