微信客服:xiaoxionga100
微信客服:ITCS521
CSEC3616/CSEC5616-无代写
时间:2024-10-11
The University of Sydney
School of Computer Science
Dr Suranga Seneviratne
Senior Lecturer - Security
INO3616/CSEC3616/CSEC5616 - S2 2024
Assignment - 3
This is an individual assignment.
This assignment worths 10% of the final marks of the course and covers the content of Weeks
7-9 (inclusive).
Submit your final report as a PDF and artefacts (i.e., the certificate generated in Q1-(d) ) as
a zip file in Canvas. In Canvas, under Assignment 3, you will find two links to submit your
report and artefacts separately.
Final Report and Artefacts: Due by Week 11, Sunday the 20th of October, 2024 11:59 PM
*** IMPORTANT ***: In your answer sheet DO NOT repeat the questions. Simply include
the question number and your answer only. If you include question text in your answer sheet,
your TurnItIn score will be high and there will be additional checks. This will cause a delay in
releasing your marks. We will also impose a penalty of 10% of the total marks.
1 Public Key Infrastructure and Transport Layer Security (30 marks)
a) Inspect a certificate (3 marks)
Inspect the given full-cert-chain.pem containing a chain of certificates using a tool such as openssl
and complete the blanks in Figure 1.
Issuer
Subject
Organization: i) .........................
Common Name: ii) .......................
Organization: iii) .......................
Common Name: iv) .......................
Issuer
Subject
Organization: v) .........................
Common Name: vi) .......................
Organization: vii) ........................
Common Name: viii) .....................
Issuer
Subject
Organization: ix) ......................
Common Name: x) ......................
Organization: xi) .......................
Common Name: xii) ......................
End CertificateIntermediate CertificateRoot Certificate
Figure 1: full-cert-chain.pem Certificate Chain
b) Study the given trace file 1.pcapng and answer the following questions
You are given two Wireshark (https://www.wireshark.org/) traces taken while the homepage of The
University of Sydney. The two traces are in pcapng (https://pcapng.com/) format. Your task is to
install Wireshark software in you computer, inspect the traces, and answer the following questions.
1
i What are the source and destination IP addresses of the given communication? (2 marks)
ii Which one of these is a private IP address? Explain why a private IP address is used in this
setting. (2 marks)
iii Explain the functionality of the first three packets of the trace file. (2 marks)
iv Draw and annotate a protocol diagram using the first five TLS packets of the trace (An example
protocol diagram can be found in Slide 55 of Week 8 lecture slides). (2 marks)
v What is the agreed cipher suite between the client and the server. (1 marks)
vi Explain what cryptographic scheme/methods are used in the selected cipher stream for; Key
Exchange, Authentication, Encryption, Encryption/Bock Mode, Message Authentication. (2
mark)
vii What are the last four bytes of the server’s Diffie-Hellman public key. (1 marks)
viii Export the three certificates in the Server’s Certificate Message and fill a Figure similar to
Figure 1. Here you will have to do your own search and find how to export certificates from
Wireshark and and view them using openssl you learned during tutorials. (5 marks)
c) A different trace
Study the given trace file 2.pcapng. You will notice that the TLS protocol flow is different here.
Explain why some TLS messages such as Server Certificate are not visible in plaintext format in this
trace (2 marks).
d) Build your own certificate chain
Make a three-level certificate chain of your own using openssl. For the Common Names (CN) use
your Student ID and suffixes "Root", "Intermediate" and "End". You can use any value for the rest of
the parameters. Collate the three certificates of one pem file and submit in the artefacts link (This is
the second link in Canvas for Assignment 3). Include and explain the sequence of openSSL commands
you used in the report. (8 marks).
2 Key Exchange (20 marks)
Consider the following protocol, designed to let A and B decide on a fresh, shared session key K ′AB.
We assume they already share a long-term key KAB.
1. A→ B : A,NA
2. B → A : E(KAB, [NA,K ′AB])
3. A→ B : E(K ′AB, NA)
a) Answer the following questions regarding the protocol designer’s reasoning (8 marks).
• Why would A and B believe after the protocol ran that they share K ′AB with the other party.
