Paxson Spring 2011 CS 161 Computer Security Homework 4 Due Monday May 2 at 11 59pm Instructions Submit your solution electronically via your class account by Monday May 2 at 11 59pm You should upload a single file HW4 pdf Your writeup should include your name your class account name e g cs161 xy your TA s name the discussion section time where you want to pick up your graded homework and HW4 prominently on the first page Use a legible font and clearly label each solution with the problem subproblem to which it belongs You must submit a PDF file we will not accept other formats You must work on your own on this homework Updated 24Apr11 due date shifted three days later to Monday with the consideration mentioned in the next paragraph Also some typos fixed Note while this assignment is due on Monday May 2 you need to turn it in by the original due date of Friday April 29 if you want to assure that it will be graded and available for you to pick up several days before the final exam on May 12 Note some of these problems look back to topics addressed earlier in class Keep in mind that the final exam will be comprehensive across all topics Problem 1 DNSSEC 20 points DNSSEC DNS Security Extensions is designed to prevent network attacks such as DNS record spoofing and cache poisoning When queried about a record that it possesses such as when the DNSSEC server for example com is queried about the IP address of www example com the DNSSEC server returns with its answer an associated signature For the following suppose that a user R a resolver in DNS parlance sends a query Q to a DNSSEC server S but all of the network traffic between R and S is visible to a network attacker N The attacker N may send packets to R that appear to originate from S a Suppose that when queried for names that do not exist DNSSEC servers such as S simply return No Such Domain the same as today s non DNSSEC servers do This reply has no associated signature Describe a possible attack that N can launch given this situation b Suppose now that when queried for a name Q that does not exist S returns a signed statement Q does not exist 1 Describe a DoS attack that N can launch given this situation Page 1 of 7 2 Describe a circumstance under which N can still launch the attack you sketched in the first part above or explain why this attack no longer works c One approach for addressing the above considerations is to use NSEC Records As mentioned in lecture when using NSEC S can return a signed statement to the effect of when sorted alphabetically between the labels L1 and L2 there are no other labels Then if the label L3 in the query Q lexicographically falls between L1 and L2 this statement serves to inform R that indeed there s no information associated with L3 We discussed in lecture how NSEC has a shortcoming which is that an attacker can use it to enumerate all of the labels in the given domain that do indeed exist To counter this thread in the April 6 section materials we introduced the NSEC3 Record which is designed to prevent DNS responses from revealing unnecessary information NSEC3 uses the lexicographic order of hashed labels instead of their unhashed order In response to a query without a matching record NSEC3 returns the hashed names that come just before and just after the hash of the query Suppose that the server S has records for a example com b example com and c example com but not for abc example com In addition assume that a hashes to 30 b to 10 c to 20 and abc to 15 If the query Q from R is for abc example com what will S return in response Describe how R uses this to validate that abc example com indeed does not exist d In more detail the way the hashes work in NSEC3 is they are computed as a function of the original name plus a salt and an iteration parameter as follows Define H x to be the hash of x using the Hash Algorithm selected by the NSEC3 RR k to be the number of Iterations and to indicate concatenation Then define IH salt x 0 H x salt and IH salt x k H IH salt x k 1 salt if k 0 Then the calculated hash of a name is IH salt name iterations In an NSEC3 reply the name of the hash function the salt and the number of iterations are also included that is they are visible and assumed to be easily known All replies from a given server use the same salt value and the same Homework 4 Page 2 of 7 CS 161 SP 11 number of iterations Suppose an attacker has a list of names of interest i e labels for which they want to know whether the given label is in a particular domain If the attacker can get all of the NSEC3 responses for the particular domain can they determine whether these names exist If so sketch how If not describe why not e What is the purpose of the salt in NSEC3 replies f What is the purpose of the iteration parameter in NSEC3 replies g The specification of NSEC3 also sets an upper bound on the iteration parameter What threat does that protect against Problem 2 Covert Channels 20 points Consider a highly secured operating system that runs jobs for multiple users but tries to assure strict isolation between the jobs i e the jobs have no means to communicate with one another The OS not only prohibits use of shared memory and any other forms of interprocess communication pipes sockets shared memory signals use of the ps command but also eliminates shared resources such as a global file descriptor pool The OS does however provide read only access to a common file system This file system does not make available access time information a Sketch how two cooperating processes could use the common file system to create a covert channel for communication You can assume that the OS tries to optimize performance when accessing files by caching recently accessed blocks b In rough terms what is the capacity of your covert channel State any assumptions you make in your estimate c Suppose the OS eliminates the common read only system in its entirety though retains the performance technique of caching recently accessed blocks Can two cooperating processes still communicate If so sketch how and again estimate in rough terms the capacity of the channel If not then explain why communication is no longer possible Problem 3 Detecting Worms 20 points Assume that you are working for a security company that has to monitor a network link for worm traffic The link connects a large site with the rest of the Internet and always has lots of traffic on it Your company sells a …
View Full Document
Unlocking...