Exam, answers PDF

Preview

Summary

Past paper for this module for 2016...

Description

E SW AN CS3190 Information Security

Show your working in all calculations.

1. a) State ONE vulnerability, ONE threat and ONE possible control for EACH of the scenarios described below: i) A memory stick with the details of more than 700 patients at Cambridge University Hospital was left in a vehicle. A car wash attendant was able to access the unencrypted material. (3 marks) ii) A code update disabled the authentication mechanism of the online data-sharing service Dropbox for over three hours. During the period when the Dropbox authentication mechanism was disabled, users could log into an account without the correct password. (3 marks)

iii)A hacking attack led to Sony’s PlayStation Network being taken offline. According to Sony, “Unknown attackers managed to verify members’ IDs and passwords, although credit card details were not at risk.” (3 marks)

Model Answer:

RS

(1 mark) for each correct vulnerability, threat and control. i)Vulnerability: sensitive data in plaintext and on device easy to lose. Threat: interception, interruption, modification, fabrication. Control: Encrypt data, keep copies in safe location. ii)Vulnerability: poor code update process, lack of appropriate verification of new code. Threat: interception, interruption, modification, fabrication. Control: improved code deployment process; testing; monitoring of live system. iii)Vulnerability: inappropriate authentication/access control mechanisms. Threat: interception, modification. Control: intrusion detection

b) List the FOUR types of user characteristics that an authentication system can use to establish the identity of a user, illustrating EACH of them with an example. (4 marks) 1 OF 12

CS3190 Information Security

Model Answer: (0.5 marks) for each characteristic and (0.5 marks) for a correct example. • • • •

what the user knows (e.g., password, PIN number) what the user has (e.g., badge, smart card) what the user is (e.g., fingerprints, voice) where the user is (e.g., in front of a particular terminal)

WE NS

c) Describe TWO characteristics of computer system assets that make the protection of these assets more difficult than the protection of assets belonging to most other man-made systems. (4 marks)

Model Answer:

(2 marks) for each of the characteristics below, up to a total of (4 marks) . • Assets are small, portable and can be very valuable • No physical contact is required to carry out an attack, intruder can reside in a different country than the victim’s computer system • Security breaches are often hard to detect

d) List THREE key goals of Information Security, and for EACH of the goals, discuss if it is possible to use security controls based on cryptography to achieve that goal. (8 marks) Model Answer: This part of the question is assessing the achievement of learning outcomes from the Intellectual Skills and Professional Skills categories in the module syllabus, so the students have the freedom to choose the arguments in their discussion from different areas of the module. However, the answer should mention the three main components of computer security and say something about each of them; for instance: • Confidentiality (1 mark) is supported by a large number of controls that rely on cryptography, for instance encryption of sensitive data sent over unsecure channels. (2 marks) • Integrity (1 mark) is supported by security controls based on cryptography, e.g., cryptographic hash functions. (2 marks) • Availability (1 mark) cannot be achieved using controls that employ cryptography since encryption cannot prevent deletion of data or interruptions of a service. (1 mark)

RS 2 OF 12

CS3190 Information Security

2. a) Encrypt the plaintext below using the Caesar cipher Top Secret Make sure that you describe all intermediate steps involved in producing the ciphertext.

WE NS

The standard numerical representation of the letters in the English alphabet is given below for convenience. a b c d e f g h i j k l m 0 1 2 3 4 5 6 7 8 9 10 11 12 n o p q r s t u v w x y z 13 14 15 16 17 18 19 20 21 22 23 24 25 (7 marks)

Model Answer:

For Caesar cipher, key = 3. (1 mark)

plaintext t o p s e c r e t p 19 14 15 18 4 2 17 4 19 (p + k) mod 26 22 17 18 21 7 5 20 7 22 ciphertext w r s v h f u h w (2 marks) for converting plaintext into numeric representations; (2 marks) encryption function; (2 marks) for converting the encoded digits to ciphertext.

