ITEC852 Assignment 2017 Deadline: 23 October (Midnight) Submit the assignment through iLearn and also by emailing it to [email protected] and [email protected] Note: If any assumptions are to be made, state them clearly prior to the answers. All the questions necessitate you to justify your answers with adequate reasons. So, avoid answering the questions with simple â€œYESâ€ or â€œNOâ€. Explain the answers with diagrams, if necessary. Question 1 (7 Marks) Outline a security architecture for the distributed environment shown below, where users wish to access enterprise services from various remote locations such as home, airport and other branch offices. a) Analyse the security threats that can arise in such an environment. State any assumptions that you are making. b) Specify the types of security services that would be needed to counteract these security threats and what type of security mechanisms could support these services. c) Identify the types of security components that can be used to provide these security services and mechanisms and where they would be placed. Question 2 (3 Marks) a) What is threat modelling and describe the steps involved in a threat modelling process? (2 Marks) b) Figure 2 shows the Slammer attack traffic. A security tool vendor has identified UDP traffic that is destined to port 1434 and the highlighted pattern as attack signature. This has been distributed to his customers. Remote branch office INTERNET Airport ITEC852 Assignment 2017 Deadline: 23 October (Midnight) Fig 2: Slammer Attack Traffic What happens if the security tool vendor does not include UDP traffic and port 1434 in the attack pattern/signature? In other words, what happens if only the highlighted pattern in Figure 2 is used as the attack pattern/signature? (1 Mark) Question 3 (7 Marks) a) Consider the following simple string based substitution cipher. It takes a plaintext letter as input from the English alphabet and produces a cipher text output by combining it with a key string security. The encoding rule used is a=0, b=1, â€¦., z=25 etc. The numerical representation of this key string is (18, 4, 2, 20, 17, 8, 19, 24). The operation is a characterwise addition modulo 26, i.e., (x + y) mod 26. Find the cipher text corresponding to the following plaintext. (Treat both uppercase and lowercase characters to be the same) â€œSecurityIsPeaceOfMindâ€ (2 Marks) b) Assume the above cipher text is transferred over a network to a receiver. If an error occurs during the transmission of this cipher text affecting one letter, how much of the decrypted plaintext will be in error. (1 Mark) c) What is a dictionary attack on a block cipher, and how can we ensure that such an attack is infeasible? (2 Marks) d) Consider a general n-bit substitution block cipher. What is the size of the key (number of bits in the key) required for such a general block cipher? Explain how you arrive at the answer. (2 Marks) Question 4 (7 Marks) a) Consider triple encryption by using E-D-E with CBC on the inside. If a single bit â€œxâ€ of the cipher text block, say â€c2â€ is modified, then how does it affect the decrypted plaintext? (3 Marks) ITEC852 Assignment 2017 Deadline: 23 October (Midnight) Let us consider the following stream cipher, where â€˜âŠ•â€™ refers to Boolean XOR operation (3 Marks) R1 = Enc[K] âŠ• IV C1 = P1 âŠ• R1 R2 = Enc[K] âŠ• C1 C2 = P2 âŠ• R2 . . Ri = Enc[K] âŠ• Ci-1 Ci = Pi âŠ• Ri i. Show how the decryption works? ii. If we use, Ri = Enc [K] âŠ• Pi-1 for encryption instead of Ri = Enc[K] âŠ• Ci-1 iii. then how would decryption work? iv. Discuss the security of the above schemes. b) A system is designed to use the RSA public key scheme, where m is the modulus, (e, m) is the public key and (d, p, q) is the corresponding private key. The system developer discovers that the private key (d, p, q) is compromised and hence modifies the system by generating a new public and private key exponents (e1, d1) for the same modulus. Discuss the security of the modified system. (1 Mark) Question 5 (8 marks) Consider the situation where a four (4) digit PIN must be selected to verify that the user of an application knows the PIN and may be authorised to use the application. Also consider that knowledge of the PIN does not indicate that the user of the PIN in the authorised person; the authorised person may have disclosed the PIN to another person, intentionally or unintentionally. If the PIN is selected at random by non-human means, it will have maximum entropy; if selected by a human, the entropy may be diminished because humans tend to select ITEC852 Assignment 2017 Deadline: 23 October (Midnight) memorable patterns. a) List and describe (in detail), the different types of memorable patterns that may be used by a human when selecting a four (4) digit PIN. (4 marks) b) For each memorable pattern, quantify (using the correct notation), the reduction of key space and entropy. (2 marks) c) Once you have listed and described all memorable patterns, quantify (using the correct notation), the overall reduction of key space and entropy. (2 marks) Question 6 (8 marks) a) Describe the differences in protection capabilities between operating systems that use the two processor-state model and those that use the four processor-state model. (4 marks) b) Describe the benefits and drawbacks of the following platform management architectures: (4 marks) a. Natively within an operating system. b. By extending the processorâ€™s state model with an extra mode complimented by a dedicated platform management kernel. c. By adding a separate management processor to a platform.