|
T. Andrew Yang
|
last updated: 6/7/2021: first posted |
Total: 100 points
1.1. (10 pts)
Visit the class discussion group in the Blackboard. Post a message with your
full name as the subject line. In your post, briefly introduce yourself, including
your full name, your major, and one or two items that you most desire to learn
in this class. Throughout this class, you shall regularly participate at the
discussion group to find recent announcements, reminders, and
discussions.
1.2. Cyber attacks: Explain what each of the following attacks is. Cite your
source(s).
Note: Not all information published on the web are correct. Discern the
validity of the information you use by, for example, comparing them with what
you have learned from the textbooks and the class discussions.
a.
(10 pts) Replay attacks
b.
(10 pts) Man-in-the-middle
attacks
1.3. In an online banking application, the
customer may transfer fund between the saving account and the checking account.
a.
(10 pts) Explain
what data integrity means in this context.
b.
(10 pts) Explain
what origin integrity means in this context.
c.
(10 pts) Explain
what availability means in this context.
d.
(10 pts) Explain
what confidentiality means in this context.
e.
(10 pts) Explain
what non-repudiability means in this context.
1.4. Digital Signature Algorithms
a.
(10 pts) Digital Signature
is a cryptographic mechanism that that may be implemented in a computer system
to provide three security services (i.e., data integrity, signer origin
integrity, and signer non-repudiability). Explain how each of those
three security services is provided by the Digital Signature.
b.
(10 pts) Are there any drawbacks with the Digital Signature? Under what circumstances
it may not be effective to implement Digital Signatures?
Go to
the Index
Total:
100 points
1.
(10 pts) Explain the relationship between replay attacks and Denial of
Service (DoS) attacks. Hint: How would the hacker use replay attacks to cause Denial
of Service?
2.
(10 pts) Explain the differences
between replay attacks and man-in-the-middle
attacks.
3.
(10 pts) Explain the relationship
between Polluted DNS attacks and man-in-the-middle
attacks. Hint: How would polluted DNS
be used by the hacker to launch a main-in-the-middle
attack?
4.
(10 pts) Suppose entity A intends to send
a message (m) to entity B. The desirable security services are confidentiality,
data integrity, and origin integrity. Explain what each of
those security services mean in this context.
5. (10 pts) (continued from above) Explain how each of those services may be provided (by what
mechanisms).
6. Hands-on lab
6.1. To prepare your computer for the remaining hands-on labs, set up your
computer according to instructions given at this page: https://seedsecuritylabs.org/lab_env.html
6.1.1.
Download and install the virtual box first.
6.1.2.
Next, download the SEED Ubuntu16.04 VM image file to a folder in
your computer.
6.1.3.
Unzip and copy the VM images to a folder.
6.1.4.
Configure the virtual box and
create a new virtual machine with the same name as your full name (e.g.,
JohnDoe as the name of the VM).
6.2. To hand in:
6.2.1.
(10
pts) Print a screenshot of your VM created above (in
6.1.4). Note: Name the VM using your full name. Figure 2-1 shows a sample
screenshot.
|
|
Figure 2-1:
Sample screenshot of a VM
|
Note: As shown in
Figure 2-2, in order to enable shared clipboard between the VM and your
computer’s OS, be sure to configure, in Settings/General/Advanced, both ‘Shared
Clipboard’ and ‘Drag’n’Drop’ to bidirectional.
|
|
Figure 2-2:
VM settings to enable shared clipboard
|
6.2.2.
Answer the following questions:
6.2.2.1.
(10
pts) What is a virtual box? Hint: Explain its
relationship to the operating system. What is the role played by the virtual
box?
6.2.2.2.
(10
pts) What is the role played by the SEED Ubuntu16.04 VM image?
6.2.2.3.
(10
pts) How many VMs can you run simultaneously within a
virtual box?
6.2.2.4.
(10
pts) Start the VM created above in 6.1. Click the Terminator icon to activate a terminal
window within the VM. Enter the following three commands into the terminal
window: whoami, date, ls. Take a screenshot of the terminal window. See Figure 2-3 for an example
screenshot.
|
|
Figure 2-3:
Sample screenshot of a terminal window in the virtual box
|
Go to
the Index
Total:
100 points
1.
Review how the Euclid Algorithm works by entering 100 and 77 as
the two input numbers using the online gcd calculator at https://www.calculatorsoup.com/calculators/math/gcf-euclids-algorithm.php.
2.
(10 pts) Use the Extended Euclidian Algorithm (EEA) to find the values of x
and y for the equation 100x + 77y = 1. Show the intermediate steps.
NOTE: Always verify the derived values to ensure that they’d satisfy the given equation.
When necessary, switch the values of x and y.
3.
RSA key-pair generator
3.1.
(5 pts) Given two prime numbers, p = 11 and q = 23. The first step of
generating an RSA key-pair is to calculate the values of n and totient(n). Show
how the two values are calculated.
3.2.
(5 pts) Given n and totient(n), the public key (e) is selected, by making
sure e < n and gcd(e, totient(n)) = 1. Can the number 21 be selected as the
public key of this key pair? Justify your answer.
3.3.
(10 pts) Show the first 30 numbers in the set of potential public keys.
3.4.
(10 pts) Let the public key e be 51. Solve ed
mod totient(n) = 1 to determine the private key d. Show the detailed
steps. Hint: Use EEA. NOTE: Always verify the derived private key by
checking whether it’d satisfy the original equation.
4. Hands-on lab
NOTE: Configure and run your hands-on labs in the virtual box that you set up
earlier in Lab 2.
4.1. Study the Description of the “Crypto Lab -- Secret-Key Encryption” (https://seedsecuritylabs.org/Labs_16.04/PDF/Crypto_Encryption.pdf), in particular Task 2: Encryption using Different Ciphers and Modes.
4.2. Use the first question of this lab as the content of the initial plain.txt file.
4.3. Encrypt the plain.txt file into cipher.bin file using the AES-128-CBC
cipher. Save the content of the ciphertext. (Case #1 in Table 4.1)
4.4. Modify the plain.txt file by adding a sentence like ‘My name is …’ at the
beginning of the file. NOTE:
Use your own full name. Encrypt the modified file to
produce a new cipher file. Save the content of the ciphertext. (Case #2 in
Table 4.1)
4.5. Modify the plain.txt file by making the first sentence as a standalone
line by itself. Encrypt the modified file to produce a new cipher file. Save
the content of the ciphertext. (Case #3 in Table 4.1)
4.6. (45 pts) Table 4.1
shows the three cases described above and the respective plaintext and
ciphertext. Generate a table like this from your own files.
Table 4.1: Three cases of comparison between the
plaintext and the ciphertext using AES-128-CBC
encryption
|
Cases |
Content of
plaintext files |
Content of
the ciphertext files (in hex) |
|
#1 |
Review how the Euclid Algorithm
works by entering 100 and 77 as the two input numbers using the online gcd
calculator at
https://www.calculatorsoup.com/calculators/math/gcf-euclids-algorithm.php. |
B4 21 13 1A EC 60 02 42 C7
A3 36 FD 2E 1C 42 D8 3B F6 C8 DD 95 17 DB 37 1F 2E 68 C1 CD 23 33 61 83 FD 0B
FC F5 FC 6E F7 E1 D7 62 18 E3 2F 6D 18 68 81 28 14 0C C2 F3 56 F9 64 03 2E 05
26 B6 BE 4F 65 53 F1 D9 71 1B 38 03 FB BA CD BA E7 B9 4E 9D 97 53 29 F8 05 6F
0A 7E 7C 8A 5A 73 6C B2 FB E5 D6 EB F0 18 D7 C0 E7 9C 7A A0 44 7B DE 89 8E 25
95 12 CD 49 69 D0 50 F4 45 17 03 3B C6 ED 43 6D 3E DB 4A C9 D2 B6 48 DF BA F1
95 D0 E1 65 2E 60 E0 6E C5 02 2F 09 8E E7 9B 63 FC 25 46 1B 0A 53 0A 7A 60 E1
C6 B1 11 B4 FF 88 B0 0A 51 08 27 70 B4 AE 00 4D 82 B9 23 CC 25 D4 D2 95 AC 55
52 72 D9 53 B8 47 36 B6 17 4E FC E5 B4 E5 CE 38 F9 |
|
#2 |
My name is John Doe. Review how
the Euclid Algorithm works by entering 100 and 77 as the two input numbers
using the online gcd calculator at
https://www.calculatorsoup.com/calculators/math/gcf-euclids-algorithm.php. |
9C D9 B8 FF A7 6A 89 47 E1 68 90 F5 DE 4C 1D A7 90 9D BE CD BF 41 6B FC 97 8C 7D D6 4A F6 27 04 FC
A8 2D 3D F3 84 E4 24 CC 52 C8 F5 02 FE CB A1 46 C5 FB 00 4C D3 5D 28 C4 C7 7B
AE 0F 03 B1 15 0D AD B1 CE 58 7B CE FB E7 4D 6A B5 76 3A 97 E4 33 A9 2E 78 B2
40 AE 88 9B 61 F2 AF 98 4C A1 03 3E 25 9B 2E B9 C3 51 A1 F6 22 E2 F8 C5 14 1A
4B 8B BB DC FD A1 AF D1 1E 54 1E 39 FF 13 D5 6B F8 D5 60 CE 93 BE D4 46 17 BC
1B 3D F3 B8 7E 4B E7 38 81 33 12 59 16 EC CF BB C0 5C 0E A5 74 28 D0 26 9F 84
7A A6 4A BC B1 64 E2 56 48 3F 2C 8D 93 1D 48 C4 B4 5A 12 C6 16 75 F0 E8 93 FC
1B 38 8D CA 62 7D 67 04 A9 A4 FD B8 AE F0 FD 39 FA 30 94 FB 69 FD 61 88 68 BE
24 E8 3E CF D4 D9 43 BD 4F |
|
#3 |
My name is John Doe. Review how the Euclid
Algorithm works by entering 100 and 77 as the two input numbers using the
online gcd calculator at
https://www.calculatorsoup.com/calculators/math/gcf-euclids-algorithm.php. |
9C D9 B8 FF A7 6A 89 47 E1 68 90 F5 DE 4C 1D A7 B4 51 37 39 16 BB C9 D3 A3 85 74 44 6E 70 50 0B 07
0C 2B E1 79 84 17 D9 32 90 5D E6 E4 F7 BE F9 18 B0 E9 63 8B 00 60 27 DE E2 8C
E5 30 4D B7 08 47 B7 13 10 9D FD E3 08 4B DC B5 3C FD D0 A3 F6 CA 6E 6F 94 BE
64 27 51 6C 8E 08 F2 11 F5 74 53 3D 9E 18 F7 98 E2 05 04 88 E8 AE 84 53 FE B7
A0 5B E4 7D 87 DD B6 8D 75 9D C0 E2 0D D9 33 4D A2 CE 89 E5 8F 4D A9 98 C8 A2
F4 D5 41 FF 90 61 EA E6 74 7A 7C 2E 04 A3 BE 20 1A C3 33 97 B1 89 36 F9 CC 4B
C6 D6 3B 0B E2 4A 4E DD 8E DB 02 42 22 D9 02 1B 34 44 24 12 7C 5E 63 DD D3 62
07 BC 0D 16 A9 94 E6 29 F4 A8 9D 7B 10 51 2D BC 88 6C E7 D5 5E 34 07 82 77 65
C2 DD B3 6F 61 02 9E 2B 2B |
4.7. (15 pts) As shown in
Table 4.1, the first several bytes of the ciphertext in case 2 and 3 are
identical (as highlighted), but the rest of the ciphertext in those two cases
were different. Explain the reason of this phenomenon. Hint: AES is a block
cipher.
Go to
the Index
Total:
100 points
1.
(10 pts) There exist dependency relationships between security mechanisms.
Those relationships are part of the prerequisites of deploying a given technology.
For example, the digital certificates mechanism (e.g., X.509) depends on the
Digital Signatures mechanism. Explain why digital certificates depend on
digital signatures, and what are implied by such a dependency (with
respect to deploying digital certificates in a computer system).
2.
Suppose a
protocol is designed to enable secure transmission of a session key from a user
to another user (in order to establish a secure session between the two). When Alice
wants to send a session key to
Bob, the key is to be encrypted
with Bob’s public key, and the encrypted key will then be decrypted by Bob
using his private key.
2.1.
(10 pts) What security service(s)
would be provided by this protocol. Justify your answer.
2.2.
(10 pts) Revise the given protocol in
order to provide confidentiality, data integrity, and origin integrity. Show the detailed steps of your revised
protocol.
Note: Clearly show which entity performs which operation in the protocol. You
may draw a diagram to illustrate the protocol.
3.
(Continued
from 2 above, Protection of a session key using the recipient’s public key)
3.1.
(10 pts) For this protocol to work,
the prerequisite is that Alice must have Bob’s correct public
key. In order to have Bob’s public key, Alice may request Bob to
send his public key over. If the hacker Eve
can successfully steal Bob’s public
key when it is on its way to Alice,
and then replace that public key with her own public key, she can succeed in
deceiving Alice to trust that what
she has received is Bob’s public key,
creating an erroneous binding between the owner (in this case Bob) and that
owner’s public key (in this case Eve’s public key). Such an attack is called man-in-the-middle
attack against the public key cryptography. Explain how this attack
may be mitigated? Justify your answer. Hint: Read Chapter 24 of Du’s
book.
4.
SSL/TLS
Certificates: Suppose
there exists an online company (C), and a customer (A) has visited C’s online
shopping site. To earn the customers’ trust, C has a TLS certificate installed
on its webserver.
1.1. (10 pts) Explain how C’s certificate would be created.
By whom? Draw diagrams if necessary to enhance your explanation.
1.2.
(10
pts) Explain how C’s
certificate would be verified by A’s browser.
1.3.
(10
pts) What are
accomplished by the handshake process between A’s web browser
and C’s web server?
1.4.
(10
pts) A successful handshake between
the browser and the server is followed by a secure session. Explain
which of the security services (confidentiality, data integrity, origin
integrity, availability, and non-repudiability) are provided in a secure SSL
session. Justify your answer by explaining how each of the applicable
security services is enabled.
1.5.
(10
pts) Suppose H has
taken C’s certificate and manually changed the subject information
in C’s certificate from C to H. Would this modification be detected by A during
the certificate verification process? Justify your answer.
1.6.
(10
pts) Suppose a
hacker has set up a rogue web server, H, and uses C’s certificate as its own
certificate, and suppose A has visited H to do some online shopping.
Explain how A would detect that the digital certificate
presented by H is not valid.
Go to
the Index