Unit 10 Security

Question 1

What type of interference is taking place if, Alice alters Bob’s file without permission?

Answer 1

(Type 2) Modification

Question 2

What type of interference is taking place if, a hacker deploys software to observe packets travelling on a network?

Answer 2

(Part 2) Interception

Question 3

What type of interference is taking place if, a website receives a flood of requests for a web page, preventing callers from viewing the site?

Answer 3

(Part 2) Interruption

Question 4

What type of interference is taking place if, a user receives an e-mail appearing to be from his supervisor, who did not send the e-mail?

Answer 4

(Part 2) Fabrication

Question 5

How would each class of security threat (normal operation, interruption, interception, modification, fabrication) would apply to a file on a hard disk?

Answer 5

(Part 2)

• Normal operation - no interference to file access
• Interruption - an attacker has prevented authorised access to the file
• Interception - an unauthorised party has obtained access to the file
• Modification - an unauthorised party has altered the file
• Fabrication - a fake file has been constructed

Question 6

What security services might be at fault in a click-fraud case in which fake clicks are generated on an online advertisement?

Answer 6

(Part 2) Non-repudiation may be at fault if the clicks cannot be associated with particular parties. It is likely that the clicks cannot be easily traced, because the most likely form of identification in this case is an IP address, and IP addresses can be fabricated by a program.

Question 7

In a click-fraud case in which fake clicks are generated on an online advertisement, what class of threat is this?

Answer 7

(Part 2) The class of threat is fabrication.

Question 8

How many possible Caesar ciphers are there in English?

Answer 8

(Part 3) Assuming a 26-character alphabet there are 25 possible substitutions.

Question 9

What advantages does a cipher involving modulo arithemetic have?

Answer 9

(Part 3) The output of a modulus function is always within a certain range, which can be easily mapped to the desired character set. It is also easily implemented and computationally cheap.

Question 10

Which is stonger under a brute-force attack?

• using a password of five characters from the character set {a, b, c, d, e, f}
• or using a password of ten characters in length from the character set {a, b, c}

Answer 10

(Part 3)

• six characters with a password length of 5 gives a key space of 6⁵ = 7776
• three characters with a password length of ten gives a key space of 3¹⁰ = 59049

The longer password is stronger, because it results in a larger key space. However even a long password that appears in a dictionary is relatively weak as it is vulnerable to a dictionary attack.

Question 11

Why is public key cryptography called asymmetric and private key cryptography called symmetric?

Answer 11

(Part 3) In public key cryptography there are two different keys, the public key and private key, one used for encryption and the other for decryption. In private key cryptography there is only one key, the secret key suitable for both encryption and decryption.

Question 12

What is an example of a middle-person attack on public key cryptography?

Answer 12

(Part 3) Alice wants to send a message to Bob, susing Bob’s public key. Alice is tricked into using Eve’s public key instead - now Eve is able to impersonate Bob and read messages intended for Bob. (Bob will not be able to decipher these messages even if he receives them)

Question 13

Does Alice really know that a messagedeciphered by Bob’s public key came from Bob?

Answer 13

(Part 3) This depends on how Alice received the key. If she did not receive the key in a secure fashion (ex. face to face) she only knows the public key comes from someone claiming to be Bob.

Question 14

What are three reasons why keys might have expiry dates?

Answer 14

(Part 3)

1. Reusing a key may give an attacker more data to work with and so a better chance of cracking the code
2. Keys that previously were considered secure might not be any more due to increasing computing power and new methods of attack
3. If a key has become compromised, it cannot be used indefinitely

Question 15

What is an example of how an attacker might exploit a collision?

Answer 15

(Part 3) The message “Transfer £5 to A Bank” might have the same hash as “Transfer £1000 to A Bank”. The attacker might be able to intercept and substitute the second message for the first.

Likewise, a program could be altered in such a way that its hash is unaltered, so that an integrity check does not detect tampering, and a malicious program can be substituted for a valid one.

Question 16

Suppose a message is intercepted between a user and their bank which provides the encrypted login details - could the banking system be logged into and if so, how?

Answer 16

(Part 3) If the system below the normal user could be accessed, where the encrypted information is received, it might be possible to replay the login and password information and impersonate the user.

However, this attack is defeated by the use of nonce values.

Question 17

What class of cipher might be used for, storing passwords in a local file?

Answer 17

(Part 3) Hash

Question 18

What class of cipher might be used for, proving an e-mail has been sent?

Answer 18

(Part 3) Public key and hash (for signing)

Question 19

What class of cipher might be used for, using a wireless connection on a laptop?

Answer 19

(Part 3) Stream

Question 20

What class of cipher might be used for, encrypting files on a file system?

Answer 20

(Part 3) Block cipher

Question 21

What is a secure channel?

Answer 21

(Part 4) A secure channel is a communication channel between a pair of processes that can authenticate each other an provides confidentiality and integrity services, including time stamping.

Question 22

What is an example of a handshake in SSL?

Answer 22

(Part 4) Cipher negotiation and certificate exchanges are examples.

Question 23

Why would SSL use a public key-based protocol to establish a private key for communication?

Answer 23

(Part 4) Key distribution is easier with public key cryptography. The public keys can be verified by using a certifying authority and digital certificates. The private key obtained in this way results in faster communication for the bulk of the transaction.

Question 24

Why would a class loader check for overriding of final methods, when this check is already performed by a compiler before producing a class file?

Answer 24

(Part 5) The class loader is examining bytecode, which could have been altered since compilation.

Question 25

Why would a security policy require that the security manager could only be set once?

Answer 25

(Part 5) This means that another manager cannot be substituted, so that ways in which checks are performed cannot be altered.

Question 26

What are the two steps required to implement permissions-based security for an application?

Answer 26

(Part 5)

1. A security manager must be installed for the application, either on the command line or in the code
2. A policy must be specified, either dynamically (by executing some code) or statically (using dfault policy files or a specified policy file)

Question 27

What is the purpose of the following entry in a policy file? Identify the target and the action.

• grant codeBase “http://www.gggg.com”*
• {*
• permission java.io.FilePermission “C:\database.dat”, “read”;*
• } ;*

Answer 27

(Part 5) This is a policy entry granting FilePermission to code from the code base http://www.gggg.com allowing that code to carry out “read” actions on the file database.dat.

Question 28

How might an applet use the security manager to probe a system’s security?

Answer 28

(Part 5) An applet could prove security by attempting a restricted operation and seeing if a SecurityException is thrown. If the applet catches this exception, the client may not be aware that anything untoward has taken place.

Question 29

Why would it normally be wanted to implement the equals method of an implementation of Principal?

Answer 29

(Part 6) There is a need to implement equals so that the system can compare on principal to another. If this is not done the principal will inherit equals from Object, and equality will be determined based on principal references rather than their contents.

Question 30

Why is the PrivilegedAction interface required?

Answer 30

(Part 6) An instance of a class implementing the PrivilegedAction interface encapsulates and demarcates the work to be done with a set of privileges. This means that there is less chance of accidentally invoking code with certain privileges, and also it is clear when that set of privileges stops applying and goes back to using the thread’s context.

Question 31

What is the distinction between a subject and a principal?

Answer 31

(Part 6) A subject is an entity that can be authenticated, that is, a source of a request to perform some action.

A principal is an identity associated with an authenticated subject.

Question 32

What is the purpose of a login module in JAAS?

Answer 32

(Part 6) A login module implements a method of authentication, such as biometric scanning or promting a user for a login and password. A commit method is used to associate credentials with a subject.

Question 33

When would the method doAsPrivileged be used?

Answer 33

(Part 6) This method would be used when executing code with the permissions associated with a particular principal. A principal can be granted permissions in a policy file, and this principal can be associated with a subject on authentication.

Question 34

When would it be safe to use doAsPrivileged with a null context?

Answer 34

(Part 6) This can be used when there is some work to be done with a subject’s permissions and the current context can be overriden. In effect, this means that it must not matter how the point of code execution was reached - it should not matter who, or what, called the code to invoke doAsPrivileged, it should only matter what the identity of the authenticated Subject is.

An example is that an authorised application needing to access system fonts to render a document should be capable of gaining the permission to do so.

Question 35

What is a role and how does it relate to users of a system?

Answer 35

(Part 7) A role is a name for a kind of caller and can be used to authorise actions. Users can be mapped to groups or roles so that permissions applied to the roles apply to those users. Thus, a programmer does not have to know the users of a system, just the different roles of users of a system.

Question 36

What steps are taken when a protected web resource is accessed?

Answer 36

(Part 7) At this point (if lazy authentication is used) the caller must be authenticated. If successful, this results in the server storing credentials for the caller in a session context. The credentials are subsequently used to decide if the caller may access the protected resource, using a principal or role.

Question 37

What is the difference between declarative and programmatic security?

Answer 37

(Part 7) In declarative security, security roles and restrictions on the execution of code are established using entries in XML deployment descruptor files.

In programmatic security, roles and restrictions are established using Java code.