UNIVERSITY OF EDINBURGH COLLEGE OF SCIENCE AND ENGINEERING SCHOOL OF INFORMATICS
INFR10067 COMPUTER SECURITY
Friday 10 th May 2019 09:30 to 11:30
INSTRUCTIONS TO CANDIDATES
Answer any TWO of the three questions. If more than two questions are answered, only QUESTION 1 and QUESTION 2 will be marked.
All questions carry equal weight. CALCULATORS MAY NOT BE USED IN THIS EXAMINATION
Year 3 Courses
Convener: C. Stirling
External Examiners: S.Rogers, S. Kalvala, H.Vandierendonck
THIS EXAMINATION WILL BE MARKED ANONYMOUSLY
1. (a)
Alice’s computer has the below firewall policy. Read it and use it to answer the following questions.
# Alice’s computer
# Generated by iptables-save v1.6.0
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp –dport 22 -j ACCEPT
-A INPUT -p udp -m udp –dport 6666 -j DROP
-A INPUT -p udp -m udp –dport 6666 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.1.0/24 –dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
-A INPUT -m conntrack –ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j DROP
-A OUTPUT -m conntrack -ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j DROP
COMMIT
i. If Eve (192.168.1.16) were to run a port scan on Alice’s computer using nmap what ports would she see as open? List the numbers of the open ports and explain your reasoning.
ii. Imagine Alice were to use her computer to access the Computer Secu- rity class website. You use Wireshark and limit the collection of packets to those coming from Alice’s computer headed for ports 80 or 443. In 1-2 sentences, describe the traffic you would expect to see coming from Alice’s computer. You can assume that no other computers are com- municating with Alice at the time.
iii. There are several different types of firewalls that operate at different layers of the OSI network stack. Name the type of firewall shown above and explain how you know it is of that type.
iv. Imagine that Eve decides she really does not like Alice having an in- ternal website on port 443. She decides to launch a SYN Flood attack against Alice. The SYN Flood described here has some disadvantages for Eve. Name one of the problems with this attack and suggest a better approach Eve could use.
QUESTION CONTINUES ON NEXT PAGE
Page 1 of 5
[4 marks]
[3 marks]
[3 marks]
[3 marks]
QUESTION CONTINUED FROM PREVIOUS PAGE
(b) For each of the following, assume that the user is correctly using Tor on their computer.
i. Bob logs into a website which uses HTTP, but not HTTPS. Can he be absolutely certain that his password will be safe in transit? Explain.
ii. Bob connects his laptop to a local coffee shop’s free WIFI. There have been some past reports of the shop recording website traffic and selling it. Is Bob’s browsing data safe from the coffee shop?
(c) Eve discovers a company website where she can log in using the username “admin” and the password “admin”. She uses this information to log onto the website and take a large amount of personal customer data.
i. How could this attack have been prevented.
ii. There are three types of authentication which start: “Something you…” Which type of authentication did Eve use?
iii. The website administrator would like to add an invisible second authen- tication mechanism to the website in addition to the password to further improve security. Describe how such an approach might be implemented on the site.
iv. There are five properties of security. Name one property which was violated in this attack and describe how it was violated.
[2 marks ]
[2 marks ]
[2 marks ] [1 mark ]
[3 marks ] [2 marks ]
Page 2 of 5
2. RSA signatures
In class we discussed the RSA Signature Scheme. I briefly remind you the details
of this cryptoscheme here:
• Key generation – Bob generates two large random primes p and q, and computes n = pq. He then picks a number v that is relatively prime to φ(n), and computes s such that s · v = 1 mod φ(n). From this point on, he can “throw away” the values p, q, and φ(n). They are no longer needed. Bob’s public verification key is vkB := (v, n). His private signing key is skB := s. He keeps skB secret, but publishes vkB to allow others to verify signatures he has issued under his signing key.
• Signing algorithm – Bob can sign a message m under his signing key skB as follows:
Sign(skB , m) := (m, (h(m))s mod n) where h is a secure cryptographic hash function.
