TTM4137: Informasjonssikkerhet i trådløse nett
Intro
This is the questions for the 2017 exams. 50% of the exam will be a subset of these questions. The regular questions + answers can be found in the urn of questions section. (tip: control+f to search). Questions and answers are currently under construction, press edit to help answer. Answers in bold are word-for word correct answers to the questions from previous exams.
Acronyms
EPS | Evolved Packet System | 4G |
HSS | Home Subscriber Server | A central database that contains user-related and subscription-related information |
LTE | Long-Term Evolution | 4G |
MME | Mobility Management Entity | The key control-node for the LTE access-network |
UE | User Equipment | Typically a smartphone |
SAE | System Architecture Evolution | The core network architecture of 3GPP's LTE wireless communication standard |
4-Way Handshake Protocol
Key Hierarchy
Urn of Questions
802.11/WLAN
-
What is the technical problem in the session hijacking threat in 802.11/WLAN?
- Many public networks use only the MAC address of network devices to identify users. One can impersonate legitimate users by using their MAC address
-
Which frame types are cryptographically protected by 802.11i?
- Data frames only
-
Which frame types are cryptographically protected by 802.11w?
- Management frames
-
What type of 802.11 authentication does Algorithm Number 0 or 1 indicate?
- None and WEP (?)
-
Which message type triggers a transition to 802.11 State 1?
- Deauthentication notification
-
Which protocol state will an 802.11 STA be in after having received a deauthentication notification message?
- State 1
-
How many states does the 802.11 State Machine contain?
- 3 (4 in 802.22i)
-
Which three entities participate in 802.1X access control?
- Supplicant(requesting entity), network access server(NAS) and authentication server(AS)
-
What kind of security capabilities are supported in a transitional security network (TSN)?
- Transitional security network supports both RSN and WEP systems.
-
Does Windows 10 Wi-Fi Sense allow sharing of 802.11i keys?
- Yes, the PSK
-
Does Windows 10 Wi-Fi Sense enforce access control to wireless networks?
- Yes, by using the Windows Filtering Platform on the client
-
How many messages are exchanged in a group key handshake?
- 2
-
Which of the following is a security concern with Windows 10 Wi-Fi Sense?
- Some issues are that you may not trust all your contacts on skype, outlook and facebook. Also, when you give an actual key to someone, they might carelessly share this with all of their friends.
-
What is required to spoof a de-registration message in user de-registration request spoofing?
WEP
-
How are the fragmentation and chopchop attacks different from the PTW attack?
- Chopchop attacks allows you to decrypt packages without knowing the key, and exploits IV reuse. PTW helps find the key
-
How does initialization vector (IV) reuse compromise confidentiality?
- When you have two identical IVs you can XOR the two encrypted messages and get the two XOR-ed plaintexts. If you then know some parts of the plaintext that is always the same (based on protocol this can be e.g. header fields with the IP-address etc) you can guess the actual plaintexts.
-
How does the integrity check value (ICV) in WEP protect against message modification?
- It computes a checksum of the data that is to be transmitted, and encrypts this checksum with the data. However, it is possible to flip bits in both data and ICV.
-
How does WEP provide replay protection?
- WEP does not provide replay protection
-
How is the integrity check value (ICV) in WEP computed?
- By using a cyclic redundancy check
-
How long is the integrity check value (ICV) in WEP?
- 4 bytes.
-
How many messages are exchanged in the WEP shared key authentication?
- 4 messages
-
Is the same key used for authentication and encryption in WEP?
- Yes, and the fact that the master key is used for both authentication and encryption is a known weakness.
-
What is the length of the WEP initialization vector (IV)?
- 24 bits
-
What is the major weakness in WEP, exploited by the PTW attack used in the lab?
- Correlation between keystream and RC4 key
-
What is the problem with the WEP authentication protocol (which is therefore rarely used in practice)?
- It leaks keystream
-
Which stream cipher is used for WEP encryption?
