Solutions - Network Security Essentials - Stallings - 4th ed - Chapter 11


Review Questions
11.1 List three design goals for a firewall.  Get this solution

11.2 List four techniques used by firewalls to control access and enforce a security policy. Get this solution

11.3 What information is used by a typical packet filtering firewall? Get this solution

11.4 What are some weaknesses of a packet filtering firewall? Get this solution

11.5 What is the difference between a packet filtering firewall and a stateful inspection firewall? Get this solution

11.6 What is an application-level gateway? Get this solution

11.7 What is a circuit-level gateway? Get this solution

11.8 What are the differences among the firewalls of Figure 11.1? Get this solution

11.9 What are the common characteristics of a bastion host? Get this solution

11.10 Why is it useful to have host-based firewalls? Get this solution

11.11 What is a DMZ network and what types of systems would you expect to find on such
networks? Get this solution

11.12 What is the difference between an internal and an external firewall? Get this solution

Problems 

11.1 As was mentioned in Section 11.3, one approach to defeating the tiny fragment attack is to enforce a minimum length of the transport header that must be contained in the first fragment of an IP packet. If the first fragment is rejected, all subsequent fragments can be rejected. However, the nature of IP is such that fragments may arrive out of order. Thus, an intermediate fragment may pass through the filter before the initial fragment is rejected. How can this situation be handled? Get this solution

11.2 In an IPv4 packet, the size of the payload in the first fragment, in octets, is equal to Total Length – (4 × IHL). If this value is less than the required minimum (8 octets for TCP), then this fragment and the entire packet are rejected. Suggest an alternative method of achieving the same result using only the Fragment Offset field. Get this solution

11.3 RFC 791, the IPv4 protocol specification, describes a reassembly algorithm that results in new fragments overwriting any overlapped portions of previously received fragments. Given such a reassembly implementation, an attacker could construct a series of packets in which the lowest (zero-offset) fragment would contain innocuous data (and thereby be passed by administrative packet filters), and in which some subsequent packet having a non-zero offset would overlap TCP header information (destination port, for instance) and cause it to be modified. The second packet would be
passed through most filter implementations because it does not have a zero fragment offset. Suggest a method that could be used by a packet filter to counter this attack. Get this solution


11.4 Table 11.3 shows a sample of a packet filter firewall ruleset for an imaginary network of IP address that range from 192.168.1.0 to 192.168.1.254. Describe the effect of each rule. Get this solution

11.5 SMTP (Simple Mail Transfer Protocol) is the standard protocol for transferring mail between hosts over TCP. A TCP connection is set up between a user agent and a server program.The server listens on TCP port 25 for incoming connection requests. The user end of the connection is on a TCP port number above 1023. Suppose you wish to build a packet filter rule set allowing inbound and outbound SMTP traffic.
You generate the following ruleset:

a. Describe the effect of each rule.
b. Your host in this example has IP address 172.16.1.1. Someone tries to send e-mail from a remote host with IP address 192.168.3.4. If successful, this generates an SMTP dialogue between the remote user and the SMTP server on your host consisting of SMTP commands and mail. Additionally, assume that a user on your host tries to send e-mail to the SMTP server on the remote system. Four typical packets for this scenario are as shown:

Indicate which packets are permitted or denied and which rule is used in each case. 

c. Someone from the outside world (10.1.2.3) attempts to open a connection from port 5150 on a remote host to the Web proxy server on port 8080 on one of your local hosts (172.16.3.4), in order to carry out an attack. Typical packets are as follows:

Will the attack succeed? Give details.  Get this solution

11.6 To provide more protection, the ruleset from the preceding problem is modified as follows:
a. Describe the change.
b. Apply this new ruleset to the same six packets of the preceding problem. Indicate which packets are permitted or denied and which rule is used in each case.  Get this solution

11.7 A hacker uses port 25 as the client port on his or her end to attempt to open a connection to your Web proxy server.
a. The following packets might be generated:
Explain why this attack will succeed, using the ruleset of the preceding problem.
b. When a TCP connection is initiated, the ACK bit in the TCP header is not set.
Subsequently, all TCP headers sent over the TCP connection have the ACK bit set. Use this  information to modify the ruleset of the preceding problem to prevent the attack just described. Get this solution

