CSE 127: Computer Security Fall 2008Homework #2Due: Tuesday, December 2nd, 2008, 3:30 pm.Problem 1 Consider the following simple variant of the mutual-authentication protocolEric Rescorla presented in class, in which a client connects to a server and each verifiesthat the other knows the shared secret Sab:Alice (client) Bob (server)Challenge1//H(Sab+ Challenge1), Challenge2ooH(Sab+ Challenge2)//Here a client might be a user with a Web browser and a server might be a Web serveraccepting connections over the Internet. The client initiates connections; the serveraccepts connections.Compared to the protocol presented in class, the protocol here has the client send thefirst challenge; it also doesn’t tie the two challenges to each other. These appear to beinnocuous changes, but in fact the modified protocol is insecure : Veronica, a maliciousclient, can convince the server Bob that she is Alice even though she doesn’t know thesecret Sab.Explain the security problem in the modified protocol. What exactly makes the originalprotocol immune to it?Hint : Your attack will make use of more than one protocol interaction.Suggest one way to fix the modified protocol without changing the number or directionof the message flows.(The subtlety of such flaws is one reason that it is unwise to attempt to design newcryptographic protocols.)Problem 2 The Internet is, slowly, transitioning from the version of the TCP/IP protocolsuite currently in use — IPv4 — to a new version, IPv6.Unlike IPv4 IP addresses, which are 32 bits long (e.g., 192.168.10.1), IPv6 IP addressesare 128 bits long (e.g., 2001:1890:1112:0001:0000:0000:0000:0020).(a) Consider random-scanning Internet worms. These worms spread by choosinga random IP address, connecting to any host answering to that address, andattempting to infect it.Is the random-scanning strategy feasible if the Internet switches from IPv4 toIPv6? Why or why not?Hint : Consider the density of Internet-connected machines in the IP addressspace.(b) On the IPv6 Internet, what are some specific ways that a worm, executing on acompromised computer, can discover IP addresses of other hosts to try to infect?Hint : Consider sources of IP address on the infected computer itself and on thelocal-area network to which it is connected.(c) Suppose the worm targets Web servers running some application (say, bulletinboard software written in PHP). Can Google searches help the worm find potentialtargets? How?Problem 3 As we discussed in class, e-mail is transmitted from sender to recipient by meansof the SMTP protocol. Each domain advertises an SMTP server that receives incomingmail using MX records in the DNS. For example, GMail’s incoming SMTP server isgmail-smtp-in.l.google.com (which is actually an array of machines load-balancedthrough DNS A-record resolution).Users’ desktop computers are not usually configured to connect directly to the recipi-ent’s incoming SMTP server. Instead, they relay all mail through an outgoing SMTPserver for their domain, which itself handles the mail delivery. For example, outgoingmail from CSE department computers is handled by cse-smtp.ucsd.edu.Now, consider a computer in the CSE department that has been compromised as partof a botnet and is being used by the botnet owners to send spam to users at varioussites, such as GMail.(a) Suppose the bot software installed on the computer uses the outgoing SMTPserver configured on the computer (cse-smtp.ucsd.edu) to send the spam. Howcan the CSE department network administrators best block the outgoing spam?(What is the anomalous behavior? What system detects it? What action doesthat system undertake to block the spam?)(b) Suppose instead that the bot software bypasses the outgoing SMTP server, andconnects directly to the incoming SMTP servers for each domain to which spamis sent. (That is, the bot software installed on the compromised machine actsas its own outgoing SMTP server.) How can the CSE department network ad-ministrators best block the outgoing spam in this case? (What is the anomalousbehavior? What system detects it? What action does that system undertake toblock the