model_exam_sol_2004

advertisement
Monash University
Faculty of Information Technology
Semester Two Examinations 2004
Sample Exam Solution
EXAM CODE:
TITLE OF PAPER:
EXAM DURATION:
READING TIME:
CSE 2500
System Security and Privacy
120 minutes including reading time
0 minutes
This paper for Students studying at
Caulfield and South Africa
Instructions to Candidates:
1. Candidates are reminded that they should not have books, papers,
calculators or other material on their desk unless their use has been
specially permitted.
2. Write the answers in the space provided in this question paper. Use the
left hand side for rough work. Anything written on the left hand side of
this paper will not be marked.
3. Return this question paper intact.
Candidates must complete this section if required to answer in this paper
STUDENT ID: _________________
SURNAME _________________
SIGNATURE ________________
OTHER NAMES (in full)_______________________________________
Page 1 of 10
Answer ALL the questions in the space provided
below.
1. Distinguish between security attack, security mechanism and security
services.
Security attack: Any action that compromises the security of the system
and its information.
Security mechanism: Methods to detect, prevent or recover from a
security attack.
Security service: Service that enhances and counters security attacks
Use one example (if possible) to explain each of the above.
Eavesdropping is an example of security attack on confidentiality of
information.
Cryptographic techniques are an example of security mechanism to
prevent a security attack.
Implementation of password ageing feature by an operating system is an
example of security service that enhances and counters security attacks on
authentication.
(4 + 8 = 12 marks)
Page 2 of 10
2. In the context of computer and information security, the popular
method of defense is by exercising controls. List two control mechanisms
and explain how they can improve computer and information security?
(4 + 4 = 8 marks)
Authentication is a method of establishing the proof of identity of the user
trying to access a computer system. The most common method of
authentication is the use of username and a password. Authentication
ensures that only authorized users are allowed to access the computer and
its resources, thereby improving computer and information security.
Access control is a method whereby accesses to the resources within the
computer system are determined depending on the privileges/rights of
each subject to the objects within the system. Thus when a user/subject
accesses a file/resource the system determines which access
rights/permissions are available to which user/object combinations and
grants the appropriate type of access, thereby improving the computer
and information security.
Page 3 of 10
3. Using the Challenge - and- Response protocol in the following figure with
shared secret key encryption, list the pair of participants who can be
authenticated. (For example: 2 users, a user and a system, user and an
application, between 2 systems).
m
K (secret)
Alice
(user)
)
I am Alice.
K (secret)
System
A random x
(challenge)
y=E(K,x)
y
(response)
z=E(K,x)
Accept if y=z.
In the challenge-response protocol illustrated above, the
system and the user share a secret key, K. For every user,
the system presents a challenge x and the user
determines the cipher text y = Ek(x) and responds y to the
system. The system compares y with z, which it has
calculated as z= Ek(x). If y=z, only then the user is
authenticated by the system, as both share the same key
K. In this challenge-response protocol, no password is
communicated and each time the system can present a
different challenge, resulting in a one-time password
system. This protocol can be used to authenticate users
by a system, or systems by a system. This protocol is not
appropriate for authentication between users, and
between user and applications as the number of keys
required will be directly proportional to the square of the
number pairs that need to be authenticated. Hence this
protocol is suitable for authentication by one system of
several users and/or many systems/hosts.
Page 4 of 10
4. Consider a computer network which is made of only LANs and hence the
Ethernet protocol is sufficient as the transport protocol for sending
information (packets) between the machines? From the security point of
view, list what properties may be compromised giving reasons.
(10 marks)
From the security point of view the following properties may be
compromised:
 Authentication: Authentication at the IP layer is concerned with IP
addresses. The mere possession of the IP address enables
communication with other systems. Address masquerading and
address spoofing or attacking the TCP sequence number can
compromise authentication in a network. Network snooping/sniffing
or commonly known as eavesdropping can lead to the user
password being known to the penetrator, or in a unix system
message relay of password files can compromise authentication.
 Access Control: Access is granted to authorized users based on
their access rights to objects. With compromised authentication,
restricting accesses to objects are also compromised.
 Integrity: A message or file that traverses the network is at risk of
having data added, removed or modified along the way.
 Confidentiality: Messages may be handled by intervening networks
or devices and anyone with access to them whether authorized or
not may be able to read the data/messages thereby compromising
confidentiality.
 Non repudiation: It is necessary to have methods to ascertain the
author of the message beyond doubt, for security reasons,
especially in a network.
 Availability: In a network ping of death attacks can make a system
of network unavailable.
Page 5 of 10
5. Is it appropriate from the security point of view to send an encrypted
version of the digital signature of a document using the public key of the
receiver and sending the document in plain text (along with the encrypted
signature).
If yes, list the advantages of doing this. If not, why is it not
acceptable?
(13 marks)
I vote for Yes:
I vote for No: Anyone who fraudulently accesses the document can
alter the message and use the public key of the receiver to encrypt the
digital signature and send it. This method could repudiate the sender
of the message. The only way to ensure non-repudiation is to encrypt
the digital signature using the private key of the sender, which can
then be decrypted using the public key of the sender and compared
with the original message.
Page 6 of 10
6. I am sick of remembering too many passwords, for example, one for my
CSE2500 notes, the authcate password for accessing PCs in the labs and
Monash portal, PIN numbers for all my credit and bank cards. I
recommend that every password and PIN numbers should be only 4 or 5
digit numbers (may be 5 digits since 5 is a prime number close to 4 as
the lecturer told me that prime numbers have some nice property that I
have forgotten, but I know that is used in encryption techniques and
hence it should be good!!).
Give two major advantages and two major disadvantages of
selecting passwords using the above mentioned method.
(15 marks)
(Advantages) 1.It is easy to remember 4/5 digits.
2.
Also this password needs to be used by the system to authenticate a
user, if the password is only 4/5 digits the authentication process is
fast.
(Disadvantages) For an attacker to guess the password will require a
dictionary of size only 10,000/100,000 for 4/5 digit password
combinations. Also this type of attack can be performed quickly, hence
even if the password is changed it can be guessed again.
Page 7 of 10
7. I build my wealth (nearly trillion dollars Tambathu dollars, which
incidentally I print them too) by selling gray sand to those countries that
are interested in building non-destructive, multi-storied
buildings
(especially after 911). I was successful in this novel venture because I told
the prospective buyers that the pyramids were built using this kind of sand
and they withstood the time and ecology because of the non-existence of
silcone in the sand. After my death I just want make sure that my wealth
is properly divided according my will to my 9 wives (I live in Timbathu - a
country where I can marry anytime and any number of times too and of
course I can divorce them too at any time – no questions asked –
remember that I am a trillioner!). Given that I am concerned whether my
wishes will be full filled, I have written a will and stored its contents in an
encrypted form using a private key. Can you suggest me what information
from this private key that I should pass on to each of my 9 wives and the
lawyer so that at least 5 of them and the lawyer has to join their
information in order to decode my will?
(10 marks)
You can have a single key K for encrypting the will. K should be divided into
10 parts using the key escrow method (such as the Shamir(6,10) threshold
scheme) and distribute each share to each of the nine wives and the lawyer.
The 10 private keys should be derived in such a manner that K can be
derived from a minimum of 5 wives’ keys and the lawyer’s key. Thus the will
can be decoded using at least 5 of the wives’ keys and the lawyer’s key.
Page 8 of 10
8. Consider the following idea: The operating system has a password (like
the software key) which will be used to encrypt all the files that are stored
in the system. Whenever a user or an application program (for example,
word processor or database program) requires to read (and modify) the
contents of the file, first the operating system will decrypt the file using
the password and after the application program has finished with the file
(which might have modified its contents), the operating system will rewrite
the (new) contents of the file in the encrypted form (using the same key it
knows). Discuss the advantages and disadvantages (I think none) of the
proposed idea with respect to information security.
(15 marks)
Advantages:
 This method of storing encrypted files in the system prevents
crackers/unauthorized users to read/alter the files on the
system. Even eavesdropping will be useless, since all files are
encrypted.
 No access control required in this system, if files cannot be
deleted/destroyed, thereby reducing the overheads of the OS.
Disadvantages:
 Encrypting the files has no effect in preserving the confidentiality
and integrity of the files, as the OS will decrypt the file before
granting access to any user, and a masquerader can then
alter/delete the files. Thereby also compromising the availability
with respect to information security.
 Performance of such a system can be considerably slowed down as
the files need to be encrypted and decrypted for every access made
by any user. Even a small change (eg. One field of a record of
10^6 records of DB) will incur the overhead of encryption &
decryption.
 You need temporary files for modification. Hence storing of
temporary files during updates is essential, and deleting these temp
files after processing of encryption/decryption is necessary. If the
system fails during Encryption/Decryption, the temporary files may
still exist, and deleting/removing of temporary files may not be
possible on recovery. Hence system recovery after a failure may not
be possible.
 If others know the software key used for encryption/decryption,
then confidentiality of the files may be compromised.
Page 9 of 10
?
(25 marks)
Page 10 of 10
Download