True False questions (25 points + 5 points extra credit)

Transcription

1 Student Name: ISA 656: Network Security Midterm Examination GENERAL INSTRUCTIONS The midterm is worth 110 points (including 10 extra credit points): 25 points of True/False and 75 points of short answer. You have two ½ hours for the entire exam plan accordingly. The questions are in no particular order of difficulty. Move on to easier ones if you find yourself stuck. You may answer questions in any order as long as they are clearly labeled. This exam is open book and notes, you may use your computer and the Internet ONLY to access the electronic version of the text book and lecture slides, along with typing up your answers to the questions. You can submit a PDF version of your answers to blackboard or submit a hard copy of your answers. True False questions (25 points + 5 points extra credit) Circle only one of the choices (5 points each). True False Adding Salt to hashed passwords increases the difficulty of online dictionary attacks. Adding salt helps with offline dictionary attacks, but not with online dictionary attacks. True False DNSSEC A records can be used to increase the effectiveness of DNS amplification attacks. DNSSEC A records can be an order of magnitude larger than unsigned A records. True False Implementing an authentication system that uses two different passwords would satisfy a requirement of two-factor authentication. Two-factor authentication is when two different types of authentication, such as what you know and what you have, are required to authenticate. True False RSA provides forward secrecy

2 RSA does not provide forward secrecy, but DH does provide this property. True False If the key is truly random, as long as the plaintext, and never re-used, the one-time pad provides perfect message secrecy. If these rules are followed one-time pads provide perfect message secrecy. However, in practice it is difficult to follow these rules. True False PGP provides secrecy of the SMTP headers in an message. SMTP headers are mutable and change while processing messages, so PGP does not provide secrecy for these headers. Short Answer (75 points + 5 points extra credit) 1) Intrusion Detection Systems (20 points) a) Give one advantage and disadvantage of a stateless packet-based IDS, one advantage and disadvantage of a stateful session-based IDS. (10 points) Stateless IDS: Advantages, low memory overhead, quickly identify potentially malicious packets. Disadvantages, Can split attacks across packets to avoid detection. Stateful IDS: Advantages, can detect attacks that span packets. Disadvantages, higher overhead from reassembling fragmented messages. b) A problem IDS s face is that based on their placement their view of a packet is different from what the hosts perceives. For example, a packet with a low TTL may pass by the IDS but never reach the host, or if two overlapping TCP segments with inconsistent data pass the IDS, it doesn't know which data the host will use. Give two ways an IDS can deal with these sorts of ambiguities. List one advantage and one disadvantage for each of your solutions. (10 points) 1) The IDS could modify the TTL value to ensure that all packets reach the end host. Advantage, This would mitigate attacks aimed at evading the IDS system. Disadvantage, it might break tools designed to map out networks be sending small TTL values expecting packets to be dropped. It would also break other protocols that rely on the end-to-end principle. 2) The IDS could drop all packets with a low TTL value. Advantage, this would mitigate attacks meant to evade IDS systems. Disadvantage, it might disrupt connectivity for some connections that legitimetly receive small TTL packets.

3 2) Authentication (10 points) MegaSoft released a video game player called Ybox Zero. For a monthly subscription fee, gamers can join the Ybox Half-Dead online gaming service. User authentication for Ybox Half-Dead works as follows. When the user first subscribes for the service, he must establish a password. This password is stored on the Half-Dead server together with the serial number of the user's Ybox Zero. Afterwards, whenever the user's Ybox connects to the server over the Internet, he is asked for his password, which is transmitted in the clear together with the serial number of the Ybox. The server verifies whether the received password matches the password in its database and whether subscription fees have been paid for this serial number. If so, it allows the user to connect. a) Fyodor has a paid-up Half-Dead subscription. He is using a wireless Internet connection for his 3am gaming marathons, and the signal leaks into Jerko's house (i.e., Jerko can passively eavesdrop on all messages transmitted to and from Fyodor's Ybox, but cannot modify them or introduce new messages). How can Jerko exploit this to connect his own Ybox to the Half-Dead server for free? Assume that Jerko can modify his Ybox. (3 points) Jerko can eavesdrop on Fyodor s messages and replay them to connect this Y-box. b) Design a user authentication scheme for Ybox Half-Dead based on a cryptographic hash function that prevents passive attackers from exploiting eavesdropped messages between the Ybox and the Half- Dead server. (7 points) The key is to create a hash that can be used to authenticate Fyodor to the Half-Dead server and mitigates replay attacks. Such a protocol should include the Half-Dead server sending a random nonce or challenge and the client sending back a hash containing, hash(password nonce serial). Assuming that the size of the nonce is sufficient to make it improbable that the same nonce or challenge is sent twice this would mitigate passive replay attacks.

