2021
CS 161 Computer Security
Final
For questions with circular bubbles, you may select exactly one choice on the Exam Tool. Unselected option
Only one selected option
For questions with square checkboxes, you may select one or more choices on the Exam Tool.
You can select
multiple squares
For questions with a large box, you need to write your answer in the text box on the Exam Tool.
There is an appendix at the end of this exam, containing descriptions of all C functions used on this exam.
You have 170 minutes, plus a 10-minute buffer for distractions or technical difficulties, for a total of 180 minutes. There are 10 questions of varying credit (200 points total).
The exam is open note. You can use an unlimited number of handwritten cheat sheets, but you must work alone.
Clarifications will be posted on the Exam Tool.
Q1 MANDATORY – Honor Code (5 points) Read the following honor code and type your name on Gradescope.
I understand that I may not collaborate with anyone else on this exam, or cheat in any way. I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be reported to the Center for Student Conduct and may further result in, at minimum, negative points on the exam and a corresponding notch on Nick’s demolition tool.
Page 1 of 26
Q2 True/false (38 points) Each true/false is worth 2 points.
Q2.1 True or False: WPA2 is a protocol that translates IP addresses to MAC addresses. True False
Q2.2 True or False: Specification-based detection uses a blacklist. True False
Q2.3 True or False: If a pseudorandom number generator (pRNG) is secure, then an attacker who only sees the output of the pRNG is unable to learn its internal state.
True False
Q2.4 TrueorFalse:Argon2andPBKDF2areappropriatealgorithmstousewhenhashingandstoring passwords in a database.
True False
Q2.5 True or False: All forms of two-factor authentication (2FA) are resistant to phishing attacks. True False
Q2.6 TrueorFalse:Loggingisamethodofintrusiondetectioninwhichserverlogfilesarepreserved so they can be asynchronously scanned to detect malicious activity.
True False
Q2.7 True or False: Cryptographically secure MACs can be constructed using secure cryptographic hash functions.
True False
Q2.8 TrueorFalse:Whenanalyzingacryptographichashingscheme,preimageresistance(one-way) implies collision resistance.
True False
Q2.9 True or False: Sending all DNS requests and responses over HTTPS can be used as an effective defense against censorship by preventing censors from knowing what websites you are visiting.
True False
Q2.10 TrueorFalse:One-timepads,aslongastheyareusedcorrectly,aresecureagainstanadversary with infinite computational power.
True False
Q2.11 True or False: TLS is able to prevent on-path attackers from learning metadata about your communications (e.g. request and response times, message length) by encrypting communications from a client to a server.
Final
Page 2 of 26 CS 161 – Spring 2021
True False
Q2.12 True or False: Publicly accessible stairs, walkways, and elevators can be considered part of the physical equivalent of a trusted computing base for airport security.
True False
Q2.13 True or False: Clickjacking refers to a class of attacks where the attacker manipulates the user interface of a website to convince the user to click something that they did not intend to click on.
True False
Q2.14 Consider two different detectors with the same false positive rate and false negative rate. Assume that false negatives and false positives are equally costly.
True or False: A website with a high volume of users but a low volume of attacks would benefit more from placing the detectors in series rather than in parallel.
True False
Q2.15 True or False: Signature-based intrusion detection systems are good at identifying novel network attacks that have not been previously seen.
True False
Q2.16 True or False: A primary advantage of a host-based intrusion detection system (HIDS) over a network-based intrusion detection system (NIDS) is that traffic can be analyzed in plaintext, since the host can access decrypted TLS traffic.
True False
Q2.17 True or False: For organizations with a large number of network devices, network-based intrusion detection systems (NIDS) are easier to deploy and manage than host-based intrusion detection systems (HIDS).
True False
Q2.18 TrueorFalse:TheUDPprotocolguaranteesthatpacketsaredeliveredtothedestinationserver by detecting dropped packets and retransmitting them until they are acknowledged.
True False
Q2.19 True or False: Alice decides to use Tor to protect herself from tracking and surveillance online. The Tor circuit contains three Tor nodes: an entry node, a relay node, and an exit node. Assume the nodes do not collude. The exit node knows Alice’s IP address but not the domain of the website she is visiting.
True False Q2.20 True or False: EvanBot is a real bot. (0 points)
Final
Page 3 of 26 CS 161 – Spring 2021
Final
Page 4 of 26
CS 161 – Spring 2021
True
False
Q3 Full Stack Security (17 points) Examtool is a test-taking website located at https://exam.cs161.org/. Assume that all network connections are made over HTTPS, unless otherwise specified.
