1. a. Define the properties of a one-way hash function. (6 marks)



Similar documents
Client Server Registration Protocol

Certificate Authorities and Public Keys. How they work and 10+ ways to hack them.

Practice Questions. CS161 Computer Security, Fall 2008

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Authentication Applications

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

CSE/EE 461 Lecture 23

How To Use Kerberos

SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Security: Focus of Control. Authentication

Chapter 16: Authentication in Distributed System

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

Authentication Applications

SENSE Security overview 2014

Dashlane Security Whitepaper

Chapter 8. Network Security

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

User Guide. The AMF's File Transfer Service (FTS)

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

CS Computer Security Third topic: Crypto Support Sys

CS 161 Computer Security Spring 2010 Paxson/Wagner MT2

Lecture 9: Application of Cryptography

CS155. Cryptography Overview

CS 494/594 Computer and Network Security

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

Chapter 17. Transport-Level Security

EXAM questions for the course TTM Information Security May Part 1

SECURITY IN NETWORKS

Authentication Application

Q: Why security protocols?

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Single Sign-On Secure Authentication Password Mechanism

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

IPSEC: IKE. Markus Hidell Based on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Security. Learning Objectives. This module will help you...

CS 758: Cryptography / Network Security

Table of Contents. Bibliografische Informationen digitalisiert durch

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

Using etoken for SSL Web Authentication. SSL V3.0 Overview

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

Lecture 9 - Network Security TDTS (ht1)

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security vulnerabilities in the Internet and possible solutions

TLS and SRTP for Skype Connect. Technical Datasheet

The Misuse of RC4 in Microsoft Word and Excel

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Using Foundstone CookieDigger to Analyze Web Session Management

SSL/TLS: The Ugly Truth

How To Encrypt Data With Encryption

Module 7 Security CS655! 7-1!

Midterm 2 exam solutions. Please do not read or discuss these solutions in the exam room while others are still taking the exam.

Chapter 8 Network Security. Slides adapted from the book and Tomas Olovsson

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Massachusetts Institute of Technology Handout : Network and Computer Security October 9, 2003 Professor Ronald L. Rivest.

Chapter 7: Network security

Transport Layer Security Protocols

Computer Security. Draft Exam with Answers

Part 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext

Ky Vu DeVry University, Atlanta Georgia College of Arts & Science

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Whitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS

Secure Sockets Layer

CS Final Exam

TOPIC HIERARCHY. Distributed Environment. Security. Kerberos

Network Security Standards. Key distribution Kerberos SSL/TLS

Authentication requirement Authentication function MAC Hash function Security of

Cryptography and Network Security

What is network security?

Key Management and Distribution

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

Kerberos. Login via Password. Keys in Kerberos

Data Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin.

Chapter 7 Transport-Level Security

Cryptography Overview

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, BC. From Italy (?).

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Name: 1. CSE331: Introduction to Networks and Security Fall 2003 Dec. 12, /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35.

lundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal

What is Web Security? Motivation

Application Layer (1)

Security Goals Services

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Network Security. Modes of Operation. Steven M. Bellovin February 3,

Transcription:

1. a. Define the properties of a one-way hash function. (6 marks) A hash function h maps arbitrary length value x to fixed length value y such that: Hard to reverse. Given value y not feasible to find x with y = h(x). Collision freeness. Hard to find values x, x such that h(x) = h(x ). Unpredictability. The hash value h(x) does not give any information about any part of its operand x. b. Following an intrusion at Adobe (October 2013), attackers gained access to a user password file. It is believed that each password p was stored in encrypted form in the file as using triple DES (ECB mode) where K A is a secret Adobe master key. Describe two security weaknesses of this scheme. (6 marks)

c. Continuing Question 1 (b), describe how the passwords should have been stored and explain how your scheme defends against a pre-computation dictionary attack. (6 marks)

d. The following Java code generates a symmetric cipher based on a random session key. Give a Java code fragment that encrypts the contents of a file using this key. (6 marks)??? //creating file output stream to write to file try(fileoutputstream fos = new FileOutputStream(fname+".des")){ //creating object output stream to write objects to file ObjectOutputStream oos = new ObjectOutputStream(fos);

oos.writeobject(key); //saving key to file for use during decryption //creating file input stream to read contents for encryption try(fileinputstream fis = new FileInputStream(fname)){ //creating cipher output stream to write encrypted contents try(cipheroutputstream cos = new CipherOutputStream(fos, cipher)){ int read; byte buf[] = new byte[4096]; while((read = fis.read(buf))!= -1) //reading from file cos.write(buf, 0, read); //encrypting and writing to file e. Identify and explain any security vulnerabilities in the code in Question 1(d) above. (6 marks)???

2. Consider the following Needham-Schroeder style authentication protocol, whereby initiator A asks Authentication Server Y for a session key K AB that it can use with service B. Principles A and B share long-term secret keys K AT and K BT with server T, respectively; N A is a nonce and { } K denotes symmetric key encryption with secret key K. a) Describe an attack on the protocol whereby Eve can masquerade as A to B. (10 marks)

b) Revise the protocol so that: it eliminates the vulnerability in Question 2(a): provides mutual authentication between A and B and supports key revocation in the event that K AT is compromised. (10 marks)

c) Alice logs into the workstation corresponding to Principle A and K AT is determined by her password. Alice does not want to give her password every time she uses the protocol to request services, however, she is concerned about the workstation storing long-term key K AT for the duration of her login session. Describe how the protocol can be revised to provide single-sign-on for Alice while addressing her password security concerns. (5 marks)

3. The following SSL-style protocol fragment establishes a secure connection between browser B and web-server A: where K A is the public key owned by A, K ab is a symmetric key proposed by A and N B is a nonce. In a Protocol Msg 1, { }K ab denotes symmetric key encryption in Protocol Msg 2. a) Explain how the protocol should be extended to support public key certificates. Your answer should include a revision of the protocol, description certificate)s) content and how it is used by the browser / web server. (10 marks)

b) The protocol assumes that B is competent to generate a good session key K ab. Give an example of why this might not be the case. Revise the protocol so it uses a Diffe- Hellman key exchange to establish the session key K ab. (10 marks)

c) Apple ios comes with a pre-installed trusted Certificate Authority (CA) certificate from a foreign military agency. Describe how this agency might spy on a user s secure (HTTPS) web browsing. (5 marks)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information