4 3) SSL/DNSSEC (20 points): In the Current DNSEC system, each name server returns a certificate proving that its response is correct. The certificate essentially contains: C name,domain = (name, ipaddr, P name, domain,sig Pdomain (name, ipaddr, P name,domain ) Requests proceeds as follows: Client -> Root Nameserver: com? Root Nameserver -> Client: C Com,. Client -> com Nameserver: amazon.com? com Nameserver -> Client: C amazon,com Client -> amazon.com NS: amazon.com NS -> Client: C www,amazon.com Consider an alternative protocol in which only the last name server provides certificates for its answer: Client -> Root Nameserver: com? Root Nameserver -> Client: ipaddr Com,. Client -> com Nameserver: amazon.com? com Nameserver -> Client: ipaddr amazon,com Client -> amazon.com NS: amazon.com NS -> Client: C Com,., C amazon,com, C www,amazon.com a) List one efficiency advantage of the second protocol. (5 Points) Lower bandwidth overhead for the root and.com nameservers. b) List one difference and one similarity of the second protocol and the SSL PKI system. (15 Points) Difference: There are multiple certificates that need to be validated. Similarity: The root of trust is the. certificate, which the resolver must trust to verify the rest of the certificates.

5 4) Protocol Design (20 points) Alice and Bob want to communicate over a mutually authenticated connection. There is a trusted authority T, which will generate a fresh random session key K and send it to Alice and Bob. Alice has established a shared symmetric key K a with T and Bob has established a shared symmetric key K b with T. Using the notation A->B : M means that A sent message M to B. Also, {M }k means that message M was encrypted with key k. Alice -> T : { I want to authenticate with Bob }K a T -> Alice : { Use session key,k ab, and send Bob this message, {This is Alice using key,k ab }K b }K a Alice -> Bob : {This is Alice using key,k ab }K b a) What types of attacks is this protocol vulnerable to? Explain how each of the attacks would work (an example would be sufficient). (10 points) This protocol is vulnerable to replay attacks, since none of the messages include a nonce or time stamp to provide freshness. The protocol is also vulnerable to a man-in-the-middle attack since the message from T can be replayed. b) Can we design a protocol that would be able to authenticate two parties without prior knowledge of each other and be resilient to man-in-the-middle attacks? Explain your answer. (10 points) Alice -> T : { I want to authenticate with Bob,nonce }K a T -> Alice : { Use session key,k ab, and send Bob this message, nonce+1, {This is Alice using key,k ab }K b }K a Alice -> Bob : { This is Alice using key,timestamp, K ab }K b

6 5) FireWall (10 points) a) (2 points) What are the differences between application layer proxies and packet filters? Application layer proxies can perform deep packet inspection to filter attacks at the application layer. Packet filters are limited to the initial headers, i.e. IP, TCP, UDP, etc. b) (3 points) What are the differences between stateful and stateless firewalls? Stateful firewalls can determine if a packet is part of an existing connection or a reply to a request and use this to make filtering decisions. Stateless firewalls must make all filtering decisions based on the information in a single packet. c) (5 points) A stateless packet-filter firewall decides whether to allow a packet to traverse the firewall based on the TCP/IP header of the packet, without regard to past traffic through the firewall. Assume a stateless packet-filter firewall is installed between an enterprise network and the external Internet, for the purpose of protecting users on the enterprise network Circle the following attacks that can be detected and mitigated (to a significant degree) by the firewall: i. Port sweep ii. Syn flooding iii. a Phishing attack in which users are asked to visit a known bad web site iv. viruses in incoming addressed to enterprise users