Data Provided: None
DEPARTMENT OF COMPUTER SCIENCE Spring Semester 2017-2018 COMPUTER SECURITY AND FORENSICS 1.5 hours
Answer ALL FOUR QUESTIONS. Write clearly in the sense of logic, language, and readability. The clarity of your arguments and explanations affects your grade.
All questions carry equal weight. Figures in square brackets indicate the percentage of available marks allocated to each part of a question.
COM3501 1 TURN OVER
COM3501
THIS PAGE IS BLANK.
COM3501 2 CONTINUED
COM3501
1. Security Fundamentals & Access Control
a) Briefly explain the concepts identification, authentication, and authorisation.
b) For each of the following multi-factor authentication systems, explain briefly if it is a good or bad multi-factor authentication system:
(i) A fingerprint and voice recognition. [5%]
(ii) A GPS signal and a password. [5%]
c) Instead of using a login based on username and password, many modern websites allow users to log-in using services such as Google, Facebook, or Github. This mechanism
is called single sign-on.
Briefly explain one advantage and one disadvantage of a single sign-on solution. [10%]
d) Recall the Access Control Matrix Model discussed in the lecture and consider the following configuration:
COM3501
3 TURN OVER
• • • •
The set of subjects S is defined as follows: S = {Alice, Bob, Charlie, Eve} The set of objects O is defined as follows: O = {File1, File2, File3, File4} The set of actions A is defined as follows: A = {read, write, execute, append} The informal access control policy is defined as follows:
– – –
– –
(i) (ii)
Alice is allowed to read all files and she is allowed to append to File3.
Bob can read and write File4 and append to File2.
Charlie is allowed to write to the files File1 and File2 and he is allowed to read File1.
File2 can be executed by all subjects. File1 can be read by Eve.
Specify the Access Control Matrix for this scenario. [20%]
Briefly explain a scenario where two subjects that collaborate can violate the integrity or the confidentially of a file that is not possible without the two subjects working together. [20%]
Briefly explain if Access Control Matrix Models scale well (i.e., assume a sce- nario with thousands of subjects and/or objects). Compare them, in this aspect, with role-based access control (RBAC) [20%]
(iii)
COM3501
[20%]
2. Cryptography & PKIs
a) (i)
Briefly explain the concept of revocation lists.
[Hint: What information is stored in a revocation list and who maintains
certification lists?] [10%] Briefly explain a problem of revocation lists. [10%]
Consider a Cesar Cipher, as discussed in the lecture, with the key 5. Recall that we encode the letters by their position in the alphabet (e.g., the letter “a” is represented by the number 1, spaces are not encoded).
Encrypt the text
b)
(ii) (i)
(ii)
Consider the RSA crypto scheme with the following configuration:
• Alice’s public key is (na,ea) = (33,7), her private key is da = 3. Alice uses this key for both signing and encryption/decryption.
• Bob’s public key is (nb,eb) = (65,7), his private key is db = 7. Bob uses this key for both signing and encryption/decryption.
• Eve’s public key is (nb,eb) = (77,13), her private key is db = 37. Eve uses this key for both signing and encryption/decryption.
Recall that we encode the letters by their position in the alphabet (e.g., the letter “a” is represented by the number 1, spaces are not encoded).
Alice sends to Bob the following encrypted message: 9,1,52,38,1,45,60
(i) Explain how the attacker Eve can obtain the clear text of this cipher?
[Hint: Recall that their keys are used for both signing and encryption/decryp-
tion.] [15%]
(ii) Demonstrate the attack by computing the plain text of the message that Alice sends to Bob. Briefly explain the necessary steps.
[Hint: If you did not answer 2(c)(i), show instead how Bob can obtain the plain text. Briefly explain the necessary steps.] [15%]
Can symmetric cryptography be used for implementing digital signatures? Briefly explain your answer. [20%]
c)
d)
fight for your privacy
Does encrypting a text twice using Caesar Cipher improve the security? Briefly explain your answer. [15%]
COM3501 4 CONTINUED
COM3501
[15%]
3. Security Protocols
a) Consider the following protocol:
A−→B: {NA,A}pk(B) B−→A: {NA,NB,A}pk(A) A−→B: {NB}pk(B)
Briefly explain if this protocol is secure or not.
• If it is secure, give an informal justification why it is secure.
• If an attack is possible, explain this attack (e.g., by drawing a message sequence
chart), i.e., how does it work and why it is possible.
[25%]
b) Consider the following protocol in which A and B use a trusted third party T to perform mutual authentication and establish a session key KS . Assume that initially A and T share the symmetric key KAT and B and T share the symmetric key KBT . A and B generate Nonces NA and NB , respectively. There are four steps in the protocol, as illustrated in the following message sequence chart:
COM3501
msc Simple Keyserver
A, NA
A
B
T
B, NB , {|A, NA|}KBT
{|B, NA, KS |}KAT , {|A, KS |}KBT , NB
{|A, KS |}KBT , {|NB |}KS
Consider the message in step 4 (from A to B). Briefly explain why A encrypts the NonceNB withKS. [20%]
QUESTION CONTINUED ON THE NEXT PAGE
COM3501 5 TURN OVER
c) The Dolev-Yao closure DY(M) consists of seven deductive rules. Three of them are:
COM3501
6 CONTINUED
(i)
(ii)
Define the missing four rules of the Dolev-Yao closure formally and give a brief informal description of what action of the intruder they formalise.
[Hint: if you cannot describe the rules formally, explain informally the different actions a Dolev-Yao intruder can use for inferring new messages from an initial
m ∈ DY(M)
Algebra (s ≈ t) t ∈ DY(M)
Axiom (m ∈ M)
⟨m1, m2⟩ ∈ DY(M)
Proji mi ∈ DY(M)
s ∈ DY(M)
COM3501
set of messages (this might need two or three short sentences per rule).] Consider the following intruder knowledge:
M = {|m|}g(n1), Axiom{n1}inv(pk(a)), {n2}pk(i), pk(a), pk(i), inv(pk(i)), {|secret|}pk(b), {{|secret|}m}inv(pk(b))
[25%]
where g is a public function (i.e., g ∈ ΣP ).
Prove formally that the intruder can learn the message “secret”.
[Hint: if you cannot recall the formal proof notation, give a detailed informal argument.] [30%]
4. Application Security
a) Consider a web application that uses the following client-side protection to prevent
users from creating new “admin” accounts:
(i) Explain briefly how an attacker can circumvent this check and create a new admin account. [15%]
(ii) Explain briefly how a programmer can prevent this type of attack. [15%]
b) Consider the following vulnerability in OpenSSL (CVE-2014-0160):
The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sen- sitive information from process memory via crafted packets that trigger a buffer over-read.
A successful attack requires only sending a specially crafted message to a web server running OpenSSL. The attacker constructs a malformed “heartbeat request” with a large field length and small payload size. The vulnerable server does not validate that the length of the payload against the provided field length and will return up to 64 kB of server memory to the attacker. It is likely that this memory was previously utilized by OpenSSL. Data returned may contain sensitive information such as encryption keys or user names and passwords that could be used by the attacker to launch further attacks.
What CVSS v2 Base Vector (AV:?/AC:?/Au:?/C:?/I:?/A:?) would you assign to this vulnerability? Explain your decision for each component of the CVSS v2 Base Vector.
In your answer, you will need to replace the ’?’ in the CVSS v2 Base Vector. [30%]
c) Consider the following Java program
COM3501
String mname = request.getParameter(“month”); String uid = session.getCurrentUserId();
PreparedStatement pstmt = conn.prepareStatement
(“SELECT username , startdate , transaction , amount
FROM transaction_history
WHERE user=” + uid + ” AND month=” + mname”); pstmt.execute();
pstmt.close();
(i) (ii)
COM3501
What vulnerability does this program have? Briefly explain the vulnerability in general and, in particular, why this program is vulnerable. [20%]
Rewrite this program to fix the vulnerability. [20%]
END OF QUESTION PAPER 7