Examtool uses session tokens for user authentication. Session tokens are stored as cookies with Domain=exam.cs161.org and no other cookie attributes (no Secure flag, no HttpOnly flag, Path=/).
When a student fills out or changes an answer, their browser makes a POST request to https://exam.cs161.org/submit_question with the student’s updated answers.
Q3.1 (5 points) Which of the following attacks could allow an adversary to read the session token cookie? Select all that apply.
(A) Reflected XSS attack at https://exam.cs161.org/
(B) Stored XSS attack at https://exam.cs161.org/
(C) Exploitable buffer overflow vulnerability in the student’s browser
(D) Root access to another device on the same Wi-Fi network that the student is using
(E) Root access to the Wi-Fi access point that the student is using
(F) None of the above
Q3.2 (4points) Foraquestiononanexam,Alicefirstsubmits“A”andthenlaterchangesheranswerand submits “B”. What could a MITM attacker between Alice’s computer and the exam.cs161.org server do? Select all that apply.
(G) Perform a DoS attack to prevent Alice from submitting an answer choice (H) Perform a replay attack to restore Alice’s saved answer to “A”
(I) Modify Alice’s submitted answer choice to “C”
(J) Run JavaScript in Alice’s browser
(K) None of the above
(L)
Q3.3 (4 points) Suppose the MITM attacker has identified a vulnerability in HTTPS that allows them to arbitrarily read and modify data in transit without detection. Alice submits another answer. What could a MITM attacker between Alice’s computer and the exam.cs161.org server do? Select all that apply.
(A) Set cookie values for the page at https://exam.cs161.org/ (B) Redirect Alice’s browser to https://evil.com/
(C) Access any file on Alice’s computer
Final
Page 5 of 26 CS 161 – Spring 2021
Final
Page 6 of 26
CS 161 – Spring 2021
(D) Change Alice’s answer choice without detection
(E) None of the above
(F)
The following subparts are independent of the previous subparts.
An instructor uploads an exam to Examtool by applying some cryptography to the exam and sending it over an insecure channel.
Assumptions:
• m is the message to encrypt (i.e. the exam).
• ∥ is concatenation.
• k1 and k2 are two different secret keys known only to the Examtool server and the instructor. • E(k, m) is the encryption function of an IND-CPA secure symmetric encryption scheme.
• MAC(k, m) is a secure MAC function.
For each pair of cryptographic schemes, select the scheme with fewer potential vulnerabilities. Q3.4 (2 points) Select the more secure scheme:
(G) C = C1∥C2, where C1 = E(k1, m) and C2 = MAC(k1, C1) (H) C = C1∥C2, where C1 = E(k1, m) and C2 = MAC(k2, C1) (I)
(J)
(K) (L)
Q3.5 (2 points) Select the more secure scheme:
(A) C = C1∥C2, where C1 = E(k1, m) and C2 = MAC(k2, C1)
(B) C = E(k1, m||MAC(k2, m)) (C)
(D)
(E)
(F)
Q4
1 2 3 4 5
Q4.1 (5 points) In the same-origin policy, which of the following are used in determining the origin of an HTTP webpage? Select all that apply.
(A) IP (C) Protocol (E) Request path
(B) Port (D) Domain name (F) None of the above
Q4.2 (3 points) Bear Bank is concerned that the ABtesters JavaScript library could steal customer passwords from the login form if the JavaScript library were compromised. Is this a valid concern?
(G) Yes, because the ABtesters JavaScript library executes with the origin of ABtester’s webpage.
(H) Yes, because the ABtesters JavaScript library executes with the origin of Bear Bank’s webpage.
(I) No, because https://cdn.abtesters.com uses a certificate that is signed for different domain name.
(J) No, because the ABtesters JavaScript library can only execute specific JavaScript functions required for its basic functionality.
(K) (L)
(3points) BearBankdecidestomovetheloginformtohttps://auth.bearbank.comandembed it on the homepage (https://bearbank.com/) in an iframe.
Can the ABtesters JavaScript library running on Bear Bank’s homepage steal customer passwords from the login form in the iframe?
(A) Yes, because the ABtesters JavaScript library is running on the same page as the iframe.
(B) Yes, because the ABtesters JavaScript library can execute any JavaScript it wants on the Bear Bank’s homepage.
(C) No, because the ABtesters JavaScript library is not developed by Bear Bank itself.
(D) No, because the ABtesters JavaScript library has a different origin than the login form.
“Bank-Grade” Security (28 points) Bear Bank is using a third-party analytics service called ABtesters. To use it, the bank website includes a tag to load the ABtesters JavaScript library.
Bear Bank’s website is located at https://bearbank.com and contains the following HTML: