Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
INF3510-V18
1/19
Examinformation
UniversityofOslo-FacultyofMathematicsandNaturalSciencesDigitalexaminINF3510InformationSecurity(Spring2018)
Dateandtime:1June2018,09:00h-13:00h
Permittedmaterials:Languagedictionary
Pleaseregardthefollowingdirections:
Theexamcontains44questionswithatotalof100points(=100%).Eachquestionstatesexplicitlythemarkingscheme.Forquestionsoftype"matching"(i.e.amatrix)thefollowingapplies:
Negativepointsaregivenforincorrectrows.Theoverallscoreforthetotalquestionisalwaysatleast0points(evenifthesumoverallrowsisnegative).Thereisthepossibilityofselectingnooptioninsidearow("noanswer"),whichgives0points.Attention:Onceyouhaveselectedanyoptioninarow,itisNOTpossibletoremoveallchoicesandgobackto"noanswer".
Thequestionsaregroupedunder10partsthatcorrespondapproximatelyto10ofthelecturesinthiscourse.Beconcise.Whenansweringaquestion,itisoftensufficienttowriteasingleexpressionorsentencetodescribeeachconceptthatthequestionasksfor.AnswerscanbewritteninEnglishorinNorwegian.
Part1:GeneralSecurity
1 ISO27000Writethedefinition(approximately)ofinformationsecurityaccordingtoISO27000.Points:max2totalscoreFillinyouranswerhere
Maximummarks:2
2 AvailabilityIWritethedefinition(approximately)ofavailabilityaccordingtoISO27000.Points:max1
Fillinyouranswerhere
INF3510-V18
2/19
Fillinyouranswerhere
Maximummarks:1
3 AvailabilityIIWhichisthemostrelevantthreatagainstavailability?Points:1forcorrectanswer,0forwrongornoanswerSelectonealternative:
SQLinjection
DDoSattack
Zero-dayexploit
Cryptanalysis
Phishingemail
Maximummarks:1
4 AuthenticationSelectthetwo(2)mostgeneralcategoriesofauthentication.Points:1foreachcorrect,0foreachwrong,0fornoanswer,max2totalscoreSelecttwoalternatives:
Entityauthentication
Knowledge-basedauthentication
Token-basedauthentication
Dataauthentication
Serverauthentication
Userauthentication
Maximummarks:2
5 AuthorizationExplaintheconceptofauthorizationinawayconsistentwiththedefinitionofconfidentiality.Points:max1Fillinyouranswerhere
INF3510-V18
3/19
Maximummarks:1
6 DataOriginIndicatewhethereachcharacteristicintheleftcolumnisrelevantfornon-repudiationorauthenticationofdataorigin.Somecharacteristicsareirrelevant,inthatcaseselect'irrelevant'.Points:0.5foreachcorrectrelevance,-0.5foreachwrong,0fornomarkinginarow,max3Selectthecorrectrelevance:
Non-repudiation Authentication Irrelevant
Implementedwithdigitalsignature
ImplementedwithMAC
Prooftobothrecipientandtoany3rdparty
Proofonlytorecipient
Alwaysmulti-factor
Alwaysbasedonbiometrics
Maximummarks:3
Part2:Cryptography
7 HashFunctionsISelectthepropertiesof(good)hashfunctions.Points:1foreachcorrect,0foreachwrong,0fornowanswer,max2totalscoreSelectoneormorealternatives:
Bijective
Assymetric
Confidential
Oneway
Collisionresistance
Maximummarks:2
8 HashFunctionsIINametwo(2)commonapplicationsofcryptographichashfunctions.
INF3510-V18
4/19
Points:max2Fillinyouranswerhere
Maximummarks:2
9 MACWhatisthepurposeofsendingamessagewithaMAC?Points:1forcorrectanswer,0forwronganswerSelectonealternative:
Anythirdpartycanauthenticatethemessageorigin.
