Reference no: EM132876506 , Length: word count:3000

M30606 Computer Security - University of Portsmouth

Problem 1 - Cryptographic Data Objects

B has just received the following message, which represents a cryptographic data object:

{(

{(KPbB)KPrS mod KPbS}K1,

{|(NB, NA , {{({K2}KPbB, NS)}(G1)KPrA mod NA}K1, {|{( {G3}(KPbA)KPrS mod KPbS, G2)}K1|}KPrB)|}KPrA

)}KBS

The following explains various terms in this object and some of the abbreviations used:

- {M} K represents the encryption of some message/data M using the key K

- {|M|} K represents the digital signing of some message/data M using the key K

- NX represents a nonce (i.e. a fresh and possibly random number used once only) generated by X

- KpbX represents the public part of the key pair presumably owned by X

- KprX represents the private part of the key pair presumably owned by X

- KAB represents a symmetric key shared between A and B

- K (or K1, K2, K3 etc.) represents some arbitrary key with no assumptions about its scope

- M represents some alphanumeric/textual message with no assumptions

- G1, G2, G3 etc. are prime numbers

which of the following sets of keys, nonces, numbers, and alphanumeric/textual messages "best" represents B's knowledge , after B applies any number of possible cryptographic operations to the object above, and assuming that B already has access to key K1 and the public key of any agent:

a) KBS, G2, KPrB

b) {(KPbB)KPrS mod KPbS, G2, KBS, KPrB, {(KPbB)KPrS mod KPbS}K1, NA, NB

c) NA, NB

d) NA, NB, KBS, KPrB

e) {(KPbB)KPrS mod KPbS}K1, {|(NB, NA, {{({K2}KPbB, NS)}(G1)KPrA mod NA}K1, {|{({G3}(KPbA)KPrS mod KPbS, G2)}K1|}KPrB)|}KPrA, NA, NB, KBS, KPrB, {(KPbB)KPrS mod KPbS

f) G2, NA, NB, G1, KBS, KPrB

g) (KPbB)KPrS mod KPbS, NA, NB, G2, KBS, KPrB

h) (KPbB)KPrS mod KPbS, (G1)KPrA mod NA, NA, NB, G2, KBS, KPrB

i) (KPbB)KPrS mod KPbS, G3, G2, KBS, KPrB

j) (KPbB)KPrS mod KPbS, NA, NB, G2, KBS, KPrB, G3, (KPbA)KPrS mod KPbS

k) NB

Explain your answer.

Problem 2 - Authentication Protocols

Consider the following 4-message protocol:

1. A → S: (B, {(A, K1) }KpbS)

2. S → B: A

3. B → S: (A, {( B, K2) }KpbS)

4. S → A: (B, {K2}K1)

Which of the following statements is true, at the end of the protocol, and with regards to the purpose of the protocol:

a) Both A and B establish a session key K2, and B is sure of A's identity

b) Both A and B establish a session key K1, and B is sure of A's identity

c) Both A and B establish a session key K1, and A is sure of B's identity

d) Both A and B establish a session key K1, and both B and A are sure of each other's identity

e) Both A and B establish a session key K2, and A is sure of B's identity

f) Both A and B establish a session key K1

g) Both A and B establish a session key K2

h) Both A and B authenticate each other by knowing each other's identities

i) A ends up knowing B's identity

j) B ends up knowing A's identity

k) None of the above

l) All of the above

Explain your answer.

Problem 3 - Non -Repudiation and Anonymity Protocols

For the Zhou-Gollman non-repudiation protocol discussed in the lecture on "Non -Repudiation and Anonymity Protocols", which one of the following statements is false:

a) At time point 4, both A and B can produc e evidence to prove that they received K

b) At time point 2, both A and B can produce evidence to prove that they received a signed message from the other party

c) At time point 0, S cannot prove anything

d) At time point 3, B cannot produce evidence to prove that A has access to key K

e) At time point 1, A can prove that B is alive

f) At time point 4, S can prove that A is alive

g) At time point 3, S can produce evidence that that A has access to key K

h) At time point 0, A is alive

i) At time point 2, A can produce evidence to prove that B is alive

j) At time point 4, the protocol terminates

Explain your answer.

Problem 4 - Forwards Secrecy Protocols

Consider the following 4 -message protocol:

1. A → S: ( B, {(A, K1)}KpbS)

2. S → B: A

3. B → S: (A, {(B, K2)}KpbS)

4. S → A: (B, {K2}K1)

Assume three runs of the above protocol, that we call P1, P2 and P3. If after completion of run P3, K1 is compromised, i.e. it is leaked to some external intruder, how would this impact the forward secrecy property of K2 for all the three runs of the protocol P1, P2 and P3? Choose the right answer:

a) Compromising K1 in P3 compromises every other key in all of the three runs of the protocol

b) The secrecy of P3.K2 is not compromised, and therefore P2.K 2 and P1.K 2 would remain secret

c) Compromising K1 in P3 compromises P3.K 2, and therefore, every other previous version of K1 and K2 are also compromised

d) The secrecy of P3.K 2 is compromised, but P2.K 2 and P1.K 2 would remain secret since K1 is refreshed after each run, therefore P3.K1 is different from P2.K 1 and is different from P1.K1

e) Even though K1 is compromised in P3, K2 is not compromised in any of the three runs

Explain your answer.

