by ·0 Comments

Question 1

 

(a)    Describe Active Attacks and Passive Attacks.  Also describe three different types of passive attacks and four different types of active attacks.

(b)   Give examples of two possible scenarios when one cannot be absolutely certain that an adversary is launching a modification-of-message attack or denial-of-service attack, even when the proper security protections are in place.  Explain your answer.

 

(c)    How could traffic analysis jeopardize security? Give an example to illustrate your answer.

Solutions

(a)

Passive Attack:  With this type of attacks, the adversary attempts to learn or make use of the information from the system but does not affect system resources.

 

Active Attack: In this type of attacks, the adversary attempts to alter system resources or affect their operations.

 

Passive attacks include eavesdropping of conversations, sniffing of message content transmitted through the network, or monitoring of traffic patterns in the transmission.  The last type of attack is sometimes also known as traffic analysis.  In such an attack an adversary attempts to deduce information by looking at the frequency of messages transmitted, the length of messages, or the timing for transmission, etc.

 

Active attacks involve active manipulation of the messages and data.  There are a few possibilities:

 

Masquerade:  An adversary will pretend to be someone else and carry out transactions or interactions using the false identity.

 

Replay: The adversary captures some messages and replays, or injects, them in another transaction.  In this case, the recipient will receive information not intended for that transaction and may carry out wrong actions.

 

Modification of messages: The adversary will attempt to modify part of the messages to suit his needs.

 

Denial of Service: The adversary will attempt to “jam” the network or some services.  A well-known approach is to generate a large amount of false interactions in the system.  This will prevent proper processing of legitimate transactions.

 

Counter : detection and containment/recovery approach

 

 

(b) Two scenarios where one cannot be absolutely certain that an adversary is launching an active attack are as follows:

 

1.         When there are infrequent errors in the packets received.  This could be a result of communication errors as well as a modification attack.

 

2.         When there is an expected surge in network activities (e.g. near the closing date of Income Tax e-filing).  In this case the reduction is availability could be a result of legitimate users activities as well as a denial of service attack.

 

(c)   Traffic analysis could reveal the amount of traffic between communicating parties. For example, in a military environment, an increased level of traffic to and from a commander might serve as a prediction of troop movements. This information will be useful to the adversary.

 

Question 2

 

(a)        Is it likely to achieve perfect security for a network (i.e. to have a network that will never fail in terms of security) in the real business world?  Give three possible reasons to substantiate your answer.

 

(b)        The computing speed is much faster these days compared to that some years back.  On the other hand, old algorithms and systems are still in use.  Give three reasons to explain this situation.

 

Solutions

 

(a)        It is unlikely.

Reasons:

1.         Human is the weakest link.  No matter how strong are the protection mechanisms for a network, there is still a possibility that the users will make mistakes.

 

2.         Technological changes occur rapidly.  Mechanisms that are strong one day may suddenly become insufficient when new techniques or insights are discovered.

 

3.         In real business world, there is always a cost, schedule and efficiency issues.

 

(b)

Reasons

1.         There is a cost involved in migrating to the new algorithm/system.

2.         There is a need to be compatible to the rest of the community that are still using the old algorithm/system.

 

 

Question 3

 

(a)(i)    Explain Security Services and Security Mechanisms.

 

(ii)        Suppose the main threat of a network is replay attack.  Does the use of confidentiality services protect the network against such attack?  Explain your answer.

 

(iii)       Is it always the case that only one mechanism can be used to achieve the provision of a particular service?  Give an example to illustrate and explain the answer.

 

(b)

 

Question 3 (solutions)

 

(i)         Security Mechanism:            A mechanism that is designed to detect, prevent, or recover from a security attack.

 

Security Service:        A service that enhances the security of the data processing systems and the information transfers of an organization.  The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.

 

(ii)        No, confidentiality services does not provide the protection

 

Explanation:  Such services only help to ensure that only the legitimate users are allowed to see the relevant data or information (including traffic information).  An attacker launching a reply attack could re-send a message captured from the network.  Confidentiality services will not be able to alert the recipient that this is a repeated message.

 

(iii)       No, different mechanisms could be used to achieve the provision of the same service.

For example, to achieve confidentiality service, the security module may use encryption, or adds random traffic into the network (this is known as traffic padding), or regularly change the route of the traffic (route control).  Encryption, traffic padding and route control are different mechanisms.  On the other hand, they could all be used to provide confidentiality service for the network.