Final Exam ST: Security in Emerging Networks Due: August 2, 2018

Instructions:

I. This is a take home exam with strict due date/time. II. You have all the available resources to answer these questions. Use of any outside resources (web pages, books, etc.) must

be cited. The answers must be yours completely. III. Sharing your answerers with colleagues is considered plagiarism and will result in a grade ”F” for the course. IV. You must submit your homework electronically only in .pdf format to the Blackboard.

1. A stateless packet-filter firewall decides whether to allow a packet to traverse the firewall based on the TCP/IP header of the packet, without regard to past traffic through the firewall. Assume that a stateless packet-filter firewall is installed between an enterprise network and the external Internet, for the purpose of protecting users on the enterprise network. Briefly explain which of the following attacks can be detected (or mitigated) and how?

(a) Port scanning

(b) Syn flooding

(c) DNS cache poisoning

(d) A Phishing attack in which users are asked to visit a known bad web site

(e) Viruses in incoming email addressed to enterprise users

(f) Domain Name System (DNS) rebinding

2. Blockchain is a significant paradigm shift from centralized database systems to a completely decentralized systems with no authoritative access and no authoritative database.

(a) Explain how distrustful parties can maintain a clean state and what is the minimum requirement to maintain that.

(b) Explain how validation of a process (transaction) has been implemented.

(c) Explain with sufficient detail how Proof of Work (PoW) works as a solution to the Byzantine Generals problem.

(d) What incentive miners will have to commit their resources when creation of new coins stops at 21M?

3. Currently BitCoin is both computationally expensive and communicationally extensive.

(a) Explain ways to reduce either computation and communication overheads.

(b) In order for an actor to be elected as a leader and choose the next block to be added to the Blockchain, the miner has to find a solution to a particular mathematical problem, which is: Given data X , find a number n such as that the hash of n appended to X results is a number less than Y . Is this problem unique for Blockchain? Can a new designer of a cryptocurrency use a better game to solve. Explain.

(c) Explain the role of symmetric and asymmetric key encryption algorithms as well hash functions in Blockchain. Where do we use each and how?

(d) Explain how double-spending is prevented in BitCoin.

4. Explain how Internet of the Things (IoT) security can be provisioned given the following constraints.

(a) Limited IP address space.

(b) Limited IoT processing power.

(c) Diversity of the the underlying operating systems.

(d) Multi-vendor architecture.

5. The major advantage of Software Defined Networking (SDN) is programmability of lower-level devices (switches, routers,links) by SDN layer. The drawback is creating room for hardware and software vulnerabilities.

(a) Explain how separation of control path from data path helps SDN functionality.

(b) What new vulnerabilities SDN brings that we do not have in a traditional network (i.e., TCP/IP)?

(c) While Firewall and Distributed Denial of Service Attack (DDoS) attack mitigator are not new concepts. What makes them different in the context of SDN.

(d) Explain the role of

i. Application Control Interface in SDN. ii. Resource Control Interface in SDN.

CS 4/69995 August 2, 2018 Page 1 of 1