Therecipientcanauthenticatethemessageorigin.
Itprotectsthemessageconfidentiality.
Itprovidesnon-repudiationofmessageorigin.
Maximummarks:1
10 SymmetricEncryptionSpecifythepossiblekeysizes(inbits)oftheAESencryptionalgorithm.Points:1foreachcorrect,0foreachwrong,max2totalscore
Smallestblocksize:
Largestblocksize:
Maximummarks:2
11 AsymmetricEncryptionAlicewantstosendamessagetoBob,encryptedwithRSA.Whichkeydoessheusefortheencryptionprocess?Points:1forcorrectanswer,0forwronganswerSelectanalternative:
Alice'sprivatekey
Bob'sprivatekey
Alice'spublickey
Bob'spublickey
Maximummarks:1
12 QuantumComputing
INF3510-V18
5/19
Whatwillbetheinfluenceofquatumcomputingoncurrentcryptosystems?Points:1foreachcorrect,0foreachwrong,max2totalscoreSelectoneormorealternatives:
Symmetriccryptoalgorithms(e.g.AES)willbecompletelybroken.
Therewillbenoeffect.
Symmetriccryptoalgorithms(e.g.AES)willneedlargerkeys.
Asymmetriccryptoalgorithms(e.g.RSA)willneedlargerkeys.
Asymmetriccryptoalgorithms(e.g.RSA)willbecompletelybroken.
Symmetriccryptoalgorithms(e.g.AES)willneedshorterkeys.
Maximummarks:2
Part3:KeyManagement
13 KeydistributionSelectforeachkeytypethecorrectstatementthatapplysforkeydistributionofthespecifickeytype.Points:1foreachcorrect,-1forwrong,0fornoanswer,max3totalscoreSelectthecorrectstatement.
Confidentialityrequired
Keysarenotdistributed
Noneoftheotherstatements
Authenticityrequired
Asymmetricpublickeys
Asymmetricprivatekeys
Symmetrickeys
Maximummarks:3
14 CertificatesPleasemarkthethree(3)mostrelevantelementsinsideaX.509certificate.Points:1foreachcorrect,0forwrong,0fornoanswer,max3totalscore
Selectoneormorealternatives:
INF3510-V18
6/19
Selectoneormorealternatives:
Publickeyoftheissuer
Keyexchangealgorithm
Signaturecreatedbytheissuer
Signaturecreatedbythesubject
IPAddressoftheissuer
Publickeyofthesubject
Commonnameofthesubject
Maximummarks:3
15 PKIPleasemarkthestatementsoncertificatesandbrowserPKIs(PublicKeyInfrastructure)whicharetrue.Points:1foreachcorrect,0forwrong,0fornoselection,max2Selectoneormorealternatives:
Certificatesensureauthenticexchangeofprivatekeys.
CertificateTransparencyallowsautomaticissuingofcertificates.
Thetrustmodelisbasednotonone,butonmanyrootCAs.
ACAverifiestheownershipofadomainbeforesigningthecertificate.
Foranextendedvalidationcertificate(EV),therequestermustproofthehonestintentionoftheWebsite.
CertificatesallowtheusertodetectphishingWebsites.
Maximummarks:2
16 CertificateRevocationPleasenametwo(2)commonmethodsforcertificaterevocation.Points:max2Fillinyouranswerhere
Maximummarks:2
Part4:RiskManagement
17 PracticalRiskModel
INF3510-V18
7/19
Selecttwoelementsfromthediagramthatmustbespecifiedinatypicalpracticalmethodforqualitativeassessmentofrisks.Points:1foreachcorrectselection,0foreachwrong,0fornoselection,max2totalscoreSelecttwoalternatives:
Threatagentmotivation
Threatagentstrength
Likelihoodofincident
Impactonassets
Vulnerabilitytothreatscenario
Threatagentcapacity
Maximummarks:2
18 RiskAccessment
RiskIdentificationandRiskEstimationaredifferentstepsaspartofriskassessmentintheriskmanagement
INF3510-V18
8/19
process.Mentiontwo(2)elementsofRiskIdentificationandtwo(2)elementsofRiskEstimation.Points:1foreachcorrectelement,max4totalscoreRiskIdentification
RiskEstimation
Maximummarks:4
19 ThreatmodellingSelecttwo(2)relevantapproachesforidentifying/modellingthreatscenarios.Points:1foreachcorrect,-1foreachwrong,0fornoselection,max2totalscoreSelecttwoalternatives:
Vulnerability-centricthreatmodelling
Asset-centricthreatmodelling
Impact-centricthreatmodelling
Attacker-centricthreatmodelling
Maximummarks:2
20 RiskLevelsPleasementionforqualitativeandquantitativeriskanalysisoneexampleeach.Points:1foreachcorrectanswer,max2totalscoreQualitative
Quantitative
Maximummarks:2
Part5:ComputerSecurity
INF3510-V18
9/19
21 ProtectionRingsAssigntheprotectionringstothemodes.Points:0.5foreachcorrect,-0.5forwrong,0fornoanswer,max3totalscorePleasematchthevalues:
KernelMode UserModeHypervisor
modeNotused(anymore) Doesnotexist
-1
0
1
2
3
4
Maximummarks:3
22 VirtualizationSelectthestatementsonplatformvirtualizationwhicharetrue.Points:1foreachcorrect,0forwrong,0fornoanswer,max2totalscoreSelectoneormorealternatives:
AguestOScanaccessanotherguestOS,whichislocatedonthesamehostsystem.
Platformvirtualizationhelpsinmalwareprotection.
ThehypervisoroffersvirtualhardwareinterfacestotheVMs.
ThehypervisorisalwaysrunningontopofthehostOS.
GuestVMsonthesamehostsystemmusthavethesameOS.
Platformvirtualizationincreasestheenergydemand.
Maximummarks:2
23 TrustedComputingExplain(shortly!)themotivation/ideaoftrustedcomputing.Points:max2Fillinyouranswerhere
INF3510-V18
10/19
Maximummarks:2
24 TPM
TPM(TrustedPlatformModule)isahardwarechipwhichsupportsthree(3)mainsecurityservicesoncomputingplatforms.ListthesethreemainTPM-supportedservices:Points:max3totalscoreFillinyouranswerhere
Maximummarks:3
Part6:UserAuthentication
25 AuthenticationFactorsNamethethree(3)generalcredentialcategories(calledauthenticationfactors)Points:0.5foreachcorrectanswer,0forwrong,0fornoanswer
Giveanexampleforanexistingwide-spread2-factorauthenticationsystem.Points:0.5forcorrectanswer,0forwrong,0fornoanswer
Maximummarks:2
26 PasswordStorageSelecttherelevantsecuritymethodforimplementingeachrequirementinpassworddatabases.Points:0.5foreachcorrect,-0.5forwrong,0fornoanswer,max2totalscore
Selecttherelevantsecuritymethod:
INF3510-V18
11/19
Selecttherelevantsecuritymethod:
AccessControl HashingComplexpassword Salting
Onlyauthorizedentiescanreadthepassworddatabase
Attackerscannotcrackasaltedandhashedpasswordinthedatabase
Passwordsarenotreadableinthedatabase
Pre-computedhashtablescannotbeusedtocrackpasswords
Maximummarks:2
27 BiometricsNameone(1)advantageandtwo(2)disadvantages/problems/challengesofbiometricauthentication.Points:1foreachcorrectanswer,0forwronganswer,0fornoanswer,max3totalscore.Advantage
Disadvantages/Problems/Challenges
Maximummarks:3
28 AuthenticationTokensMentionandbrieflydescribethetwo(2)typesofsynchronisedauthenticationtokens.Points:1foreachcorrect,0fornoanswer,0forwronganswer,max2totalscoreFillinyouranswerhere
Maximummarks:2
29 AuthenticationAssuranceLevel
INF3510-V18
12/19
29 AuthenticationAssuranceLevelHowmanyAALs(AuthenticationAssuranceLevels)dotheEuropeaneIDASframeworkspecify? .
Points:1forcorrect,0forwrong,0fornoanswer
Maximummarks:1
Part7:Identity&AccessManagement
30 PhasesinIdentity&AccessManagement
ThediagramshowsthattheconfigurationphaseandtheoperationphaseofIAM(Identity&AccessManagement)consistsofstepswhichrepresentspecificactivities.Matcheachactivityintheleftcolumnwiththecorrespondingstepinthediagram.Points:0.5foreachcorrect,-0.5foreachwrong,0fornoselection,max3Matchactivitywithstepnumber:
1 2 3 4 5 6
AccessControl
Authentication
Authorization
SelfIdentification
Provisioning
Registration
Maximummarks:3
FederationI
INF3510-V18
13/19
31 FederationI
Namethethreecomponentsinastandardfederationenvironment.Points:1foreachcorrectanswer,0forwrong,0fornoanswer,max3totalscore(1)
(2)
(3)
Maximummarks:3
32 FederationIISelectthefederationtypeoftheeduroamsystem.Points:1forcorrect,0forwrong,0forunansweredSelectanalternative:
DistributedIdentity+DistributedAuthentication
CentralizedIdentity+DistributedAuthentication
DistributedIdentity+CentralizedAuthentication
CentralizedIdentity+CentralizedAuthentication
Maximummarks:1
33 AccessControlSelectthecorrectstatementsonaccesscontrol(DAC=DiscretionaryAccessControl,MAC=MandatoryAccessControl,RBAC=Role-BasedAccessControl,ACL=AccessControlList)Points:1foreachcorrect,0forwrong,0fornoanswer,max3totalscore
Selectoneormorealternatives:
INF3510-V18
14/19
Selectoneormorealternatives:
RBACcanbecombinedwithDAC.
DACisusedinLinuxsystems.
MACistypicallyimplementedwithACLs
AnACLmapsausertorole.
InMACtheuserdefinestheaccesstotheresourcehehascreated.
InRBAC,userscanownmultipleroles.
Maximummarks:3
Part8:CommunicationSecurity
34 SecurityProtocolsSpecifiytherespectiveOSIlayersTLSandIPSecareoperationgon.Points:1foreachcorrect,0forwrong,0fornoanswer.
TLS: ,IPSec:
Maximummarks:2
35 TLSISelectforthefollowingstatementsiftheyaretrueorfalse.Points:0.5foreachcorrect,-0.5forreachwrong,0fornoanswer,max4totalscore
Pleasematchthevalues:
INF3510-V18
15/19
Pleasematchthevalues:
false true
ThesessionkeyiscreatedduringtheTLShandshakefrom3randomnumbers.
TLSensuresintegrityoftransferreddata.
Ifactivated,TLSsecuresallTCPconnectionsoriginatedfromthatcomputer.
Forexchangeofsessionkeys,RSAismoresecurethanDH.
ClientandservermustauthenticateinsideaTLSconnection.
Thealgorithmsusedinsideasessionarenegotiatedbetweenclientandserver.
HTTPandHTTPScanbeofferedonthesameTCPport.
Thesubjectoftheservercertificatemustbeequaltotheserver’shostnameenteredinthebrowser.
Maximummarks:4
36 TLSIINametwo(2)weaknesses/attacksforTLS.Points:1foreachcorrect,0forwrong,0fornoanswer,max2totalscoreFillinyouranswerhere
Maximummarks:2
37 TORExplainthemetaphor"onion"intheTORsystem.Points:max2totalscoreFillinyouranswerhere
INF3510-V18
16/19
Maximummarks:2
Part9:NetworkPerimeterSecurity
38 FirewallSelectthestatementsonfirewallswhicharetrue:Points:1foreachcorrect,0forwrong,0fornoanswer,max2totalscoreSelectoneormorealternatives:
TheLinuxiptablesisanimplementationofanapplicationlayerproxy.