-
Which encryption algorithm is used in WEP?
- RC4 stream cipher.
-
What is ARP re-injection used for in the attacks on WEP?
- To obtain fresh initialization vectors
-
What is the consequence of the PTW attack on WEP?
- Long term secret key compromise
-
What are the consequences of the fragmentation attacks, e.g., by Bittau et al.?
- One can transmit arbitrary WEP data without knowing the key.
WPA
-
Does WPA support TKIP, CCMP or both?
- WPA supports only TKIP.
-
How does the counter mode operation of a block cipher E() work?
- E(i) XOR Mi
-
How is the PMK distributed in RSN?
- It can be pre-shared or distributed by an upper layer.
-
What are the input elements to the pseudo-random function used to compute the PTK?
- Master Key (256 bit)
- Nonce A
- Nonce B
- Address A
- Address B
-
What is Michael in WPA/RSN?
- A message integrity code used in TKIP
-
What is an RC4 weak key?
- A weak key is a key where a disproportionate number of bits in the first few bytes of the key stream were determined by a few bites in the key itself. One can negate weak keys by discarding the first 256 bytes of the keystream.
-
What is an RSN group key?
- Messages that is multicasted to all devices is encrypted with a group key allowing all authenticated devices to decrypt the message.
-
What is the block length of AES as used in RSN?
- AES used in CCMP has a 128 bit block size.
-
What is the key size of AES as used in RSN?
- 128bit
-
Which RADIUS attribute contains the encrypted Pairwise Master Key (PMK) in WPA?
- PKM-AUTH-Key (?)
WPS
-
How many messages are exchanged in the WPS in-band registration protocol?
- 8
-
What is the purpose of the first two messages of the WPS in-band registration protocol?
- Diffie-Hellman key exchange
-
Which three entities participate in the WPS configuration process?
- Enrollee, Access Point, Registrar
CCMP
-
Does CCMP provide confidentiality, integrity, or both?
- CCMP uses CCM that combines CTR for data confidentiality and CBC-MAC for authentication and integrity.
-
How is IEEE 802.11 CCMP nonce input constructed?
- It is constructed from the priority, sender MAC address and sender packet number.
-
How is the counter in CCMP initialized?
-
How is the 128 bits start value of the counter for CCMP encryption initialized in RSN?
- The counter is initialized by adding the flag value, nonce and counter together. The counter starts at 1 and increments by one for every block.
-
How is the 64-bit message integrity code (MIC) value in CCMP derived from the 128-bit final block?
- We only keep the lower 64 bits.
-
How long is the PTK when CCMP is used?
- 384 bit.
-
How long is the CCMP header, and how long is the packet number contained in this header?
- The CCMP header is 8 bytes, packet number contained in the header is 6 bytes.
-
Is the complete MAC PDU encrypted by the CCMP?
- No, the MAC header and the CCMP header are not encrypted
-
The PTK is a collection of several keys. List these keys and their length when CCMP is used:
- 4-way handshake keys:
- EAPOL Authentication - key confirmation key 128bit
- EAPOL Encryption - key encryption key 128bit
- CCMP data key
- Data integrity and encryption 128bit
- Total PTK length: 384 bit.
-
What are the five input values to the CCMP Decryption block?
- Key, Data, Nonce, MIC, AAD
-
What are the four input values to the CCMP Encryption block?
- CCMP header
- Source address
- Data length
- MPDU data
-
What is a mutable field in CCMP?
- A header field that is not integrity protected because it can be modified in transit
-
What is the 128-bit start value for RSN CCMP encryption?
- 8-bit flag, 104-bit nonce, and a 16-bit counter; where the nonce field contains an 8-bit priority value, the 48-bit source address, and the 48-bit packet number
-
What is the format of the first block used for the CBC-MAC computation in CCMP?
- The block is 16 bytes. The first byte is a flag, the 13 following are a nonce that is formed by combining sender packet number, MAC address and priority, and the last two bytes indicate the length of the plaintext data.
