Computer Security - CS 419 - Exam 2

Spring 2017

March 27, 2017 - Paul Krzyzanowski

    Part I — 19 points

  1. 7 points
    Suppose you come across some old text in the form:
           GEPPQ IMWLQ EIPWS QICIE VWEKS RIZIV QMRHL SAPSR KTVIG MWIPC LEZMR ... 
    

    (a) Also suppose you know it is English text and it is encrypted. How would you determine if the text was enciphered with a transposition or a substitution cipher?
    (b) Suppose you decide you are looking at a substitution cipher. How would you determine if the text was encrypted is a monoalphabetic or polyalphabetic substitution cipher?
  2. 4 points
    What does it mean for a cryptographic hash to be collision-free?
  3. 4 points
    Why is the one-time pad not widely used even if it offers perfect secrecy?
  4. 4 points
    If Alice has Bob's certificate (assume she has validated it already), how can she convince herself that she is talking to Bob?

    Part II — 81 points — 3 points each

    For each statement, select the most appropriate answer.

  5. A security advantage of using containers over using a combination of cgroups, namespaces, and capabilities is:
    (a) Simpler configuration avoids comprehension errors.
    (b) Containers provide better isolation.
    (c) Containers are a form of sandboxing.
    (d) Containers do not require administrative privileges.
  6. The basic mechanism that most sandboxes that handle native code rely on is:
    (a) Interposing system calls.
    (b) Capabilities.
    (c) Namespaces.
    (d) Control groups.
  7. What can a sandbox do that namespaces, capabilities, and control groups cannot?
    (a) Restrict file access based on if the file name matches a pattern.
    (b) Disallow access to certain administrative system calls, such as setting the system time.
    (c) Disallow an application from seeing any files or directories outside of one directory.
    (d) Restrict the amount of disk space that an application uses.
  8. The Java sandbox does not include a:
    (a) Container to isolate native methods called via the JNI (Java Native Interface).
    (b) Security manager to ensure resource access conforms to policies.
    (c) Class loader to restrict which classes can be loaded or overwritten.
    (d) Bytecode verifier to validate Java bytecodes prior to execution.
  9. Most virtual machine monitors take this approach:
    (a) examine and arbitrate: don't interfere with execution but lock access to a resource if an OS is using it.
    (b) scan and translate: scans the instruction stream for privileged instructions and translates them to safe alternatives.
    (c) replicated resources: allows privileged instructions to operate directly on replicas of shared resources.
    (d) trap and emulate: emulate the operation of privileged instructions on shared resources.
  10. A covert channel can sometimes be established between two virtual machines on one system because:
    (a) Local memory copies can be used instead of an external network.
    (b) A network connection can be set up that loops back to the same hardware.
    (c) All traffic can be encrypted on any communication link.
    (d) Activity on one virtual machine may affect system performance on another.
  11. A distinction between a worm and a virus is that:
    (a) Viruses are designed to replicate themselves and worms do not.
    (b) Viruses are malicious while worms are benign.
    (c) Worms are stand-alone programs and do not need to propagate via files or documents.
    (d) Worms can hide inside an executable program while viruses hide in documents.
  12. When compared with regular viruses, a unique danger of boot sector malware is that it:
    (a) Replicates onto other systems without human intervention.
    (b) Can never be detected.
    (c) Runs before the operating system can run any anti-malware software.
    (d) Causes an alternate operating system to boot.
  13. A program that allows an attacker to access a computer while hiding its presence is called a:
    (a) Rootkit.
    (b) Backdoor.
    (c) Trojan horse.
    (d) Masqueraded authenticator.
  14. A program that runs a useful task while also performing harm is a:
    (a) Virus.
    (b) Macro virus.
    (c) Worm.
    (d) Trojan horse.
  15. This type of malware may run when a user opens a spreadsheet:
    (a) Email virus.
    (b) Macro virus.
    (c) Worm.
    (d) Trojan horse.
  16. A backdoor is:
    (a) A way to bypass the standard authentication mechanisms of software.
    (b) A virus that allows an attacker to log into a computer.
    (c) A covert communication channel that malware can use to communicate.
    (d) A process that cannot be detected by the operating system.
  17. A hypervisor rootkit will:
    (a) Embed itself within the operating system and bypass authentication requests.
    (b) Install programs that enable an adversary to log in with administrative privileges.
    (c) Run underneath the operating system to detect and log events of interest.
    (d) Force the system to boot an alternate hacked version of the operating system.
  18. Spear phishing differs from phishing attacks because:
    (a) It uses pneumatic-powered spear guns.
    (b) It is delivered via email rather than malicious web pages.
    (c) It is delivered via malicious web pages rather than email.
    (d) It is personalized to an individual target.
  19. A virus signature is:
    (a) A hash of the code that makes up the virus.
    (b) A portion of the code that makes up the virus.
    (c) An encrypted hash of the virus code.
    (d) Data that identifies the author of the virus.
  20. Kerckhoff's Principle states that:
    (a) A cryptosystem should be secure even if everything except the key is public knowledge.
    (b) To maximize security, the cryptographic algorithm should be shared with as few people as possible.
    (c) True cryptographic security is unattainable in practice.
    (d) The security of a system is exponentially proportional to the length of the key.
  21. Suppose that you can crack a 56-bit key in one day. How long would it take to crack a 112-bit key?
    (a) Two days.
    (b) 56 days.
    (c) 3,136 days.
    (d) 197 trillion years.
  22. The ciphertext of each block is a function of all previous plaintext blocks for the message with this mode:
    (a) Electronic codebook (ECB).
    (b) Cipher block chaining (CBC).
    (c) Counter (CTR).
    (d) None of the above.
  23. Which algorithm does not rely on one-way functions?
    (a) RSA.
    (b) AES.
    (c) Diffie-Hellman.
    (d) SHA-2.
  24. To send a message securely to Bob, Alice would encrypt the message with:
    (a) Alice's private key.
    (b) Alice's public key.
    (c) Bob's private key.
    (d) Bob's public key.
  25. A hybrid cryptosystem uses:
    (a) Different algorithms for each direction of data transmission.
    (b) A public key algorithm to transmit a key and a symmetric algorithm for the data.
    (c) Two levels of encryption for increased security: data encrypted with a symmetric algorithm is then encrypted with a public key algorithm.
    (d) A symmetric algorithm to transmit the data and a public key algorithm to transmit a hash of the data.
  26. What was the main problem discovered with the Needham-Schroeder protocol (assume Alice talks to Bob)?
    (a) It relied on RSA keys that were not long enough to be secure.
    (b) Anybody can impersonate the server, Bob, and obtain a session key.
    (c) Its use of timestamps enables attacks on time synchronization.
    (d) Another client who decrypted an earlier session key can impersonate Alice.
  27. When Alice receives a Kerberos ticket to talk to Bob, it can be decrypted:
    (a) Only by Alice & amp; Kerberos.
    (b) Only by Bob & amp; Kerberos.
    (c) Only by Alice, Bob, & amp; Kerberos.
    (d) Only by Alice and Bob.
  28. What is a role of Certification Authorities (CA)?
    (a) To establish a shared secret key between two parties.
    (b) To relay messages securely.
    (c) To bind a public key to a specific user or service.
    (d) To distribute public/private key pairs.
  29. A block cipher based MAC (CBC-MAC) is:
    (a) A message hash encrypted with a symmetric algorithm using cipher block chaining: EK(H(M)).
    (b) The last block of a message encrypted with a symmetric algorithm using cipher block chaining.
    (c) A hash of a message that was encrypted with a symmetric algorithm using cipher block chaining: H(EK(M).
    (d) A series of block-level hashes, with the output of each hash XORed with the next block of text.
  30. For Alice to sign a message for Bob, she would encrypt the message with:
    (a) Alice's private key.
    (b) Alice's public key.
    (c) Bob's private key.
    (d) Bob's public key.
  31. Salt in a password hash:
    (a) Guards against dictionary attacks.
    (b) Encrypts the password in the password file.
    (c) Guards against using precomputed hashes.
    (d) Speeds up password checking by storing a hash of the password in the password file.