CS 423 Network Security: Midterm
whois
A simple command to do internet domain lookups on names that are registered with a domain registration service (such as GoDaddy).
PGP is characterized by three main steps. What are they, and in what order are they applied (if used)?
1. Message is first signed 2. Message and signature pair is then compressed 3. Compressed message and signature pair is then encrypted with the (symmetric) session key.
Explain the Key Generation function (show all math operations) underlying the 'textbook' RSA encryption scheme.
1. Pick two prime numbers (each of bit length ≥ 512) and compute n=p*q and ɸ(n) = (p-1)(q-1). 2. Choose another number e such that e is relatively prime to ɸ(n). 3. Compute d, the inverse of e in Z ɸ(n) such that e*d = 1 mod (ɸ(n)). 4. The public key would be the pair (e, n) and the private key would be d. 5. Delete p, q and ɸ(n)
What is the level of security provided by double DES?
2^56 (due to meet-in-the-middle attack)
Explain why it is difficult to establish a TCP connection using a spoofed IP address.
A TCP connection is established using a three way handshake mechanism. If an attacker uses a spoofed IP address such that the victim is let to believe that the message came form a trusted source, it still can't receive a message from the victim unless it is on the path between the victim and the spoofed IP address. Hence, the SYN ACK and any subsequent packets involved in TCP connection establishment, sent by the victim to the spoofed IP address can't be accessed by the attacker. Even guessing the sequence number and attempting to send ACK packets won't work because TCP uses random sequence numbers.
nmap
A network scanner used to discover hosts and services on a computer network. It sends specially crafted packets to the target host(s) and then analyzes the responses.
Availability
Ability to withstand unauthorized withholding of information or resources
Deception threat
Acceptance of false data
Privacy
Assures that individuals control or influence what information related to them is collected and stored and by whom and to whom that information may be disclosed.
Describe how a DNS Reflection Attack works (a form of DoS attack).
The attacker sends a large number of queries to DNS servers spoofing the IP address of victim machine. All the DNS server responses will then be sent/reflected back to the victim's machine, probably exhausting it and bringing it down.
Describe how a SYN Flooding Attack works.
The attacker sends many connection requests (SYNs) with spoofed source addresses. The victim allocates resources for handling each request by creating a new thread and maintaining the connection state until the time out. Since there is a fixed bound on number of half open connections, all the resources of victim are exhausted and the legitimate requests form the clients could be denied.
Types of attacks agains an encryption scheme
Ciphertext Only (COA) Known Plaintext (KPA) Chosen Plaintext (CPA) Chosen Ciphertext Brute Force Attack (BFA) Man in the Middle
Electronic Code Book (ECB)
Deterministic - does't really hide the mapping between the plaintext and the ciphertext. Although DES encrypts 64 bits (a block) at a time, it can encrypt a long message (file) in Electronic Code Book (ECB) mode.
Describe the cryptographic mechanism(s) that can be used to "protect" the information exchanged between two parties in the presence of a session hijacking attack.
Encryption of the transmitted packets during the TCP connection can be used to protect the information exchanged between the two parties. However, just encryption is not a sufficient defense mechanism in order to protect both confidentiality and integrity of the exchanged information. Hence authenticated encryption (MACing the message and then Encrypting the message and MAC) should be used for protection of the information exchanged between two parties in the presence of a session hijacking. One may also use signatures and encryption similar in spirit to PGP, but signatures might be too expensive to sign all application data.
The RSA cryptosystem serves two main purposes in PGP when sending a signed and encrypted message -- what are they?
First, RSA can be used to encrypt the session key with the public key of the recipient. RSA-OAEP version is used for this purpose. This session key is then used encrypt the message (email content). Second, RSA can be used to sign the message (email content) for providing authentication, integrity and non-repudiation. Hashed RSA is used for this purpose
True or False: PGP uses RSA to encrypt the email messages.
False, RSA is used to agree upon a symmetric key and symmetric key algorithm is used to encrypt the message.
"3-DES, which uses three (single) DES encryption operations in series and three independent keys - C = Enc(K3, Enc(K2, Enc(K1, P))) - has an effective keyspace size of 2^168 under the known-plaintext attack"?
False. The above version of Triple DES is susceptible to a meet-in-the-middle attack as per: Dec(K3, C) = Enc(K2, Enc(K1, P)), which implies that a match for a possible key can be found by performing only up to 2*2^112 encryption operations (the RHS) and 256 decryption operations (the LHS) and maintaining a table. Effective keyspace size is thus 2^112 under the known-plaintext attack, not 2^168
A pixel map (consisting of a matrix corresponding to the pixel values) of image in Figure (a) was encrypted with Triple-DES in two different modes, ECB and CBC, to obtain the images in Figures (b) and (c) "not" necessarily in that order. Which mode does Figure (b) correspond to? Figure (c)? Explain why.
