CSE2500 System Security and Privacy Tutorial Sheet 01: Answers 1. List the possible threats to Computer Security. 1) 2) 3) 4) Denial of Service (DoS) e.g. ping bomb, viruses, worms Eavesdropping, packet sniffing, wiretapping Data tampering Impersonating or masquerading 2. Categorise the type of security threats (or attacks) to computers/computers on networks. 1) 2) 3) 4) Interruption: attack on availability Interception: attack on confidentiality Modification: attack on integrity Fabrication: attack on authenticity 3. Provide at least one example to each of the above threats (wither hardware, software, data, network, etc). 1) Interruption: send a huge numbers of icmp packets using ping command from thousands of machine to one specific computer to increase processing load so eventually the machine cannot provide any other services. 2) Interception: using packet sniffer software to detect data transmitted across the network even the data is transmitted in ciphertext in attempt to retrieve plaintext. The main purpose of this kind of attack is to retrieve cryptographic keys. 3) Modification: an attacker intercepts a message, change its content, and sends to intended recipient. The recipient receives the message without being aware that the content of the message has been changed. 4) Fabrication: initially, an attacker needs to have a secret key shared between Alice and Bob. The attacker applies a cryptographic operation with the key to a message and sends it to the Bob. Bob receives the message without being aware that the message has not been sent from Alice. Note that, to succeed in modification and fabrication, the attacker needs to have the cryptographic key which can be retrieved by interception. 4. List the desirable properties of security mechanisms. 1) 2) 3) 4) Confidentiality Privacy Avaliabiltiy Integrity Others are 5) Non-repudiation 6) Access control 7) Authentication 5. What do you mean by authentication? Give one example in real world. Authentication ensures the origin of a message or document is correctly identified. In other words, it is the ability to prove the originator of a message. Example: 1) Signed document: a document which is provably signed by Alice must be originated by Alice. This concept has been applied to electronic document called “digital signature”. 2) User password: a user is initially given a unique username and a password to access a system. The password is known only between the user and the system. Only the user who supplies the correct username and password to the system is allowed to access the system. 3) Share secret: given Alice and Bob shares a secret K. If Alice sends an e-mail attached with K to Bob, Bob knows that this e-mail has been written by Alice because only Alice and Bob know K. Discuss if this method is secure enough or not? 6. It is stated that it is impossible to design security mechanism(s) to shield any kind of security attacks – Do you agree to this statement or not? Why? Yes. Even the so-called very secure security mechanism is suffered from human errors which can be given as follows: - Error during design phase. The design error may not yet be discovered right after the mechanism has been implemented and may not affect the functionality of the mechanism. However, it may offer the possibility to attacks if an attack can make use of some of its errors. - Error during implementation phases. As most of the security mechanisms deploy cryptographic operations which rely on secret keys. The misbehavior of users regarding storing and using secret keys may compromise the security of the system. 7. What do you mean by passive and active attacks? Is replay a passive or active or combination of both types of attacks? Passive attacks: eavesdropping or monitoring network traffic and information transmission. Active attacks: an attacker generates fake information or modifies the data transmitted across networks. E.g. masquerading, replay, message modification, DoS. Replay itself is categorized as passive attack. The purpose of replay attack is to retrieve critical information e.g. secret keys. 8. In the model of security that was presented in the class (lecture 1, slide#53), a gatekeeper function is provided at the end of the communication channel before the entry to organisation’s information systems. Why we can (not) put such kind of gatekeeper functions in the communications channels (such as data link and network layers of the channel)? We cannot place gatekeeper in data link layer as the information sent in this layer is raw data. However, the gatekeeper function can be applied in network layer which deals with packets e.g. IPSec. 9. Consider a program or the web page that allows customers to order products using their credit cards. Who might want to change the web page? What type of harm such a change can make? In a credit-card payment system, there are three main parties involved: customer, merchant, and credit-card company (or bank in case that the bank has its own credit card service). After selecting goods or services from a merchant’s web site, a customer requests a credit-card payment by opening the payment web page and then filling necessary information including her credit-card number in the online form. The information on this form is then transferred to the merchant so that the merchant knows the price and descriptions of the goods requested by the customer. This information is then transferred to the credit-card company to have payment approval. We can see that the information on the payment web page is the most critical information in the system. If the merchant knows the customer’s credit-card information, the merchant can request a payment by herself by simply filling the form and pretending to be the customer. Ask the students how they can prevent this fraud???