
Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Information about various problems related to computer security, including online cookie store authentication, password hashing with salts, and detecting zombies in a network. Students are asked to describe ways to log into another user's account on cookiestore.com, design a more secure authentication scheme, discuss the effectiveness of increasing salt size in password hashes, and identify patterns to detect zombies. Additionally, students are asked to list protocols that cannot be proxied by a firewall.
Typology: Assignments
1 / 1
This page cannot be seen from the preview
Don't miss anything!
Fall 2006 – 22c:169 Computer Security Assignment 3 - due by Thursday, Nov 9.
Problem 1: Online cookie store (15 points) Cookiestore.com is a big online seller of baked goods. To set up an account on the site, a user creates a username and a password. Because the server might be vulnerable to a hacking attack and also, the IT department of Cookiestore.com decided that it is too dangerous to keep passwords stored on the server, so they came up with a clever way to avoid having to remember every user’s password. When the user creates a new account, his password is hashed and the hash is stored in a Web cookie. Assume that the hash function is secure, i.e. collision-resistant and one-way. When he comes to Cookiestore.com again and types in his username and password, the site pulls the cookie from his browser and compares the typed-in password with the password stored in the cookie. If the two passwords match, access is granted.
Problem 1a (5 points) Describe how you can log into another user’s account on Cookiestore.com. (As- sume that the victim’s computer is offline and inaccessible; all you know is her username.)
Problem 1b (10 points) Design an authentication scheme in which passwords are stored in cookies, but the attack you discovered in Problem 3a is no longer feasible.
Problem 2: Salty dish (5 points) Including a 12-bit salt in UNIX password hashes increases the difficulty of a dictionary attack by a factor of 2^12 = 4096. Wouldn’t it be possible to completely thwart all password crackers by increasing the salt size to, say, 48 bits? Explain your answer.
Problem 3: Hunting the Undead (10 points) A distributed denial of service attack requires zombies running on numerous machines to perform part of the attack simultaneously. Imagine you are a system administrator looking for zombies on your network. List at least three things or patterns you would be looking for.
Problem 4: Proxy vote (10 points) Recall that a proxy (or application-level) firewall simulates application-specific behavior to both sides of the protected connection. For example, when electronic mail is transferred from one site to another, a sending process and a receiving process communicate by SMTP protocol that establishes the legitimacy of a mail transfer and then transfers the mail message. An SMTP proxy firewall intrudes in the middle of this protocol exchange. To the sender who is outside the firewall, it behaves like a real destination, and to the destination inside the firewall, it behaves like a real sender. Being in the middle, the proxy has the opportunity to screen the mail transfer, ensuring that only acceptable SMTP commands are forwarded to the destination. It is relatively easy to implement a proxy firewall for protocols such as SMTP and HTTP. List at least two protocols that it would be prohibitively difficult or impossible to proxy. Explain your answer.