This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner MT 2 Soln Problem 1. [Firewalls and Network Threats] (30 points) List and explain three network threats that a firewall does not protect against. (If a threat only applies to certain types of firewalls, then explain why this is the case.) Sample threats: (1) Attacks against open ports, such as buffer overrun attacks against unblocked services; (2) Malicious code or attacks carried in email or web traffic (many firewalls do not scan or examine email and web payloads); (3) Attacks on the firewall itself (e.g., trying to penetrate the firewall code by exploiting a buffer overflow in the firewall’s packet parsing code); (4) Internal attacks by malicious insiders; (5) Attacks from compromised internal machines against other internal machines (e.g., a laptop becomes infected with a worm, which tries to infect other inside hosts)—applies to perimeter firewalls; (6) Attacks from compromised machines which have a VPN or other tunnel through the firewall—applies to perimeter firewalls; (7) Denial of service attacks against the network link or the firewall itself. Grading: 10 point per threat, broken down as 5 points for the threat and 5 points for the explanation. Problem 2. [Zero-Knowledge Proofs] (20 points) Let ( N , e ) be Alice’s RSA public-key and ( N , d ) be her private key. Suppose that Bob claims to have a signed message from Alice: he claims to have s = m d mod N for some particular m mod N (which he reveals). Bob wishes to prove to Charlie that he has this signed message, without revealing any information about s . The following are the first two steps in a protocol by which Bob can provide a zero-knowledge proof of knowledge about s : • Bob selects a random number r mod N and computes t = r e mod N . He sends t mod N to Charlie. • Charlie randomly chooses one of two challenges: I) He asks Bob to send him Alice’s signature on t , namely t d mod N . II) He asks Bob to send him Alice’s signature on m · t , namely ( m · t ) d mod N ....
View Full Document
- Fall '05
- Computer Security, Charlie, Zero-knowledge proof, Covert Channel