CSC474/574 - Information Systems Security: Homework1 Solutions Sketch



Similar documents
Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

CSCE 465 Computer & Network Security

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Digital Signature. Raj Jain. Washington University in St. Louis

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Overview of Public-Key Cryptography

CS 758: Cryptography / Network Security

Client Server Registration Protocol

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. HIT Shimrit Tzur-David

Message Authentication Codes. Lecture Outline

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Computer Security: Principles and Practice

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

RSA Attacks. By Abdulaziz Alrasheed and Fatima

Elements of Applied Cryptography Public key encryption

Introduction to Cryptography CS 355

Cryptography: Authentication, Blind Signatures, and Digital Cash

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

1 Message Authentication

Notes on Network Security Prof. Hemant K. Soni

Advanced Cryptography

Public Key Cryptography: RSA and Lots of Number Theory

Introduction to Computer Security

Network Security Technology Network Management

Authentication requirement Authentication function MAC Hash function Security of

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

Practice Questions. CS161 Computer Security, Fall 2008


Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Message Authentication Codes

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

SECURITY IN NETWORKS

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Chapter 7: Network security

CRYPTOGRAPHY IN NETWORK SECURITY

Principles of Network Security

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Message Authentication Code

Public Key Cryptography Overview

EXAM questions for the course TTM Information Security May Part 1

Cryptography and Network Security Chapter 9

Lecture 9 - Message Authentication Codes

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

The application of prime numbers to RSA encryption

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

RSA and Primality Testing

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

MACs Message authentication and integrity. Table of contents

CS Computer Security Third topic: Crypto Support Sys

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Public Key Cryptography and RSA. Review: Number Theory Basics

Authentication, digital signatures, PRNG

Application Layer (1)

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Schnorr Signcryption. Combining public key encryption with Schnorr digital signature. Laura Savu, University of Bucharest, Romania

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Cryptographic Hash Functions Message Authentication Digital Signatures

Information Security

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Public Key (asymmetric) Cryptography

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Compter Networks Chapter 9: Network Security

Authenticated encryption

Module: Applied Cryptography. Professor Patrick McDaniel Fall CSE543 - Introduction to Computer and Network Security

Security Sensor Network. Biswajit panja

Cryptography and Network Security

Overview of Symmetric Encryption

Content Teaching Academy at James Madison University

The Misuse of RC4 in Microsoft Word and Excel

SFWR ENG 4C03 - Computer Networks & Computer Security

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis

Cryptography and Network Security Digital Signature

1 Signatures vs. MACs

Digital signatures. Informal properties

Cryptography Exercises

A Proposal for Authenticated Key Recovery System 1

SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Digital Signatures. Prof. Zeph Grunschlag

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Lecture 3: One-Way Encryption, RSA Example

Cryptography Lecture 8. Digital signatures, hash functions

CIS 5371 Cryptography. 8. Encryption --

EXAM questions for the course TTM Information Security June Part 1

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Cryptography and Network Security Chapter 12

7! Cryptographic Techniques! A Brief Introduction

The Electronic Postcard. By Daniel Herren

Transcription:

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher is the same as the input of the corresponding encryption process. That is, (L 2, R 2 ) = (L 0, R 0 ). Ans. R 0 = L 1 = R 2 = R 0 = L 1 = R 2 L 2 = R 1 = L 0 (R 0, K 1 ) = L 2 (R 2, K 1 ) = R 1 (R 0, K 1 ) = L 0 2. Random J. Protocol-esigner has been told to design a scheme to prevent messages from being modified by an intruder. Random J. decides to append to each message a hash of that message. Why doesn t this solve the problem? Ans. Anybody can generate and append a hash to any message. A malicious adversary can easily modify the message and append the recomputed hash value. This modification goes undetected at the receiving end. 3. How many S keys, on the average, encrypt a particular plaintext block to a particular ciphertext block? Ans. There are 2 56 possible keys and 2 64 possible ciphertext blocks for a particular plaintext block. So only about 2 56 64 = 1/256 of the possible ciphertext blocks can be obtained with a S key. 4. Alice developed a message authentication code (MAC) based on S. Her algorithm works as follows: For a given input message M, represent M as M = (X 1 X 2... X m ), where X i is a 64-bit block and represents concatenation. Compute elta(m) = X 1 X 2... X m, where represents bit-wise XOR. Then the MAC for M is computed as C K (M) = K (elta(m)), where is S encryption algorithm and 1

