Winter 2018 CS134: Computer and Network Security Homework 2 Due: 02/26/18, 11:59pm

Size: px

Start display at page:

Download "Winter 2018 CS134: Computer and Network Security Homework 2 Due: 02/26/18, 11:59pm"

Verity Dorsey
5 years ago
Views:

1 Winter 2018 CS134: Computer and Network Security Homework 2 Due: 02/26/18, 11:59pm Full Name: UCI ID Number: Sources: Guidelines: Use any word processor. Write your Name, UCInetID and Student ID on each page. Upload your solutions in PDF to the EEE dropbox. If you prefer to handwrite and scan your answers, you must print this template and write your answers in the designated solution space. No collaboration is allowed. The only people you may consult are the TA-s and the instructor. Looking up, paraphrasing or copying answers from the Internet or other sources is not allowed; doing so is a violation of academic honesty. You must cite any sources you use e.g., reference books, Wikipedia, etc. Warning: any submissions not following the above guidelines will receive a score of zero. P1 P2 P3 P4 P5 P6 Total /20 /20 /20 /20 /20 /20 /120 1

2 Problem 1: Authentication & Identification A company selling trendy overpriced smartphones introduces a brand new security feature, costing only extra $299.99: Lick to Unlock! With it, unlocking your smartphone is trivial it requires a quick lick of the home button. This new feature relies on fast DNA (genome) sequencing that analyzes a saliva sample and determines whether it matches that of the smartphone owner s profile. One major competitor offers another feature called Authaoke, costing only $0.99: it turns a smartphone into a miniature karaoke machine: in order to unlock the smartphone, the user must sing random lyrics displayed on the screen. If the voice-print matches the owner s profile, the smartphone unlocks itself. Compare & contrast these two biometric-based authentication techniques. Consider what it takes to fool or circumvent each. Also, consider usability/acceptability factors. Your answer shouldn t exceed a couple of paragraphs or 1/2 page. 2

3 Problem 2: Diffie-Hellman vs. RSA Alice and Bob want to communicate securely over the Internet. Since public key cryptography is expensive, they want to minimize its use (i.e., only use it to establish a temporary symmetric key) and then use only inexpensive symmetric cryptography. 1. Show how they can agree on a symmetric key using: (a) Diffie-Hellman Key Exchange and (b) RSA (Assume Alice knows Bob s public key) Show all your steps! 2. If Bob s secrets are leaked later, (either his Diffie-Hellman secret or his RSA private key), which method is better: 1(a) or 1(b)? Explain why! Hint: Think about the secrecy of previous communications. Note that public keys are usually long-term, i.e., they are not changed often. 3

4 Problem 3: El Gamal Encryption Alice wants to encrypt two messages using El Gamal: M1 and M2. However, her random number generator only works once and then stops working altogether. Knowing this, she generates a single random number R. Then, she uses R to encrypt the first message, and (R + 1) for the second. The ciphertexts are C1 and C2, respectively. Suppose that Eve knows about the way that Alice s RNG works. Futhermore, she eavesdrops on both C1 and C2; plus, she knows M1 the first plaintext. Show that Eve can efficiently learn the value of M2 as well. Assume that the same public- and private-key pair is used for both encryptions. 4

5 Problem 4: RSA Signatures Alice is playing an augmented reality game on her phone that uses her real-time geolocation to move her avatar on the game map. The app uses Textbook RSA signatures (the scheme presented in Lecture 9) to prove its identity to the game servers. Every time Alice s geolocation changes, the game sends the tuple (l, σ) where l denotes Alice s geolocation and σ = l d mod p. Only the app has access to d. Alice eavesdrops on the connection and sees k tuples sent by the app to the game servers (assume l i s are different): (l 1, σ 1 ),..., (l k, σ k ) Each signature (σ i on l i ) is verified by the game server in the usual way. 1. Can Alice spoof her location (as some place else), without being detected, using these k tuples? If so, explain how and provide a fix for the problem. If not, explain why. 2. Can Alice change the order of the places she was at? If so, explain how and provide a fix. If not, explain why not. 5

6 Problem 5: Access Control A startup, called Intelligent Devices for IoT Systems (IDIoTS) has 200 employees and 20 smart toilets located in several gender-inclusive bathrooms in its building. Employees can use their smartphones to access smart toilets (electronically, that is).to minimize congestion, an employee may have one or more of the following permissions for a given smart toilet: STATUS, FLUSH, LOCK and UN- LOCK. STATUS allows querying the current state (busy/free/broken), FLUSH is self-explanatory, LOCK makes the toilet inaccessible by declaring it to be broken, and UNLOCK is self-explanatory. Which Access Control method is best: (1) Access Control Matrix, (2) Access Control Lists or (3) Capabilities? Explain your reasoning. 6

7 Problem 6: Group Theory 1. Is Z 12 a cyclic group? If it is, show a generator for the group, if not show that no generators exist. 2. What are Φ(120), Φ(57) and Φ(63)? Show your work. 3. Calculate 3 98 mod 11 using the Square and Multiply algorithm. 4. Find the multiplicative inverse of 7 in Z 73. Show your work. 7

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 2 Due: Friday, 10/28/2016 at 11:55pm PT Will be posted on