EECN750 – Network Security (2015-2016) Page 1 of 5 Department of Engineering Independent Learning Package 2015 – 2016 Module code: EECN750 Module Title: Network Security Level: 7 Due date: set by your course leader INSTRUCTIONS  All questions to be answered  Completed work to be handed to the registry office by the above deadline  A soft copy must be submitted online to Blackboard for plagiarism checks  Submission of your ILP indicates that you are ready for your viva  Your submission should be in bound form EECN750 – Network Security (2015-2016) Page 2 of 5 Question 1 Alice encrypts her message with Bob's public key and sends to Bob. Bob receives and decrypts using his private key. Bob then send the same message back to Alice encrypted using Alice's public key. Analyse the security of this communication protocol in terms of what assurance it provides to Alice and to Bob and what attack it might be subject to. Question 2 a. Contrast in terms of security and efficiency the Diffie Hellman procedure for setting up a secret session key with the approach in which Alice sends the session key to Bob encrypted using Bob's public key. b. Compute 540mod 17 on paper, showing the steps. c. Given 3amod 53 = 24 compute a. Explain your method. Question 3 Question 4 The RSA procedure involves two prime numbers p, q from which N = pq is computed. A public exponent e is chosen (often with the value 65537) and private exponent d computed to satisfy: ed = 1 mod (p − 1)(q − 1). a. Of these parameters p, q, N, e, d, which form the public and which the private key? b. Use one of the websites supporting modular arithmetic to determine the private exponent d for the case where p = 7437887, q = 3023981 and e = 65537. Use this to encrypt the message "Hello". Explain your steps and show how to decrypt this message. How would you encrypt a longer message? c. Explain what is meant by a side channel, and describe the basis of a side channel attack on RSA. d. Explain how RSA is used for digital signatures. a. A 64-bit block of ciphertext c is obtained by XOR'ing a 64-bit key K against the 64-bit plaintext message m . c = K ⊕ m. Knowing the key K, how is m recovered from the ciphertext c? b. If the operation was c = K&m (where & is bitwise AND), how would m be recovered? c. Compute 167 ⊕ 118 (⊕ is XOR) where each of the numbers should be interpreted as unsigned binary (without any 2's complement). Give your answer as a decimal number in the range [0,255]. d. A one time pad (OTP) is used to generate a random sequence of bytes to XOR with a plaintext message. This system can be proved to be secure, but the equivalent stream cipher based on a pseudo random number generator cannot be proved so. Explain why there is a difference. EECN750 – Network Security (2015-2016) Page 3 of 5 Question 5 a. Estimate the time it would take to brute force DES on a modern desktop computer. Clearly state your assumptions about the machine and explain how you would recognise that you had found the correct key. b. Using the same machine, estimate how long it would take to brute force 512-bit RSA by factorisation. State your assumptions about the factorisation algorithm. Question 6 a. Make a brief comparison between the overall system architecture of GSM and UMTS. Provide a diagram of their respective architecture if required. b. Explain the three aspects of security provision in GSM outlining their importance. c. Explain how GSM improved the security aspects of the system compared with the first generation phones. d. Explain in bullet points the algorithms and parameters involved in security provision by GSM. Question 7 a. Identify the drawbacks of security arrangements in GSM. Provide one specific example of attacks caused by the drawbacks. b. Outline the differences in security between the GSM and GPRS. c. Discuss in bullet points how the security is improved in UMTS and future phone generations. d. Explain briefly the modified security mechanisms in UMTS and explain the role of two security parameters. Question 8 a. Discuss briefly ways in which a hacker can identify the operating system running on a remote machine then explain why this information is important for a potential attack. b. A small branch office of a large company with around 20 staff is performing poorly and there are rumours that around a third of the workers are to be made redundant. One of the workers is fairly good with computers and decides to eavesdrop on the network traffic between the manager's office and the headquarters in the hope of finding out what is being planned. All the computers in the branch office are on a switched network and the uplink port of the switch is connected to the branch office firewall router which connects to the main company headquarters. Staff including the manager use company laptops and any laptop can connect to any network socket. Outline a way in which this might be achieved giving details of any tools that may be of use. Question 9 a. SYN scan, Connect scan, NULL scan, XMAS scan, FIN scan and UDP scan are all Port Scanning techniques used to discover open ports on a target system. Describe any two of these and state clearly how a port can be discovered to be open. Which one of the above technique is stealthy? Give reasons for your answer. b. What is a RootKit? Explain the purpose of this and give an example of software that can be used to detect it. EECN750 – Network Security (2015-2016) Page 4 of 5 Question 10 a. Explain how an NIDS processes data. b. A switch can be used to copy incoming data from the Internet to a Firewall and direct it to an NIDS. Unlike hubs, switches do not generally flood data. Explain how a Cisco 3560 switch can be configured to ensure that the NIDS gets the same copy of the data that goes to the Firewall c. What measures can be taken to ensure that an NIDS will not be visible to an attacker? d. How does an Anomaly-Based NIDS differ from Signature-Based NIDS? e. What is a Host-Based IDS (HIDS)? Where is this used? Question 11 a. Explain the functions and applications of a i) Packet Filtering Firewall ii) Stateful Firewall iii) Proxy Firewall. b. With the aid of a suitable example, explain how Dynamic Access Control Lists can be used in Network Security. Question 12 a. Apart from Encryption and Authentication, describe other measures that can be employed to enhance the security level in 802.11 based wireless networks and explain why you may not use all the measures available. b. What benefits does distributed client/server architecture of RADIUS provide? c. Describe the steps involved in the process of Authentication when a wireless client requests for connection to an Access Point in a system setup to use a RADIUS server. d. EAP-FAST is one of the variation of the EAP protocols available in 802.1x based authentication. How does it differ from LEAP? Question 13 a. There are many types of attacks that can be launched against a networked computer system. Explain the operation of the following attacks: i) Man In The Middle (MITM) ii) Distributed Denial of Service (DDoS) b. For each of the methods of attack in part a) above, briefly explain a possible counter measure that can be used. c. List two other types of attacks that are common and give a description of each. EECN750 – Network Security (2015-2016) Page 5 of 5 Question 14 Consider this scenario. Then answer each of the following questions. OS Foods is a small company of roughly 50 employees. You have three servers: a domain controller, a file server, and a server that provides mail and FTP services to internal and external employees. There are 30 Windows XP desktops shared by various employees. The network is isolated from the Internet by a firewall. Wired local network access is provided by a switched infrastructure. Wireless access is enabled by three suitably-placed access points. a. If this were your actual company, which assets would you deem most critical to protect against possible attacks. b. Select two of those assets, and identify the threats they face. c. OS hardening is the process of eliminating common vulnerabilities by modifying the basic configuration options of the system. List five steps that you could take to harden an operating system. Question 15 Virtual Private Networks (VPNs) are commonly used to add an extra layer of security in the transport of data over a shared network using protocols such as PPTP, L2TP and IPSec. a. State the layer of the OSI model at which the above protocols work b. IPSec is an open standard suite which provides protocols to perform various functions. Distinguish between the IPSec Authentication Header (AH) and Encapsulating Payload (ESP) c. A medium sized business wishes to network two sites using IPSec VPN over the internet. The available bandwith is 100Mbs. Suggest the type of VPN that could be setup to achieve this and state your choice of IPSec configuration giving reasons. d. Is it possible to encrypt the entire Packet before transmission? Give reasons for your answer.