CS 134: Computer and Network Security, Winter 2016

Homework 3
Due: Friday, 03/11/2016 at 12:00pm (Noon)
Full Name:
UCI ID Number:
Sources:
Guidelines:
a) Use any word processor (or handwrite and scan your answers). Upload your solutions as a PDF
to the class dropbox.
b) No collaboration is allowed.
c) Looking up, paraphrasing or copying answers from the internet or other sources is not allowed,
and to do so would be a violation of academic honesty. You must report any sources you used
to arrive at your answers.
Warning: any submissions not following the above guidelines may receive a score of zero.

Problem 1: Access Control

SnailMail, a cutting-edge new email start-up, is setting up building access for its employees. There
are two types of employees: managers and engineers, and there are three departments: Security,
Networking, and Applications. Each employee works in a single department, and each department
is housed on a different floor. Managers are allowed access to any floor, while engineers are allowed
access only to their own floor. There are three badge-operated elevators, each going up to only one
distinct floor. Every employee has a badge.
SnailMail wants to use the best possible access control method in order to minimize delay at
the elevators.
a) Which of the following would would you recommend that SnailMail use: (1) Access Control
Matrix, (2) Access Control Lists, or (3) Capabilities? Make sure to justify your answer.
b) What, if any, would be the benefits (and/or disadvantages) of using RBAC (Role-Based Access
Control) in this situation?

Solution:

Problem 2: Certificate Revocation Trees

SnailMails Certificate Authority (SM-CA) has issued a total of 100, 000 certificates. Of those,
16, 348 have been revoked. SM-CA uses a Certificate Revocation Tree (CRT) to represent revoked
certificates. Each time a CRT is issued or updated, SM-CA hand off the CRT to an untrusted (but
reliable) on-line server CRT-SRV which is responsible for storing (and answering queries about) the
most up-to-date CRT.
a) What is the height of the CRT? Is it balanced? Why or why not?
b) If another certificate is revoked, what needs to be done (e.g., re-computes and/or re-signed) to
update the CRT?
Suppose that an employee (Alice) wants to check whether Bobs certificate is revoked. She queries
CRT-SRV with certificate number 42 (Bobs certificate number).
c) How long is the answer to her query and what does it contain?
d) How does Alice use the answer to determine whether Bobs certificate is valid or revoked?
e) How many hashes and/or signature verifications does Alice need to perform as part of this task?

Solution:

Problem 3: Authentication Protocols

Recall the simplest one-way (single-message) X.509 authentication protocol presented on slide 23
of lecture 14. For each of the following changes, state (and justify) whether the change increases,
decreases, or has no effect on, security of the protocol:
a) Instead of including timestamp ta and random nonce ra , Alice uses a 12-bit counter c, which she
increments each time she authenticates herself to Bob. Bob keeps track of the current value of
the counter.
b) Instead of signing authentication data with her private key, Alice encrypts that data with Bobs
public key.

Solution:

Problem 4: Certificate Revocation and Trust

Alice and Bob are communicating via SnailMail internal email, which requires every message to be
signed by the sender. Bob is on vacation when he receives four messages from Alice: (1) one on
Monday night, (2) one Tuesday morning, (3) one Wednesday morning, and (4) one Thursday
night. Bob doesnt check any of these (or verify their signatures) until he gets back Friday morning,
when he checks all four. All signatures are valid. However, later that day (Friday), Bob receives
his weekly CRL, which states that Alices certificate has been revoked.
For the following scenarios, explain which (if any) of Alices messages should be trusted (or not)
and justify your reasoning:
a) Alice changed her job title (changed departments) on Wednesday and her certificate was revoked.
b) Alices private key was compromised; she reported the theft on Thursday at 3pm.

Solution:

Problem 5: Tor
Suppose Alice and Bob are communicating using Tor. Alice wants to send a message M to Bob via
Tor routers 1,2, and 3.

a) At each edge (connector between adjacent routers), what is the structure of the encrypted
message?
b) What will Eve learn if she controls intermediary 2?
c) What will Eve learn if she controls intermediaries 1 and 3?
d) What will Eve learn if she controls intermediaries 1, 2, and 3?

Solution: