CS671 Spring 2021 Homework 4

Networking and Cybersecurity

Dr. Greg M. Bernstein

Due Wednesday, March 24th, 2021 by 11:59PM, 50 points.

General Instructions

The goals of this assignment are getting hands on with digital signatures and certificates, to understand malware, get hands on with some malware detection technology and more.

Create and Use a new Branch hw4

We will create a new git branch called hw4 for use in this assignment. The branch you create must exactly match the one I’ve given you for you to receive any credit for this homework.

Prior to creating this new branch make sure your working directory is “clean”, i.e., consistent with the last commit you did when you turned in homework 3. Follow the procedures in GitHub for Classroom Use to create the new branch, i.e., git checkout -b hw4. Review the section on submission for using push with a new branch.

Use README.md for Answers

You will modify the README.md file in your repo to contain the answers to this homework.

Questions

Question 1. (10 pts)

(a) Multiple choice Chapter 8

Questions from Chapter 8 of the course text:

Question Answer Question Answer
1 2
3 13
16 17
18

(b) Secure Hashes

As in the course notes compute the SHA256 hash of a text file. It can be any file but it needs to be longer than 3kB. Change one character in the file. Recompute the hash. Change that character back to its original value and recompute the hash.

Show the following:

  1. Name of the file and its length
  2. Original hash of the file in hex.
  3. Hash of the modified file in hex.
  4. Hash of the file after you undid the change.

(c) Key Exchanges

Like in the course notes you will perform a key exchange using public key cryptography to yield a shared secret key for use in symmetric cryptography. See X25519 key exchange.

Use the following Python imports:

from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey
from cryptography.hazmat.primitives import serialization

Also use code like the following to print out public keys in a standard text format:

print(bob_public_key.public_bytes(encoding=serialization.Encoding.PEM, 
                            format=serialization.PublicFormat.SubjectPublicKeyInfo))

Do and answer the following:

  1. Generate X25519 private and public keys for a user named Alice. Show Alice’s public key here in standard format.
  2. Generate X25519 private and public keys for a user named Bob. Show Bob’s public key here in standard format.
  3. Have Alice generate a secret key for use with Bob. Which of Bob’s key’s should key get and use. Use the X25519 key exchange algorithm. Show the hex for this secret key.
  4. Have Bob generate a secret key for use with Alice. Which of Alice’s key’s should key get and use. Use the X25519 key exchange algorithm. Show the hex for this secret key.
  5. Are the symmetric secret keys that Alice and Bob generated the same?
  6. How long are the symmetric secret keys generated? Which symmetric algorithm can use a key of this length?

Question 2. (10 pts)

(a) WireShark and TLS Capture

Use WireShark to capture the TLS handshake when you open a new browser tab or window to a website different from what I showed in class. Then do and answer the following:

  1. Take a screenshot of the Client Hello packet. I get something like:
Client Hello
  1. How many different cipher suites is you client willing to accept? List the first five here.

  2. Take a screenshot of the Server Hello packet. I get something like:

Server Hello
  1. What cipher suite did the client and server decide to use? In particular what was the block cipher? What was the block cipher mode? And what was the cryptographic hash algorithm?

(b) Certificates

Visit a website supporting HTTPS (Chrome is easiest to get certificate information from) and answer the following questions about the X.509 certificate for the website:

  1. Who is the certificate issued to?
  2. What is the certification path, i.e., who signed the certificate
  3. What is type and length of the public key
  4. What signature algorithm was used?
  5. What are the validity dates?

(c) Digital Signatures

As in the course slides you will use Elliptic curve public key cryptography to (securely) sign and verify a message. Reference ED25519.

Do and answer the following:

  1. Create Ed25519 private and public keys.
  2. Show your public key in a standard text format here.
  3. Create a simple text message (it must be different from mine in the class notes)
  4. Generate a signature with Ed25519. How long is the signature? Which key was used to generate the signature.
  5. Verify the signature using the Ed25519 algorithm. Which key did you use to verify the signature?
  6. Modify the message by one character. Try to verify the modified message against the signature.

Show your Python code here.

Question 3. (10 pts)

(a) CyBOK Malware Dimensions

Read section 1 of Malware & Attack Technologies. What are the “six dimensions” of Malware that they discuss?

(b) Advanced Malware Study

Read the A Deep Dive into Lokibot Infection Chain from January 2021 and answer the following questions.

  1. What is the malicious goal of Lokibot?
  2. What is the prime attack vector, i.e., how does it first get into a system?
  3. What language do the current targets speak?
  4. What techniques does the Malware use to hide itself?
  5. What is a dropper?
  6. What is UAC and why is Lokibot trying to bypass it?

(c) Testing AntiVirus Software

Go to the Anti Malware Testing Standards Organization (AMTSO) security features check and run the following tests and report how your system did.

  1. Detects Manually Downloaded Malware
  2. Detects drive-by downloads of malware
  3. Detects compressed malware

If your system did not automatically detect all these threats what safeguards could you take to enhance your security?

Question 4. (10 pts)

In this question we are going to get hands on with YARA. You will need to install the simple YARA command on your system per the instructions. Note: you do not need to build it. The YARA Zip with executables for Windows was around 2MB, i.e., pretty small.

We are going to use YARA to detect some file formats from their contents and not their file extension. See the page File signatures for information on many file types.

(a) Detect JPEG files

Write a YARA rule to detect JPEG files. Show that rule here.

(b) Detect PNG files

Write a YARA rule to detect PNG files. Show that rule here.

(c) Detect Zip files

Many email systems prevent the sending of Zip files so users give the file a different extension. Write a YARA rule to detect Zip files. Show that rule here.

Question 5. (10 pts)

It is time to get started with the research projects. The theme this semester is privacy and in particular privacy on the Web. Choose one or more of the following potential topics:

  1. Web Tracking: Who is tracking you and why?
  2. How they track us around the web: Current Techniques and technologies what are they?
  3. Ad blocker extensions for browsers: Which are tracking you? How do they work?
  4. Privacy enhancing tools: What is Firefox and/or Chrome doing to help or hurt?
  5. Browser privacy extensions: do they help? how do they work?

Our goal is a report at the end of the semester suitable for explaining the techniques or technology in a way that gets to the computer science roots of the issue and is understandable by a student in CS671 (or CS351/CS651 web development).

You will start by performing searches to gather online references. Find approximately five references on one of the topics listed above. Make sure that you find a range of coverage, i.e., some general information, some very technical information. List those references here with your initial assessment of the usefulness of the references and the level of technical depth.