CMSC 414 S09 Exam 2 Page 1 of 6 Name:

Similar documents
Total points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator

L13. Reviews. Rocky K. C. Chang, April 10, 2015

AIT 682: Network and Systems Security

Security Handshake Pitfalls

CIS 6930/4930 Computer and Network Security. Final exam review

14. Internet Security (J. Kurose)

CMSC 414 F06 Exam 1 Page 1 of 8 Name:

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Cryptographic Protocols 1

Sirindhorn International Institute of Technology Thammasat University

Network Security Chapter 8

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Spring 2010: CS419 Computer Security

Internet security and privacy

Real-time protocol. Chapter 16: Real-Time Communication Security

EEC-682/782 Computer Networks I

Computer and Network Security CMSC 414 STANDARDS. Kerberos 4 (NS chapter 13)

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

David Wetherall, with some slides from Radia Perlman s security lectures.

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

The Secure Shell (SSH) Protocol

IPSec Transform Set Configuration Mode Commands

Session key establishment protocols

Computer Networks. Wenzhong Li. Nanjing University

Session key establishment protocols

Introduction to IPsec. Charlie Kaufman

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Security: Focus of Control. Authentication

Table of Contents 1 IKE 1-1

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Kurose & Ross, Chapters (5 th ed.)

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Key Agreement Schemes

T Cryptography and Data Security

Sample excerpt. Virtual Private Networks. Contents

IPSec Transform Set Configuration Mode Commands

PROTECTING CONVERSATIONS

Ideal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

VPN Ports and LAN-to-LAN Tunnels

Security and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Security Handshake Pitfalls

Chapter 9: Key Management

Numerics I N D E X. 3DES (Triple Data Encryption Standard), 48

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

(2½ hours) Total Marks: 75

Information Security CS 526

CS 494/594 Computer and Network Security

Outline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

CS Computer Networks 1: Authentication

Cryptographic Checksums

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II

Password. authentication through passwords

EE 418 Network Security and Cryptography Lecture #18

Authentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

Chapter 8 Network Security

Configuration of an IPSec VPN Server on RV130 and RV130W

Transport Level Security

Internet and Intranet Protocols and Applications

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Exercises with solutions, Set 3

Key Establishment and Authentication Protocols EECE 412

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

CIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries

Security: Focus of Control

Information Security & Privacy

Chapter 9. Public Key Cryptography, RSA And Key Management

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Password Authenticated Key Exchange by Juggling

Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena

ENEE 459-C Computer Security. Security protocols

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions

CS 161 Computer Security

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

CIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols

Cryptography and Network Security Chapter 13. Digital Signatures & Authentication Protocols

Transport Layer Security

Secure Internet Communication

Authenticating People and Machines over Insecure Networks

What did we talk about last time? Public key cryptography A little number theory

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Network Security. Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2002.

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Security. Alessandro Margara Slides based on previous work by Matteo Migliavacca and Alessandro Sivieri

CSC 8560 Computer Networks: Network Security

Key management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

EEC-682/782 Computer Networks I

Authentication. Strong Password Protocol. IT352 Network Security Najwa AlGhamdi

Trusted Intermediaries

Transcription:

CMSC 414 S09 Exam 2 Page 1 of 6 Name: Total points: 100. Total time: 115 minutes. 6 problems over 6 pages. No book, notes, or calculator Unless stated otherwise, the following conventions are used: K{X} denotes X encrypted with secret key K (e.g., DES-CBC) Passive attacker: can only eavesdrop. Active attacker: can intercept messages and send messages with another s sender id. Server handles at most one client at a time 1. [10 points] Company xltd has principals X, A 1, A 2,, where X issues certificates for the A i s, and is their trust anchor. Company yltd has principals Y, B 1, B 2,, where Y issues certificates for the B i s, and is their trust anchor. One day, xltd acquires yltd. You are to obtain a new PKI for the new xltd. Parts a and b are independent. a. Modify the old PKIs to obtain a new PKI in which X is the sole trust anchor for all A i 's and B i s; minimize the number of new certificates. Give the certificate chain that A 1 needs to get the public key of B 1 in the new PKI. Give the certificate chain that B 1 needs to get the public key of A 1 in the new PKI. b. Modify the old PKIs to obtain a new PKI in which X is the sole trust anchor for all A i s, and Y be the sole trust anchor for all B i s; minimize the number of new certificates. Give the certificate chain that A 1 needs to get the public key of B 1 in the new PKI. Give the certificate chain that B 1 needs to get the public key of A 1 in the new PKI.

CMSC 414 S09 Exam 2 Page 2 of 6 Name: 2. [20 points] Below, structure of an IP packet means its headers (IP, TCP, etc, up to payload) and the values of addresses, ports, SPIs. a. Applications A and B communicate over TCP over IP as shown, where J and K are intermediate IP routers. Give the structure of an IP packet from A to B at points 1, 2, and 3. app A tcp port x ip addr P 1 ip addr J 2 ip addr K 3 app B tcp port y ip addr Q b. The above configuration is now modified as follows: P and Q operate IPsec-AH with SPI of 11 (for both directions); J and K operate IPsec-AH with SPI of 22. Give the structure of an IP packet from A to B at points 1, 2, and 3.

CMSC 414 S09 Exam 2 Page 3 of 6 Name: 3. [20 points] A (client, has K) B (server, has entry [A, K] ) send [A, B, conn] S B K{R B } generate random R A send [A, B, S B, R A ] // msg1 // msg3 receive msg4 if S A = K{R A } then A authenticated else abort generate random R B send [B, A, R B ] // msg2 receive msg3 if S B = K{R B } then A authenticated else abort S A K{R A } send [B, A, S A ] // msg4 --- exchange data encrypted with session key = function(r A, R B, K) ---- Close session A and B share a high-quality secret key K and periodically establish sessions as shown above. Each part below defines a specific session key function and a question for a kind of attacker. If you answer yes, give the attack, and if you answer no, explain briefly. a. If the session key is R A +R B, can a passive attacker decrypt the data exchanged in a session? b. If the session key is K{R A +R B }, can a passive attacker decrypt the data exchanged in a session? c. If the session key is K{R A +R B }, can an active attacker decrypt the data exchanged in a session? d. If the session key is (K+1){R A +R B }, can an active attacker decrypt the data exchanged in a session?

CMSC 414 S09 Exam 2 Page 4 of 6 Name: 4. [15 points] A (has pw) obtain V from pw generate random a T A g a mod-p send [A, B, V{T A }] // msg1 K A (T B ) a mod-p send[a,b, K A {M}] // msg3 --------- close connection --------- B (has entry A:V) extract T A from V{T A } using V generate random b T B g b mod-p K B (T A ) b mod-p send [B, A, T B ] // msg2 Principal A periodically delivers plaintext information M to principal B using the above protocol, where V is a key obtained from A s password, g and p are public Diffie-Hellman parameters, and M changes across sessions. In each part below, if you answer no, explain briefly; if you answer yes, describe the attack. a. Can a passive attacker capable of off-line dictionary attack obtain M? b. Can an active attacker capable of off-line dictionary attack obtain M?

CMSC 414 S09 Exam 2 Page 5 of 6 Name: 5. [15 points] It is the year 2020, and quantum computing has just made it feasible for the general public to factor large numbers. Your company uses the following protocol, where g and p are Diffie-Hellman parameters, and K 1 and K 2 are explained below. 1 2 3 4 A at tcp port x B at tcp port y ---------- establish tcp connection between x and y ---------- generate random a send [x, y, K 1 {A, B, g, p, g a mod p}] // msg1 generate random b send [y, x, K 2 {B, A, g b mod p}] compute g ab mod p compute g ab mod p send [x, y, hash{g ab mod p }] // msg3 receive msg 3 send [y, x, hash{1, g ab mod p}] ----------------- A and B use g ab mod p to encrypt data ------------------- // msg2 // msg4 a. Suppose K 1 is B s RSA public encryption key, and K 2 is A s RSA public encryption key. a1. Does the protocol hide B s identity against a passive attacker? If yes, explain. If no, show an attack. a2. Does the protocol provide perfect forward secrecy against a passive attacker? If yes, explain. If no, show an attack. b. Repeat part a but now suppose that K 1 is a shared secret key (and hence the same as K 2 ). c. In what situation would the protocol in part b not be practical.

CMSC 414 S09 Exam 2 Page 6 of 6 Name: 6. [20 points] In the following Needham-Schroeder-like protocol, K AB, N 1, N 2, N 3, and N 4 are randomly generated. A (has master key K A ) KDC (has [A, K A ], [B, K B ], ) B (has master key K B ) send [A,KDC, N 1, A to B ] // msg1 tkt AB K B {K AB, A, N 2 } send [KDC,A, K A {N 1, N 2, B, K AB, tkt AB }] // msg2 if (N 1 in msg1) (N 1 in msg2) then abort send [A,B, tkt AB, K AB {N 2, N 3 }] // msg3 receive msg4 if M 3 = N 3 1 then B authenticated else abort M 4 N 4 1 send [A,B, K AB {M 4 }] // msg5 ---------------- A and B use K AB to encrypt data ------------------ receive msg3 if (N 2 in tkt AB ) (N 2 in K AB {N 2,N 3 }) then abort M 3 N 3 1 send [B,A, K AB {M 3, N 4 }] // msg4 receive msg5 if M 4 = N 4 1 then A authenticated else abort a. An attacker can eavesdrop and send messages with sender id A (but not B). The attacker learns A s master key K A after which A changes it. Show how the attacker can have itself authenticated as A to B. b. Modify the protocol to stop the attack in part a. You can add new messages and/or augment existing messages. c. Modify the code executed by B to stop the attack in part a. Do not add new messages or change the existing messages.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback