Written exam TDDC03 Information Security 2004-08-12

LiTH, Linköpings tekniska högskola
IDA, Institutionen för datavetenskap
Nahid Shahmehri
Written exam
TDDC03 Information Security
Permissible aids
Teacher on duty
Claudiu Duma, 073-9073213.
Instructions and points
There are 8 general questions and 8 in-depth questions. The general questions are from
G1 to G8, and the in-depth questions are from D1 to D8. The questions are grouped
pair-wise under their corresponding topic.
You have to answer at most 4 general questions and 4 in-depth questions. You should
choose only one question from each topic, so that it will be 4 (general) + 4 (in-depth).
A correct answer for a general question gives you 2 points, and a correct answer for
an in-depth question gives you 6 points. To pass the exam you need to accumulate at
least 4 points from general questions and 12 points from in-depth questions. The exam
grading depends on the total number of accumulated points.
The answers can be written in English or Swedish.
If you answer both questions for a certain topic we will randomly discard one of the
two answers.
If you answer more than 4 (general) + 4 (in-depth) questions we will randomly choose
4 + 4 answers for correcting the exam, while the rest of the answers will be discarded.
Risk Analysis
G1 Define qualitative and quantitative risk analysis. What are advantages and
disadvantages? Under which circumstances would you choose a quantitative
risk analysis?
Are safe systems secure? Define 'safe', 'secure' and ensuing keywords (=other
keywords from risk analysis that you use). Argue for your answer.
Evaluation standards, e.g. Common Criteria
G2 What are the different types of Security Objectives that should be included in a
Security Target?
Describe the basic approach, in at least five steps, to writing a Protection Profile.
For each step, describe the content/information to be incorporated in the
Protection Profile in that step.
Copyright protection
G3 Answer true or false to the following statements!
a) Watermarking is used to trace the source of illegal copies of digital objects.
b) Watermarking and fingerprinting are similar in the way marks are embedded
into digital objects.
c) Watermarking and traitor tracing contain similar coding problems.
d) Preventing copying of e-books is a typical application for traitor tracing.
e) Broadcast encryption can be used to securely transmit data to exactly those
customers in a broadcasting system that has paid for the data.
a) In a binary fingerprinting system two pirates P and Q have the fingerprints
p=(000111) and q=(110001). Give a list of the fingerprints they can create!
b) Choosing a code is an important part of designing a fingerprinting system. In
the lecture it was mentioned three different tracing properties. Choose one of
these three properties and:
• Name it
• Give the definition
• Give an explicit example of a code that has this property
• Prove that the code has the property
Mobile code security
G4 a) The problem of protecting the host from malicious code is considered to be
easier than the problem of protecting the code from malicious host. Motivate
why this is so.
b) What are the advantages of Computing with Encrypted Functions (CEF) over
other techniques used for protecting the code from malicious host?
a) Briefly describe and compare the trust models adopted by the Java 1 Sandbox
(i.e. JDK 1.1.x) and Java 2 Sandbox (i.e. JDK 1.2 and above).
b) Write a policy for Java 2 Sandbox specifying that all applets coming from the
site www.tvapps.com can read files from the directory \tmp\tv.
Now write a second policy specifying that applets which come from the site
www.tvapps.com and are signed by Roland can open at most five connections to
www.paytv.com and can write at most 1G byte of data to files in \tmp\tv. Is
there any problem in specifying such a policy? If yes, which one?
c) Enumerate and briefly describe the limitations of Java 2 Sandbox.
Attacking the layer below
G5 One obvious way of avoiding confidentiality based restrictions placed in
software is to passively intercept emissions from IT-equipment. Name two
physically different types of emissions and explain in at most a couple of
sentences when and where they can be used!
Inference is a word that in this context refers to the possibility to draw
conclusions on the value of a secret variable from access to more public
variables. Describe two different situations where inference can be used, where
you point out what kind of value that is sought and what data that are used for
the inference, what kind of physical and logical access the attacker then needs
and roughly how the attack is carried out.
Security in IEEE 802.11 Wireless Networks
G6 Explain, in detail, how WPA prevents replay attacks.
a) In WEP and WPA only data frames are protected by encryption and the MIC.
Management frames are not. However, protecting management frames would
prevent certain attacks.
If the integrity of all frames could be protected (so the sender could be
authenticated and the contents of the frames could not be modified by a third
party), explain how at least two serious attacks against WEP and WPA would be
prevented (explain how the attacks work and how they would be prevented).
b) Explain at least one weakness of 802.1x and how it can be exploited in a
network using WPA.
Building secure software
G7 a) Explain how software complexity relates to software security.
b) Give two good examples of functional security features, and two good
examples of secure, non-functional features. Briefly explain why they belong to
each category and not the other.
Which is best for development of secure software -- open or closed source?
Discuss the issue, highlight pros and cons with both approaches, and present and
justify your own conclusion. In your discussion you should cover:
a) Penetrate and patch
b) Full disclosure
c) Information hiding
d) Cryptography
e) At least one other relevant issue of your choice
Biometric user authentication
G8 Briefly explain, using your own words, the following requirements on a
biometric identifier. Use one sentence per requirement:
a) Universality
b) Collectability
c) Circumvention
d) Permanence
Consider the following biometric identifiers and for each identifier suggest an
application (scenario) where it is suitable. Explain why this identifier is suitable
in this particular application. Also give some disadvantages that apply to the
selected application.
Use at most one page for your answer!
a) Keystroke dynamics (=how a person types on a keyboard)
b) DNA
c) Shape of the ear