Run NMAP to scan the classroom Linux network subnet.

Run NMAP to scan the classroom Linux network subnet.

• Read the following scenario and then answer the questions that follow:

Your security intuition tells you that you have something wrong with the network in your company. You are afraid that your network may have been compromised. Use your detective skills and NMAP to scan your network looking for any anomaly(s) you can find. Gather as much information as you can. Add these switches to your scans to cut down on the scan time:   -F   -T4   -n

• Run NMAP to scan the classroom Linux network subnet.

1. What anomaly(s) do you see from the scan you last performed? Try to find out as much as you can about the unknown host(s). Please don’t simply submit pages of NMAP output – summarize it or cut and paste only relative findings.
2. Do you see any new IP address(s)?
3. What ports are open on this / these host(s)?
4. Can you identify the operating system(s)?
5. Describe any other discoveries.
6. What approach / commands did you use to determine your findings?

• Now that you know you have been compromised, you are afraid that you may be fired. After all, it’s your job to stop this from occurring. Your emotions are running high and you want to catch this person. Revenge and retaliation are all you can think of.

1. How would you attack this unknown host?
2. What vulnerabilities can you exploit?
   • How would you do this?
   • Is this legal or the smart thing to do?
   • Explain your answer.

Part 2 Encrytion

1. (2 pts) In our definition of a secure channel, what are the two things that an eavesdropper is “allowed” to learn? Why do our constructions allow the eavesdropper to learn them?

2. (4 pts) You are placing an order with an online retailer. To complete a purchase, your web browser sends a single encrypted, authenticated message to the web site, consisting only of the following information: a) your credit card information, b) the item number and quantity being ordered. Assume the encryption and authentication are otherwise done securely.

1. Say an adversary is sitting between you and the retailer, with the ability to intercept traffic and send messages. Describe an attack the adversary could carry out to “max out” your credit card. What type of attack is this?
2. What could the retailer do to prevent this attack, simply by changing what data is sent in the single encrypted, authenticated message?

3. (4 pts) The following sentences describe steps that are used to generate a ciphertext c and authentication tag t.“The message number i is concatenated with the message and encrypted with key K_enc to produce the ciphertext. The key K_auth , i , and the message are concatenated together and the result is hashed with SHA-384 to produce the tag.”Write these definitions of c and t in the symbolic notation that is used in class and the textbook.
4. (2 pts) If an adversary knows the process by which a 128-bit key is generated, and this process is known to incorporate only 79 bits of entropy, with what probability can the adversary guess it correctly with a single guess?

5. (2 pts) When using physical phenomena (mouse movements, etc.) as a source of entropy for random number generation, why is it unwise to use the measurements directly as random bits?

6. (2 pts) Consider the Debian Linux RNG bug described in class, which potentially allowed all SSL traffic coming from the system to be decrypted. Search online and give the time span between the bug’s introduction and when the vulnerability was announced publicly.

7. (6 pts) Perform the following modular exponentiations using the decomposition method shown in class. You must show work to receive credit.

1. 2⁶⁵ (mod 5)
2. 3¹⁸ (mod 7)
3. 4¹⁹ (mod 11)

8. (4 pts) Compute the value of the totient function φ for each of the following numbers.
   1. φ(13)
   2. φ(15)
   3. φ(16)
   4. φ(20)

9. (4 pts) Is 4 a generator for the group of multiplication modulo 7? Show why this is or is not the case.