• Why would they believe that this shared key is fresh?
2
In both cases, you should explain both the reasons of both A and B, so your answer should complete
the sentences.
A believes that she shares K ′AB with B since ...
B believes that he shares K ′AB with A since ...
A believes that K ′AB is fresh since ...
B believes that K ′AB is fresh ...
b) Person in the middle (8 marks)
Assume now that A starts a run of this protocol with B. However, the connection is intercepted by
the adversary C. Show how C can start a new run of the protocol using reflection (i.e., C sending
a message back to A based on what it received from A), causing A to believe that she has agreed
on a fresh key with B (in spite of the fact that she has only been communicating with C). Thus, in
particular, the belief in (a) is false.
c) Modifying the protocol (4 marks)
Propose a modification of the protocol that prevents this attack.
3 IP Security (IPSec) (10 marks)
i Explain why IPSec is required. (1 marks)
ii Explain the AH and ESP modes of IPSec highlighting the differences between them. (2 marks)
iii Explain the difference between transport and tunnel mode of IPSec. (1 marks)
iv Describe and explain each of the entries in the table shown in Figure 2. For example row 1 can be
explained as “Traffic between this host and any other host, both using port 500, and using UDP,
bypasses IPsec. This is used for IKE traffic.”. (6 marks)
Figure 2: Host SPD Example
4 Firewalls (20 marks)
We will configure firewalls in this task. Figure 3 shows a possible firewall setup. Your goals are:
• Outgoing traffic is only allowed to TCP ports 80 (HTTP), 443 (HTTPS), and 25 (SMTP); plus
UDP ports 53 (DNS), 123 (NTP).
3
• Incoming traffic is always allowed if there is an established connection, i.e. if the connection has
been established from a host in the local network.
• Host 129.78.1.1 is reachable (incoming connection) from everywhere on port 80.
• Host 129.78.1.2 is reachable (incoming connection) on port 22 (SSH) from 129.78.0.0/16.
• Incoming and outgoing ping packets are allowed
• No other incoming traffic is allowed.
Internet
Packet Filtering
Router
129.78.0.0/16
eth0 eth1
Figure 3: Firewall setup.
a) Configuring a stateful firewall (10 marks)
Write stateful rules in table form as shown in the lecture. A template is given in Table 1. You are
free to add more rows to the table, if required.
However, do not add too many unnecessary rules. Implement the policies using as less rules as possible.
b) Converting to stateless filtering (10 marks)
Convert your rules to stateless filtering rules. A template is given in Table 2. Again you are free to
add more rows to the table, if required.
However, do not add too many unnecessary rules. Implement the policies using as less rules as possible.
5 Incident Analysis: Optus Data Breach (20 marks)
Read about the Optus Data Breach that happened in 2022 and answer the following questions. There
have been many new reports and expert commentary on this - you should be able to find many
resources online.
a) Briefly explain what happened (12 marks).
Include the following in your answer.
• What data was breached? (2 marks)
• How did the attacker obtain access to data? (2 marks)
4
Rule Incoming Src IP Dst IP Proto Src Port Dst Port State Action
Interface
A
B
C
D
E
F
G
Table 1: Template for stateful filtering.
Rule Iface Src IP Dst IP Proto Src Port Dst Port ACK Action
A
B
C
D
E
F
G
Table 2: Template for stateless filtering.
5
• How did Optus respond when they came to know about the breach? This answer should cover
not only technical aspects but also legal, customer relations, and public relations aspects. (4
marks)
• What are the possible risks (i.e., to the impacted users) associated with this data breach? (4
marks)
b) Storing personal information (4 marks)
What makes this attack significant is the fact that driver’s licence numbers and passport numbers
were breached for a fraction of Optus customers.
• Explain why Optus was storing such information. (2 marks)
• Explain a better method of storing such information to avoid this type of data breach happening.
(2 marks)
c) The aftermath (4 marks)
The repercussions of this attack will linger for several years, impacting all stakeholders. These include
Optus customers, whose data was compromised, Optus as a corporate entity, and the Australian
government along with other regulatory bodies.
