Advanced Network Security: Packet Capture and Analysis

Verified

Added on 2025/07/24

AI Summary

Desklib provides solved assignments and past papers to help students succeed.

COIT20262 Term 2, 2019
COIT20262 - Advanced Network Security, Term 2, 2019
Due date: 10am Monday 26 August 2019
(Week 6)
ASSESSMENT
Weighting: 40%
1Length: N/A
Student Name: enter your name
Student ID: id
Campus: campus
Tutor: tutor
Page 1 of 10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

COIT20262 Term 2, 2019
Question 1. Packet Capture and Analysis
Part (d) Message Sequence Chart
Page 2 of 10

COIT20262 Term 2, 2019
Part (e) Information from netcat Packets
Information Answer
Client port 60288
TCP connection duration 0.017592
Absolute sequence number 1
Payload length 32
Hex value of timestamp 00 00 58 f2
Hex value of checksum 4410
Binary value of flags ACK=1 PUSH=1
Part (f) Information from scp Packets
Information Answer
Server port 2203
OpenSSH version SSH-2.0
SSH name of key exchange Curve25519-sha250
Key exchange protocol/scheme Diffie-helmen
Last 4 hex digits of public key Cb 27 39 13
Number of encrypted packets 8
Last 4 hex digits of MAC 3f 78 19 19
Part (g)
Netcat SCP
Authentication No Authentication[less
secure]
Uses Key exchange[more
secure]
Confidentiality No encryption, plain
text[less secure]
Uses encryption
Methodolgy[More secure]
Performance High since no key
exchange[less no of
Key exchange[slower than
Netcat/slow]
Page 3 of 10

COIT20262 Term 2, 2019
packets/faster]
Part (h)
 ChaCha20 is designed on the basis ARX which provide friendly environment with the
CPU. Whereas, AES is based on binary instruction with the CPU.
 Due to lookup table in AES , it is more prone to cache-timing attacks. Whereas,
ChaCha20 is not prone with these type of attacks.
 Its three time faster than the AES due to XORed.
Page 4 of 10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

COIT20262 Term 2, 2019
Question 2. Cryptography
Part (c)
Different encryption algorithm are used for different information because:-
 Each encryption algorithm uses certain bits and each bits needs computation power.
 Each algorithm is designed upon the priority of information that is to be transmitted.
Part (d)
Successful attack was occurred in 2010.The malware as known as Flame Malware. Flame
Malware uses the MD5 to create certificate copies.
MD5 can only broke on collision attack. Attacker used the Flame Malware in such a way that
it downloads the original certificate from the Microsoft and created exact fake copy of that
corticated and used it . In this way the attackers are protected from being traced (Kumar,
2015).
Page 5 of 10

COIT20262 Term 2, 2019
Part (e)
Masquerade attack is a type of attack in which attacker uses identity of other (fake identity)
and gain access to the system.
Since the secret key is responsible for encryption and decryption of message, an attacker can
masquerade itself and gain identity of any student and with the help of secret key he can
decrypt the message.-
Part (f)
A masquerade attack would be unsuccessful in those cases only where the multiple key Is
exchange between the students and the private key will be sent to individual with the
password set to open.
Part (g)
Above design will defeat the masquerade because if the key exchange is also encrypted, it
will be difficult for the attacker to decrypt it since the private is only shared by the sender to
genuine receiver.
Page 6 of 10

COIT20262 Term 2, 2019
Page 7 of 10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

COIT20262 Term 2, 2019
Question 3. Malware Research
What is ransomware?
Ransome ware consist of block of malicious code written by the attackers which block the
access to the device and allow it when some money give to the attackers. Ransomaware
generally encrypts the information of the victim and decrypt only when they receive ransom
amount by the victim.
Infection Methods
Methods are:-
 Email consist of malicious attachment.
 Links which redirect to the malicious network.
 Malicious activities that are steganography behind the images and advertisement.
 Unused ports open which are path for the attackers to enter in the system.
Role of Cryptography
In ransom ware, cryptography plays a very big role.
 Attackers create a malware to exploit the victim. A new key pair is created by the
attacker and collaborate with the public key and insert into the malware. Then it
releases the malware.
 It generates a random symmetric key to encrypt the data with the help of public key,
this is known as hybrid encryption. It dumps the original text message and overwrite
with the attacker ransom message. Once the victim opens it, it get threatened by the
ransom.
Once the victim send the payment and attacker receives the payment, victim decrypt the data
with the attacker private key (Cappers & Van, 2017).
Not Pay Ransom
The option that are left if they don’t want to pay with the ransom ware is hard formatting of
the system
Pay Ransom
Advantages are:-
 You will not lose your data.
 You will try to harden your system.
Disadvantages are:-
 It’s not guaranteed that attacker will decrypt your data after getting ransom amount.
 There are chances that attacker can again attack on your system to get another
ransom.
Page 8 of 10

COIT20262 Term 2, 2019
Recommendations
Recommendations are:-
 Update and patch your system timely.
 Use Anti-Virus and Anti-Spyware to monitor your system.
 Never share Confidential IDs with anyone.
 Don’t open unknown extension and mails.
 Block unused ports in the system.
Page 9 of 10

COIT20262 Term 2, 2019
References
Cappers, B. C., & van Wijk, J. J. (2017). Semantic network traffic analysis using deep packet
inspection and visual analytics.
Kumar, S. N. (2015). Review on network security and cryptography. International
Transaction of Electrical and Computer Engineers System, 3(1), 1-11.
Page 10 of 10