CS 155: Spring 2007June 2007CS 155 Final ExamThis exam is open books and open notes, but you may not use a laptop. You have 2 hours.Make sure you print your name legibly and sign the honor code below. All of the intendedanswers may be written well within the space provided. You may use the back of the precedingpage for scratch work. If you want to use the back side of a page to write part of your answer,be sure to mark your answer clearly.The following is a statement of the Stanford University Honor Code:A. The Honor Code is an undertaking of the students, individually and collectively:(1) that they will not give or receive aid in examinations; that they will not give orreceive unpermitted aid in class work, in the preparation of reports, or in any otherwork that is to be used by the instructor as the basis of grading;(2) that they will do their share and take an active part in seeing to it that others aswell as themselves uphold the spirit and letter of the Honor Code.B. The faculty on its part manifests its confidence in the honor of its students by refrainingfrom proctoring examinations and from taking unusual and unreasonable precautionsto prevent the forms of dishonesty mentioned above. The faculty will also avoid, as faras practicable, academic procedures that create temptations to violate the Honor Code.C. While the faculty alone has the right and obligation to set academic requirements, thestudents and faculty will work together to establish optimal conditions for honorableacademic work.I acknowledge and accept the Honor Code.(Signature)eSENIOR? (Print your name, legibly!)Prob # 1 # 2 # 3 # 4 # 5 # 6 # 7 # 8 # 9 TotalScoreMax 13 13 9 8 12 8 7 10 10 901. (13 points) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Short Answer(a) (2 points) Suppose a remote attacker is able to learn the value of the randomcanary used by StackGuard (e.g., due to a format string bug). Can the attackercircumvent the StackGuard buffer overflow protection mechanism? If so, explainhow. If not, explain why not.(b) (2 points) What is a “time of check, time of use” bug?(c) (6 points) In the DoS lecture we discussed a defense mechanism based on clientpuzzles.a. How do client puzzles help in mitigating DoS attacks? (it suffices to focus onapplication-layer attacks such as an HTTP request flood).b. Some puzzles are CPU-bound while others are memory-bound. What is thebenefit of memory-bound puzzles over CPU-bound puzzles?(d) (3 points) How does IPsec defend against packet replay attacks?22. (13 points) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Worm detectionThe Internet Storm Center (ISC) has a number of honeypots at a few fixed (and secret)IP addresses on the Internet, say n IP addresses total. The ISC puts out daily reportsof worm activity. To be concrete, suppose the ISC publishes daily counts of the totalnumber of infection attempts on port 137 (netbios) on all n sensors in the last 24 hours.You may assume that on a quiet day each sensor sees less than 50 attempts.(a) (2 points) Suppose a worm developer knows the location of all n ISC sensors. Ex-plain how he/she could write a fast spreading worm that is not be detectable by theISC.(b) (6 points) Consider an attacker who controls a large bot army. Describe an algo-rithm that enables the attacker to locate one of the ISC sensors within 32 days. Youmay assume that the bot army can send 100 · 231packets within one day.Hint: “32” refers to the number of bits in an IP address.(c) (5 points) How long will it take to discover all n sensors? Give the best algorithmyou can.33. (9 points) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distributed denial of serviceSuppose that a web site uses a service like prolexic to defend itself against packet floods.The site comes under an attack from a bot army that generates a flood of normal-lookingHTTP requests.(a) (2 points) Can a packet flood filter (like prolexic) stop the attack?(b) (3 points) Suppose the site maintains a list of past IP addresses that legitimatelybrowsed the site before the attack started. Describe an architecture that wouldenable the site to keep servicing those machines on the list.(c) (4 points) Can you suggest a way that the bot-net can adapt to defeat your defensemeasure from part (b)?44. (8 points) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hashes and MACsA Message Authentication Code (MAC) consists of two algorithms (S, V ). AlgorithmS(k, m) uses a secret key k to generate an integrity tag for a message m. AlgorithmV (k, m, t) uses a secret key k to validate a given integrity tag t for m.Recall that a cryptographic hash function h is a non-keyed function that outputs a shorthash h(m) for an input message m. The function is said to be collision resistant if it isdifficult to find a collision: two distinct messages m0, m1such that h(m0) = h(m1).Let us consider four mechanisms for providing file integrity for a single file F on disk.The file system must be able to detect any unauthorized modification to this file. We saythat the system is secure if an attacker cannot modify F without being detected. Youmay assume that the owner of file F has a password known to the system, but not to theattacker.• Method 1: Compute an integrity tag for file F and store the integrity tag in theheader of F . Upon file open the file system checks that the integrity tag is valid.(a) (2 points) Suppose the integrity tag is computed using a collision resistanthash function applied to F . Validating the integrity tag upon file open is doneby rehashing the file and comparing the result to the value in the file header.Is the resulting system secure?(b) (2 points) Suppose the integrity tag is computed as the MAC of F using theuser’s password as the MAC secret key. Is the resulting system secure?5• Method 2: Compute an integrity tag for file F and store the integrity tag in readonly memory (say, a disk partition that the attacker can read but not modify).(a) (2 points) Suppose the integrity tag is computed using a collision resistanthash function. Is the resulting system secure?(b) …
View Full Document
Unlocking...