Pre-exam 3 Review. Fall Paul Krzyzanowski Distributed Systems

Transcription

1 Pre-exam 3 Review Fall 2012

2 Questions from Exam 3 Fall 2011

3 Question 1 If Alice has Bob s digital certificate, how can she send a message securely to Bob? The certificate contains Bob s public key. Encrypt the message with Bob s public key and send it to Bob.

4 Question 2 Bob needs to authenticate Alice by validating that she has the right password. Without using encryption, how can Bob authenticate Alice on an insecure network? Since the network is insecure, sending a hash of the password is insufficient since the intruder would be able to capture and reuse this data? CHAP protocol. Bob sends Alice a nonce (bunch of bits). Alice generates a hash on a message containing the nonce and the password. Bob has the password and the nonce and can validate the hash.

5 Question 3 Explain the fundamental difference between network file systems (e.g., NFS, SMB) and cluster file systems employing a shared disk infrastructure. Note: these are the file systems we looked at when we discussed clusters and using shared disks. Network FS: file system based interaction Cluster FS: block-level interaction. Each node has the full implementation of the file system. Need to control mutual exclusion via a DLM (distributed lock manager).

6 Question 4 Explain the difference between BigTable s and Amazon Dynamo s presentation of versions to client processes. BigTable: Chronological version history store past n versions Dynamo: Stores out-of-sync versions on different nodes either causally ordered or concurrent updates. Application-based reconciliation.

7 Question 5 You have millions of files of user comments to various blog articles. Each file contains {original-article-id, this-article-id (ID of this response article), author-id (the author of the response), date, and message}. You want to create a list of authors with a per-author count of the number of unique articles that the author commented on. Explain how you use Map- Reduce to compute this. Specifically, explain what the map function does, what data the reduce gets, and what the reduce function does. (1) Map: parse out {author-id, original-article-id}. Write these pairs to the intermediate files. (2) Reduce gets: each call gets author ID and a list of all original-article-ids (3) Reduce does: (a) sort original article IDs, (b) remove duplicates, (b) generate a count of unique original article IDs, (c) output author-id & count.

8 Question 6 Which of the following is not a responsibility of a map worker in the MapReduce framework: (a) Generate (key, value) pairs. (b) Target (key, value) data for one of R reduce workers. (c) Partition original data into shards. (d) Discard data of no interest. The master (coordinator) assigns workload to the map workers. Map workers partition intermediate (key, value) pairs.

9 Question 7 BigTable data is: (a) Sorted by row keys. (b) Sorted by column keys. (c) Unsorted and assigned to a node by a hash function of the row key. (d) Unsorted and assigned to a node by a hash function of the row and column keys.

10 Question 8 BigTable does not use Chubby to: (a) Discover tablet servers. (b) Store BigTable schema information. (c) Ensure there is only one master server running. (d) Forward client requests to the proper tablet server.

11 Question 9 Which of the following is not a property of Chubby? (a) A distributed lock service that manages leases for resources. (b) Uses active replication for fault tolerance. (c) Uses Paxos to ensure consistency among servers. (d) Uses load balancing across all replicas to respond to multiple client requests

12 Question 10 Which of the following does not help with key explosion? (a) Public key cryptography. (b) Symmetric cryptography. (c) Diffie-Hellman algorithm. (d) Trusted third party.

13 Question 11 If it takes you one minute to test all combinations of a 32-bit key, approximately how long will it take you to test all combinations of a 64- bit key? (a) 2 minutes. (b) 8 minutes. (c) 32 minutes. (d) 4 billion minutes 2 32 times more = 2 32 * 1 minute = 4,294,967,296 minutes

14 Question 12 The Diffie-Hellman algorithm is useful for: (a) Establishing a common key. (b) Encrypting data. (c) Signing data. (d) All of the above.

15 Question 13 An X.509 digital certificate stores the certificate owner s: (a) Public key. (b) Private key. (c) Public, private key pair. (d) Digital signature. It contains the certificate issuer s signature.

16 Question 14 What is inside a Kerberos sealed envelope (ticket)? (a) The session key. (b) A challenge message. (c) The requestor s digital certificate. (d) A handle to a Kerberos authentication structure within the Kerberos authentication server.

17 Question 15 CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) relies on: (a) A user answering a series of questions correctly. (b) A user knowing one of several shared secrets. (c) An inability to develop good character recognition algorithms. (d) Detecting varying degrees of randomness in responses to challenges.

18 Question 16 A user s OpenID Identity Provider is: (a) Selected explicitly by the user during the authentication process. (b) Located by contacting an OpenID registry. (c) Stored with the user s preference on each site on which the user has an account. (d) Identified in the user s login name. The login name is in the form pxk.pip.verisignlabs.com The provider is pip.verisignlabs.com

19 Question 17 Which protocol does is not suited for authenticating a user on an insecure network? (a) PAP (Password Authentication Protocol). (b) CHAP (Challenge Handshake Authentication Protocol). (c) S/Key. (d) Public key authentication.

20 Question 18 A hybrid cryptosystem is one where: (a) A private key is used for key exchange and a public key is used for data encryption. (b) A public key algorithm is used for key exchange and a symmetric algorithm for data encryption. (c) Two layers of encryption are used on the data for greater security. (d) Data flowing from the client to the server is encrypted with a different algorithm than data from the client to the server.

21 Question 19 An OAuth request token is: (a) Created by the service provider to provide the consumer site with a list of services that it offers. (b) Created by the user in order to authenticate with the consumer (client). (c) Sent by a consumer site to invoke services on a remote service (provider). [an access token is used for this] (d) Used by a consumer site to identify what access is being requested from a provider.

22 Question 20 The main design goal of Google Cluster Architecture was: (a) Maximize processor performance to achieve high performance computing. (b) Be efficient in terms of energy consumption and hardware costs. (c) Create virtual clusters from a set of machines dedicated to a specific set of tasks. (d) Maximize fault tolerance to ensure reliable service

23 Question 21 At least how much physical redundancy is required for a system to be k-fault tolerant against Byzantine faults? (a) k components. (b) 2k components. (c) k+1 components. (d) 2k+1 components. (k+1) good components to overrule k failed components. Total = 2k+1.

24 Question What are the minimum screening router capabilities that are needed to disallow any access from the outside network to the FTP service on one of your machines? (a) Stateless inspection. (b) Stateful inspection. (c) Deep packet inspection. (d) Application proxy.

25 Question 23 What are the minimum screening router capabilities that are needed to ensure that HTTP requests with headers containing binary data are dropped? (a) Stateless inspection. (b) Stateful inspection. (c) Deep packet inspection. (d) Application proxy.

26 Question 24 A web server should be placed in the: (a) External network (Internet). (b) DMZ (perimeter) network. (c) Internal network. (d) Private network.

27 Question 25 A dual-homed host is a machine that: (a) Migrates between two locations, such as work and home. (b) Runs at least two virtual machines. (c) Has at least two user accounts. (d) Has two network connections and two IP addresses

28 Question 26 TCP/IP achieves fault tolerance via: (a) Time redundancy. (b) Information redundancy. (c) Physical redundancy. (d) It does not aim to achieve fault tolerance

29 Question 27 Cascading failover is the case when: (a) One failure triggers another failure. (b) An application can start from a checkpointed state. [warm restart] (c) A failover machine fails. (d) Workload on a failed machine needs to be split among several surviving nodes. [multidirectional failover]

30 Question 28 A system-area network such as Myrinet or Infiniband is favored for high performance clustering because it: (a) Has lower latency than using IP-based protocols over Ethernet. (b) Is a high bandwidth interconnect. (c) Is designed to be highly reliable. (d) All of the above. If you are not sure about (c), but know (a) and (b) must be true, that will steer you to (d).

31 Question 29 Unlike regular hashing, consistent hashing is a hashing technique that: (a) Always generates the same value when given the same input data. (b) Generates a fixed-length result. (c) Does not cause hash values for most keys to change if the number of slots changes. (d) Allows one to retrieve the original data by applying an inverse hash function.

32 Question A hash function is a form of a one-way function. [True] [False] 31. For Alice to log in using S/Key authentication, she needs to be able to compute a one-way function to generate the next valid password. [True] [False] S/Key uses one-way functions to compute the list of one-time passwords that are then given to the user. The user never has to compute anything. 32. The OpenID protocol designates the use of public key cryptography for user authentication. [True] [False] OpenID does not define the use of any specific user authentication protocol that s up to the implementation.

33 Question The goal of OAuth is to allow users to grant web sites restricted access to other web services. [True] [False] 34. A weakness in CHAP authentication is that if an intruder sees both the challenge and the response, it is easy to figure out the shared secret. [True] [False] No. An intruder will see the challenge and the response but the response is a one way function (e.g., hash) of the challenge and secret. Knowing the response does not enable one to compute the inverse function and find the secret. 35. RSA s SecurID is a challenge-response authentication system. [True] [False] No. There is no challenge issued to the user. It s a one-time password system that generates a time-varying password that is a function of the user s PIN, time of day, and shared secret (stored on the card and on the server).

34 Question BigTable uses a coordinator; Dynamo does not. [True] [False] 37. BigTable replicas are eventually consistent; Dynamo replicas are strictly consistent. [True] [False] OpenID does not define the use of any specific user authentication protocol that s up to the implementation. 38. OAuth does everything OpenID does and more. [True] [False] OAuth is designed for decentralized authorization (allowing or denying access to web services). OpenID is designed as a service for decentralized authentication (having a user prove his/her identity). OpenID gives you one login for multiple web sites. OAuth lets you allow one website to access data from another site.

35 Question A heartbeat network is useful for distinguishing failed machines versus failed networks. [True] [False] 40. A shared-nothing cluster architecture does not need a distributed lock manager (DLM). [True] [False]

36 Exam 3 Spring 2009 Question 1 What are the three factors of authentication? 1. Something you know (e.g., password) 2. Something you have (e.g., access card, key) 3. Something you are (e.g., fingerprint)

37 Exam 3 Spring 2009 Question 2 When you request a service via Kerberos, you are presented with a ticket. What does this ticket contain and how is it used? The ticket contains the session key that you will use for communicating with the service but it is encrypted with the service s secret key so you can t see it. You pass it to the service. Because the service can decrypt the ticket, it knows that Kerberos (a trusted party) must have created it.

38 Exam 3 Spring 2009 Question 3 How would you check that a digital certificate is valid? Specifically, explain how you ensure that it (a) has not been modified and (b) is really issued by the party that claims to have created it? a) The certificate is signed. To check that it has not been modified, generate a hash of all the data in the certificate except the signature. Decrypt the signature using the provider s public key. If the decrypted signature matches your hash then the data has not been modified b) The certificate really is issued by the provider if part (a) worked because decrypting the signature with the provider s public key worked it means the provider s private key was used to encrypt the hash. To really ensure it s validity, you need to have the provider s public key in a certificate from a trusted source.

39 Exam 3 Spring 2009 Question 5 Is the following statement true or false? Explain and defend your position. Application proxies were once useful but have been rendered obsolete with the introduction of SPI (stateful packet inspection) firewalls as successors to packet filters. False. Packet filters and application proxies serve two different purposes. Packet filters do NOT validate the application protocol. For example, a packet filter can disallow all HTTP traffic to a set of machines (drop packets going to port 80). It cannot discover that the request contains a mangled URL that is an attempt to exploit a security hole or that an message contains a virus. BTW, What SPI adds to simple packet inspection is the ability to track state for example, knowing that a TCP connection has been established or allowing certain ports to be accepted because a connection has been established on other ports.

40 Exam 3 Spring 2009 Question 8 Define each of the following terms. 8. DMZ The Demilitarized Zone is a subnet that exposes services to the internet. It is separate from the internal local area network and can communicate with both the Internet and internal network.

41 Exam 3 Spring 2009 Questions 9-10 Define each of the following terms. 9. Tunnel Refers to encapsulating an entire packet as data (payload) inside another packet. Most often used in a VPN to get Intranet packets from one LAN to another over a public network the entire IP packet is sent as data via an IP packet over the Internet. This way, local addressing can still be used within those packets and each machine does not have to be uniquely addressable on the Internet. 10. Heartbeat Network Software and/or hardware mechanisms designed to allow machines to test (ping) other machines periodically to ensure that they are up and functioning

42 Exam 3 Spring 2009 Questions Define each of the following terms. 11. Warm failover An application restart where the restarted application resumes from a previous checkpoint instead of starting from the beginning. 12. Distributed Lock Manager (DLM) In clustering, mutual exclusion control to allow multiple machines to coordinate access to a single shared disk. 13. Cascading failover The case where an application failed-over (was restarted) to another machine but then had to fail over to yet another system because that machine died.

43 Exam 3 Fall 2006: Question 4 The Diffie-Hellman algorithm is not an encryption algorithm. What is it good for? It allows two parties to establish a common key that no other two parties can compute.

44 Spring 2007: Question 1 (a) How is a nonce used for authentication in publickey cryptography? Give a simple example of Alice authenticating Bob. The idea is: Prove that the other person has the private key. Alice: generate nonce. send it to Bob. Bob: receive nonce; encrypt with his private key. send encrypted result back to Alice. Alice: receive message from Bob. decrypt with Bob s public key. If decryption matches the nonce, Bob has the private key.

45 Spring 2007: Question 1 (b) How is a nonce used for authentication in symmetric cryptography? Give a simple example of Alice authenticating Bob. Prove that the other person has the shared key. Alice: generate nonce. send it to Bob. Bob: receive nonce; encrypt with the key. send encrypted result back to Alice. Alice: receive message from Bob. decrypt with the key. If decryption matches the nonce, Bob also has the key.

46 Spring 2007: Question 2 What is the purpose of a ticket (sealed envelope) in Kerberos? To send the session key securely to the other party.