Figure B: CBC; Figure C: ECB; ECB encrypt the same planter blocks to same ciperhtext blocks every time. Hence, it preserves the patterns of plaintext into cipher text (e.g., the same pixel values in the plaintext image get mapped to the same pixel values in the cipher text image). In contrast, CBC is randomized tend due to the use of an IV (and chaining), the same plaintext gets encrypted to entirely different cipher text each time.
Explain how 'traceroute' works.
It uses carefully crafted UDP packets to learn the route to a given destination. the first packet includes a TTL field of 1 which is decremented at each hop of the network. At the first hop router, the TTL value reaches 0, the packet is discarded and a "time exceeded'" error message is sent back to the source. The source again sends a UDP packet with an incremented value of TTL to find the next hop of the network. Once the message reaches the destination with TTL > 0, a "destination port unreachable'" error message is sent back to the source thereby completing the mapping of the route form source to destination.
A pixel map (consisting of a matrix corresponding to the pixel values) of image in Figure (a) was encrypted with Triple-DES in two different modes, ECB and CBC, to obtain the images in Figures (b) and (c) "not" necessarily in that order. Which image, B or C, represents a "good" encryption? Explain why.
Image B represents a good encryption because there ar no decipherable patterns in the encrypted image. In case of image C, the pattern of pixels in original image is carried over to the encrypted image due to lack of randomization. Hence, an adversary can deduce the original pixel pattern if he observes the same pattern in the encrypted image. Thus, image B is secure (against CPA) whereas image C is not.
Open Design (Kerckhoffs' principle)
Keep everything public, except the key Good practice The algorithm is publicly available Relies on the secrecy of the key
Closed Design
Keep the cipher secret Also called "proprietary design" Bad Practice Relies on the secrecy of the algorithm
Birthday Paradox
In a room of just 23 people there's a 50-50 chance of two people having the same birthday. In a room of 75 there's a 99.9% chance of two people matching.
Explain the Decryption function (show all math operations) underlying the 'textbook' RSA encryption scheme.
In order to decrypt a ciphertext 'c', use the private key d as follows: m = cd mod(n) where m is the decrypted plaintext.
Ciphertext Only (COA)
In this method, the attacker has access to a set of ciphertext(s). He does not have access to corresponding plaintext. COA is said to be successful when the corresponding plaintext can be determined from a given set of ciphertext. Occasionally, the encryption key can be determined from this attack. Modern cryptosystems are guarded against ciphertext-only attacks.
Chosen Plaintext Attack (CPA)
In this method, the attacker has the text of his choice encrypted. So he has the ciphertext-plaintext pair of his choice. This simplifies his task of determining the encryption key. An example of this attack is differential cryptanalysis applied against block ciphers as well as hash functions. A popular public key cryptosystem, RSA is also vulnerable to chosen-plaintext attacks.
Known Plaintext Attack (KPA)
In this method, the attacker knows the plaintext for some parts of the ciphertext. The task is to decrypt the rest of the ciphertext using this information. This may be done by determining the key or via some other method. The best example of this attack is linear cryptanalysis against block ciphers.
Brute Force Attack (BFA)
In this method, the attacker tries to determine the key by attempting all possible keys. If the key is 8 bits long, then the number of possible keys is 2^8 = 256. The attacker knows the ciphertext and the algorithm, now he attempts all the 256 keys one by one for decryption. The time to complete the attack would be very high if the key is long.
Disruption threat
Interruption or prevention of correct operation
What is a digital certificate and what is it used for?
It is a digital document, signed by a trusted third party (certificate authority) establishing the binding between a subject's identity and the subject's public key. It is used to establish the authenticity of users' public keys
Alice's RSA public key is N=15 and e = 3. Show how an attacker (who knows N and e), can learn Alice's private key d. Show all steps. It is not necessary to calculate the value of d, just show the steps needed.
N = 15, e = 3 So public key would be the pair (e, N) i.e. (3, 15) The private key 'd' is the inverse of 'e' in Z_phi(n) so we first need to calculate phi(n). The attacker knows that N is a product of two primes so if he is able to factorize N as p*q where p and q are primes, he can get phi(n). Factoring N=15, we get p=3, q = 5 (both are prime). So phi(n) = (p-1)*(q-1) = (3-1)*(5-1) = 2 * 4 = 8. Now the attacker just needs to find the inverse of 'e' in Z_phi(n) i.e. Z_8 = {0,1,2,3,4,5,6,7}. For 'd' to be inverse of e in Z_8, e*d = 1(mod 8) or 3*d = 1 (mod 8). d = 3 satisfies the above equation because 3*3 = 9 = 1(mod 8). So Alice's private key is 3.
Does a MAC scheme provide non-reputation? Explain your answer.
No, Since the MAC is generated using a symmetric key (shared between the sender and the verifier), either can create it and keep on blaming that the other created it
Is textbok RSA encryption a secure encryption scheme against a known plaintext attack?
