18-731 Midterm. Name: Andrew user id:



Similar documents
Client Server Registration Protocol

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Overview. SSL Cryptography Overview CHAPTER 1

Security vulnerabilities in the Internet and possible solutions

CS5008: Internet Computing

SSL A discussion of the Secure Socket Layer

Protocol Rollback and Network Security

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

Security Sensor Network. Biswajit panja

Chapter 10. Network Security

First Semester Examinations 2011/12 INTERNET PRINCIPLES

Computer Networks - CS132/EECS148 - Spring

A S B

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Linux Network Security

Bit Chat: A Peer-to-Peer Instant Messenger

Lab 7. Answer. Figure 1

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

CSCE 465 Computer & Network Security

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Firewalls and Intrusion Detection

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Chapter 17. Transport-Level Security

Application Intrusion Detection

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

SPINS: Security Protocols for Sensor Networks

Firewalls. configuring a sophisticated GNU/Linux firewall involves understanding

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Steelcape Product Overview and Functional Description

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Cornerstones of Security

Transport Level Security

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Secure Sockets Layer

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

co Characterizing and Tracing Packet Floods Using Cisco R

The Secure Sockets Layer (SSL)

Tema 5.- Seguridad. Problemas Soluciones

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

Communication Systems SSL

Name: 1. CSE331: Introduction to Networks and Security Fall 2003 Dec. 12, /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35.

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

EXAM questions for the course TTM Information Security May Part 1

Overview of SSL. Outline. CSC/ECE 574 Computer and Network Security. Reminder: What Layer? Protocols. SSL Architecture

Communication Security for Applications

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Content Teaching Academy at James Madison University

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

, ) I Transport Layer Security

CSC Network Security

Web Security. Mahalingam Ramkumar

CSC 474 Information Systems Security

Wireless Network Security Spring 2014

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

Practice Questions. CS161 Computer Security, Fall 2008

High-speed cryptography and DNSCurve. D. J. Bernstein University of Illinois at Chicago

CS 3251: Computer Networking 1 Security Protocols I

CSE 473 Introduction to Computer Networks. Exam 2 Solutions. Your name: 10/31/2013

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

THE UNIVERSITY OF TRINIDAD & TOBAGO

Chapter 8 Security Pt 2

Sage 300 ERP Online. Mac Resource Guide. (Formerly Sage ERP Accpac Online) Updated June 1, Page 1

Sage ERP Accpac Online

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

Network Security Part II: Standards

Ariadne A Secure On-Demand Routing Protocol for Ad-Hoc Networks

Configuring SSL Termination

Network Security Course Specifications

Chapter 7 Transport-Level Security

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Implementing Cisco IOS Network Security

How the Great Firewall discovers hidden circumvention servers. Roya Ensafi David Fifield Philipp Winter Nick Weaver Nick Feamster Vern Paxson

GlobalSCAPE DMZ Gateway, v1. User Guide

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Transport and Network Layer

Virtual Private Networks

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

THE UNIVERSITY OF AUCKLAND

Security: Focus of Control. Authentication

Three attacks in SSL protocol and their solutions

HTTP Reverse Proxy Scenarios

SECURE SOCKETS LAYER (SSL) SECURE SOCKETS LAYER (SSL) SSL ARCHITECTURE SSL/TLS DIFFERENCES SSL ARCHITECTURE. INFS 766 Internet Security Protocols

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Packet Sniffing on Layer 2 Switched Local Area Networks

Final for ECE374 05/06/13 Solution!!

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

GoToMyPC Corporate Advanced Firewall Support Features

Network Security. Mobin Javed. October 5, 2011

Transcription:

18-731 Midterm 6 March 2008 Name: Andrew user id: Scores: Problem 0 (10 points): Problem 1 (10 points): Problem 2 (15 points): Problem 3 (10 points): Problem 4 (20 points): Problem 5 (10 points): Problem 6 (10 points): Problem 7 (15 points): Total (Max 100 points): 1

