CPSC 424/624 Exam 2 Solutions closed book, notes, computer Spring 2015 (Note: there are no questions that are just for 624 students)

Size: px

Start display at page:

Download "CPSC 424/624 Exam 2 Solutions closed book, notes, computer Spring 2015 (Note: there are no questions that are just for 624 students)"

Bennett Cunningham
5 years ago
Views:

1 CPSC 424/624 Exam 2 Solutions closed book, notes, computer Spring 2015 (Note: there are no questions that are just for 624 students) Name: 1 (30) Questions on CIA 1.1 (15) One simple substitution cipher is the Ceasar Cipher. In one sentence explain how a Ceasar Cipher works. A Ceasar Cipher is a substitution cipher in which each letter in the plaintext is 'shifted' a certain number (i.e., the key) of places down the alphabet. Additionally, please encrypt the following cleartext using a Ceasar Cipher assuming a key of 2. You do not need to worry about the spaces.for simplicity assume your algorithm retains spaces. Assume only lowercase letters. Cleartext message: i hope i do well on this exam abcdefghijklmnopqrstuvwxyz i hope i do well on this exam k jqrg k fq ygnn qp vjku gzco The following is a line of ciphertext that has been encrypted using a Ceasar Cipher. You do not know the key. Crack the code.identify the cleartext message. Ciphertext message: j xjmm ep xfmm Cleartext message: i will do well based on a key of 1 1

2 1.2 (15) We use a digital signature method based on public key cryptography. The figure below illustrates Alice sending a message to Bob. Trudy is a woman-in-themiddle and intercepts the message. Trudy modifies the message, computes a new encrypted hash. Consider two cases. Case 1, explain how digital signatures will ensure that Bob detects that the message received has been modified by Trudy. Case 2, explain how digital signatures might allow Bob to receive the modified message thinking that it is from Alice. Please add to the figure as needed. You should limit your answer to no more than 1-2 sentences for each case. Alice sends message M to Bob, signs The message using her private key Bob receives M and applies the hash algorithm to produce a hash which must match the decrypted hash that was also received. M + Ehash sent over the public network M M M H Hash algorithm (H) Decrypt (D) compare hash Alice s public key Encryption (E) Alice s Private Key Encrypted hash (Ehash) Sometimes referred to as a signed message digest Trudy I Trudy modifies M, she will not be able to create an updated valid hash that would appear to Bob as M was signed by Alice. We modified the figure adding Case 1: If Trudy modifies M and updates the encrypted hash, Bob will detect when comparing the decrypted hash to the hash based on the received M. Case 2: Trudy will successfully deceive Bob if she can get Bob to decrypt the encrypted hash using her public key (and trick Bob into thinking he is using Alice s public key). This is the reason why public key cryptography requires a secure public key infrastructure (PKI). 2 (35) Questions on Networking 2.1 (12) Name 4 pieces of information in an IP packet header. 2

2.2 (12) On our Ubuntu VM, we issue a ping using the command ping c 1 s 10000 10.0.2.2. The MTU on all interfaces is 1500 bytes. Fragmentation occurs.

3 2.2 (12) On our Ubuntu VM, we issue a ping using the command ping c 1 s The MTU on all interfaces is 1500 bytes. Fragmentation occurs. Identify how many fragments are created by the VM. Make sure to identify the size (IP packet length) of each packet. Please show your thinking to get partial credit. The IP datagram will be bytes. The ICMP message is octets. This will be split in multiple packets. A frame with an MTU of 1500 limits the IP length of each packet to 1500 bytes. This leaves 1480 bytes of data. Remember that the data size of a fragment must be a multiple of 8 (why? Because the offset field in the IP header is in units of 8 octets). A data size of 1480 is divisible by 8.so it works out evenly. The number of fragments : ceil ( / 1480) = 7 The first 6 fragments: All 1500 bytes large. The 7 th fragment will contain 1128 bytes of data ( *6) making a final packet length of Note: The datagram is bytes. When fragmentation occurs, the datagram exists only at the end points. The receiving host s IP stack reassembles the fragments. Once all fragment arrive the byte datagram is passed up to the transport layer. When fragmentation occurs, a fragment is equivalent to an IP packet. When fragmentation does NOT occur, the packet is equivalent to the datagram. 3

4 2.3 (11) The following figure illustrates a private network interconnecting with the Internet through a NAT router. The IP address of the 4 network interfaces is specified. Host NAT-Router Host Host 2 issues a ping c Assume everything works. If we were to look at the IP packet that contains the ping message as it arrives at Host 1, what are the destination and source IP addresses? At Host 1, the IP packet that contains the ping ICMP request message has a dst IP of and a src IP of Show the necessary information that in the NAT-Router s translation table entry that is required to reverse translate the ping reply packet. Protocol Private side Information Public side Information Src IP dst IP ICMPID/port Src IP dst IP ICMPID/port ICMP ICMPID ICMPID If we assume the public source IP is always , the minimum translation table entry information must include: protocol ID, private src IP, private ICMPID It is possible to NOT require the dst IP and record the public side ICMPID. However, the better approach is to save both the dst IP along with the ICMPID. Full score requires the table entry shown above (7 pieces of information). You need to indicate your assumptions in order to get full credit for less than 7 pieces of information. 4

5 Now Host 2 issues ping c but the NAT-Router s interface is down. Identify all packets that are sent and received (in both networks) as a result of this. You just need to specify the source and destination IP address for all packets. And indicate in words what type of message is contained in each packet (e.g., an ICMP ping request, an ICMP ping reply,.). Solution Host NAT-Router Host Packet 1 ===== ping icmp request Packet ICMP error message (type 3 code 0) Packet 1: src/dst IP : / Packet 2: src/dst IP: / (35) Questions on bash In HW2, question 2 asked you to develop a script to identify files updated within a specified number of days. The parameter that specifies the number of days is $daysago. In the following bash snippet (from the posted solution), we do an error check to make sure $daysago is valid. >>your answer here<< # ensure daysago is a positive integer if! [[ "$daysago" =~ $INTEGER_REGEXP ]] ; then echo "[ERROR] daysago must be a positive integer" usage exit -1 fi 3.1 (12) Add a line of bash script code that correctly sets $INTEGER_REGEXP. INTEGER_REGEXP='^[1-9][0-9]*$' 5

6 3.2 (12) The script solution has the lines: while read -r user ; do count=$(find "$directory" -type f -mtime "-$daysago" -user "$user" - print0 tr -d -c '\0' wc -c) if (( "$count" > 0 )) ; then filecount["$user"]="$count" fi done <<< "$(awk -F':' '{ print $1 }' /etc/passwd)" Assume the passwd file has exactly two lines: bob:x:1000:1000:bob,,,:/home/jjm:/bin/bash alice:x:1000:1000:alice,,,:/home/alice:/bin/bash What does the "$(awk -F':' '{ print $1 }' /etc/passwd)" return? The line returns a list of user ids: bob alice 3.3 (11) Using a brief sentence, explain what the following line of script doing. count=$(find "$directory" -type f -mtime "-$daysago" -user "$user" -print0 tr -d -c '\0' wc -c) For each user in the list, count represents the number of files that have been modified within the last $daysago 6

Network Layer, Link Layer, and Network Security Summary

Network Layer, Link Layer, and Network Security Summary CPSC 826 Internetworking, Link Layer, and Network Security Summary http://www.cs.clemson.edu/~mweigle/courses/cpsc826 1 Chapter 4, 5, 8 Topics» Forwarding and Routing» Router Architecture» Internet Protocol