158.235 Networks, Security, and Privacy
Assignment 2
Deadline 16 October 2020, Friday, 23:55pm
Evaluation 20 marks (= 20% of your final grade)
Late
submission
1 mark off per day late
Work This assignment must be done individually. Your submission will be
checked for plagiarism against other assignments.
Purpose To demonstrate student’s understandings in the basic concepts and
constructs of security topics.
Submission A report that contains the answers for Question1 -3. A packet tracer file
for Question 3 need also be submitted.
Question 1: Brute Forcing Keys.
[Total 5 Marks]
One way to decrypt an encrypted message is to try every possible key. This kind of attack
is known as a brute-force attack or a key search attack. The longer the key, the harder the
attack becomes.
The table below lists some common cryptographic algorithms and the key sizes that they
use:
Cipher Key Size
Data Encryption Standard (DES) 56 bits
Rivest Cipher 4 (RC4) 40-2048 bits
Advanced Encryption Standard (AES) 128, 192 or 256 bits
Blowfish 32- 48 bits
The length of the key is a key factor when evaluating how likely it is than an attacker can
determine the key used to encipher a message. This is because an attacker who is in
possession of a sealed message can always mount a brute-force attack. Since longer keys
have more possible values than shorter keys, longer keys are more resistant to brute-force
attacks. (Note: this assumes there are no flaws in the cryptographic algorithm that
weakens them)
In general, because a key of n bits can have 2
n
possible values (where a
^
b means a to the
power of b), there can be at most 2
n
different keys. For example, a 16-bit key can have
216 or 65,536 different values. If you had a computer that could try 100 of these keys
every second, it would take 654 seconds or roughly 11 minutes to try all possible keys.
(Note: if you are cracking many keys, the expected time to crack any given key is half that,
as on average you will need to try half of the keys before you find the right one. Of course
you could get lucky and try the key on your first attempt, or you could be unlucky and
have to try nearly every single key.)
With clever programming a modern desktop computer can try roughly 1 million RC4 keys
every second. (Indeed, there are services available that will use multiple computers and
specialised hardware to speed up brute forcing of keys for specific cryptographic
algorithms, such as crack.sh.
Question 1.1: Microsoft Office 1997-2003 used 40-bit RC4 to protect documents with a
user-supplied password. This was due to the export of cryptographic technology and
devices from the United States were severely restricted by U.S. law at the time.
What is the maximum amount of time that it would take for a computer that can try 1
million RC4 keys every second to do a brute-force attack on a Microsoft Office document
protected using a 40-bit shared secret?
Question 1.2: Microsoft Office 2007 onwards allows the use of the AES cryptographic
algorithm with a 128-bit shared secret to protect access to documents. If AES keys can be
tried with the same speed as RC4 keys using the computer described in Question 1.1, what
is the maximum amount of time that it would take for a brute-force attack on a single
document?
Question 1.3: With advances in quantum computing it may be possible at some point in
the future to build a computer that can implement Grover's algorithm than gives a
reduction in time from n to the square root of n. For example, AES-128 has a 128-bit key
requiring 2128 tries. Grover reduces this to 264 tries.
If you upgrade your computer to quantum computer that can implement Grover's
algorithm, is your secret still safe from attack? Justify your answer. (Note: assume that it
can check AES keys at the same rate as before).
Question 2: Stealing the Examination
[Total 5 Marks]
As part of your preparation for the upcoming examination, you have the goal of stealing a
copy of the 158.235 examination.
*Note that this is a thought experiment that is you should not try it out in real life.
When preparing the exam, the files are stored on the IT servers in a private directory only
accessible to academic and examination admin staff (e.g., Julian and Hooman). All staff
use their Massey username and passwords to authenticate themselves and gain access. A
physical copy of the examination is also stored in the School office in a locked file cabinet
and in the Science Faculty office in a locked room. Neither Julian nor Hooman has copies
of the examination stored in their offices.
If you are permitted to only use publicly available information when building your
profile, describe a scenario explaining how you use the social engineering techniques, e.g.,
phishing, pre-texting, baiting, quid pro quo and tailgating, —as described in the lecture—
to achieve your goal.
Note that you do not need to include filenames or directory name but you should be as
specific as possible in your answer.
Question 2.1: Name the human target or target(s) for the scenario.
Question 2.2: Identify ONLY the information necessary for the attack, the reason why
each piece of information is required and the source of the information (provide URLs
where appropriate).
Question 2.3: What are the steps describing how you will carry out the attack? These
should be written such that you could provide these steps plus the previous information to
a third party to carry out the attack.
Question 2.4: Describe which of the concepts from the course that have been applied in
your attack (you should use at least one!).
Question 3: Setting Up a Firewall and a NAT
[Total 10 Marks]
Understanding the importance of protecting organisation’s assets (data, network, software
and hardware), Cyber University wants to strengthen its security posture by installing a
firewall to filter any unwanted traffic.
The Cyber University has two subnets:
(1) Student subnet with network address 192.168.5.128 /25 which can accommodate
126 hosts (add only 4 PCs to Packet tracer – see Figure 1)
(2) HR subnet with network address 192.168.5.0 /25 which can accommodate 126
hosts (add only 4 PCs to Packet tracer – see Figure 1)
Cyber security can access to a Third Party Finance network for financial affairs, the
Finance network includes a web server which hosts students’ financial records and two
other hosts.
Your task is to build a firewall, using the Packet Tracer, for the Cyber University that
satisfies the following firewall policy (networks are given in Figure 1).
Source Network Hosts IP Destination Network Hosts IP Action
192.168.5.128 /25 any 192.168.5.0 /25 any Deny
192.168.5.0 /25
192.168.5.16
192.168.11.0 /24 any
allow
192.168.5.17 allow
192.168.5.18 allow
192.168.5.19 allow
other Deny
Cyber University would also like to employ Network Address Translation (NAT) to shield
the private network from the public network. Your task it to build a NAT, using the Packet
Tracer, for the Cyber University that satisfies the following address translation table.
Describe in the report how private addresses can be protected when the messages from
these private addresses are going out through the Internet.
Private Address Public Address NAT
Cyber
University
192.168.5.* (all hosts) 208.150.100.20-25 /24 NAT Pool
Third Party
Finance
Company
192.168.11.3 /24 (Web Server) 208.150.100.30 /24 1-to-1 translation
192.168.11.0 /24 (all hosts) 208.150.100.30 /24 Nat overload translation (port)
Figure 1: Cyber Security Network in Packet Tracer (Question 3)
[End of Questions]