11.8 A common management requirement is that “all external Web traffic must flow via the organization’s Web proxy.” However, that requirement is easier stated than implemented.
Discuss the various problems and issues, possible solutions, and limitations with supporting this requirement. In particular consider issues such as identifying exactly what constitutes “Web traffic” and how it may be monitored, given the large range of ports and various protocols used by Web browsers and servers.  Get this solution

11.9 Consider the threat of “theft/breach of proprietary or confidential information held in key data files on the system.” One method by which such a breach might occur is the accidental/deliberate e-mailing of information to a user outside to the organization.
A possible countermeasure to this is to require all external e-mail to be given a sensitivity tag (classification if you like) in its subject and for external e-mail to have the lowest sensitivity tag. Discuss how this measure could be implemented in a firewall and what components and architecture would be needed to do this.  Get this solution

11.10 You are given the following “informal firewall policy” details to be implemented using a firewall like that in Figure 11.3:
1. E-mail may be sent using SMTP in both directions through the firewall, but it must be relayed via the DMZ mail gateway that provides header sanitization and content filtering. External e-mail must be destined for the DMZ mail server.
2. Users inside may retrieve their e-mail from the DMZ mail gateway, using either POP3 or POP3S, and authenticate themselves.
3. Users outside may retrieve their e-mail from the DMZ mail gateway, but only if they use the secure POP3 protocol, and authenticate themselves
4. Web requests (both insecure and secure) are allowed from any internal user out through the firewall but must be relayed via the DMZ Web proxy, which provides content filtering (noting this is not possible for secure requests), and users must authenticate with the proxy for logging.
5. Web requests (both insecure and secure) are allowed from anywhere on the Internet to the DMZ Web server
6. DNS lookup requests by internal users allowed via the DMZ DNS server, which queries to the Internet.
7. External DNS requests are provided by the DMZ DNS server.
8. Management and update of information on the DMZ servers is allowed using secure shell  connections from relevant authorized internal users (may have different sets of users on each system as appropriate).
9. SNMP management requests are permitted from the internal management hosts to the firewalls, with the firewalls also allowed to send management traps (i.e., notification of some event occurring) to the management hosts
Design suitable packet filter rulesets (similar to those shown in Table 11.1) to be implemented on the “External Firewall” and the “Internal Firewall” to satisfy the aforementioned policy requirements. Get this solution









Etiquetas: , , ,

Solutions - Network Security Essentials - Stallings - 4th ed - Chapter 10

Review Questions
10.1 What is the role of compression in the operation of a virus? Get this solution

10.2 What is the role of encryption in the operation of a virus? Get this solution

10.3 What are typical phases of operation of a virus or worm? Get this solution

10.4 What is a digital immune system? Get this solution

10.5 How does behavior-blocking software work? Get this solution

10.6 In general terms, how does a worm propagate? Get this solution

10.7 Describe some worm countermeasures. Get this solution

10.8 What is a DDoS? Get this solution


Problems
10.1 There is a flaw in the virus program of Figure 10.1.What is it? Get this solution

10.2 The question arises as to whether it is possible to develop a program that can analyze a piece of software to determine if it is a virus. Consider that we have a program D that is supposed to be able to do that. That is, for any program P, if we run D(P), the result returned is TRUE (P is a virus) or FALSE (P is not a virus). Now consider the
following program:
Program CV :=
{ ...
main-program :=
{if D(CV) then goto next:
else infect-executable;
}
next:
}
In the preceding program, infect-executable is a module that scans memory for executable programs and replicates itself in those programs. Determine if D can correctly decide whether CV is a virus. Get this solution

10.3 The point of this problem is to demonstrate the type of puzzles that must be solved in the design of malicious code and therefore, the type of mindset that one wishing to counter such attacks must adopt.
a. Consider the following C program:
begin
print (*begin print (); end.*);
end
What do you think the program was intended to do? Does it work?
b. Answer the same questions for the following program:
char [] = {'0', ' ', '}', ';', 'm', 'a', 'i', 'n',
'(', ')', '{', and so on... 't', ')', '0'};
main ()
{
int I;
printf(*char t[] = (*);


for (i=0; t[i]!=0; i=i+1)
printf("%d, ", t[i]);
printf("%s", t);
}
c. What is the specific relevance of this problem to this chapter? Get this solution

10.4 Consider the following fragment:
legitimate code
if data is Friday the 13th;
crash_computer();
legitimate code
What type of malicious software is this? Get this solution

10.5 Consider the following fragment in an authentication program:
username = read_username();
password = read_password();
if username is "133t h4ck0r"
return ALLOW_LOGIN;
if username and password are valid
return ALLOW_LOGIN
else return DENY_LOGIN
What type of malicious software is this? Get this solution

10.6 The following code fragments show a sequence of virus instructions and a metamorphic version of the virus. Describe the effect produced by the metamorphic code.
Get this solution

10.7 The list of passwords used by the Morris worm is provided at this book’s Web site.
a. The assumption has been expressed by many people that this list represents words
commonly used as passwords. Does this seem likely? Justify your answer.
b. If the list does not reflect commonly used passwords, suggest some approaches
that Morris may have used to construct the list. Get this solution

10.8 Suggest some methods of attacking the PWC worm defense that could be used by worm creators and suggest countermeasures to these methods. Get this solution



Etiquetas: , , ,

Solutions - Network Security Essentials - Stallings - 4th ed - Chapter 9

Review Questions
9.1 List and briefly define three classes of intruders.  Get this solution

9.2 What are two common techniques used to protect a password file? Get this solution

9.3 What are three benefits that can be provided by an intrusion detection system? Get this solution

9.4 What is the difference between statistical anomaly detection and rule-based intrusion detection? Get this solution

9.5 What metrics are useful for profile-based intrusion detection? Get this solution

9.6 What is the difference between rule-based anomaly detection and rule-based penetration
identification? Get this solution

9.7 What is a honeypot? Get this solution

9.8 What is a salt in the context of UNIX password management? Get this solution

9.9 List and briefly define four techniques used to avoid guessable passwords. Get this solution


Problems
9.1 In the context of an IDS, we define a false positive to be an alarm generated by an
IDS in which the IDS alerts to a condition that is actually benign. A false negative
occurs when an IDS fails to generate an alarm when an alert-worthy condition is in
effect. Using the following diagram, depict two curves that roughly indicate false
positives and false negatives, respectively.


9.2 The overlapping area of the two probability density functions of Figure 9.1 represents the region in which there is the potential for false positives and false negatives.
Further, Figure 9.1 is an idealized and not necessarily representative depiction of the relative shapes of the two density functions. Suppose there is 1 actual intrusion for every 1000 authorized users, and the overlapping area covers 1% of the authorized users and 50% of the intruders.
a. Sketch such a set of density functions and argue that this is not an unreasonable depiction.
b. What is the probability that an event that occurs in this region is that of an authorized user? Keep in mind that 50% of all intrusions fall in this region. Get this solution

9.3 An example of a host-based intrusion detection tool is the tripwire program.This is a file integrity checking tool that scans files and directories on the system on a regular basis and notifies the administrator of any changes. It uses a protected database of cryptographic checksums for each file checked and compares this value with that recomputed on each file as it is scanned. It must be configured with a list of files and directories to check, and what changes, if any, are permissible to each. It can allow, for example, log files to have new entries appended, but not for existing entries to be changed.What are the advantages and disadvantages of using such a tool? Consider the problem of determining which files should only change rarely, which files may change more often and how, and which change frequently and hence cannot be checked. Hence consider the amount of work in both the configuration of the program and on the system administrator monitoring the responses generated. Get this solution

9.4 A taxicab was involved in a fatal hit-and-run accident at night. Two cab companies, the Green and the Blue, operate in the city.You are told that:
• 85% of the cabs in the city are Green and 15% are Blue.
• A witness identified the cab as Blue.
The court tested the reliability of the witness under the same circumstances that existed on the night of the accident and concluded that the witness was correct in identifying the color of the cab 80% of the time.What is the probability that the cab involved in the incident was Blue rather than Green? Get this solution

9.5 Explain the suitability or unsuitability of the following passwords:
a. YK 334 b. mfmitm (for “my favorite c. Natalie1 d. Washington
movie is tender mercies)
e. Aristotle f. tv9stove g. 12345678 h. dribgib Get this solution

9.6 An early attempt to force users to use less predictable passwords involved computersupplied passwords. The passwords were eight characters long and were taken from the character set consisting of lowercase letters and digits. They were generated by a pseudorandom number generator with possible starting values. Using the technology of the time, the time required to search through all character strings of length 8 from a 36-character alphabet was 112 years. Unfortunately, this is not a true reflection of the actual security of the system. Explain the problem. Get this solution

9.7 Assume that passwords are selected from four-character combinations of 26 alphabetic
characters. Assume that an adversary is able to attempt passwords at a rate of
one per second.
a. Assuming no feedback to the adversary until each attempt has been completed,
what is the expected time to discover the correct password?
b. Assuming feedback to the adversary flagging an error as each incorrect character
is entered, what is the expected time to discover the correct password? Get this solution

9.8 Assume that source elements of length are mapped in some uniform fashion into a target elements of length . If each digit can take on one of values, then the number of source elements is and the number of target elements is the smaller number .
A particular source element is mapped to a particular target element .
a. What is the probability that the correct source element can be selected by an adversary on one try?
b. What is the probability that a different source element that results in the same target element, , could be produced by an adversary?
c. What is the probability that the correct target element can be produced by an adversary on one try? Get this solution

9.9 A phonetic password generator picks two segments randomly for each six-letter password.
The form of each segment is CVC (consonant, vowel, consonant), where and .
a. What is the total password population?
b. What is the probability of an adversary guessing a password correctly? Get this solution

9.10 Assume that passwords are limited to the use of the 95 printable ASCII characters and that all passwords are 10 characters in length.Assume a password cracker with an encryption rate of 6.4 million encryptions per second. How long will it take to test exhaustively all possible passwords on a UNIX system? Get this solution

9.11 Because of the known risks of the UNIX password system, the SunOS-4.0 documentation recommends that the password file be removed and replaced with a publicly readable file called /etc/publickey. An entry in the file for user A consists of a user’s identifier , the user’s public key, , and the corresponding private key .This private key is encrypted using DES with a key derived from the user’s login password.When A logs in, the system decrypts to obtain .
a. The system then verifies that was correctly supplied. How?
b. How can an opponent attack this system? Get this solution

9.12 The encryption scheme used for UNIX passwords is one way; it is not possible to reverse it.Therefore, would it be accurate to say that this is, in fact, a hash code rather than an encryption of the password? Get this solution

9.13 It was stated that the inclusion of the salt in the UNIX password scheme increases the difficulty of guessing by a factor of 4096. But the salt is stored in plaintext in the same entry as the corresponding ciphertext password. Therefore, those two characters are known to the attacker and need not be guessed. Why is it asserted that the salt increases security? Get this solution

9.14 Assuming that you have successfully answered the preceding problem and understand the significance of the salt, here is another question.Wouldn’t it be possible to thwart completely all password crackers by dramatically increasing the salt size to, say, 24 or 48 bits? Get this solution

9.15 Consider the Bloom filter discussed in Section 9.3. Define number of hash functions; N = number of bits in hash table; and D = number of words in dictionary.




9.16 Design a file access system to allow certain users read and write access to a file, depending on authorization set up by the system. The instructions should be of the format:
READ (F, User A): attempt by User A to read file F
READ (F, User A): attempt by User A to store a possibly modified copy of F
Each file has a header record, which contains authorization privileges; that is, a list of users who can read and write.The file is to be encrypted by a key that is not shared by the users but known only to the system. Get this solution


Etiquetas: , , ,

Solutions - Network Security Essentials - Stallings - 4th ed - Chapter 8

Review Questions
8.1 Give examples of applications of IPsec.  Get this solution

8.2 What services are provided by IPsec?  Get this solution

8.3 What parameters identify an SA and what parameters characterize the nature of a particular SA? Get this solution
 
8.4 What is the difference between transport mode and tunnel mode? Get this solution
 
8.5 What is a replay attack? Get this solution

8.6 Why does ESP include a padding field? Get this solution

8.7 What are the basic approaches to bundling SAs? Get this solution
 
8.8 What are the roles of the Oakley key determination protocol and ISAKMP in IPsec?  Get this solution


Problems
8.1 Describe and explain each of the entries in Table 8.2. Get this solution
 
8.2 Draw a figure similar to Figure 8.8 for AH.  Get this solution

8.3 List the major security services provided by AH and ESP, respectively. Get this solution
 
8.4 In discussing AH processing, it was mentioned that not all of the fields in an IP header are included in MAC calculation.
a. For each of the fields in the IPv4 header, indicate whether the field is immutable,
mutable but predictable, or mutable (zeroed prior to ICV calculation).
b. Do the same for the IPv6 header.
c. Do the same for the IPv6 extension headers.
In each case, justify your decision for each field. Get this solution

