Basics of Computer Security
For example, what are symmetric and asymmetric encryption
? What is
one time pad? What is brute force attack?
The basics of hash function, key establishment, man
ol and Security
What is the purpose of ARP protocol? Why do we need it?
What is the purpose of ARP Cache?
Why does the ARP cache have a lifetime? Why do not we keep there
What is g
and what are the purpose
of the message?
ference between ARP poisoning and promiscuous mode of Ethernet
middle attack using ARP poisoning (why do we need to
disable the ICMP redirect function in the attacker?)
How to use ARP poisoning to escape IP address based authentication
ol and security
The basics of the IP header
What is trace
route and how to use TTL to implement it
Why do we need IP fragmentation
The procedure to fragment and to set the corresponding fields
Fragment of fragment
Where and how to reassemble the packets
tacks on IP fragmentation: buffer overflow, DoS, how to use
fragmentation to penetrate firewall
ICMP and its security
Why we will not send ICMP for errors caused by ICMP? Why ICMP
packets will be sent only to the original source?
Us what information can a
computer match the ICMP echo request and
ICMP echo reply
How to use ICMP source quench to conduct attacks to reduce the quality
What is a smurf attack using ICMP
How to use ICMP redirect message to conduct winfreeze attack
UDP and its securi
How can we distinguish a UDP header without a checksum from a
checksum equal to “0”
What is UDP ping
pong attack and how to conduct it
What is DoS attack on UDP and how to conduct it
Does the TCP protocol assume the data to be structured or structur
What is the difference between the URGENT and PUSH data in TCP
Understand the three
way hand shake procedure of the TCP protocol
The slow start procedure of TCP to handle congestion
Silly window and the countermeasures from the sender and receiver’s
Why in TCP we want the sender and receiver to choose random numbers
as the sequence number? Use example to show how difficult or easy to
guess the sequence number.
Attacks on TCP: blind connection reset, blind throughput reduction, and
ance degrading attack.
What is the IDLE scanning technique used in NMAP
Is a domain in DNS a geometric concept?
Recursive queries and iterative queries in DNS
The different between a domain and a zone in DNS
DNS ID hacking procedure
d and unrelated data attack
The advantages that the emails are delivered through specific servers
instead of end
end (from sender to receiver directly)
Please describe the major components
the format of a mail message
ty of each component
. What is the difference between the
header in a mail message and the SMTP
In the email distribution list, what are the two methods to map a single list
name to a group of email addresses? How to prevent the formation of
email forwarding loops? What are the advantages of the local exploder
and remote exploder?
Please shortly describe the coding procedures of base64 and how it
enables various file formats to be sent through the email system.
Understand how the MIME standar
d allows an email to contain multiple
The difference between the POP3 and IMAP protocols
When a sender needs to send an email to multiple receivers and needs to
enforce the confidentiality of the contents, what will be an efficient
How to use onion routing to achieve email anonymity?
How to use a proxy to achieve email anonymity?
What are the major factors that restrict the wide adoption of the PEM
Fighting the spam emails
Please use an example to illustrate how t
he attacker can use the comment
lines in HTML to help spam emails avoid detection.
Please describe the trick of invisible ink to help the spam email avoid
Please describe the tricks of “catch a wave” and “the rake”
to help the
spam email avoid d
Please explain the basi
c idea of
the CRM 114 spam detector
. If the sliding
window contains 6 words, how many order
phases will be
generated? For what reasons the authors use hash tables to label the
features of the phrases?
y of the android system
Please shortly describe the four types of components in an android
application and their functionalities;
(Section 2 in “Analyzing Inter
Application Communication in Android”)
Please shortly describe the difference between explicit
If explicit intents are
safer, why do we need the implicit intents?
2 in “Analyzing Inter Application Communication in Android”)
Please use an example to illustrate why using a unique action string to
identify the receiver of
an implicit intent is not safe.
(Section 3.1 in
“Analyzing Inter Application Communication in Android”)
Please explain the basic concept of “
Lightweight Mobile Phone
. If you were an attacker, how can you design a
mechanism to by
pass the checking procedure?
(Hint: the original
approach looks at only a single application.)
Please explain the basic idea of TaintDroid.
You should be able to
calculate the taintvector of some basic operations such as add, times, etc.
r the “Dynamic security skin” paper, understand the approaches of
“browser generated images” and “server generated images”.
Based on the “PhoolProof Phish prevention” paper, please explain why
compromising either the machine or the user’s mobile device al
not impact the safety of the approach.
Please fully understand the three examples that we explain in the class for
“how to shop for free on the Internet”.
If we describe a similar situation,
you should be able to identify the vulnera