Lecture 1 - Overview of Cybersecurity

INF624 - Introduction to cybersecurity

13.09.2022

1 A Model for Cybersecurity

Cybersecurity has many aims, but it can be broadly described as the discipline
of protecting information systems and the information stored, processed or in
transit within them. This definition, although intuitive, needs some exploring.

1.1 Information Systems

First of all, we need to introduce what is an information system. With it, we
indicate a system for collecting, storing, transmitting, and processing informa-
tion. These systems are comprised by several components integrated with each
other, divided into five categories:

• Hardware. The physical components of the system. These include com-

ponents such as computers, data storage, and input/output devices.
• Software. The programs and routines running in the information systems.
This also include operating systems.

• Data. These are the facts that the system collects, organizes and processes
to create useful information. This usually indicates the files and databases
used to store the data, too.
• Procedures. Any sequence of steps necessary to perform a useful operation
on an information system.

• People. This includes people using, administrating and designing the sys-
tem. They are essential for the system to function, but they can also be
manipulated and serve as weak points.
Hardware, software, and data are usually referred to as assets and they are
the components of an information system that hold value to the system owners
and users. Hence, these are usually the components that need to be protected.

1
1.2 Cybersecurity and its Properties
Now that we know what we are securing, we can give a more detailed definition.
One good place to start is the definition given by NIST, the American National
Institute of Standards and Technology.
Definition 1.1 (Cybersecurity) Measures and controls that ensure confiden-
tiality, integrity and availability of information system assets including hard-
ware, software, firmware, and information being processed, stored and commu-
nicated.
The definition introduces three fundamental security properties, called the
CIA Triad. NIST gives the following definition of the three properties.
• Confidentiality. Preserving authorized restrictions on information access
and disclosure, including means for protecting an individual privacy.
• Integrity. Guarding against unauthorized information modification or de-
struction.
• Availability. Ensuring timely and reliable access and use of information.
In addition to the CIA triad, there are two more security properties that are
generally required, authenticity and accountability.
Authenticity is a property of information. Some information is authentic
if it is genuine and can be trusted, and there are mechanisms in place for it
to be verified. Note that this is a slightly stronger notion than data integrity.
However, it does not account for destruction of information.
Accountability is a property of an information system. In a system that has
the property of accountability it is possible to trace an action performed on the
information system to the actor who performed the action. The rationale behind
accountability is that information systems that are truly secure have never been
achieved, and some argue they will never be achieved. Then we require at least
that it is possible to identify the responsible of a security breach when we detect
it.

1.3 Security breach, threat and vulnerability

A loss of any of the security properties in the CIA triad, or of the additional
properties, is called a security breach. We can categorize security breaches
based on the property they affect. A loss of confidentiality is an unauthorized
disclosure of information. A loss of information integrity is an unauthorized
modification or destruction of information. It can also be a corruption of parts
of the information system. A loss of availability is the disruption of access
to some information or to an information system. A loss of authenticity is a
modification of the information, or a fraud about the information source. A
loss of accountability is a repudiation, or a loss of traceability of actions in the
system.
Security breaches can also be categorized based on their impact as follows.

2
 • Low impact, if adverse effects are limited, such as a partial interruption
of non-critical services.
• Moderate impact, if there are serious adverse effects, such as a critical
interruption of services, or harm to a user.
• High impact, if there are devastating and potentially permanent adverse
effects, such as a permanent interruption of services, or serious harm to a
user, including death.
In order to prevent security breaches, and mitigate their effects if they were
to happen, security researchers try to identify vulnerabilities in an information
system. Vulnerabilities are flaws in the design or operations of an information
system that can cause a security breach. Once a vulnerability is found, it is
possible to identify a threat to an information system When we study a threat,
we usually divide it into two parts: threat consequences and threat actions.
Threat consequences are the potential effect a threat might have on the system
security properties. Threat actions are the attacks or events that could lead to
a realization of the threat, and thus of the threat consequences. We can see
that this distinction between threat actions and threat consequences highlights
cause and effect in a threat. This means we can study them separately and
design countermeasure to prevent the former, and mitigate the latter. We give
a schematic presentation of threat consequences and the possible threat actions
causing them in Table 1.3.

2 Cryptographic tools
An important part in the toolbox of cybersecurity are cryptographic algorithms.
These algorithms have a wide variety of applications, but we will explore the
most common and which security properties from the CIA triad they enforce.
Table 2 summarizes the cryptographic protocols and the security properties they
can be used to enforce.

2.1 Encryption
Symmetric encryption is the most iconic and fundamental of cryptographic al-
gorithms. An encryption scheme is generally composed by two algorithms. An
encryption algorithm E and a decryption algorithm D. The two algorithms both
take a secret key as input. The encryption algorithm takes a message m, called
plaintext, as input and produces a ciphertext c = E(m, k). The ciphertext is
unreadable for anyone who does not know the secret key and looks like random
data. The decryption algorithm takes the secret key and the ciphertext and re-
stores the original message: m = D(c, k). Note that the message is restored only
if the same key was used in encryption and decryption, otherwise the decryption
produces garbage.
The most typical use of symmetric key encryption is data transmission. This
setting is illustrated in Figure 1. We have a sender, Alice, and a receiver, Bob,

3
 Threat consequence
Unauthorized Disclosure:
an entity gains access to
data for which it is not
authorized.
Impacts confidentiality.
Deception: an authorized
entity receives false data
and believes it to be true.
Impacts system and
information integrity.
Disruption: interruption
or alteration of a system
services and functions.
Impacts availability and
system integrity
Usurpation: an
unauthorized entity control
of system services or
functions
Threat Action
Exposure: sensitive data is released to an
unauthorized entity from within the informa-
tion system.
Intrusion: an unauthorized entity gains access
to sensitive data by circumventing a system’s
security protections.
Interception: an unauthorized entity captures
sensitive data travelling between authorized
sources and destinations.
Inference: an unauthorized entity deduces
sensitive data by reasoning from observed data
or communications.
Masquerade: an unauthorized entity poses as
an authorized entity.
Falsification: false information deceives an au-
thorized entity.
Repudiation:an entity falsely denies responsi-
bility for an action.
Incapacitation: an entity disables a compo-
nent of the system
Corruption: an entity adversely modifies sys-
tem functions or data
Obstruction: an entity hinders system opera-
tions by blocking communications or overload-
ing components of the system
Misappropriation: an entity assumes unau-
thorized logical or physical control of a system
resource
Misuse: an entity alters a system component
to perform an unintended function

Table 1: Threat consequences, threat actions and impacted security properties

who agree on a secret key k. When Alice wants to transmit a message m,

She can use the key to encrypt it and transmit the encryption of the message
c = E(m, k). An attacker is unable to read the message even if they can see the
ciphertext. On the other hand, Bob can use the same secret key to decrypt the
message m = D(c, k).
Symmetric encryption is useful to guarantee the confidentiality of data, both
when it is in transit through an information system, and when it is stored.

4
 Security Property Cryptographic algorithms
Confidentiality Encryption
Integrity Hash functions, MAC, Digital Signatures
Availability None
Authenticity Digital Signatures, MACs (somewhat)
Accountability Digital Signatures (somewhat)

Table 2: Cryptographic algorithms and security properties

Figure 1: Typical use case for encryption

2.2 Hash Functions

An hash function is an algorithm that takes an arbitrary size input and produces
a fixed size output called a digest. The output is produced in such a way that
small changes in the input leads to very different outputs. A good analogy for
a hash function is a meat grinder, as the input is chopped up and recombined
to produce a small output. In fact, ”to hash” means to finely chop something
in English.
For an hash function to be a cryptographic hash function, it needs to have
three properties:
• Pre-image resistance. Given a digest d, it is hard to find an input x so
that d = H(x). This is often referred as the hash being one − way,

• Second pre-image resistance. Given an input x, it is hard to find a different

input y so that H(x) = H(y).

5
 Figure 2: Hash function

• Collision resistance. It is hard to find any two different inputs x and y so

that H(x) = H(y).

Note that it is still possible for two inputs to collide, or to find a pre-image,
but the probability is very low. For SHA-256, one of the most wide-spread
cryptographic hash function, the probability is about one in 1068 even for the
weakest variant.
A hash function is useful to ensure the integrity of data. Indeed, we can use
the digest of a file or message to check if they were modified. The difficulty of
finding a different input with the same digest would make it highly unlikely that
an attacked was able to modify the data without changing the digest. Moreover,
while the data might be costly to store, a digest is typically smaller and can be
stored or published much more easily and in more locations than the original
information.

2.3 MACs
A MAC, or message authentication code, is a short tag used to verify the in-
tegrity of a message. It is rather similar to a hash function. However, a MAC
takes a secret key as an additional input. This means that only people in pos-
sess of the secret key are able to create and verify a message against a tag. The
properties of a MAC are similar to the ones required from a cryptographic hash
functions, considering both key and message as the input of the hash. Despite
their similarities, MACs are required one extra property, unforgeability. It must
be difficult to predict the MAC of a message using a specific key even after
knowing many examples of tags generated with that key.
Still, one of the most popular ways to construct a MAC is to use a Hash
function as basis. Such a construction is called an HMAC and it is the most
widespread example of MAC.
A MAC is useful to ensure the integrity of data, but it also gives a degree
of control as to who produced the data, as only someone possessing the right
secret key can produce the tag, also providing authenticity within certain limits.
In fact, to provide authenticity in a stronger and more flexible way, we usually
employ the next cryptographic primitive.

6
 Figure 3: MAC

2.4 Digital Signatures

Until now we only saw keys that behave in a similar way to keys in the real
world. For instance, in encryption we could use the same key to encrypt and
decrypt, similarly to how we use a key to lock and unlock a door. Indeed, we
called the encryption symmetric and this term is sometime used to refer to the
keys, too.
Digital signatures, on the other hand, is part of what is called asymmetric
cryptography. Instead of using a key, digital signatures use a key-pair, a pair
composed of a secret key and a public key. The two keys are mathematically
bound together. A padlock is a good analogy for a key-pair. One part, the
padlock, can be used to lock a door. The other, the key, can be used to unlock
it. The secret key should be kept secure, but the public key can be transmitted
to anyone who might need it.
A digital signature scheme is composed by a signing algorithm and a verifi-
cation algorithm. In signing, the private key is used to create a signature of a
message. If someone receives the message and the signature, they can use the
public key to verify that the message is unmodified, and that the owner of the
public key was the one who created it.

Figure 4: Digital Signature

A digital signature is useful to ensure the integrity and authenticity of data.

It is also very useful to provide accountability, but it is not sufficient by itself.

7
 Lecture 2 - User Authentication
DIGI112 - ICT Security
08.09.2022

1 Principles of Authentication
Broadly speaking, authentication is the process of establishing confidence in a
user identity presented to an information system. It should not be confused
with the process of determining what a user can access or which actions a user
can perform in the system. Authentication can take place on a local system, or
remotely, but it can generally be modelled in a similar way.

1.1 A Model for Authentication

Authentication is a process that is generally divided in two steps. The first is
user registration, where a user proves their identity to a Registration Author-
ity (RA) and obtains in exchange credentials that are bound to their identity.
Then, during the process of user authentication proper, the credentials can be
presented to a verifier that certifies the user identity, without the need to go
through the proof of identity necessary during registration.
We give a quick definition of the entities involved in these processes and their
jobs.

• Registration Authority (RA). A user applies to the RA to subscribe to the

system. The RA has the duty of vetting the user identity and establish
whether they are truthful.
• Credential Service Provider (CSP. A CSP issues credentials to a user that
has been vetted by the RA, binding their identity with said credentials.
• Verifier. A verifier receives a set of credentials and checks if they are
bound to an identity.
• Relying Party (RP). The service that needs to authenticate the user.

Credentials are not very well defined for now, but we are going to explore
better what could be their nature. For now, suffices to say that they are some
piece of data that is bound to the user identity by the CSP. An example could
be a set of username and password to log in to a website.
Now that we know the identities involved in authentication, we can proceed
to see the two main flows in authentication. The first one is the registration

1
flow, where a user applies to subscribe to an authentication system. The second
one is the authentication proper.

Registration
Registration is itself divided into two actions. The first one is the application,
where an user contacts an RA and presents proof of their identity. Then the RA
has the job to vet the presented proof and verify that it satisfies the requirements
to register. The nature of the proof and the requirements it needs to satisfy
are defined by the authentication system. For instance, when registering to a
website, it is often enough to present a valid email address. In this setting,
the vetting process is often a verification of said email address, by interacting
with a link sent to it. This is a very simple example, but vetting processes can
require many steps, waiting times, and sometimes require government issued
identification.
The second part of registration starts when the RA endorses the user identity.
The user engages in a process with the CSP of the system. This service issues
credentials to the users and binds them to the user identity. Credentials might
be sometimes set by the user. For instance, in the case of websites it is rather
common for the user to set a password. On the other hand, when issuing a
PIN for a smart cart it is more common for the CSP to assign one. Note that
credentials issuing is sometimes separated from registration proper. This is
because many systems allow for credentials re-issuing without going through a
full identity vetting.
This flow is recapped in Figure 1, steps R1 and R2.

Authentication
Authentication can also be divided into two steps. The first one is the trigger
to the authentication process. The user approaches a relying party, which could
be any service using the authentication scheme that the user registered to. The
user presents their credentials to the relying party in the forms that are defined
by the authentication system.
The RP proceeds to start the second part of the authentication process. In
this part, the credentials are relayed to the verifier of the authentication system.
This is a service that is able to check the credential and verify if it is indeed
bound to the user identity using the information provided by the CSP. if the
certification succeeds, the verifier certifies the identity of the user to the RP.
This is usually a simple confirmation, but the verifier can even specify the user
identity in some systems.
This flow is illustrated in Figure 1, steps A1 and A2.

2 Means of Authentication
Credentials can take many different forms, Each of them with their own advan-
tages and disadvantages. These are often a rather important part in the design

2
 Figure 1: Hash function

of an authentication system, as they would determine security and usability of

the system depending on how easily they can be forged, and how easily the user
can use them. Designing a good authentication system means finding a good
balance between these two properties, depending on the risk associated to the
application.
In this section we explore the four main classes of credentials and give some
explanation of their characteristics.

2.1 Something the user knows

This is the most widespread and popular mean of authentication. The credential
is some information that is either relayed to the user by the CSP, or even chosen
by the user. It is then required that the user remembers this information.
Instances of this mean of authentication are passwords, Personal Identification
Numbers (PINs), patterns, memorable information, and so on.
This kind of credential is still very widespread and before smartphones it was
the default mean of authentication, as it was the only cheap and practical way
to allow a user to authenticate regardless of circumstances. However, this kind
of credential is rather weak because it is limited by human memory. An easy

3
password to remember is also easy to guess. Moreover, users tend to use the
same password for multiple authentication systems, so that if any of those are
corrupted there is a catastrophic chain reaction. Moreover, passwords needs to
be stored for verification. If a database leaks and passwords are not adequately
protected, then an attacker can potentially learn all the user passwords. The
standard countermeasure of this is password hashing, where only the password
hash is stored by the verification service. Because of pre-image resistance and
collision resistance, an attacker cannot recover the original password, nor can
they forge a password that works with a given hash. One last issue with this
system is that in case of password reuse (by the same user or different users), the
hash would be the same. This would reveal which users have the same password
and allow an astute user to log in as someone else. To prevent this, passwords
are concatenated with a unique salt, a random value. The value is then stored
with the password hash for verification.
Note that this kind of credentials is also weak to shoulder surfing, where an
attacker in proximity of a user carefully watches as they type in their informa-
tion.

2.2 Something the user has

In this case the credential is a material object that the user owns, be it physical
or digital. It is the type of credential that has traditionally been used when
high confidence in the authentication is needed. Nowadays it is very popular
in conjunction with other means of authentication. A rather important ex-
ample of this mean of authentication are tokens, be them physical or digital,
that can be used to create one-time codes or that contain cryptographic keys.
Smart-cards are also another very important example. These are cards with an
embedded chip that are very popular in high confidence applications, such as
digital payments.
This mean of authentication is easier than knowledge based authentication
to steal. However, a theft is easier to identify.

2.3 Something the user is

Biometric authentication uses some physical characteristic of the user as a cre-
dential. Instances are face recognition, iris scanners, or fingerprint scanners.
Applications were limited by the cost of the equipment necessary to obtain
accurate enough reads of the physical characteristics. However, in the recent
years there has been a widespread application of fingerprint scanners and face
recognition due to the decrease in cost. Usability of biometrics is exceptional,
as the user does not need to carry or remember anything. However, one still
need to balance between accuracy and security. A system that often rejects your
fingerprint is annoying. However, by fixing the issue, one might make it easier
to forge a copy of the fingerprint that can fool the system. Care is required to
find a good trade-off.

4
 Although biometrics might seem very secure at first view, it also poses a few
questions. First of all, it is increasingly easy to obtain close enough reproduction
of fingerprints and faces that theft of credentials is a rather concrete possibility,
and to an increasingly large scale. Moreover, biometrics have one key flaw.
You can change your password, but you cannot easily change your face. Thus,
credential theft is permanent.

2.4 Something the user does

Dynamic biometrics are a special class of biometrics. Whereas biometrics are
simply physical characteristics of the user, dynamic biometrics refer to a be-
haviour of the user. Instances are voice recognition, typing patterns, or even
signatures.
We do not spend much time on this kind of authentication, as applications
are limited and characteristics are rather similar to the ones of static biometrics.

3 Modes of Authentication
There are three modes of authentication that relate to credentials.
In single factor authentication, only one credential is necessary to authenticate.
This is the simplest way to authenticate, but it also means that compromising
one credential is all an attacker needs to compromise the user identity.
In multi-factor authentication, a combination of more credentials is necessary
to authenticate. Two factor authentication is the most popular form of multi-
factor authentication. Using more factors is possible and there are examples
of it, but two factors are secure enough for general applications. More factors
would make the authentication cumbersome, annoying users.
In continuous authentication, there is not just one instance of authentication.

Figure 2: Continuous authentication

Some credentials might be needed for a first authentication, while further au-

5
thentication with different credentials might be necessary to preform more risky
operations. An example of continuous authentication is illustrated in Figure 2.
In addition to these three modes of authentication for credentials, there are
two modes that relate to the setting of the authentication. One is local authenti-
cation, where a user authenticates to a system that is physically close. Instances
of this would be a logging into a personal computer, or opening a door with a
key-card.
The other is remote, where a user authenticates to a system over some kind of
network, potentially public. An instance of this would be a login form for a
website. Note that remote authentication cannot be as simple as presenting a
credential. In fact, it is necessary that the authentication becomes a protocol
where the user not only proves possession of the credential, but also that the
protocol is being run live. A simple example, called challenge response, is il-
lustrated in Figure 3. In this example the verifier issues a unique challenge to
the user, who then uses his credential to produce an adequate response for the
verifier.

Figure 3: Continuous authentication

These settings are particularly important to make security considerations,

as remote authentication is susceptible to some specific attacks. In particular,
we have two. The first is denial of service, where the verifier is attacked with a
threat action that causes a disruption. This prevents users form authenticating
to the system, but it does not impact users that are already authenticated. The
second is called a replay attack, where an attacker captures the authentication
messages sent to the verifier and sends them again to authenticate. Note that
this attack can be prevented by making each run of the protocol unique, for
instance asking the user to produce a response to a unique challenge in order
to authenticate.

4 Security Issues
In this section we summarise the security issues that can affect different means
and modes of authentication, give examples of attacks and give some counter-
measures.
Attacks are divided into five categories:

6
 • Client attacks, where the attacker tries to authenticate as a user would.
• Host attacks, where the verifier is attacked.
• Theft, where the credential is stolen or copied.
• Replay, where a legitimate run is repeated to perform a malicious authen-
tication.
• Denial of service, where we specifically refer to denial of service caused by
a lockout, which is a deactivation of a credentials set because of too many
wrong attempts.

In Table 1 we give affected means of authentication and examples for each

of the attacks, with some possible countermeasure.

Attacks Mean Examples Countermeasures

Knowledge Exhaustive search, Limit attempts,
guessing long password or
PIN.
Client attack
Possession Exhaustive search Limit attempts.
Biometric False match Limit attempts, in-
crease accuracy.
Host attack Knowledge Database theft, dic- Hashing, long pass-
tionary search word or PIN.
Knowledge Shoulder surfing User education.
Possession Theft multi-factor au-
Theft or copy thentication
Biometric Make a copy of bio- Anti-spoofing input
metric device.
Replay Any Replay credential Challenge-response
presentation protocol.
Denial of service Any Lockout by wrong Multi-factor in-
attempts stead of limiting
attempts.

Table 1: Attacks. Examples and possible countermeasures

7
 Lecture 3 - Access Control
DIGI112 - ICT Security
15.09.2022

1 Principles of Access Control

In the previous lecture we introduced user authentication, the process to es-
tablish confidence in a user identity. Once the user identity is established, it
is necessary to determine what the user is allowed to access and which actions
they are allowed to perform. This process is called access control.
First of all, we give an overview of the broader context in which access con-
trol operates. After authentication, the user might request access to different
resources of the information system, be they hardware, software, or data. The
access control function is in charge of granting or denying access to said re-
sources. To do so, it queries some form of access control database that instructs
it about the access policies to system resources. These policies are generally set
by some system administrator, although this is not a strict requirement. We
can see an illustration of this process in Figure 1.

Figure 1: Access control in context

1
1.1 A Model for Access Control
There are three main entities of interest when designing an access control system.
• Subjects, entities capable of accessing system resources. Processes can be
physical users, or applications. However, we usually abstract away this
distinction and consider generic subjects or users.
• Objects, the resources that we want to regulate access to.
• Access rights, the different ways a subject may access an object.
Subjects can usually be further categorised in three classes:
• Owner of a resource. The creator or administrator of the resource.
• A group of subjects affine to the owner, to which some access rights might
be granted.
• The world, all other subjects to which the least access rights are granted.
This division is not mandatory, but it is quite useful and it is used, for
instance, in access control for personal computer OS.
We find it also useful to give an example of access rights for a category of
resources, namely files. In this setting, we usually have the following access
rights.
• Read. A user may view the content of a file.
• Write. A user may modify the content of a file.
• Create. A user may create a file in this location.
• Delete. A user may delete this particular file.
• Search. A user may list the files in this location.
However, it is worth pointing out that access right are object specific, depending
heavily on its nature and behaviour.
The way we regulate access rights to a specific object is through the definition
of access control policies. There are four main ways of defining policies, and they
yield the four main kinds of access control.
• In Discretionary Access Control (DAC), policies are based only on the
identity of the subject and the access rights that this specific identity
might have on the object that is being accessed. We call it discretionary
because a subject might have also the right to modify the access policies
of the object.
• Mandatory Access Control (MAC) is similar to DAC, but the ”mandatory”
indicates that access policies are fixed by an administrator, and subjects
have no control over them.

2
 • Role-Based Access Control (RBAC) defines roles and assigns users to roles.
Access rights are then granted or denied on a group level, instead of a
subject level.
• Attribute-Based Access Control (ABAC) define attributes for subjects,
objects, and environmental conditions. Access rights are then computed
based on the attributes of the specific subject and object involved in the
access request.
We now explore these different kinds of access policies in detail.

2 Discretionary Access Control

As we mentioned, in DAC policies are based only on the identity of the subject
and the access rights that this specific identity might have on the object that
is being accessed. The resulting relationships between objects and subjects can
be rather complicated and we need a tidy way to represent them, so that they
can be understandable to the access control function. We note that a subject
can have rights to multiple objects, and multiple subjects can have access to
the same object. This kind of relationship is called many-to-many, in contrast
to a one-to-one relationship. This kind of relationships can be represented in a
matrix, or table. To construct our matrix we assign a row to each subject in the
system and a column to each object in the system. Then, we write the access
rights that a subject has over an object in the cell identified by the two.
For instance, consider a system with three files and three users.
• User A owns File 1 and has read/write (rw) access to it. Moreover, it has
rw access to File2.

• User B has read (r) access to File 2. They also own File2 and have rw
access.
• User C has rw access to File 2. They also own File2 and have rw access.
Then we can create a matrix with users A, B, and C identifying each of the rows.
The columns are then identified with files 1, 2, and 3. We populate the cells of
the matrix with the appropriate access rights. This is illustrated in Figure 2.
This representation is rather handy, as all of the necessary information is
stored in one place and easy to search. However, it is quite wasteful because
many of the cells are left empty. It is possible to have more compact represen-
tations of the policies by sectioning rows or columns of the access matrix.
Access control lists (ACL) are obtained by selecting single columns of the
access matrix and eliminating empty cells. Each ACL refers to a single file and
it lists all of the users having access to it, alongside the relevant access rights.
This representation is useful for two main reasons. First, it makes possible to
store the ACL directly with the relevant file, so that the ACL is stored at least
as securely as the file and it is easy to retrieve. Moreover, it makes it really easy

3
 Figure 2: Access Matrix

to know exactly who has access to specific file. However, using ACLs it is hard
to list all of the files that a specific user can access.
Capability tickets are obtained by selecting single rows of the access matrix
and eliminating empty cells. Each ticket refers to a single users and lists all of
their access rights in the system. This is rather useful because it makes it easy
to know what a specific user can access, although it has the opposite issue of an
ACL, since you have to check all tickets to know who has access to a resource.
However, it poses a security issue, as the user must not be able to alter this
list. This issue can be solved by not giving the list to the user in the first place,
but we have tools to ensure the authenticity of some information. Indeed, it is
possible to use a cryptographic MAC or a digital signature to create unforgeable
tickets. This has a huge advantage in distributed systems, where the function
doing access control might be separated from the resources themselves. In fact,
these tickets can be safely handed to the user, who can present them to other
parts of the system to gain access to the relevant resources. The analogy with
physical tickets is quite fitting. You can buy a ticket to a concert that only gives
you access to general public, VIP areas, backstage, and so on. When you want
to gain access to a specific area, your ticket can be checked without having to
go through the ticket office again.
One last representation of this data is an authorization table. This represen-
tation gets rig of empty cells and stores rows of user, access right, and resouce
in a table as illustrated in Table 1. This type of structure is compact and it is

4
easy to find out both all users who have access to a resource, and all resources
accessible to a user. However, it presents the same inflexibility of the access
matrix, as it needs to be stored in an accessible centralized location.