for applying the

b) Consider a group of n ≥ 2 users that use encryption to exchange sensitive information. Specify the number of additional encryption keys required when a new user joins the group for EACH of the following TWO scenarios: i) The Data Encryption Standard (DES) cipher is used for the encryption of all sensitive data. (4 marks)

RS

Model Answer:

When a DES cipher is used, a different encryption key is required for each pair of users; (2 marks) therefore, the addition of the (n + 1)−th user will require the use of n new encryption keys − one DES

3 OF 12

CS3190 Information Security

key to encrypt secret messages exchanged by the new user with each existing user. (2 marks)

ii) The RSA cipher is used for the encryption of all sensitive data. (4 marks) Model Answer:

WE NS

When the RSA cipher is used, the (n + 1)−th user needs only one key − their public RSA key − to receive secret messages from the other users. (2 marks) The new user will be able to use the already existing n public RSA keys that these users have to send them encrypted data. (2 marks)

c) Identify a real-life computer application which could be implemented using public-key cryptography AND give TWO examples of how publickey cryptography can be used in the identified application. (10 marks)

Model Answer:

This part of the question is assessing the achievement of learning outcomes from the Intellectual Skills and Subject-Specific Skills categories in the module syllabus. • (2 marks) will be awarded for mentioning an application that uses public-key cryptography such as online banking, online retail or e-government services. • (4 marks) will be awarded to answers that mention briefly how PKI solves the key distribution problem. Using symmetric key cryptographic systems requires a safe distribution of a key for each pair of communication parties. PKI allows the use of asymmetric keys in which the encryption and decryption keys are different and knowledge of one revealed nothing about the other. (2 marks) As such, it is possible to broadly publish an encryption key while keeping the decryption key secret. This overcomes the difficulty of distributing confidential keys. (2 marks)

• (4 marks) will be awarded to answers that describe the protocols used in the key distribution, digital certificates, certification authorities and one of authentication/non-repudiation. While public-key schemes eliminate the need to distribute confidential keys, they still required public keys generated by one party to be distributed to the parties with whom they wished to communicate in a trustworthy way. Digital certificate can be used to describe how a users key could be bound to his or her identity by a naming authority using a digital signature. (2 marks) Any other user who had a trusted copy of the authoritys public key could verify that a public key genuinely belonged to the user named in the certificate. A signed revocation list can be maintained to restore the secure state in the event that a certificate had been miss-issued or compromised in some other way. (2 marks)

RS 4 OF 12

CS3190 Information Security

3. a) Explain why on-line password attacks cannot be prevented AND describe TWO security controls that can be used to hinder these attacks. (6 marks) Model Answer:

WE NS

(2 marks) for the explanation; (2 marks) for each example of a security control up to a maximum of (4 marks) On-line password attacks cannot be prevented altogether because they use the same mechanism as a legitimate user that logs onto the system. Switching this functionality off would make it impossible for legitimate users to log in. The following security controls can be used to slow down on-line password attacks: • exponential backoff: after 1st failed log-in attempt, wait 2s before allowing user to retry; after 2nd failed log-in attempt, wait 4s; after 3rd failed log-in attempt, wait 8s; etc. • disconnection: drop connection after failed log-in attempt • disabling: disable user account after 3 (or any number of) failures (this control may cause problems when used with administrative accounts) • jailing: allow user in, but restrict activities if successful log-in comes after several failed attempts

b) Consider a web application that is accessed by users through mobile devices. Because typing a password correctly on mobile devices is particularly hard, legitimate users often mistype their passwords. For this reason, the web application does not use any mechanism that would hinder on-line password attacks. Instead, users are requested to use passwords with length n which is large enough to limit the probability of a password being guessed by an attacker to 0.001 over a 10-day period. Suppose that an attacker can try to guess 10, 000 passwords per day, and that the password characters may be any of the digits 0 to 9. i) What value should be used for n?

