CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

Similar documents
CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Computer Security: Principles and Practice

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Overview of Public-Key Cryptography

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Authentication requirement Authentication function MAC Hash function Security of

Digital Signature. Raj Jain. Washington University in St. Louis

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Public Key Cryptography: RSA and Lots of Number Theory

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

The application of prime numbers to RSA encryption

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

CSCE 465 Computer & Network Security

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Client Server Registration Protocol

Introduction to Cryptography CS 355

Message Authentication Codes. Lecture Outline

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

CRYPTOGRAPHY IN NETWORK SECURITY

Digital Signatures. Prof. Zeph Grunschlag

CS 758: Cryptography / Network Security

RSA Attacks. By Abdulaziz Alrasheed and Fatima

Practice Questions. CS161 Computer Security, Fall 2008

Cryptography and Network Security Digital Signature

Principles of Network Security

Elements of Applied Cryptography Public key encryption

RSA and Primality Testing

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

EXAM questions for the course TTM Information Security May Part 1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Public Key Cryptography and RSA. Review: Number Theory Basics

Introduction to Computer Security

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

SECURITY IN NETWORKS

1 Message Authentication

Message Authentication Codes


Authentication, digital signatures, PRNG

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Network Security. HIT Shimrit Tzur-David

Public Key Cryptography Overview

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

RSA Encryption. Tom Davis October 10, 2003

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Application Layer (1)

CIS 5371 Cryptography. 8. Encryption --

Network Security Technology Network Management

Cryptography: Authentication, Blind Signatures, and Digital Cash

Cryptography and Network Security Chapter 12

Chapter 7: Network security

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Authenticated encryption

Notes on Network Security Prof. Hemant K. Soni

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

CS Computer Security Third topic: Crypto Support Sys

Advanced Cryptography

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Cryptographic Hash Functions Message Authentication Digital Signatures

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Message Authentication Code

SSL A discussion of the Secure Socket Layer

Signature Schemes. CSG 252 Fall Riccardo Pucella

Public Key (asymmetric) Cryptography

Cryptography and Network Security Chapter 9

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Schnorr Signcryption. Combining public key encryption with Schnorr digital signature. Laura Savu, University of Bucharest, Romania

Computer Science A Cryptography and Data Security. Claude Crépeau

Lecture 9: Application of Cryptography

MACs Message authentication and integrity. Table of contents

Massachusetts Institute of Technology Handout : Network and Computer Security October 9, 2003 Professor Ronald L. Rivest.

VoteID 2011 Internet Voting System with Cast as Intended Verification

Digital signatures. Informal properties

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 13

Security Sensor Network. Biswajit panja

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

A New Efficient Digital Signature Scheme Algorithm based on Block cipher

Elliptic Curve Cryptography Methods Debbie Roser Math\CS 4890

Information Security

SFWR ENG 4C03 - Computer Networks & Computer Security

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

EXAM questions for the course TTM Information Security June Part 1

Public Key Cryptography. c Eli Biham - March 30, Public Key Cryptography

Module: Applied Cryptography. Professor Patrick McDaniel Fall CSE543 - Introduction to Computer and Network Security

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Lecture 9 - Message Authentication Codes

1 Signatures vs. MACs

Transcription:

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch September 20, 2004 1 Consider slide 12 in the handout for topic 22 Prove that the decryption process of a one-round Feistel cipher is the same as the input of the corresponding encryption process That is, (L 2, R 2 ) = (L 0, R 0 ) R 0 = L 1 = R 2 = R 0 = L 1 = R 2 L 2 = R 1 = L 0 F (R 0, K 1 ) = L 2 F (R2, K 1 ) = R 1 F (R0, K 1 ) = L 0 2 Random J Protocol-Designer has been told to design a scheme to prevent messages from being modified by an intruder Random J decides to append to each message a hash of that message Why doesn t this solve the problem? Anybody can generate and append a hash to any message A malicious adversary can easily modify the message and append the recomputed hash value This modification goes undetected at the receiving end 3 How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block? There are 2 56 possible keys and 2 64 possible ciphertext blocks for a particular plaintext block So only about 2 56 64 = 1/256 of the possible ciphertext blocks can be obtained with a DES key 1

4 Alice developed a message authentication code (MAC) based on DES Her algorithm works as follows: For a given input message M, represent M as M = (X1 X2 Xm), where Xi is a 64-bit block and represents concatenation Compute Delta(M) = X1 X2 Xm, where represents bit-wise XOR Then the MAC for M is computed as C K (M) = E K (Delta(M)), where E is DES encryption algorithm and K is the secret key Unfortunately, this scheme is vulnerable Describe an attack against it A possible attack on this scheme could be a word reordering attack A reordering attack is possible because it yields the same hash as the original message An intruder can easily create a message M and compute W = Delta(M) Delta(M ) where Delta(M W ) = Delta(M) 5 Let s assume that someone does triple encryption by using EEE with CBC on the inside Suppose an attacker modifies bit x of ciphertext block n How does this affect the decrypted plaintext? (See Figure 4-16 and related text for triple EDE DES with CBC on the inside But note that the question is about triple EEE DES with CBC on the inside) Triple encryption using EEE with CBC on the inside is three successive CBC encryptions A modification to ciphertext block n propagates to plaintext blocks n through n+3 No other plaintext blocks are affected 6 How do you decrypt the encryption specified in 5232 Mixing In the plaintext? The decryption process proceeds as follows: b n = MD(K AB c n 1 ) b n 1 = MD(K AB c n 2 ) b n i = MD(K AB c n i 1 ) 2

b 2 = MD(K AB c 1 ) b 1 = MD(K AB IV ) p n = c n bn p n 1 = c n 1 bn 1 p 1 = c 1 b1 In short, knowing K AB, c i and IV, b i can be generated Then it is easy to compute p i = c i bi 7 A and B want to establish a secure communication channel between them They do not care about the confidentiality of the messages being transmitted, but they do want to ensure the integrity and authenticity of the messages Answer the following questions by drawing diagrams that show the procedures of sending and receiving messages Assume A and B share a common key K a) How can they achieve their goal only with secret key cryptography? Sender Recipient : M E K (M) b) How can they achieve their goal only with hash function (eg, MD5)? Sender Recipient : {M E K (H(M))} c) Can they get non-repudiation? (2 points) If yes, how? If no, why? No, it is not possible to achieve non-repudiation with the help of just a commonly shared key because a sender can repudiate a previously authenticated message by claiming that the shared secret was somehow compromised It 3

is also possible that the recipient who has a copy of the shared secret key might have forged the signature d) Describe a way A and B can get non-repudiation Explain your assumption and draw a diagram to show the procedure Using digital signatures 8 The DSA algorithm requires a random number each time a digital signature is generated Demonstrate that the DSA algorithm is vulnerable if this random number is used twice If k 1 = k 2, then r 1 = r 2 and s 1 = [k 1 (H(M 1 ) + xr)] mod q and s 2 = [k 1 (H(M 2 ) + xr)] mod q Then k = (s 1 s 2 ) 1 [H(M 1 )H(M 2 )] mod q So the private key x can be obtained from s 1 or s 2 above 9 Manually complete the following operations Explain your reason for each step (a) 1234 16 mod 17 1234 16 mod 17 = 1 since 17 is a prime and gcd(1234, 17) = 1 we can use Fermat theorem (b) 54 51 mod 17 Since 17 is a prime and gcd(54, 17) = 1 and φ(17) = 16 54 51 mod 17 = (54mod17) (51mod16) mod 17 = 3 3 mod 17 = 27 mod 17 = 10 (c) 53 97 mod 51 53 97 mod 51 = (53 mod 51) (97modφ(51)) mod 51 = 2 (97modφ(17)φ(3)) mod 51 = 2 (97mod32) mod 51 = 2 1 mod 51 = 2 (d) gcd (33, 121) gcd (33, 121) = gcd (121, 33) = gcd (33, 22) = gcd (22, 11) = gcd (11, 0) = 11 4

(e) 2 1 mod 17 2 1 mod 17 = 8 mod 17 = 9 using the extended Euclid algorithm, Y 3 = 1 = gcd(2, 17) and Y 2 = 8 = 2 1 mod 17 (f) log 2,5 (4) log 2,5 (4) = 2 since: 2 0 mod 5 = 1 2 1 mod 5 = 2 2 2 mod 5 = 4 2 3 mod 5 = 3 2 4 mod 5 = 1 Another method is to solve for x from 2 x mod 5 4 mod 5 2 2 mod 5 x = 2 10 Consider the polynomial x p 1 = 1 (mod p), where p is a prime number It has at most p - 1 roots (because it is a polynomial of degree p - 1) Show exactly the roots of this polynomial using Fermat Theorem roots of x p 1 = 1 (mod p) = {1, 2, 3,, p-2, p-1} According to Fermat theorem, x p 1 = 1 (mod p) for all x such that gcd (x, p) = 1 and since p is prime, 1 x p 1 are relative primes to p 11 Assume that p is a prime number and a is a positive integer not divisible by p Prove that {a mod p, 2a mod p,, (p-1)a mod p} = {1, 2,, (p-1)} Assume a mod p, 2a mod p,, (p-1)a mod p {1, 2,, (p-1)} Then there exists x and y in {1, 2,, (p-1)} such that x y and xa ya (mod p) ie, xa = ya + kp and can be rewritten as (x-y)a = kp Factoring left side yields p m 1 1 p m k k = kp Then since a is not divisible by p, p is not on the left side which contradicts that p is on the right side So we can prove that {a mod p, 2a mod p,, (p-1)a mod p} = {1, 2,, (p-1)} 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information