8.5 Suppose that the current replay window spans from 120 to 530.
a. If the next incoming authenticated packet has sequence number 105, what will the receiver do with the packet, and what will be the parameters of the window after
that?
b. If instead the next incoming authenticated packet has sequence number 440, what will the receiver do with the packet, and what will be the parameters of the window after that?
c. If instead the next incoming authenticated packet has sequence number 540, what will the receiver do with the packet, and what will be the parameters of the window after that?  Get this solution

8.6 When tunnel mode is used, a new outer IP header is constructed. For both IPv4 and IPv6, indicate the relationship of each outer IP header field and each extension header in the outer packet to the corresponding field or extension header of the inner IP packet. That is, indicate which outer values are derived from inner values and which are constructed independently of the inner values. Get this solution
 
8.7 End-to-end authentication and encryption are desired between two hosts. Draw figures similar to Figure 8.8 that show each of the following.
a. Transport adjacency with encryption applied before authentication.
b. A transport SA bundled inside a tunnel SA with encryption applied before
authentication.
c. A transport SA bundled inside a tunnel SA with authentication applied before encryption.  Get this solution
 
8.8 The IPsec architecture document states that when two transport mode SAs are bundled to allow both AH and ESP protocols on the same end-to-end flow, only one ordering of security protocols seems appropriate: performing the ESP protocol before performing the AH protocol.Why is this approach recommended rather than authentication before encryption?  Get this solution

8.9 For the IKE key exchange, indicate which parameters in each message go in which ISAKMP payload types.   Get this solution

8.10 Where does IPsec reside in a protocol stack? Get this solution

Etiquetas: , , ,

Solutions - Network Security Essentials - Stallings - 4th ed - Chapter 7

Review Questions
7.1 What are the five principal services provided by PGP? Get this solution

7.2 What is the utility of a detached signature? Get this solution

7.3 Why does PGP generate a signature before applying compression? Get this solution

7.4 What is R64 conversion? Get this solution

7.5 Why is R64 conversion useful for an e-mail application? Get this solution

7.6 How does PGP use the concept of trust? Get this solution

7.7 What is RFC 5322? Get this solution

7.8 What is MIME? Get this solution

7.9 What is S/MIME? Get this solution

7.10 What is DKIM? Get this solution


Problems
7.1 PGP makes use of the cipher feedback (CFB) mode of CAST-128, whereas most symmetric
encryption applications (other than key encryption) use the cipher block chaining (CBC) mode.We have
 CBC: Ci = E(K, [Ci-1+ Pi]); Pi = Ci-1+ D(K, Ci)
CFB: Ci = Pi + E(K, Ci-1); Pi = Ci + E(K, Ci-1)

These two appear to provide equal security. Suggest a reason why PGP uses the CFB mode. Get this solution

7.2 In the PGP scheme, what is the expected number of session keys generated before a previously created key is produced? Get this solution

7.3 In PGP, what is the probability that a user with public keys will have at least one duplicate key ID? Get this solution

7.4 The first 16 bits of the message digest in a PGP signature are translated in the clear.
a. To what extent does this compromise the security of the hash algorithm?
b. To what extent does it in fact perform its intended function, namely, to help determine
if the correct RSA key was used to decrypt the digest? Get this solution

7.5 In Figure 7.4, each entry in the public-key ring contains an Owner Trust field that indicates
the degree of trust associated with this public-key owner. Why is that not
enough? That is, if this owner is trusted and this is supposed to be the owner’s public
key, why is that trust not enough to permit PGP to use this public key?  Get this solution

7.6 What is the basic difference between X.509 and PGP in terms of key hierarchies and key trust? Get this solution

7.7 Phil Zimmermann chose IDEA, three-key triple DES, and CAST-128 as symmetric encryption algorithms for PGP. Give reasons why each of the following symmetric encryption algorithms described in this book is suitable or unsuitable for PGP: DES,
two-key triple DES, and AES. Get this solution