(8 marks)

Model Answer:

RS

According to Anderson’s formula, the probability P that a password will be guessed by an attacker able to try G guesses per time unit is given by P ≥ T G/N , where T represents the time that the attacker has to find the password, and N is the total number of different passwords allowed by the system. (2 marks) We know P = 0.001, T = 10 days, G = 10, 000 passwords/day and N = 10n passwords, and we need to find n (2 marks) :

5 OF 12

CS3190 Information Security

0.001 ≥ 10 × 10, 000/10n implies 10n ≥ 10 × 104 /0.001 = 105 /10−3 = 108 , i.e., n ≥ 8. marks)

(4

ii) What is the minimum probability of a password being guessed in 5 days if n = 5? (5 marks) Model Answer:

WE NS

We know T = 5 days, G = 10, 000 passwords/day and N = 10n passwords, and we need to find P (2 marks) : P ≥ 5 × 10, 000/105 or P ≥ 0.5. (3 marks)

c) Argue for OR against the use of biometrics-based authentication for an unsupervised entrance door used to gain access to Aston University’s Main Building outside normal office hours. (6 marks) Model Answer: This part of the question assesses the achievement of the learning objectives from the Intellectual Skills category in the module syllabus. For full marks, the answer is expected to describe briefly biometrics-based authentication and the options available (e.g., fingerprints, iris/face/voice recognition) (3 marks) ; and to provide correct arguments either in favour of the proposed solution (e.g., technologically viable solution, already trialled successfully at UK airports, cost effective) or against it (can be bypassed by criminals if unsupervised, risk of false positives/negatives in the identification) (3 marks) .

RS 6 OF 12

CS3190 Information Security

4. a) This question is about polymorphic viruses. Answer all of the following: i) Outline their operation. (2 marks) ii) Describe TWO approaches that hackers use to devise such viruses. (2 marks) iii)List TWO controls that can be used against polymorphic viruses. (2 marks)

WE NS

Model Answer:

Polymorphic viruses are viruses that change form each time they insert their code into another program, with the aim to prevent detection by changing their “signature” (or the code used for decrypting routine). (2 marks) Approaches: at instruction level - substitute instructions; at algorithmic level - different algorithms to achieve the same purpose. (1 mark) for each approach. Any two of the following: distinguish between data and instructions; limit objects accessible to processes; detect altering of files; detect actions beyond specifications; detect statistical changes. (1 mark) for each control.

b) Consider the following pseudocode in an authentication program: Beginning of code

1 2 3 4 5 6 7 8 9

10

username = read_username(); password = read_password(); if username == "?133t h4ck0r?" then return ALLOW_LOGIN; endif if username and password are valid then return ALLOW_LOGIN; else return DENY_LOGIN; endif End of code

What type of malicious code is this? Briefly describe this type of malicious code AND suggest a control against it. (5 marks) Model Answer:

RS

The malicious code described by this fragment of pseudocode can be regarded as a Trojan horse, a trapdoor or a backdoor. (1 mark) A Trojan horse is a program that has an overt purpose (i.e., a purpose that is known to its users) and a covert purpose (i.e., a purpose that is unknown to its legitimate users). In the case of the pseudocode in this part of the exercise, the overt purpose is to support user login, and the covert purpose is to enable the attacker to log onto the system through using a fixed, hardcoded user name. (2 marks) Note: If the malicious code is identified as a trapdoor or a backdoor, a similar description of the respective type of malicious code would be required.

7 OF 12

CS3190 Information Security

Possible controls against this type of attack include: (2 marks) • using system software only from trustworthy sources; • using cryptographic hash functions to verify the integrity of system software such as login utilities and compilers used to build executables from system code.

WE NS

c) Based on the access control matrix shown below for some components of an IT system, write the access control list for “File-2” and “Process1”. File-1 File-2 Process-1 Process-2 User-1 r orwx orwx User-2 r orw r rx Process-1 orw rw r Process-2 w orwx r (4 marks)

Model Answer:

The access control list for File-2 is: ((User-1, orwx), (User2, orw), (Process-2, w)). (2 marks) The access control list for Process-1 is: ((User-2, r), (Process-1, rw), (Process-2, orwx)). (2 marks)

d) Suppose that an IT system enforces the Bell-La Padula model of security. Analyse how this may influence the use of covert channels within the system. (10 marks) Model Answer:

With reference to the diagram below (which depicts the levels of data sensitivity in the Bell-La Padula security model): (2 marks) according to the *-Property, the content of a generic object o can be copied only to objects with a higher sensitivity level, such as o1 and o2. (2 marks) However, according to the Simple Security Property, (2 marks) the subjects who can read o1 or o2 can also read o, so they cannot obtain any sensitive information that was not already available to them. (2 marks) Therefore, covert channels cannot be realised on systems that implement Bell-La Padula security model. (2 marks) (A clear analysis without the diagram also qualifies for full marks.)