-
Which block cipher mode of operation is used for AES in RSN?
- Counter mode with cipher block chaining message authentication code
-
Which cryptographic algorithm is used by CCMP?
- AES
-
Which cryptographic algorithm is used in counter mode with cipher block chaining message authentication code protocol in CCMP?
- AES (?)
-
Which parts of an MPDU encrypted under CCMP are not encrypted?
- MAC header fields and CCMP header fields
TKIP
-
How long is the IV used in TKIP?
- 48 bit.
-
How long is the PTK when TKIP is used?
- 512bit (128 bit, four keys)
-
How many TKIP sequence numbers does a receiver keep track of?
- 1?
-
Is they MIC key be recovered in the attack on TKIP by Beck & Tews?
- Beck and Tews recovered the MIC in their attack, and used it to transmit some packets.
-
The PTK is a collection of several keys. List these keys and their length when TKIP is used:
- Data encryption key - 128 bit
- Data integrity key - 128 bit
- EAPOL-Key Encryption key - 128 bit
- EAPOL-Key Integrity Key - 128 bit
-
What are the consequences of the chopchop-like attack on TKIP by Beck & Tews?
- An attacker can get responses to packets sent with partly guessed content (It is possible to decrypt plaintext without knowing the key)
-
What properties of TKIP are exploited in the chopchop-like attack on TKIP by Beck & Tews?
- A weakness in the ICV (Checksum)
-
Which standard actually enabled practical DoS attacks on 802.11i TKIP?
- 802.11e Quality of Service Enhancements
-
Which cryptographic algorithm is used by TKIP?
- RC4 stream cipher.
-
Will TKIP accept a frame with a TKIP sequence counter value which is 14 less than the largest one seen so far?
- No, it uses IV sequence for duplicate detection
EAP
-
Does EAP-SIM provide mutual authentication?
- EAP-SIM use a SIM authentication algorithm between the client and an Authentication, Authorization and Accounting (AAA) server providing mutual authentication between the client and the network.
-
How are EAP messages transported between the authenticator and the authentication server in RSN?
- Encapsulated in RADIUS
-
How are EAP messages transported between the supplicant and authenticator in WPA/RSN?
- Encapsulated in EAPOL
-
How many EAP-TLS messages are exchanged in an EAP-TLS handshake?
- 7 messages
-
What is Extensible Authentication Protocol (EAP)?
- EAP is a set of encapsulation messages for upper-layer authentication methods
-
What is EAPOL, and how is it used in WPA/RSN?
- It’s a protocol for encapsulating EAP messages between the supplicant and authentication.
-
What encapsulates EAP messages in RSN?
- EAPOL (EAPOW) encapsulates EAP messages over LAN/WLAN and adds some management messages
-
What are the four types of EAPOL messages used in WPA/RSN?
- EAPOL-Start: supplicant multicast ask for authenticator MAC addr. Authenticator responds EAP-Request Identity in EAPOL-Packet
- EAPOL-Packet: The authentication protocol messages
- EAPOL-Key: Authenticator supplies cryptokeys to supplicant (example: the 4-way-handshake protocol)
- EAPOL-Logoff: Supplicant disconnects
-
What is the length of the Kc value used in EAP-SIM?
- 64-bit
- The Kc key is originally intended to be used as an encryption key over the air interface, but in this protocol, it is used for deriving keying material and is not directly used.
-
What is the purpose of the EAPOL 4-way handshake?
- Authenticated key agreement for session keys
-
What is the purpose of the first phase of PEAP?
- Creating a TLS connection.
-
What is the purpose of the second phase of PEAP?
- User authentication
-
Which identity does the EAP-Identity response in EAP-SIM contain?
- The identity response is sent by the the mobile device as response of an Identity reqeust sent by the Access Point, so it contains the IMSI of the device (TMSI if is not the first time that this event occurs)
-
Which security method is used in the first phase of PEAP?
- TLS
Mobile Communication
-
What is a call session control function (CSCF)?
- A SIP proxy used in IMS
-
Which authentication method is used by IMS?
- UMTS Authentication and Key Agreement (AKA)
-
Which CSCF handles SIP registration requests and informs the Home Subscriber Server (HSS)?
- S-CSCF
-
Which UTRAN layer provides handovers, preparations for handovers to GSM and cell reselection?
- RRC
-
Why is it a security requirement that the USIM implementation must be tamperproof?
- Because the USIM can be removed from the UE and analyzed/ tampered with (?)
- To facilitate the mobile operator with secure computation and storage at UE side.
-
Why is the UICC normally easily removable from the mobile station?
- The UE manufacturing and lifecycle can be managed independently from the personalization and subscription process
GSM
-
Does GSM provide mutual authentication?
- No, the SIM does not authenticate the network
-
What are the RAND, SRES and Kc values in an EAP-SIM triplet?
- The A3/A8 authentication and key derivation algorithms that run on the SIM can be given a 128-bit random number (RAND) as a challenge. The SIM runs operator-specific algorithms, which take the RAND and a secret key Ki (stored on the SIM) as input, and produce a 32-bit response (SRES) and a 64-bit long key Kc as output. The Kc key is originally intended to be used as an encryption key over the air interface, but in this protocol, it is used for deriving keying material and is not directly used.
-
Does the use of TMSIs protect the IMSI from active attackers?
- No.
-
What are the inputs of the authentication function A3 used in GSM?
$K_i$ , RAND
-
What is the output of the authentication function A3 used in GSM?
- SRES/XRES (32 bit signed message)
-
How is the subscriber identity protected from radio channel eavesdropping in GSM?
- A temporary subscriber identity is used
-
How is the user identity protected in GSM?
-
How long is the session key
$K_c$ used in GSM?- 64bit
-
What are the consequences of the false base station attack on GSM?
- Attackers can monitor all traffic and get the user's IMSI number.
-
What are the three most important security features in GSM?
- User authentication, radio channel confidentiality and temporary identities
-
Where is the secret user key
$K_i$ used in GSM stored? -
Which GSM entities store the secret user keys Ki?
- SIM and AuC
-
What is the length of the user’s secret key in GSM technology?
- 128 bit
-
Which function is used to generate the key
$K_c$ in GSM?- A8
-
Which values are sent from the HLR/AuC to the VLR during GSM authentication?
- Triplet (RAND, XRES, Kc)
-
Which authentication data does the GSM VLR have to request?
UMTS/LTE
-
What are the variables of the authentication token (AUTN) used in UMTS networks?
- SQN, AK, AMF, MAC
-
Do 3G/UMTS networks provide mutual authentication?
- Yes
-
Can a 3G USIM work in an LTE UE handset?
- Yes
-
Explain the purpose and output of the functions f0-f9 used in UMTS.
- f0 - Random challenge
- f1 - MAC-A
- f1* - MAC-S
- f2 - SRES
- f3 - Cipher Key
- f4 - Integrity Key
- f5 - Anonymity Key
- f5* - Anonymity Key
- f6 - Identity encryption
- f7 - Identity decryption
- f8 - AES in counter mode -
- f9 - Integrity protection using CBC-MAC
-
How does the 3G/UMTS authentication improve the security over the GSM authentication?
- Mutual authentication
- Integrity checks
-
How does the USIM authenticate the network during 3G/UMTS authentication?
- The AUTN (Authentication Token) sent from the VLR is checked by the USIM.
-
What are the end points of user data encryption in UMTS?
- UE and RNC
-
What are the inputs to the f8 algorithm used in UMTS, and what are their lengths?
- CK -128 bit
- Length
- Count-C - (Frame counter) - 32bit
- Identity - 5bit
- Direction - 1bit
-
What are the inputs to the f9 algorithm used in UMTS, and what are their lengths?
- IK - 128bit
- Message
- FRESH - Random number - 32bit
- Count-i - 32bit
- Direction - 1bit
-
What are the MILENAGE functions in UMTS used for?
- Authentication and key agreement
-
What are the three functional requirements for UMTS authentication?
- Mutual authentication between USIM and AuC, securing the radio channel communication, and user identity confidentiality
-
How is the subscriber identity protected from radio channel eavesdropping in UMTS?
- Using temporary ID - TSMI
-
What is the content and use of the UMTS AUTS parameter?
- SQN
$\oplus$ AK, MAC-S. Resynchronization when the SQN check fails on the MS side
- SQN
-
What is the length of the cipher key CK used in UMTS?
- 128 bits
-
What are the two basic strategies for creating SQNs in 3G/UMTS networks?
- Individual SQN
- Global SQN based on a global counter (global time etc)
-
What happens if the result of the UTRAN algorithm negotiation is that the user equipment (UE) and network have no encryption algorithms in common?
- Establishes a connection without encryption.
-
What happens if the result of the UTRAN algorithm negotiation is that the user equipment (UE) and network have no integrity protection algorithms in common?
- The connection is shut down immediately by the network
-
How long are the cipher key (CK) and integrity key (IK) used in UTRAN, and how are they obtained if a GSM SIM is used to access a UTRAN?
- CK 128 bits, IK 128 bits, obtained using a conversion function
-
Is mutual authentication provided when a SIM is used to access a UTRAN?
- No, the SIM does not support mutual authentication
-
Which three modes does the confidentiality algorithm in UMTS support?
- RLC-Transparent
- RLC-Unacknowledged
- RLC-Acknowledged
-
Which UMTS entities implement the functions f1-f5, f1 and f5?
- USIM and AuC
-
Which UTRAN layer provides integrity protection?
- RRC layer
-
Which UTRAN layers provide encryption?
- MAC and RLC Layer
-
What are the consequences of the redirection attack against UMTS authentication?
- Downgrades from UMTS to GSM and collects the IMSI. The IMSI is then used to get a AUTN that can be used to disable encryption (?)
-
Why is the redirection attack against UMTS authentication possible?
-
List the message authentication codes (MACs) used in UMTS and explain their purpose.
- MAC-A - Generated by f1 - Network authentication, used to generate AUTN
- MAC-I - Generated by f9 - Used for integrity checking
- MAC-S - Computed by client to verify MAC-A
-
How is the mode of the 3GPP f9 algorithm different from the CBC-MAC mode?
- CMC-MAC uses zero IV while f9 uses SQN XOR AK and FRESH (?) f9 takes as input paramaters such COUNTER utilized for achieving replay protection, and FRESH used to protect the initial values of COUNTER. (?)
-
How long is the keystream block output by the f8 algorithm?
- Depends on the length parameter
-
How many rounds does the KASUMI cipher use?
- 8
-
How is the initial RRC connection request message sent in UMTS Security Setup Procedure?
- When RRC Connection Establishment procedure is started, the last message, RRC Connection Setup Complete includes the UE Capability information. The UE Security capability informs the network about the UEAs and the UIAs that the UE supports. The GSM classmark information is also important and it provides along with other stuff, the GSM security algorithms supported. This message also has the START list that contains the START value for the CS and the PS domain.
-
In which mode of operation is KASUMI used for constructing the 3GPP f8 key stream generator?
- Combining Counter-mode and OFB-mode
-
Sketch the 3GPP f8 stream cipher structure, using the KASUMI function as a black box.
-
Sketch the 3GPP f9 cipher structure, using the KASUMI function as a black box.
-
What is the 3GPP value OP, and what is the length of this value?
- Optional pre shared key that the operators can use.
- It’s probably 128 bit.
-
What is the bit length of the permanent subscriber key K in UMTS?
- 128 bit
-
Which values are sent from the AuC to the VLR/SGSN during 3G/UMTS authentication?
- RAND, XRES, CK, IK, AUTN
-
Where is the sequence number (SQN) used in 3G/UMTS networks generated?
- UE and AuC (?)
-
What is the block size of the KASUMI function used by the f8 algorithm?
- 64 bits
-
What is the output of the UMTS
$f_9$ algorithm?- 32 bit MAC-I
-
What is the purpose of the sequence number (SQN) used in 3G/UMTS networks?
- Preventing replay attacks
-
What kind of cipher is KASUMI?
- A5/3 (Feistel cipher)
-
Where are the UMTS functions f1-f5, f1 and f5 implemented?
- USIM and AuC
-
What is the block length of the block cipher used by MILENAGE?
- Up to the operator. AES is recommended which uses block sizes of 128 bit. (?)
-
Which cipher mode does the 3GPP f8 stream cipher use?
- OFB with additional counter.
-
What was the underlying assumption for the MILENAGE security analysis?
- The kernel function must be a secure block cipher.
-
Why can the USIM be removed from the rest of the UE?
- The UE manufacturing and lifecycle can be managed independently from the personalization and subscription process.
-
Why must the USIM implementation be tamper-proof?
- To facilitate the mobile operator with secure computation and storage at the UE side
-
How does the EPS authentication improve the security over the 3G/UMTS authentication?
- Cannot downgrade to GSM.
-
Does a successful run of EPS authentication achieve mutual authentication between mobile station and serving network?
- Yes
-
Does LTE/EPS provide end-to-end data security?
- No, but an application layer protocol running over EPS may provide end-to-end data security
-
How is backward key separation achieved during handovers over X2 connections in EPS?
- The source eNB applies a one-way function to the key before transmitting it to the target eNB
-
How is forward key separation achieved during handovers over X2 connections in EPS?
- The target eNB receives a fresh key from MME immediately after handover
-
How is the EPS key derivation function constructed?
- HMAC-SHA256
-
The end points of the user data encryption in EPS are
- The UE and the eNB
-
What are the end points of signalling encryption in the EPS access stratum?
- The UE and the eNB
-
What are the end points of signalling integrity in the EPS non-stratum access?
- UE and MME
-
Is the network domain security for the core network sufficient to protect the UMTS/LTE authentication and key agreement messages against parallel session attacks?
- No, the network domain services does not necessarily protect against parallel session attacks.
-
Which values are sent from the HSS to the MME during the LTE/EPS authentication protocol?
- RAND
- AUTN
- XRES
- Kasme
-
Where does the key derivation function KDF of EPS reside?
- In the UICC and the HSS
-
What is cryptographic network separation (in EPS)?
- The derived keys are specific to the serving network
-
Why is the NAS Security Mode Command message in EPS never encrypted?
- The messages are sent before encryption keys have been established.
- They are Integrity protected.
-
What is Snow 3G and why is it used in UMTS and EPS?
- Stream cipher. Is good stuff.
-
Will 3G USIMs work with EPS UE handsets?
- Yes, because the ME computes the EPS keys
-
Which encryption schemes are specified in EPS?
- SNOW and AES
-
Why are the keys CK & IK generated in EPS even though they are not directly used?
- To provide backward compatibility with UMTS, and they are used in the KDF function to generate Kasme.
-
Why does EPS provide a more complex key hierarchy than UMTS and GSM?
- To support cryptographic key separation and enable more frequent key renewal
Sundry
-
What is the Rijndael algorithm?
- AES-encryption. Symmetric encryption algorithm.
-
Can a keyed checksum be used as message authentication code?
- Yes.
-
Does breaking collision resistance of a hash function imply breaking pre-image resistance or the other way around?
- No but the other way around (?)
-
Does breaking collision resistance of a hash function imply breaking second pre-image resistance or the other way around?
-
Does EPID have a mechanism for key revocation?
- Yes, using a revocation list
-
What are the entities in EPID?
- Issuer + revocation manager (often merged)
- Member
- Verifier
-
How can one show that P
$\neq$ NP if one can prove the existence of one-way functions. -
Why is it not sufficient to base the construction of a one-way function f on an NP-hard problem (i.e. Where inverting f requires solving an NP-hard problem)?
- NP-hardness only guaranties that there exists one value that is NP hard to compute.
-
How to solve the potential malicious traffic discovery problem in WIDS?
-
Intuitively, what does it mean for a message authentication code to be 'existentially unforgeable against chosen message attacks'?
-
What is the difference between a stream cipher and the one-time pad?
-
Is a stream cipher as secure as the one-time pad?
- No. A stream cipher is bound to repeat at some point , while a OTP never repeats. If you could generate a stream cipher with a truly random output, it could be used as a OTP.
-
Is a stream cipher malleable?
- Yes, but you need to make all changes at both the sender and receiver.
-
Is the CBC-MAC a secure message authentication code if the IV is constant 0 ?
- Yes
-
What are the advantages of the counter mode of encryption, e.g., in comparison to the CBC mode?
- CTR allows for parallel encryption and errors do not propagate to the next block.
-
What are the general steps performed by intrusion detection systems for mobile ad-hoc networks?
- Data collection
- Detection
- Response
-
What are the problems with Intrusion Detection System in real life?
-
What is the problem with MAC Sequence Number Analysis in Intrusion Detection Systems?
- Each class in QoS has its own sequence number. An attacker can hijack the session when a user goes offline as well.
-
What are the two main security functionalities of a smart card?
- Key Strength
- Authentication
- (?)
-
What is Internet Key Exchange?
- Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE uses X.509 certificates for authentication - either pre-shared or distributed using DNS (preferably with DNSSEC) and a Diffie–Hellman key exchange - to set up a shared session secret from which cryptographic keys are derived. In addition, a security policy for every peer which will connect must be manually maintained
-
What is lawful interception?
- Wiretapping of private communication requested by a law enforcement agency
-
What is the difference between a checksum and a cryptographic message authentication code?
- A checksum can be (re-)computed by an attacker, the authentication code cannot
-
What is the difference between a smart card and a SIM?
- SIM is a subset of smart cards
-
What is the main difference between wired and wireless Intrusion Detection Systems in terms of functionality?
- You can physically protect wired points.
- People can set up their own AP and abuse man in the middle
-
What is the purpose of the EPID join procedure?
- To assign a private key to a device
-
Which part of IEEE 802.16 MAC PDU is encrypted?
- Only payload (?)
-
Can the security header in MAPsec be encrypted? Why/why not?
- No. The MAPsec header must be processed at the receiving end.
2017 Specific
EMV Contactless
- Which of the following is a security concern in EMV Contactless Payment?
- Eavesdropping, Unauthorized Activation, Relaying and Pre-Play Attacks
- What is the Frame Waiting Time (FWT)?
- The maximum time between data sent by the reader and the response returned by the card
$FWT = (256 \cdot 16/f_c) \cdot 2^{FWI}$ where the Frame Waiting time Integer (FWI) is defined as$0 \leq FWI \leq 14$ and$f_c = 13.56 MHz$
- Which of the following is true with respect to eavesdropping in the context of EMV Contactless Payment?
- Transmission us vulnerable and unencrypted, possible up to 40 cm
- What is a relay attack?
- Which of the following are known attacks against EMC Contactless Payment?
- Eavesdropping, Unauthorized Activation, Relaying (the virtual pickpocketing attack using victims own NFC enabled device) and Pre-Play Attacks (downgrading to MagStripe mode)
5G Long Term ID
-
How can the long-term user identity be protected in case of an Identity Request?
- With a pseudonym or asymmetric cryptography
-
How can public key cryptography be used to protect the IMSI?
