Problem sheet 01_ans..

advertisement
CSE2500 System Security and Privacy
Tutorial Sheet 01: Answers
1. List the possible threats to Computer Security.
1)
2)
3)
4)
Denial of Service (DoS) e.g. ping bomb, viruses, worms
Eavesdropping, packet sniffing, wiretapping
Data tampering
Impersonating or masquerading
2. Categorise the type of security threats (or attacks) to computers/computers
on networks.
1)
2)
3)
4)
Interruption: attack on availability
Interception: attack on confidentiality
Modification: attack on integrity
Fabrication: attack on authenticity
3. Provide at least one example to each of the above threats (wither hardware,
software, data, network, etc).
1) Interruption: send a huge numbers of icmp packets using ping command from
thousands of machine to one specific computer to increase processing load so
eventually the machine cannot provide any other services.
2) Interception: using packet sniffer software to detect data transmitted across the
network even the data is transmitted in ciphertext in attempt to retrieve
plaintext. The main purpose of this kind of attack is to retrieve cryptographic
keys.
3) Modification: an attacker intercepts a message, change its content, and sends
to intended recipient. The recipient receives the message without being aware
that the content of the message has been changed.
4) Fabrication: initially, an attacker needs to have a secret key shared between
Alice and Bob. The attacker applies a cryptographic operation with the key to
a message and sends it to the Bob. Bob receives the message without being
aware that the message has not been sent from Alice.
Note that, to succeed in modification and fabrication, the attacker needs to have
the cryptographic key which can be retrieved by interception.
4. List the desirable properties of security mechanisms.
1)
2)
3)
4)
Confidentiality
Privacy
Avaliabiltiy
Integrity
Others are
5) Non-repudiation
6) Access control
7) Authentication
5. What do you mean by authentication? Give one example in real world.
Authentication ensures the origin of a message or document is correctly identified.
In other words, it is the ability to prove the originator of a message.
Example:
1) Signed document: a document which is provably signed by Alice must be
originated by Alice. This concept has been applied to electronic document
called “digital signature”.
2) User password: a user is initially given a unique username and a password to
access a system. The password is known only between the user and the system.
Only the user who supplies the correct username and password to the system
is allowed to access the system.
3) Share secret: given Alice and Bob shares a secret K. If Alice sends an e-mail
attached with K to Bob, Bob knows that this e-mail has been written by Alice
because only Alice and Bob know K. Discuss if this method is secure enough
or not?
6. It is stated that it is impossible to design security mechanism(s) to shield any
kind of security attacks – Do you agree to this statement or not? Why?
Yes. Even the so-called very secure security mechanism is suffered from human
errors which can be given as follows:
- Error during design phase. The design error may not yet be discovered right
after the mechanism has been implemented and may not affect the
functionality of the mechanism. However, it may offer the possibility to
attacks if an attack can make use of some of its errors.
- Error during implementation phases. As most of the security mechanisms
deploy cryptographic operations which rely on secret keys. The misbehavior
of users regarding storing and using secret keys may compromise the security
of the system.
7. What do you mean by passive and active attacks? Is replay a passive or
active or combination of both types of attacks?
Passive attacks: eavesdropping or monitoring network traffic and information
transmission.
Active attacks: an attacker generates fake information or modifies the data
transmitted across networks. E.g. masquerading, replay, message modification,
DoS.
Replay itself is categorized as passive attack. The purpose of replay attack is to
retrieve critical information e.g. secret keys.
8. In the model of security that was presented in the class (lecture 1, slide#53), a
gatekeeper function is provided at the end of the communication channel
before the entry to organisation’s information systems. Why we can (not) put
such kind of gatekeeper functions in the communications channels (such as
data link and network layers of the channel)?
We cannot place gatekeeper in data link layer as the information sent in this layer
is raw data. However, the gatekeeper function can be applied in network layer
which deals with packets e.g. IPSec.
9. Consider a program or the web page that allows customers to order products
using their credit cards. Who might want to change the web page? What type
of harm such a change can make?
In a credit-card payment system, there are three main parties involved: customer,
merchant, and credit-card company (or bank in case that the bank has its own
credit card service). After selecting goods or services from a merchant’s web site,
a customer requests a credit-card payment by opening the payment web page and
then filling necessary information including her credit-card number in the online
form. The information on this form is then transferred to the merchant so that the
merchant knows the price and descriptions of the goods requested by the customer.
This information is then transferred to the credit-card company to have payment
approval.
We can see that the information on the payment web page is the most critical
information in the system. If the merchant knows the customer’s credit-card
information, the merchant can request a payment by herself by simply filling the
form and pretending to be the customer.
Ask the students how they can prevent this fraud???
Download