Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Computer Security Assignment 3: Authentication and Network Security - Prof. Eunjin Jung, Assignments of Computer Science

Information about various problems related to computer security, including online cookie store authentication, password hashing with salts, and detecting zombies in a network. Students are asked to describe ways to log into another user's account on cookiestore.com, design a more secure authentication scheme, discuss the effectiveness of increasing salt size in password hashes, and identify patterns to detect zombies. Additionally, students are asked to list protocols that cannot be proxied by a firewall.

Typology: Assignments

Pre 2010

Uploaded on 03/11/2009

koofers-user-bcf-2
koofers-user-bcf-2 🇺🇸

1

(1)

10 documents

1 / 1

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Fall 2006 22c:169 Computer Security
Assignment 3 - due by Thursday, Nov 9.
Problem 1: Online cookie store (15 points) Cookiestore.com is a big online seller of baked goods.
To set up an account on the site, a user creates a username and a password. Because the server might
be vulnerable to a hacking attack and also, the IT department of Cookiestore.com decided that it is too
dangerous to keep passwords stored on the server, so they came up with a clever way to avoid having to
remember every user’s password. When the user creates a new account, his password is hashed and the
hash is stored in a Web cookie. Assume that the hash function is secure, i.e. collision-resistant and one-way.
When he comes to Cookiestore.com again and types in his username and password, the site pulls the cookie
from his browser and compares the typed-in password with the password stored in the cookie. If the two
passwords match, access is granted.
Problem 1a (5 points) Describe how you can log into another user’s account on Cookiestore.com. (As-
sume that the victim’s computer is offline and inaccessible; all you know is her username.)
Problem 1b (10 points) Design an authentication scheme in which passwords are stored in cookies, but
the attack you discovered in Problem 3a is no longer feasible.
Problem 2: Salty dish (5 points) Including a 12-bit salt in UNIX password hashes increases the
difficulty of a dictionary attack by a factor of 212 = 4096. Wouldn’t it be possible to completely thwart all
password crackers by increasing the salt size to, say, 48 bits? Explain your answer.
Problem 3: Hunting the Undead (10 points) A distributed denial of service attack requires zombies
running on numerous machines to perform part of the attack simultaneously. Imagine you are a system
administrator looking for zombies on your network. List at least three things or patterns you would be
looking for.
Problem 4: Proxy vote (10 points) Recall that a proxy (or application-level) firewall simulates
application-specific behavior to both sides of the protected connection. For example, when electronic mail
is transferred from one site to another, a sending process and a receiving process communicate by SMTP
protocol that establishes the legitimacy of a mail transfer and then transfers the mail message. An SMTP
proxy firewall intrudes in the middle of this protocol exchange. To the sender who is outside the firewall,
it behaves like a real destination, and to the destination inside the firewall, it behaves like a real sender.
Being in the middle, the proxy has the opportunity to screen the mail transfer, ensuring that only acceptable
SMTP commands are forwarded to the destination. It is relatively easy to implement a proxy firewall for
protocols such as SMTP and HTTP. List at least two protocols that it would be prohibitively difficult or
impossible to proxy. Explain your answer.

Partial preview of the text

Download Computer Security Assignment 3: Authentication and Network Security - Prof. Eunjin Jung and more Assignments Computer Science in PDF only on Docsity!

Fall 2006 – 22c:169 Computer Security Assignment 3 - due by Thursday, Nov 9.

Problem 1: Online cookie store (15 points) Cookiestore.com is a big online seller of baked goods. To set up an account on the site, a user creates a username and a password. Because the server might be vulnerable to a hacking attack and also, the IT department of Cookiestore.com decided that it is too dangerous to keep passwords stored on the server, so they came up with a clever way to avoid having to remember every user’s password. When the user creates a new account, his password is hashed and the hash is stored in a Web cookie. Assume that the hash function is secure, i.e. collision-resistant and one-way. When he comes to Cookiestore.com again and types in his username and password, the site pulls the cookie from his browser and compares the typed-in password with the password stored in the cookie. If the two passwords match, access is granted.

Problem 1a (5 points) Describe how you can log into another user’s account on Cookiestore.com. (As- sume that the victim’s computer is offline and inaccessible; all you know is her username.)

Problem 1b (10 points) Design an authentication scheme in which passwords are stored in cookies, but the attack you discovered in Problem 3a is no longer feasible.

Problem 2: Salty dish (5 points) Including a 12-bit salt in UNIX password hashes increases the difficulty of a dictionary attack by a factor of 2^12 = 4096. Wouldn’t it be possible to completely thwart all password crackers by increasing the salt size to, say, 48 bits? Explain your answer.

Problem 3: Hunting the Undead (10 points) A distributed denial of service attack requires zombies running on numerous machines to perform part of the attack simultaneously. Imagine you are a system administrator looking for zombies on your network. List at least three things or patterns you would be looking for.

Problem 4: Proxy vote (10 points) Recall that a proxy (or application-level) firewall simulates application-specific behavior to both sides of the protected connection. For example, when electronic mail is transferred from one site to another, a sending process and a receiving process communicate by SMTP protocol that establishes the legitimacy of a mail transfer and then transfers the mail message. An SMTP proxy firewall intrudes in the middle of this protocol exchange. To the sender who is outside the firewall, it behaves like a real destination, and to the destination inside the firewall, it behaves like a real sender. Being in the middle, the proxy has the opportunity to screen the mail transfer, ensuring that only acceptable SMTP commands are forwarded to the destination. It is relatively easy to implement a proxy firewall for protocols such as SMTP and HTTP. List at least two protocols that it would be prohibitively difficult or impossible to proxy. Explain your answer.