Advanced Security and Network Assignment: October 2017

Verified

Added on 2020/05/04

AI Summary

This assignment delves into various aspects of advanced security and network concepts. It begins with an analysis of potential security threats, such as ransomware, phishing, and denial-of-service attacks, along with corresponding countermeasures like authentication and access control. The assignment then explores threat modeling, outlining the steps involved in identifying and prioritizing threats. Cryptography is also examined, including encryption methods, dictionary attacks, and the impact of ciphertext modification. The assignment further investigates PIN security, analyzing memorable patterns and their impact on key space and entropy. Finally, it compares the protection capabilities of operating systems using two and four processor-state models and discusses the benefits and drawbacks of different platform management architectures, including native and extended processor-state models.

Advanced security and network assinment
OCTOBER 23, 2017

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
Question 1.......................................................................................................................................1
Question 2.......................................................................................................................................3
Question 3.......................................................................................................................................5
Question 4.......................................................................................................................................7
Question 5.......................................................................................................................................9
Question 6.....................................................................................................................................11
Bibliography.................................................................................................................................14
ii

Question 1
a. Analyse the security threats that can arise in such an environment. State any
assumptions that you are making.
Ransomware attack assuming some of the software and operating systems in use have not been
updated which will lock the devices and demand payment before they can be unlocked failure to
which the data from the devices will be destroyed.
Phishing attacks occur when an attacker creates a fake email or websites that looks like an
original to confuse the user who will then be redirected to their fake network. This can be done
to collect a user’s personal information.
Pharming attacks refer to a situation when an attacker redirects traffic from a website to a fake
website such that even manually entering the web address in the browser might still redirect to
the fake site from which a user’s personal information can be retrieved without their knowledge.
Botnets these are a group of computers that have been taken over by an attacker remotely to
create an army of computers that are infected. These computers are therefore under the command
of the attacker and the attacker can use them even to stage a denial of service attack or collect
different kinds of information.
Spam which is one of the most common methods for sending out information and collecting
information from unsuspecting people (Government of Canada, 2017). This refers to sending
unwanted or unrequested advertisements or information to a user to entice them to a website.
Denial-of-service attack which occurs when an attacker takes over a device and locks out the
owner or sends a large number of requests to a network to overload the server such that it cannot
process other legitimate requests sent over by users hence users are locked out of the system.

b. Specify the types of security services that would be needed to counteract these
security threats and what type of security mechanisms could support these services.
Authentication- This will ensure that a user’s identity is verified before they can perform certain
actions. This can be supported by an encipherment mechanism
Access control – controls incoming traffic into the network to allow only specified
communication. It is supported by the access control mechanism
Data confidentiality – ensures that data is viewed and edited only by relevant parties. It is
supported by both traffic padding mechanism and routing control mechanism
c. Identify the types of security components that can be used to provide these security
services and mechanisms and where they would be placed.
Confidentiality refers to the accessibility of data in a system on a need to know basis. This is
placed under the traffic padding and routing control mechanism
Integrity is the confidence that data in a system is not changed unless it is should. It is classified
under the access control mechanism
Availability refers to the ability of a system to be accessed at any time or the uptime of a system.
It can be placed under the encipherment mechanism to ensure that data is available but only to
those authorized to view it.
2

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Question 2
a. What is threat modelling and describe the steps involved in a threat modelling
process?
Threat modeling is a process by which potential threats can be identified, enumerated, and
prioritized (Wikipedia, 2017). This process is done from an attacker’s point of view to evaluate
the most valuable and the most vulnerable part of an application. It is not a one-time only process
(Microsoft Corporation, 2003).
The process occurs in six steps:
i. Identify assets
This involves taking not of the different valuable components that should be protected by
the system
ii. Create an architecture overview
This involves creating a model of the architecture of the application using tables and
diagrams. The model should include the subsystems and dataflow and trust boundaries
iii. Decompose the application
Break down the application into smaller simpler parts in order to create a security profile
which should highlight the vulnerabilities of the application
iv. Identify the threats
While looking at the application from the attackers point of view and with the security
profile highlighting the vulnerabilities, identify the threats that could affect the
application
v. Document the threats
3

Outline each and every threat identified in a common threat template defining the major
attributes of a threat that should be recorded for each threat
vi. Rate the threats
Rate the identified threats in order to prioritize and identify which one has to be dealt
with first. This should be done on the basis of the damage that a threat can cause.
b. What happens if the security tool vendor does not include UDP traffic and port 1434
in the attack pattern/signature? In other words, what happens if only the
highlighted pattern in Figure 2 is used as the attack pattern/signature?
If the port number and the UDP traffic are not included, any data coming through with that
pattern even from a different port or protocol will be treated the same way as is specified for
that particular pattern. That is if the packets are meant to be dropped, all packets with the
pattern will be dropped regardless of port and protocol.
4

Question 3
a. Find the cipher text corresponding to the following plaintext. (Treat both uppercase
and lowercase characters to be the same). “SecurityIsPeaceOfMind”
As computed above, the cipher text corresponding to the above plain text while using this
encryption method is: gcwczimubcxaqowktwupw
5

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

b. Assume the above cipher text is transferred over a network to a receiver. If an error
occurs during the transmission of this cipher text affecting one letter, how much of
the decrypted plaintext will be in error.
The amount of error in the plaintext will depend on whether a 3x3 matrix was used or a 2x2
matrix during encryption. In this case a 3x3 matrix was used hence three of the plaintext
characters will have errors. This is because the encryption is dependent on a matrix hence
each chunk of three consecutive characters is dependent on each other for proper encryption
and decryption.
c. What is a dictionary attack on a block cipher, and how can we ensure that such an
attack is infeasible?
Trying every word in the dictionary as a possible password for an encrypted message (Tech-
FAQ, 2017). The solution to making the attack infeasible is using a passphrase which ensures
that it cannot be easily guessed since it will become more difficult to guess a phrase as
opposed to guessing a single word using a dictionary.
d. Consider a general n-bit substitution block cipher. What is the size of the key
(number of bits in the key) required for such a general block cipher? Explain how
you arrive at the answer.
This because each possible input block is considered as one of 2n integers and each integer
specifies an output that is n bits. Therefore, a codebook can be constructed by displaying just
the output blocks in the order of the integers corresponding to the input blocks (Kak, 2017).
This results to: 2n * n bits
Hence the implication that the encryption key will be 2n * n bits.
6

Question 4
a. Consider triple encryption by using E-D-E with CBC on the inside. If a single bit
“x” of then cipher text block, say “c2” is modified, then how does it affect the
decrypted plaintext?
The plaintext will not be properly decrypted and the resultant plaintext might be totally different
from the original message due to the mutation during the chaining while the encryption was
taking place.
i. Show how the decryption works?
Ri = Dec[K] ⊕ Ci-1 Ci = Pi ⊕ Ri
ii. If we use, Ri = Enc [K] ⊕ Pi-1 for encryption instead of Ri = Enc[K] ⊕ Ci-1 then how
would decryption work?
Ri = Dec[K] ⊕ Pi-1 Pi = Ci ⊕ Ri
iii. Discuss the security of the above schemes
The major security advantage of this scheme is in its ability to hide the statistical ability to
hide the plaintext blocks therefore the same plaintext can produce different cipher texts
b. A system is designed to use the RSA public key scheme, where m is the modulus, (e,
m) is the public key and (d, p, q) is the corresponding private key. The system
developer discovers that the private key (d, p, q) is compromised and hence modifies
the system by generating some new public and private key exponents (e1, d1) for the
same modulus. Discuss the security of the modified system
8

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

The modified system is not secure since the original system can still compute the modified
system’s private key and hence it is still compromised. The modified system can also
compute the original system’s private key since they both have the same modulus.
iv.
9

Question 5
a. List and describe (in detail), the different types of memorable patterns that may be
used by a human when selecting a four (4) digit PIN
Using four consecutive numbers such as 1234
Using the same number four times
Using four consecutive odd or even numbers
Motor patterns which involve remembering the pattern your finger takes rather than the
actual password (Lancet, 2013)
b. For each memorable pattern, quantify (using the correct notation), the reduction of
keyspace and entropy
When using four consecutive numbers, the possible number of combinations that can be
attained is ten. Therefore, entropy will be 10 and entropy in bits will be equal to:
210 =1024bits
Using the same number four consecutive times gives a total number of ten combinations.
Hence entropy in bits becomes
210 =1024bits
Using consecutive odd or even numbers the total possible number of combinations is five
therefore entropy in bits results to:
25 = 32bits
c. Once you have listed and described all memorable patterns, quantify (using the
correct notation), the overall reduction of key space and entropy
To get the average entropy, you get the sum of the entropy of the individual methods and
divide it by the number of methods.
10