Problem 1 (10 pts) Go to Recorded Future mailing list website (https://go.recordedfuture.com/cyber-daily), and subscribe to their mailing list, and subscribe for a couple of days. In addition, check...

Problem 1 (10 pts) Go to Recorded Future mailing list website (https://go.recordedfuture.com/cyber-daily), and subscribe to their mailing list, and subscribe for a couple of days. In addition, check the bugs reported daily at (https://nvd.nist.gov/) for one week. Then answer the following questions: 1. Write down what did you learn from this experience. (200 words max) 2. Write a detailed description of one vulnerability reported. (500 words max) Problem 2 (10 pts) Identify two computer security control measures on your computer(s). Which of the three properties Confidentiality, Integrity, and Availability do they aim at providing? Problem 3 (15 pts) Find a recent (2019 or 2021) computer security incident that has been reported in the media, and analyze the incident. You analysis should cover the following aspects: • What was the main vulnerability that was exploited? • What security principles were violated? • What could have been done to prevent the incident. Problem 4 (20 pts) Cryptanalysis • (10 pts) Suppose that everyone in the world is using the DES algorithm in the ECB encryption mode, and you can use a chosen plaintext attack against everyone. Show how to perform a dictionary attack such that, after an expensive but doable initialization step, everyone’s key can be recovered in very little time (O(log n) time). Write pseudo code both for the initialization step and for the function to recover everyones key. • (5 pts) How effective would the above attack be under known-plaintext (instead of chosen plaintext) attacks? • (5 pts) What if everyone uses the CBC encryption mode with the IV randomly chosen, would your attack still be effective? Problem 5 (15 pts) Needham-Schroeder Protocol • Discuss why the protocol does not achieve mutual entity authentication between A and B. In other words, which party is authentication and which party is not. Show the steps (3), (4) and (5) where one party can impersonate another identity. [Hint: A is the only one authenticating itself to B]. • Suggest a way to fix the problem above. Problem 6 (15 pts) There are three desirable properties for cryptographic hash functions: Preimage resistant, Second preimage resistant, and Collision-resistant. For each of the following applications of hash functions, explain which of these three properties are needed and which are not. • Alice poses to Bob a tough math problem and claims she has solved it. Bob would like to try it himself, but would yet like to be sure that Alice is not bluffing. Therefore, Alice writes down her solution, appends some random bits, computes its hash and tells Bob the hash value (keeping the solution secret). This way, when Bob comes up with the solution himself a few days later, Alice can verify his solution but still be able to prove that she had a solution earlier. • Passwords are stored in a password file, in hashed form. To authenticate a user, the password presented by the user is hashed and compared with the stored hash. A user who gains read access to the password file should not be able to log in by this method. (Assume that the mischievous user does not modify the system in any way before trying to log in.) • A system administrator, concerned about possible break-ins, computes the hash of important system binaries and stores the hash values in a read-only file. A program periodically recomputes the hash values of the files containing the system binaries, and compares them to the stored values. A malicious user who is able to overwrite one of the “protected” files should not be able to change the file without detection. Problem 7 (15 pts) Read the following paper and then answer the following questions: Ross Anderson: Why Cryptosystems Fail. (Available from the resources page.) • What are the two major reasons of the failures of cryptosystems in the paper? Give an example of each one of them (from the paper). • What are the four lessons learnt by banking equipment vendors? What were the three main actions suggested to tackle those banking problems.
Dec 30, 2021
SOLUTION.PDF

Get Answer To This Question

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here