CS 231: Computer Security

Takehome Exam

Due 11:10AM Wednesday, October 29, 2014. Submit your answers via Moodle in PDF form.

This is an open-notes, open-Internet, open-book exam. The only thing you aren't allowed to do is consult with other people about the exam (except for Jeff Ondich, with whom you may discuss the exam as much as you like).

Make your answers detailed, but also as clear and concise as possible. In this test, "detailed" usually means something like "give me a step-by-step description of who sends what to whom."

Cite your sources.

Because we're such rebels, we're going to do a gender-swap on this exam by replacing Alice, Bob, and Eve with Charlie, Donna, and Evander. Charlie initiates and Donna replies, while in the darkness, Evander pursues his evil plans.

  1. (6 points) I encrypted a message for you using 256-bit AES in CBC mode, converting the resulting encrypted message into base64 so I could print it here.

    Message: 2xYN62DCZAdgtkPg9Q1v68L5UoaxdY5JaGyYFu7UmoROVFnwwplJxn90WnMV5FN/ e/oZ8Iz32gDtadVC4AU7/HghwMmiHNVAbnpX/CDs5VR6tSJjkmXorA39iCg61tTl 7ydZVGR2tjskTOTwgCGwro6zkWmwTnsupMQPrZuntgKmzn03vXxWUec/J+zUWGv1 xVwyoaNN7gFcVz9q8yqac01k2J8InbmgMX/wUAtzpwPqv2f3kFZi7JLDIV5odNGZ Key: 6D31CFF180747D6202872B512B490F0B7CD7E00A1D1CE140A5086ECB79B96974 Salt: 83FA34D80106EAAB IV: BD9F624E529153E11596874F5A05536C
    1. What relation does "256-bit" have to the information above?
    2. What is "CBC mode"?
    3. What is "salt"?
    4. What is "IV"?
    5. What message did I send you?
    6. What procedure (command, website, whatever) did you use to discover my message?

  2. (6 points) MACs

    1. What does MAC stand for in cryptographic contexts?
    2. How is HMAC computed?
    3. Explain why HMAC includes padding.
    4. Why do certificates use cryptographic hash functions like SHA-1 and SHA-2 instead of a MAC, which has an extra layer of security?

  3. (10 points) Last Friday, we talked about Diffie Hellman for a minute. We noted that the pure DH protocol is vulnerable to a man-in-the-middle attack. But we also recalled that SSH uses DH to exchange essential secrets. This exercise is intended to explore whether SSH is simply vulnerable to MITM as a result, or whether there is protection built in, and if so, what is the nature of the protection.

    1. Describe in concise detail the steps Charlie and Donna go through to exchange a shared secret S using Diffie Hellman, assuming that nobody interferes.
    2. Describe in concise detail the steps Charlie, Donna, and Evander go through to perform a Diffie Hellman exchange, where Charlie and Donna believe they share a secret, but where in fact they don't, and Evander ends up in the middle with the ability to control any communications based on the DH exchange(s) that just occurred.
    3. Identify exactly where in the SSH protocol Charlie and Donna are able to thwart a man-in-the-middle. Give reference to explicit section(s)/paragraph(s)/sentence(s) of RFC 4253 (or RFC 4252 if that's more appropriate) that describe this MITM-thwarting technique. Then explain what implications that has for you as an SSH user, and what implications it has for Evander as a potential attacker of your SSH sessions.

  4. (8 points) Being Evander: ARP Poisoning/Spoofing

    1. What is ARP?
    2. In this context, MAC means something different than it does in a cryptographic context. What does MAC mean here?
    3. Describe in detail the steps Evander must take to use ARP poisoning to become the man-in-the-middle between Charlie's desktop computer on an office Ethernet and the router that connects that Ethernet to the Internet.
    4. What barriers must Evander overcome to successfully use ARP poisoning to get between Charlie and the router?

  5. (3 points) Identify two security incidents that you would be interested in studying to understand their technical details. When I hand back the exam, I'll let you know whether your ideas are suitable for the upcoming "explain a famous security breach" project. For this question only, you may consult with other students, including potential partners for the project.

  6. (10 points) Charlie has a website. On this site, he has a page that includes his 2048-bit RSA public key, plus the following statement: "Whenever I email you an important attachment like a signed contract or a legal notice, I will also include a signature file consisting of the SHA-256 hash of the important document, encrypted using my public private [but see email from 10/28] key." Charlie goes on to explain how to check this signature against the document on various common platforms.

    Your job is to list as many ways as you can think of for somebody to undermine Charlie's system. For each attack you come up with, briefly describe the practical barriers the attacker will face. (For example, if the attack is "compute Charlie's private key," you will want to observe that at present, there is no publicly published way to do that within the expected lifetime of anyone currently alive. So the practical barrier in this case is that the attacker will need to make a dramatic mathematical breakthrough.)