辅导案例-S2 2020

欢迎使用51辅导,51作业君孵化低价透明的学长辅导平台,服务保持优质,平均费用压低50%以上! 51fudao.top
The University of Sydney
School of Computer Science
Dr Suranga Seneviratne
Lecturer - Security
INFO3616—Principles of Security and Security Engineering S2 2020
Assignment - 3
This is a group assignment.
This assignment worths 15% of the final marks of the course.
For questions 2, 5, 6, and 7 additional scripts/code templates are provided.
Submit your final report as a PDF and codes as a zip file in Canvas.
You should explain any details of how to run your code in report.
Final Report + Code: Due by Week 11, Friday the 13th of November 11:59 PM
1 One Time Passwords (OTP) (5 marks)
We discussed in the lecture that SMS based onetime passwords (SMS OTPs) in many situations
improve security. However, there are incidents where attackers were able to compromise systems that
were being protected by SMS-based onetime passwords. Discuss at least four possible of ways of
attacking SMS-based OTPs. (Hint. Read about successful attacks in the past.)
2 Parsing X.509 (15 marks)
• For this task, you are going to need the Python library cryptography, which is documented on
https://cryptography.io. We recommend to install it in a Python 3 virtual environment
(see tutorial of week 4): pip3 install cryptography.
• You are given three certificates: our custom CA’s root certificate, its intermediate certificate,
and a student certificate.
a) Inspecting a certificate (7.5 marks)
Download the skeleton code inspect_cert.py. Write Python code to inspect certificates. Instructions:
• Do not make changes to the following:
– the screen output of the program, i.e. you must leave the printing functions unchanged
– the names and signatures of the functions
– the global variables (in capital letters). They are used by the printing function, and the
values are assigned in inspect_cert().
• Hint: the necessary imports are already included.
• Note that the skeleton code expects both the certificate to inspect and its issuing certificate to
be passed in as parameters.
• Begin by completing the function open_cert().
1
• Complete the code for every part of the certificate that we inspect:
– Subject - both full subject and Common Name
– Issuer (in full)
– Expiry date (not valid after). Use https://docs.python.org/3/library/datetime.
html#datetime.datetime to convert the date to YYYY-MM-DD.
– Public key: algorithm , a SHA256 hash of it, and key length. Note that the skeleton code
shows the expected output format for the algorithm.
– Serial number
If you have done everything right, the output for the root certificate will look similar to the below.
Issuer: C=AU,ST=NSW,L=Darlington,O=University of Sydney,OU=School of Computer Science...
Subject: C=AU,ST=NSW,L=Darlington,O=School of Computer Science,OU=INFO3616 Management...
Subject Common Name: INFO3616 Head Honchos
Serial number: 671937183735168210438793113571075403114492127582
Expiry date: 2019-11-11
Public key algorithm: secp256r1
Public key length: 256
Public Key Info hash: 6ef093dc14a0c61208d746e30f12760b3b35b50d7a00c63aced1d29e83ddb894
b) Verifying the certificate (7.5 marks)
Verify that the intermediate certificate carries a correct signature. Complete the respective function!
You will find helpful information here: https://cryptography.io/en/latest/x509/reference/.
• Work first on the verification of the intermediate certificate—this is close to the example given
in the API documentation as it is an RSA signature.
• Then extend your code to also support the verification of the student’s certificate (which uses
an elliptic curve signature).
• There is no need to support further signing schemes.
Submit your code and explain in the report how it works.
3 Firewalls (15 marks)
We will configure firewalls in this task. Figure 1 shows a possible firewall setup. Your goals are:
• Outgoing traffic is only allowed to TCP ports 80 (HTTP), 443 (HTTPS), and 22 (SSH); plus
UDP port 53 (DNS).
• Incoming traffic is always allowed if there is an established connection, i.e. if the connection has
been established from a host in the local network.
• Host 129.78.1.1 is reachable (incoming connection) from everywhere on port 80.
• Host 129.78.1.2 is reachable (incoming connection) on port 22 (SSH) from 129.78.0.0/16.
• No other incoming traffic is allowed.
2
Internet
Packet Filtering
Router
129.78.0.0/16
eth0 eth1
Figure 1: Firewall setup.
Rule Incoming Src IP Dst IP Proto Src Port Dst Port State Action
Interface
A
B
C
D
E
F
Table 1: Template for stateful filtering.
a) Configuring a stateful firewall (6 marks)
Write stateful rules in table form as shown in the lecture. A template is given in Table 1.
b) Converting to stateless filtering (6 marks)
Convert your rules to stateless filtering rules. A template is given in Table 2.
c) Performance of firewalls (3 marks)
Assume you have the (unusual, but real) use case that your firewall must support network scanners
that operate from within your network. These typically create many millions of new connections
per second to Internet hosts, in an attempt to collect data about them. Should you configure your
firewall in stateless mode or stateful mode—or does it not matter? Explain.
3
Rule Iface Src IP Dst IP Proto Src Port Dst Port ACK Action
A
B
C
D
E
F
Table 2: Template for stateless filtering.
4 Denial-of-Service attacks (5 marks)
Denial-of-Service (DoS) attacks are a category of network-based attacks where the attacker pursues
the goal of overloading a destination server with packets, queries, etc. until it becomes unresponsive.
