1 / 7 RMIT Computer Science Security in Computing and Information Technology (COSC2536/2537) Assignment, Semester 1, 2017 Aims  To learn how to stay up-to-date with security threats  To illustrate a practical aspect of security, such as vulnerabilities, threats and attack techniques, familiarise students with some basic security infrastructure, such as software vulnerability and virus databases  To illustrate the process of encrypting with mechanical devices Method This assignment will be attempted by students individually. Time frame Time allocated for this assignment: 5 calendar weeks Due date: Week 11 (Friday, 19 May, 9:00am) Special Consideration With the exception of dire circumstances, no extension requests will be considered within 5 working days of the submission date. ("Dire Circumstances" means things like hospitalisation of you or a close relative, etc.) Persons requesting a late extension may be required to prove that a significant body of the work has already been completed. 2 / 7 Submission What to submit  You should submit one file in PDF format, and it should be named S< Your Student Number >.pdf (replace with your own student number). Files in any format other than PDF will not be marked.  For your answers, please use the template specified at http://titan.csit.rmit.edu.au/~e51577/SIC/Assign/SICReportTemplate.docx  You should start each question (1.1, 1.2 etc) on a new page. Submission method  Submission is via Blackboard. If you are not familiar with submitting assignments via Blackboard, please visit http://goo.gl/YEo4U5 or https://en- us.help.blackboard.com/Learn/9.1_Older_Versions/9.1_SP_10_and_SP_11/ Student/060_Tests_and_Assignments/Submitting_Assignments Marking This assignment contributes 35% towards your final mark in the course, and will be marked out of 100. Students are reminded that cheating, whether by fabrication, falsification of data, or plagiarism, is an offence subject to University disciplinary procedures. In particular, students should acknowledge any material that is not their own work and is submitted as part of an assignment. Students should be aware of their rights and responsibilities regarding the use of copyright material. If you need help referencing, have a look at RMIT's Referencing Guide. 3 / 7 Part 1 Vulnerabilities and Malware Background Your company is re-evaluating its operations. It uses a very large number of applications running on different computers. You are given the task of providing information about vulnerabilities in applications so that IT management can consider which applications should be disabled, disconnected from the network or restricted to special workstations in order to reduce the possibility of attacks. Your manager thinks the company relies on outdated protection and wants an update on recent malware, and asks you to recommend a new antivirus program for the Windows desktop machines. You need to support your proposal with facts and arguments. Tasks Task 1.1 (25 marks) Using your skills learnt in lab 2, select a recent (not older than two months) vulnerability from the National Vulnerability Database and analyse it from the following aspects: i. Criticality level (Check Secunia, Screenshot Accepted) ii. Impact including CVSS Score. (Screenshot Accepted) iii. Explain the purpose of using CVSS scores. (Two valid bullet points expected.) iv. Proposed Solution (Screenshot Accepted) v. Indicate which of the Australian DSD Strategies (https://www.asd.gov.au/infosec/mitigationstrategies.htm) can be applied to mitigate the vulnerability. Include valid explanations for your answer. (At least two if possible, one will suffice only in rare cases.) Ensure that you also provide a detailed description of the vulnerability. Task 1.2 (20 marks) In this task you will evaluate antivirus companies. For that, search a number of antivirus companies’ (e.g. Symantec, McAfee, Kaspersky, F-Secure, AVG, Bit Defender, Webroot, ESET, G-Data, Avira) websites. Find at least four sites that publish malware listings, and compare the latest malware lists. As different companies may use different names for the same malware, you also need to find a site that has cross-references, i.e. lists the alternative names. Note: Comparing different sites is not easy. If you cannot identify malware via cross reference sites, you need to devise your own metric to evaluate the sites, and explain why you think your evaluation criteria are valid. i. List the four sites and the cross-reference site. ii. Discuss how descriptive and informative the sites are. iii. Discuss the time difference between the listings. Provide facts to support your arguments. Hint: Take a subset of malware listings and compare the time difference. This information should be presented in a tabular grid and a small paragraph at the end that summarises your findings. (Here you select specific malware issues and 4 / 7 check the different sites to see when they are listed.) As different companies may use different names for the same malware, first you will need to find a site that lists the aliases for malware. iv. Which site is the most up-to-date and why? Hint: Over a two week period compare the malware listings that are reported. Statistically analyse the data set, possibly by giving the malware a weight based on the criticality and