1. Review Questions
(a) 5 points In key distribution and management, two types of keys are generally used: master key
and session key. In WhatsApp Secuirty white paper, a key distribution and management mechanism
has been employed for end-to-end encryption. Which of these keys will you categorize as a master
key and session key(s)? Explain your answer.
(b) 3 points For distribution of public keys, brie
y describe why do we prefer public key certificates
over public key authority.
(c) 5 points For SSL, following protocols are used: SSL handshake protocol; SSL change cipher spec
protocol; SSL alert protocol; SSL record protocol. What is the function of SSL handshake protocol?
From your web browser, gure out dierent security parameters exchanged by SSL handshake
protocol with https://www.google.com.au/.
(d) 2 points What mechanisms can a virus use to conceal itself?
(e) 2 points What means can a worm use to access remote systems to propagate?
(f) 3 points What metrics are useful for prole-based intrusion detection?
(a) 10 points In your internet browser (Firefox, Chrome, or any of your favourite browser), view the
Public Key certicate for www.google.com.au Provide a screenshot for the certicate you viewed.
Also, gure out the values for the following elds in the certicate. Please refer to Fig 14.15 in the
book for dierent elds in the certicate.
1. what is the version of the certicate (X.509 version)
2. what is the certicate signature algorithm used?
3. what is the value of the certicate signature?
4. what is the public key in the certicate
5. what is the validity period of the certicate
(b) 5 points Assume you have found a USB memory stick in your work parking area. What threats
might this pose to your work computer should you just plug the memory stick in and examine its
contents? In particular, consider whether each of the malware propagation mechanisms we discuss
could use such a memory stick for transport. What steps could you take to mitigate these threats
and safely determine the contents of the memory stick?
(c) 5 points Suppose you observe that your home PC is responding very slowly to information requests
from the net. And then you further observe that your network gateway shows high levels of network
activity, even though you have closed your e-mail client, Web browser, and other programs that
access the net. What types of malware could cause these symptoms? Discuss how the malware
might have gained access to your system. What steps can you take to check whether this has
occurred? If you do identify malware on your PC, how can you restore it to safe operation?
(d) 5 points Suppose you have a new smartphone and are excited about the range of apps available
for it. You read about a really interesting new game that is available for your phone. You do a
quick Web search for it and see that a version is available from one of the free marketplaces. When
you download and start to install this app, you are asked to approve the access permissions granted
to it. You see that it wants permission to Send SMS messages and to Access your address-book.
Should you be suspicious that a game wants these types of permissions? What threat might the
app pose to your smartphone? Should you grant these permissions and proceed to install it? What
types of malware might it be?
(e) 5 points A common management requirement is that "all external Web trac must
ow via the
organization's Web proxy." However, that requirement is easier stated than implemented. Discuss
the various problems and issues, possible solutions, and limitations with supporting this require-
ment. In particular consider issues such as identifying exactly what constitutes "Web trac" and
how it may be monitored, given the large range of ports and various protocols used by Web browsers