Network Security Spring 1999: Homework 2

This homework is due at the beginning of class 7 on September 26, 2000. Note: K2/3 denotes homework problem 3 from chapter 2 of the class text.

  1. Compare the advantages and disadvantages of an application-layer firewall, a filtering router, a stateful firewall and a NAT. Use the following services as examples: Name attacks that each type of firewall cannot prevent. Be sure to justify your answers. (15 pts.)
  2. Find out whether Solaris, HP/UX, AIX, the OS used by Security First Network Bank or NT 4.0 (pick one) are classified according to an Orange Book label. If you cannot find this information explicitly, use the guidelines in the text book for an educated guess. (10 pts.)
  3. (K2/1) Random J. Programmer discovers a much faster method of generating a 64-bit signature for a message using secret key technology. The idea is to simply encrypt the first 64 bits of the message and use that as a signature. What's wrong with this idea? (8 pts.)
  4. (K2/2) What's wrong with adding up the words of a message (by treating each character as an integer) and using the result as a hash of the message? (8 pts.)
  5. (K3/1) Come up with as (space) efficient an encoding as you can to specify a completely general one-to-one mapping between 64-bit input values and 64-bit output values. (14 pts.)
  6. (K3/2) Security Dynamics makes a device that displays a number that changes every 60 seconds. Each such device has a unique secret key. A human can prove posession of a particular such device by entering the displayed number into a computer system. The computer system knows the secret key of each authorized device. How would you design such a device? (The device should offer replay prevention and should not allow anybody that happens to glance at the number or capture it off the Ethernet to gain access.) (10 pts.)

Last updated by Henning Schulzrinne