Name:
Information Assurance: Homework 4
Due March 31, 2009 on compass assessments.
NOTE: Choices may appear in a different order on compass.
Question 1: Which statement is correct about hash functions?
1. Hashes are not unique; that is, two or more messages can have the same hash.
2. It is prohibitively difficult to find two messages with the same CRC (collision).
3. Symmetric ciphers are designed for encryption and cannot be used as hash functions.
4. If an attacker finds a collision in a hash function, HMAC using that hash function is
considered unsafe.
Comment: Symmetric ciphers in CBC mode can be used as hash functions (slide #9-41
of lecture 6).
Question 2: Which statement is true about the key exchange protocol?
1. Needham-Schroeder with Denning-Sacco modification is susceptible to replay attack.
2. Needham-Schroeder protocol requires synchronized clocks.
3. Otway-Rees protocol is susceptible to replay attack.
4. Otway-Rees protocol does not require synchronized clocks.
Comment: If you assumed that clocks may not be synchronized, choice 1 can also be
correct. If you chose 1 or 4 or both, you get the full credit. Any other answer does not get
any credit.
Name:
Question 3: In Otway-Rees protocol, what prevents Eve to replay the third message to
Bob, forcing him to use an old session key?
1. Encryption with kB
2. Nonce r1
3. Encryption with kA
4. Nonce r2
Comment: Nonces are used to prevent replay attack. However, for this specific attack
(i.e. replay of the third message) only r2 can prevent it. When Bob receives the third
message, he checks the r2 in the message with the value he sent in the second message. If
they match, Bob accepts the key. Otherwise, he drops the message.
Question 4: In the Clipper Chip key escrow system, who can recover the session key?
1. The escrow agencies if all of them agree.
2. It is possible to recover the session key from the LEAF alone even if no escrow agency
agrees.
3. Any one of the escrow agencies.
4. No one other than the Clipper Chip user.
Question 5: Which statement is true about memory protection?
1. For security reasons, the base address of program B is always larger than (base+bound)
address of program A. (assuming that A resides in a lower memory address)
2. A piece of code with CPL=RPL=2 can call another code with DPL=1 through a call
gate with DPL=3.
3. A piece of code with CPL=RPL=3 can access a region of data with DPL=0.
4. When using stack switching, each program has its own stack.
Comment: 1 is false because if A and B have shared memory, the base and bound
addresses have overlap. 4 is false because when using stack switching each “privilege
level” in each task has its own stack. So one task can have four different stacks for the
four privilege levels (0,1,2,3).
Name:
Question 6: Which statement is true about a password-based authentication system?
1. Statistically, a 10-character pronounceable password is as secure as a 10-character
pseudo-random password.
2. If the system uses salting, C={salt||hash(salt||password)}
3. Salt, like a cryptographic key, must always remain secret.
4. Without knowing F and C, dictionary attack is not possible.
Comment: Salt doesn’t have to be secret (we explained in the lecture).
Question 7: What must be the minimum length for a password consisting of only small
letters and numbers for it to be at least 50% secure over a year? (Assume that the attacker
can check 1,000,000 passwords/sec)
1. 6 characters
2. 7 characters
3. 8 characters
4. 9 characters
0.5> (10^6 passes/sec * 86400 sec/day * 365 days) / (36^r)
So, r >= 9
Question 8: Which statement is true about the S/Key protocol?
1. The hashes can be sent in order (not reversed) without losing the security.
2. The number of total allowed authentications using a seed must be known ahead of time
(i.e. before the first authentication attempt.)
3. The third message (i.e. {pi}) must be encrypted to prevent impersonation.
4. The hashes are sent in the reverse order to prevent replay attack.
Name:
Comment: The number of total authentications, n, must be known ahead of time to be
able to reverse the order of hashes. Hashes are sent in the reverse order to prevent an
attacker from computing the next hash (impersonation), not replay attack.
Question 9: Which statement is true?
1. In a system with the Bell-LaPadula policy, a subject with clearance (S, {Project1,
Project2}) can read a file with classification (C, {Project3}).
2. In a system with the low-water-mark Biba policy, if a subject with integrity level S
reads an object with integrity level TS, the integrity level of the subject remains the same.
3. In a system with the Bell-LaPadula policy, a subject with clearance (S, {Project1}) can
write to a file with classification (TS, {Project1, Project2}) even if the permission bits of
the file is set to read-only.
4. In a system with the low-water-mark Biba policy, a subject with integrity level TS is
not allowed to read an object with integrity level S.
Comment: In the low-water-mark Biba policy, the integrity level of a subject is changed
to the minimum of its own level and the object level i(s)=min{i(s), i(o)}. In this case, the
subject has a lower integrity level, so its level remains the same after reading the object.
Question 10: Which statement is true about a system with Chinese Wall policy?
1. A subject s with PR(s)={file1, file2} can write to unsanitized file2 with
CD(file2)=bank3, if s can read file3 with CD(file3)=bank4.
2. A subject s with PR(s)={file1} can read unsanitized file2 if CD(file1)=bank1,
CD(file2)=bank2, COI(file1)={bank1, bank2}, and COI(file1)={bank1, bank2}.
3. A subject s with PR(s)={file1} can write to unsanitized file2 if CD(file1)=bank1,
CD(file2)=bank2, COI(file1)={bank1, bank2}, and COI(file1)={bank1, bank2}.
4. A subject s with PR(s)={file1, file2} can read unsanitized file2.
Comment: When a file is accessed before (i.e., file2 is in PR(s)), the access is always
granted. COIs and CDs must have had proper values that the subject was granted access
to file2.