SFL Main Exam
Winter Term 21/22, Feb 24, Group 0
Points and time: This exam lasts 90 minutes, plus 30 minutes for uploading your
results. In total, you can obtain 90 points, i.e., plan for one minute per point.
Copyright By PowCoder代写 加微信 powcoder
Allowed materials: This is an open-book exam. You are allowed to use the lecture material (slides, books, exercises), a local system (including compiler, debugger and dis/assembler), a calculator, and dictionaries. You are not allowed to team up with others, or to otherwise communicate. The usage of the Internet, except the exam video conference, lecture videos and Moodle, is prohibited.
Solution format: Solve the questions on your own paper with a well-readable pen. Typewritten solutions will not be accepted. Please note your student number on all pages. Answer in German or English. Watch your handwriting!
Solution submission: Digitize your hand-written exam (e.g., using a scanner or camera) and upload your solution to the according Moodle task (“Aufgabe”) before the deadline. Please make sure that your digitized solutions are readable.
Passing this exam: You have passed this exam if you obtain at least 50% of the points, i.e., ≥ 45 points in total.
1 2 3 4 5 6 7 Sum
Short Title
Symmetric Cryptography Network Security Shellcode
Code-Reuse Attack Access Control
Web Security
1 RSA (12 points)
1. (4 pts) RSA Computation: Let p = 3 and q = 19 be the chosen RSA prime numbers and e = 31 the public exponent. Compute n, i.e., the second part of the public key, and the private key d. Hint: d <= 11.
2. (4 pts) Encryption: Encrypt the plaintext message x = 5 using the public key (n = 57, e = 3). Warning: Do not use the key material derived from the previous task; use the ones specified in the previous sentence.
3. (4 pts) Decryption: Decrypt the ciphertext y = 5 using the private key d = 7 and the public key (n = 33,e = 3).
SFL Main Exam
Page 2 of 8
2 Symmetric Encryption (14 points)
1. (4 pts) One-time Pads (OTPs): Assume two messages m1 and m2 are encrypted under the same OTP. An attacker observes the ciphertext c2 = 0101 of the second message; the ciphertext c1 (of the first message) is unknown. The attacker knows that m1 = 1111 and that m2 differs in exactly a single bit position (e.g., m2 = 1101 is valid, but also m2 = 0111).
How many bits in c1 will differ from c2? How can you (partially) derive the OTP?
2. (4 pts) Cipher block modes: Your colleague suggests a new cipher mode in which only the first block uses the key: c1 = Fk(m1), and all other subsequent blocks are masked using ci = mi ⊕ ci−1. Is this secure? Why (not)?
3. (3 pts) AES Keys: Assume a communication system with 8 users. How many keys overall are required if every pair of users wants to communicate over their “own” AES channel?
4. (3 pts) Symmetric Signatures: Assume two users A and B share a key KAB. Can they use HMACs such that A can prove to third parties that B has sent a given message? How, or why not?
SFL Main Exam
Page 3 of 8
3 Network Security (12 pts)
1. Stolen TLS Certificates (4 pts) Your fellow students claim that they have “stolen” the TLS certificate of schlau.de. After you sniffed the communication when visiting this website, you indeed can confirm that schlau.de ships its TLS certificate to its clients as part of the TLS handshake. Does the posession of the certificate allow you to impersonate schlau.de in a Person-in-the-Middle attack against an HTTPS-encrypted stream between a client and schlau.de? (+1) If so, how, if not, why not? (+3)
2. Self-Signed TLS Certificates (4 pts) Assume an attacker creates a self-signed TLS certificate for the domain schlau.de. If the attacker aims to “mimic” (dt.: “nachahmen”) the website using this certificate, would users notice? Why (not)?
3. Leaked TLS Certificate Credentials (4 pts) Assume the key material of one of the root CAs leaks publicly. What are the security implications of such a breach? How can this problem be resolved?
SFL Main Exam
Page 4 of 8
Partial x64 Linux System Call Table
# syscall arg1 arg2 arg3
xor rax , xor rdi , lea rsi, mov rdx , syscall
cmp rax, mov rdi , jle skip
rdi [fname] 32
0 sys read
Hint: Returns 1 sys write
Hint: Returns 2 sys open
Hint: Returns 3 sys close
Hint: Returns 57 sys fork
59 sys execve 60 sys exit 62 sys kill
87 sys unlink
Hint: Returns 89 sys symlink
Hint: Returns 90 sys chmod
Hint: Returns
uint fd char *buf size t count
the number of bytes that were read from fd into buf. uint fd char *buf size t count
the number of bytes that were written into fd from buf. char *fname int flags int mode
the file descriptor (fd) of the opened file.
