uncut_fall_2004_final

advertisement
CS395: Computer Security (Prof. Szajda)
Final Examination
December 6, 2004
Name:____________________________________________________________
This exam is closed book, closed note. You may not consult other texts, colleagues,
professors, or any other outside sources of any kind relating to the subject matter (i.e.
computer security) during the completion of the exam. To be specific, the term “completion
of exam” refers to the time from when you first examine the contents of any part of the exam
until the moment that the exam has been turned in to me.
Once you have begun this exam, I will answer test related questions only if they concern the
interpretation of the problem. I will not discuss whether or not your solution to a particular
problem is correct.
This exam is due (at my office or in my email) by 5pm on Tuesday, December 14, 2004.
Please be succinct and precise.
NOTE: IF I CANNOT READ YOUR SOLUTION, OR HAVE THE LEAST BIT OF
DIFFICULTY INTERPRETING YOUR HANDWRITING, I WILL ASSUME YOUR
SOLUTION TO THE PROBLEM IN QUESTION IS NOT CORRECT AND YOU
WILL RECEIVE NO CREDIT FOR THAT PROBLEM!
1. (9 points) Describe in some detail the RSA public-key encryption algorithm. Among
the topics that should be discussed are:
a. The way in which a person chooses a public-private key pair.
b. The way in which a message is encrypted and decrypted.
c. The reason why the scheme is secure.
2. (7 points) Describe in detail the Diffie-Helmann key exchange algorithm.
3. (8 points) In the paper “Why Cryptosystems Fail”, Ross Anderson presents a number
of problems with the way security systems are typically designed, developed,
deployed, and tested. In particular, discuss
a. His assertion that “information security is at heart an engineering problem.
The hardware and software products which are designed to solve it should in
principle be judged in the same way as any other products: by their cost and
effectiveness”.
b. The problems that arise due to integration of multiple security software
packages
c. The inclusion of the “people” factor in the security equation
d. The reasons why the security community lacks the type of useful feedback
system found in the airline industry.
4. (8 points) In the paper “Cryptographic Design Vulnerabilities”, Bruce Schneier
discusses (among other topics) attacks against trust models. In particular, he states
that many of the more interesting attacks that he has launched are “against the
underlying trust model of the system; who or what in the system is trusted, in what
way, and to what extent.” List and discuss at least four examples of how trust issues
can cause the failure of a security system.
5. (6 points) Explain what is meant by the terms integrity, confidentiality,
authentication, availability
6. The authors of a paper that described a security protocol for networked systems
wanted to explain that their scheme assumed that data transmitted between any two
nodes A and B, it arrived unchanged. They wrote: “Attacks that result from
compromises of data in transit are beyond the scope of this paper---we assume that
such data is encrypted.” The reviewers of the paper flagged this sentence, saying that
it did not convey what they authors meant to convey. Explain why.
7. (4 points) What exactly is a man-in-the-middle attack?
8. (6 points) What is meant by the term “security through obscurity”?
Is this considered to be a good security technique? Be sure to explain your answer.
9. (6 points) Explain the primary differences between public key and symmetric key
cryptography.
10. (4 points) Explain the difference between unconditional security and computational
security.
11. (6 points) Consider the following classical substitution cipher to be used to encrypt
English language ASCII text. The cipher chooses 26 integers at random, and assigns
one to each letter of the alphabet. The message is then encrypted by mapping
individual letters to their associated integer. Is this cipher secure? Explain why or
why not. If not, explain how an adversary might attempt to break the cipher.
12. (6 points) Consider the following scenario. An adversary is attempting to decrypt a
message encrypted with DES. The adversary has the computational power to perform
(and complete) an exhaustive search. Are they guaranteed to determine the key used
to decrypt the message? Be sure to explain your answer (and be careful here).
13. (6 points) What exactly is steganography?
disadvantages?
What are its advantages and
14. (6 points) Why specifically do we require a structure (such as a Fiestel cipher) for our
ciphers? Be sure to specifically address the question of why we can’t use arbitrary
mappings of, say, n bit strings to n bit strings.
15. (6 points) What was the main point of Ken Thompson’s paper “Reflections on
Trusting Trust”?
16. (12 points) Explain in some detail (though without going into assembly code of the
like) why buffer overflow attacks are possible, and how they are implemented.
17.
18.
19.
20.
21.
22.
23. (6 points) True or false. The discovery of effective public key cryptographic
algorithms eliminated the need for sophisticated key distribution schemes. Be sure to
explain your answer in some detail.
24. (15 points) Consider the following diagram that illustrates a standard symmetric key
distribution protocol. For each step on the protocol, explain what information is
being transmitted, why this information is necessary, and why this particular step in
the protocol is necessary.
25. (6 points) True or false. Symmetric key encryption is the only tool required for
message integrity, provided that the two communicating parties are the only ones that
know the secret key K. Be sure to explain your answer.
26. (7 points) Consider authentication. Tell me how I would use public key
cryptography to authenticate a message. That is, assuming that the public keys of
parties A and B are well known, describe (or draw a diagram showing how) A can
send a message M to B in such a manner that all of the following are simultaneously
satisfied:
a. B can guarantee the message has not changed in transit
b. B can guarantee the message was sent by A (and not by anyone else).
c. A can guarantee that no one but B can read M.
27. (6 points) Answer the following three hash related questions.
a. What is the difference between a message authentication code and a hash?
b. What does it mean for a hash to have strong collision resistance?
c. What does it mean for a has to have weak collision resistance?
28. (12 points) Explain in detail what a TCP sequence number attack involves. Be sure
to discuss in particular:
a. The TCP three-way handshake initialization protocol that two parties go
through to set up a TCP connection.
b. Why the granularity of the rate of change of the initial sequence number is
more important than the average rate of change.
c. Why is this attack not practical for an intruder targeting one of the Internet
backbone routers?
29. (6 points) What exactly is a TCP source routing attack? Be sure to explain why it
(sometimes) works.
30. The following passage is from a paper we read this semester. The passage concerns
the use of one-time passwords in the login process. Explain what this passage is
saying.
31. (6 points) Firewalls are an effective security tool, but regardless of the specific type
of firewall, they do have limitations. Some, in fact, arguer that they simply don’t
work. During our lectures on firewalls, we discussed four reasons why people feel
this way. List and briefly discuss three of these reasons.
32. (6 points) Explain the “tiny fragment” technique for attacking a firewall.
33. (6 points) Discuss the advantages and disadvantages of packet filter style firewalls.
34. (12 points) Discuss the following intrusion detection issues: In the article “A survey
of Intrusion Detection Techniques”, Teresa Lunt describes several potential
approaches to intrusion detection.
a. The difficulty of determining the structure and content of audit files.
b. The advantages and disadvantages of statistical versus rule based approaches
c. How does a model based approach improve on a rule-based approach?
35. (12 points) Explain what is meant by each of the following four secure system design
principles. For each principle, describe why it is considered good security practice.
a. Fail-safe Defaults
b. Complete Mediation
c. Open Design
d. Psychological Acceptability
36. What are some of the perceived advantages of autonomous agent-based intrusion
detection systems, as compared with non agent-based systems?
37. What exactly is a honeypot? Why are they useful?
38. We discussed four reasons for not counterattacking when intrusions are detected.
Give two of these reasons.
39. Give a short description of each of the following virus related terms:
a. Boot sector infector
b. Executable infector
c. Multipartite virus
d. TSR virus
e. Stealth virus
f. Excrypted virus
g. Polymorphic virus
h. Macro virus
i. Logic bomb
j. Bacteria
40. Give a detailed, though high-level, description of the operation of the Internet worm.
Be sure to answer in particular:
a. The specific programs that the worm exploited.
b. How the worm exploited those programs.
c. How the worm chose target machines to attack.
d. The different phases of worm execution upon identification of a suitable target
machine.
41. What specific properties of a macro virus allow them to spread relatively rapidly?
42. From the standpoint of the adversary, polymorphic viruses are an improvement over
encrypted viruses in that they are more difficult to detect. Why exactly is this? How
is it that polymorphic viruses evade detection?
Download