Homework 7 - Chapters 7 and 8 (Extra Credit)

Since this is an extra credit assignment, no late submissions will be accepted. The material in this assignment may be on the final. A solution will be posted in the solution directory shortly after 5pm on Monday.

Each question is worth 2 points.

1. DNS queries are done via UDP. How does a DNS client handle lost UDP packets (either the query or the reply), since UDP does no retransmission?
2. Can multiple IP addresses have the same domain name? If yes, explain the motivation behind allowing this. If no, explain why not.
3. Email addresses are typical of the form username@machine.domain. How is DNS used to find the appropriate mail server for an email address?
4. What is the purpose of MIME types?
5. Why are web pages prefixed with MIME headers when served to the client?
6. At what level in the protocol stack (e.g. data link, network, etc) must a stateful inspection firewall operate? Justify your answer.
7. What is the primary difference between symmetric key and public key encryption algorithms?
8. A bank wants to make online banking easy for its customers. After a customer signs up and is authenticated by a password, the bank returns a persistent cookie containing a customer ID number. In this way, the customer does not have to type a password on all future visits. What do you think of this idea? Will it work? How does it vary from Kerberos tickets?
9. A fundamental cryptographic principle states that all messages must have redundancy. But redundancy helps an intruder tell if a guessed password is correct. Consider two forms of redundancy. First, the initial n bits of the plaintext contain a known pattern. Second, the final n bits of the message contain a hash over the message. From a security point of view, are these two equivalent? Discuss your answer.
10. When using Diffie-Hellman key exchange, why is it difficult to protect against a man-in-the-middle attack when neither party has any a priori knowledge of each other, such as the server public key in SSH?