Web Security Final Exam Study Guide –
Blockchain Consensus, Proof-of-Work, TOR &
Onion Routing, comprehensive exam notes|
Latest Update Answers Graded A+
Idea of reaching consensus using the longest chain
The idea is that if there is to be a newly created block and the same time by two different
parties then the chain is forked and which ever party has the longest chain is the one that wins.
Hence, the newly created block is added to the longest chain and the shorter chain's blocks are
orphaned (not used).
idea of using proof-of-work to limit the impact of misbehaving nodes
A misbehaving node in theory could fork and build a chain longer than the longest chain and
then tamper with the chain. So, in order to prevent this from happening proof of work is in
place, each time a new block created there must be a computationally difficult problem solved.
- Each block has a nonce value--chosen by the block creator
- SHA-256 Hash value of each block to start with a certain number of zeroes.
- Creating a block means trying a lot of different nonce values => mining
Therefore, an attacker requires more computational power than all of the nodes that follow the
longest chain.
Anonymity, motivation, principles, and practical challenges of onion routing
- Conceal the identities of communication parties
- Anonymous communication over a computer network
- Packets are encapsulated in multiple layers of encryption
- Developed in the 1990's by Naval Research and DARPA
Onion Routing in practice
- Select a set of '_____' routers and from a virtual circuit (path to the responder)
- Each ___ router sees only the preceding and following nodes
,- May be malicious trying to infer identities
=> colluding with malicious routers may use traffic analysis to infer identities
Router directory
- Public list of available onion routers and their public keys
- Initiator needs to select a large and diverse set of routers to prevent analysis
blacklists
- input validation
- do not allow inputs on this list
- list of known bad inputs
- low impact on usability
Virtual circuit setup
- Initiator establishes a connection and a symmetric session key with the first onion router =>
two-way tunnel
- tunnel is used to establish a connection and session key with the second router, and so on,
until the responder is reached.
TOR the onion router
- Free software implementation of the idea
- directs traffic through a worldwide free, volunteer network of onion routers
- maintained by the TOR project
- Trusted Directory Servers
- Public keys and addresses of these servers are hardcoded into the software
- maintains a list of active onion routers (with addresses and public keys)
- Every OR is connected to every other OR through SSL/TLS
- Anyone may install and choose not to be an exit router.
Information Flow analysis
- Assigns a security level to each source
- Each object inherits the security levels of the sources and other objects from which it is
derived.
- Used to detect the leakage of confidential information
Responder Anonymity: Location Hidden Services
,- Hidden services are identified by public keys
=> pseudo-DNS name => publickey.onion
- Responder (server) selects some ORs to be introduction points
=> first, builds circuits to these ORs
=> second publishes the public key and the list of Introduction Points (signed using its private
key in a distributed hash table stored by the ORs )
- User may contact a responder using its public key
=> first, retrieves the Introduction Points from the distributed hash table
=> then, selects a Rendezvous Point and tells the responder about it through one of the
Introduction points
=> finally, the user and the responder establish circuit through the Rendezvous Point
principle of taint analysis
Attempts to identify which variables and objects can be modified by untrusted user input.
- Source of the value of a variable is untrustworthy (network packets, user files, user input)
- Any derived from above is also __________
- If passed to a function without sanitization then possible vulnerability
- Information flow analysis
e.g.
untrusted user input => terminal => network => files => running program => ...
How taint checking works in practice
If static analysis => rewrite source code if vulnerability is found
If dynamic analysis => keep track of the tainted variables during run time and throw an
exception.
static
- Input: Source code
- white-box approach
- find vulnerabilities by considering possible executions of the code
- halting problem
- finds the root cause of the problem
Static code analysis challenges
, - State space explosion
=> state space grows exponentially in the number of variables of inputs
==> must consider ranges and abstractions
- Unknown environment
=> inputs, scheduling of parallel execution, etc..
- Correctness is undecidable in general
=> some outputs are either undecidable or false positive/negative.
Dynamic Code Analysis
- Executes program over a set of test inputs and observe exceptions
=> for each exception, check if it could be exploited by an attacker
- Test Suite
=> fuzzing: Generates semi-automatically invalid, unexpected, or random inputs
Advantages
- Precise: there is no abstraction or approximation
- no false positives
Disadvantage: Can test only those execution paths that are reachable by the test input.
dynamic
- input: typically binary compiled code
- black box approach
- find vulnerabilities by executing the code with various inputs
- detects that problem occurs
Halting problem
Impossible to determine if a program will finish running eventually or if it will run forever.
whitelists
- input validation
- list of known good inputs
- only allow inputs on it
- usually more secure
Vulnerability Scanners basic properties
Blockchain Consensus, Proof-of-Work, TOR &
Onion Routing, comprehensive exam notes|
Latest Update Answers Graded A+
Idea of reaching consensus using the longest chain
The idea is that if there is to be a newly created block and the same time by two different
parties then the chain is forked and which ever party has the longest chain is the one that wins.