Subject Access Right Object

User A Own File 1
User A Read File 1
User A Write File 1
User A Read File 2
User B Read File 1
User B Own File 2
User B Read File 2
User B Write File 2
User C Read File 2
User C Write File 2
User C Own File 3
User C Read File 3
User C Write File 3

Table 1: Authorization table for the Access Matrix in Figure 2

Although DAC is rather simple to setup, it is quite inflexible and adding a

new subject or object requires a complete analysis of which access rights should
be added to the matrix. However, this is not an issue in small systems, such as
a personal computer. Indeed, most OS use ACLs for controlling access to files.
Moreover, capability tickets are rather useful in distributed systems, where a
user can be given an unforgeable capability ticket to gain access to resources
without a need for central control. The inflexibility becomes an issue for more
complex systems, for which RBAC or ABAC might be more useful.
We also give a brief mention to MAC here. As previously mentioned, the
difference between MAC and DAC is that the latter has locked access rights set
by an administrator, while the latter leaves the access rights to the discretion
of the owners of the resources. All considerations made in this section for DAC
also apply to MAC. On top of what was already said, the mandatory aspect of
MAC, where a system administrator is the only entity allowed to modify access
rights, makes MAC even less flexible than DAC. On the other hand, this makes
the access control less error prone, reducing the risk that a user accidentally
exposes sensitive data by setting the wrong access rights to some object.

3 Role-Based Access Control

Role-based access control introduces the concept of roles, which is a subject
function within an organization. It then assigns subjects to one or more roles,
and uses said roles to determine their access rights. A good way to visualize this
transition is to substitute the subjects in DAC (or MAC) with roles, and assign

5
subjects to the appropriate roles. When an access right request to be evaluated,
the access control function just needs to look up the roles of the subject and
compose the access rights for these roles. The check can then continue as in
DAC.
Note that the relationship between roles and subjects is still a ”many-to-
many” as the one we described for subjects and objects above. This means that
we can use a similar structure, namely a role matrix, to represent these rela-
tionships. An example of role matrix is in Figure 3. The same considerations
we made about more compact representations for the role matrix are also ap-
plicable here. We can have horizontal sections producing lists of roles assigned
to each user, which behave in a similar way to capability tickets. We can also
have vertical sections producing a list of users for each role. Finally, we can also
use a role table with two columns, each entry linking a user to a role.

Figure 3: Role Matrix

RBAC is quite well suited for commercial applications inside an organiza-

tion. The structure of an organization is usually quite static, with roles such
as ”employee”, ”manager”, and so on. These roles are quite static in the orga-
nization, and so are the tasks they have to fulfil and the resources they need.
On the other hand, single subjects in the company are more likely to rotate or
change roles. The use of roles allows for this rotation without having to redefine
the logic of the access control system. However, the setup of a RBAC system
requires a more careful design than the setup a DAC or MAC system. Basing on
the complexity and tasks of an information system, one method might better
suited than the other. It is up to the designer of the information system to
choose which one to use.

6
3.1 RBAC0 to RBAC3
The basic role-based access control described above is referred to as RBAC0 .
There are three further flavours of RBAC, up to RBAC3 .
RBAC1 extends RBAC0 by introducing a hierarchy of roles. This hierarchy
reflects the hierarchy that we typically see in organizations. Roles with more
responsibility, like a manager, tend to have greater access rights than simple
employees. RBAC1 reflects this by allowing a role1 to inherit all access rights
from another role0 . In turn, some other role2 , higher in the hierarchy, might
inherit its access from role1 . It is also possible to have multiple hierarchies,
inherit from multiple nodes, and be inherited by multiple roles, producing an
intricate hierarchy of inheritance.
RBAC2 does not extend RBAC1 , but it is another extension of RBAC0 . It
introduces the concept of constraints. A constraint limits the possibility for a
subject to be assigned to a role. There are three main types of constraints.
• Roles can be made mutually exclusive, with membership in a role dis-
qualifying a subject from being assigned to a role. Imagine a role ”quality
controller” and a role ”designer”, a subject assigned to both could produce
a design and approve it, skipping the due control. The most extreme case
of mutually exclusive roles happens when all roles are mutually exclusive,
so that subject can only be assigned to one role.
• A cardinality constraint might be enforced, capping the number of subjects
who can be assigned to a role, or the number of roles a subject can have.
• Prerequisites might be put in place, where a subject can only be assigned
a role if they were already members of some other role in the RBAC.
RBAC3 is simply the combination of RBAC2 and RBAC1 , allowing both a
hierarchy of roles and constraints.

4 Attribute-Based Access Control

The last kind of access control we examine is ABAC. In ABAC we do not try to
list all access rights for subjects (DAC), or roles (RBAC). Instead, ABAC tries
to generalize the access rights as rules applicable to characteristics of subjects
and objects, also basing on the context in which the access is taking place
in. We call these characteristics attributes and generally divide them in three
categories.
• Subject attributes, referring to a subject in an information system. In-
stances could be ”age”, ”nationality”, and so on.
• Object attributes, referring to an object in an information system. In-
stances could be ”date”, ”author”, an so on.

7
 • Environment attributes, that are not related to a particular subject or
object, but rather are characteristics of the context in which the access
request is happening. For instance, they could indicate the current time
or date, active threats detected in the system, and so on.
Note that relevant attributes are chosen by the designer of an information system
to give a meaningful representation of what subject, objects, and the environ-
ment are in the context of the information system. For instance, the attribute
”age” might be relevant to deciding access rights to a movie, but the attribute
”shoe size” would likely be useless in this context.
The attributes are then put in relationship using access control policies,
rules that check the compatibility of subject attributes, object attributes, and
environment attributes to decide whether to grant or deny access to the object.
This logic can be rather complex, but it only needs to be designed once and
updated if a change in conditions happen. However, once it is put in place
there is very little need for updates in the policies, with just some updates for
attributes every now and then. Since attributes are simply characteristics of the
entity they describe, this is much less critical and more intuitive than updating
access rights.
For instance, consider an e-commerce website that wants to give access to
discounts for old products to faithful members. They can create an attribute
”membership_date” for users, and an attribute ”arrival_date” for objects.
Then, instead of having to check which users are loyal customers and specify
they have access to special discounts, they can simply check the membership
date is old enough.
display_discount(subject, object):
subject.membership_date is older than 2 years
AND
object.arrival_date is more than 6 months
This means that there is no need to assign users to a special ”loyal customer”
role, nor to constantly flag old products. The access policy will give access to
special discounts as soon as it is appropriate.
Typically, an ABAC system is designed as illustrated as in Figure 4. A
subject makes an access request to an access control service. In turn, this service
queries some data storage to retrieve information about the subject, object, and
environment. The service then applies the relevant access control policies to the
attributes and computes whether it needs to grant or deny access. Attributes
are generally stored alongside other data about the entities they refer to, and
not necessarily all in the same place. Moreover, access control policies might
also have a separate storage, in case the service is unable to store them locally.
This makes this access control system quite complex, and there are a lot of
moving parts that an attacker could try to corrupt. This makes ABAC more
vulnerable to attacks, requiring higher security for all of their parts. Note that
this is not an issue per se. However, this is also coupled to a higher complexity
of setup, since a lot of care needs to be taken when choosing attributes and

8
 Figure 4: Attribute Based Access Control

their relations through policies. For these reasons, ABAC are only worth the
investment when other kinds of access control policies would be impractical to
operate or maintain because the system is too complex for DAC and lacking a
role structure that would allow the use of RBAC.

9
 Lecture 4 - Malicious Software
DIGI112 - ICT Security
22.09.2022

Small disclaimer. These notes are extracted from the complete notes on ma-
licious software. Next week the full notes on malware are going to be published.
If you are using the material after 29.09, you can just download and use the
next week notes.

1 Malware
With malicious software, or malware for short, we indicate any piece of software
that is inserted in an information system with the intent of breaching some of its
security properties. It might also have the aim of being annoying or disruptive
to a user experience. The code is usually inserted covertly, but that is not
necessarily the case. In general, we are concerned both with the threat that
malicious software poses for other software, and to the threat posed to users
when they use compromised software, or the malware itself.
The lifecycle of a malware can be composed by the following five phases.
• Infection
• Dormant phase
• Propagation

• Trigger
• Payload deployment
In the infection phase, the malware manages to be injected into an infor-
mation system. Then, it might continue the attack straight away, or it might
have a dormant phase, waiting for some activation condition to be met. Either
way, at some point the malware enters the third phase of its lifecycle, namely
the propagation, when the malware aims to make as many copies of itself and
inject them into other components of the information system, or even other in-
formation system. It does so through a propagation mechanism that is specific
to each malware. Once the propagation is completed, the malware waits for a
set of criteria, called trigger to be met. As soon as the trigger is activated, the

1
last and final phase of a malware lifecycle start, and the malware payload is de-
ployed. The payload is the fragment of code in the malware that is responsible
for the malicious behaviour of the malware.
Mind, however, that it is possible to have malware that does not have all
five phases, and malware might skip any of them.
It is rather easy to see that the most important steps in the malware lifecycle
are propagation and payload deployment. It should not come as a surprise that
these are the two most popular characteristics that we use to classify malware.
Namely, propagation mean and payload. As far as propagation goes, we generally
divide malware in three big categories: malware that infects other content,
malware that is a standalone program and self-replicates, and malware that
does not autonomously self-replicate. On the other hand, we classify malware
according to their payload, basing on what are the effects of the payload, such
as spying, disruption, or loss of system integrity.

2 Propagation
Let us start by doing a classification based on the means of propagation of mal-
ware. Broadly speaking, we have two types of malware based on propagation.
Malware that aims to automatically replicating, such as viruses or malware, and
malware that relies on a user interaction to infect a system and generally lacks
self-replicating capabilities, such as Trojans. Let us go through the different
malware categories in detail.

2.1 Virus
A Virus is a fragment of software that can infect other programs by modifying
their code to hijack the execution. It is parasitic code, in the sense that it lacks
the capabilities to execute by itself, but it relies on another program to start
the execution. This is a similar behaviour to biologic viruses, which do not have
the ability to self-replicate, but they hijack the biological machinery of another
cell.
The simplest way a virus can inject itself inside another program is to simply
add their code at some point in the file that is going to be executed. However,
this causes an increase in the size of the file and might be detected. So, viruses
generally replace some of the original code, or replace functions calls from the
original program with calls to malicious functions stored elsewhere. Note, how-
ever, that the mode of injection is usually dependent on the infected content,
called target. Let us go over the different kinds of virus we can identify based
on target. In general we have
• Boot sector infector, targeting the code used to mount a hard drive or
start a OS. Note that this can allow the virus to execute in kernel space,
making this kind of threat quite dangerous.

• File infector, targeting generic executables in the system.

2
 • Macro virus, targeting non executable documents with scripting capabili-
ties. More on this below.
• Multipartite virus, when multiple file of different kinds are infected.
We add a special mention to the most prevalent kind of viruses in the last
few decades have been macro viruses. These viruses targets documents that use
macro programming capabilities. Instances of this are Word, Excel and PDF
documents. These kinds of documents can contain executable code, for instance
to show animations, and macro virus exploit these capabilities to execute their
code. Macro viruses have a lot of advantages, as they are easy to write, they
are platform independent. Moreover, since they infect files and not programs,
many antivirus tools were historically not as good at detecting them.
This kind of viruses is fading a bit now in favour of more powerful tools

2.2 Worms
A Worm is a program that actively seeks more machine to infect, and exploits a
vulnerability on those machines to self-replicate and execute on the new target
systems. Contrary to a virus, a worm is a standalone program and does not
infect other content.
We distinguish some categories of worms, basing on the kind of exploit they
use to self-replicate.

• e-mail or instant messaging. The worm sends itself as an attachment

exploiting some vulnerability of the mail client. In the past, the worm
could often further exploit some content execution vulnerability to run as
soon as the message was opened, but this is much harder to achieve with
modern mail clients.

• File Sharing. The worm creates copies of itself on physical devices con-
nected to the infected system. This is typically some removable media
such as an USB drive. It then exploits flaws in the auto-execution fea-
tures of hard drives to self execute when the media is plugged into a new
system.

• Remote file transfer. The worm creates copies of itself using remote file
transfer facilities in the network, such as a shared hard drive, or some
cloud storage.
• Remote execution. The worm uses some remote execution facilities to
execute itself on the target system. Either by using legitimately the ones
provided, or by exploiting vulnerabilities.
• Remote login. This is rather similar to remote execution, with the slight
difference that the worm uses remote login facilities to login to the target
system, and then executes itself.

3
 Note that since worms exploit vulnerabilities in systems, they usually do
not target systems indiscriminately. In fact, the generally scan a network or
a list of devices to identify the vulnerable ones, and then proceed with the
infection. Once a worm has infected a system, it generally follows the lifecycle
we mentioned in Section 1, although it generally skips the dormant phase.

2.3 Trojans
Trojans are part of the malware that generally does not aim to self-replicate
automatically. Instead, it relies on tricking the user. This process is called social
engineering and it is a set of techniques used to persuade a user to perform
actions that are deleterious for their security. We will examine some of these
techniques more in detail in the Section about payload (next week).
In particular, Trojans pretend to be useful programs, but contain some ma-
licious utility in their code. They can both masquerade as famous software, or
simply lie about their real goal. The former is sometimes the case when dealing
with pirated software. In the first scenario, a hacker provides a cracked version
of a commercial software containing malicious code, tricking users to install it
in order to avoid paying for the real software. In the latter, the malware simply
pretends to be a new software, such as a new word processor or antivirus, while
in fact containing malicious code.
Trojans can generally be divided into three categories, based on how much
of the original function they still absolve.
• Trojans which still perform all the functions of the mimicked software.
This is often the case for pirated software.
• Trojans that replace some of the functionalities of the original code with
malicious ones. For instance a mail client that still sends mail, but it also
forwards them to an attacker.
• Trojans that completely replace the functions of the original program.
This is often the case for Trojans masquerading as security programs.
Mobile Trojans are also worthy of a special mention. As users moved most
of their activity from laptops to smartphones, so the attackers started targeting
those systems. Mobile Trojans exploit the lack of transparency in the behaviour
of apps that was quite egregious until rather recently, and that sometimes still
characterizes mobile systems. Smartphone manufacturer tried to limit this issue
by restricting the accepted sources for apps to the official stores. However, this
does not stop a determined user to circumvent these precautions. Moreover,
malicious apps are still found on the stores, as they can sometimes slip through
the controls. Quite ironically, security apps are a popular target for this kind
of Trojans, with fake VPN and antivirus apps often being the target. This is
a product of two factors. They lure the user is a sense of fake confidence, but
the function they perform is not easy to verify for a user, making detection of
the malicious behaviour harder. An example of a trojan with most of the just

4
 Figure 1: Secure VPN Trojan

mentioned characteristics is the ”Secure VPN” app in Figure 1. A trojan that

was uploaded to the Play Store by security researches.

2.4 Spam and Phishing

Spam and phishing emails, or websites, are also a popular mean for the trans-
mission of malware. We will have a better talk about phishing in the Section
about payload (next week), but for now we focus on spam and phishing email
as a mean to distribute malware. However, it is worth pointing out that spam
email can sometimes be considered a malware themselves, as the bulk sending
of emails can sometimes slow down the delivery of legitimate mail, causing some
loss of availability and system integrity.

Figure 2: Example of spam email

Spam emails are generally not targeted to a specific user, as we can see in

5
Figure 2. They are as generic as possible and try provoke a panic reaction in
the user either by a threat, or by evoking a fear of missing out in a particular
opportunity. These are generally sent en masse to as many recipients as possible,
hoping that someone falls for the email and activates the payload.
Phishing emails can sometimes be spam, but they generally are more tar-
geted, trying to emulate the behaviour of an organization or some trusted party
for the user. This makes the user easier to convince if the impersonation is
successful. However, they require more research.
In the context of malware distribution, Spam and Phishing emails are gen-
erally used to trick the user to download or execute an attachment, or to visit a
malicious website. In the latter case, the attack usually proceeds on the website,
either through further deception, or through the exploit of a vulnerability in the
web browser.

2.5 Some history and APT

Malware has a rather interesting history. We give some interesting examples
observed over the years in Table 1. The timeline in the table highlights a
change of behaviour in malware and attackers. The first examples of malware
were mostly academic, or pranks. Even the infamous Morris worm was not
created with the aim of harming information systems. On the other hand, recent
attacks have seen a shift in the severity of threats and consequences. Malware
has become more sophisticated, and in some cases it is clear that organizations
or governments are behind it.
This lead to the formulation of the concept of an Advanced Persistent Threat,
or APT. An APT is not a malware, but a source of attacks using many different
kinds of intrusion technology, with malware being one of the most prominent.
APTs are often government organizations from different countries, although
some hacker collectives could also be classified as APTs. In order for an attacker
to be classified as an APT, it needs to have two characteristics. Unsurprisingly,
it needs to be advanced and persistent. A threat is advanced if it uses multiple
and sophisticated vulnerabilities and develops custom malware. Individual com-
ponents might not be sophisticated, but even in this case, they are still tailored
to the intended target. Moreover, a threat is persistent if attacks are not car-
ried out without a particular direction, but they have targets which are attacked
multiple times over a time span, until they are eventually cracked. APTs are
one of the most dangerous actors in cybersecurity nowadays, as the complexity
and tenaciousness of the attacks make a continued defence extremely hard and
costly.

6
 Table 1: A brief history of malware

1971 • Creeper. First ever self-replicating program. Not

malicious. It would just print a funny sentence and
copy itself somewhere else in the system.
1988 • Morris. Self-replicating worm without a malicious
payload. It was not programmed to check for
reinfection, so it would keep infecting all machines
available causing an uncontrolled chain reaction. It
escaped from MIT by mistake, and brought down the
internet for several days.
1998 • Melissa. E-mail attachment with an infected macro.
It would self-replicate and disable security tools.
Click-activated, so the line with a trojan is blurry.
2003 • SQL Slammer. Very compact code exploiting a
vulnerability in Microsoft SQL server for databases.
Extremely effective at infection, it had infected 90% of
possible targets in only 10 minutes. It spread so fast
that it congested the internet.
2010 • StuxNet. Stealth worm. It reduces its infection rate
to decrease the chances of being discovered. Uses
multiple vulnerabilities previously unknown and is
extremely complex. It only triggers when it detects the
environment is a particular industrial control system.
In particular it runs on nuclear centrifuges, causing
uncontrolled spins and thus breakages. First known
example of a malware aimed at sabotage, as well as
likely first example of a weaponized malware.
2011 • Duqu. Stealth worm, shares a lot of code with
StuxNet. However, it is used for cyber-espionage, in
particular information exfiltration.
2017 • WannaCry. Worm with an extremely fast infection
rate. It aggressively scans for new targets and infects
as many as possible. After infection, it encrypts the
data on the infected system and asks for a ransom.
This is virtually impossible to recover from if the
malware is correctly programmed. The 2017 attack
crippled several information systems in multiple
countries. It was only stopped because a security
researcher found a kill switch and activated it,
stopping new infections. Ransomwares have been
extremely popular since.

7
 Lecture 6 - Network Security
DIGI112 - ICT Security
06.10.2022

Small disclaimer, as for the malware section, these notes refer to the lecture
of 06.10. The complete notes including the last section on Denial of Service will
be published before the last lecture. If those notes are available you can replace
these notes with those.

1 Networks
We define a network as two or more computers connected to each other. We
say nodes when we talk about the computers connected to a network, and edges
when we talk about the connections between those machines. The geometry of
the nodes and their connections is called the topology of the network, essentially
its shape.

1.1 Local Area Network

The simplest example of network, except for the rather uninteresting case of two
computers connected through a simple cable, is a local area network or LAN.
These networks can have a multitude of topologies, from peer to peer, where
all nodes are connected to each other, to start networks, where all nodes are
connected to one central hub. For the sake of our presentation, we abstract away
from these shapes, and consider a bus model, illustrated in Figure 1, where all
nodes share a single cable and take turns to communicate, as to not interfere
with each other. LANs are generally small networks and concentrated in one
geographical location. Examples could be a school or public library network.
In LANs, nodes identify each other using a Media Access Control, or MAC,
address. A MAC address is composed by 6 numbers between 0 and 255, and
it is generally written in hexadecimal notation, with columns separating them.
It would look something like this: 00:B0:D0:63:C2:26. This number must be
unique for each device in the world, as two devices with the same address would
be indistinguishable if they were to connect to the same LAN. It is usually set
by the manufacturer of the hardware that deals with the network (be it an
Ethernet card, a WiFi card, or other). In order to enforce uniqueness, each
manufacturer is assigned a particular combination for the first three numbers
of the address, and they are then allowed to set the remaining three numbers
as they see fit.

1
 Figure 1: Bus shaped LAN, with simplified MAC addresses

A LAN by itself is sadly not enough to have a flexible and reliable network,
as it does not behave well when more and more nodes are added to it. At some
point, handling the communications inside a flat network like this is not feasible.
Imagine having to keep track of all the participants in the network. That alone
would be an impossible feat for a network having the scale of the internet.
Thus, we introduce a special type of node, that we call a router. This acts as
a barrier at the border of the LAN and it allows it to communicate with other
local area networks. We illustrate a router as node 4:8:2 in Figure 1.

1.2 Internetwork
We call an Internetwork two or more network connected together through one
or more routers. A simple example is illustrated in Figure 2.

1.3 OSI Layers

Before we continue with an explanation of the inner working of an Internet-
work, and the protocols used to transmit data through it, we introduce a useful
abstraction for the tasks that a network must perform. We divide the com-
munication in a network into 7 layers, from the more concrete, concerning the
hardware of a network, to the most abstract, concerning the data exchanged at
a logical level, completely detached from the networking logic.
The layers are illustrated in Figure 3, from the more concrete at the bottom
to the more abstract on the top. Note that the first three layers are concerned
with networking. Layers 1 and 2 with the communication of raw data on a
LAN, and layer 3 with finding the correct route in a network so that the data
can be delivered. Layer 4 is often referred to as the ”heart of the OSI layers”,
and it is concerned with encapsulating the data in packets that are digestible
by the three lower layers. The top three layers are only concerned with data.

2
 Figure 2: A simple Internetwork

Layers is concerned with keeping track of the logical units of data as they are
segmented to travel through the lower levels (think of a movie streaming, you
are not getting the whole film all at once, but bit by bit). Layer 6 is concerned
with encoding and encryption of the data. Finally, layer 7 is concerned about
the data as it is produced and consumed by the users.

Figure 3: OSI layers

3
 We now explore some of the layers in the OSI model in detail, and some of
the relevant protocols that regulate their inner working. In particular, we focus
on the HTTP over TCP/IP stack, which is the most common set of protocols
used on the internet as people usually experience it.

1.4 Network Layer - IP Protocol

We set aside the two lower layers for a second and focus on the third layer,
the network layer. This layer is tasked with routing packets from point A to
point B in an Internetwork. We could, in theory, keep using MAC addresses
as we did in a LAN. However, this would be impractical, since MAC addresses
do not give any indication of which network they are connected to. To solve
this issue, the internet protocol, IP, was created. For simplicity, we consider the
most commonly used IPv4, and we just refer to it as IP. This protocol uses IP
addresses to identify each node connected to an Internetwork. The addresses
are composed by 4 digits from 0 to 255, separated by a dot. Something like
192.168.1.1. Unlike MAC addresses, these have a structure, that is described
through a Subnet mask. A Subnet mask is also composed by 4 numbers from 0 to
255, although for most used masks the numbers are either 0 or 255. If a number
is 255, then the corresponding number in an IP address is considered, if it is
0, then it is ignored. This way, it is possible to use a mask 255.255.255.255
to indicate a specific IP address, but it is also possible to consider a mask
255.255.255.0 to consider all IP addresses in a range. Consider the IP we
saw above 192.168.1.1, with Subnet mask 255.255.255.0. This indicates all
addresses from 192.168.1.0 to 192.168.1.255. This expedient can be repeated
for masks 255.255.0.0, and 255.0.0.0 to indicate larger and larger networks.
The extreme case is the mask 0.0.0.0, which indicates the whole Internetwork.
With this instrument it is possible to define a hierarchy of networks, where a
network 172.1.0.0 with mask 255.255.0.0 (ISP level network) contains all the
networks 172.1.x.0 with mask 255.255.255.0 (local networks). A router is
tasked with being the contact point between each step of the hierarchy. They are
connected to a network of routers with all of the peers having similar 172.1.x.0
addresses, and all these peers will refer to a parent router, which is the contact
point with the higher step in the hierarchy. This is repeated until we reach the
255 top addresses.
Now that we have a hierarchy in place, we need to find a way to efficiently
route a packet through different networks

1.4.1 IP address routing

When a node wants to send a message, they will first check if the recipient IP is
in the same LAN. If so, then they will just look up their MAC address and send
the message to the. We will see how in the next section. Otherwise, it will relay
the message to their parent router, which in turn will check if the IP is part of
the network of peers we mentioned above. If the address is still not found, then
the message is relayed to the router parent and the operation repeats itself until

4
the combination of IP and Subnet mask is found among the peers of a router.
Then the packet is sent to the correct peer, and a similar chain is followed from
top to bottom, identifying the correct child router for each level of the hierarchy,
until a single IP is reached.
This is just a rough overview of the process of address resolution, but it is
more than enough for our purposes.

1.4.2 IP packet
The data sent in the IP protocol is divided into packets. These are composed by
a header and a body. The header contains the routing information (source and
destination IP), a checksum (digest) to ensure the header integrity, and some
extra information that we will not explore. The body contains the data that is
being transmitted in the packet.
Note that there is no mechanism in IP packets to ensure the integrity of
data, as that is handled by the higher layers of the OSI model. Moreover, there
is no relation between packets, nor a way to ensure a packet was received, as
this is also handled by the higher layers.

1.5 Data Link Layer - ARP Protocol

The data link layer is the lower level of the hierarchy that we will explore. It
handles communication within a LAN. In this layer, the data is organized in
frames, which are just a container of data with a source MAC address and a
destination MAC address. The frames are simply transmitted on the wire and
are received by all nodes connected to the cable, as illustrated in Figure 4. It is
then the task of each nodes to check whether they are the intended recipient of
the frame and process it, or discard it otherwise.
Moreover, there is a special broadcast address, namely FF:FF:FF:FF:FF:FF,
that indicates that a message is intended for all nodes connected to a LAN.
This kind of messages is used for service communications, for instance for some
messages in the address resolution protocol, or ARP. This protocol links together
layers 2 and 3 of the OSI model. It allows a node to claim (or be assigned) an
IP in the local network. There are two main kinds of messages in the ARP
protocol. When a new node joins a network, they announce themselves as
illustrated by Figure 5. Alternatively, whenever a node needs to communicate
with an unknown IP that was identified as part of the LAN, they will broadcast
a request for the owner of the unknown IP to identify themselves.
The information gathered through these announcement is compiled by each
node in a ARP table, with association between IP addresses and MAC addresses.
This is the first resource that a node uses whenever they try to send some data
inside the LAN.

5
 Figure 4: Data link frame transmission

Figure 5: ARP announcement

1.6 Transport Layer - TCP Protocol

In the transport layer, for the first time in the OSI model, we stop caring about
the networking and packet routing. Instead, we start focusing on the data to
transmit and their organisation in logical units. Data is still transmitted raw
and in packets, so that it is digestible to the underlying routing infrastructure,
but the protocol introduces the concept of a session, that is the organization of
data in a logical unit where a client, the entity initiating the request, contacts
a server, the entity that is being queried. This session spans multiple packets

6
and it is concerned with the logic behind the data being transmitted. Because
of this hybrid nature, TCP is often referred to as the heart of the OSI model.
The TCP packet is once again composed by a header and a body. The
latter simply contains the transmitted data, while the former has several fields.
We name the ones that are relevant to us. First of all, to differentiate this
packet from all the other packets of other TCP sessions that might be happening
between two IP addresses, a port is chosen. A port is a logical bucket where all
requests related to a specific logical unit are sent. For instance, all the traffic to
a website hosted on a node might go to port 80, differentiating different clients
by IP, while the client might assign a port, like 50689, to the outgoing traffic
coming from a web browser, or even from a specific tab in the browser. Then,
we a sequence number and an acknowledgement number, that are used to keep
track of the position of a packet in the context of a session. Moreover, there is
an integrity check for the whole packet, unlike what we had in the IP protocol
that would only ensure the integrity of the IP address. Last but not least, we
have a filed that indicates the type of packet. There are several types of TCP
packets, but we are mostly interested in three types,

• SYN, or synchronize, used by a client to signal the intention to initiate a

new session.
• ACK, or acknowledgement, used by a party to notify the other that a par-
ticular message has been received.

• FIN, or finish, used by a client to signal the intention to terminate a session.

Moreover, it is possible to combine the types, so that for instance a SYN-ACK
packet is an acknowledgement to a SYN packet. In addition to these three
packet types and combination, we could also have no type at all, indicating
that the packet is a regular data packet, or we could have a RST message, that
communicates that a critical error in communication was encountered, and the
session should be terminated.
The session, instead, is the logical unit that frames the data related to one
request from the client to the server. It starts with a 3-way handshake with
the sequence ’SYN - SYN/ACK - ACK’ initiated by the client as illustrated in
Figure 7.
Then communication proceeds with the client sending a packet with a SEQ#
starting from 1 and the first chunk of data. The server receives the packet and
responds with an ACK packet with ACK# = SEQ# + l, where l is the size of the data
in the received packet. The client can then prepare the next packet using SEQ#
= ACK#. Note that the client can transmit multiple packets at once, because the
size of data is known. This can sometime result in the packets arriving out of
order, but the server can reconstruct the order basing on the SEQ#. Moreover,
some packets might be lost. If the server detects a missing SEQ#, or the client a
missing ACK#, they can just resend the previous packet in the communication,
assuming that it was lost, and hope to receive the missing packet.

7
 Figure 6: TCP packet

Figure 7: TCP 3-way handshake

Finally, once the communication is concluded, the client can initiate an end
of session protocol with the sequence ’FIN - FIN/ACK - ACK’, in a similar way
as it was illustrated for the handshake.

1.7 Application Layer - HTTP Protocol

In the Application Layer any contact with the underlying networking infras-
tructure is lost. The sole focus is on the data and their usability. The concept
of source and destination is generally lost, replaced by two or more parties in a
communication. A typical setting is a Server/Client similar to the TCP 4-way
handshake.
We explore the Hyper-Text Transfer Protocol, or HTTP, since this is the

8
application layer protocol
HTTP is oriented to serving hyper-text, i.e.text that might encode more
complex information. It was designed for a rather different web than what we
are used to this day, one that was mostly text. However, it has adapted to an
extend and it is still one of the most used protocol for the public web. The focus
for HTTP is on resources that are organized like a file system, with an action
performed at a specific path, that is represented exactly like a folder path.
An HTTP request looks roughly like this:

POST /images/cat.png HTTP/1.1

Host: example.com
TransferEncoding: base64

iVBORwOKGg0AAAANSEUjhU...

Let us break this down:

• POST is the verb or mode of the request. It can be one of GET, POST, PUT,
DELETE and many others. Each of them defines an action to be performed
on the resource specified in the path.
• /images/cat.png is the path of the resource that we want to act upon, it
is a unique location in the website.
• HTTP/1.1 defines the version of the protocol to use
• Host ... until the empty line are the headers of the request, containing
metadata useful to the server to handle the request.
• Finally, there is the body with the data. Note that this is not mandatory
and it is perfectly fine to send a request that has no body.
The server then processes the request and returns a response with its own
headers and an optional body.

2 Sniffing and MitM

Now that we have seen an example of a stack built on the OSI layers, let us see
how this can be manipulated by a malicious actor to compromise the security
properties of the communication. In particular, we focus on two attacks on the
physical and data link layers of the OSI model.
Wiretapping is the first we explore, and this is a passive attack. It consists in
connecting to a LAN as a passive listener, either by intercepting radio waves of
a WiFi, or by physically connecting to a Ethernet without announcing oneself.
This attack can impact the confidentiality of data, as it enables the attacker to
listen to all the conversations that are being had over the LAN. However, since
the attacker does not announce itself, there is no threat to the data integrity
nor the availability of the communication.

9
 Figure 8: ARP spoofing

Man in the Middle are a category of more powerful attacks. The attacker
manages to become an intermediary between two (or more) nodes in an net-
work. Being an intermediate node, the attacker can not only read all traffic,
but they can also manipulate the content of packets and especially drop pack-
ets, impacting confidentiality, data integrity and availability. Sadly, the lower
layers of the OSI model mostly run on trust and there is little to no security
built in. One notable example of this issue is ARP spoofing. Since there is no
integrity or authenticity built into the ARP announcements, an attacker can
easily masquerade as the LAN router, and redirect all traffic going in and out
the network through their node. This is illustrated in Figure 8.
This is a very low skill attack, although it does require that the attacker
is connected to the network. Notice that this is easier to detect than a plain
wiretapping, but it is much more potent.

2.1 Adversarial Model

Since the lower levels of networks run completely on trust, we can not rely on
anyone on a network being honest. This leads to the formulation of a rather
peculiar adversarial model for networks. Instead of localizing the attacker to
some components of the network, we assume that the network itself is a malicious
actor, and we only trust the information in the perimeter of our node, i.e. our
machine. This means that we need to establish confidence in any actor we
interact with, without having a secure form of communication a priori. This
is called the bootstrap problem, and sadly it is impossible to solve relying only
on the network. Instead, some form of external communication is necessary.
However, it is impractical to have an external communication every time a node
need to contact another node. Now, mind that this problem has a solution,
and we will see it in the next section. It does involve some out of network
communication, but luckily we manage to limit that to the construction phase

10
of a device.

3 TLS and HTTPS

Since the adversarial model assumes that everything outside of the perimeter is
untrusted, we first need to solve the bootstrap problem. Then, the remaining
properties we need to achieve are confidentiality and integrity. These properties
need to be achieved in the adversarial model above, although, after authenti-
cating the server, we can at least assume that the information coming from the
it is genuine, as long as we have some way to enforce its authenticity.

3.1 PKI - authenticate the server

Public Key Infrastructure, or PKI, is the solution to the bootstrap problem
outlined above. It allows a server to authenticate to a user, without using any
additional information than what the user already has on their machine. Note
that usually the user is not authenticated to the server, as this would usually
be performed using some other credential in a remote authentication protocol,
if the user were to request access to some regulated resource.
The main tools used in PKI are Digital Signatures and X509 digital certifi-
cates. An X509 certificate is a standard format for a document that binds a
public key for digital signature to a set of additional information. The integrity
of this document is then ensured through a digital signature itself, generally
using a different key than the one that is certified. Except for a special class
of certificates, called self-signed certificates, that are signed with the same key
that is certified.
PKI is based on the trust of a number of companies, called certificate author-
ities, or CAs, geographically distributed and adhering to a strict standard for
security. Their main task is to generate so called root certificates, namely some
self-signed certificates, and to be custodians of the keys used to generate them.
Root keys, the private keys associated to these certificates, are kept in high se-
curity locations. These are completely disconnected from the internet, shielded
against electro-magnetic radiation, and guarded by armed forces. Whenever
a root key is used there is a ceremony lasting hours or days, where the root
keys are reconstructed by a diverse set of employees of the CA and used to sign
intermediate certificates. Intermediate certificates are then used to sign other
intermediate certificates, up to a strictly regulated number of times, and finally
to sign a server certificate, the private key of which is managed by the host of
a website. This is illustrated by the blue arrows in Figure 9.
Root certificates are installed on devices by manufacturers, based on the
trust that the manufacturer has in a specific CA. When a client tries to verify
the certificate of a server, they will retrieve the whole chain of certificates up
to the root certificate, also called root of trust in this scenario. This process is
illustrated by the green arrows in Figure 9.

11
 Figure 9: Chain of Trust

It goes without saying that a CA is only as valid as its reputation. Indeed,

there is not limit to the certificates that a CA can sign, and a compromised CA
could forge certificates for ANY website on the internet. The issuing of even
one incorrect certificate, called misissuing, can spell doom for a CA, let alone an
actual key compromise where an attacker can forge certificates at will. If there
is even the slightest hint at a CA being compromised, their root certificates are
likely to be removed by manufacturers, and trust is unlikely to be ever gained
back.

3.2 Confidentiality and Integrity

Now that we have a way to authenticate a server, and to associate a public key
to it, we can use said key to enforce the integrity of messages sent from the
server to the user.
Let us recollect that we have cryptographic tools to enforce confidentiality
and integrity, respectively encryption and MACs. However, these rely on a
shared secret key. Thus, the problem becomes how to agree on a secret key.
This is solved in TLS with the use of a 4-way handshake, which is used to
agree on which encryption and integrity check to use, and to share a secret key
between user and server, called session key.
The handshake starts with a regular TCP handshake, and then proceeds
with an additional 4-way handshake. This has 4 types of messages.

• clientHello, serverHello. This is used for the server and client to

present themselves and negotiate the version of TLS to use and which
ciphers they support, called ciphersuite.
• changeCipherSpec. This message indicates that all the next messages are
going to be encrypted with the negotiated ciphersuite.

12
 • Certificate and serverHelloDone, that present the server certificate to
the client, and terminate the serverHello message.
• Finished. That indicates that the handshake is successfully concluded.

These messages are then transmitted as illustrated in Figure 10, with the
addition of the clientKeyExchange, that is the beginning of a subprotocol to
agree on a secret key. We will see in the next session what that entails.

Figure 10: TLS 4-way handshake

After the handshake, communications work as in TCP, but we encrypt all

the data using the agreed ciphersuite. Communication ends with a regular TCP
’FIN - FIN/ACK - ACK’.
Finally, HTTPS is simply defined as HTTP over TLS, where all the HTTP
request is encrypted using the agreed ciphersuite.

3.2.1 Key Exchange

A key exchange is a cryptographic primitive that is used to agree on a secret key
for symmetric encryption. Without going into too much detail, a key exchange
uses a mathematical operation between a private value a, and a public value G,
denoted as .. It is easy to compute F = a.G with knowledge of a, but it is hard
to find a with the knowledge of F and G. Moreover, a.(b.G) = (a ∗ b).G, where
∗ is the multiplication we all know. Then the key exchange operates as follows.
Both client and server generate random secrets sclient = s1 and sserver = s2 .
Then they hide them using the . operation with a public parameter G known

13
to everyone, computing respectively F1 = s1 .G and F2 = s2 .G. They then
transmit the F1 and F2 . Now the client can compute

s1 .F2 = s1 .(s2 .G) = (s1 ∗ s2 ).G,

and the server can compute

s2 .F1 = s2 .(s1 .G) = (s2 ∗ s1 ).G,

and these two quantities are equal because the multiplication is commutative.
An attacker that only see G, F1 , and F2 has no way of reconstructing either
the secrets s1 , s2 , nor the shared value. The only way this can be attacked is
by manipulating the messages. However, this is not possible on the server side
because the public key in the server certificate is used to certify the messages
sent by the server. It is still possible to manipulate client messages, but this
can not trick the client, which will then refuse to continue. Thus the attacker
can only reach a connection with the server, but since the server is accepting
connections by everyone the attacker gained nothing that they could not gain
by going through a honest handshake of their own.
Moreover, even if the attacker records the handshake and later the key of
the server is compromised, they still can not break past the exchange, as the
key is only used to ensure integrity. Assuming that the session key is correctly
deleted after communication, then we achieve forward secrecy, which is the
property of a communication of being secure even if the key material used
in it is compromised. This is particularly important in communication that
exchange information that must remain secure for a long period of time, such
as bank card details or credentials. Since this is often the case when accessing
websites, this property is quite desirable in a protocol designed to secure online
communications that could be intercepted and stored.

14
 Exercises Key 1 - Overview of Cyber-security
DIGI112 - ICT Security

Exercise 1
1) What components of an information system are considered assets?
The components of an information system that are considered assets are Hard-
ware, software, and data. Hardware is composed by the physical components of
the system.
Software is composed by the programs and routines running in the information
systems.
Data are the facts that the system collects, organizes and processes to create
useful information.

2) Explain the role of people in an information system.

People are an essential component of the inofrmation system. They design,
maintain, and operate the system. Designers and maintainers are essential to
monitor the system, fix it, and improve it. Users are the ones that ultimately
extract value from the system.
However, people can also be manipulated to damage the system, both knowingly
and unknowingly, becoming liabilities.

3) Which are the components of the CIA triad?

• Confidentiality. Preserving authorized restrictions on information access
and disclosure, including means for protecting an individual privacy.
• Integrity. Guarding against unauthorized information modification or de-
struction.

• Availability. Ensuring timely and reliable access and use of information.

4) What is the difference between system integrity and data integrity?

Data integrity refers to the destruction or modification of information being
stored, processed, or transmitted through the system. System integrity refers
the modification or destruction of processes, functions, or procedures in the
system.

1
5) Which threat consequence can affect availability? What threat
actions can cause it?
Disruption is the threat consequence that can affect availability.
It can be caused by incapacitation, where an entity disables a component of
the system, corruption, where an entity adversely modifies system functions or
data, or obstruction, where an entity hinders system operations by blocking
communications or overloading components of the system.

6) Explain the difference between the threat actions of exposure and

intrusion. What threat consequence do they cause?
In exposure sensitive data is released from an entity within the system. In intru-
sion an unauthorized entity gains access to the sensitive data by circumventing
a system’s security protections.
They both cause and unauthorized disclosure.

7) What cryptographic tool can be used to ensure confidentiality?

The cryptographic tool used to ensure confidentiality is encryption.

8) What is the difference between an hash function and a MAC?

A hash function is a cryptographic primitive that ensures integrity. It is used to
compute the digest of a message. The integrity of the message can be verified
by re-computing the digest and comparing it to the original one.
A MAC is also a cryptographic prmitive that ensures integrity, but it also
provides some authenticity. It also produces a tag of some message that can be
later re-computed to verify integrity. The main difference is that it also requires
a secret key to produce and verify a tag. This is why it is also called a keyed
hash function. It also requires the extra property of unforgeability.

Exercise 2
Some examples of data that requires confidentiality are marks, or solutions to
mandatory assignemnts. On the other hand, solutions to this exercise sheet
would not have confidentiality as a priority. Integrity is often a requirement,
but for instance brainstorming canvas do not have a requirement of integrity,
as they are meant to be contributed to by all students. Availability is almost
always a requirement, although mitt seems to think otherwise. :)

2
Exercise 3
1) Eve exploits a bug in mitt.uib to change the assignment marks of
all the students of DIGI-100.
The threat consequence is deception, and it impacts information integrity. The
threat action is falsification.

2) Alice goes to the doctor to get a blood exam. The next week the
doctor uploads the results to Bob’s clinical record by mistake.
The threat consequence is unauthorized disclosure and it impacts confidentiality.
The threat action is exposure, because the doctor is an authorized entity in the
system.

3) Charlie is watching Netflix, when Alice turns off the Wi-Fi router.
The threat consequence is disruption and it impacts availability. The threat ac-
tion is incapacitation, because Alice disables a system component. If Alice had
turned on the microwave to interfere with the Wi-Fi, that would be obstruction.
FYI, yes this is a thing:
https://whatsabyte.com/internet/microwave-interferences-with-wi-fi

4) Millions of Gmail accounts are lost because a flood destroyed one

of Google data-centers.
The threat consequence is disruption and it impacts both availability and system
integrity. The threat action is incapacitation. This is a good example that
security incidents do not deal only with attackers, but also with more generic
incidents.

5) Frank wiretaps Alice landline and learns that she plans to buy
some Apple obligations.
The threat consequence is unauthorized disclosure and it impacts confidentiality.
The threat action is interception.

6) John has a website that sells houseplants. Mike gets access to the
website pretending to be Mike and changes all the prices to 0 nok.
The threat consequence is deception. Threat actions are masquerade and falsi-
fication.

3
Exercise 4
1) Alice encrypts a message and transmits it with a MAC tag.
The encryption provides confidentiality. In addition, the MAC tag provides
integrity and a degree of authenticity.

2) Charlie signs a message with a digital signature and publishes it

on a website.
The digital signature provides integrity and authenticity.

3) Bob encrypts a file and stores it on a hard-drive with a digest of

the message.
Encryption provides confidentiality. Sadly, the digest does onl provides partial
integrity in this setting, because the file and the digest are in the same place.
Let us take a step back. If an attacker finds a file and its digest, they can simply
change the file and the digest, so the digest would provide no integrity. Here the
file is encrypted, so an attacker can not change it and update the digest, because
they cannot read the real content of the file. However, they can swap this file
and digest for a different encrypted file and its digest. This is less powerful, but
it can still be a vulnerability
This wants to be an example of the fact that cryptographic protocols ensure
security property only if they are used correctly.

4
 Exercise Key 2 - Authentication
INF624 - Introduction to cybersecurity

Exercise 1
1) What is the role of a Credential Service Provider
A CSP participates in the registration flow. After the RA has vetted a user
identity, the CSP engages in a protocol with the user and issues the user a set
of credentials that are then bound to its identity by the CSP. The user can
later redeem those credentials to provide confidence on their identity to the
authentication system.

2) Describe the flow for authentication.

The flow for authentication starts when a user applies to authenticate with a
RP. The user sends its credentials to the RP, which relays them to a verifier
service. This service will in turn verify the credentials with the data provided
by the CSP and give a response to the relying party.
A possible alternative flow sees the user contacting the verifier directly after
first contact with the RP. The flow then resumes as before, with the verifier
checking the user credentials and giving a confirmation to the RP.

3) What are the four means of authentication

The four means are something the user knows, has, is, or does. Examples of
something the user has are passwords or PINs. Examples of something the user
has are a keycard or a token. The last two methods are, respectively, static and
dynamic biometrics. Examples of the former are fingerprint or face recognition.
Examples of the latter are voice recognition or signature recognition.

4) What is ownership based authentication? Give an example

Ownership based authentication is one of the four means of authentication,
where the credential is something the user has. Examples are software or hard-
ware tokens, smart cards, and magnetic key-cards.

5) Why is multi-factor authentication more secure than single factor?

Multi-factor authentication requires the use of multiple credentials, possibly
belonging to different authentication means. This has two main advantages over

1
single factor authentication. One is that the attacker has to compromise multiple
credentials to carry on a successful attack. The other is that the credentials can
belong to different means of authentication. As we saw, these have different
weaknesses and strengths. An attacker cannot just repeat the same attack
twice, but they must design a specific attack to compromise each credential.

6) What is continuous authentication?

Continuous authentication is a mode of authentication where the user performs
a first authentication to log into a service, but then has to perform additional
authentications, potentially using different credentials, to perform riskier ac-
tions.

7) Give an example of eavesdropping for knowledge based authenti-

cation. What are the possible countermeasures?
”Shoulder surfing” is an example of eavesdropping for knowledge based authen-
tication. It consists in physically observing a user while they enter their knowl-
edge based credential into a device. This is particularly simple with pattern and
pin based authentication.
Countermeasures are user education and swift credential revocation if a
breach is detected. For instance, minibanks ask users to cover the device while
they enter their PIN, and banks monitor card activity for signs of fraud.

8) What is a replay attack? What is a possible countermeasure?

A replay attack consists of re-transmitting some captured authentication mes-
sage from a genuine authentication protocol, to simulate a new fraudulent one.
For instance, if the authentication message is only the encrypted PIN or pass-
word, re-sending the message would trick a verifier into approving the password
again.
Countermeasures are making every authentication run unique through the
use of challenge-response protocols or other unique identifiers in the communi-
cation.

9) Both knowledge based authentication and token based authentica-

tion are susceptible to theft, but in a different way. Explain
Both credentials can be extorted by force, or misplaced (physically, or by storing
passwords on physical supports like post-its). They can also be stolen without
the user knowledge. Knowledge based through shoulder surfing, and ownership
based through robbery. However, it is harder to detect the theft of a knowledge
based credential, at least until it is used. On the other hand, it is rather easy
to detect the theft of a physical credential. Software credentials are also easier
to track, as long as proper systems are put in place.

2
Exercise 2
mitt.uib using Feide
The RA for Feide with UiB is the university itself. The vetting process is done
during the enrolment of a UiB student or employee, where government issued ID
and right to work/study documents are vetted by the university administration.
The CSP is Feide and so is the verifier.
Feide has many relying parties. In this scenario we are considering the
authentication to mitt.uib, so this platform is the RP.
To the best of my knowledge, Feide uses a password login, so it uses single
factor, knowledge based authentication. If you have a different setup, please
let me know. There is no wrong answer, as long as the mean and mode of
authentication is correctly classified.
The authentication is remote.

A Windows laptop
The RA is the laptop OS, or installer in installation phase. In installation phase
there is no vetting, the user is given the power to create as many identities, with
as many credentials they want. During operations, the vetting process is having
an existing administrator trust you enough to set up an account for you.
The CSP and verifier are the system OS, although in this instance the cre-
dentials are user chosen.
The relying party is once again the system OS.
Means of authentication are password and PIN (knowledge based), and pos-
sibly biometrics if the hardware supports it.
Windows employs continuous authentication. There is a single factor login,
typically with password, PIN, or biometric. However, it is necessary to re-enter
a user password to make critical user changes, and an administrator password
to make system wide critical changes.
This is a case of local authentication.

An employee keycard to access the workplace.

The RA is usually the employer, and the vetting process is composed by the
various identity and right to work checks needed to start an employment con-
tract.
The CSP and verifier are also usually the employer. However, sometimes
the management of the building is delegated to external companies. In this case
the CSPs are those companies.
An instance of relying party are the workplace doors, that might be perma-
nently locked or just after hours.
Means of authentication are the keycard, ownership based, and sometimes
an associated PIN, knowledge based. The mode is generally continuous au-
thentication, at least for larger organizations. Sometimes it is single factor (for

3
instance some low security doors), other times multi-factor (for external doors
and secure areas). It is continuous because you need to authenticate again for
every door that you need to cross.
This is a case of local authentication.

The VISA (or Mastercard) payment system for physical or

online payments
The RA in this case is your bank or CC issuer. The vetting process varies
by country. In Norway you usually need to open a bank account. For a
first setup this requires presenting government issued eID (biometric passports,
for instance), and an identification number for the tax authority. Either the
fødelsnummer or the D-nummer.
The CSP is the VISA (or Mastercard) network, and so is the verifier.
Relying parties are usually online or offline shops.
Credentials are the smart-card (ownership), the CVV2 (knowledge), a PIN
(knowledge), and sometimes a software token (ownership) or some other addi-
tional credential.
We have many examples of payment methods. Some of them local, like POS
payments, other remote, like online payments. Modes of authentication are also
different. Contactless payments are single factor, chip&pin payments are multi-
factor. Also online payments can be single-factor, requiring only the knowledge
of the CVV2, while often times an additional credential is required, making the
authentication multi-factor.

Netflix
Netflix is a clear example of an ”all-in-one” remote authentication. RA, CSP,
verifier and relying party are the Netflix website. The vetting process is sim-
ply an email verification and the credential is a, knowledge based, password.
Authentication is single factor and remote.

4
Exercise 1
1.) What is the difference between authentication and ac-
cess control?
Authentication is the process through which an information system establishes
confidence in a subject identity. Access control the process through which an
information system grants access rights to a subject once their identity has been
assessed.

2) List the different kinds of access control

We listed four different kinds of access control.
DAC, discretionary access control, considers single subjects and enumerates
the access rights they have over different objects in the system. These access
rights can include ownership, and the owner of an object can modify the access
rights to it.
MAC, mandatory access control, works in a similar way to DAC, but access
rights can only be edited by a system administrator, instead of delegating this
capability to the object owners.
RBAC, role based access control, introduces roles, categories of subjects
grouped based on their tasks in an organization. Access rights are then granted
on a role basis and subjects are assigned different roles.
ABAC, attribute based access control, introduces attributes, characteristics
of subjects, objects, and the environment. Access rights are then computed by
evaluating logical statements on the attributes.

3) How is DAC different from MAC

While both DAC and MAC consider access rights on individual subjects and
objects, and put them in relation, they differ in the capabilities of the owner
of an object. In DAC, owners have the ability to edit the access rights to an
object they own. In MAC, the access rights are set by a system administrator
and cannot be edited by an object owner.

4) What is the drawback of an access matrix?

An access matrix is a sparse representation, because the matrix still contains
all cells relating a subject to an object, even when the subject has no access
rights to the object. This means that some storage is wasted to memorize these
empty cells.

1
5) What is a capability ticket? Why is it important that a
user cannot forge it?
A capability ticket is obtained by slicing a row of an access matrix. It is a list of
all of the access rights a user has in the information system. It is important that
a user cannot forge a capability ticket, otherwise they could make fraudulent
claims to have more access rights than they actually do.

6) What are RBAC0 , RBAC1 , RBAC2 and RBAC3 ? De-

scribe their relation.
RBAC0 , RBAC1 , RBAC2 and RBAC3 are different flavours of role based access
control.
RBAC0 is the basic form of RBAC. Roles are defined and access rights are
given to the roles. Then, users are assigned to different roles based on their
tasks.
RBAC1 introduces hierarchies of roles, where some role inherit the access
rights of other roles that are subordinate to them.
RBAC2 introduces the concept of constraints that disallow a user to be
assigned a role. The constraints could be mutually exclusive roles, cardinality
constraints, and prerequisite roles.
RBAC3 is a combination of RBAC1 and RBAC2 .

7) What are either types of attributes in ABAC?

There are three types of attributes in ABAC. Subject attributes, object at-
tributes and environment attributes. Subject and object attributes are are
characteristics of a subject or object, respectively. Environment attributes are
not linked to a particular subject or object, but they capture the circumstances
in which an access request takes place.

8) What is the security issue with ABAC?

While in DAC, MAC, and RBAC the access rights are granted on the basis
of information that are internal to the access control service, in ABAC the
access rights are computed basing on subject and object attributes. These
might be stored in different locations, external to the access control service. This
means that the access control service must be able to retrieve this information
reliably and securely, ensuring its authenticity. An attacker who is able to
compromise the integrity of this information can gain unauthorized access to
resources without having to compromise the access control service itself.

2
Exercise 2
1) Access matrix
To fill the access matrix, we create on row for each subject and a column for
each object. Then we fill the cells with the information provided in the items.

Object1 Object2 Object3 Object 4 object5

Subject1 Own, RW Own, RW R R R
Subject2 RW Own, RW Own, RW RW
Subject3 Own, RW
Subject4 R R R

2) ACL for object4

We need to select the row for object4 from the access matrix above.

Object 4
Subject1 R
Subject2 Own, RW
Subject3
Subject4 R

Then we eliminate empty spaces to compact the representation.

Subject 1
R
Subject 2
Own
RW
Subject 4
R

3
3) Capability ticket for subject1
We need to select the row for subject1 from the access matrix

Object1 Object2 Object3 Object 4 object5

Subject1 Own, RW Own, RW R R R

In this case there is no empty space to remove, so we just write all in the
capability ticket.

Object 1
Own
RW
Object 2
Own
RW
Object 3
R
Object 4
R
Object 5
R

4
4) Authorization table
In this case we need to go through each cell of the access matrix and organize
the access rights in the authorization table.

Subject Access Right Object

Subject 1 Own Object 1
Subject 1 Read Object 1
Subject 1 Write Object 1
Subject 1 Own Object 2
Subject 1 Read Object 2
Subject 1 Write Object 2
Subject 1 Read Object 2
Subject 1 Read Object 3
Subject 1 Read Object 4
Subject 1 Read Object 5
Subject 2 Read Object 2
Subject 2 Write Object 2
Subject 2 Own Object 3
Subject 2 Read Object 3
Subject 2 Write Object 3
Subject 2 Own Object 4
Subject 2 Read Object 4
Subject 2 Write Object 4
Subject 2 Read Object 5
Subject 2 Write Object 5
Subject 3 Own Object 5
Subject 3 Read Object 5
Subject 3 Write Object 5
Subject 4 Read Object 3
Subject 4 Read Object 4
Subject 4 Read Object 5

5
Exercise 3
1) Role Matrix
to construct the role matrix we create a row for each subject and a column for
each role, then we go through the role assignments and fill the appropriate cells.

Admin User Auditor

Subject1 X X
Subject2 X
Subject3 X
Subject4 X

2) Role-Based access matrix

Object1 Object2 Object3 Object4 Object5

Admin Own, RW Own, RW Own, RW Own, RW Own, RW
User Own, RW Own, RW Own, RW
Auditor R R R R R

0.1 3) Simplify the system by adding a hierarchy of roles.

Rewrite the simplified access matrix
It is possible to simplify the system by noting that an Admin has all the access
rights of a User, and then some. Then we can set up admin to inherit access
rights from a User and rewrite the matrix as follows.

Object1 Object2 Object3 Object4 Object5

Admin Own, RW Own, RW
User Own, RW Own, RW Own, RW
Auditor R R R R R

Now, whenever we give access rights to the User role, these are automatically
reflected in the Admin role without need to update the access matrix for the
Admin role, too.

6
 Exercises Key 4 - Malware Taxonomy
DIGI112 - ICT Security

Exercise 1
Review Questions

What do we mean by malware?

A malware is any piece of software that is inserted in an information system
with the intent of breaching some of its security properties.

What is the trigger phase in a malware lifecycle?

The trigger phase in the malware lifecycle follows the infection, dormant, and
propagation phase. After propagating itself around the information system, and
potentially other information systems, the malware waits for certain conditions
to be met before beginning the attack phase. These conditions could be envi-
ronmental, as in a particular condition of the information system. The trigger
could also be a particular execution point in the host program in the case of a
virus. Sometimes, the trigger could even be a direct communication from the
attacker coming from outside the network.

Which files are infected by a macro virus, and how?

A macro virus infects files like word or excel documents. It exploits some code
execution capabilities (macro) of the most popular office suites. Although these
capabilities are rather limited nowadays, they used to be quite powerful and
not well isolated from the host system. A macro virus could then break the
constraints of the host software and infect the system or carry out the attack.

What is the difference between a worm and a virus? What

is the similarity?
Both a worm and a virus are a kind of malware that generally aims to self propa-
gation, unlike other kinds of malware like trojans that usually do not propagate.
However, a worm is usually a standalone program that exploits vulnerabilities
in a system to execute and create copies of itself on the information system and
other information systems. On the other hand, a virus is only a fragment of
code, and it does not have the ability to execute by itself. Instead, just like a

1
human virus, it infects some other executable content and hijacks the regular
flow of computation of the host program.

How does a worm propagate through email attachments?

And file sharing?
Email worms propagate as attachments to some email. They used to be rather
popular when email clients would indiscriminately load images and execute con-
tent. They would then exploit a flaw in the design of the client to escape the
constraints of the email client and infect the host machine. Nowadays, email
clients are usually more careful and do not execute content unless the user ex-
plicitly requests so.
Other works spread through physical file sharing, that is, they would infect
some physical media for file sharing, like a USB stick, and then take advantage
of the autoplay functionalities of some system, or replace the MBR for the drive,
which is always executed when a media is inserted in a computer.
Finally, some worms spread through online file sharing, either by infecting
some virtual online disk, or by exploiting file sharing facilities such as peer to
peer networks for file sharing.

Explain what is a trojan.

A trojan is a class of malware that spreads by masquerading as legitimate soft-
ware to trick the user into installing them on their system. It is a rather popular
mean for targeted attacks, as you can choose who to send the trojan, as well
as for indiscriminate attacks, where the trojan is advertised to large number of
users hoping that some of them would fall for it.
This particular class of malware is quite widespread in the world of pirated
software, since integrity checks on the software would already be disabled to
enable cracking.

What different kinds of Trojans can you recognize based on

their behaviour?
There are three main kinds of trojans based on their behaviour. Some trojans
work exactly as the software they are mimicking, while also executing malicious
content on the side. Other trojans provide most of the functionalities of the orig-
inal software, but some of the functionalities might be corrupted to the attacker
advantage. For instance, a trojan masquerading as a browser might redirect
the user to malicious websites, or serve unwanted advertisements. Finally, some
trojans do not provide any of the advertised features, but are only malicious
in nature. For instance, some malicious trojans are known to masquerade as
anti-malware or VPN clients, but do not provide any of those functionalities,
while also corrupting the user system.

2
What is a mobile trojan?
An mobile trojan is a trojan specifically targeted to mobile devices. This kind
of trojans masquerades as a mobile app, either by mimicking some popular app
or by falsely advertising the capabilities of the app. Quite popular are security
providing apps that claim to protect your phone from malware, or to secure your
communications, such as fake VPN clients. Also popular are apps that claim
to improve the performance of a smartphone. Although the app stores vet the
apps that are provided, it is sometimes possible to slip through the cracks of
the vetting process. Moreover, users sometimes try to download apps outside of
the store, either to get a paid app for free, or because they need some specific
app that is not hosted on the app store. This can also be a way of ingress for
trojan mobile apps.

How is spam email used to distribute malware?

Spam email can be used to distribute apps either by including some malicious
software as an attachment, or by redirecting the user to a malicious website
where malicious software is hosted.

What are the characteristics of an APT?

An Advanced Persistent Threat is a particularly sophisticated and well funded
attacker that is persistent in trying to breach the security of a target. The at-
tacks performed by an APT are repeated in time and use different sophisticated
techniques. Usually APTs are either well funded cybercrime groups or hacker
collectives, either privately backed, or funded by governments. They might even
be public agencies of some government.

Can you name the first worm to be weaponized by an APT?

StuxNet is often considered the first example of a malware produced by an
advanced persistent threat, because it used many sophisticated propagation
methods, and it had the ability to hide itself extremely well. Moreover, it
targeted a specific system and it would not proceed to the attack phase until it
detected to have infected a particular system, which highlights how the attack
was targeted to damage a specific organisation.

3
 Exercises Key 5 - Malware
DIGI112 - ICT Security

Exercise 1
Review Questions

Which payloads threaten system integrity?

Other than some generic payloads that might delete or corrupt system data
randomly, there are two main payloads that have the primary goal of com-
promising system integrity. First, logic bombs, which overwhelm the system
computational power and can cause a system to behave in an unpredictable
way, including damaging some of its software or hardware components because
of the overload. Then we have Bots, which aim to take over control of a ma-
chine and usually connect it to a network of compromised machines to carry
out further attacks.

What is a logic bomb? Give some examples. Which kind

of damage can it do?
A logic bomb is a piece of software designed to incapacitate some component
of a system by overloading its computational resources. Examples could be zip
bombs, malicious compressed files that decompress to huge files that saturate the
memory of a computer. We could also consider fork bombs, little fragments of
code designed to spwan copies of themselves in an uncontrolled way, saturating
the computational power and memory of a machine.
Logic bombs can cause a machine to crash or become unstable. Sometimes the
unpredictable behaviour can cause permanent corruption to the system, or it
can even cause physical damage to some hadware component, for instance by
overheating due to the excessive computations.

What is the most infamous example of threats to data in-

tegrity? Describe it.
The most infamous threat to data integrity is ransomware. This is a class of
malware that encrypts all the data it can in an information system. It then
proceeds to keep the data hostage to extort a ransom, usually monetary, from
the data owner. Usually they require the use some form of untraceable payment

1
like cryptocurrencies to exact payment.
Most of the times the data is released once the ransom is paid. However, it is
also possible that the data is lost forever, either because of a mistake on behalf
of the attacker, or because the attacker never intended to release the data in
the first place, using the ransom request only to extract more value from the
owner of the compromised system.

What is a CnC server in a botnet?

A Command and Control server, or remote control facility, is a centrally admin-
istered server used to issue commands to a botnet.

What is the difference between a keylogger and a spyware?

A keylogger is a malware that installs itself on a machine and records key strokes
to capture sensitive information as it is typed in the system. It is typically used
for credential theft.
On the other hand, a spyware has a broader scope and more capabilities. It
might still record key strokes, but it also emply other techniques to capture
data on the information system. For instance, it could capture internet traffic,
or it could record the content of particularly critical regions of the memory of a
machine. Thus, its scope is not only limited to credential theft, but also to the
interception and exfiltration of other kinds of sensitive data in an information
system.

Which vectors for phishing can you list?

Phishing has traditionally spread through email and malicious websites. The
former containing malicious links to phishing websites, or trying to extract mon-
etary value from a user. The latter designed to mimick the login forms to well
known organisations websites, such as banks. Recently there has been an in-
crease in phishing through SMS or instant messaging app. These messages tend
to be used either as a modern version of email phishing, or to capture the one
time codes used for two factor authentication.

What is the difference between a backdoor and a rootkit?

A backdoor is intentionally added to a software so that it can be used without
going through the usual authentication and access control. A rootkit infects a
machine and then lays dormant, trying to hide itself at the best of its abilities.
Once it infects a machine, an attacker can use it to gain administrative control
of the machine without going through the usual process of authentication and
access control.

2
Describe the three goals of anti-malware countermeasures.
The three goals of anti-malware countermeasures are prevention, mitigation and
recovery. Prevention aims to detect malware before it can execute on tthe sys-
tem, and then proceeds to identify it and remove it.
Mitigation aims to harden a system against malware infection, including patch-
ing vulnerabilities, taking frequent backups, and ensuuring that sensitive data
is stored in protected areas of the system. These measures aim to make attacks
less likely to succeed, or to reduce the harm in case of an infection.
Recovery aims to restore a system to a pristine state after an infection and
recover any lost data. Depending on the malware and the mitigation measures
in palce, it might be as trivial as restoring a backup, or it might require more
involved intervention. Sometimes it might be even necessary to rebuild the
information systems or portions of it from scratch.

What steps need to be taken in anti-malware countermea-

sures?
The steps taken in countermeasures are detection, identification and removal.
We refer to the answer above for more context.

What is DMA and how does sandboxing enhances it?

Dynamic malware analysis is a technique to detect malware. It tries to de-
tect malware by analyzing its behaviour in an information system, and flagging
suspicious and unusual behaviour. Unfortunately, in order to analyze the be-
haviour, the malware must be already executing on the system, and this might
be too late as the attack might already be taking place. Sandboxing a malware,
i.e. executing the malware in a simulated environemnt, allows to perform DMA
on a piece of software without executing it on the system.

What is a metamorphic malware? Why does it thwart sig-

nature detection?
Metamorphic malware is malware that completely rewrites its code and be-
haviour at every infection. Since both the code and the execution differ for
each infection, its signature will also be different and for all practical purposes
it is a novel infection. Signature detection can only identify malware that was
already encountered, and for which a siganture is known, so it can not identify
metamorphic malware.

What kind of cryptographic tools can we use for software

integrity checks?
Since software is essentially data that can be executed, any cryptographic prim-
itive that can be used for integrity checks can also be used for software integrity

3
checks. Hash functions, MACs, and digital sigantures are all good candidates.
However, it is worth noting that if a hash function is used, then a sophisticated
malware might be clever enough to also modify the integrity check.

4
Exercise 2
Classify the following malware, i.e. to specify its propagation and payload.
Explain your answer.

Chernobyl
Chernobyl is a Virus, specifically a file infector. It spreads its code through an
executable.
The payload would overwrite random data, threatening system and data in-
tegrity.

Zhelatin
Zhelatin is a Worm. It spreads as an email attachment, tricking users to click
on the attachment with sensational fake news titles.
The payload zombifies a computer and connects it to a botnet, so it is a bot.

t0rnkit and Lion

Lion is a Worm, exploiting a DNS vulnerability to propagate. Its payload is the
rootkit t0rnkit, that would open hidden remote login facilities to the machine,
and replace many system programs with trojans. These would still seem to
work as intended, but they would not reveal or remove the malware if the user
would attempt to use them for detection or removal.

5
14/10/2022, 20:16 Simulation DIGI112

 This is a simulation of the DIGI112 H22 exam

 
This exam is mostly knowledge based, with some reasoning exercises seen in the exercise sheets.

The exam is composed by 40 questions, for a total of 80 points. The questions are divided into 13
Sections, following quite faithfully the progression of topics covered.

Theoretical questions are in the form of multiple choice or true/false, with a score of 1 point for
each question.

The other exercises are mostly in the form of gap filling, where you are asked to fill gaps in a text
or image, picking from a keyset. One exercises has a drop-down scroll panel for the choices
instead of a key. The points for each of these exercises are different, but there is a recap of the
points in the exam overview.

A student is expected to answer at least 30 points to pass the exam. There is no restriction as to
which questions must be answered to reach 30 points.
 
You are allowed to use your notes or the notes provided by the lecturer, but it is recommended that
you try to use your knowledge as much as possible, as the exam is not designed for you to have
time to look up the answer of every question in the lecture notes.

1.1  
Which of the following situations describes a system with confidentiality?

Any action can be traced back to an entity

The data can only be modified or deleted by authorized entities

Access rights of an entity are managed by the system

The data can only be accessed by authorized entities

Maximum marks: 1

1.2  
What does it mean to safeguard Availability?

Reliable and timely access to resources and data is ensured

Data cannot be modified by unauthorized entities

Any action can be traced back to an entity

Data cannot be deleted by an unauthorized entity

Maximum marks: 1

https://vurdering.uib.no/admin#author/test/125416842 1/20
14/10/2022, 20:16 Simulation DIGI112

1.3  
An alternative name for an attack on an information system is

Threat consequence

Impact

Risk

Threat action

Maximum marks: 1

1.4  
How do we call a loss of a security property?

Vulnerability

Attack

Threat consequence

Security Breach

Maximum marks: 1

1.5  
Which of the following scenarios impacts Integrity?

You spill a glass of water on your laptop

A DDos attack is performed on an information system

An attacker wiretaps a communication channel

A doctor reveals medical records to the wrong patient

Maximum marks: 1

https://vurdering.uib.no/admin#author/test/125416842 2/20
14/10/2022, 20:16 Simulation DIGI112

2 Assign the correct name to each threat action.

 Help

Incapacitation Misuse Intrusion Repudiation Exposure

Corruption Inference

 
Inference An unauthorized entity deduces sensitive data by reasoning from
observed data or communications.

Intrusion An unauthorized entity gains access to sensitive data by

circumventing a system's security protections

Corruption An entity adversely modifies system functions or data

Repudiation An entity falsely denies responsibility for an action.

Exposure An authorized entity reveals sensitive data to an unauthorized

entity

Maximum marks: 5

3  
Which of the following actions can cause disruption

Exposure

Incapacitation

Obstruction

Masquerade

 
What security properties are impacted by disruption

Confidentiality

Data Integrity

Availability

System Integrity

Maximum marks: 2

https://vurdering.uib.no/admin#author/test/125416842 3/20
14/10/2022, 20:16 Simulation DIGI112

4.1  
What properties can be ensured with digital signatures?

Integrity

Authenticity

Availability

Accountability

Maximum marks: 2

4.2  
Given a message x, it is hard to find a different message y so that H(x)=H(y). What
property is this?

Deterministic digest

Pre-Image resistance

Collision resistance

Second Pre-image resistance

Maximum marks: 1

4.3  
Which of the following is an example of public key cryptography?

Hash function

Digital Signature

MAC

Symmetric Encryption

Maximum marks: 1

https://vurdering.uib.no/admin#author/test/125416842 4/20
14/10/2022, 20:16 Simulation DIGI112

5.1  
Which of the following is a threat to remote authentication?

Shoulder surfing

Replay attacks

Password cracking

Credential theft

Maximum marks: 1

5.2  
Dynamic biometric credentials identify you using something that you are, or something
that you do

True

False

 
Multi-factor authentication uses exactly two factors, if more than two factors are used we
talk about continuous authentication

True

False

Maximum marks: 1

5.3  
Which of the following credentials are vulnerable to theft?

Face recognition

Smart card

Fingerprint

password

Maximum marks: 1

https://vurdering.uib.no/admin#author/test/125416842 5/20
14/10/2022, 20:16 Simulation DIGI112

5.4  
Which of the following statements is not correct

Fingerprint is a dynamic biometric credential

Dictionary attacks are very effective against user generated passwords

Smart cards are an ownership based authentication

Biometric credentials are convenient to use for users

Maximum marks: 1

5.5  
Which of the following statements is correct?

Replay attacks are a form of denial of service

A Registration Authority is contacted by a user to start registration.

Multi-factor authentication must use credentials of the same type

The advantage of biometric authentication is the ease of changing credentials

Maximum marks: 1

5.6  
Which credentials are vulnerable to shoulder surfing?

Face recognition

PIN

pattern

software token

Maximum marks: 1

https://vurdering.uib.no/admin#author/test/125416842 6/20
14/10/2022, 20:16 Simulation DIGI112

5.7  
What is the component that issues credentials in an authentication system?

RP

Verifier

RA

CSP

Maximum marks: 1

https://vurdering.uib.no/admin#author/test/125416842 7/20
14/10/2022, 20:16 Simulation DIGI112

6 The Rural Bank of Paris has recently announced a new authentication system for terminal
payments, called voiPay.  Registration will be possible through your local branch, where you will
have to present ID and will be recorded while you sing your password. In 6-10 weeks, you should
receive by mail your new voiPay smart card. The procedure for payments is then quite simple. For
payments under 50 euros, your voiPay card is enough. Payments above the threshold require you
to sing your password in the new voiPay terminals available in shops adhering to the initiative. 

https://vurdering.uib.no/admin#author/test/125416842 8/20
14/10/2022, 20:16 Simulation DIGI112

Fill the gaps based on the prompt above. For credentials, use the alphabetical 
order. Help

Rural Bank of Paris PIN

continuous authentication Shop

smart card multi factor authentication

voice recognition local

remote password

Rural Bank of Pa
Shop

Rural Bank of Pa
Rural Bank of

smart card voice recognit

continuous au local

Maximum marks: 8

https://vurdering.uib.no/admin#author/test/125416842 9/20
14/10/2022, 20:16 Simulation DIGI112

7.1  
Which access control system is the least vulnerable to attacks?

DAC

RBAC

ABAC

MAC

Maximum marks: 1

7.2  
Which of the following RBAC flavours admit a hierarchy of roles?

RBAC 3

RBAC 0

RBAC 2

RBAC 1

Maximum marks: 1

7.3  
Which of the following characteristics is not admitted in RBAC2

Immutable roles

Mutually exclusive roles

Pre-requisites for role assignment

Role hierarchy

Maximum marks: 1

https://vurdering.uib.no/admin#author/test/125416842 10/20
14/10/2022, 20:16 Simulation DIGI112

7.4  
What is a Role matrix

A compact representation of the relationship between roles and access rights

A function or job common to many users in an organization

A sparse representation of the relationship between users and roles

A compact representation of the relationship between users and roles

Maximum marks: 1

https://vurdering.uib.no/admin#author/test/125416842 11/20
14/10/2022, 20:16 Simulation DIGI112

8 Fill the Access Matrix for the following prompt with the correct access right:

Read (R),
Write (W),
Execute (E),

or a combination of them (RE, RW, RWE, ...). Use 'None' if the user has no access rights to the
file.
Then complete the remaining statements.
User 1 can read and execute Files 1 and 2, and they can read and write File 3. User
2 can execute File 1, and they can read and execute File 3. User 3 can read, write 
and execute all files. Help

RW RE RWE None

W ACL E Capability Ticket

WE Authorization Table R

Access Matrix
 
  File 1 File 2 File 3

RE RE RW

User 1

E None RE

User 2

RWE RWE RWE

User 3

Maximum marks: 11

https://vurdering.uib.no/admin#author/test/125416842 12/20
14/10/2022, 20:16 Simulation DIGI112

9  
Complete the descriptions of the following malware attacks. Hint: read all the 
description before trying to answer Help

ransomware user space Torjan

Worm spear phishing metamorphic malware

APT phishing rootkit

kernel space spyware

 
 Sodinokibi
 
Sodinokibi is a malware first surfaced in 2019. It first spread as a DHL management app, thus
being classified as a  Torjan
. There are also instances where it would

disguise itself as the receipt for a Booking reservation in a  phishing

​​email.

Once downloaded, it encrypts the hard drive and asks for monetary payment, thus being
classifiable as a  ransomware
.

It targeted and successfully infected 150 companies in Texas.

Even if the user pays the ransom, and the files are decrypted, it leaves behind a hidden malware
that collects and exfiltrates user credentials on the system, i.e. a  spyware
.

In some recent infections additional malware was found on the machines, the 
rootkit
Irk5, that allows a local attacker to gain administrative control over the

infected machine. Luckily, Irk5 only infects  user space

, making removal relatively
easy.
 
The sophistication of the malware suggests that it might be the product of a 
APT
, but no known organization could be associated to it.

Maximum marks: 7

10.1  
What malware rewrites its code with every infection?

File infector

kernel malware

Encrypted

Polymorphic

Maximum marks: 1

https://vurdering.uib.no/admin#author/test/125416842 13/20
14/10/2022, 20:16 Simulation DIGI112

10.2  
Which of the following could be an infection prevention countermeasures?

Signature based detection software

Egress traffic monitoring

Storing confidential data in a separate location than front facing software

Having multiple backups of a system

Maximum marks: 1

10.3  
Which of the following countermeasures are good examples of recovery?

Enforce integrity checks on software before execution

Re-installing an infected system from a clean copy

Having multiple backups of a system

Revoke compromised credentials

Maximum marks: 1

10.4  
What malware threaten the confidentiality of a system?

Logic bombs

Adware

Keyloggers

Spyware

Maximum marks: 1

https://vurdering.uib.no/admin#author/test/125416842 14/20
14/10/2022, 20:16 Simulation DIGI112

10.5  
What technique can be used to execute a malware somewhat safely?

Integrity checks

Perimeter Scanning

Dynamic Malware Analysis

Sandboxing

Maximum marks: 1

https://vurdering.uib.no/admin#author/test/125416842 15/20
14/10/2022, 20:16 Simulation DIGI112

11 Fill in the 7 OSI layers in the first column. Assign the protocols we saw for the relevant
layers in the right column.
 

Select alternative (Application, Select alternative (TCP, HTTP, IP,

Network, Transport, Physical, Session, ARP)
Presentation, Data Link)
Select alternative (Presentation,  
Session, Network, Physical, Application,
Data Llink, Transport)
Select alternative (Transport,  
Application, Session, Data Link, Physical,
Network, Presentation)
Select alternative (Presentation, Select alternative (IP, ARP, HTTP,
Network, Physical, Data Link, Session, TCP)
Application, Transport)
Select alternative (Network, Data Select alternative (ARP, TCP, IP,
Link, Presentation, Transport, Physical, HTTP)
Application, Session)
Select alternative (Presentation, Select alternative (IP, ARP, HTTP,
Application, Network, Transport, Data Link, TCP)
Physical, Session)
Select alternative (Data Link,  
Application, Transport, Physical, Session,
Network, Presentation)
 
 
Answer the following questions.
 
Which layer is concerned with encryption and encoding of the data

Network

Transport

Application

Presentation

 
The Data Link layer divides the data into packets for transmission

True

False

 
 
 

Maximum marks: 13

https://vurdering.uib.no/admin#author/test/125416842 16/20
14/10/2022, 20:16 Simulation DIGI112

12.1  
What is the last message of the TLS handshake?

serverHelloDone

clientHelloDone

Finished

changeCipherSpec

Maximum marks: 1

12.2  
What ensures server authenticity in TLS?

Encryption with the session key

The X509 certificate and the chain of trust.

The server public key

The key exchange performed in the handshake

Maximum marks: 1

12.3  
Which of the following messages are part of the TLS handshake

serverHello

serverDone

changeCipherSpec

clientCipherSpec

Maximum marks: 1

https://vurdering.uib.no/admin#author/test/125416842 17/20
14/10/2022, 20:16 Simulation DIGI112

12.4  
The adversarial model for TLS ...

does not consider wiretapping, because it is only a passive attack

is so pessimistic because MitM attacks allow an attacker to modfiy all traffic

only trusts the client and the server, seeing all network as an adversary

does not consider MitM attacks, since they are very rare occurrences

Maximum marks: 1

12.5  
TLS and HTTPS are complementary protocols, the former ensures the confidentiality of
data, the latter ensures integrity

True

False

 
PKI x509 certificates are issued to a server so that it can identify itself to clients

True

False

Maximum marks: 1

13.1  
Flooding attacks aim at overwhelming application resources.

True

False

 
Amplification attacks use a broadcast address to generate a huge number of responses

True

False

Maximum marks: 1

https://vurdering.uib.no/admin#author/test/125416842 18/20
14/10/2022, 20:16 Simulation DIGI112

13.2  
What technique can be used to weaponize bandwidth reflection in a DoS attack

Amplification

Reflection

Random source spoofing

Performing a SYN flooding

Maximum marks: 1

13.3  
Monitoring traffic and filtering suspicious packages is a form of DoS

prevention

detection

identification

reaction

Maximum marks: 1

13.4  
Which of the following attacks can cause a loss of confidentiality

SYN flooding

DDos attack

ARP Spoofing

wiretapping

Maximum marks: 1

https://vurdering.uib.no/admin#author/test/125416842 19/20
14/10/2022, 20:16 Simulation DIGI112

13.5  
Which security properties can be impacted by a MitM attack?

Authenticity

Availability

Accountability

Data Integrity

Maximum marks: 1

https://vurdering.uib.no/admin#author/test/125416842 20/20