RS 8 OF 12

CS3190 Information Security

WE NS RS 9 OF 12

CS3190 Information Security

5. a) Describe the role of a firewall within an IT system, and give examples of TWO simple security policies that firewalls can implement. (5 marks) Model Answer:

WE NS

A firewall is a device that filters all traffic between a protected or “inside” network and a less trustworthy or “outside” network. (1 mark) The purpose of a firewall is to keep “bad” things outside a protected environment, through implementing security policies designed to address potential threats. (2 marks) Examples of such policies are: policies that permit access only from certain places; policies that permit access only from certain users; policies that permit access only for certain activities; and a combination thereof. (2 marks) (Any two of these or similar examples are required.)

b) i) Explain in detail the operation of a packet filtering gateway. (5 marks)

Model Answer:

A packet filtering gateway is the simplest (and in some situations the most effective) type of firewall. (2 marks) This device control the access of network traffic based on the individual packet address (source of destination) and/or on the transport protocol (e.g., HTTP web traffic). (3 marks)

ii) Draw a diagram to illustrate the use of a packet filtering gateway to block all traffic from a specific remote network and all telnet traffic, but to allow all other traffic (such as HTTP traffic) through. (6 marks)

Model Answer:

The diagram below illustrates the use of a packet filtering gateway to block all traffic from a specific remote network and all telnet traffic, but to allow all other traffic (such as HTTP traffic) through. A diagram with all the core elements including a local area network, a remote network to be blocked, telnet traffic, allowable traffic, and a packet filtering gateway. (1 mark) for each component. (2 marks) for indications of blocks.

RS 10 OF 12

CS3190 Information Security

WE NS

!

iii)Outline the main disadvantage of packet filtering gateways. (3 marks)

Model Answer:

The main disadvantage of packet filtering gateways is the simplicity of its individual filtering rules. (1 mark) Therefore, configuring these devices for use in a real-world scenario requires a large number of detailed filtering rules − a laborious and error prone process. (2 marks)

c) List TWO types of firewall other than a packet filtering gateway, and briefly describe how they differ from a packet filtering gateway. (6 marks)

Model Answer:

Any two of the firewall types below. of difference.

(1 mark) for the firewall type, (2 marks) for the description

S TATEFUL INSPECTION FIREWALLS work by deciding whether to accept or reject packets of network traffic based on state information they maintain when moving from one packet to another in their input stream. In contrast, packet filtering gateways are stateless: they work on one packet at a time, and have no concept of state or context. • A PPLICATION PROXY GATEWAYS examine the data inside packets of network traffic, and accepts only traffic that corresponds to allowed operations and/or users. In contrast, packet filtering gateways do not discriminate based on the data inside the packets. • A GUARD is a sophisticated firewall that examines the content of the packets and accepts only traffic corresponding to well-defined operations and scenarios; additionally, guards can modify the data inside packets to adjust it to the needs of an application or to certain policies. In contrast, packet filtering gateways do not discriminate based on the data inside packets, not do they modify these data. • A PERSONAL FIREWALL is an application program that runs on a workstation to block unwanted traffic on top of the traffic that blocked by the conventional firewall set up for the network that the workstation belongs to. This device is configured based on the individual

•

RS 11 OF 12

CS3190 Information Security

needs of a user. In contrast, packet filtering gateways implement organisation-level policies, and operate for the benefit of multiple workstations connected to the same local network.

END OF EXAMINATION PAPER

WE NS RS 12 OF 12...