CS 772 Network Security Exam, Fall 2006 - Prof. H. Abdel-Wahab, Exams of Computer Science

The final exam questions for the CS 772 Network Security course offered at Old Dominion University in the Fall of 2006. The exam covers topics such as Kerberos, SSL, RSA, and certificate signing. The questions are a mix of multiple choice and problem-solving types.

Typology: Exams

2019/2020

Uploaded on 11/25/2020

koofers-user-c7r
koofers-user-c7r 🇺🇸

9 documents

1 / 11

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CS 772
Network Security: Concepts, Protocols and Programming
Fall 2006
Final Exam
Time 2 & 1/2 hours
Open Book & Notes
Name:
Login:
All questions are of equal weights.
Please be brief and try not to exceed the space allocated for each answer.
1
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download CS 772 Network Security Exam, Fall 2006 - Prof. H. Abdel-Wahab and more Exams Computer Science in PDF only on Docsity!

CS 772

Network Security: Concepts, Protocols and Programming

Fall 2006

Final Exam

Time 2 & 1/2 hours

Open Book & Notes

Name:

Login:

All questions are of equal weights.

Please be brief and try not to exceed the space allocated for each answer.

Q1:

The following illustrates the operation of Kerberos when Alice likes to rsh to Bob. Modify these figure

if the KDC uses public-key infrastructure , i.e, the KDC does not have any shared secretes with the

principles; it is only a trusted mediator among the principles.

Alice workstation KDC Alice, passwd > Alice needs a TGT > < KA { SA }, Kkdc {T} Alice workstation KDC Bob rsh Bob > Alice wants Bob, TGT > < SA {"Bob", KAB , ticket to Bob} ticket to Bob = KB { "Alice", KAB }, KAB {t} > < KAB {t+1} solution: Alice workstation KDC Alice, passwd > Alice needs a TGT > < { SA }eA, Kkdc {T} Alice workstation KDC Bob rsh Bob > Alice wants Bob, TGT > < SA {"Bob", KAB , ticket to Bob} ticket to Bob = { "Alice", KAB }eB, KAB {t} > < KAB {t+1}

Q4:

The security handshake protocols are evaluated according to security & pereformance.

The performance parameters are:

  • Number of messages,
  • Processing power required, and
  • Compactness of messages.

Compare the following two protocols, P1 and P2, with respect to the above performance measures:

Alice Bob

P1: I'm Alice, K{timestamp} --- > P2: I'm Alice, timestamp, hash {K, timestamp} >

Ans:

P2 requires less power, since hash requires less computational power than encryption.

Q5:

The following is a proposed mutual authentication protocol.

Alice Bob

I'm Alice >

< R, hash (K,R)

hash(K, R+1) >

What are the possible flaws in this protocol?

Ans:

Bob is sure that she is Alice, but Alice can not be sure that Bob it Trudy

since Trudy can record and a play a previous message between Alice and Bob.

Propose how to fix the possible flaws with minimal modifications to the protocol.

Fix: Alice Bob I'm Alice > < Rb hash (K, Rb), Ra > < hash (K, Ra)

Q6:

How Trudy may exploit the “source routing” feature of the IP protocol?

Ans:

He can insert pretend to be Alice and get the answer from Bob

by inserting himself in the middle:

<Alice, Trudy, Bob>

and Bob will reply with source route:

<Bob, Trudy, Alice>

Q7:

Assume that UNIX uses the user login name in lieu of the traditional salt , what is the effect on

security of this modification?

Ans: No effect, it still requires |D|.|F| to perform dictionary attack.

Q10:

In SSL, explain how the client and server mutually authenticate each other?

Ans: The client first authenticates the server, by checking the certificate presented by the server. Normally the server authenticates the client using: <name, password> sent securely over the ssl connection.

Q11:

In SSL, explain how to ensure that two identical plain messages will be transmitted as two different

cipher messages?

Ans: If block cipher is used, the IV is used to encrypt the first record; the final block of each record is used as the IV for the next record.

Q12:

Assume that Alice likes to have a secure conversation with Bob and she wants a trusted 3rd^ party T to

record the conversation. One possible scheme is to establish two SSL connections from Alice and Bob

to T. How many times a message typed by one person to be encrypted/decrypted before the other

person can read it? Explain?

Ans: 2

Since it has to encrypted from Alice to T,

decrypted then encrypted by T and

then decrypted by Bob.

Q13:

Consider the following PEM message:

From: Alice To: Bob Subject: CS772 Final Date: Mon Dec 4, 2006 -----BEGIN PRIVACY ENHANCED MESSAGE----- Proc-Type: 4, ENCRYPTED Content-Type: RFC DEK-Info: DES-CBC, IV Originator-ID-Asymmetric: < Alice certificate ID> Key-Info: RSA, <encoded message key encrypted with Alice public key> MIC-Info: RSA-MD5, RSA, <encoded encrypted MIC> Recipient-ID-Asymmetric: < Bob certificate ID> Key-Info: RSA, <encoded message key encrypted with Bob public key> -----END PRIVACY ENHANCED MESSAGE-----

Is it possible for Bob to prove that indeed Alice sent that message to him? Explain?

No, since it is not signed.

Is it possible for Trudy to intercept and the read and modify the message? Explain?

No, since he does not have Bob private key.

Consider the above listings of certificates:

1. Who is the CA?

2. How long the certificate is valid?

3. What is the value of the subject public key <e, n>?

4. What is the value of the issuer public key?

5. Why you think that the signed certificate indeed corresponds to the certificate request?

6. Is it possible for the owner of the signed certificate to issue and sign other certificates?

Ans:

  1. Dr. wahab?
  2. 1 year
  3. e=65537, n= 00:9b:5e:7d:fc:c8:73:4e:
  4. not there, since the CA certificate is not listed.
  5. since the public keys are the same in both.
  6. no, since CA=False.

Q15:

In RSA, assume e = 3, p = 11 and q =23.

Show that 147 is a possible value of d.

n=pq=11.23=

Phi(n)=(p-1)(q-1)=10.22=

e.d=3.147=441=1 mod 220

So e is the inverse of d

Q16:

Calculate the value of 857 mod 100 without using a calculator.