0 if file fd was closed successfully, and -1 otherwise.
SFL Main Exam
4 Software Security: Shellcode (14 points)
You encounter the following Linux x64 shellcode. The code is structured in five code blocks (as per comments). Your task is to analyze this shellcode grouped by code block. Assume that fname is an address to readable/writable memory.
1. Calling convention (3.5 pts): Note down how the system call number and the first three parameters are passed to x64 Linux system calls. Mention where the system call return value is stored.
2. Syscalls (4.5 pts): The shellcode issues three system calls. List them and their parameters, identified by block number. Define system call return values whenever necessary. Example: rval = sys close(fd).
Hint #1: Find a partial system call table below.
Hint #2: 0 is a special Linux file that refers to stdin, i.e., input from the console.
3. Shellcode Block Semantics (6 pts): Each of the four code blocks follows a certain goal. Briefly describe this goal per code block.
push 87 pop rax lea rdi , syscall mov rdi ,
push 62 pop rax sub rax, syscall
char *fname
int error code
char *fname
0 if file fname was deleted successfully, and -1 otherwise. char *fname1 char *fname2
0 if symbolic link was created, and -1 otherwise.
char *fname int mode
0 if permissions were changed, and -1 otherwise.
char *argv[] int signal
char *envp[]
Page 5 of 8
5 Software Security: Code-Reuse Attack (12 points)
The following 64-bit x86 program contains a buffer overflow vulnerability that allows you to perform a code-reuse attack that calls the function reuse me():
#include
secret[] = “{Leak␣Me!}”;
reuse_me () { puts(secret); fflush(stdout);
11 int main() {
uint64_t bvb = 0x9; char input [8]; uint64_t sfl = 0x1337;
gets(input); printf(“You␣wrote:␣%s\n”, input);
Overflow (2 pts): Pinpoint and describe the buffer overflow vulnerability in the above program. State the affected line number(s), and when an overflow occurs.
Stack Layout (4 pts): Describe or draw the stack layout of the main() function just before the overflow may happen. That is, draw which elements are stored on the stack, and in which order. Assume that the base pointer is also stored on the stack, and that the order of variables on the stack is as specified in the program.
Exploit (4 pts): Provide a concrete input that abuses the vulnerability and jumps to the reuse me() function. Assume that the address of reuse me is 0x04556677.
ASLR (2 pts): Can a stack canary help to mitigate this concrete vulnerability? How, or why not?
SFL Main Exam
Page 6 of 8
6 Access Control (12 points)
Zeus Aphro Hades Artemis
Gentle Gentle Wannabes Moody
Privileges
File Owner Group Owner Group Other
iraklio RWX R—X –
SFL Main Exam
Assume a system with the users/groups (left) and files (right) listed above. Your task is to correctly fill the missing user (“Owner”) and group (“Group”) ownership and the privileges of each file. Be as restrictive as possible, i.e., only give access if explicitly mentioned in the task. Assume that the user and group assignment will never change.
Syntax: Use “R” for read, “W” for write, and “X” for executable privileges, respectively. Use “–” for no privileges. File “iraklio” just serves as an example.
Your tasks:
1. (3 pts): The file “athens” should be readable and writable by user “Zeus”. Fur-
thermore, the group “Gentle” should be able to read the file.
2. (3 pts): The file “thessa” should be owned by user “Aphro” and be readable by everyone. But only “Aphro” should be allowed to write to this file.
3. (3 pts): The file “patras” should be read- and write-accessible by its owner “Hades”.
4. (3 pts): “Poseidon” created and regularly patches/tests the executable file “pi- raeus”, but also users “Aphro” and “Hades” should be able to execute the file.
Page 7 of 8
7 Web Security (14 pts)
1. (5 pts) You are responsible for a webshop that ships the following form to let authenticated (logged in) users submit orders via HTTPS.
a) (2 pts) This form is unprotected against a certain attack type. Which? b) (2 pts) What could attackers achieve by abusing this insecure form?
c) (2 pts) How can you fix this vulnerability?
1