7.8 Consider radix-64 conversion as a form of encryption. In this case, there is no key. But suppose that an opponent knew only that some form of substitution algorithm was being used to encrypt English text and did not guess that it was R64. How effective would this algorithm be against cryptanalysis? Get this solution

7.9 Encode the text “plaintext” using the following techniques. Assume characters are stored in 8-bit ASCII with zero parity.
a. Radix-64
b. Quoted-printable Get this solution


Etiquetas: , , ,

Solutions - Network Security Essentials - Stallings - 4th ed - Chapter 6

Review Questions 6.1 What is the basic building block of an 802.11 WLAN? Get this solution

6.2 Define an extended service set. Get this solution

6.3 List and briefly define IEEE 802.11 services. Get this solution

6.4 Is a distribution system a wireless network? Get this solution

6.5 How is the concept of an association related to that of mobility? Get this solution

6.6 What security areas are addressed by IEEE 802.11i? Get this solution

6.7 Briefly describe the four IEEE 802.11i phases of operation. Get this solution

6.8 What is the difference between TKIP and CCMP? Get this solution

6.9 What is the difference between an HTML filter and a WAP proxy? Get this solution

6.10 What services are provided by WSP? Get this solution

6.11 When would each of the three WTP transaction classes be used? Get this solution

6.12 List and briefly define the security services provided by WTLS. Get this solution

6.13 Briefly describe the four protocol elements of WTLS. Get this solution

6.14 List and briefly define all of the keys used in WTLS. Get this solution

6.15 Describe three alternative approaches to providing WAP end-to-end security. Get this solution

Problems
6.1 In IEEE 802.11, open system authentication simply consists of two communications.
An authentication is requested by the client, which contains the station ID (typically the MAC address). This is followed by an authentication response from the AP/router containing a success or failure message.
An example of when a failure may occur is if the client’s MAC address is explicitly excluded in the AP/router configuration.
a. What are the benefits of this authentication scheme?
b. What are the security vulnerabilities of this authentication scheme? Get this solution

6.2 Prior to the introduction of IEEE 802.11i, the security scheme for IEEE 802.11 was Wired Equivalent Privacy (WEP). WEP assumed all devices in the network share a secret key.The purpose of the authentication scenario is for the STA to prove that it possesses the secret key. Authentication proceeds as shown in Figure 6.23.The STA sends a message to the AP requesting authentication. The AP issues a challenge, which is a sequence of 128 random bytes sent as plaintext. The STA encrypts the challenge with the shared key and returns it to the AP.The AP decrypts the incoming value and
compares it to the challenge that it sent. If there is a match, the AP confirms
that authentication has succeeded.

 


 a. What are the benefits of this authentication scheme?
b. This authentication scheme is incomplete.What is missing and why is this important?
Hint: The addition of one or two messages would fix the problem.
c. What is a cryptographic weakness of this scheme?   Get this solution

6.3 For WEP, data integrity and data confidentiality are achieved using the RC4 stream encryption algorithm. The transmitter of an MPDU performs the following steps, referred to as encapsulation:
1. The transmitter selects an initial vector (IV) value.
2. The IV value is concatenated with the WEP key shared by transmitter and
receiver to form the seed, or key input, to RC4.
3. A 32-bit cyclic redundancy check (CRC) is computed over all the bits of the
MAC data field and appended to the data field. The CRC is a common
error-detection code used in data link control protocols. In this case, the
CRC serves as a integrity check value (ICV).
4. The result of step 3 is encrypted using RC4 to form the ciphertext block.
5. The plaintext IV is prepended to the ciphertext block to form the encapsulated
MPDU for transmission.
a. Draw a block diagram that illustrates the encapsulation process.
b. Describe the steps at the receiver end to recover the plaintext and perform
the integrity check.
c. Draw a block diagram that illustrates part b.  Get this solution

6.4 A potential weakness of the CRC as an integrity check is that it is a linear function.
This means that you can predict which bits of the CRC are changed if a single bit of the message is changed. Furthermore, it is possible to determine which combination of bits could be flipped in the message so that the net result is no change in the CRC. Thus, there are a number of combinations of bit flippings of the plaintext message that leave the CRC unchanged, so message integrity is defeated. However, in WEP, if an attacker does not know the encryption key, the attacker does not have access to the plaintext, only to the ciphertext block. Does this mean that the ICV is protected from the bit flipping attack? Explain. Get this solution

