Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Sample midterm with solutions

advertisement 
Sample midterm
1. (4 pts) What is IP spoofing? Give an example of at least two uses of IP spoofing
by an attacker – how is it used and what advantage does it provide to the
attacker.
IP spoofing is putting of a fake address in IP header’s source address field.
If we put just any address we gain anonymity – attacks can’t be traced to the
attacker.
If we put one specific address and the packets are not eliciting a response then
we’re just placing a blame on someone else.
If we put one specific address and the packets are eliciting a response then we’re
doing reflector DDoS attack on the owner of the spoofed address.
If we put one specific address and there is some trust between that source and
the destination attacker can take advantage of it (e.g., bypass a firewall)
2. (8 pts) Define the three aspects of security, each in one sentence, and provide an
example of a threat and a defense for each aspect.
Confidentiality – secret communication between two parties
Man in the middle attack is a threat, sniffing the traffic to learn secrets – attacker
first supplies her key as other party’s key to each participant
Digital certificates defeat MITM attack (keys can’t be forged)
Integrity – data is not changed since it was created
Man in the middle is a threat, changing the messages as they flow
Checksums help us detect changes – best is to use one-way hash (either post oneway hash somewhere else or I can use encryption on one-way hash)
Availability – system is operating as desired by the owner (and is reachable by
clients)
Denial of service is threat to availability
Firewall could help us protect from DoS or redundancy of resources.
3. (3 pts) What is a polyalphabetic cipher?
I have multiple mappings for characters. For first char I check the first mapping, for
second I check the second mapping,… then circle back when I have used all the
mappings.
4. (10 pts) Describe how symmetric and asymmetric cryptography work and
discuss how their functionalities and costs compare.
Symmetric: there is one key shared between sender and receiver and used to
encrypt/decrypt
Asymmetric: everyone has private and public key. They can encrypt with one and
decrypt with another. Everyone shares their public key, keeps private secret.
Symmetric crypto is much faster than asymmetric. Storage cost is higher for
symmetric keys (N compared to N for asymmetric)
Symmetric can give confidentiality and integrity, asymmetric also gives nonrepudiation. Both can be used for authentication.
5. (10 pts) Draw an architecture of a self-synchronizing key stream generator and
explain how it works. What happens if a bit is lost or added to the ciphertext?
What happens if a bit is modified in ciphertext?
Internal state gets combined with the key to form bits of keystream. These are xored with plaintext and bits of ciphertext are fed into the internal state shifting it to
the left or right.
If a bit is lost or added, we can synchronize after n bits
If a bit is modified, n output bits are modified
6. (10 pts) Explain how a Diffie-Hellman key exchange works and what makes it
hard for a sniffing attacker to learn the key. Does Diffie-Hellman key exchange
produce a key for symmetric or asymmetric cipher?
Alice and Bob want to form a shared key and everyone can hear what they say.
Alice and Bob agree on two numbers, g and n.
Alice selects one random number a and sends ga mod n.
Bob selects one random number b and sends gb mod n.
Alice does (gb mod n)a =gab mod n. B does the same using b.
Shared secret is gab mod n.
Attacker can’t derive the shared secret because they don’t know a and b and n is
very large (so it would take a lot of guesses to guess a and b correctly).
DH produces a symmetric key.
7. (10 pts) Describe how a server can authenticate a client using a symmetric
cipher. How can this be done using an asymmetric cipher? Which approach is
better and why?
Symmetric: Server either sends a random number R and client sends back
encrypt(R, shared_secret) or server sends encrypt(R, shared_secret) and client
decrypts and sends the R back
Asymmetric: Same protocol but instead of using shared_secret the server will use
client’s public key to decrypt (client will encrypt with its private key) in first
variation and it will use client’s public key in the second variation to encrypt the
challenge.
(In case of symmetric crypto learning one key lets attacker understand all the msgs,
in asymmetric learning one key lets attacker understand msgs only in one direction)
Symmetric authentication is faster (but I need to exchange keys with all the clients.
Key generation cost is higher in symmetric case in entire network)
8. (10 pts) Explain how does Passport service work for single sign-on.
There are client, merchant server and Passport server.
1. Client contact the merchant server
2. Merchant server cannot authenticate, redirects to Passport server
3. Passport issues the challenge, authenticates the client and gives back to the
client: ticket to give to the merchant saying this client is authenticated and a
cookie that will be returned to Passport server next time client accesses it.
4. Client gives the merchant the ticket, merchant sets cookie in client’s browser
so next time client can use cookie for authentication
9. (10 pts) How does discretionary access control work? How does mandatory
access control work? What are the advantages of one over the other?
Discretionary: Owner of the object controls access to it. Each subject and each object
will have a set of permissions if there is access allowed between them.
Mandatory: Each subject has a role, each object has a classification. System speaks
about what roles can access what object classes.
Discretionary offers finer-grain control over who can access what, owner can grant
access to objects easily
Mandatory has less overhead (coarser-grain so it’s easier to establish rules and to
verify them) but subjects and objects must change roles or new roles need to be
created if we want to do something out of ordinary.
10. (10 pts) The sample network below should be protected from DNS-based
reconnaissance. Web and DNS servers run public services and should be
accessible both by internal and external clients, while DB and E-mail server
should be accessible only by internal clients. What approach will you use, what
changes must be done to your network, what information should be on DNS
server(s)? How this all helps protect you from DNS-based reconnaissance?
DB server
Web server
Client host 1
E-mail server
DNS server
Client host 2
We will use DNS-split horizon. We will have two DNS servers (so add one to the one
we have). The externally accessible one will have info about the public interface of
the Web server. The internally accessible DNS server will have info about E-mail
server, DB server and the private interface of the Web server. External clients know
the address of the external DNS server. Internal clients only talk to the internal DNS
server.
This helps because the attacker can only access publicly available information –
minimizes the knowledge the attacker can gain of my network.
11. (10 pts) Describe how TCP session hijacking works and what are the defenses
against it.
1. Attacker tries to open many connections to B and guess how B chooses its
initial sequence numbers for TCP.
2. Attacker disables A whose address it wants to spoof or spoofs a non-live
address
3. Attacker spoofs chosen address and uses the guessed sequence number to
establish connection to B pretending that it is A
Defenses: choose TCP ISN totally at random, avoid using address-based trust
relationships
12. (5 pts) Describe what a rootkit is, what types exists and what are the defenses
against each rootkit type.
A rootkit is a program or a set of programs that helps attacker cover tracks by
modifying system responses to questions about system state (diagnostics).
There are application-level and kernel-level. Application-level replace one
application with attacker’s application that does the same thing but hides attacker’s
presence. Kernel-level modify system calls to hide attacker’s presence.
Defenses against application-level rootkits: Checksums of the applications
Defenses against kernel-level rootkits: Disable loadable kernel modules (prevent
changes to kernel)
Related documents
Sample midterm 1 solved
Sample midterm 1 solved
sample midterm 1
sample midterm 1
Concerns for College Students - Sexual Assault Response Services
Concerns for College Students - Sexual Assault Response Services
Mock Exam for Test #1 - Gordon State College
Mock Exam for Test #1 - Gordon State College
Hands on Demonstration for Testing Security in Web Applications
Hands on Demonstration for Testing Security in Web Applications
Linear Measure
Linear Measure
Finding_26
Finding_26
Career Research Notes
Career Research Notes
Which is the Largest for Simplify Variables
Which is the Largest for Simplify Variables
Download
advertisement