47 Spring 2007: Question 3 How do you use an X.509 digital certificate to validate signed software? Hash the code H(M) Decrypt the signature with the public key in the certificate D K (E k [H(M)]) = H(M) where D K : decrypt with symmetric key K E k : encrypt with private key k Compare the decrypted signature with the hash If match we re convinced the code has not been modified. Code (M) Signature = E k [H(M)] Certificate (K, )

48 Spring 2007: Question 4 Northrup-Grumman developed a mobile electronic fingerprinting system for use by the UK police. A search of 6.6 million prints takes under five minutes. An index into a database of 6.6 million records generally takes only a few milliseconds. Why does the fingerprint search take so long? Fingerprint lookups would have to use statistical pattern matching - not a direct index. There s no unique number that s obtained from the biometric that you can index.

49 Fall 2007: Question 4 When you set up an environment with a DMZ, identify which classes of machines belong in the following networks? Any Internet-accessible servers will live in the DMZ. Any internal systems will be in the internal network. No machines will be directly on the internet. Type of machine Directly on Internet DMZ network Internal network Application proxies X Servers with no associated application proxies X Servers with associated application proxies X Generic user machines X

50 Spring #1 Explain how you use hash functions and public key cryptography to generate a digital signature for a document. Generate a hash of a message. Encrypt it with your private key.

51 Spring #2 You need to create a system where you need to validate a user s password. How can you create a publicly-readable password file? Software that verifies a password cannot employ any keys in validating a password against data in the file. Explain what is contained in the file and how the software validates the password. (Think about McCarthy s puzzle.) This is McCarthy s puzzle and is the way password files on Unix systems work. Instead of storing a password, the result of a one-way-function (e.g., a hash) on the password is stored. The publicly-readable password file contains a set of tuples: (user name, one-way-function-of-password). When a user enters a login name and password, the system will apply the one-way function on the password and compare it with the one in the file.

52 Fall #1d (slightly modified) How does a man-in-the-middle attack work? The man-in-the-middle masquerades as the server to the client. The client sends authentication credentials to the Man in the Middle, who forwards them to the real server. Once the server authenticates the user, the Man in the Middle can use the connection. K M K A E M (S) E S (msg) MitM E A (S) E S (msg)

53 Fall #2a When does it make sense to encrypt something with a public key? For covert communication. Only the holder of the corresponding private key can read it.

54 Fall #2b When does it make sense to encrypt something with a private key? As a signature. Anyone can decrypt the message with the corresponding public key but they know the message must have been created by the owner of the key.

55 Fall #4 Explain the term demilitarized zone (DMZ) in network design. What kind of machines go into a DMZ? A screened (protected) subnet between the outside network (Internet) and the inside network. Machines offering services on the Internet.

56 Spring 2004 #1 What is a digital certificate? It s a signed public key. More precisely, it s some data (your name, address, and/or other information) and your public key. The entire message is signed by a trusted certification authority (CA). If you have the CA s public key, you can verify the signature.

57 Spring 2004 #1b Give an example of how you can authenticate someone with a digital certificate? Suppose you have Alice s certificate. How do you authenticate Alice? The certificate is just a public key. Once you ve validated its signature (convincing yourself it s not forged), you just need to prove the other party has the corresponding private key. Send Alice a nonce (a random number) and ask her to encrypt it with her private key. If you can decrypt what she sends back using the public key in her certificate, then you re convinced that she really does have the corresponding private key.

58 Spring 2004 #2 Why can t you copy a digital signature from one document and attach it to another? A digital signature is a hash of the message (document) that is encrypted with the signer s private key. You cannot regenerate the signature using the hash of the new document because you need the signer s private key for that. If you can find/create another document that has the exact same hash then the signatures will be the same. This should be practically impossible for a good hash function.

59 Spring 2004 #3a What is a session key? A session key is a throw-away key - a key that is created for a communication session and discarded after the session. For symmetric algorithms, the key is just a random number.

60 Spring 2004 #3b How is it created, shared, and used in a hybrid cryptosystem? It is created by picking a random number. It is shared by encrypting it with the recipient s public key. Only the recipient will be able to decrypt it with the corresponding private key. Once both sides have it, then all encryption is performed using the session key and a symmetric algorithm.

61 Spring 2004 #4 Prove that a hash can never be collision-free for an arbitrary set of inputs. A hash is a fixed-length quantity, n bits long. This means that it can uniquely identify any one of 2 n values. If you hash 2 n +1 inputs, at least one of them will have to result in a duplicate value.

62 Spring 2004 #6 What is a network tunnel? It s the encapsulation of a network messages within another network message. It s the underlying component of a virtual private network (VPN) and allows you to send all packets destined to the remote subnet to one IP address (the external address of the remote router). The router will then extract the enveloped packets and route them on the internal network.

63 Fall 2005 #4 What problem were digital certificates created to solve? To allow people to pass public keys around that could be authenticated.

64 The End