• Verification algorithm – Given Bob’s verification key vkB, Alice can verify if a signature (m, σ) is a valid signature from Bob by testing if h(m) = σv mod n. That is,
True ifh(m)=σv modn Verif(vkB,m,σ) = False otherwise
The goal of this exercise is to explore why is hashing the message necessary for computing an RSA signature. We will consider the simplified RSA signature scheme which skips the hashing of message m and just uses m directly. So now to sign a message Bob just computes σ := ms mod n and sends (m, σ) to Alice.
(a) What is the verification algorithm for the simplified RSA signatures? In other words, what equation should Alice check, to confirm whether (m,σ) is a valid signature from Bob?
(b) Mallory knows that Alice and Bob are both using the simplified RSA signa- ture scheme, and wants to trick Alice. Assume that Mallory has captured over the network two signed messages from Bob (m1, σ1) and (m2, σ2). How (using these two messages) is Mallory able to forge a valid signature under Bob’s signing key, of a message different than m1 and m2? Justify your answer.
QUESTION CONTINUES ON NEXT PAGE
Page 3 of 5
[2 marks]
[3 marks]
QUESTION CONTINUED FROM PREVIOUS PAGE
(c) Alice and Bob are still using the simplified RSA scheme, but suppose now that Mallory has not previously seen any valid signature issued by Bob. Explain how only knowing Bob’s verification key vkB, Mallory is still able to forge a valid signature under Bob’s signing key. In other words Mallory can find m and σ such that Verif(vkB,m,σ) = True. Justify your answer. [Hint: m and σ can be chosen freely.]
(d) For standard RSA signatures, we typically set v to a small prime value such as 3. For this question, let Bob’s signing key be skB = 3.
Charlie is holding an auction. The protocol is simple. Bidders just submit signed bids (using the simplified RSA signature scheme) to Charlie. The message m is their bid (in pounds). Charlie will accept the highest bid and will expect that person to pay the amount they bid. Mallory wants to mess with Bob’s bidding. So, when Bob forms his bid m and sends to Charlie his signed bid (m, σ) where σ = ms mod n, Mallory intercepts it. Mallory would like to tamper with m and σ to form a new signature (64m,σ′) that corresponds to a bid for 64 times Bob’s original bid. This will force Bob to win the auction and pay much more for it. More precisely, she’d like to find a value σ′ such that σ′ is a valid signature on 64m, so she can replace (m, σ) with (64m, σ′) and forward the result onto Charlie. Help Mallory out: explain to Mallory how she can compute such a σ′. You will assume that m is small enough so that 64m < n, so that 64m does not wrap around modulo n. Justify your answer.
(e) Are your attacks from questions 2b, 2c and 2d possible against the real RSA signature scheme (the one that includes the cryptographic hash function)? Explain your answer.
[8 marks]
Page 4 of 5
[6 marks]
[6 marks]
3. Web security
Answer each question, and do not forget to justify or explain your answer.
(a) Consider this piece of pseudo PHP code
$query = "SELECT name FROM users WHERE uid = $UID";
// Then execute the query
where $UID represents a URL parameter named UID supplied in the HTTP GET request.
i. There is a security issue with this code. Explain what it is and how you would exploit it to delete all tables in the database.
ii. How does blacklisting work as a defence? What are some difficulties with blacklisting?
iii. What is the best way to fix the security issue from question 3(a)i? Justify your answer.
(b) Is setting the Secure flag on a cookie enough to defend from all CSRF attacks? Justify your answer.
(c) Is setting the Secure flag on a cookie enough to defend against all XSS cookie-stealing? Justify your answer.
(d) Is setting the HTTPOnly flag on a cookie enough to defend against all XSS cookie-stealing? Justify your answer.
(e) Is switching all application requests to HTTP Post enough to stop all CSRF attacks? Justify your answer.
(f) Is the Same Origin Policy enough to prevents all XSS attacks? Justify your answer.
(g) Can two Javascript scripts embedded in pages running in two different tabs on a user’s browser access the resources (such as cookies) of each other? Justify your answer.
[3 marks ] [2 marks ] [2 marks ]
[3 marks ] [3 marks ] [3 marks ] [3 marks ] [3 marks ]
[3 marks ]
Page 5 of 5