Document Sample
HW5 Powered By Docstoc
					  HW #5: Authentication and Key Exchange/Access Control

                    CS 392/6813: Computer Security
                              Fall 2008
                            Due 10/27/08


Problem 1 [10+30+10pts]

It is often the case with web browsers that the user is provided with the option of
“remembering” their passwords on the computers that they use for accessing various web
sites that require password authentication. Clearly, this makes the browsing quite
convenient for the user, as he/she does not need to remember and type-in the password
every time access is needed.. In this problem/exercise, we will look at and evaluate a
famous browser Mozilla Firefox (I assume you all use it) with respect to remembering of
passwords. First of all, allow Firefox to remember passwords corresponding to a few of
the sites (such as email services, MyPoly) you regularly access, and then answer the
following questions.

   1. There is potentially a serious problem/vulnerability with the way password
      remembering has been implemented in Firefox. You have to figure out what this
      problem is and describe it in your own words.
   2. Firefox tries to address the above problem by introducing a feature. First, figure
      out what this feature is. Second, spend some time (a day or two) browsing through
      your web-sites while (1) this feature is enabled and (2) this feature is disabled.
      How (1) and (2) compare in terms of convenience? Would you prefer (1) over (2),
      or vice versa, and why?
   3. Can you suggest a better solution (than that implemented by Firefox) to the
      problem you discovered in part (1) above?

Problem 2 [25pts]
Following is a protocol to establish mutual authentication between entities A (Alice) and
B (Bob)
     assume that Alice and Bob have obtained each other’s public keys Pka, Pkb,
       respectively, in an authenticated manner (e.g., through a common trusted CA)):
     ska, skb are Alice’s and Bob’s private keys, respectively
     Sigsk(m) denotes signature on message m using the private key sk

   1. A chooses a random (128-bit long) nonce Na and sends it to B, i.e.,
         A  B: A, Na
   2. B chooses a random (128-bit long) nonce Nb, computes Sb=Sigskb(Nb, Na, A) and
      sends Nb, Sb to A, i.e.,
            B  A: Nb, Sb
   3. A first verifies the signature Sb using Pkb, checks whether B indeed signed her
      challenge Na. This authenticates Bob to Alice. Then, A picks another random
      (128-bit long) nonce Na’, computes Sa=Sigska(Na’, Nb, B) and sends Na’, Sa to B,
          A  B: Na’, Sa
   4. B verifies the signature Sa using Pka, checks whether A indeed signed her
      challenge Nb. This authenticates Alice to Bob.

Show an attack on the protocol (assume an active attacker Eve).

Problem 2 [20+5=25pts]

   1. In an organization, there are a total of s subjects and o objects. The subjects are
      also divided among groups consisting of a total of r roles. While incorporating
      access control for this organization, the security architect of the organization has
      the choice of either using the approach of access control matrix or the role-based
      access control. If you were the security architect, which approach would you
      recommend using, under what conditions and why?

   2. In an operating system, access control is implemented using 18 rings. A data
      segment D has an access bracket (3,15). What access permissions a process P1
      executing in ring 16 has on the data segment D? What access permissions a
      process P2 executing in ring 6 has on the data segment D? Assume that a process
      P3 executing in ring 2 is infected with a virus. Can this virus have a potential
      adverse effect when process P3 refers to the data segment D?

Shared By: