Computer and Network Security

C-1.5 / Suppose that you are a computer virus writer ; hence , you know that you need to store a copy of
the code for your virus inside the virus itself . Moreover, suppose you know that a security
administrator is also aware of this fact and will be using it to detect the presence of your virus in
operating systems files, as described in the previous problem. Explain how you can hide the
embedded copy of your virus so that it is difficult for the security administrator to find it ?

C_ 1.9 / Benny is a thief who tried to break into an Automated Teller Machine (ATM) using a
screwdriver, but was only able to break five different keys on the numeric keypad and jam
the card reader, at which point the heard Alice coming , so he hid . Alice walked up, put in her
ATM card, successfully entered her 4-digit PIN, and took some cash. But she was not able to
get her card back, so she drove off to find help . Benny then went back to the ATM, and started
entering numbers to try to discover Alice’s PIN and steal money from her account . what is the
worst-case number of PINs that Benny has to enter before correctly discovering Alice’s PIN?

C- 1.20 / Describe a good solution to the problem of having a group of students collaborate on a
Software construction project using the directory of one of the group members in such
A way that it would be difficult for nonmembers to discover and would not require the help
From a system administrator , assuming that the only access rights the group leader can modify
are those for ” everyone.” You may assume that access rights for directories are ”read,” “write,”
and “exec”,” where “read” means the files and subdirectories in that directory can be inserted ,
deleted , or renamed , and “exec” on a directory or subdirectory means the user can change his
location to that directory or subdirectory so long as he specifies its exact name.

C-2.4 / A group of n red pirates and a group of n blue pirates have a shared treasure chest and one unique
Lock and key for each pirate . using hardware that is probably already lying around their two
ships, they want to protect the chest so that any pair of pirates, one red and one blue , can open
the chest using their tow locks and keys, but no group of red or blue pirates can open the chest
without having at least one pirate from the other group . How do they set this up ?

C-2.9 / A variation of the following biometric authentication protocol was experimentally tested several
years ago at immigration checkpoints in major U.S. airports. A user registers in person by
showing her credentials (e.g., passport and visa ) to the registration authority and giving her
fingerprint ( a “palmprint” was actually used ). The registration authority then issues to the user
a tamper resistant smartcard that stores the reference fingerprint vector and can execute the
matching algorithm . The checkpoint is equipped with a tamper resistant admission device that
contains a fingerprint reader and a smartcard reader. The user inserts her smartcard and provides
her fingerprint to the device , which forwards it to the smartcard . The smartcard executes the
comparison algorithms and outputs the result (“match” or “no match”) to the device, which
admits or rejects the user accordingly. Clearly, an attacker can defeat this scheme by
programming a smartcard that always outputs ” match.” Show how to modify the scheme to
make it more secure. Namely, the admission device needs to make sure that it is interacting
with a valid smartcard issued can perform cryptographic computations and that the admission
device knows the public key of the registration authority. The attacker can program smartcards
and is allowed to have an input-output interaction with a valid smartcard but cannot obtain
the data stored inside it?

C-2.12 / Consider the following security measures for airline travel. A list of names of people who
are not allowed to fly is maintained by the government and given to the airlines; people whose
names are on the list are not allowed to make flight reservations. Before entering the departure
area of the airport, passengers go through a security check where they have to present a
government-issued ID and a boarding pass. Before boarding a flight, passengers must present
a boarding pass, which is scanned to verify the reservation. Show how someone who is on the
no-fly list can manage to fly provided boarding passes can be printed online. Which additional
security measures should be implemented in order to eliminate this vulnerability?

C-3.2 / Alice has a picture-based password system, where she has each user pick a set of their 20
Favorite pictures, say, of cats, dogs, cars, etc. To login, a user is shown a series of pictures
in pairs-one on the left and one on the right. In each pair, the user has to pick the one that
is in his set of favorites. If the user picks the correct 20 out of the 40 he is shown ( as 20 pairs ),
then the system logs him in. Analyze the security of this system, including the size of the search
space. Is it more secure than a standard password system ?

C-3.5 / On Unix systems, a convenient way of packaging a collection of files is a SHeLL Archive,
or shar file. A shar file is a shell script that will unpack itself into the appropriate files and
directories. Shar files are created by the shar command. The implementation of the shar
command in a legacy version of the HP-UX operating system created a temporary file with
an easily predictable filename in directory /tmp. This temporary file is an intermediate file
that is created by shar for storing temporary contents during its execution. Also, if a file with
this name already exists, then shar opens the file and overwrites it with temporary contents.
If directory/tmp allows anyone to write to it , a vulnerability exists. An attacker can exploit such
a vulnerability to overwrite a victims file . (1) What knowledge about shar should the attacker
have ? (2) Describe the command that the attacker issues in order to have shar overwrite an
arbitrary file of a victim. Hint: the command is issued before shar is executed. ( 3) Suggest a
simple fix to the shar utility to prevent the attack. Note that this is not a setuid question?

Rationale
To demonstrate your understanding of:
fundamental security concepts
physical security concepts
operating system security concepts
Marking criteria
Marks will be awarded for:
Correctness of the answer
Demonstration of depth of knowledge
Number of valid points or features discussed
Clarity of Explanation
Correct in text and end of document referencing according to APA referencing format
Requirements
Answers should be approximately no more than half a page per question. All submissions should contain a reference list in APA format. In-text citations should also follow APA style.

Still stressed from student homework?
Get quality assistance from academic writers!