CS 553 Fall 2015 Questions on the security readings A. Readings: Cryptography Primer and Overview 1. Describe the difference between private key encryption and public key encryption in terms of who owns what keys when two users want to send an encrypted message. 2. What would a 2-way, or 'reversible' hash function be able to do that a 1-way function could not? Why are one-way functions desirable for cryptographic purposes? 3. Explain how 1-way hash functions and public/private key cryptography can be used to verify a document/file originated from a particular agent/person. B. Reading: Dos and Don'ts of Client Authentication on the Web 1. Describe the difference between confidentiality and authentication. Which of the above 2 do protocols such as HTTPS with TLS provide and why? 2. What are the three adversary models described in the paper? Give an example attack strategy for each one. 3. Summarize the authors' argument why the authentication protocols for web services should be made public. Is their argument sound? Why or why not? 4. Suppose we have very strong encryption that also provides strong confidentiality. Explain why a web-site would need to use strong cryptography techniques on the generated session IDs. 5. Describe what is an authenticator plaintext leak. C. Reading: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm 1. In what sense is a botnet an Internet Service? E.g., what services do they provide and to whom? 2. Explain how a P2P botnet differs from a centralized one. How are commands issued in each case? How do the bots recognize commands? 3. What strategy did the authors' use to learn the bots' workings and communication protocols? 4. What weaknesses were the authors able to exploit to gain access to command bots in the botnet? 5. What system and protocols was the storm botnet built on? 6. In the context of this work, what is are Sybils? How did the authors' uses them? 7. What functions did the authors' observe the bots doing?