Hence, the newly created block is added to the longest chain and the shorter chain's blocks are
orphaned (not used).
idea of using proof-of-work to limit the impact of misbehaving nodes
A misbehaving node in theory could fork and build a chain longer than the longest chain and
then tamper with the chain. So, in order to prevent this from happening proof of work is in
place, each time a new block created there must be a computationally difficult problem solved.
- Each block has a nonce value--chosen by the block creator
- SHA-256 Hash value of each block to start with a certain number of zeroes.
- Creating a block means trying a lot of different nonce values => mining
Therefore, an attacker requires more computational power than all of the nodes that follow the
longest chain.
Anonymity, motivation, principles, and practical challenges of onion routing
- Conceal the identities of communication parties
- Anonymous communication over a computer network
- Packets are encapsulated in multiple layers of encryption
- Developed in the 1990's by Naval Research and DARPA
Onion Routing in practice
- Select a set of '_____' routers and from a virtual circuit (path to the responder)
- Each ___ router sees only the preceding and following nodes
,- May be malicious trying to infer identities
=> colluding with malicious routers may use traffic analysis to infer identities
Router directory
- Public list of available onion routers and their public keys
- Initiator needs to select a large and diverse set of routers to prevent analysis
blacklists
- input validation
- do not allow inputs on this list
- list of known bad inputs
- low impact on usability
Virtual circuit setup
- Initiator establishes a connection and a symmetric session key with the first onion router =>
two-way tunnel
- tunnel is used to establish a connection and session key with the second router, and so on,
until the responder is reached.
TOR the onion router
- Free software implementation of the idea
- directs traffic through a worldwide free, volunteer network of onion routers
- maintained by the TOR project
- Trusted Directory Servers
- Public keys and addresses of these servers are hardcoded into the software
- maintains a list of active onion routers (with addresses and public keys)
- Every OR is connected to every other OR through SSL/TLS
- Anyone may install and choose not to be an exit router.
Information Flow analysis
- Assigns a security level to each source
- Each object inherits the security levels of the sources and other objects from which it is
derived.
- Used to detect the leakage of confidential information
Responder Anonymity: Location Hidden Services
,- Hidden services are identified by public keys
=> pseudo-DNS name => publickey.onion
- Responder (server) selects some ORs to be introduction points
=> first, builds circuits to these ORs
=> second publishes the public key and the list of Introduction Points (signed using its private
key in a distributed hash table stored by the ORs )
- User may contact a responder using its public key
=> first, retrieves the Introduction Points from the distributed hash table
=> then, selects a Rendezvous Point and tells the responder about it through one of the
Introduction points
=> finally, the user and the responder establish circuit through the Rendezvous Point
principle of taint analysis
Attempts to identify which variables and objects can be modified by untrusted user input.
- Source of the value of a variable is untrustworthy (network packets, user files, user input)
- Any derived from above is also __________
- If passed to a function without sanitization then possible vulnerability
- Information flow analysis
e.g.
untrusted user input => terminal => network => files => running program => ...
How taint checking works in practice
If static analysis => rewrite source code if vulnerability is found
If dynamic analysis => keep track of the tainted variables during run time and throw an
exception.
static
- Input: Source code
- white-box approach
- find vulnerabilities by considering possible executions of the code
- halting problem
- finds the root cause of the problem
Static code analysis challenges
, - State space explosion
=> state space grows exponentially in the number of variables of inputs
==> must consider ranges and abstractions
- Unknown environment
=> inputs, scheduling of parallel execution, etc..
- Correctness is undecidable in general
=> some outputs are either undecidable or false positive/negative.
Dynamic Code Analysis
- Executes program over a set of test inputs and observe exceptions
=> for each exception, check if it could be exploited by an attacker
- Test Suite
=> fuzzing: Generates semi-automatically invalid, unexpected, or random inputs
Advantages
- Precise: there is no abstraction or approximation
- no false positives
Disadvantage: Can test only those execution paths that are reachable by the test input.
dynamic
- input: typically binary compiled code
- black box approach
- find vulnerabilities by executing the code with various inputs
- detects that problem occurs
Halting problem
Impossible to determine if a program will finish running eventually or if it will run forever.
whitelists
- input validation
- list of known good inputs
- only allow inputs on it
- usually more secure
Vulnerability Scanners basic properties
