Terms in this set (126)

Answer: BD


This is an example of both a logic bomb and a backdoor. The logic bomb is configured to `go off'
or activate one week after her account has been disabled. The reactivated account will provide a
backdoor into the system.

A logic bomb is a piece of code intentionally inserted into a software system that will set off a
malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company.

Software that is inherently malicious, such as viruses and worms, often contain logic bombs that
execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fool's Day. Trojans that activate on certain dates are often called "time bombs". To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic bombs.

A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal
authentication, securing unauthorized remote access to a computer, obtaining access to plaintext,
and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit. A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system.
Answer: A


A replay attack (also known as playback attack) is a form of network attack in which a valid data
transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a
masquerade attack by IP packet substitution (such as stream cipher attack).

For example: Suppose Alice wants to prove her identity to Bob. Bob requests her password as
proof of identity, which Alice dutifully provides (possibly after some transformation like a hash
function); meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the
hash). After the interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends Alice's password (or hash) read from the last session, which Bob accepts thus granting access to Eve.

Countermeasures: A way to avoid replay attacks is by using session tokens: Bob sends a one-
time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g.
computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Eve has captured this value and tries to use it on another session; Bob sends a different session token, and when Eve replies with the captured value it will be different from Bob's computation.
Session tokens should be chosen by a (pseudo-) random process. Otherwise Eve may be able to
pose as Bob, presenting some predicted future token, and convince Alice to use that token in her
transformation. Eve can then replay her reply at a later time (when the previously predicted token
is actually presented by Bob), and Bob will accept the authentication. One-time passwords are
similar to session tokens in that the password expires after it has been used or after a very short
amount of time. They can be used to authenticate individual transactions in addition to sessions.
The technique has been widely implemented in personal online banking systems.
Bob can also send nonces but should then include a message authentication code (MAC), which
Alice should check.

Timestamping is another way of preventing a replay attack. Synchronization should be achieved using a secure protocol. For example Bob periodically broadcasts the time on his clock together with a MAC. When Alice wants to send Bob a message, she includes her best estimate of the
time on his clock in her message, which is also authenticated. Bob only accepts messages for
which the timestamp is within a reasonable tolerance. The advantage of this scheme is that Bob
does not need to generate (pseudo-) random numbers, with the trade-off being that replay
attacks, if they are performed quickly enough i.e. within that 'reasonable' limit, could succeed.
Answer: B


An initialization vector is a random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce, or "number occurring once," as an encryption program uses it only once per session.An initialization vector is used to avoid repetition during the data encryption process, making it
impossible for hackers who use dictionary attack to decrypt the exchanged encrypted message by discovering a pattern. This is known as an IV attack.
A particular binary sequence may be repeated more than once in a message, and the more it appears, the more the encryption method is discoverable. For example if a one-letter word exists in a message, it may be either "a" or "I" but it can't be "e" because the word "e" is non-sensical in English, while "a" has a meaning and "I" has a meaning. Repeating the words and letters makes it possible for software to apply a dictionary and discover the binary sequence corresponding to each letter.

Using an initialization vector changes the binary sequence corresponding to each letter, enabling
the letter "a" to be represented by a particular sequence in the first instance, and then represented by a completely different binary sequence in the second instance.

WEP (Wireless Equivalent Privacy) is vulnerable to an IV attack. Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets.