Homework 4 for CSC 474 Information Systems Security
(For topics 4)

You must solve this problem set individually without any assistance from anyone. Mastery of the predicate calculus, and the ability to convert from English to the predicate calculus, is essential for success in this course.

  1. (40 points, 5 points each) Consider the following threats to Web security and describe how each is countered by a particular feature of SSL.
    1. Brute-Force Cryptanalytic Attack:  An exhaustive search of the key space for a conventional encryption algorithm.
    2. Known-Plaintext Dictionary Attack: Many messages will contain predictable plaintext, such as the HTTP GET command.  An attacker constructs a dictionary containing every possible encryption of the known-plaintext message.  When an encrypted message is intercepted, the attacker takes the portion containing the encrypted known plaintext and looks up the ciphertext in the dictionary.  The ciphertext should match against an entry that was encrypted with the same secret key.  If there are several matches, each of these can be tried against the full ciphertext to determine the right one.  This attack is especially effective against small key sizes (e.g., 40-bit keys).
    3. Replay Attack: Earlier SSL handshake messages are replayed.
    4. Man-in-the-middle attack:  An attacker interposes during key exchange, acting as the client to the server and as the server to the client.
    5. Password sniffing:  Passwords in HTTP or other application traffic are eavesdropped.
    6. IP spoofing.
    7. IP Hijacking:  An active, authenticated connection between two hosts is disrupted and the attacker takes the place of one of the hosts.
    8. SYN Flooding.
  2. (10 points) Based on what you have learned in the class, is it possible in SSL for the server to reorder SSL record blocks that arrive out of order?  If so, explain how it can be done.  If not, why not?
  3. (10 points) In SSL, each data fragment is compressed before encryption. Can we encrypt the fragment first, and compress it later? Explain your answer.
  4. (10 points) Problem 2 on page 498.
  5. (10 points) Problem 1 on page 336.
  6. (10 points) Problem 2 on page 336.
  7. (10 points) Problem 3 on page 336.