辅导案例-FIT2093
Monash University Faculty of Information Technology FIT2093 Introduction to Cybersecurity S1 2020: In-Semester SAMPLE Test CAMPUS: CLAYTON / MALAYSIA / SOUTH AFRICA Instructions to Candidates: ● There are two parts to this test: Part A (30 marks, multiple choice questions) and Part B (70 marks, short answer questions). ● This In-Semester test is worth 10% of your final unit mark. ● Answer all questions in a separate document. ● Marks for each question are indicated at the beginning of each question and sub-question. ● The duration of this test is 120 minutes (2 hours), which includes a reading time of 10 minutes. PART A (30 marks) Choose the correct answer a)-d) for each of the following questions. 1. Which of the following statements is true regarding the security of the Diffie-Hellman key exchange algorithm? a) Its security depends on the integer factorisation problem b) It is a type of symmetric key encryption technique
c) Its security depends on the discrete logarithm problem d) It makes use of the Euler totient function
2. Of the following, the mode that has the least error propagation effect is: a) ECB b) CFB c) CBC d) CTR 3. ShiftRows is a basic component of AES which is used to achieve ___________. a) Substitution b) Diffusion c) Confusion d) All of the above 4. When an attacker performs a capture of a data unit and its subsequent retransmission to produce an unauthorized effect, which attack is he performing? a) Disruption b) Replay c) Masquerade d) Service denial 5. What is the multiplicative inverse of 2 mod 33? a) 12
b) 14 c) 15
d) 17
6. Which of the following statements is false regarding RSA algorithm? a) The security of the algorithm relies on the difficulty of integer factorisation
b) The relation between public exponent e and private exponent d is ed mod φ(n) = 1 c) The value of e is chosen such that GCD(e, φ(n)) = 1
d) If the ciphertext in a confidential message is C then the plaintext M = C d mod φ(n) (False
as M = C d mod n)
7. What is the minimum number of key pairs required for 10 people to communicate securely with each other using asymmetric-key cryptography? a) 2 b) 10 c) 20 d) 45 8. Which kind of error is most relevant for biometric security? a) False Rejection Rate (FRR) b) False Acceptance Rate (FAR) c) Equal Error Rate (EER) d) none of the above 9. A file with UNIX permissions rw-r---w- allows a) the owner to read only b) the owner’s group to read and write c) anyone to write d) all of the above 10. The property of ________ ensures that the sender of a message cannot later claim that the message was never sent. a) Access control b) Authentication c) Authenticity d) Non-repudiation 11. A program that performs a useful task but also has a hidden functionality is called a a) virus b) worm c) Trojan horse d) none of the above 12. A new malware is suspected of making changes to the file system. Which of the following analysis tools or techniques would be likely to be most suitable for investigating these changes? a) fingerprinting b) Process Explorer c) Regshot d) none of the above 13. A software application allows users to enter the name of a file system folder to view, and the application processes such inputs by incorporating them into a file system command string and forwarding the string for execution by the operating system. Which kind of vulnerability should be prioritised as the most important to analyse this application for? a) buffer overflows b) command injection c) integer overflows d) none of the above 14. What kind of mitigation technique cannot be used to reduce the risk of offline dictionary attacks against password authentication systems: a) adding a random salt when hashing passwords b) locking out an account after several unsuccessful login attempts c) using a slow password hash function d) using strong access control to control exposure of password hash file 15. In a typical programming language (e.g. C), suppose x is an 8-bit (byte or character) integer variable with the hex value 0xfa before the statement “x = x + 10; ” is executed. What would likely be the hex value of x after the statement is executed? a) 0xff b) 0x03 c) 0x04 d) 0xf0 END OF PART A PART B (70 Marks) Write your answers for each of these questions. Q1. (14 marks) Figure 1 below shows the F(R, K) function of a variant of the DES block cipher. The expansion subfunction E and the S-Boxes work as follows: ● The expansion subfunction E permutes the input bits R1...R32 and generates 48 bits output R’ by using the permutation Table 1 (see Reference material below). For example, the first 6 bits of R’ are correspondingly equal to the input bits R32, R 1, R2, R3, R4, R5. ● The S-Box transformations are defined in Table 2 (see Reference material below), which is interpreted as follows: The first and last bits of the input to the S-Box form a 2-bit hexadecimal number to select one of four substitutions defined by the four rows in the table for the S-Box. The middle four bits in hexadecimal select one of the sixteen columns. Assume the input bits R1...R32 are all zeros, the round key bits K1...K48 are all ones, and all 8 S-boxes S1,…,S8 are identical (and specified by Table 2, see Reference material at end of test). (a) (4 marks) Write the 48-bit output of xor with the round key K in binary. Show your working. (b) (5 marks) Write the 32-bit output of the S-Box substitutions in hexadecimal. (c) (5 marks) The encryption and decryption algorithms for the s-bit CFB mode of operation of a block cipher are given in Figure 1 (see Reference material below). Suppose the sender’s s-bit CFB encryption algorithm has the following vulnerability: it always uses the same IV of all zero bits to encrypt each message. Explain how an attacker that intercepts two or more such ciphertexts can exploit this vulnerability to reveal some information on the encrypted messages. Hint: A hexadecimal digit can be represented directly by 4 binary bits (and vice versa): 0: 0000 1: 0001 2: 0010 3: 0011 4: 0100 5: 0101 6: 0110 7: 0111 8: 1000 9: 1001 A: 1010 B: 1011 C: 1100 D: 1101 E: 1110 F: 1111 Figure 1: DES F(R, K) function You can use the following reference material to help you answer this question. 32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1 Table 1: DES expansion permutation table E 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 E 4 D 1 2 F B 8 3 A 6 C 5 9 0 7 1 0 F 7 4 E 2 D 1 A 6 C B 9 5 3 8 2 4 1 E 8 D 6 2 B F C 9 7 3 A 5 0 3 F C 8 2 4 9 1 7 5 B 3 E A 0 6 D Table 2: DES-like S-Box in hexadecimal Figure 1: CFB mode encryption and decryption algorithms Q2. (14 marks) (a) (4 marks) In phone-based MFA systems such as the Okta phone app used by Monash, explain the purpose of the phone app for security. (b) (5 marks) The Okta phone app in offline mode uses a number code derived from the time of day (to a resolution of about one minute) and asks the authenticating user to type the code into their web browser. Explain how a phishing attacker could potentially break this MFA system. (c) (5 marks) Explain how the phishing attack on above MFA differs from a standard phishing attack on password-only authentication in terms of the attacker’s required capabilities. Q3. <RSA Public-key Cipher> (14 marks) With regard to the RSA public-key cryptosystem: (a) (4 marks) Consider the key generation process for RSA by a user Bob. Suppose that Bob chooses as his primes p = 5 and q = 17, and e = 43 as his public exponent. Compute the value of Bob’s public modulus n and Bob’s private exponent d. Show your computation process. (b) (5 marks) An implementation of the RSA encryption software that Alice uses on a cloud computing platform has the following vulnerability: the software neglects to clear the value of the secret prime p from the memory after the key generation process, although it does clear the value of the other prime q from memory. An attacker Marvin who has access to the same cloud computing machine exploits this vulnerability by performing a memory dump of the machine after Alice completed her key generation, to get the value of Alice’s prime p. Assume Alice‘s public key integer n is a very large integer for which the prime factorisation cannot be found in a reasonable amount of time. Explain how Marvin can use his memory dump contents and Alice’s public key, to decrypt any messages encrypted by Alice’s public key efficiently. (c) (5 marks) Another vulnerable implementation of RSA key generation used by Cathy came up with a way to simplify the process of generating p and q: it just looks for a random large prime p such that q = p+2 is also prime and uses n = p*q as the RSA pub key. Explain how an attacker Marvin that knows this implementation algorithm (but not p used by Cathy) can efficiently factor n. Q4. (14 marks). Read the following C source code with vulnerabilities and answer the questions: Hint: Use the ANSI C function reference at the following link: https://www.csse.uwa.edu.au/programming/ansic-library.html 1 #include 2 #include 3 4 void doit(void) 5 { 6 char buf[8]; 7 8 gets(buf); 9 printf("%s\n", buf); 10 } 11 12 int main(void) 13 { 14 printf("So... The End...\n"); 15 doit(); 16 printf("or... maybe not?\n"); 17 18 return 0; 19 } (a) (7 marks) Identify one vulnerability from the source code. Show the name of the vulnerability and the position (i.e. line number or the relevant source code) of the vulnerability. (b) (7 marks) Describe how to modify the source code to mitigate the vulnerability you find in part (a). Show the source code of your mitigation technique. Q5. (14 marks) Read the assembly codes provided below and answer the questions. Hint: Use the x86 assembly reference at the following link: https://www.cs.virginia.edu/~evans/cs216/guides/x86.html (a) (4 marks) Describe what the following assembly code is doing. What is the value of register esi when the PC is at the next instruction after address 8048430? ... 804841e: mov esi, 0x0 8048423: mov ebx, 0x1 8048428: add esi, ebx 804842a: add ebx, 0x1 804842d: cmp ebx, 0xa 8048430: jle 8048428 ... (b) (5 marks) The following screenshot is the debugger view of a piece of malware that uses a covert technique. Identify the covert technique used by this malware. Hint: Search on the Microsoft MSDN to find the reference of a specific Windows API: https://docs.microsoft.com/en-us/windows/win32/apiindex/windows-api-list (c ) (5 marks) The following screenshot is the debugger view of a function protected by anti-disassembly/anti-debugging techniques. Briefly explain how this anti-disassembly/anti-debugging technique tricks the debugger by using the address and assembly code from this screenshot. END OF TEST