K is the secret key. Unfortunately, this scheme is vulnerable. escribe an attack against it. Ans. A possible attack on this scheme could be a word reordering attack. A reordering attack is possible because it yields the same hash as the original message. An intruder can easily create a message M and compute W = elta(m) elta(m ) where elta(m W) = elta(m). 5. Let s assume that someone does triple encryption by using with CBC on the inside. Suppose an attacker modifies bit x of ciphertext block n. How does this affect the decrypted plaintext? (See Figure 4-16 and related text for triple S with CBC on the inside. But note that the question is about triple S with CBC on the inside) Ans. Triple encryption using with CBC on the inside is three successive CBC encryptions: ecryption is the inverse operation: m 1 m 2 m 3 m 4 m 5 m 6 IV encrypt with secret key K 1 encrypt with secret key K 2 encrypt with secret key K 3 c 1 c 2 c 3 c 4 c 5 c 6 2

m 1 m 2 m 3 m 4 m 5 m 6 IV decrypt with secret key K 1 decrypt with secret key K 2 decrypt with secret key K 3 c 1 c 2 c 3 c 4 c 5 c 6 From this it can be seen that a modification to ciphertext block n propagates to plaintext blocks n through n + 3. No other plaintext blocks are affected. 6. How do you decrypt the encryption specified in 5.2.3.2 Mixing In the plaintext? Ans. The decryption process proceeds as follows: b n = M(K AB c n 1) b n 1 = M(K AB c n 2 )... b n i = M(K AB c n i 1 )... b 2 = M(K AB c 1 ) b 1 = M(K AB IV ) p n = c n b n p n 1 = c n 1 b n 1... p 1 = c 1 b 1 In short, knowing KAB, c i and IV, b i can be generated. Then it is 3

easy to compute p i = c i b i 7. A and B want to establish a secure communication channel between them. They do not care about the confidentiality of the messages being transmitted, but they do want to ensure the integrity and authenticity of the messages. Answer the following questions by drawing diagrams that show the procedures of sending and receiving messages. Assume A and B share a common key K. (a) How can they achieve their goal only with secret key cryptography? Ans. Sender Recipient : M K (M) (b) How can they achieve their goal only with hash function (e.g., M5)? Ans. Sender Recipient : {M K (H(M))} (c) Can they get non-repudiation? (2 points) If yes, how? If no, why? Ans. No, it is not possible to achieve non-repudiation with the help of just a commonly shared key because a sender can repudiate a previously authenticated message by claiming that the shared secret was somehow compromised. It is also possible that the recipient who has a copy of the shared secret key might have forged the signature. (d) escribe a way A and B can get non-repudiation. xplain your assumption and draw a diagram to show the procedure. Ans. Using digital signatures 8. The SA algorithm requires a random number each time a digital signature is generated. emonstrate that the SA algorithm is vulnerable if this random number is used twice. Ans. If k 1 = k 2, then r 1 = r 2 and s 1 = [k 1 (H(M 1 )+xr)] mod q and s2 = [k 1 (H(M 2 )+xr)] mod q. Then k = (s1 s2) 1 [H(M 1 )H(M 2 )] mod q. So the private key x can be obtained from s 1 or s 2 above. 9. Manually complete the following operations. xplain your reason for each step. (a) 1234 16 mod 17 1234 16 mod 17 = 1 4

since 17 is a prime and gcd(1234, 17) = 1 we can use Fermat theorem. (b) 54 51 mod 17 54 51 mod 17 = (54 mod 17) (51 mod 16) mod 17 = 3 3 mod 17 = 10 since 17 is a prime and gcd(54, 17) = 1 and φ(17) = 16 (c) 53 97 mod 51 (d) gcd(33, 121) 53 97 mod 51 = (53 mod 51) (97 mod φ(51)) mod 51 = 2 (97mod(17)φ(3)) mod 51 = 2 (97 mod 32) mod 51 = 2 1 mod 51 = 2 gcd(33, 121) = gcd(121, 33) = gcd(33, 22) = gcd(22, 11) (e) 2 1 mod 17 = gcd(11, 0) = 11 2 1 mod 17 = 8 mod 17 = 9 using the extended uclid algorithm, Y 3 = 1 = gcd(2, 17) and Y 2 = 8 = 2 1 mod 17 (f) log 2,5 (4) since: log 2,5 (4) = 2 2 0 mod 5 = 1 2 1 mod 5 = 2 2 2 mod 5 = 4 2 3 mod 5 = 3 2 4 mod 5 = 1 Another method is to solve for x from 2 x mod 5 4 mod 5 22 mod 5 x = 2 5

10. Consider the polynomial x p 1 = 1( mod p), where p is a prime number. It has at most p 1 roots (because it is a polynomial of degree p 1). Show exactly the roots of this polynomial using Fermat Theorem. Ans. Roots of x p 1 = 1( mod p) = {1, 2, 3,..., p 2, p 1}. According to Fermat theorem, x p 1 = 1( mod p) for all x such that gcd(x, p) = 1, and since p is prime, 1 x p 1 are relative primes to p. 11. Assume that p is a prime number and a is a positive integer not divisible by p. Prove that {a mod p, 2a mod p,...,(p 1)a mod p} = {1, 2,...,(p 1)}. Ans. Assume {a mod p, 2a mod p,...,(p 1)a mod p} {1, 2,...,(p 1)}. Then there exists x and y in {1, 2,...,(p 1)} such that x y and xa ya( mod p). i.e., xa = ya + kp and can be rewritten as (x y)a = kp. Factoring left side yields p m 1 1...pm k k = kp Then since a is not divisible by p, p is not on the left side which contradicts that p is on the right side. So we can prove that {a mod p, 2a mod p,...,(p 1)a mod p} = {1, 2,...,(p 1)}. 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information