Problem 5 - Attacks on Security Protocols

Consider the following 4 -message protocol:

1. A → S: (B, {(A, K1)}KpbS)

2. S → B: A

3. B → S: (A, {(B, K2)}KpbS)

4. S → A: (B, {K2}K1)

And the following attack trace:

1. I(A) → S: (B, {(A, K)}KpbS)

2. S → B: A

3. B → S: (A, {(B, K2)}KpbS)

4. S → I(A): (B, {K2}K)

Which one of these changes to the protocol messages would fix the attack trace above, such as the attack then becomes impossible:

a) 3. B → S: (A, {(B, {K2}KpbA)}KpbS)

b) 4. S → A: (B, {K2, A}K1)

c) 2. S → B: {A}KpbB

d) 2. S → B: B

e) 3. B → S: (A, {(B, {K2} KprS)}KpbS)

f) 1. A → S: {(B, A, K1)}KpbS

g) 1. A → S: (A, {(B, K1)}KpbS)

h) 4. S → A: (B, {K1}K2)

i) 4. S → A: (A, B, {K2}K1)

j) 2. S → B: A, B

Explain your answer.

Problem 6 - Mutation and Type-Flaw Attacks

Consider the following 4-message protocol between A and B, where (N+1) represents the increment of N:

1. A → B: (A, {NA}KAB)

2. B → A: {(NA+1, NB)}KAB

3. A → B: {NB+1}KAB

4. B → A: {(K'AB, NA)}KAB

Which of the following mutations to messages of the protocol above, would constitute a harmful attack:

a) 1. A → B: (C, {NA}KAB)

b) 1. A → B: ({NA}KAB, A)

c) 4. B → A: {(KAB, NA)}KAB

d) 4. B → A: {(K'AB, NB+1)}KAB

e) 3. A → B: {NB+1}KpbB

f) 2. B → A: {(NA+1, NA)}KAB

Explain your answer.

Problem 7 - Access Control Models and Policies

Assume a network that consists of a set of nodes, {a, b, c, d, e, f, g, h, j, k, l, x, z}. These nodes have the following partial order relation on them: {(b≤a), ( f≤e), (z≤l), (z≤x), (l≤g), (c≤b), (g≤k), (e≤d), ( g≤h ), (k≤j), (g≤e), (e≤c) , (d≤b) , (x≤e)}

Furthermore, assume that a BLP policy is being enforced in the above network. Now assume that at some stage, node z becomes infected with a virus. Which one of the following sets of actions would also lead to infecting node a, assuming that viruses propagate through a network using the read and write commands. A virus would propagate from one node to another either because the second node read from the first one, or because the first node wrote to the second one. All read and write commands are subject to the policy being enforced and no read or write operation is possible in the absence of an order (either direct or indirect) between two nodes:

a) (l read from z), (l write to g), (g read from l ), (g read from e ) , (e write to c), (c write to b), (a read from b)

b) (z read from l), (a read from l)

c) (z write to x ) , (x write to e), (a read from e)

d) (z write to c), (b write to c), (a read from b)

e) (z write to g), (g write to h), (b read from h), (b write to a)

f) (x read from z), ( x write to e ) , (e write to d), ( a write to d)

g) (z write to g), (j read from g), (j write to d), (d write to b), (a read from b)

h) (z write to l) , (l write to g), (g write to c), (c write to d), (d write to b), (b write to a)

i) (a write to z)

j) (f read from z), (a read from f)

Explain your answer.

Question 8 XACML

The following represent two examples of XACML 2.0 policies.

Which single one of these statements is false:

a) An access request from Alice Samson at 14:00 on 01 January 2018 according to the first policy, will fail

b) Purpose of the last rule in each of the two policies is to deny any requests that are not covered by the previous permitting rules in each of the two policies

c) If the two policies above were combined into one policy set in the order they appear with a policy-combining algorithm "first-applicable", then the outcome of the request by Alice Samson be at 14:00 on 01 January 2018 to access the "server.acme.co.uk/docsserver" would be accepted when evaluated against the new policy set

d) Adding to the AND of the condition a third part with a "anyURI-equal" function applied to an attribute "machine.alice.come" will strengthen the condition by also requiring that Alice's request arrives from a particular URI address equal to machine.alice.com

e) If the effects of rules "Example 2 Rule 1" and "Example 2 Rule 2" in the second policy were changed to "Deny" and the effect of rule "Example 2 Rule 3" was changed to "Permit", then the outcome of the request from Alice Samson at 14:00 on 01 December 2017 would be permitted

f) An access request from Alice Samson at 14:00 on 01 January 2018 according to the second policy, will succeed

Attachment:- Computer Security Coursework.rar