the date/time of the listing. This information should be presented in a tabular grid and a small paragraph at the end that summarises which site is the most up-to-date. Data in your grid should serve as proof of your statement. (This date is different from the previous question as here you select a specific time period instead of looking exclusively for specific malware.) Task 1.3 (20 marks) Select a recent vulnerability from an antivirus company’s database, and analyse it from the same aspects as in task 1.1. (Note: No need to explain the purpose of using CVSS scores again.) Select three recent, different threats from an antivirus company’s database. Describe for each i. How it spreads (attack strategy) ii. The target of malicious activity (information, resource etc) iii. The way of hiding inside the victim’s computer. Guidelines The report should be concise, normally not longer than 900 words (excluding pictures). You must start each answer on a new page. To support your arguments  Provide screen-dumps for each question (Maximum four screen dumps per question; each screen dump must be large enough to read the text). Feel free to format the page to accommodate larger screenshots.  Provide references (URLs) when you use information from different sources. Notes Comparing virus databases is not straightforward, as different antivirus companies may use different names for the same malware. You need to find a characteristic feature of the malware, which may be the name but can be something else (e.g. the hash), and use that for identifying the malware. Then, you can use cross-reference sites (e.g. http://malwaredb.malekal.com/ https://www.virustotal.com/ http://www.threatexpert.com/reports.aspx http://vxvault.net/ViriList.php ) to identify that piece of malware in different databases. You are strongly encouraged to find your own cross-reference site, as these sites may change. 5 / 7 Part 2 Symmetric and asymmetric ciphers In this part you will practice encrypting and digitally signing documents. Task (15 marks) The Enigma machine was a piece of encryption hardware used by the Germans to protect commercial, diplomatic and military communication before and during World War Two. Although it had some cryptographic weaknesses, it was procedural flaws, operator mistakes and the capture of key tables and hardware by the Allies that enabled the successful breaking of messages encrypted by Enigma machines. For this assignment you are required to use the following Enigma Machine Simulator [http://enigma.louisedade.co.uk/enigma.html] using the parameters specified below: Enigma Type: M4 Reflector Wheel (Umkehrwalze): C Wheel Order (Walzenlage): Gamma IV III II Ring Setting (Ringstellung): DGAF Ground Setting (Grundstellung): YPWQ Plugs: AV CN FG IY WJ ME The task is to encrypt the following with the Enigma emulator: your family name followed by ten letters of ‘L’. In your answer you must state: - The plain text. - The cipher text. - The final ground setting after encryption. You have to write down your answer, a screenshot alone is not sufficient. 6 / 7 Part 3 Defence Mechanisms For this task you will first practice modulo operation that is the basis for most encryption methods. A brief video about it was shown in the lecture when discussing encryption. You can also find many explanations on the web. Then you will have to answer the question that the result of the operation points to. Task (20 marks) You have to calculate xxxxxxx mod 3 (where xxxxxxx is your seven-digit student number), and show the result in your report. Then, if the result is 0 you need to answer question 3.0, if the result is 1 you need to answer question 3.1 and if the result is 2 your question is 3.2. Below is a list of security mechanisms and threats. For each security mechanism, indicate whether it is very effective, partially effective or not effective against the listed threats. Provide a brief explanation for each answer. Question 3.0 Security mechanisms: Firewalls embedded in the application, TLS / SSL , two-factor authentication, signature-based intrusion detection Threats: Trojans, social engineering, spoofing, replay attack, person in the middle attacks, denial of service attacks, cross-site scripting, SQL injection attack, drive by download attack, session hijacking. Question 3.1 Security mechanisms: Network Firewalls, PGP , one-time passwords, anomaly-based intrusion detection Threats: Trojans, social engineering, spoofing, replay attack, person in the middle attacks, denial of service attacks, cross-site scripting, SQL injection attack, drive by download attack, session hijacking. Question 3.2 Security mechanisms: Proxy servers, SSH, electronic certificates, application-based intrusion detection Threats: Trojans, social engineering, spoofing, replay attack, person in the middle attacks, denial of service attacks, cross-site scripting, SQL injection attack, drive by download attack, session hijacking. 7 / 7 You should organize your answer in a table, the rows representing the threats and the columns representing the methods. E.g. Mechanism 1 Mechanism 2 Mechanism 3 Mechanism 4 Threat 1 Not effective, because … Very effective, because it can eliminate the threat by … Partially effective, as it can address … but cannot address … Very effective, because … The End