Computer Security 6, Exercises Solution- Computer Science, Exercises of Computer Security

Computer Security 6, Exercises Solution- Computer Science - Prof. David Wagner.pdf, University of California (CA) - UCLA, United States of America (USA), Prof. David Wagner, Computer Science, Computer Security, Firewalls and Network Threats, Zero-Knowledge Proofs, Firewall Deployments

Typology: Exercises

2010/2011

Uploaded on 10/30/2011

jokerxxx
jokerxxx 🇺🇸

4.3

(36)

330 documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CS 161 Computer Security
Fall 2005 Joseph/Tygar/Vazirani/WagnerMT 2 Soln
Problem 1. [Firewalls and Network Threats] (30 points)
List and explain three network threats that a firewall does not protect against. (If a threat only applies to
certain types of firewalls, then explain why this is the case.)
Sample threats: (1) Attacks against open ports, such as buffer overrun attacks against unblocked
services; (2) Malicious code or attacks carried in email or web traffic (many firewalls do not scan
or examine email and web payloads); (3) Attacks on the firewall itself (e.g., trying to penetrate the
firewall code by exploiting a buffer overflow in the firewall’s packet parsing code); (4) Internal attacks
by malicious insiders; (5) Attacks from compromised internal machines against other internal machines
(e.g., a laptop becomes infected with a worm, which tries to infect other inside hosts)—applies to
perimeter firewalls; (6) Attacks from compromised machines which have a VPN or other tunnel through
the firewall—applies to perimeter firewalls; (7) Denial of service attacks against the network link or the
firewall itself.
Grading: 10 point per threat, broken down as 5 points for the threat and 5 points for the explanation.
Problem 2. [Zero-Knowledge Proofs] (20 points)
Let (N,e)be Alice’s RSA public-key and (N,d)be her private key. Suppose that Bob claims to have
a signed message from Alice: he claims to have s=mdmod Nfor some particular mmod N(which he
reveals). Bob wishes to prove to Charlie that he has this signed message, without revealing any information
about s. The following are the first two steps in a protocol by which Bob can provide a zero-knowledge
proof of knowledge about s:
Bob selects a random number rmod Nand computes t=remod N. He sends tmod Nto Charlie.
Charlie randomly chooses one of two challenges: I) He asks Bob to send him Alice’s signature on t,
namely tdmod N. II) He asks Bob to send him Alice’s signature on m·t, namely (m·t)dmod N.
1. Fill in the last two steps of the protocol. i.e. how does Bob respond to each challenge. And what
should Charlie do to check each response.
Bob sends I) r or II) r ·smod N, according to Charlie’s challenge.
Charlie checks that I) re=tmod N. II) (r·s)e=t·mmod N.
Grading: 8 points, broken down as 2+2 for what Bob sends (cases I+II) and 2+2 for what Charlie
checks. No credit for telling Bob to send tdmod N or (m·t)dmod N (Bob doesn’t know d).
CS 161, Fall 2005, MT 2 Soln 1
pf3
pf4

Partial preview of the text

Download Computer Security 6, Exercises Solution- Computer Science and more Exercises Computer Security in PDF only on Docsity!

CS 161 Computer Security

Fall 2005 Joseph/Tygar/Vazirani/WagnerMT 2 Soln

Problem 1. [Firewalls and Network Threats] (30 points)

List and explain three network threats that a firewall does not protect against. (If a threat only applies to certain types of firewalls, then explain why this is the case.)

Sample threats: (1) Attacks against open ports, such as buffer overrun attacks against unblocked services; (2) Malicious code or attacks carried in email or web traffic (many firewalls do not scan or examine email and web payloads); (3) Attacks on the firewall itself (e.g., trying to penetrate the firewall code by exploiting a buffer overflow in the firewall’s packet parsing code); (4) Internal attacks by malicious insiders; (5) Attacks from compromised internal machines against other internal machines (e.g., a laptop becomes infected with a worm, which tries to infect other inside hosts)—applies to perimeter firewalls; (6) Attacks from compromised machines which have a VPN or other tunnel through the firewall—applies to perimeter firewalls; (7) Denial of service attacks against the network link or the firewall itself.

Grading: 10 point per threat, broken down as 5 points for the threat and 5 points for the explanation.

