Assignment 9, Solutions

Part of the homework for 22C:169, Spring 2011
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

  1. Background:

    Classic Unix systems handle passwords as follows: When a user enters a password, it is immediately hashed using a secure hash function (a one-way function). If the user is changing his password, the hash code is stored in that user's entry in the password file. If the password is being checked, it is compared with the entry in the password file. The password file, /etc/passwd can be read by the public. Each line of this file describes one user, for example: 

            jones:e8u632xuqg1pkx:1000:1000:Doug Jones:/home/jones:/bin/bash

    Fields are separated by colons, the first field is the user name, the second field is the hashed password, the other fields are irrelevant to this question. As Unix has evolved, the particular hash function has changed, but it has always been public knowledge which function was being used. In the 1980's, DES was used as a hash function. Nowdays, SHA-1 woudld be a typical choice. This password file format continues in use today, but the hashed password field has been abandoned.

    Your goal in this question is to work through an analysis of the threats to a classic Unix system. Specifically, the goal of your hypothetical attacker is to break into my account.

    a) Construct a threat tree. Make sure to consider both technical threats and social engineering or other nontechnical threats. Keep in mind that, as a rule, whenever cryptographic technology is used to solve any problem, it is usually the strong link, and the non-cryptographic parts of the problem are likely to be the weak points. (1.0 point)

    Goal: get my password by one of:
        Subgoal: use Social Engineering by all of
            Subsubgoal: find context where I type my password (research)
            Subsubgoal: simulate that context (write code)
            Subsubgoal: get me to use the simulation (fool me into using it)
        Subgoal: spy on me while I type my password (shoulder surfing)
        Subgoal: use spyware to get my password by one of:
            Subsubgoal: get me to type it on your computer by all of
                Subsubsubgoal: install spyware
                Subsubsubgoal: get me to use your computer
            Subsubgoal: install the spyware on my computer by all of
                Subsubsubgoal: get access to my computer
                Subsubsubgoal: install spyware
        Subgoal: Invert the one-way function by one of:
            Subsubgoal: brute force inversion by all of
                Subsubsubgoal: get a lot of computing power
                Subsubsubgoal: write code for a trial and error attack
            Subsubgoal: a dictionary attack by all of
                Subsubsubgoal: get a big on-line dictionary
                Subsubsubgoal: write c0de t0 1eet it!
                Subsubsubgoal: compare hashed words to hashed passwords

    b) Identify an inexpensive attack in your threat tree and enumerate all of the resources required to undertake that attack. Keep in mind that the cost that matters is the expected cost of a successful attack, not the cost of one trial. The expected cost of an attack is the cost per trial divided by the likelihood of success. (1.0 point)

    The dictionary attack is very likely to succeede and is pretty inexpensive. Huge on-line lexicons are available. Translation of words to alternative leet spellings (a1Tern81ve 1eet SpE11ing5) is straightforward and only expands a typical 100,000 word dictionary by a factor of about 1000, giving you a file of 100 million words. This should fit on a thumb drive. Then, all you have to do is hash and hash and hash again, comparing each hash to the hashed entry in the password file, until you get a match.

    Resources: A computer, a dictionary, and some fairly simple software that a second-year student could probably write.

    If you can listen to me type my password, you might even know the right number of keystrokes, thereby simplifying your work.

  2. Background: Consider the following items in a military security:
    1. Where you think the opposing army was yesterday
    2. Where you think the opposing army is located
    3. Where you think the opposing army is going
    4. Why you think the opposing army is moving in that direction
    5. Your estimate of the strength of the opposing army
    6. The location of your army yesterday
    7. The current location of your army
    8. The planned location of your army tomorrow
    9. Why your army is moving in that direction
    10. The strength of your army

    A Problem: Place these in a partial ordering, presented as a directed graph with numbered vertices and arrows pointing from more sensitive to less sensitive topics. Omit redundant links! That is, if A>B>C, there is no need to state, also, that A>C. (1.0 point)

    Fairly obvious orderings:
      3 > 2 > 1
      8 > 7 > 6

    Less obvious, but the reasons for an army's movement explain the predicted location, and also, the predicted location may suggest a theory about why it is moving, so:
      4 > 2 and possibly 4 > 3
      9 > 7 and possibly 9 > 8

    Less obvious, unless there is some battle or epidemic, an army's strength is probably not highly dynamic, so whatever intelligence I had about the army yesterday should be enough to guess its strength tomorrow, so I guess that:
      2 > 5
      7 > 10

    How I know about the opposing army was not mentioned. This is more secret than the location, since if they know how I know, they can try to provide misinformation. It is hard to say whether my information about their army is more secret than my information about my own army. The reason for secrecy is different. I do not want the enemy to know where my army is, and I do not want them to know how accurate my intelligence is about them. Without context, the releative values of these cannot be assessed -- they may be marching openly, trying to intimidate me, or they may be planning a sneak attack, hoping I have no idea where they are.

  3. Background: The Bell-LaPadula model focuses on information flow in a military-style hierarchy of classification levels. The emphasis is on preventing leaks of privileged information, so information only flows up the hierarchy.

    a) Data Diodes were invented as an enforcement mechanism for the Bell-LaPadula model, with one computer (or network) used to hold data at each classification level and data diodes controlling the flow of information between levels. The physical system built using computers connected by data diodes does not fully enforce the Bell-LaPadula constraints. How does it fail? Hint: There is an inequality. (1.0 point)

    The Bell-LaPadula model says that I can write data at or above my classification and read data at or below it. With data diodes, I can only read data at my level that someone else has pushed up to me, and I am left with a choice about what data I push up to higher levels. So, if I am operating at the Secret level and I create some Secret data that I do not push up to the TopSecret level, nobody at the TopSecret level can see it. Furthermore, if I create data that ought to be TopSecret, I can forget to push it upward.

    b) Consider the relationship between the computer controlling the nuclear reactor in a power plant, the computer controlling the connection between the power plant and the electrical transmission network, and the power company web server that provides information to the police and the public. Is the Bell-LaPadula model applicable here? Is there some general principle involved? (1.0 point)

    The Bell-LaPadula model is not applicable here. In this case, the information created on the secure computer is not classified. The computer is considered secure because of reliability constraints, not information sensitivity.