Q1 (25)
Q2 (15)
Q3 (20)
Q4 (20)
Q5 (20)
Bonus (5)
Q6 (20)
Total
Grade

Final Exam

Summer 2014 – CSCE 522

Name:

Answer the following questions. Be brief and precise!

Undergraduate students need to answer questions 1-5. Graduate students need to answer all questions.

  1. 25 points Cryptography

(15) Cryptography is a powerful technology to support confidentiality, integrity, authentication, and non-repudiation. Indicate the security objectives achieved by the cryptography in the following examples.Justify your answer. Also, answer the question for each example.

  • Alice  Bob: E(File1, KE-B), where KE-B is the public key of Bob.

Objective of encryption:

Justification:

Is the objective still satisfied if an attacker gain access to KE-B? Yes / No

Why / Why not?

  • Alice  Bob: E(N1, KE-B) where KE-B is Bob’s public key, N1 is a nonce generated by Alice

Bob  Alice: N1

Objective of using N1:

Justification:

Is the above objective still satisfied if Alice’s public key is unreliable? Yes / No

Why? / Why not?

  • Alice  Bob: E(Message, KE-Bob) || Sign (Hash(Message), KD-Alice), where KE-Bob is Bob’s public key, KD-Alice is Alice’s private key, and Hash is a one-way function.

Objectives of the signed component:

Justification:

Are the objectives still satisfied if anattacker resends the message to Bob? Yes / No

Why? / Why not?

(10)Pair-wise authentication can be achiever using a shared secret key. Assume, that Alice (A) and Bob (B) has a shared secret key K. To avoid having the key K sent inplain-text Alice and Bob use the following identification protocol:

  1. Alice chooses a random value v and sends: Alice || v || E(v,K) to Bob, where E(v,K) is the encryptionof v with key K, and || denotes concatenation.
  2. Bob decrypts E(v,K) and checks that the result equals v and that v has not been used previously.

Show how the malicious user Eve can fool Boband be authenticated as Alice. How can you prevent Eve’s attack?

  1. 15 points Risk management

Consider the following two protocols that use public-key encryption for communication between two parties. ID-S and ID-R are the identifications of S and R, KE-S and KE-R are the public keys of S and R, EK represent encryption with key K, and M is the plain text message.

Protocol 1:

  1. S sends to R: (ID-S, EKE-R[M,ID-S], ID-R)
  2. R acknowledges receipt by sending to S: (ID-R, EKE-S[M,ID-R], ID-S)

Protocol 2:

  1. S sends to R: (ID-S, EKE-R[M], ID-R)
  2. R acknowledges receipt by sending to S: (ID-R, EKE-S[M], ID-S)

Although they are very similar, Protocol 2 is vulnerable to an active attack that allows a malicious user to decrypt previously sent messages. Describe the attack. Give details.

20 points Access Control

(10) Build the security lattice from hierarchical components TS > S > P and domains {A, B}.

Assume (File1)= (TS, {A,B}), (File2)= (S, {B}), (File3)= (TS, { }). For each file, list all the labels that would allow a subjects to carry out the activity listed. E.g., a subject with (TS, {A, B }) clearance can read and write File 1.

Can read / Can write
File 1 / (TS, { A, B}), … / (TS, { A, B}), …
File 2
File 3

(10) Assume that you want to make the files available to the users who are authorized to read the files. Each file is very large, therefore, instead of sending the files to each user, you decided to 1) encrypt each file using secret key encryption and 2) make the encrypted files available for download. You need to distribute the encryption keys to the authorized users. The communication channelbetween the users and the website is insecure, however, the pubic keys of the users are known reliably.

What are the keys you use for the encryption of

  • File1:
  • File2:
  • File 3:

Who (which users) has access to the keys used to encrypt each file (describe the users by their security classification, e.g., users with (S,{}) clearances.

  • Key(s) used to encrypt File 1 are distributed to users with clearances:
  • Key(s) used to encrypt File 2 are distributed to users with clearances:
  • Key(s) used to encrypt File 3 are distributed to users with clearances:

Write the protocolto distribute the necessary keys to John, John’s security clearance is (TS, {B}). Include messages to verify that John has received the keys. (Show the steps of key distribution.)

  • Keys to be given to John:
  • Key distribution protocol (complete the protocol):
  1. Server  John:

4. 20 points Database Inference

(5) What is the inference problem in

  • Statistical databases:
  • General purpose databases:

(10) Consider the statistical database that keeps records of patients. Each record is anonymized and contains the following attributes: age, gender, employer, diagnosis. Assume that a user requests the following statistics:

Q1: COUNT(Age=35 and Gender=male and Employer=ZZZ)

Q2: COUNT(Age=35 and Gender=male and Employer=ZZZ and Diagnosis=Ebola)

Is there a security violation if Q1 returns 1 and Q2 returns 1? Yes / No

Why / Why not?

Is there a security violation if Q1 returns 1 and Q2 returns 0? Yes / No

Why / Why not?

(5) Assume Q1 is disallowed because of the small query set size. Construct a tracker for Q1:

5. 20 points Network Security

(10) Consider the threat of data confidentiality breach of proprietary information on the computer system. One possible scenario of the breach might occur by accidental or deliberate emailing of the confidential data to a user outside of the organization. Discuss the type of firewall that you would recommend to prevent this type of data breach. Justify your answer.

(5) What information is generally used by packet filter firewalls for decision making?

(5) Analyze the efficiency of packet filter firewalls in the presence of IP spoofing.

Bonus – 5 points

What is the purpose of misuse cases in software development?

6. 20 points (Graduate students only)

(10) You are the Chief Information Security Officer (CISO) of a large organization. Your organization supports the Bring Your Own Device (BYOD) approach. To ensure that these devices are not going to infect the organizational network, each employee is required to download and maintain an organizational application that connects to the security server of the organization and verifies that there is no malware on the device. Explain the technical difficulties of guaranteeing malware prevention in this scenario:

(10) To further improve the employees’ productivity, your application also monitors usage of the BYODs. As a result, if a personal device is used frequently during work hours for non-work related activities, your application starts gathering user specific activity log and automatically reduces the employees work hours for compensation. Explain the legal and ethical implications of this approach.

1