Network Security Exercises

Background:

Suppose a web server does not provide HTTPS but HTTP only. It provides a function for users to change the users' passwords. Suppose an adversary is eavesdropping the communication between users and the web server. The web server can use javascript to protect all transmitted sensitive passwords.

Question1

Implement the coding BASED on the resource at http://www.uow.edu.au/~fuchun/2019/A1.html

The implementation must satisfy the following requirements.

• When click the "CHANGE PASSWORD NOW", it will post the information to the visual address http://www.uow.edu.au/~fuchun/2019/A1.php
• Use the post method.
• The form data is

T: The current Unix time
H(): The MD5 hash function
N: Your student number
|: character concatenation
OP: old password
NP: new password
XOR: bit XOR operation

• You can download the codes of MD5 from the internet.
• A sample about securing login is given at http://www.uow.edu.au/~fuchun/2019/A1example.zip

Question 2

Describe which parts are the most difficult for you when you tried to do the programming and how you solved them.

Question 3

Describe how the server verifies and updates passwords for users in Q1.

Question 4

Describe the differences between hub, switch and router.

Question 5

Describe and briefly explain what are changed in the VPN network. Here, "what" refers to IP address, MAC address and Port number.

Question 6

Briefly explain what is man-in-the-middle attack.

Question 7

Explain the reason why replaying attack is related to integrity security.

Question 8

(Lecture 3, page 16) List another solution for Alice if she doesn't have a secure website to publish H(S).

Question 9

Use algorithms to describe how Alice runs a hybrid encryption to send a digital movie to Bob.

Question 10

Describe how to compute the group element

(gh^xu^y)^1/z

Here, we have group elements g,h,u and integers x,y,z.