HW #5: Authentication and Key Exchange/Access Control
CS 392/6813: Computer Security
Problem 1 [10+30+10pts]
It is often the case with web browsers that the user is provided with the option of
“remembering” their passwords on the computers that they use for accessing various web
sites that require password authentication. Clearly, this makes the browsing quite
convenient for the user, as he/she does not need to remember and type-in the password
every time access is needed.. In this problem/exercise, we will look at and evaluate a
famous browser Mozilla Firefox (I assume you all use it) with respect to remembering of
passwords. First of all, allow Firefox to remember passwords corresponding to a few of
the sites (such as email services, MyPoly) you regularly access, and then answer the
1. There is potentially a serious problem/vulnerability with the way password
remembering has been implemented in Firefox. You have to figure out what this
problem is and describe it in your own words.
2. Firefox tries to address the above problem by introducing a feature. First, figure
out what this feature is. Second, spend some time (a day or two) browsing through
your web-sites while (1) this feature is enabled and (2) this feature is disabled.
How (1) and (2) compare in terms of convenience? Would you prefer (1) over (2),
or vice versa, and why?
3. Can you suggest a better solution (than that implemented by Firefox) to the
problem you discovered in part (1) above?
Problem 2 [25pts]
Following is a protocol to establish mutual authentication between entities A (Alice) and
assume that Alice and Bob have obtained each other’s public keys Pka, Pkb,
respectively, in an authenticated manner (e.g., through a common trusted CA)):
ska, skb are Alice’s and Bob’s private keys, respectively
Sigsk(m) denotes signature on message m using the private key sk
1. A chooses a random (128-bit long) nonce Na and sends it to B, i.e.,
A B: A, Na
2. B chooses a random (128-bit long) nonce Nb, computes Sb=Sigskb(Nb, Na, A) and
sends Nb, Sb to A, i.e.,
B A: Nb, Sb
3. A first verifies the signature Sb using Pkb, checks whether B indeed signed her
challenge Na. This authenticates Bob to Alice. Then, A picks another random
(128-bit long) nonce Na’, computes Sa=Sigska(Na’, Nb, B) and sends Na’, Sa to B,
A B: Na’, Sa
4. B verifies the signature Sa using Pka, checks whether A indeed signed her
challenge Nb. This authenticates Alice to Bob.
Show an attack on the protocol (assume an active attacker Eve).
Problem 2 [20+5=25pts]
1. In an organization, there are a total of s subjects and o objects. The subjects are
also divided among groups consisting of a total of r roles. While incorporating
access control for this organization, the security architect of the organization has
the choice of either using the approach of access control matrix or the role-based
access control. If you were the security architect, which approach would you
recommend using, under what conditions and why?
2. In an operating system, access control is implemented using 18 rings. A data
segment D has an access bracket (3,15). What access permissions a process P1
executing in ring 16 has on the data segment D? What access permissions a
process P2 executing in ring 6 has on the data segment D? Assume that a process
P3 executing in ring 2 is infected with a virus. Can this virus have a potential
adverse effect when process P3 refers to the data segment D?