EECS 565 Intro Information Computer Security Homework 2 Authentication 1 User Alice wants to access the File Server FS in a private network through Kerberos So she first logs in to the Authentication Server AS and authenticates herself using her password During the login session Alice and AS exchange the following messages Alice AS message1 ID TGS timestamp Alice Alice AS message2 ENC K 1 Ticket TGS ID TGS timestamp AS K Alice where Ticket TGS ENC K 1 ID Alice ID TGS timestamp AS lifetime K TGS Notes 1 K Alice denotes the secret key of Alice and K TGS denotes the secret key of the Ticket Granting Server TGS 2 ENC m k denotes using a symmetric key encryption algorithm to encrypt the message m with the key k and denotes concatenation a Please explain how the AS could verify the secret key K Alice Answer AS is the authentication server When Alice first logs in to the AS she sends her credential to the AS From her password AS deduces the secret key K Alice This key is shared between Alice and AS b What is K 1 Who generate it Answer K 1 is sent to Alice by the AS in message 2 So it is generated by the AS This message is encrypted using the encryption algorithm ENC and the secret key K Alice So K 1 is securely sent to Alice K 1 will be used for Alice to authenticate to the TGS server So it is a secret session key shared between Alice and the TGS c Can Alice read the content of Ticket TGS Can Alice forge the ticket Can Alice reuse the ticket in another time Answer 1 No Alice cannot read the ticket Ticket TGS is encrypted by the key denoted as K TGS This is the secret key of the TGS server which is shared only with the authentication server AS So Alice does not know the key and cannot read the content of the ticket 2 No Alice cannot forge the ticket For the same reason that she does not hold the secret key 3 The ticket has a value called timestamp and another value called lifetime So if the ticket is still valid within its lifetime it can be reused by Alice Otherwise it cannot d How could the ticket granting server authenticate Alice Answer Alice will send the TGS ticket received from the AS in message 2 to the TGS server Alice also encrypts some information about ID Alice timestamp and lifetime etc using the secret key K 1 This is called an authenticator The TGS could decrypt the ticket to get information about this authentication request the user identified as ID Alice is requesting service at ID TGS itself Besides it obtains the secret key K 1 from the ticket Meanwhile the TGS could decrypt the authenticator to get information about Alice ID Alice With both information the TGS authenticates Alice 2 Please explore the certificates pre installed in your browser and pick one certificate as an example to show its CA the principal signature timestamp and expiration You can describe the data or use a screenshot and note the content Answer the answer varies based on the certificate student selects to study Below is the certificate of canvas ku edu We could see CA Let s Encrypt principal canvas ku edu signature fingerprints expiration not after timestamp close to the value not before but you need to scroll down to see the creation time which is not shown in the below screenshots Database Security 3 To prevent the inference attacks the database systems implement multiple controls Please list these controls discussed in the lecture and pick one to explain which type of inferences it prevents Answer Inference attacks are confidentiality attacks against database systems and their access control You can pick any of the below to discuss 1 Statistical queries and statistical databases to prevent leaking sensitive data from direct inference a database could disallow querying individual entries related to sensitive data instead allow only statistical queries or store data in special databases that support statistical use only 2 Item control database can 1 suppress the results if query is on certain sensitive data such as not returning certain data 2 conceal the results such as modifying the data to be returned Item control can be used to prevent indirect inferences for example suppress or conceal the results if only a small number of records consist of a large portion of the data in the result The goal is to make inference harder 3 Query control keep a history of queries and limit the overlap between new and old queries It could be used to control tracker attacks which ask multiple queries and learn from the results based on their linear relations 4 Database partitioning partition a database into exclusive groups and allow one user to query each group to prevent all types of inference attacks 4 What is the tracker attack Can we use access control to prevent this attack If so briefly explain how this access control could be implemented Answer Tracker attack is a type of inference attacks in statistical databases It uses a tracker query to bypass database s count based access control i e if the number of results is less than a preset small number or larger than a preset large number DBMS will refuse to return the results Query control can be used to detect tracker attacks Therefore if we implement an access control based on query set overlap we could prevent the attack This access control could be implemented using any access control models such as ACM ACL etc by adding a rule to describe the intersection of query results that need to be controlled Operating System Security 5 What is protection domain Answer In operating systems protection domain is a collection of objects that a process has access to Each domain defines 1 a set of objects and 2 the actions that can be invoked on each object 6 Protection domains can be implemented with access control matrix Consider a system with 3 files F1 F3 and a printer 4 protection domains are defined 1 a process running in domain D1 can read files F1 and F3 2 a process in domain D2 can read F2 write F3 and execute F1 3 a process in domain D3 can print files to printer 4 a process in D4 has the same privileges as the one in D2 In addition it can also read F3 and write F2 Could you please compose an access control matrix to describe the protection domains in this system Answer Each domain should provide privileges requested by the process So the AC matrix looks like below D1 D2 D3 D4 F1 read execute F2 read F3 read write execute read write read write Printer print Answer 7 Set user setuid and set group setgid programs are powerful mechanisms provided by the Unix