2012-11-05

Midterm 2 Review.

Originally Posted By: nealk
4.
Neal Kemp & Scott Kwong

Steganography is when a message is hidden within another and that hidden message is only supposed to be known by sender and receiver. An example of steganography would be adjusting the lower order bits of an image in order to conceal a message. Watermarking is when a message is written within another and is supposed to be known by sender, receiver, and anyone else. An example of watermarking is when a photographer puts his logo in the bottom corner of the photos he takes.
'''Originally Posted By: nealk''' 4.<br>Neal Kemp & Scott Kwong<br><br>Steganography is when a message is hidden within another and that hidden message is only supposed to be known by sender and receiver. An example of steganography would be adjusting the lower order bits of an image in order to conceal a message. Watermarking is when a message is written within another and is supposed to be known by sender, receiver, and anyone else. An example of watermarking is when a photographer puts his logo in the bottom corner of the photos he takes.

-- Midterm 2 Review
Originally Posted By: Erni
This is the answer for problem 5

Group:
Erni Ali, Su Sandi, Sreenidhi P Muralidharan

5. Based on the formula taken from the book on chapter 7, we got the equation that:

Work needed = (size of the dictionary/probability)
(appx.)~= 10million / (1/8)
~= 10^7 /(1/8)
~= 8 x 10^7
'''Originally Posted By: Erni''' This is the answer for problem 5<br><br>Group: <br>Erni Ali, Su Sandi, Sreenidhi P Muralidharan<br><br>5. Based on the formula taken from the book on chapter 7, we got the equation that: <br><br>Work needed = (size of the dictionary/probability)<br> (appx.)~= 10million / (1/8) <br> ~= 10^7 /(1/8)<br> ~= 8 x 10^7

-- Midterm 2 Review
Originally Posted By: aviraj.mukh
8) Briefly describe the Bell LaPadula and Biba model's and say what they are used for. Give the conditions necessary for a covert channel to exist.

Answered by Yousef Shanawany and Avi Mukherjee

BLP captures the minimum requirements with respect to confidentiality that any MLS system must satisfy.
* Subject S can read Object O if and only if L(O) aviraj.mukh — Mon Nov 05, 2012 11:21 pm <hr>
'''Originally Posted By: aviraj.mukh''' 8) Briefly describe the Bell LaPadula and Biba model's and say what they are used for. Give the conditions necessary for a covert channel to exist.<br><br>Answered by Yousef Shanawany and Avi Mukherjee<br><br>BLP captures the minimum requirements with respect to confidentiality that any MLS system must satisfy.<br>* Subject S can read Object O if and only if L(O) aviraj.mukh &mdash; Mon Nov 05, 2012 11:21 pm <hr>

-- Midterm 2 Review
Originally Posted By: aida
Christopher Cook
Kurt Anderson
Aida Khosroshahi

2. Briefly describe how one round of the Tiger hash function works.

The input X is padded to a multiple of 512 bits and written as X = (X_0, X_1, …, X_{n-1}), each X_i is 512 bits. Each F_m consists of 8 inner rounds. W is 512 bits and is written as W = (W_0, W_1, …, W_7), where each W_i is 64 bits. Each round takes a, b, c, and W_i as input and produces a, b, and c with the following equations:

c = c xor W_i
a = a-(S_0[c_0] xor S_1[c_2] xor S_2[c_4] xor s_3[c_6])
b = b+ (S_3[c_1] xor S_2[c_3] xor S_1[c_5] xor S_0[c_7])
b = b.m

where c_i is the ith byte of c and each S_i is an S-box mapping 8 bits to 64 bits.

'''Originally Posted By: aida''' Christopher Cook<br>Kurt Anderson<br>Aida Khosroshahi<br><br>2. Briefly describe how one round of the Tiger hash function works.<br><br>The input X is padded to a multiple of 512 bits and written as X = (X_0, X_1, &hellip;, X_{n-1}), each X_i is 512 bits. Each F_m consists of 8 inner rounds. W is 512 bits and is written as W = (W_0, W_1, &hellip;, W_7), where each W_i is 64 bits. Each round takes a, b, c, and W_i as input and produces a, b, and c with the following equations:<br><br>c = c xor W_i<br>a = a-(S_0[c_0] xor S_1[c_2] xor S_2[c_4] xor s_3[c_6])<br>b = b+ (S_3[c_1] xor S_2[c_3] xor S_1[c_5] xor S_0[c_7])<br>b = b.m<br><br>where c_i is the ith byte of c and each S_i is an S-box mapping 8 bits to 64 bits.<br><br>

-- Midterm 2 Review
Originally Posted By: andy
Andy Quach and Danny Ng

9 .Explain how a TCP Ack scan can be used to port scan through a packet filter.

A TCP ACK scan can be used to port scan through a packet filter by sending a packet that has the ACK bit set, without the prior two steps of the TCP three-way handshake.The packet will violate the TCP protocol since the initial packet in any connection must have the SYN bit set but the packet filter has no concept of state and it will assume that this packet is part establishing a connection and let it through provided that it is sent through an open port. The attacker keeps on doing this until an RST packet is sent back to the attacker signifying the open port in the firewall.
'''Originally Posted By: andy''' Andy Quach and Danny Ng<br><br>9 .Explain how a TCP Ack scan can be used to port scan through a packet filter.<br><br>A TCP ACK scan can be used to port scan through a packet filter by sending a packet that has the ACK bit set, without the prior two steps of the TCP three-way handshake.The packet will violate the TCP protocol since the initial packet in any connection must have the SYN bit set but the packet filter has no concept of state and it will assume that this packet is part establishing a connection and let it through provided that it is sent through an open port. The attacker keeps on doing this until an RST packet is sent back to the attacker signifying the open port in the firewall.

-- Midterm 2 Review
Originally Posted By: CViernes
6. (a) Define Equal Error Rate. (b) Say what a password generator is. (c) What is a CSRF attack?

Christina Viernes and Kui Cheung

(a) Equal Error Rate: fraud rate == Insult rate

(b) A password generator is a small device with a built-in key that accepts an input string and output it's hash using the built-in key.


Alice 1)"Some String" --> Password Generator
Alice CViernes — Mon Nov 05, 2012 6:34 pm <hr>
'''Originally Posted By: CViernes''' 6. (a) Define Equal Error Rate. (b) Say what a password generator is. (c) What is a CSRF attack?<br><br>Christina Viernes and Kui Cheung<br><br>(a) Equal Error Rate: fraud rate == Insult rate<br><br>(b) A password generator is a small device with a built-in key that accepts an input string and output it's hash using the built-in key.<br> <br> <br> Alice 1)&quot;Some String&quot; --&gt; Password Generator<br> Alice CViernes &mdash; Mon Nov 05, 2012 6:34 pm <hr>
2012-11-06

-- Midterm 2 Review
Originally Posted By: noel.rmrz
7) Explain how Lampsons access control matrix is stored when: ACLs are used, Clists are used? What is the confused deputy problem?

ACLs store Lampson's access control matrix by column. C-Lists store Lampson's access control matrix by row. An example of the confused deputy problem is when we have two subjects Alice and Compiler and two object Compiler and a file "Bill". Compiler is acting as both subject and object in this example. Alice can invoke the Compiler with a debug file name "Bill". Alice does not have access to the file "Bill", but the Compiler does. The compiler is Alice's deputy because it is acting on Alice's behalf, and the compiler is confused because it is acting on its own privileges when it should be acting on Alice's privileges, because the compiler is acting on its own privileges then a side effect of Alice's command will be the trashing of the "Bill" file.



Noel Ramirez & Kifle
'''Originally Posted By: noel.rmrz''' 7) Explain how Lampsons access control matrix is stored when: ACLs are used, Clists are used? What is the confused deputy problem?<br><br>ACLs store Lampson's access control matrix by column. C-Lists store Lampson's access control matrix by row. An example of the confused deputy problem is when we have two subjects Alice and Compiler and two object Compiler and a file &quot;Bill&quot;. Compiler is acting as both subject and object in this example. Alice can invoke the Compiler with a debug file name &quot;Bill&quot;. Alice does not have access to the file &quot;Bill&quot;, but the Compiler does. The compiler is Alice's deputy because it is acting on Alice's behalf, and the compiler is confused because it is acting on its own privileges when it should be acting on Alice's privileges, because the compiler is acting on its own privileges then a side effect of Alice's command will be the trashing of the &quot;Bill&quot; file.<br><br><br><br>Noel Ramirez & Kifle
X