Hw1 solutions - Network Penetration and Security

advertisement
EECS 354 Homework 1
Questions:
1. Classify each of the following as a violation of confidentiality, integrity, availability,
authenticity, or some combination of these:
1. John copies Mary’s homework.
Answer: Confidentiality
Explanation:
John copying Mary’s homework is an attack on confidentiality. This is because the
copying could have taken place while Mary was not looking, or had no knowledge of
the copying. This attack is similar to eavesdropping, and therefore, an attack on
confidentiality.
2. Paul crashes Linda’s system.
Answer: Availability
Explanation:
Paul crashing Linda’s system is a Denial of Service attack (DoS), or Availability.
Also, if it was intentional, on Paul’s behalf, it is a violation of Integrity.
3. Gina forges Roger’s signature on a deed.
Answer: Authenticity
Explanation:
Gina was not authorized to assume Roger’s identity so this is an attack on
Authenticity. In addition, Gina generated and distributed a document, under this
assumed identity, by signing Roger’s name on the deed.
2. Suppose that you are recommending usage of crypto standards to your CTO for the next
generation of IT products in your company. The products aim for the market of the next five to
ten years. For symmetric cipher, you will recommend ____AES____________________, for
asymmetric cipher, you will recommend ____RSA____________________, and for secure
hash functions (a.k.a., message digest), you will recommend ___________SHA2_____________________.
3. Based on your answers above, please fill in the table below to compare the three crypto
mechanisms.
Symmetric Cipher
Asymmetric
Cipher
Message Digest
Key length
128/192/256 bit
1024 bits
N/A
Block size (bits)
128
<= 1024 bits
512 bits for SHA256/384, 1024 bits for
SHA-512.
1|Page
EECS 354 Homework 1
Output size (given
input size n=220 bits)
2^20 bits
2^20 bits
256/384/512 bits
Basic generic
structure
Feistel Cipher Structure
(or Substituationpermutation network)
N/A
Iterative compression
function
4. Message digest are reasonably fast, but here’s a much faster function to compute.
Take your message, divide it into 128-bit chunks, and XOR all the chunks together to
get a 128-bit result. Do the standard message digest on the result. Is this a good
message digest function?
No, it will easily have many collisions, and easy to create messages with collisions.
The hash function in the problem meets the first three requirements but not 4-6:
1) Can be applied to any sized message M - (Yes)
2) Produces fixed-length output h - (Yes)
3) It is easy to compute h=H(M) - (Yes)
4) Given h it is infeasible to find x H(y) = h - (No)
5) Given x is infeasible to find y H(y) = H(x) (No)
6) Is infeasible to find any x, y H(y) = H(x) - (No)
5. What is the traditional difference between viruses and worms? What is the key
difference between worms and botnets?
Viruses have to reside in some host program and only spread when the host program is
executed. Worms do not require such host program and can spread autonomously and
therefore spread much quicker.
Comparing worms with botnets, the key difference is that botnets usually are controlled by a
botmaster through certain command and control channel while worms do not.
6. The Internet is, slowly, transitioning from the version of the TCP/IP protocol suite currently in
use IPv4 to a new version, IPv6. Unlike IPv4 IP addresses, which are 32 bits long (e.g.,
192.168.10.1), IPv6 IP addresses are 128 bits long (e.g.,
2001:1890:1112:0001:0000:0000:0000:0020).
a.
Consider random-scanning Internet worms. These worms spread by choosing a
random IP address, connecting to any host answering to that address, and attempting to
2|Page
EECS 354 Homework 1
infect it. Is the random-scanning strategy feasible if the Internet switches from IPv4 to
IPv6? Why or why not?
The IPv4 address space offers 4,294,967,296 (232) possible unique
combinations. In comparison, IPv6 address space will offer 3.4×1038 unique
addresses that will make use of the random-scanning totally infeasible.
b.
On the IPv6 Internet, try to give three different ways that a worm, executing on a
compromised computer, can discover IP addresses of other hosts to try to infect.
As discussed in the class, the three target discovery channels could be:
topological scan, use of meta servers and passive worm. They all apply to the
IPv6 worms.
3|Page
Download