Anetworkfirewallisnamedlikethis,becauseitcompletelyseparatestwonetworks.
StatefulpacketfilterscancorrelateaDNSresponsetoapriorDNSrequest.
AapplicationlayerproxycanhandleallprotocolsontopofTCP.
Inproxymode,theclientmakesaTCPconnectiontothefirewallandthefirewallcreatesasecondTCPconnectiontotheserver.
Apacketfilteroperatesonnetworklayer3and2.
Maximummarks:2
39 TLSInspectionBrieflyexplainhowausercanknowwhethertheTLS-encryptedtrafficfromaworkstationinacompanytoaremoteserverontheInternetisbeinginspectedinthecompanygatewayfirewall.Points:max2totalscoreFillinyouranswerhere
Maximummarks:2
40 DMZ
INF3510-V18
17/19
Inthecaseoftwofirewallswithaso-calledDMZ(DemilitarizedZone)betweenthem,servers/systemscanbeconnectedtoeithertheDMZortointernalnetworks.Selectthetypicallocationforconnectingtheservers/systemsintheleftcolumnbelow.Points:0.5foreachcorrect,-0.5forwrong,0forunanswered,max3totalscoreSelectcorrectplacementofeachtypeofsystem:
DMZ InternalNetworks
DatabaseServer
DNSServer
Emailserver
ProductionServer
WebServer
Workstation
Maximummarks:3
41 IDSThetwomaintechniquesusedinIDS(IntrusionDetectionSystems)areSignature-BasedDetectionandAnomaly-BasedDetectionrespectively.SelecttherelevantIDStechniqueforeachpropertyintheleftcolumnbelow.Points:0.5foreachcorrect,-0.5forwrong,0forunanswered,max3totalscore
SelecttherelevantIDStechniqueforeachproperty:
INF3510-V18
18/19
SelecttherelevantIDStechniqueforeachproperty:
SignatureDetection AnomalyDetection
Basedonknownattacks
Candetectunknownattacks
Canonlydetectknownattacks
Generatesrelativelyfewfalseintrusionalarms
Basedonlearningnormalbehaviour
Generatesrelativelymanyfalseintrusionalarms
Maximummarks:3
Part10:ApplicationSecurity
42 MalwareSelecttherelevanttypeofmalwareaccordingtoeachdescriptionintheleftcolumbelow.Points:1foreachcorrect,-1forwrong,0fornoanswer,max4totalscoreSelecttherelevanttypeofmalware:
Trojan Exploit Worm Virus
Aself-replicatingindependentmaliciousprogram
Self-replicatingmaliciouscodewhichisinjectedintootherprograms
Malicioussoftwareordatathatexploitsasoftware/hardwarevulnerabilityinsystems
Auser-installedprogramwithhiddenmaliciousfunctionality
Maximummarks:4
INF3510-V18
19/19
43 OWASPMentionthemeaningoftheacronymOWASP,andbrielfydescribewhatthe'OWASPTop10'is.Points:max2totalscore)Fillinyouranswerhere
Maximummarks:2
44 SQLInjectionAssumeaWeblogin,wheretheusercanenteranemailaddressandapassword.Theenteredparameters(<email>and<passwd>)areforwardedtothefollowingSQLstatementinsidetheWebapplication:
SELECTuseridFROMuserWHEREemail='<email>'ANDpasswd='<passwd>';IftheSQLresultisnotempty,theuserisauthenticated.Anattackerentersaspassword:
x'or'1'='1Whatwillhappen?Points:max2Fillinyouranswerhere
Whatcountermeasurescanbeappliedtofixthepreviousproblem?Points:max2Fillinyouranswerhere
Maximummarks:4