6.5 One potential weakness in WTLS is the use of CBC mode cipher encryption. The standard states that for CBC mode block ciphers, the IV (initialization vector) for each record is calculated in the following way: , where IV is the original IV and S is obtained by concatenating the 2-byte sequence number of the record the needed number of times to obtain as many bytes as in IV.Thus, if the IV is
8 bytes long, the sequence number of the record is concatenated with itself four times.
Now, in CBC mode, the first block of plaintext for a record with sequence number would be encrypted as (Figure 2.10) where Ps,1 is the first block of plaintext of a record with sequence number and is the concatenated version of . Consider a terminal application (such as telnet), where each keypress is sent as an individual record. Alice enters her password into this application, and Eve captures these encrypted records. Note that the sequence number is known to Eve, because this portion of the record is not encrypted (Figure 6.17). Now somehow Eve gets hold of Alice’s channel, perhaps through an echo feature in some application. This means that Eve can present unencrypted
records to the channel and view the encrypted result. Suggest a brute-force method by which Eve can guess password letters in Alice’s password. Hint: Exploit these properties of exclusive-OR: . Get this solution

6.6 An earlier version of WTLS supported a 40-bit XOR MAC and also supported RC4 stream encryption. The XOR MAC works by padding the message with zeros, dividing it into 5-byte blocks and XORing these blocks together. Show that this scheme does not provide message integrity protection. Get this solution


Etiquetas: , , ,

Solutions - Network Security Essentials - Stallings - 4th ed - Chapter 5

Review Questions
 
5.1 What are the advantages of each of the three approaches shown in Figure 5.1? Get this solution

5.2 What protocols comprise SSL? Get this solution

5.3 What is the difference between an SSL connection and an SSL session? Get this solution

5.4 List and briefly define the parameters that define an SSL session state. Get this solution

5.5 List and briefly define the parameters that define an SSL session connection. Get this solution

5.6 What services are provided by the SSL Record Protocol? Get this solution

5.7 What steps are involved in the SSL Record Protocol transmission? Get this solution

5.8 What is the purpose of HTTPS? Get this solution

5.9 For what applications is SSH useful? Get this solution

5.10 List and briefly define the SSH protocols. Get this solution

Problems
5.1 In SSL and TLS, why is there a separate Change Cipher Spec Protocol rather than
including a change_cipher_spec message in the Handshake Protocol? Get this solution

5.2 What purpose does the MAC serve during the change cipher spec SSL exchange? Get this solution

5.3 Consider the following threats to Web security and describe how each is countered by
a particular feature of SSL.
a. Brute-Force Cryptanalytic Attack: An exhaustive search of the key space for a
conventional encryption algorithm.
b. Known Plaintext Dictionary Attack: Many messages will contain predictable
plaintext, such as the HTTP GET command. An attacker constructs a dictionary
containing every possible encryption of the known-plaintext message.When an
encrypted message is intercepted, the attacker takes the portion containing the
encrypted known plaintext and looks up the ciphertext in the dictionary. The
ciphertext should match against an entry that was encrypted with the same secret
key. If there are several matches, each of these can be tried against the full ciphertext
to determine the right one.This attack is especially effective against small key
sizes (e.g., 40-bit keys).
c. Replay Attack: Earlier SSL handshake messages are replayed.
d. Man-in-the-Middle Attack: An attacker interposes during key exchange, acting as
the client to the server and as the server to the client.
e. Password Sniffing: Passwords in HTTP or other application traffic are eavesdropped.
f. IP Spoofing: Uses forged IP addresses to fool a host into accepting bogus data.
g. IP Hijacking: An active, authenticated connection between two hosts is disrupted
and the attacker takes the place of one of the hosts.
h. SYN Flooding:An attacker sends TCP SYN messages to request a connection but
does not respond to the final message to establish the connection fully. The
attacked TCP module typically leaves the “half-open connection” around for a
few minutes. Repeated SYN messages can clog the TCP module.  Get this solution

5.4 Based on what you have learned in this chapter, is it possible in SSL for the receiver
to reorder SSL record blocks that arrive out of order? If so, explain how it can be
done. If not, why not? Get this solution

5.5 For SSH packets, what is the advantage, if any, of not including the MAC in the scope
of the packet encryption? Get this solution
Etiquetas: , , , ,
Subscribe to: Posts (Atom)