Computer and Network Security Semester 2, 2016 Assignment 2 Instructions: 1. How to write your assignment?. Answer all questions, as per the format you followed in Assignment 1. The format is also described below. • State the question along with its Number e.g., 2b, 2c. Also, put total points. Bold the question. • Provide your answers in a bounding box, directly below the Question. Please see below for two sample questions. 1.a What is the difference between passive and active security threats? (3 points) Solution: Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, file transfers, and client/server exchanges are examples of transmissions that can be monitored. Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems. 3.d What is a message authentication code? (2 points) Solution: An authenticator that is a cryptographic function of both the data to be authenticated and a secret key. 2. Total Points: 50 3. Assignment is worth 25% of the total marks in the unit. 4. Please provide answers in your own words. 5. Due Date: 5pm on Nov 2, 2016. Page 1 of 31. Review Questions (a) 5 points In key distribution and management, two types of keys are generally used: master key and session key. In WhatsApp Secuirty white paper, a key distribution and management mechanism has been employed for end-to-end encryption. Which of these keys will you categorize as a master key and session key(s)? Explain your answer. (b) 3 points For distribution of public keys, briefly describe why do we prefer public key certificates over public key authority. (c) 5 points For SSL, following protocols are used: SSL handshake protocol; SSL change cipher spec protocol; SSL alert protocol; SSL record protocol. What is the function of SSL handshake protocol? From your web browser, figure out different security parameters exchanged by SSL handshake protocol with https://www.google.com.au/. (d) 2 points What mechanisms can a virus use to conceal itself? (e) 2 points What means can a worm use to access remote systems to propagate? (f) 3 points What metrics are useful for profile-based intrusion detection? Total for Question 1: 20 2. Problems (a) 10 points In your internet browser (Firefox, Chrome, or any of your favourite browser), view the Public Key certificate for www.google.com.au Provide a screenshot for the certificate you viewed. Also, figure out the values for the following fields in the certificate. Please refer to Fig 14.15 in the book for different fields in the certificate. 1. what is the version of the certificate (X.509 version) 2. what is the certificate signature algorithm used? 3. what is the value of the certificate signature? 4. what is the public key in the certificate 5. what is the validity period of the certificate (b) 5 points Assume you have found a USB memory stick in your work parking area. What threats might this pose to your work computer should you just plug the memory stick in and examine its contents? In particular, consider whether each of the malware propagation mechanisms we discuss could use such a memory stick for transport. What steps could you take to mitigate these threats and safely determine the contents of the memory stick? (c) 5 points Suppose you observe that your home PC is responding very slowly to information requests from the net. And then you further observe that your network gateway shows high levels of network activity, even though you have closed your e-mail client, Web browser, and other programs that access the net. What types of malware could cause these symptoms? Discuss how the malware might have gained access to your system. What steps can you take to check whether this has occurred? If you do identify malware on your PC, how can you restore it to safe operation? (d) 5 points Suppose you have a new smartphone and are excited about the range of apps available for it. You read about a really interesting new game that is available for your phone. You do a quick Web search for it and see that a version is available from one of the free marketplaces. When you download and start to install this app, you are asked to approve the access permissions granted to it. You see that it wants permission to Send SMS messages and to Access your address-book. Should you be suspicious that a game wants these types of permissions? What threat might the app pose to your smartphone? Should you grant these permissions and proceed to install it? What types of malware might it be? Page 2 of 3(e) 5 points A common management requirement is that "all external Web traffic must flow via the organization's Web proxy." However, that requirement is easier stated than implemented. Discuss the various problems and issues, possible solutions, and limitations with supporting this requirement. In particular consider issues such as identifying exactly what constitutes "Web traffic" and how it may be monitored, given the large range of ports and various protocols used by Web browsers and servers. Total for Question 2: 30 Page 3 of 3