ITIS 6167/8167 Midterm Review

shrewdnessmodernΚινητά – Ασύρματες Τεχνολογίες

14 Δεκ 2013 (πριν από 3 χρόνια και 10 μήνες)

137 εμφανίσεις


1

ITIS 6167/8167
Final Exam

Review


A.

Basics of Computer Security

a.

For example, what are symmetric and asymmetric encryption
s
? What is
one time pad? What is brute force attack?

b.

The basics of hash function, key establishment, man
-
in
-
the
-
middle attack.

B.

ARP protoc
ol and Security

a.

What is the purpose of ARP protocol? Why do we need it?

b.

What is the purpose of ARP Cache?

c.

Why does the ARP cache have a lifetime? Why do not we keep there
forever?

d.

What is g
ratuitous
ARP
message

and what are the purpose
s

of the message?

e.

Dif
ference between ARP poisoning and promiscuous mode of Ethernet

f.

Man
-
in
-
the
-
middle attack using ARP poisoning (why do we need to
disable the ICMP redirect function in the attacker?)

g.

How to use ARP poisoning to escape IP address based authentication

C.

IP protoc
ol and security

a.

The basics of the IP header

b.

What is trace
-
route and how to use TTL to implement it

c.

Why do we need IP fragmentation

d.

The procedure to fragment and to set the corresponding fields

e.

Fragment of fragment

f.

Where and how to reassemble the packets

g.

At
tacks on IP fragmentation: buffer overflow, DoS, how to use
fragmentation to penetrate firewall

D.

ICMP and its security

a.

Why we will not send ICMP for errors caused by ICMP? Why ICMP
packets will be sent only to the original source?

b.

Us what information can a
computer match the ICMP echo request and
ICMP echo reply

c.

How to use ICMP source quench to conduct attacks to reduce the quality
of connection?

d.

What is a smurf attack using ICMP

e.

How to use ICMP redirect message to conduct winfreeze attack

E.

UDP and its securi
ty

a.

How can we distinguish a UDP header without a checksum from a
checksum equal to “0”

b.

What is UDP ping
-
pong attack and how to conduct it

c.

What is DoS attack on UDP and how to conduct it

F.

TCP

a.

Does the TCP protocol assume the data to be structured or structur
e
-
free

b.

What is the difference between the URGENT and PUSH data in TCP

c.

Understand the three
-
way hand shake procedure of the TCP protocol

d.

The slow start procedure of TCP to handle congestion

e.

Silly window and the countermeasures from the sender and receiver’s

view


2

f.

Why in TCP we want the sender and receiver to choose random numbers
as the sequence number? Use example to show how difficult or easy to
guess the sequence number.

g.

Attacks on TCP: blind connection reset, blind throughput reduction, and
blind perform
ance degrading attack.

G.

DNS

and NMAP

a.

What is the IDLE scanning technique used in NMAP

b.

Is a domain in DNS a geometric concept?

c.

Recursive queries and iterative queries in DNS

d.

The different between a domain and a zone in DNS

e.

DNS ID hacking procedure

f.

DNS relate
d and unrelated data attack

H.

Email safety

a.

The advantages that the emails are delivered through specific servers
instead of end
-
to
-
end (from sender to receiver directly)

b.

Please describe the major components
in

the format of a mail message

and
the functionali
ty of each component
. What is the difference between the
header in a mail message and the SMTP
encapsulation?

c.

In the email distribution list, what are the two methods to map a single list
name to a group of email addresses? How to prevent the formation of
email forwarding loops? What are the advantages of the local exploder
and remote exploder?

d.

Please shortly describe the coding procedures of base64 and how it
enables various file formats to be sent through the email system.

Understand how the MIME standar
d allows an email to contain multiple
multimedia components.

e.

The difference between the POP3 and IMAP protocols
.

f.

When a sender needs to send an email to multiple receivers and needs to
enforce the confidentiality of the contents, what will be an efficient
approach?

g.

How to use onion routing to achieve email anonymity?

h.

How to use a proxy to achieve email anonymity?

i.

What are the major factors that restrict the wide adoption of the PEM
protocol?

I.

Fighting the spam emails

a.

Please use an example to illustrate how t
he attacker can use the comment
lines in HTML to help spam emails avoid detection.

b.

Please describe the trick of invisible ink to help the spam email avoid
detection.

c.

Please describe the tricks of “catch a wave” and “the rake”

to help the
spam email avoid d
etection.


d.

Please explain the basi
c idea of
the CRM 114 spam detector
. If the sliding
window contains 6 words, how many order
-
preserving sub
-
phases will be
generated? For what reasons the authors use hash tables to label the
features of the phrases?



3

J.

Safet
y of the android system

a.

Please shortly describe the four types of components in an android
application and their functionalities;

(Section 2 in “Analyzing Inter
Application Communication in Android”)

b.

Please shortly describe the difference between explicit
and implicit

intents.
If explicit intents are

safer, why do we need the implicit intents?

(Section
2 in “Analyzing Inter Application Communication in Android”)

c.

Please use an example to illustrate why using a unique action string to
identify the receiver of

an implicit intent is not safe.

(Section 3.1 in
“Analyzing Inter Application Communication in Android”)

d.

Please explain the basic concept of “
Lightweight Mobile Phone

Application Certification

. If you were an attacker, how can you design a
mechanism to by
-
pass the checking procedure?

(Hint: the original
approach looks at only a single application.)

e.

Please explain the basic idea of TaintDroid.
You should be able to
calculate the taintvector of some basic operations such as add, times, etc.


K.

Anti Phishing

a.

Fo
r the “Dynamic security skin” paper, understand the approaches of
“browser generated images” and “server generated images”.

b.

Based on the “PhoolProof Phish prevention” paper, please explain why
compromising either the machine or the user’s mobile device al
one will
not impact the safety of the approach.

L.

Web security

a.

Please fully understand the three examples that we explain in the class for
“how to shop for free on the Internet”.
If we describe a similar situation,
you should be able to identify the vulnera
bility.