UNIVERSITI SAINS MALAYSIA. CCS523 Computer Security & Cryptography [Keselamatan Komputer & Kriptografi]

Similar documents
UNIVERSITI SAINS MALAYSIA. CMT322/CMM323 Web Engineering & Technologies [Kejuruteraan & Teknologi Web]

UNIVERSITI SAINS MALAYSIA. CST333 Distributed & Grid Computing [Perkomputeran Teragih & Grid]

UNIVERSITI SAINS MALAYSIA. CPT344 Computer Vision & Image Processing [Penglihatan Komputer & Pemprosesan Imej]

UNIVERSITI SAINS MALAYSIA. CST332 Internet Protocols. Architecture & Routing [Protokol, Seni Bina & Penghalaan Internet]

UNIVERSITI SAINS MALAYSIA. CCS521 Advanced Distributed Systems Concepts and Design [Konsep dan Reka Bentuk Sistem Teragih Maju]

UNIVERSITI SAINS MALAYSIA. CST334 Network Monitoring & Security [Pengawasan & Keselamatan Rangkaian]

UNIVERSITI SAINS MALAYSIA. CST232 Operating Systems [Sistem Pengendalian]

INSTRUCTION: This section consists of TWO (2) structured questions. Answer ALL questions.

UNIVERSITI SAINS MALAYSIA. CST131 Computer Organisation [Organisasi Komputer]

UNIVERSITI SAINS MALAYSIA. CST331 Principles of Parallel & Distributed Programming [Prinsip Pengaturcaraan Selari & Teragih]

MSS 317 Coding Theory [Teori Pengekodan]

UNIVERSITI SAINS MALAYSIA. CST131 Computer Organisation [Organisasi Komputer]

UNIVERSITI SAINS MALAYSIA. CPT113 Programming Methodology & Data Structures [Metodologi Pengaturcaraan & Struktur Data]

UNIVERSITI SAINS MALAYSIA. CPT111/CPM111 Principles of Programming [Prinsip Pengaturcaraan]

UNIVERSITI SAINS MALAYSIA. Peperiksaan Semester Pertama Sidang Akademik 2003/2004. September/Oktober 2003

UNIVERSITI SAINS MALAYSIA. CCS523 Computer Security & Cryptography [Keselamatan Komputer & Kriptografi]

UNIVERSITI SAINS MALAYSIA. CST131 Computer Organisation [Organisasi Komputer]

EEE 428 SISTEM KOMPUTER

UNIVERSITI SAINS MALAYSIA. CPT211-CPM313 Programming Language Concepts & Paradigm [Konsep & Paradigma Bahasa Pengaturcaraan]

UNIVERSITI SAINS MALAYSIA. CCS522 Advanced Data Communication & Computer Networks [Rangkaian Komputer & Komunikasi Data Lanjutan]

UNIVERSITI SAINS MALAYSIA. CCS522 Advanced Data Communication and Computer Networks [Rangkaian Komputer dan Komunikasi Data Lanjutan]

INSTRUCTION: This section consists of TWO (2) structured questions. Answer ALL questions.

INSTRUCTION: This section consists of FOUR (4) structured questions. Answer ALL questions.

INSTRUCTION: This section consists of TEN (10) structured questions. Answer ALL questions.

INSTRUCTION: This section consists of FOUR (4) structured questions. Answer ALL questions.

UNIVERSITI SAINS MALAYSIA. CST331 Principles of Parallel & Distributed Programming [Prinsip Pengaturcaraan Selari & Teragih]

CPT211/CPM313 Programming Language Concepts & Paradigms [Konsep & Paradigma Bahasa Pengaturcaraan]

CPT111/CPM111 Principles of Programming [Prinsip Pengaturcaraan]

MSS 318 Discrete Mathematics [Matematik Diskret]

...a- JEE ELEKTRONIK DIGIT II. UNlVERSlTl SAINS MALAYSIA. Peperiksaan Semester Kedua Sidang Akademik FebruarVMac 2003.

INSTRUCTION: This section consists of TWO (2) short answer and structured essay questions. Answer ALL questions.

UNIVERSITI SAINS MALAYSIA. CPT341 Software Design & Architecture [Reka Bentuk & Seni Bina Perisian]

UNIVERSITI SAINS MALAYSIA. CMT422 Multimedia Information Systems & Management [Sistem & Pengurusan Maklumat Multimedia]

UNIVERSITI SAINS MALAYSIA. CST234 Network Programming [Pengaturcaraan Rangkaian]

Pengenalan Sistem Maklumat Dalam Pendidikan

CPT212 Design & Analysis of Algorithms [Reka Bentuk & Analisis Algoritma]

ssk 2023 asas komunikasi dan rangkaian TOPIK 4.0 PENGALAMATAN RANGKAIAN Minggu 11

UNIVERSITI SAINS MALAYSIA

PART A SULIT (EKT 221) BAHAGIAN A. Answer ALL questions. Question 1. a) Briefly explain the concept of Clock Gating.

UNIVERSITI SAINS MALAYSIA. CMT324 Computer Graphics & Visual Computing [Grafik Komputer & Perkomputeran Visual]

INSTRUCTION: This section consists of TWO (2) structured questions. Answer ALL questions.

INSTRUCTION: This section consists of TWO (2) questions. Answer ALL questions. ARAHAN: Bahagian ini mengandungi DUA (2) soalan. Jawab SEMUA soalan.

COMBINING TABLES. Akademi Audit Negara. CAATs ASAS ACL / 1

UNIVERSITI SAINS MALAYSIA. CPT103/ CPM211 Struktur Data & Paradigma Pengaturcaraan

MICROSOFT EXCEL. Membina Hamparan Elektronik Fungsi Hamparan Elektronik

EEE348 INTRODUCTION TO INTEGRATED CIRCUIT DESIGN (PENGANTAR REKABENTUK LITAR BERSEPADU)

INSTRUCTION: This section consists of FOUR (4) structured questions. Answer ALL questions.

UNIVERSITI SAINS MALAYSIA. CST231/CSM331 Data Communications & Networks [Komunikasi Data & Rangkaian]

UNIVERSITI SAINS MALAYSIA. CMT224/CMM221 Multimedia Systems [Sistem Multimedia]

PANDUAN PENGGUNA (SUPPLIER) MAINTAIN CERTIFICATES/SUPPLIER DETAILS SUPPLIER RELATIONSHIP MANAGEMENT SUPPLY CHAIN MANAGEMENT SYSTEM (SCMS)

Panduan Guru Maker UNO/ Arduino

EEE 348 PENGANTAR REKABENTUK LITAR BERSEPADU

Panduan Pengguna Autodesk Education Community

PANDUAN PENGGUNA (SUPPLIER) MAINTAIN CERTIFICATES/SUPPLIER DETAILS SUPPLIER RELATIONSHIP MANAGEMENT SUPPLY CHAIN MANAGEMENT SYSTEM (SCMS)

IMPLEMENTATION OF UNMANNED AERIAL VEHICLE MOVING OBJECT DETECTION ALGORITHM ON INTEL ATOM EMBEDDED SYSTEM

INSTRUCTION: This section consists of TWO (2) questions. Answer ALL questions. ARAHAN: Bahagian ini mengandungi DUA (2) soalan. Jawab SEMUA soalan.

UNIVERSITI SAINS MALAYSIA. CPT111 Principles of Programming [Prinsip Pengaturcaraan]

PANDUAN PENGGUNA (PENTADBIR SYSTEM/SYSTEM ADMINISTRATOR) (INFOTECH, BPPF DAN POLIS

Semasa buku ini ditulis XAMPP mengandungi empat versi:

CLOUD COMPUTING ADOPTION IN BANKING SYSTEM (UTM) IN TERMS OF CUSTOMERS PERSPECTIVES SHAHLA ASADI

UNIVERSITI SAINS MALAYSIA. CST431/CST335 Systems Security & Protection [Keselamatan & Perlindungan Sistem]

AN IMPROVED PACKET FORWARDING APPROACH FOR SOURCE LOCATION PRIVACY IN WIRELESS SENSORS NETWORK MOHAMMAD ALI NASSIRI ABRISHAMCHI

INSTRUCTION: This section consists of FOUR (4) questions. Answer ALL questions. ARAHAN: Bahagian ini mengandungi EMPAT (4) soalan. Jawab SEMUA soalan.

DARI KAUNTER KE SISTEM DALAM TALIAN

INSTRUCTION: This section consists of FOUR (4) structured questions. Answer ALL questions.

MULTIMEDIA COLLEGE JALAN GURNEY KIRI KUALA LUMPUR

OPTIMIZE PERCEPTUALITY OF DIGITAL IMAGE FROM ENCRYPTION BASED ON QUADTREE HUSSEIN A. HUSSEIN

MAT181 Programming For Scientific Applications [Pengaturcaraan Untuk Penggunaan Sains]

UNIVERSITI SAINS MALAYSIA. CST232 Operating Systems [Sistem Pengendalian]

UNIVERSITI SAINS MALAYSIA. CPT103/CPM211 Struktur Data & Paradigma Pengaturcaraan

UNIVERSITI SAINS MALAYSIA. CCS513 Computer Vision and Image Analysis [Penglihatan Komputer dan Analisis Imej]

INSTRUCTION: This section consists of TWO (2)short answers and TWO (2) structured essays. Answer ALL questions.

PANDUAN PENGGUNA (SUPPLIER) e-purchase ORDER FOR SERVICES

UNIVERSITI SAINS MALAYSIA. CST334 Network Monitoring & Security [Pengawasan & Keselamatan Rangkaian]

FIRST TIME LOGIN & SELF REGISTRATION USER GUIDE LOG MASUK KALI PERTAMA & PENDAFTARAN SENDIRI PANDUAN PENGGUNA

MULTIMEDIA COLLEGE JALAN GURNEY KIRI KUALA LUMPUR

Pengguna akan diberikan Username dan Password oleh Administrator untuk login sebagai admin/conference Manager bagi conference yang akan diadakan.

TEKNOLOGI, GADJET & KEIBUBAPAAN

UNIVERSITI SAINS MALAYSIA. CST432 Microprocessors & Embedded Systems [Mikropemproses & Sistem Terbenam]

CCS592 Advanced Algorithms and Complexity [Algoritma Lanjutan & Kekompleksan]

Lab 4 : Sorting Techniques

Panduan Menggunakan Autoresponder FreeAutobot.com

AUTOMATIC APPLICATION PROGRAMMING INTERFACE FOR MULTI HOP WIRELESS FIDELITY WIRELESS SENSOR NETWORK

HARDWARE/SOFTWARE SYSTEM-ON-CHIP CO-VERIFICATION PLATFORM BASED ON LOGIC-BASED ENVIRONMENT FOR APPLICATION PROGRAMMING INTERFACING TEO HONG YAP

PANDUAN PENGGUNA (PENSYARAH)

UNIVERSITI SAINS MALAYSIA. CMT322/CMM323 Web Engineering & Technologies [Kejuruteraan & Teknologi Web]

M2U MANUAL PENGGUNA USER MANUAL M2UNHJ. 0 P a g e BAHAGIAN SIMPANAN DAN PENGELUARAN JABATAN KHIDMAT PENDEPOSIT DAN OPERASI LEMBAGA TABUNG HAJI

CST432 Microprocessors & Embedded Systems [Mikropemproses & Sistem Terbenam]

UNIVERSITI SAINS MALAYSIA. CPT103 Struktur Data & Paradigma Pengaturcaraan

Information Security Management System ISO/IEC 27001:2013

A SEED GENERATION TECHNIQUE BASED ON ELLIPTIC CURVE FOR PROVIDING SYNCHRONIZATION IN SECUERED IMMERSIVE TELECONFERENCING VAHIDREZA KHOUBIARI

INSTRUCTION: This section consists of TWO (2)structured questions.answer ALL questions.

EEE 355 ROBOTIC & AUTOMATION [Robotik & Pengautomatan]

ssk 2023 asas komunikasi dan rangkaian TOPIK 4.0 PENGALAMATAN RANGKAIAN

MAT 181 Programming For Scientific Applications [Pengaturcaraan Untuk Penggunaan Sains]

CREATING USER ID AND PASSWORD : NOTA PENTING NOTA PENTING SEBELUM MEMULAKAN PROSES CREATE USER ID & PASSWORD

INSTRUCTION: This section consists of TWO (2) structured questions. Answer ALL questions.

UNIVERSITI SAINS MALAYSIA. CPT101 Prinsip-Prinsip Pengaturcaraan

MANAGE COURSE RESOURCES LABEL TEXT PAGE URL BOOK FILE FOLDER IMS CONTENT PACKAGE

MAT 181 Programming for Scientific Applications [Pengaturcaraan untuk Penggunaan Sains]

Transcription:

UNIVERSITI SAINS MALAYSIA First Semester Examination 2015/2016 Academic Session December 2015/January 2016 CCS523 Computer Security & Cryptography [Keselamatan Komputer & Kriptografi] Duration : 2 hours [Masa : 2 jam] INSTRUCTIONS TO CANDIDATE: [ARAHAN KEPADA CALON:] Please ensure that this examination paper contains THREE questions in NINE printed pages before you begin the examination. [Sila pastikan bahawa kertas peperiksaan ini mengandungi TIGA soalan di dalam SEMBILAN muka surat yang bercetak sebelum anda memulakan peperiksaan ini.] Answer ALL questions. [Jawab SEMUA soalan.] You may answer the questions either in English or in Bahasa Malaysia. [Anda dibenarkan menjawab soalan sama ada dalam bahasa Inggeris atau bahasa Malaysia.] In the event of any discrepancies, the English version shall be used. [Sekiranya terdapat sebarang percanggahan pada soalan peperiksaan, versi bahasa Inggeris hendaklah diguna pakai.]...2/-

- 2-1. (a) A Feistel Network (FN) is a special form of Substitution-Permutation network. However, in a standard FN, only half of the input is changed in a round. This design affects negatively on the diffusion speed of the plaintext. Provide two (2) improvement proposals to the FN structure, to increase the plaintext diffusion speed. Sketch your proposals. Many block ciphers are based on the design of FN, however there are few notable ciphers that are not based on FN, for example IDEA and AES. Name the non-linear operations found on IDEA and AES. Parties A 1,,A n and B wish to generate a secret conference key. All parties should know the conference key, but an eavesdropper should not be able to obtain any information about the key. They decide to use the following variant of Diffie- Hellman: there is a public prime p and a generator g of Z p *. User B picks a secret random b [0, p-1] and computes y = g b mod p. Each party A i picks a secret random a i [0, p-1] satisfying gcd(a i, p-1) = 1 and computes x i = g ai mod p. User A i sends x i to B. User B responds to party i by sending z i = x bi mod p. Show that party i given z i (and a i) can determine y. Explain why this implies that y can be used as the conference key. (c) Answer each of the following questions with a four-sentence answer at most. Explain the difference between digital signature and MAC. Can one be used in place of the other? Briefly explain the purpose of certificate chains. A server can authenticate a remote workstation by asking it to sign a random message. Why is this method worse than a customized authentication protocol, such as Fiat-Shamir? (iv) When designing the security component of a large system, should you use an off the shelf standardized cipher or design your own proprietary one?...3/-

- 3-2. (a) Among the categories of virus; boot sector and macro are two different types of virus which by order of categories mentioned above infect the system boot files and applications that are embedded with macro functionality. Encrypting the executable files can protect software systems. When a program is invoked, the executable files are decrypted and executed. Consider an administrator has two possibilities to store the necessary cryptographic keys: The key is stored on a smart card held by an authorised employee with appropriate administrative rights. The key is stored in a tamper-resistant device that decrypts and executes commands. Compare the security of these alternatives. How could an attacker bypass these controls? To which extent can these controls protect against viral infections? Answer each of the following questions with a four-sentence answer at most. (iv) What is the characteristics of a good firewall implementation? When is DMZ required? How is it implemented? Explain briefly the meaning of X.509. Explain briefly the meaning of PKI. (v) In the context of dynamic biometric user authentication, explain the terms: enrolment, verification and identification. (vi) What is S/MIME? How is it implemented?...4/-

- 4-3. (a) Consider the following two e-vote protocols in order that voters can send their votes electronically to the Election Authority (EA). Protocol A: 1. Each voter casts the vote and encrypts it with the public key of the EA. 2. Each voter sends the encrypted vote to the EA. 3. The EA decrypts all the votes to retrieve the original vote, tabulates all the votes, and announces the result of the election. Protocol B: 1. Each voter casts the vote, and signs it with her private key. 2. Each voter then encrypts the signed vote with the public key of the EA. 3. Each voter sends the vote to the EA. 4. The EA decrypts the vote with its private key, and verifies the signature of the voter with the help of the voter's public key. 5. The EA then tabulates all the votes, and announces the result of the election. Show that Protocol B is more secure than Protocol A from the perspective of the voters. Show that Protocol B is more secure than Protocol A from the perspective of the EA. Show that even Protocol B is still lacking in terms of privacy. Below is a secret splitting scheme. The scheme is devised such a way that neither Alice nor Bob has access to the complete secret, but they can combine their secrets to come up with the required combined secret. The scheme works as follows (Note: Trent is the trusted party). 1. Suppose that the plaintext secret (e.g. a combined password, which needs to be split into two parts) is P. 2. Trent generates a random number R, whose length in bits is exactly the same as that of P. 3. Trent performs an XOR operation on P and R to generate the combined secret, S, as follows: S = P R. 4. Trent now sends S to Alice and R to Bob. Device a similar protocol, but now the plaintext needs to be distributed to three parties (Alice, Bob and Cindy). All three parties need to combine their secrets to come up with the combined secret. (30/100)...5/-

- 5 - (c) Below is a scenario of an attack. Note that Tsutomu Shimomura had a trusted relationship between his home computer (X), and the computers at the University of Southern California (Y). 1. Kevin first flooded Tsutomu's home computer (X) with a series of SYN requests, causing it to virtually come to a halt. 2. Kevin then sent a SYN request to the main server (Y) at the University. In this packet, Kevin put the source address as X. That is, the source address was spoofed. 3. The server (Y) detected this as an attempt to establish a request for a TCP connection, and responded back with a SYN ACK response. As expected, the SYN ACK response went back to Tsutomu's home computer (X), because that was the source address in the original SYN request of step 2. 4. Kevin had flooded X in step 1. So, X was not able to see Y's response. What type of attack is this? What are the possible steps after step 4, that Kevin need to take?...6/-

KERTAS SOALAN DALAM VERSI BAHASA MALAYSIA - 6-1. (a) Feistel Network (FN) adalah satu bentuk khas rangkaian Substitution- Permutation. Walau bagaimanapun, dalam FN piawai, hanya separuh daripada input berubah dalam satu pusingan. Reka bentuk ini memberi kesan negatif kepada kelajuan penyebaran teks-nyata. Berikan dua (2) cadangan penambahbaikan kepada struktur FN, untuk meningkatkan kelajuan penyebaran teks-nyata. Lakarkan cadangan anda. Banyak algoritma rahsia blok adalah berdasarkan kepada reka bentuk FN, walau bagaimanapun terdapat beberapa algoritma rahsia blok yang tidak berdasarkan kepada FN, sebagai contoh IDEA dan AES. Namakan operasi tidak linear yang terdapat pada IDEA dan AES. Pihak A 1,,A n dan B ingin menjana kunci persidangan rahsia. Semua pihak perlu mengetahui kunci persidangan tersebut, tetapi pada masa yang sama pencuridengar tidak akan mendapat apa-apa maklumat tentang kunci persidangan itu. Mereka membuat keputusan untuk menggunakan varian algoritma Diffie-Hellman seperti berikut: terdapat nombor perdana awam p dan penjana g untuk Z p *. Pengguna B menjana nilai rahsia rawak b [0, p-1] dan mengira y = g b mod p. Setiap pihak A i menjana nilai rahsia rawak a i [0, p-1] yang memenuhi gcd(a i, p-1) = 1 dan mengira x i = g ai mod p. Pengguna A i menghantar x i kepada B. Pengguna B membalas kepada pihak i dengan menghantar z i = x bi mod p. Tunjukkan bahawa parti i yang diberi z i (dan a i) boleh menentukan y. Terangkan mengapa y boleh digunakan sebagai kunci persidangan itu. (c) Jawab setiap soalan-soalan berikut dengan jawapan yang tidak melebihi empat ayat setiap satu. Terangkan perbezaan di antara tandatangan digital dan MAC. Bolehkah alatan tersebut digunakan di tempat yang satu lagi? Terangkan secara ringkas maksud rantaian sijil....7/-

- 7 - Pelayan boleh mengesahkan stesen-kerja jauh dengan meminta stesen tersebut untuk menandatangani mesej secara rawak. Mengapa kaedah ini lebih bahaya daripada protokol pengesahan seperti protokol Fiat-Shamir? (iv) Apabila mereka-bentuk komponen sistem keselamatan yang besar, adakah anda perlu menggunakan algoritma-rahsia yang terdapat di pasaran, atau mereka-bentuk sistem anda sendiri? 2. (a) Antara klasifikasi virus; virus sektor but dan virus makro adalah dua jenis virus yang masing-masing menyerang fail sistem but dan aplikasi yang menggunakan fungsi makro. Penyulitan atur cara boleh laku melindungi sistem perisian. Apabila program digunakan, atur cara boleh laku dinyah-sulit dan dilaksanakan. Pertimbangkan seorang pentadbir komputer yang mempunyai dua alternatif untuk menyimpan kekunci kriptografi iaitu: Kekunci ditempatkan di dalam sebuah kad pintar kepunyaan pekerja yang mempunyai kuasa akses kawalan. Kekunci ditempatkan di dalam alat tahan-perubahan yang juga berfungsi untuk menyah-sulit dan melaksanakan arahan. Bandingkan kedua-kedua alternatif tersebut dari segi keselamatan? Bagaimanakah seorang penyerang dapat melepasi kawalan keselamatan ini? Bagaimanakah kawalan keselamatan yang diperoleh daripada kedua-dua kaedah penyimpanan kekunci ini memberi jaminan terhadap serangan virus. Jawab setiap soalan-soalan berikut dengan jawapan yang tidak melebihi empat ayat setiap satu. Apakah ciri-ciri pelaksanaan firewall yang baik? Bilakah DMZ diperlukan? Bagaimana ia dilaksanakan? Terangkan secara ringkas maksud X.509....8/-

