CSE 2500PE Computer Security and Privacy Problem Sheet 04- Answers Q1) What are the four general threats to a computing system? Use one or two concrete examples to explain each of the four threats. Answer: Four possible threats based on the properties that may be compromised are: availability, confidentially, integrity and authenticity. Refer to the first lecture to see some examples. Q2) List the security services and explain each one them. Answer: That counters and enhances security threats – in essence methods that can provide a defence to the above types of threats. For example, authenticity can be achieved by authentication when a user wants to access a computer system, a digital signature attached to a file (or data) which is encrypted so that only the receiver can decode the data. Q3) What you mean by passive and active attacks? Is replay a passive or active or combination of both types of attacks? Answer: Passive attacks – an example of interception – eavesdropping, monitoring of transmission – confidentiality property may be compromised, but the availability of data is not threatened. The primary aim is to obtain the information (which you are not suppose to know). Active attacks –modification and denial of services. Replay is considered to be active attack, for example, one form of replay is sending copy of a message to multiple recipients (or broadcasting). Q4) In the model of security that was presented in the class (lecture 1, slide# 26), a gatekeeper function is provided at the end of the communication channel before the entry to organisation’s information systems. Why we can (not) put such kind of gatekeeper functions in the communication channels (such as data link and network layers of the channel)? Answer: We are concerned with the delivery of data or message to the recipient and not the sender, hence the gate keeper has to be at the other end of the information channel (this model is applicable for access of data within a system – for example reading a file – the sender is O/S and the receiver is the user to sending an email message through the internet). 1 of 3 Q5) Is there any difference between computer and network security? Answer: Yes, system and system resources security while other also includes the security of Q6) transmission and access of the system resources thorough the net. Comment on the following design decisions with respect to security. In a given application, should the protection mechanism in a computer system focus on data, operations or users? Answer: Should focus on the data that the application manipulates. Here we assume that the user has the privilege of running the application. In which layer of the computer system should a security mechanism be placed? Answer: Preferably between the application programs (and users) and the operating system. No point in putting between operating system and the hardware. Do you prefer simplicity and higher assurance – to a feature-rich security environment? Answer: Simplicity and higher assurance is better from the point of security maintenance – remember any security mechanism will fail and always you need a second line of defense. Should the tasks of defining and enforcing security be given to a central entity or should they be left to individual components in a system? Answer: Preferable to a central entity – thereby one can validate the consistency of security enforcement rules. How can you prevent an attacker from getting access to a layer below the protection Answer: Q7) mechanism? Not allowing to access objects in non-privilege mode!! In most multi-user computer systems, users first authenticate themselves to a host computer and the host computer then performs verification before the user is logged on. Q8) An automatic password checker restricts the password choices to a user in order to minimize (reduce) the chances of an outside guessing that user’s password. Q9) A software company started by a student from this class has entered into the antimalicious code business. His (her) newest product secure-forever, works as follows: Keeps a database that contains a checksum for every file on the network. Keeps a database containing signatures for common worms, Trojan horses, and viruses. Everyday at noon secure-forever recalculates the checksums for each file and compares them to the corresponding one stored in the database. 2 of 3 If the checksum differ, secure-forever will use the worm/trojan/virus database to see if the file contains malicious code, and will print a warning message if a match is found. Comment on the advantages and disadvantages of the product (assume that the number files in the system is large). Answer: Checksum will be useful only when few bits of a file is changed. For larger changes and when the algorithm used to generate the checksum is known, checksum based detection mechanism is not good enough. Q10) It was stated that the inclusion of the salt in the Unix password scheme increases the difficulty of guessing by a factor of 4096? But salt is stored in plaintext in the same entry as the corresponding cipher text password. Therefore these two characters are known to the attacker and need not be guessed. Why is it asserted that the salt increases security? Answer: Since the dictionary attack is carried out offline, first you need to generate the encrypted version of the possible passwords using all the possible salt – namely all possible combination of 4096 combinations for each password. 3 of 3