logo Use CA10RAM to get 10%* Discount.
Order Nowlogo
(5/5)

Lab 1, 2, 3, 4, Mid and finals CYBR 8410 – Distributed System Security

INSTRUCTIONS TO CANDIDATES
ANSWER ALL QUESTIONS

Lab 1, 2, 3, 4, Mid and finals

CYBR 8410 – Distributed System Security

Midterm Exam (100 points)

Name:        _________________________

NUID:        _________________________

 

1.      Design a scheme/protocol that fulfills the following requirements when entity A sends a message to entity B. (30 points)

·         The message must be confidential during its transmission from A to B;

·         B can detect any modification on the message during its transmission;

·         B cannot claim any his forged message was sent from A;

·         B can detect any replayed message from A (hint: timestamp or challenge).



 

 

 

 

 

 

2.      It was stated that the inclusion of the salt in the UNIX password scheme increases the difficulty of guessing by a factor of 4096. But the salt is stored in plaintext in the same entry as the corresponding ciphertext password. Although those two characters are known to the attacker and need not be guessed, the salt still increases security. (20 points)

2.1.   Assuming there are at most N accounts on the password file, how many bits do we need for the salt? (10 points)

2.2.   Assuming that you have successfully answered 2.1 and understand the significance of the salt, here is another question. Wouldn’t it be possible to thwart completely all password crackers by dramatically increasing the salt size to, say, 24 or 48 bits? (10 points)

 

 

 

 

 

 

 

 

 

3.      Supposing we are designing an authentication system. Please discuss what aspects we need to consider in this design. These aspects may include but are not limited to the risk assessment / assurance level / impact level, authentication method (such as password, biometric, and even the multi-factor authentication), protocol, potential attacks and defenses, etc. (30 points)

 

 

 

 

 

 

 

 

 

 

 

 

4.      Please describe what the DoS attack is? You may answer this question from aspects including but not limited to what type of resources are required, what types of resources are targeted, and what techniques can be used and how they are used, etc. (10 points)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

5.      What defenses are possible against various types of DoS / DDoS attacks that we have learned. You may answer this question from aspects including but not limited to the detection, prevention, source tracing, and recovery, etc. (10 points)

 

 

 

 

 

 

 

 

 

 

CYBR 8410 – Distributed System Security

Final Exam (100 points)

Name:        _________________________

NUID:        _________________________

 

1.      Command injection attacks (30 pts)

1.1.   Write a website that is vulnerable to command injection attacks. Please upload your source code together with this document onto Canvas and write down the filenames of your source code here. You are not allowed to use the code in our Lab Assignment 3. (10 pts)

1.2.   Please give an example on how to inject commands to your website. (10 pts)

1.3.   What can you propose to defend against your command injection attack? Please elaborate it in detail by using your attack. (10 pts)

 

2.      XSS attacks (40 pts)

2.1.   Write a website that is vulnerable to XSS attacks. Please upload your source code together with this document onto Canvas and write down the filenames of your source code here. You are not allowed to use the code in our Lab Assignment 3. (10 pts)

2.2.   What type of XSS attack have you written in the last question? (5 pts)

2.3.   Please give an example on how to perform XSS attacks to your website. (5 pts)

2.4.   Is Same Origin Policy (SOP) able to defend against your XSS attack? Please justify your answer (why or why not). (10 pts)

2.5.   What can you propose to defend against your XSS attack? Please elaborate it in detail by using your attack. (10 pts)

 

 

3.      Firewall rules (one research paper that we had discussed in the class) (30 pts)

 

Following is a set of rules on a firewall:

1. deny tcp 10.1.10.10/25 any

2. accept udp any 192.168.10.0/24

3. deny tcp 10.1.10.192/25 any

4. deny udp 172.16.10.0/16 192.168.10.0/24

5. accept tcp 10.1.10.0/24 any

6. deny udp 10.1.10.0/24 192.168.0.0/16

7. accept udp 172.16.10.0/16 any

 

3.1.   What is shadowing regarding firewall inconsistency? Does it exist in the rules above? If so, where is it? (10 pts)

3.2.   What is generalization regarding firewall inconsistency? Does it exist in the rules above? If so, where is it? (10 pts)

3.3.   What is correlation regarding firewall inconsistency? Does it exist in the rules above? If so, where is it? (10 pts)

 

Note: For the term of shadowing, generalization, and correlation among firewall rules please refer to this paper “Arguing About Firewall Policy” at http://www.sci.brooklyn.cuny.edu/~parsons/publications/conferences/comma12b.pdf

Note: 10.1.10.10/25 is a subnet of 10.1.10.0/24, 192.168.10.0/24 is a subnet of 192.168.0.0/16

 

 

 

(5/5)
Attachments:

Expert's Answer

594 Times Downloaded

Related Questions

. Introgramming & Unix Fall 2018, CRN 44882, Oakland University Homework Assignment 6 - Using Arrays and Functions in C

DescriptionIn this final assignment, the students will demonstrate their ability to apply two ma

. The standard path finding involves finding the (shortest) path from an origin to a destination, typically on a map. This is an

Path finding involves finding a path from A to B. Typically we want the path to have certain properties,such as being the shortest or to avoid going t

. Develop a program to emulate a purchase transaction at a retail store. This program will have two classes, a LineItem class and a Transaction class. The LineItem class will represent an individual

Develop a program to emulate a purchase transaction at a retail store. Thisprogram will have two classes, a LineItem class and a Transaction class. Th

. SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of Sea Ports. Here are the classes and their instance variables we wish to define:

1 Project 1 Introduction - the SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of

. Project 2 Introduction - the SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of Sea Ports. Here are the classes and their instance variables we wish to define:

1 Project 2 Introduction - the SeaPort Project series For this set of projects for the course, we wish to simulate some of the aspects of a number of

594 Times Downloaded

Ask This Question To Be Solved By Our ExpertsGet A+ Grade Solution Guaranteed

expert
Atharva PatilComputer science

770 Answers

Hire Me
expert
Chrisantus MakokhaComputer science

779 Answers

Hire Me
expert
AyooluwaEducation

932 Answers

Hire Me
expert
RIZWANAMathematics

648 Answers

Hire Me

Get Free Quote!

301 Experts Online