No, the textbook RSA scene is detrministic encryption, meaning if the same message M is encrypted twice, exactly the same cipher text C is generated. If an attacker knows a plaintext cipher text pair (m,c), and later eavesdrop over a cipher text C, then the attacker can learn that the corresponding plaintext is m (thereby completely violating the confidentiality).
Private Key Crypto Model
Only a single private key can encrypt and decrypt information. It is a fast process since it uses a single key. However, protecting one key creates a key management issue when everyone is using private keys. The private key may be stolen or leaked. Key management requires prevention of these risks and necessitates changing the encryption key often, and appropriately distributing the key.
Ping
Ping is a network tool that relies on the ICMP (Internet Control Message Protocol), a Layer 3 protocol for diagnosing networking issues. Normally, ping is just used to check whether or not a machine is accessible via your network (ex: ping google.com, ping -c 4 google.com to only send 4 frames). With the use of the -R command (this seems better suited for internal network usage), you can trace the path to your destination.
Confidentiality
Prevention of unauthorized disclosure of information.
Integrity
Prevention of unauthorized modification of information
In which order, does PGP perform message encryption, signature, and compression operations?
Signature, compression, encryption
You want to determine whether a particular host on a subnet network (IP address provided) is online or not. However, the network on which this host resides blocks any incoming ICMP echo requests (ping messages). What is an alternative approach that can still be used to determine whether the host is online?
Since ICMP requests are being blocked, we can send TCP SYN requests on port 80 (or other well-known TCP ports) or UDP packets to a possible port and wait for the reply which will determine whether a host is alive or not.
Explain the Encryption function (show all math operations) underlying the 'textbook' RSA encryption scheme.
To encrypt a message 'm', look up the public key (e, n) with which the message will be encrypted. The encrypted message 'c' is as follows: c = m^e mod(n)
Non-repudiation
The assurance that somebody cannot deny something
Explain how a session hijacking attack works.
The attacker takes control of one or both sides of a TCP connection. This means attacker has the ability to sniff the packets sent between the host and client of the TCP connection and can send/receive packets from either of the host and client. The attacker can now send its own TCP packets to the host which now thinks that the packets are coming from the client and sends SYN ACK and subsequent packets which are then received by the attacker and thus establishing the connection. Alternatively, the attacker can use ARP poisoning/caching to send to send unsolicited ARP responses which map the communicating IP addresses to the attacker's own physical machine address (MAC). This, way all the traffic will be routed via the attacker, who can then learn the communication and can also tamper with it.
Reliability
The quality of being trustworthy
Man in Middle Attack (MIM)
The targets of this attack are mostly public key cryptosystems where key exchange is involved before communication takes place. Host A wants to communicate to host B, hence requests public key of B. An attacker intercepts this request and sends his public key instead. Thus, whatever host A sends to host B, the attacker is able to read. In order to maintain communication, the attacker re-encrypts the data after reading with his public key and sends to B. The attacker sends his public key as A's public key so that B takes it as if it is taking it from A.
Name an algorithm commonly used to encrypt PGP email messages.
There are many possibilities, including: CAST-128 , IDEA, 3DES and AES.
True or False: PGP uses RSA to sign the email messages.
True
Disclosure threat
Unauthorized access to information
Usurpation threat
Unauthorized control of some part of a system
Public Key Crypto Model
Uses two keys - one private and one public. The public key is distributed, whereas the private key is never shared. Across the web, PKI is extremely common. For example, when you make an online purchase, you are using Secure Sockets Layer (SSL) to encrypt the web session between yourself and the site. This type of method makes use of PKI. Private encryption is more commonly used to protect - and access - data stores, such as disk drives, confidential information and the like.
Chosen Cyphertext Attack
the cryptanalyst gathers information, at least in part, by choosing a ciphertext and obtaining its decryption under an unknown key.
Cypher Block Chain (CBC)
• Randomized encryption • IV - Initialization vector serves as the randomness for first block computation; the ciphertext of the previous block serves as the randomness for the current block computation • IV is a random value • IV is no secret; it is sent along with the ciphertext blocks (it is part of the ciphertext)
One Time Pad (Vernam Cipher)
• plaintext is binary string and key is binary string of equal length, then encryption can be done by a simple XOR operation. Plaintext: 01010000010001010011 Key: 11010101001001100111 Ciphertext: 10000101011000110100 • If the key is random and is not re-used, then such a system offers unconditional security - perfect secrecy! • Intuitively perfect secrecy can be seen from the fact that given any plaintext and ciphertext, there is a key which maps the selected plaintext to the selected ciphertext. So given a ciphertext, we get no information whatsoever on what key or plaintext could have been used. • How do we obtain "random" bit-strings for shared secret keys as long as the messages, and never re-use them? • System is not practical.