Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

CSCE 790: Computer Network Security

advertisement 
CSCE 790: Computer Network Security
Fall 2003
Final Exam and Key
12/04/03
Name:
ID#:
Please answer 7 of the following 11 questions. (If you answer more than 7 questions,
only the 7 with higher grades will be counted.) Each problem is worth 3 points. This
exam will be open-paper and will count for 20 points toward your final grade.
1. (A Framework for Classifying Denial of Service Attacks)
Why is a ramp-up behavior often observed near the victim in a multi-source DoS attack?
Can we judge an attack to be a multi-source one with the observation of ramp-up
behavior?
It is due to the variation in path latency between the master and the zombies, and weak
synchronization of local clocks at the zombies.
No, because an intelligent attacker can create an artificial ramp-up from a single site.
2. (802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions)
What is the deauthentication attack on 802.11 networks? Can you describe a defense
against this attack?
In 802.11, the deauthentication message that allows a client and its corresponding access
point to explicitly request deauthentication from each other is not authenticated using any
keying material. So an adversary may spoof this message by pretending to be either the
client or the access point, and send it to the other party. The party that receives the
spoofed deauthentication message will exit the authenticated state and will refuse all
further packets until authentication is reestablished.
Defenses against this attack include explicitly authenticating the requests and delaying
the effects of deauthentication requests by queuing the requests for 5-10 seconds, and if a
data packet arrives after the request is queued, we can discard the request.
3. (Low-Rate TCP-Targeted Denial of Service Attacks)
Consider a bottleneck queue whose size is 100Kb and whose capacity is 4Mb/sec. It is
currently used by a TCP flow whose rate is 2Mb/sec. An adversary starts bursting to this
bottleneck queue a DoS flow whose rate is 3Mb/sec. Assume that 40% of the queue is in
use when the DoS attack begins. How long will it take for the queue to become full?
What will the result be if the TCP flow rate is 1Mb/sec and the DoS flow rate is 4Mb/sec?
It takes (0.1Mb – 0.4*0.1Mb) / (3Mb/sec + 2Mb/sec – 4Mb/sec) = 0.06sec (60ms).
For 1Mb/sec TCP flow rate and 4Mb/sec DoS flow rate, it takes the same amount of time
(0.06sec) to fill up the queue, and will create an outage to the TCP flow whose loss
probability will instantaneously increase significantly and force the TCP flow to enter a
restansmission timeout with high probability.
4. (Active Mapping: Resisting NIDS Evasion Without Altering Traffic)
Active Mapping builds profiles of the network topology and hosts on the network in
order to eliminate TCP/IP-based ambiguity in a NIDS’ analysis. How can Active
Mapping map a host behind Network Address Translation (NAT)? How can it map a host
that acquires its IP address from a DHCP server?
To map a host behind NAT, the mapper maps each port as though it belongs to a separate
machine, and checks for all relevant policies on each port.
To map a host that acquires its IP address from a DHCP server, the mapper should be
integrated with DHCP server so that it is triggered upon seeing broadcast DHCP requests
or upon being notified by DHCP server. Then the mapper searches its profile database for
the MAC address of the host to see if it already has a profile of the host under a different
IP address.
5. (Stateful Intrusion Detection for High-Speed Networks)
According to the intrusion detection architecture proposed in the paper, what is the
function of the scatterer? What is the function of the reassemblers?
The scatterer is used to partition the traffic stream into sub-sequences using some
splitting algorithm, for example in round-robin fashion.
The reassemblers are used to put the packets back into the original order as they were on
the high-speed link.
6. (Reliable MIX Cascade Networks through Reputation)
What is a MIX? Why can a network of MIXes provide anonymity against a passive
eavesdropper?
A MIX is a server that hides the relation between incoming and outgoing messages. Each
MIX receives encrypted messages, decrypts them, batches them, reorders them, strips
them of sender’s name and identifying information, and forwards them to the next MIX
or to the destination.
Because a passive eavesdropper cannot observe the reordering inside each MIX.
7. (Secret Handshakes from Pairing-Based Key Agreements)
What is forward repudiability? How can the proposed scheme provide forward
repudiability?
Honest users U1 and U2 interact and both learn that they are members of the same group
G. It should not be possible for U2 to prove to a third party that U1 is a member of G, no
matter using the transcript or U2’s secret.
Because U2 always has enough information to generate the entire transcript between U1
and U2, the transcript cannot be used to convince a third party that U1 is a member of G.
8. (Random Key Predistribution Schemes for Sensor Networks)
According to the Eschenauer-Gligor key predistribution scheme, every sensor node is
configured with a set of m keys from a key pool. This set of m keys is called the key ring
of a sensor node. How do two neighboring sensor nodes set up a key if they share a
common key in their key rings? How do two neighboring sensor nodes set up a key if
they do not share a common key in their key rings?
Sensor nodes first perform key-discovery by broadcasting its set of key identifiers to
figure out with which of their neighbors they share a key. Nodes which discover that they
share a key can use a challenge-response protocol to verify that their neighbor really
holds the key. The shared key then becomes the key for that link.
If two neighboring nodes do not share a key, a path between the two nodes can be found
if the graph of secure links is connected. Then one of the two nodes can generate a path
key and send it securely via the path to the other node.
9. (Dos and Don'ts of Client Authentication on the Web)
A cookie that is made according to the cookie recipe proposed in this paper is as follows.
exp=t&data=s&digest=MACk(exp=t&data=s)
Assume the MAC used in this cookie is keyed and non-malleable. Can an adversary
replay this cookie? Can an adversary modify this cookie? Explain both of your answers.
Yes, but only before the expiration time specified by t.
No, because the adversary does not know the key and thus cannot compute a correct
MAC.
10. (Establishing the Genuinity of Remote Computer Systems)
In the genuinity test, the server uses a maximum allowable time to decide whether an
Entity succeeds or fails the test. Can you give two possible reasons with which a genuine
Entity cannot make it within maximum allowable time? How can we avoid the problems?
CPU speed and network delay.
To avoid the problem caused by different CPU speed, one can reduce the complexity of
the test. To avoid the problem caused by network delay, one can raise the complexity of
the test to make network delay a smaller part of total time. Which approach should be
taken is dependent on what the problem is.
11. (Gothic: A Group Access Control Architecture for Secure Multicast and Anycast)
In traditional group key management, why do we need to renew the group key after a
member joins the group? Why do we need to renew the group key after a member leaves
the group?
The group key needs to be renewed so that a joining member cannot decrypt previous
messages and a leaving member cannot decrypt future messages.
Related documents
Lessinger v. Commissioner
Lessinger v. Commissioner
Colligative Properties Learning Outcomes
Colligative Properties Learning Outcomes
How to Efficiently Communicate When Your Network is Under Attack
How to Efficiently Communicate When Your Network is Under Attack
Notes Power Point
Notes Power Point
5. Minutes 1.16.2013
5. Minutes 1.16.2013
Honors PreCalculus Mrs. Dobbert
Honors PreCalculus Mrs. Dobbert
Citation: Ellen E. Sward, Values, Ideology, and the Evolution of the
Citation: Ellen E. Sward, Values, Ideology, and the Evolution of the
Today in Pre
Today in Pre
example
example
Lecture 32
Lecture 32
Download
advertisement