cybersecurity- Advanced Network Security

A bank requires for their customers to access their online banking accounts to provides User id for user same, the last diits of their bank card number, and a password with a length between 8 and 12 ASCII characters, including the following restrictions Password must Have at least caracters Heater Have at least number(1.22 ndide both Uppercase and Lower cose characters Password must NOT Contain only one character 11111111 Contain only consecutive characters (12365675orden Confirm Password ay signing a Yagree to the Privacy Policy and Terms of Service Notermomething characters london characters The bank also requires that each password be changed at least once every five years 1. Assume that by conducting the attack using an average modern GPU 15.610 passwords can be tested per second, calculate the probability that hacker can guess a password in the timeframe between two consecutive changes (2 2 hacker controls a network of compromised machines (net) that can be used to launch the attack. The network consists of 1 million compromised machines (bots) located in different countries around the globe. Assume that the machines have approximately the same computing capability. The hacker was a simple strategy consisting of slicing the wername pace in subset of equal tre and assigning a subset to each of the bots to conduct the attack in parallel Calculate the probability that a successful passwoed guess can be obtained in the timeframe between two consecutive changes. Briefly comment the results 3 In order to strengthen the above password scheme, the bank investigates the following two different solutions Vaing an exponential back-off scheme, ie, introduces a delay of x between consecutive failed authentication. The back of scheme begin when attempts to authenticate and fail. The system waits second before se prompting for the name and whentication date. If the user fails again, the system e-prompts after seconds. After a failures, the system wait seconds Using One-Time Password (OTP) token. A standard on displays a variable password consisting of 6 digits. For the sake of simplicity, consider that the OTP rokets are event-based 1 Calculate the probability of successfully breaching an online account for each of the above options in the time period between consecutive password changes) using the botnet, Standard password scheme with exponential back-off using second for the base delay 13.5% b. Multifactor authentication scheme combining standard password and OTT. assuming that the test frequency for (OTT fixed password) pais remain virtually the same as that of single password f. 15.6-10 perses second) 13.5% Discuss the benefits and limitations of each solutions and indicate in your Note: Bass.mes baxcatcast characters.domandat med 12 characters.se The bank also requires that each password be changed at least once every five years 1. Assume that by conducting the attack using an average modem GPU 15.6 10" passwords can be tested per second, calculate the probability that a hacker can guess a password in the timeframe between two consecutive changes. [2] 2. A hacker controls a network of compromised machines (botnet) that can be used to launch the attack. The network consists of 1 million compromised machines (bots) located in different countries around the globe. Assume that the machines have approximately the same computing capability. The hacker uses a simple strategy consisting of slicing the usemame space in subsets of equal size, and assigning a subset to cach of the bots to conduct the attack in parallel. Calculate the probability that a successful password guess can be obtained in the timeframe between two consecutive changes. Briefly comment the results [34 In order to strengthen the above password scheme, the bank investigates the following two different solutions: Using an exponential back-off scheme, i.c., introduces a delay of " between consecutive failed authentications. The back-off scheme begins when a user attempts to authenticate and fails. The system waits x second before re- prompting for the name and authentication data. If the user fails again, the system re-prompts after x'=x seconds. After a failures, the system waits seconds Using One-Time Password (OTP) tokens. A standard token displays a variable password consisting of 6 digits. For the sake of simplicity, consider that the OTP tokens are event-based 3. Calculate the probability of successfully breaching an online account for each of the above options in the time period between 2 consecutive password changes) using the botnet, ie: Standard password scheme with exponential back-off using r=1 / second for the base delay 13.5%) b. Multifactor authentication scheme combining standard password and OTP, assuming that the test frequency for (OTP, fixed password) pairs remains virtually the same as that of single password (ie. 15.6*10 guesses second) [3.5%) 4. Discuss the benefits and limitations of each solutions and indicate (in your opinion) the best option. [3] A bank requires for their customers to access their online banking accounts to provide as User Id (or user name) the last 8 digits of their bank card number, and a password with a length between 8 and 12 ASCII characters, including the following restrictions: ******** Password must: Have at least 8 characters Have at least 1 letter (a, b, c.) Have at least 1 number (1. 2. 3...) Include both Upper case and Lower case characters Password must NOT: Contain only one character (11111111 or aaaaaaaa) Contain only consecutive characters (12345678 or abcdefgh) Confirm Password By signing up. I agree to the Privacy Policy and Terms of Service. Note: Passwords must have at least 8 characters long and at most 12 characters long