CSCE 790: Computer Network Security Fall 2003 Final Exam and Key 12/04/03 Name: ID#: Please answer 7 of the following 11 questions. (If you answer more than 7 questions, only the 7 with higher grades will be counted.) Each problem is worth 3 points. This exam will be open-paper and will count for 20 points toward your final grade. 1. (A Framework for Classifying Denial of Service Attacks) Why is a ramp-up behavior often observed near the victim in a multi-source DoS attack? Can we judge an attack to be a multi-source one with the observation of ramp-up behavior? It is due to the variation in path latency between the master and the zombies, and weak synchronization of local clocks at the zombies. No, because an intelligent attacker can create an artificial ramp-up from a single site. 2. (802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions) What is the deauthentication attack on 802.11 networks? Can you describe a defense against this attack? In 802.11, the deauthentication message that allows a client and its corresponding access point to explicitly request deauthentication from each other is not authenticated using any keying material. So an adversary may spoof this message by pretending to be either the client or the access point, and send it to the other party. The party that receives the spoofed deauthentication message will exit the authenticated state and will refuse all further packets until authentication is reestablished. Defenses against this attack include explicitly authenticating the requests and delaying the effects of deauthentication requests by queuing the requests for 5-10 seconds, and if a data packet arrives after the request is queued, we can discard the request. 3. (Low-Rate TCP-Targeted Denial of Service Attacks) Consider a bottleneck queue whose size is 100Kb and whose capacity is 4Mb/sec. It is currently used by a TCP flow whose rate is 2Mb/sec. An adversary starts bursting to this bottleneck queue a DoS flow whose rate is 3Mb/sec. Assume that 40% of the queue is in use when the DoS attack begins. How long will it take for the queue to become full? What will the result be if the TCP flow rate is 1Mb/sec and the DoS flow rate is 4Mb/sec? It takes (0.1Mb – 0.4*0.1Mb) / (3Mb/sec + 2Mb/sec – 4Mb/sec) = 0.06sec (60ms). For 1Mb/sec TCP flow rate and 4Mb/sec DoS flow rate, it takes the same amount of time (0.06sec) to fill up the queue, and will create an outage to the TCP flow whose loss probability will instantaneously increase significantly and force the TCP flow to enter a restansmission timeout with high probability. 4. (Active Mapping: Resisting NIDS Evasion Without Altering Traffic) Active Mapping builds profiles of the network topology and hosts on the network in order to eliminate TCP/IP-based ambiguity in a NIDS’ analysis. How can Active Mapping map a host behind Network Address Translation (NAT)? How can it map a host that acquires its IP address from a DHCP server? To map a host behind NAT, the mapper maps each port as though it belongs to a separate machine, and checks for all relevant policies on each port. To map a host that acquires its IP address from a DHCP server, the mapper should be integrated with DHCP server so that it is triggered upon seeing broadcast DHCP requests or upon being notified by DHCP server. Then the mapper searches its profile database for the MAC address of the host to see if it already has a profile of the host under a different IP address. 5. (Stateful Intrusion Detection for High-Speed Networks) According to the intrusion detection architecture proposed in the paper, what is the function of the scatterer? What is the function of the reassemblers? The scatterer is used to partition the traffic stream into sub-sequences using some splitting algorithm, for example in round-robin fashion. The reassemblers are used to put the packets back into the original order as they were on the high-speed link. 6. (Reliable MIX Cascade Networks through Reputation) What is a MIX? Why can a network of MIXes provide anonymity against a passive eavesdropper? A MIX is a server that hides the relation between incoming and outgoing messages. Each MIX receives encrypted messages, decrypts them, batches them, reorders them, strips them of sender’s name and identifying information, and forwards them to the next MIX or to the destination. Because a passive eavesdropper cannot observe the reordering inside each MIX. 7. (Secret Handshakes from Pairing-Based Key Agreements) What is forward repudiability? How can the proposed scheme provide forward repudiability? Honest users U1 and U2 interact and both learn that they are members of the same group G. It should not be possible for U2 to prove to a third party that U1 is a member of G, no matter using the transcript or U2’s secret. Because U2 always has enough information to generate the entire transcript between U1 and U2, the transcript cannot be used to convince a third party that U1 is a member of G. 8. (Random Key Predistribution Schemes for Sensor Networks) According to the Eschenauer-Gligor key predistribution scheme, every sensor node is configured with a set of m keys from a key pool. This set of m keys is called the key ring of a sensor node. How do two neighboring sensor nodes set up a key if they share a common key in their key rings? How do two neighboring sensor nodes set up a key if they do not share a common key in their key rings? Sensor nodes first perform key-discovery by broadcasting its set of key identifiers to figure out with which of their neighbors they share a key. Nodes which discover that they share a key can use a challenge-response protocol to verify that their neighbor really holds the key. The shared key then becomes the key for that link. If two neighboring nodes do not share a key, a path between the two nodes can be found if the graph of secure links is connected. Then one of the two nodes can generate a path key and send it securely via the path to the other node. 9. (Dos and Don'ts of Client Authentication on the Web) A cookie that is made according to the cookie recipe proposed in this paper is as follows. exp=t&data=s&digest=MACk(exp=t&data=s) Assume the MAC used in this cookie is keyed and non-malleable. Can an adversary replay this cookie? Can an adversary modify this cookie? Explain both of your answers. Yes, but only before the expiration time specified by t. No, because the adversary does not know the key and thus cannot compute a correct MAC. 10. (Establishing the Genuinity of Remote Computer Systems) In the genuinity test, the server uses a maximum allowable time to decide whether an Entity succeeds or fails the test. Can you give two possible reasons with which a genuine Entity cannot make it within maximum allowable time? How can we avoid the problems? CPU speed and network delay. To avoid the problem caused by different CPU speed, one can reduce the complexity of the test. To avoid the problem caused by network delay, one can raise the complexity of the test to make network delay a smaller part of total time. Which approach should be taken is dependent on what the problem is. 11. (Gothic: A Group Access Control Architecture for Secure Multicast and Anycast) In traditional group key management, why do we need to renew the group key after a member joins the group? Why do we need to renew the group key after a member leaves the group? The group key needs to be renewed so that a joining member cannot decrypt previous messages and a leaving member cannot decrypt future messages.