- Encrypt the IMSI with the public key of the receiver, and the receiver will use the corresponding private key to decrypt the IMSI. Could be with either Certificate Based Public-key Cryptography or Identity Based Encryption.
-
Which of the following is a drawback with respect to the usage of public key cryptography for protecting the long-term identity?
- Key revocation
- Key-distribution
- Trust model
- Performance overhead
-
Is TMSI a solution to protect the permanent identity IMSI?
- Yes, but not a good one
-
What is the main challenge in protecting the long-term user identity in LTE networks?
- IMSIs could be requested without an established security context to protect the confidentiality and integrity of the messages.
Guest Wlan
-
Is traffic in the Linksys guest network encrypted?
- No
-
Which of the following is a vulnerability in Linksys Guest Mode?
-
Which of the following is a security concern with respect to the Linksys Guest Mode password?
- The Guest network does not support a secured wireless network such as WPA2
- Default password BeMyGuest
- Captive portal over HTTP
-
What is client isolation?
- A security feature that prevents peer-to-peer attacks on a LAN. Whith this feature, clients may not communicate with other clients.
-
What is the role of a guest network from a security perspective?
- Client isolation
- Protecting long term shared keys
2016 Specific
GPS
What is the variable A in GPS navigation messages used for? GPS
List two simple attacks on GPS. GPS
- Spoofing and jamming
List three advanced attacks on GPS. GPS
- Data Level Attacks : modify valid GPS signals to change the the satelite position, date etc.
- Operating System Attacks
- Dependent System Attacks : change device clock by a little.
Which frequency is used by the GPS L1 signal? GPS
- civilians can use the L1 signal which has the frequency of 1575.42 MH
What is GPS jamming? GPS
- Jamming: transmitting noise in the same frequency so that receivers can no longer distinguish satellite signals from the noise.
What is GPS spoofing? GPS
- GPS receivers are fed false information from rogue sources resulting in inaccurate navigation.
Which network protocol depends on GPS? GPS
-Network Time Protocol (NTP)
Wireless keyboards
What is Enhanced ShockBurst? Wireless keyboards - A link layer protocol used in many newer logitec chips.
Is traffic to and from a Logitech Unifying Receiver encrypted? Wireless keyboards
- The USB reciver/transmitter you plug into the computer. Unifying Receiver protocol does not thoroughly validate input.
How many messages are exchanged in the Logitech pairing protocol? Wireless keyboards 7
Which encryption algorithm is used by Logitech wireless keyboards? Wireless keyboards
- Logitech keyboards use 128-bit AES encryp-tion. (not everything gets encrypted though)
What kind of keyboard packets from Logitech wireless keyboards are not encrypted? Wireless keyboards
- Mouse movements, Multimedia key packets (packets that control volume, media playback, browser navigation etc.)
What is the length of a normal, encrypted keyboard packet from Logitech wireless keyboards? Wireless keyboards
- 22 bytes long
EAP-NOOB
What is the main challenge for connecting IoT devices to 802.11i Enterprise networks? EAP-NOOB
- Lack of UI
What is the most significant difference between EAP-NOOB and other available EAP methods? EAP-NOOB
- Unlike any other EAP methods currently available, EAP-NOOB does not assume or require any pre-con gured authentication credentials such as symmetric keys or certi cates.
Is EAP-NOOB vulnerable to MiTM attacks on the Diffie-Hellman key agreement? EAP-NOOB
- EAP-NOOB use user-assisted out-of-band (OOB) to protect against MiTM attacks. MiTM attacks are not easy and would often require phisical access to the supplicant to either modify or spoof the OOB message.
Which of the following statements is a security assumption for EAP-NOOB? EAP-NOOB
Why does an EAP-NOOB execution span multpiple EAP sessions? EAP-NOOB
Which generic NAI string is used by the client in EAP-NOOB? EAP-NOOB
What are the states in the EAP-NOOB state machine? EAP-NOOB Unregistrered , Waiting for OOB , Recived OOB , Reconnecting , registrered.