Problem 0: Very Simple Warmup Problems (10 Points) a) (2 points) A TCP ISN is generated by computing a block cipher encrypt operation on the current ISN with an N-bit key that provides sufficient security until year 2010. The following ISN is the least 32 bits of the block cipher output. More formally: ISN i+1 = [{ISN i } K ] 32. What value would you suggest for the key size N? If the attacker uses 1 million 1GHz processor machines in parallel, how many years would it take to predict the next ISN? Justify your answer. b) (2 points) What is the probability of a forged packet with a MAC of length n bits to be accepted by the receiver? c) (2 points) What is the minimal size of the MAC if one wants a probability of less than 10 9 for a forged packet to be accepted? d) (4 points) Suppose that a hash function H takes an 8-bit input and has an 8-bit output. Graph the probability of finding two different inputs with the same hash value given a certain number of trials. No need to compute any fancy equations, simply draw an approximate curve. 2

Problem 1: Next Generation Secure Internet (10 Points) a) (5 points) One of the major features of the AIP protocol is to provide self-certification for the public key of a domain. Using such a self-certification scheme, can the AIP protocol be implemented completely without the use of a PKI? If yes, explain why is it possible. If not, provide a case where AIP does rely on a PKI. b) (5 points) Recall the accountability service mechanism we read in the paper by Bender et al. Their Strawman approach relies on each sender having a PKI certificate and the sender signing each packet with the private key. To achieve a more efficient mechanism, the authors propose to essentially set up shared secret keys using Diffie-Hellman-based public-key certificates and using the shared secret to attach a MAC to each packet (no need to go into more details here). Is non-repudiation still achieved in the more efficient version? Explain why or why not. If not, how would you redesign the scheme to achieve non-repudiation? 3

Problem 2: SSL (15 Points) Recall the SSL handshake protocol taught in class, in this case using ephemeral DH key agreement: C client hello S server hello server certificate server key exchange server hello done Ephemeral DH key exchange Contains RSA public key certificate g, p, g s mod p, {H(g,q,g s mod p)} KS 1 client key exchange change cipherspec finished g c mod p Compute keys, set up ciphers Contains authenticator for early messages change cipherspec finished Compute keys, set up ciphers Contains authenticator for early messages a) (5 points) An attacker wants to perform a computational DoS attack on the server using one of the messages of the SSL handshake protocol. Which message or sequence of messages should the attacker use to launch a DoS attack on the server? Explain why. 4

b) (5 points) Using the attack you came up with in a), how many messages should the attacker send to saturate the computational resources of the server? Explain your reasoning. c) (5 points) Describe a scheme to prevent such a DoS attack. 5

Problem 3: TCP/IP Defenses (10 points) Guessing or knowing the initial TCP sequence number (ISN) that a server will choose enables an attacker to establish a TCP connection with a server impersonating another node. What are the advantages and disadvantages of the following solutions with respect to mitigating the attack? What modifications in the behavior of TCP result by implementing the solution? a) (3 points) The server selects an initial sequence number based on the following oneway hash chain construction. The server picks a random 128-bit value v 0, and derives subsequent one-way chain values with v i+1 = MD5(v i ). For connection i, the server uses the least significant 32 bits of one-way chain value [v i ] 32. b) (3 points) The server selects an initial sequence number based on the following one-way hash chain construction. The server picks a random 128-bit value v n, and derives previous one-way chain values with v i = MD5(v i+1 ). For connection i, the server uses the least significant 32 bits of one-way chain value [v i ] 32. c) (4 points) The server selects an initial sequence number based on the following one-way hash chain construction. The server picks a random 32-bit value v n, and derives previous one-way chain values with v i = [MD5(v i+1 )] 32. For connection i, the server uses the 32 bit one-way chain value v i for the ISN. 6

Problem 4: Securing BGP (20 Points) 1. (12 points) An attack has happened and we would like you to explain what is the likely cause of the attack and what is the likely defense measure that the victim has taken. To illustrate the attack, we provide the three consecutive snapshots. Each graph represents the BGP routing activity for the destination IP address 208.65.153.238 at a given time. A number in a snapshot represents a BGP Autonomous System (AS) number. A solid line indicates a route to the destination (i.e., 208.65.153.238). Describe the most likely scenario that could explain the sequence of depicted snapshots. In particular, describe the actions taken between every two snapshots. Figure 1: Snapshot 1. 7