• Explain two steps taken by Optus (in collaboration of other stakeholders) to protect some of
the impacted users? (4 marks)
School of Computer Science
Dr Suranga Seneviratne
Senior Lecturer - Security
INO3616/CSEC3616/CSEC5616 - S2 2024
Assignment - 3
This is an individual assignment.
This assignment worths 10% of the final marks of the course and covers the content of Weeks
7-9 (inclusive).
Submit your final report as a PDF and artefacts (i.e., the certificate generated in Q1-(d) ) as
a zip file in Canvas. In Canvas, under Assignment 3, you will find two links to submit your
report and artefacts separately.
Final Report and Artefacts: Due by Week 11, Sunday the 20th of October, 2024 11:59 PM
*** IMPORTANT ***: In your answer sheet DO NOT repeat the questions. Simply include
the question number and your answer only. If you include question text in your answer sheet,
your TurnItIn score will be high and there will be additional checks. This will cause a delay in
releasing your marks. We will also impose a penalty of 10% of the total marks.
1 Public Key Infrastructure and Transport Layer Security (30 marks)
a) Inspect a certificate (3 marks)
Inspect the given full-cert-chain.pem containing a chain of certificates using a tool such as openssl
and complete the blanks in Figure 1.
Issuer
Subject
Organization: i) .........................
Common Name: ii) .......................
Organization: iii) .......................
Common Name: iv) .......................
Issuer
Subject
Organization: v) .........................
Common Name: vi) .......................
Organization: vii) ........................
Common Name: viii) .....................
Issuer
Subject
Organization: ix) ......................
Common Name: x) ......................
Organization: xi) .......................
Common Name: xii) ......................
End CertificateIntermediate CertificateRoot Certificate
Figure 1: full-cert-chain.pem Certificate Chain
b) Study the given trace file 1.pcapng and answer the following questions
You are given two Wireshark (https://www.wireshark.org/) traces taken while the homepage of The
University of Sydney. The two traces are in pcapng (https://pcapng.com/) format. Your task is to
install Wireshark software in you computer, inspect the traces, and answer the following questions.
1
i What are the source and destination IP addresses of the given communication? (2 marks)
ii Which one of these is a private IP address? Explain why a private IP address is used in this
setting. (2 marks)
iii Explain the functionality of the first three packets of the trace file. (2 marks)
iv Draw and annotate a protocol diagram using the first five TLS packets of the trace (An example
protocol diagram can be found in Slide 55 of Week 8 lecture slides). (2 marks)
v What is the agreed cipher suite between the client and the server. (1 marks)
vi Explain what cryptographic scheme/methods are used in the selected cipher stream for; Key
Exchange, Authentication, Encryption, Encryption/Bock Mode, Message Authentication. (2
mark)
vii What are the last four bytes of the server’s Diffie-Hellman public key. (1 marks)
viii Export the three certificates in the Server’s Certificate Message and fill a Figure similar to
Figure 1. Here you will have to do your own search and find how to export certificates from
Wireshark and and view them using openssl you learned during tutorials. (5 marks)
c) A different trace
Study the given trace file 2.pcapng. You will notice that the TLS protocol flow is different here.
Explain why some TLS messages such as Server Certificate are not visible in plaintext format in this
trace (2 marks).
d) Build your own certificate chain
Make a three-level certificate chain of your own using openssl. For the Common Names (CN) use
your Student ID and suffixes "Root", "Intermediate" and "End". You can use any value for the rest of
the parameters. Collate the three certificates of one pem file and submit in the artefacts link (This is
the second link in Canvas for Assignment 3). Include and explain the sequence of openSSL commands
you used in the report. (8 marks).
2 Key Exchange (20 marks)
Consider the following protocol, designed to let A and B decide on a fresh, shared session key K ′AB.
We assume they already share a long-term key KAB.
1. A→ B : A,NA
2. B → A : E(KAB, [NA,K ′AB])
3. A→ B : E(K ′AB, NA)
a) Answer the following questions regarding the protocol designer’s reasoning (8 marks).
• Why would A and B believe after the protocol ran that they share K ′AB with the other party.
• Why would they believe that this shared key is fresh?
2
In both cases, you should explain both the reasons of both A and B, so your answer should complete
the sentences.
A believes that she shares K ′AB with B since ...
B believes that he shares K ′AB with A since ...
A believes that K ′AB is fresh since ...
B believes that K ′AB is fresh ...
b) Person in the middle (8 marks)
Assume now that A starts a run of this protocol with B. However, the connection is intercepted by
the adversary C. Show how C can start a new run of the protocol using reflection (i.e., C sending
a message back to A based on what it received from A), causing A to believe that she has agreed
on a fresh key with B (in spite of the fact that she has only been communicating with C). Thus, in
particular, the belief in (a) is false.
c) Modifying the protocol (4 marks)
Propose a modification of the protocol that prevents this attack.
3 IP Security (IPSec) (10 marks)
i Explain why IPSec is required. (1 marks)
ii Explain the AH and ESP modes of IPSec highlighting the differences between them. (2 marks)
iii Explain the difference between transport and tunnel mode of IPSec. (1 marks)
iv Describe and explain each of the entries in the table shown in Figure 2. For example row 1 can be
explained as “Traffic between this host and any other host, both using port 500, and using UDP,
bypasses IPsec. This is used for IKE traffic.”. (6 marks)
Figure 2: Host SPD Example
4 Firewalls (20 marks)
We will configure firewalls in this task. Figure 3 shows a possible firewall setup. Your goals are:
• Outgoing traffic is only allowed to TCP ports 80 (HTTP), 443 (HTTPS), and 25 (SMTP); plus
UDP ports 53 (DNS), 123 (NTP).
3
• Incoming traffic is always allowed if there is an established connection, i.e. if the connection has
been established from a host in the local network.
• Host 129.78.1.1 is reachable (incoming connection) from everywhere on port 80.
• Host 129.78.1.2 is reachable (incoming connection) on port 22 (SSH) from 129.78.0.0/16.
• Incoming and outgoing ping packets are allowed
• No other incoming traffic is allowed.
Internet
Packet Filtering
Router
129.78.0.0/16
eth0 eth1
Figure 3: Firewall setup.
a) Configuring a stateful firewall (10 marks)
Write stateful rules in table form as shown in the lecture. A template is given in Table 1. You are
free to add more rows to the table, if required.
However, do not add too many unnecessary rules. Implement the policies using as less rules as possible.
b) Converting to stateless filtering (10 marks)
Convert your rules to stateless filtering rules. A template is given in Table 2. Again you are free to
add more rows to the table, if required.
However, do not add too many unnecessary rules. Implement the policies using as less rules as possible.
5 Incident Analysis: Optus Data Breach (20 marks)
Read about the Optus Data Breach that happened in 2022 and answer the following questions. There
have been many new reports and expert commentary on this - you should be able to find many
resources online.
a) Briefly explain what happened (12 marks).
Include the following in your answer.
• What data was breached? (2 marks)
• How did the attacker obtain access to data? (2 marks)
4
Rule Incoming Src IP Dst IP Proto Src Port Dst Port State Action
Interface
A
B
C
D
E
F
G
Table 1: Template for stateful filtering.
Rule Iface Src IP Dst IP Proto Src Port Dst Port ACK Action
A
B
C
D
E
F
G
Table 2: Template for stateless filtering.
5
• How did Optus respond when they came to know about the breach? This answer should cover
not only technical aspects but also legal, customer relations, and public relations aspects. (4
marks)
• What are the possible risks (i.e., to the impacted users) associated with this data breach? (4
marks)
b) Storing personal information (4 marks)
What makes this attack significant is the fact that driver’s licence numbers and passport numbers
were breached for a fraction of Optus customers.
• Explain why Optus was storing such information. (2 marks)
• Explain a better method of storing such information to avoid this type of data breach happening.
(2 marks)
c) The aftermath (4 marks)
The repercussions of this attack will linger for several years, impacting all stakeholders. These include
Optus customers, whose data was compromised, Optus as a corporate entity, and the Australian
government along with other regulatory bodies.
• Explain two steps taken by Optus (in collaboration of other stakeholders) to protect some of
the impacted users? (4 marks)