- 8 - (iv) Terangkan secara ringkas maksud PKI. (v) Dalam konteks pengesahan pengguna biometrik dinamik, jelaskan terminologi berikut: pendaftaran, pengesahan dan pengenalan. (vi) Apakah S/MIME? Bagaimana ia dilaksanakan? 3. (a) Pertimbangkan dua protokol e-undi berikut supaya pengundi boleh menghantar undi mereka secara elektronik kepada Lembaga Pilihan Raya (EA). Protokol A: 1. Setiap pengundi membuang undi dan menyulitkan undi dengan kunci awam daripada EA. 2. Setiap pengundi menghantar undi yang telah disulitkan kepada EA. 3. EA menyah-sulit semua undi untuk mendapatkan undi asal, mengira semua undi, dan mengumumkan keputusan pilihan raya itu. Protokol B: 1. Setiap pengundi membuang undi, dan menandatangani undi tersebut dengan kunci peribadinya. 2. Setiap pengundi kemudian menyulitkan undi yang ditandatangani dengan kunci awam daripada EA. 3. Setiap pengundi menghantar undi kepada EA. 4. EA menyah-sulit undi dengan kunci peribadi, dan mengesahkan tandatangan pengundi dengan bantuan kunci awam pengundi. 5. EA kemudian mengira semua undi, dan mengumumkan keputusan pilihan raya itu. Tunjukkan bahawa Protokol B adalah lebih selamat daripada Protokol A dari perspektif pengundi. Tunjukkan bahawa Protokol B adalah lebih selamat daripada Protokol A dari perspektif EA. Tunjukkan bahawa walaupun Protokol B masih tidak mencukupi dari segi privasi....9/-

- 9 - Di bawah adalah skim pemisahan rahsia. Skim ini dirancang sedemikian rupa sehingga Alice mahupun Bob tidak mempunyai akses kepada rahsia yang lengkap, tetapi mereka boleh menggabungkan rahsia mereka untuk mendapatkan rahsia gabungan yang diperlukan. Skim ini berfungsi seperti berikut (Nota: Trent adalah parti yang dipercayai). 1. Katakan rahsia teks-nyata (misalnya kata laluan gabungan, yang perlu berpecah kepada dua bahagian) adalah P. 2. Trent menjana nombor rawak R, panjangnya dalam bit adalah sama dengan panjang P. 3. Trent melakukan operasi XOR pada P dan R untuk menjana rahsia gabungan, S, seperti berikut: S = P R 4. Sekarang Trent menghantar S kepada Alice dan R kepada Bob. Bangunkan protokol yang sama, tetapi sekarang teks-nyata perlu diagihkan kepada tiga parti (Alice, Bob dan Cindy). Ketiga-tiga parti perlu menggabungkan rahsia mereka untuk mendapatkan rahsia gabungan. (30/100) (c) Di bawah adalah senario serangan. Ambil perhatian bahawa komputer rumah (X) Tsutomu Shimomura mempunyai hubungan saling mempercayai dengan komputer di University of Southern California (Y). 1. Langkah pertama, Kevin membanjiri komputer rumah Tsutomu (X) dengan permintaan SYN, menyebabkan computer itu hampir terhenti. 2. Kemudian Kevin menghantar permintaan SYN kepada pelayan utama (Y) di Universiti. Dalam paket ini, Kevin meletakkan alamat sumber sebagai X. Iaitu, alamat sumber telah diperdaya. 3. Pelayan (Y) mengesan usaha ini sebagai permintaan untuk mewujudkan sambungan TCP, dan memberi maklum balas kembali dengan sambutan SYN ACK. Seperti yang dijangka, sambutan SYN ACK kembali ke komputer rumah Tsutomu (X), kerana itu adalah alamat sumber dalam permintaan SYN asal pada langkah 2. 4. Kevin telah membanjiri X dalam langkah 1. Jadi, X tidak dapat melihat tindak balas Y. Apakah jenis serangan ini? Apakah langkah-langkah, selepas langkah 4 yang mungkin diambil oleh Kevin? - ooooooo -

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback