Analyzing Security Vulnerabilities and Exploits
Yes. Recall that some passwords are much more popular than others. For example, the password
123456 is used by at least 0.1% of all accounts. Thus, if you hash such passwords and they appear
Disproportionately in the list then you might infer that the list is not hashed. Similarly, even without
Doing a hash, if you sort the hashes by frequency, in an unsalted list you will expect that there is some
Hash that occurs with frequency ~ 0.1%, whereas in a salted list it will be ~0.1%/2n
Where n is the size of
The salt in bits.
D) It turns out that that 20% of LinkedIn users with Yahoo Mail e-mail addresses used the same password
At LinkedIn as Yahoo. You learn that, unlinked LinkedIn, Yahoo salts its passwords. Should Yahoo
Be concerned about the LinkedIn breach or not?
Yes. For 20% of the Yahoo users in the LinkedIn breach, their user name and password is known to the
Attacker. Yahoo’s salting helps mitigates a breach of their password database, but doesn’t help at all in
This case.
Costs (8pts)
Right after graduating from UCSD, on the basis of your experience in CSE 127 you are recruited to work
For Google’s little-known covert spy division. Your first assignment is to acquire Apple’s secret plans for
The iPhone 7 by any means necessary. Using the lock-picking skills you acquired in class, as well as your
Natural ninja-like stealth, you break into Apple’s corporate headquarters and acquire the iPhone7.Doc file.
Unfortunately, you learn that the 100Kilobyte file is encrypted using the AES block cipher with 128-bit
Key. Faced with this problem, you have three strategies available for recovering the plaintext of the
document
I) Bribery. Bribe an Apple employee who has access to the key used to encrypt the document.
The employee is willing to provide you the key – for the right price. However, they are
Naturally nervous about being caught and hence they will only leak you 4 new bits of the key
Each week via a covert channel (at a cost of $100,000 per 4 bits).
Ii) Side-channel. Call up the Q division at Google and get them working on a sophisticated side
Channel attack that will infer the bits of the document by remotely monitoring the power drawn
By monitors inside Apple’s Cupertino headquarters. Because of this attack’s complexity it will
Provide only 1Kilobyte of the document each week (each week provides a new 1KB) and will
Incur an up-front cost of $1M to pay for the quantum lasers and mult-fractal machine learning
Technology.
Iii) Brute force. Buy bots from a major Russian botnet operator at a cost of $1 per 210 bots. Each
Bot can brute force
240 keys per week (about 1.8 million keys per second). The supplier can
Sell you up to 224 bots (approximately 17 million) until their supply is depleted.
You can use any of these strategies, alone or in combination.
A) Suppose you need to read the document in the quickest possible time. Which approach will do so, how
Long do you expect it to take and how much will it cost in the end?
Quickest approach: Bribe the employee for 16 weeks, learning 64 bits of the key. Then, buy 224 bots and
Use them to brute-force the remaining 64 bits of key. This will take 17 weeks and cost $1,616,384.
($1,600,000 for the bribes and $16,384 for the bots). By contrast brute force would take 264 weeks (the
Sun will explode first) and bribery alone will take 32 weeks (next best approach).
B) Suppose you only need to guarantee that you can read the document within 5 years (260 weeks) and
Thus you want to minimize the cost to do so. Which approach will do so, how long do you expect it to
Take and how much will it cost in the end?
Cheapest approach: Use the side channel.
It will cost $1,000,000 and take 100 weeks. If we ignore the
Side channel, next cheapest method is to bribe the employee for 15 weeks, then brute-force for 16 weeks
(but this costs 1.5M on bribes alone).
/* Information about the current CD. */
Struct cd {
Int numtracks; /* The number of tracks on this disc. */
Int tracklen[16]; /* The length of each track on the disc, in seconds. */
Void (*notify)(struct cd *); /* Call this whenever the CD info changes. */
};
Struct cd *curcd = makestructcd();
/* Update the length of track number ’track’. */
Void update_cdinfo(int track, int newtracklen) {
If (track > 16)
Return;
Curcd->tracklen[track] = newtracklen;
(curcd->notify)(curcd);
}
(Don’t worry about makestructcd() it just allocates and initializes a struct cd.) Assume the
Adversary can arrange for update_cdinfo() to be called with whatever values of track and
Newtracklen he likes (those values may have been read directly off the CD, for instance). Integers and
Pointers are 32bits long. Answer the following questions about this code, concisely:
A) What is the security vulnerability in this code?
Answer 1: Buffer overrun (or array out-of-bounds error): if track=16, then this writes one past the
End of the curcd->tracklen array.
Answer 2: Buffer overrun (or integer overflow error): if track is negative, the array dereference
Curcd->tracklen[track] writes outside the bounds of the curcd->tracklen array (it writes
Before the start of the array).
Either answer is ok
B) How could an attacker exploit this vulnerability to trigger the execution of malicious code? Describe
How the attacker should choose the values of track and newtracklen.
Answer 1: Set track=16 and make newtracklen the address of malicious code loaded somewhere
In the address space of this program. This will overwrite curcd->notify with a pointer to malicious
Code.
Answer 2: Set track to some large negative number chosen so that curcd->tracklen[track]
References, e.G., a return address stored on the stack somewhere, and make newtracklen the address
Of malicious code loaded somewhere in the address space of this program. (There are many possible
Variations on this answer.)
A consortium of printer vendors have come up with a great new protocol to help users automatically
Discover the set of printers on their local network. In this protocol, when the user wants to print something,
The user’s computer automatically broadcasts a Printer Discovery packet.
A Printer Discovery packet is a
UDP packet whose destination address is the broadcast address, and whose source and destination port is
56184. Because this is a broadcast packet, every host on the local network will receive it. Printers
Constantly listen for Printer Discovery packets. Any time that they receive one, they immediately respond
With a Printer Announcement packet. A Printer Announcement packet is a UDP packet whose destination
Address is the broadcast address, and whose source and destination port is 56185; its payload identifies the
Name of the printer, the printer’s IP address, and any special options supported by the printer (e.G., 2-sided
Printing, color printing, 3D printing, etc). The Printer Announcement packet is broadcast to the entire
Network, so that other hosts on the local network can also learn about this printer. Whenever a machine
Receives a Printer Announcement packet, it checks that the source address of the packet matches the
Printer’s IP address found in the payload. In case of a mismatch, it ignores the packet. Otherwise, it accepts
The packet and adds this printer to its list of known printers. To accommodate changes in address
Assignment, if the machine’s list of known printers already contains a printer with the same name, the
Machine overwrites the previous entry in its list with the information found in the newly received packet.
Victor the Victim is about to connect his laptop to a local switched Ethernet network. His laptop will use
This printer discovery protocol to look for a printer, and then Victor will connect to one of the printers
Found in this way and send it a sensitive corporate document to be printed. Meanwhile, Hermione the
Hacker is attached to this same network. Hermione has the ability to inject packets onto this network and to
Receive all broadcast packets, but she cannot eavesdrop on other traffic. The printers are in locked rooms
That Hermione does not have access to, and Hermione has not been able to hack or access any of the
Machines or printers attached to this network, so her only hope is to attack the printer discovery protocol.
A) Can Hermione arrange to learn the contents of Victor’s document, without physically accessing any of
The printers? If yes, describe the attack, if no explain why the attack isn’t possible.
Yes. Hermione can observe Victor’s Printer Discovery packet and the real printers’ Printer
Announcement packets, then (before Victor prints the document) broadcast Printer Announcement
Packets containing Hermione’s IP address but the name of the other printers. When Victor prints his
Document, he will send it to Hermione, and Hermione can see the contents of the document. Hermione
Can then optionally forward the document on to the printer so Victor doesn’t notice anything amiss.
B) Can Hermione modify what is printed on the printer? In other words, Hermione wants to replace
Victor’s chosen document with something else Hermione has chosen, hopefully without Victor
Noticing. It’s not acceptable if Victor’s original document gets printed in addition to Hermione’s
Replacement, because then Victor might notice and get suspicious. Can Hermione mount such an attack
Without physically accessing any printers? If yes, describe the attack, if not explain why the attack isn’t
Possible.
Yes. Do the same as in (a), except modify the document before forwarding it on to the printer.
(8 pts) Worms/Malware/Spam
Consider two random scanning worms (i.E., like Code Red or Slammer) called A and B, that each select IP
Addresses to infect at random (out of roughly 4 billion IP addresses on the Internet). Worm A targets a
Vulnerability present in 1,000,000 hosts and each worm instance targets 10 IP random addresses per second.
Worm B targets a different vulnerability present in 10,000 hosts, but targets 1000 IP random addresses per
Second.
A) Assuming both worms start at the same time, after one minute which worm do you expect will have
Compromised more additional hosts and why?
In the beginning of Worm A’s growth the probability of finding a new host to infect is roughly 1M/4B
(or 1/4000) and each second worm A will try 10 times for an expected rate of 1/40. Thus after one
Minute we expect worm A will have compromised one other host. By contrast, Worm B’s expected
Growth rate will be 1/400… and we expect it will not have encountered another vulnerable host in one
Minute.
B) Same question, but after one day?
After one day, the Code Red worm infected virtually all 350k hosts scanning at a rate of approximate
10/second like Worm A. We expect that Worm A will do at least as well and will easily exceed the
Maximum number of infectable hosts in Worm B of 10,000.
C) Web mail providers, such as Yahoo, Hotmail and Gmail, automatically filter spam using automated
Techniques using both content and sender reputation. However, they also integrate user feedback as
Well. Thus, there is typically a button users can click labeled, “This is spam”, when reading a message
In your Inbox, as well as “This is not spam” when reviewing messages in your Junk folder (where it
Files messages it believes are spam). Such feedback could be used to directly train the underlying spam
Classifiers (e.G., messages labeled “is not spam” are instances of known good messages, while messages
Labeled “is spam” are known bad messages). However, there are real problems with doing this in
Practice. Explain what you think these problems might be.
An adversary can create fake accounts, send themselves spam then login and mark each spam message
“this is not spam” to poison the training set for the classifier. Alternatively, they could send themselves
Legitimate messages and market it as spam thus increasing the overall false positive rate.
D) You encounter a new piece of malware.
When it starts, it spawns a thread that executes: sleep(120)
(effectively waiting for two minutes) after which it decrypts the malware payload and starts executing
It. What anti-virus defense is the sleep call designed to work around?
This is designed to bypass generic decryption. The hope is that the AV program will refuse to simulate
The malware’s execution for two minutes and thus will miss the opportunity to see the malware’s
Plaintext for matching.