The University of Sydney School of Computer Science Dr Suranga Seneviratne Lecturer - Security INFO3616 & CSEC3616— S2 2022 Assignment - 1 This is a group assignment. This assignment worths 10% of the final marks of the course. For questions 10, 11, and 12 additional scripts/code templates are provided. Submit your final report as a PDF and codes as a zip file in Canvas. You should explain any details of how to run your code in report. Final Report + Code: Due by Week 7, Sunday the 18th of September, 11:59 PM 1 Safety and security (5 marks) Safety Engineering and Security Engineering are related. Explain the similarities and differences between the two fields, and decribe the aspects that absolutely refer to security engineering (provide brief explanation and give one example scenario for each area). 2 Securing a start-up (8 marks) You are the new Security Engineering Manager at a start-up that provides data analytics servies to Telecommunications Service Providers. Major telecommunication service providers take your services to develop churn prediction models, usage pattern analysis, and develop service plans. This means they are sharing their customer data directly with you. As a start-up,not much effort has been put into security engineering, and it is your task to define and enhance the overall system security. • Explain a framework which you can follow to get things started. For each component of the framework, give at least two examples that are applicable to this start-up. (2 marks) • b) Assume one of your clients is British Telecom (BT). BT plans to share their client’s data with your company to develop statistical models for churn prediction. However, first they need to know if your company can meet some security goals. Breifly explain three security goals that can assure to keep BT’s data safe. (3 marks) • For each security goal, state incentives against which you intend to defend. Brief explanations are recommended. (3 marks) 3 A common problem (12 marks) The following is a story from the book The art of deception by Kevin Mitnick.1 We modified it slightly for this assignment. Please read carefully through the text and then go through the following questions. 1If you want to gain a deeper understanding of human psychology and how it can be exploited, this is definitely a book you want to read. It is available online via our library. 1 Rosemary Morgan was delighted with her new job. She had never worked for a magazine before and was finding the people much friendlier than she expected, a surprise because of the never-ending pressure most of the staff was always under to get yet another issue finished by the monthly deadline. The call she received one Thursday morning reconfirmed that impression of friendliness. ‘Is that Rosemary Morgan?’ ‘Yes.’ ‘Hi, Rosemary. This is Bill Jorday, with the Information Security group.’ ‘Yes?’ ‘Has anyone from our department discussed best security practices with you?’ ‘I don’t think so.’ ‘Well, let’s see. For starters, we don’t allow anybody to install software brought in from outside the company. That’s because we don’t want any liability for unlicensed use of software. And to avoid any problems with software that might have a worm or a virus.’ ‘Okay.’ ‘Are you aware of our email policies?’ ‘No.’ ‘What’s your current email address?’ ‘
[email protected].’ ‘Do you sign in under the username Rosemary?’ ‘No, it’s R-underscore-Morgan.’ ‘Right. We like to make all our new employees aware that it can be dangerous to open any email attachment you aren’t expecting. Lots of viruses and worms get sent around and they come in emails that seem to be from people you know. So if you get an email with an attachment you weren’t expecting you should always check to be sure the person listed as sender really did send you the message. You understand?’ ‘Yes, I’ve heard about that.’ ‘Good. And our policy is that you change your password every ninety days. When did you last change your password?’ ‘I’ve only been here three weeks; I’m still using the one I first set.’ ‘Okay, that’s fine. You can wait the rest of the ninety days. But we need to be sure people are using passwords that aren’t too easy to guess. Are you using a password that consists of both letters and numbers?’ ‘No.’ ‘We need to fix that. What password are you using now?’ ‘It’s my daughter’s name.’ ‘That’s really not a secure password. You should never choose a password that’s based on family information. Well, let’s see . . . you could do the same thing I do. It’s okay to use what you’re using now as the first part of the password, but then each time you change it, add a number for the current month.’ ‘Oh. OK.’ ‘Great. Do you want me to walk you through how to make the change?’ 2 ‘No, I know how.’ ‘Very good. Well, it’s been nice talking to you. Have a great day.’ ‘Thanks, you too.’ She went back to work, once again pleased at how well taken care of she felt. a) The attack (6 marks) • Give two security-relevant pieces of information that the attacker extracted. (2 marks) • Which human weaknesses did the attacker exploit? Say why. (3 marks) • The attacker did not manage to get all information they wanted—namely the password. How can they possibly still get that piece of information without resorting to trying out all possibilities? (1 mark) b) Policy, our old friend (3 marks) • The password policy the attacker states is actually still very common (especially in Australia). Argue: why is it not a good policy? Give two reasons. c) The aftermath (3 marks) Let us assume that this story continues. The attacker was ultimately successful in breaking into the system. Rosemary’s boss berates her, stating that she was told in her induction that she must read the security policy (she didn’t). • The boss’s argument is unrealistic. What does evidence tell us? (1 mark) • The attack could have been thwarted by Rosemary in simple ways, had she been trained properly by the company. Give one non-technical defence. (1 mark) • Give Rosemary advice how to choose a better password. (1 mark) 4 Privacy warnings (5 marks) As a results of privacy legislation changes globally, a large number of websites now dispaly ‘cookie warnings’—pop-ups that inform the user that the site will set a cookie. Figure 1 shows the pop-up displayed at https://www.nature.com/. • Considering what you know about human decision-making, argue whether this is an effective way to get user approval. Be brief. (1 mark) • Figure 2 shows another cookie notfication taken from https://www2.deloitte.com/. Compared to Figure 1 discuss whether this is a better or a worse design. (1 mark) • Explain why the approach is not used by many websites. (1 mark) • Discuss: can cookie notifications be exploited by attackers? 1-2 sentences are enough. (2 marks) 3 Figure 1: The cookie warning by https://www.nature.com/. Figure 2: The cookie warning by https://www2.deloitte.com/. 4 Figure 3: A phishing SMS received by ANZ customers 5 Phishing in banking (6 marks) Figure 3 shows a suspected phishing text message appears to be from ANZ bank. The inbox has all previous legitimate messages from the ANZ bank’s phone number. The users were confused about whether this actually came from ANZ or not, ANZ then sent a confirmed text message the next day that said it was a phishing text message. However, many users might be exposed to this attack before ANZ confirms that phishing text message. • State two weaknesses of the human mind that the design of this email targets, and give an example from the email for each. (2 marks) • One major difference in this attack compared to other phishing attacks is that the phone has somehow placed the phishing message to the previous legitimate message thread between the bank and the customer. Explain possible ways of how an attacker can do this? (2 marks) • Explain at least one way to defend against this type of attack for both technical and non-technical people. (2 marks) 6 Evaluating a Bell-LaPadula-based security policy (10 marks) We evaluate a security policy here that tries to implement a form of Bell-LaPadula model. Table 1 shows the so-called Access Matrix, with each column defining an Access Control List (ACL). R stands for read, X for execute (implies read), A for append (implies write), W for write. Please read the matrix as: if no rule is defined for a combination of subject and object in there, then the rules in the other tables govern access. The principals are Arthur, Bertie, Denver, Donald, Dylan, and Kelly; plus the programs beetle, mspaint, and time. beetle is a game that stores its savegames in /tmp, mspaint is a drawing program that saves its pictures in /tmp, and time is used to run any other program at a particular time. 5 beetle.exe /tmp missile_codes.rar mspaint.exe transfers.csv Bertie X A X A Arthur R RW A X A Denver X X R Kelly R RW Donald R RA Dylan RA R X R time.exe X R X Table 1: Access control matrix. There are also definitions based on clearance levels, which are to be interpreted according to the rules of Bell-LaPadula. Each resource may be tagged with the markers PROTECTED, SECRET, TOP SECRET (in rising order of clearance). We finally extend this with caveat rules, of which there is only one: AUSTEO means something is for Australian Eyes Only. Table 2 shows the clearance level and principals holding a certain level, and Table 3 shows the allocations. In order to be allowed access to an object, all rules defined in the three tables must be fulfilled. Clearances Accessible Resources People Baseline Vetting ≤ PROTECTED Arthur Negative Vetting 1 ≤ SECRET Bertie, Kelly, time.exe Negative Vetting 2 ≤ TOP SECRET Dylan, Denver Positive Vetting ≤ TOP SECRET + AUSTEO Donald Table 2: Clearance levels principals holding clearance. Tag. . . marks. . . PROTECTED /tmp, transfers.csv SECRET beetle.exe TOP SECRET missile_codes.rar, mspaint.exe AUSTEO missile_codes.rar Table 3: Tags and marking. a) Access Control (2 marks) • What form of Access Control is implemented by Table 1? Say why. (1 mark) • What form of Access Control is implemented by Tables 2 and 3? Say why. (1 mark) b) Rule consistency (6 marks) 6 Are the rules in the tables consistent with each other? If not, which definitions in the ACL collide with the definitions via the clearance levels? Say why for credit. c) Malicious operatives (2 marks) • Kelly is the accountant. Is there anything stopping her from ‘cooking the books’, i.e., forging transfers? Why? (1 mark) • Dylan is a beetle.exe addict and has had his permissions revoked. Can you find a way for him to get his fix? (1 mark) 7 Access control and Operating Systems (12 marks) A few questions about access control and Operating Systems: a) OSes in general (2 marks) • Can Operating Systems provide access control without having to rely on the hardware? Why? (1 mark) • How do Operating Systems prevent an application from overwriting another application’s memory? (1 mark) b) Linux (3 marks) Consider the Linux operating system and how it handles file permissions. • The mount command allows the Linux operating system to access additional block devices, this includes things like USBs, additional hard disks, CD-ROMS or even iso images. What are the permissions on this command? (1 mark) • Write a script (using either Python or Bash) that would search the operating system and return a list of all files with similar permissions that the current user has access to (No “Permission Denied” strings in the output). Submit the script. Hint: if you attended the tutorial, this can be a one-liner. (2 marks) c) Windows (5 mark) Figure 4 shows a dialogue of Windows 10. This is actually an implementation of a security model. • What model is implemented here? (1 mark) • Name the rules of the model that cause this dialogue to appear. (1 mark) Look into what an autorun.inf file is. • How does a CD-ROM make use of an autorun.inf file? (1 mark) • Compare and contrast how Windows handles inserting a CD-ROM to how it handles the case in Figure 4. (1 mark) 7 Figure 4: Dialogue from Windows 10. • Compare and contrast how Windows handles inserting a CD-ROM to how Linux handles mounting a CD-ROM.(1 mark) d) The USB key and virtualized OSes (2 marks) Assume you find a USB key on the floor. You pick it up, but distrust it. You start a VM to inspect its contents. • Explain by referring to virtualization as access control: does this protect you against all risks involved by plugging in the USB key? Why? (2 marks) 8 Linux Privilege Escalation (6 marks) When an attacker breaks into to a server, usually they initially get a least privilege shell/user access. Next the attacker attempt to obtain a higher privilege shell like the root through multiple ways. Conduct your own research and describe three methods attackers usually use for privilege escalation. 9 Breaking Diffie-Hellman (6 marks) Alice and Bob use the (textbook) Diffie-Hellman scheme to establish a shared key KA,B over an an insecure channel. We mentioned in the lesson that Diffie-Hellman is secure only against attackers that are not able to modify messages in transit. Find a way how an attacker (outside the Diffie-Hellman assumptions) can perform an attack against the key establishment, such that they will be able to read every message that Alice and Bob send to each other after the key exchange is complete. • Describe the basic idea (2 marks). • Write up the protocol flow (in the style as shown in the lecture), with the attacker breaking the key establishment (2 marks). • Which key is Alice going to use? And which key is Bob going to use? (1 mark) • Show why the attacker can get the plaintext of every message Alice and Bob send after the handshake (1 mark). 8 10 Hybrid cryptography in Python (10 marks) In this task, you are going to implement hybrid crypto in Python. Let Alice and Bob be the ‘players’. Fill in the provided skeleton code! Use pycryptodome. The provided skeleton code will guide you through the task. You must: • Complete the class Principal (5 marks) • Complete the class HybridCipher (5 marks) • Complete the main() (2 marks) Do not change the function signatures! Your task is to fill in the gaps, not write fresh code. In the report explain your code and how to run it. 11 Cracking the code (10 marks) You are an undercover agent who has infiltrated a terrorist group. You got access to the group’s leader’s laptop and found a file named top_secret.txt. However, only group leader has the key to decrpt the file. To avoid an imminent attack you have to decrypt the file top_secret.txt. Submit your code and explanation of your attack methods to find the plaintext. Please note the following. • Space character is not encrypted. • The length of the key is less than 10. • Hint. Use something similar to Kasiski’s analysis. 12 New encryption algorithm (10 marks) Your friend (Alice) designed a new encryption algorithm. She sets the key size as 40 bits or 104 bits key, and an initialization vector (IV) length of 24 bits. By adding the IV, the key size for her new algorithm is now 64 bits or 128 bits which seems good. However, you attended INFO3616/CSEC3616 and believe that this is not a secure encryption algorithm. You can access your friend’s source code. There is a csv file showing several data packets that were encrypted using the new algorithm. The first 3 columns present values of 24-bit IV, and the 4th column shows the encrypted values (plaintext was “aa”). Complete the sample code to recover the secret key and prove that she was wrong. Figure 5 shows how Alice’s algorithm works. Hint: Focus on how the keystream was created and bitwise operation. Note that secret key (also called rawkey in the code) and keystream are different. 9 Figure 5: Schematic diagram of Alice’s encryption algorithm 10
欢迎咨询51作业君