1.Certificates and TLS Alice is the CEO of a company that provides all its employees with a laptop. Mallory, an employee in the company, is trying to learn Alice’s login information for Alice’s account on a company website. For each of the following attacks, say whether Mallory will be able to learn Alice’s login information. In addition, either explain the attack in more detail or describe why the attack fails. Assume that Alice’s browser communicates only over TLS-protected connections, that the browser will terminate if it detects any TLS-related problems, and that Alice fails to detect phishing attacks.

1. (a)  [2 marks] Mallory sets up a phishing website that looks like the company website and manages to convince Alice to visit this phishing website. Mallory also embeds the verification key of a fake root CA in Alice’s browser. Mallory is in the possession of the corresponding signing key.
2. (b)  [2 marks] Mallory sets up a phishing website that looks like the company website and manages to convince Alice to visit this phishing website. Mallory is using the valid certificate from the actual company website for her phishing website.
3. (c)  [2 marks] Mallory sets up a phishing website that looks like the company website and runs a DNS cache poisoning attack on Alice’s browser such that the browser maps the hostname of the company website to the IP address of Mallory’s phishing website. Her phishing website uses the same certificate as in (b).
4. (d)  [2 marks] Mallory is no longer able to deploy a phishing website but can interfere with Alice’s network traffic. She also knows that the company deploys TLS MITM soft- ware on all its laptops (e.g., Superfish — https://www.eff.org/deeplinks/ 2015/02/further-evidence-lenovo-breaking-https-security-its- laptops) to filter its employees’ traffic for malware. This TLS MITM software dy- namically creates certificates for any websites visited by a laptop user. To sign these certificates, a fake root CA is used, whose verification key is embedded in the browser. The TLS MITM software uses the same hardcoded key pair for the root CA on all laptops.
5. (e)  [2 marks] Same as (d), but whenever the TLS MITM software is installed on a laptop, it creates a fresh key pair for the fake root CA.

ComputerScienceExpert

(11)

Status NEW Posted 06 Jun 2017 01:06 AM My Price 8.00

-----------

Attachments

file 1496712461-Solutions file 2.docx preview (51 words )

H-----------ell-----------o S-----------ir/-----------Mad-----------am ----------- Th-----------ank----------- yo-----------u f-----------or -----------you-----------r i-----------nte-----------res-----------t a-----------nd -----------buy-----------ing----------- my----------- po-----------ste-----------d s-----------olu-----------tio-----------n. -----------Ple-----------ase----------- pi-----------ng -----------me -----------on -----------cha-----------t I----------- am----------- on-----------lin-----------e o-----------r i-----------nbo-----------x m-----------e a----------- me-----------ssa-----------ge -----------I w-----------ill----------- be----------- qu-----------ick-----------ly -----------onl-----------ine----------- an-----------d g-----------ive----------- yo-----------u e-----------xac-----------t f-----------ile----------- an-----------d t-----------he -----------sam-----------e f-----------ile----------- is----------- al-----------so -----------sen-----------t t-----------o y-----------our----------- em-----------ail----------- th-----------at -----------is -----------reg-----------ist-----------ere-----------d o-----------n -----------THI-----------S W-----------EBS-----------ITE-----------. ----------- Th-----------ank----------- yo-----------u -----------

Not Rated(0)

• Buy Answer