Figure 2: Snapshot 2. Figure 3: Snapshot 3. 8

2. (8 points) In class, we have seen that the current BGP protocol is vulnerable to prefix hijack. Researchers have proposed several schemes to detect that a prefix is being hijacked. One of the proposal consists in collecting BGP updates from a large number of collection points (i.e., from different parts of the world). Upon noticing a change in the originating Autonomous System (i.e., the first inserted AS in the AS PATH), e.g., from AS XYZ to AS ABC, an email would be automatically sent to network XYZ to notify it of a potential prefix hijack. The following figure depicts the infrastructure of the proposal. We assume that the deployment of the infrastructure is not an issue, and that we can indeed collect BGP UPDATES from a large and diverse number of sites. We further assume that at the initial state, there is no prefix hijack. What is then the major challenge with this scheme? Mail server of AS 103 Mail server BGP of AS 105 Collector BGP AS 103 BGP AS 105 Mail server BGP of AS 101 Collector Mail server BGP of AS 104 Collector BGP AS 101 Mail server of AS 102 BGP AS 104 Mail server of AS 76 BGP AS 102 BGP AS 76 Figure 4: Detecting IP Prefix Hijack. 9

Problem 5: Vehicular Ad Hoc Networks (10 Points) (10 points) An amateur researcher analyses the characteristics of VANET messages that were exchanged in a particular VANET application. Her analysis reveals that the messages are frequent (about one every 10 milliseconds) but short (around 20 bytes). She also notes that signing each short message is time consuming. So she proposes to her adviser that these short messages can be grouped together and signed using a Bloom filter. Describe how such a scheme could work to achieve efficient signature of the messages using the Bloom filter as a component. Describe one advantage and two disadvantages of the resulting approach. 10

Problem 6: Intrusion Detection (10 Points) a) (5 points) A student of Secure Programming class (yeah, the same student who haunted you in homework 1), decides to implement a fail-open NIDS for her final project. Having learnt the principles of secure coding she avoids using any piece of code that could be exploited to launch memory overrun attacks like buffer overflow attacks. To gain extra credits, she decides to implement caching of web objects so that her NIDS can act as a proxy too. To achieve this, she refers to the Squid proxy implementation and implements caching using an in-memory hash table with the HTTP request method (i.e., GET, HEAD etc.) and the URL in question as a key to the hash table. However, her mentor for this project informs her of the possibility of an attack on this approach (as identified by you in homework 1). As a good friend of her, advise her on how to evade such attacks without much compromise in the performance/functionality of the NIDS/Proxy. b) (5 points) Consider an inline active-response intrusion detection product (often called Intrusion Prevention Systems, these apply stateful packet inspection beyond traditional TCP/IP protocols, and examine application data streams) that reconfigures your firewall rules to automatically block further connections from the attack source address for a certain period of time. Give two advantages and two disadvantages of this approach compared to a traditional NIDS, and describe where/when it might be beneficial to employ such a technology. 11

Problem 7: Secure Broadcast Communication (15 Points) a) (5 points) An important TESLA parameter is the key disclosure delay. Although the choice of the disclosure delay does not affect the security of the system, it is an important performance factor. As we discussed in class, a short disclosure delay will cause delayed packets to lose their safety property, so receivers will discard them, and a long disclosure delay leads to a long authentication delay for receivers. As an alternative, the sender may include in each packet the time t p at which it is going to disclose the key for this packet. With this method, the receiver only needs to know the bound D t on the clock skew and T 0, the sender s local time at the initiation of the session. Then the receiver records the local time T when the packet has arrived, and verifies that T T 0 + D t + t p. Else the packet is considered unauthenticated. Is this secure? Justify your answer. b) (5 points) Instead of operating on time basis, sender S decides to operate TESLA on a packet basis. S now broadcasts the packet P i along with the key K i and the message authentication code (MAC) of P i computed with the key K i+1 as follows: S : P i,k i,mac Ki+1 (P i ) The receiver must wait for the next packet to validate the MAC of the packet P i. Is this secure? Justify your answer. 12

c) (5 points) Describe how to generate keys using MARKS. Using the diagram below, show how keys B and O are generated. What key(s) will allow a member to receive data for time T2 - T8? 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information