Problem 2. [Zero-Knowledge Proofs] (20 points)

Let (N, e) be Alice’s RSA public-key and (N, d) be her private key. Suppose that Bob claims to have a signed message from Alice: he claims to have s = m d^ mod N for some particular m mod N (which he reveals). Bob wishes to prove to Charlie that he has this signed message, without revealing any information about s. The following are the first two steps in a protocol by which Bob can provide a zero-knowledge proof of knowledge about s:

  • Bob selects a random number r mod N and computes t = r e^ mod N. He sends t mod N to Charlie.
  • Charlie randomly chooses one of two challenges: I) He asks Bob to send him Alice’s signature on t, namely t d^ mod N. II) He asks Bob to send him Alice’s signature on m · t, namely (m · t) d^ mod N.
  1. Fill in the last two steps of the protocol. i.e. how does Bob respond to each challenge. And what should Charlie do to check each response.
  • Bob sends I) r or II) r · s mod N, according to Charlie’s challenge.
  • Charlie checks that I) r e^ = t mod N. II) (r · s) e^ = t · m mod N. Grading: 8 points, broken down as 2+2 for what Bob sends (cases I+II) and 2+2 for what Charlie checks. No credit for telling Bob to send t d^ mod N or (m · t) d^ mod N (Bob doesn’t know d).
  1. This protocol is zero knowledge, in the sense that even a cheating verifier gets no information about the original signed message s. Recall that the key step in proving this is showing that there is a simulator who, without knowledge of s, can create the transcript of Charlie’s interaction with Bob with probability 1/2 regardless of which of the two challenges Charlie issues. Show how the simulator can achieve this goal. - The simulator flips a fair coin to guess whether the verifier will ask for I or II in the third message, picks a random number r mod N, and sends to the verifier: I) r e^ mod N or II) r e^ · m−^1 mod N (choosing between the two according to its coin flip). - The simulator receives the verifier’s challenge. If the simulator guessed the challenge in- correctly, give up (this happens with probability 1 / 2 ). Otherwise, continue. - The simulator sends r to the verifier. - Finally, the simulator outputs the transcript of its interaction with the verifier (assuming it hasn’t given up). Grading: 12 points. 6–7 points for noticing that you can answer both challenges, if you know in advance which challenge you will be given. 0 points for always sending r e^ and giving up or rewinding if the verifier asks for challenge II (a dishonest verifier might always for challenge II).

Problem 3. [Firewall Deployments] (30 points)

Explain the strengths and weaknesses of each of the following firewall deployment scenarios in defending servers, desktop machines, and laptops against network threats.

(a) A firewall at the network perimeter. Example strengths: (1) Mediates all incoming traffic from external hosts and can protect against many attacks by outsiders; (2) Easier to manage and to update policies, because of single central location; (3) Protects against some kinds of DoS attacks launched from the outside.

Example weaknesses: (1) No protection against malicious insiders; (2) No protection for mobile laptops while they are connected to other networks; (3) No protection if laptops get infected while travelling and then spread infection when they re-connect to our internal network.

Grading: 7 points total, broken down into 3 points for naming at least one valid strength, 4 points for at least one valid weakness.

(b) Firewalls on every end host machine.

Valid answer #1: Tygar should receive higher priority, to prevent the system load from being used as a covert channel (otherwise the speed at which Quake runs depends on Wagner’s behavior, which means that Wagner could leak secrets to Tygar).

Valid answer #2: Both receive a fixed percentage of system resources, to prevent the system load from being used as a covert channel. For example, Quake always receives exactly 50% of CPU time, whether or not Tygar is using the system at the time.

Grading: 10 points total, 5 points for a correct statement of who gets which priority, 5 points for explaining why (to prevent system load from being used as a covert channel).

(c) Why is it difficult to implement systems supporting covert channel prevention that perform well? Ex- plain your answer. Every resource that is shared among multiple users represents a possible covert channel. Pre-allocating such resources with a fixed schedule leads to a loss of performance; while trying to dynamically multiplex access to such resources on the fly in a way that leaks nothing is difficult. Also, there are many shared resources, and it is hard to identify them all.

Grading: 10 points for a full answer. Partial credit for several common answers.