Computer and Network Security

Final Exam (A), 2008

Dr. Ron Rymon

Time: 2 hours and 30 minutes, plus 30 minutes extension.

No Additional Material is Allowed

Part A. Explain briefly 6 of the following 7 terms (4 points each):

1.  3DES EDE

  1. Method for using DES 3 times to encrypt text using 3 keys, hence increasing the key space. It is possible to use 3DES to emulate regular DES
  2. EDE is Encrypt-Decrypt-Encrypt, and shows the orientation of the encryption devices. This allows using a 3DES component to emulate simple DES

2.  RBAC

  1. Role-Based Access Control A method for controlling access where access rights are grouped and provided to users based on their roles in the organization resulting in productivity and security gains

3.  Phishing

  1. A type of spam mail
  2. Which impersonates a request from a familiar business (usually a bank)
  3. Refers the victim to an impersonating web site in which the victim is requested to enter personal data such as usernames and password to be used by the criminals

4.  PGP

  1. Pretty Good Privacy
  2. Protocol and software for secure email
  3. Supports authentication
  4. Supports confidentiality

5.  Steganography

  1. Hiding a message within another message
  2. Example or how works.

6.  End-to-end encryption

  1. Providing confidentiality for the traffic on multiple physical network links, all the way from a source to a destination and possibly through many other links As opposed to link encryption

7.  CA

  1. Certificate Authority – an instance responsible for granting and signing certificates of lower-ranked parties using its private key (so can be decrypted using public key).


Part B. Answer 4 of the following 5 questions (9 points each):

1.  Explain the frequency analysis used by the Arabs to break monoalphabetic ciphers

  1. Idea of different letters appearing in different frequencies
  2. How to compute frequencies in ciphertext and match ciphertext letters to original text letters
  3. Subsequent matching of letter pairs and contexts

2.  Explain the Diffie-Hellman algorithm and why it is computationally secure

  1. Explanation of the flow and algorithm
  2. Uses difficulty of discrete logarithm mod p

3.  What happens in DES if the key has 1 in each bit of the left half and 0 in each bit of the second half

  1. The round keys would all be equal
  2. This happens because in the creation of the round keys, the key bits of each half are manipulated (shifts, permutation, and selection) separately.

4.  Explain how biometric fingerprinting works, and how it is used for authentication

  1. What it is: Fingerprinting is a something-you-are form of authentication, based on the fact that different people have different fingerprints
  2. How it works: a reader makes a copy of the fingerprint. The image is then analyzed and compared to the original fingerprint.
  3. How two fingerprints are compared: The comparison uses a catalog of lines/shapes that are found in a fingerprint (minutiae)

5.  Illustrate and explain how a DDoS attack is mounted

  1. What it is: Distributed Denial of Service. A DoS is an attack on a server that is designed to shut it down by flooding it with requests/traffic .
  2. How it works: In distributed DoS, the hacker is using many computers that are launching the attack when received the command from the hacker .
  3. How the hacker gets to control the slaves: Usually, the computers that do the actual attack were taken over by the hacker in a preceding step, e.g. through a Trojan that was downloaded by unsuspecting users .
  4. How it is detected: A DDoS attack is usually detected only when the traffic to the victim becomes unusual or high.
  5. How it is mitigated: Once detected, it is usually impossible to mitigate the attack in the areas of the network that are close to the victim. Instead, traffic aimed to the victim has to be siphoned and filtered at the ISP level, as close as possible to the perimeter or sources of the attack. Filtering is usually based on the protocols and patterns of the attack vs. the normal traffic


Part C. Answer the following two questions (20 points each):

1.  Illustrate the flow, and explain the purpose and functionality of each step of the DES algorithm. What are the desired features of the round function of every Feistel algorithm?

  1. Block structure and block size
  2. Iterations structure, and number of iterations
  3. Sub-key generation algorithm, and key size
  4. Iteration formula and work on half-blocks
  5. Round function illustration and explanation of each part
  6. Explanation of how confusion and diffusion are achieved
  7. The process is reversible for decryption using the keys in reverse order

2.  Explain how a firewall works. Describe different types of firewalls, their respective advantages and disadvantages, and the architectures in which they can be configured.

  1. Types: packet filter, application gateway (proxy)
  2. Explanation of how they work
  3. Advantages/disadvantages of packet filter: fast, app independent, but is not aware of app limitations
  4. Advantages/disadvantages of application gateway: specialization of rules, but requires app specific gateways, slow
  5. Illustration of a DMZ configuration