Distributed Denial-of-Service attacks (DDoS) are a variant: here, the attacker sends not from just
one source host, but from many (often millions).
Answer the following questions.
• Can firewalls, configured as in Figure 1 offer some protection against an attacker trying to stage
a normal DoS attack? Discuss! (2.5 marks)
• In the same scenario as above, can firewalls offer effective protection against DDoS attacks?
Explain. (2.5 marks)
5 Creating a TLS server (10 marks)
In this task, we want to write a simple TLS server. It reacts to incoming TLS connection attempts
on port 4433. If the client sends a PING (in ASCII), it responds with a PONG.
Take the provided code pong_server_skel.py. The following questions can be answered with the
API reference and will guide you through the task (answer the questions in the report). You must
use the correct context and must use the provided server certificate!
• What does socket.socket() do? What does a socket represent?
• What does socket.bind() do?
• What does socket.listen() do?
• What is the purpose of the infinite while loop?
• What is ssock?
• What does sock.accept() do?
4
There is a very good way to test your server. Run the command openssl s_client -connect
localhost:4433. If you see the TLS handshake complete, your server is running. You can now type
‘PING’ into the terminal and it is sent to your server. Implement the method to handle it and reply
with PONG. (5 marks for the answers and 5 marks for the code)
6 Buffer overflow attacks (10 marks)
Note: although we work on x64 architectures, in this exercise we compile for 32 bit. You can do
this in a VM. You might need to install the compiler and the right library: sudo apt install gcc
build-essentials libc6-dev-i386.
a) Compiling (3 marks)
• Compile overflow.c using gcc with the flags -g, -m32, -fno-stack-protector and -z
execstack. Give the command line to do this. Store the output in a file called overflow. Hint:
man gcc.
• What do the flags -fno-stack-protector and -z execstack do?
• Why might we need to use these flags for this assignment?
b) Using gdb to find your way in memory (7 marks)
We will exploit the program with the help of the debugger, gdb. If you have never handled gdb before,
it’s worth reading the Wikipedia article with its mini-introduction: https://en.wikipedia.org/
wiki/GNU_Debugger. Fire up gdb with gdb overflow.
Here are some commands within gdb you may find helpful:
• help e.g. help set args will show you options
• set args
• run / continue
• info frame
• break
• list
• x
Now answer:
• How do you use set args to pass command line parameters to your program? Give the
password ‘bertie4ever’.
• Do a list main and add a break point in the code line where getClearance() is called from
within main. Give the command.
• Run the code; it will stop at the break point. Then use info frame. What is shown here?
• What does the command x do?
5
7 Buffer overflow attacks - Smashing the stack (10 marks)
The above program provided will spill its secrets if you have the proper clearance. But it seems like
you don’t have the proper clearance. . .
• Find the place in the program that you are sure you can exploit to take over control of the
program. Explain why this is vulnerable! (2 marks)
• Give pseudocode that fixes the vulnerability and say where it must be placed. (C code instead
of pseudo code is also OK) (3 marks)
• Assume you want to overwrite the clearance variable with the overflow attack from the lecture,
but the following code piece was replaced
unsigned int clearance = getClearance(argv[1]); with
unsigned int clearance; clearance = getClearance(argv[1]);
Would the attack as described in the lecture work? Why? (3 marks)
• How would you go about overwriting clearance with the source code given? Give the principal
idea. (2 marks)
8 Additional features of TLS (10 marks)
a) Mutual TLS (mTLS) authentication (5 marks)
In the lecture we discussed only sever authentication in TLS. However, TLS also supports mutual
authentication (mTLS). Using a suitable diagram explain the process of mTLS. Explain what scenarios
require mTLS than usual TLS we use in HTTPS.
b) 0-RTT TLS (5 marks)
Using a suitable diagram, explain what 0-RTT in TLS 1.3. Discuss why do we need such a mechanism
and comment on its security implications.
9 Attacks against TLS (10 marks)
Older TLS versions are vulnerable to known attacks. Explain two such known attacks (Use diagrams
if required). Discuss possible mitigation techniques or the changes made in subsequent TLS versions
to address such attacks. (5 marks for each attack)
10 Authentication (10 marks)
Answer the following questions about authentication.
a) Multiple Factors (4 marks)
Give one disadvantage for each of the following second factors for authentication.
• Iris scan of the eye
• Measuring gait
• Sending text messages to a phone
• An external device like YubiKey
6
b) Challenge-response (2 marks)
Explain why challenge-response is a necessary ingredient in authentication protocols.
c) True or false? (4 marks)
Say if and why the following are true or false. Explain your anaswer
• The use of Two-Factor Authentication must be balanced against psychological acceptability.
• If we use Diffie-Hellman, we do not need authentication.
• One-time passwords can be a form of Two-Factor Authentication.
• AKE with Diffie-Hellman requires a prior key distribution
7

欢迎咨询51作业君
51作业君

Email:51zuoyejun

@gmail.com

添加客服微信: abby12468