Security I exercises

Similar documents
CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Cryptographic Concepts

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Secret Key Cryptography

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Lecture 1 Applied Cryptography (Part 1)

Cryptography Functions

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Cryptography and Network Security

Chapter 3 Block Ciphers and the Data Encryption Standard

The Rectangle Attack

Symmetric Encryption. Thierry Sans

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

Cryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security

Summary on Crypto Primitives and Protocols

Network Security Essentials Chapter 2

(2½ hours) Total Marks: 75

OVE EDFORS ELECTRICAL AND INFORMATION TECHNOLOGY

CIS 4360 Secure Computer Systems Symmetric Cryptography

CSE484 Final Study Guide

Cryptography MIS

Content of this part

CSE 127: Computer Security Cryptography. Kirill Levchenko

ECE 646 Lecture 8. Modes of operation of block ciphers

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

Data Encryption Standard (DES)

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Secret Key Algorithms (DES)

Using block ciphers 1

CSC 474/574 Information Systems Security

Symmetric Encryption Algorithms

Computer Security: Principles and Practice

Geldy : A New Modification of Block Cipher

Unit 8 Review. Secure your network! CS144, Stanford University

7. Symmetric encryption. symmetric cryptography 1

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Lecture 4: Symmetric Key Encryption

CPSC 467b: Cryptography and Computer Security

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Conventional Encryption: Modern Technologies

Winter 2011 Josh Benaloh Brian LaMacchia

Block Cipher Operation. CS 6313 Fall ASU

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

APNIC elearning: Cryptography Basics

Computer Security CS 526

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

IDEA, RC5. Modes of operation of block ciphers

Network Security Essentials

Double-DES, Triple-DES & Modes of Operation

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Cryptanalysis. Ed Crowley

Practical Aspects of Modern Cryptography

P2_L6 Symmetric Encryption Page 1

Cryptography ThreeB. Ed Crowley. Fall 08

CSC 474/574 Information Systems Security

Solutions to exam in Cryptography December 17, 2013

Some Aspects of Block Ciphers

Secret Key Cryptography (Spring 2004)

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Security. Communication security. System Security

Introduction to Symmetric Cryptography

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

CSC 774 Network Security

Cryptography (cont.)

Access Control. Tom Chothia Computer Security, Lecture 5

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

Cryptography [Symmetric Encryption]

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Lecture 3: Symmetric Key Encryption

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

ECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:

More on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017

CSCE 548 Building Secure Software Symmetric Cryptography

Jordan University of Science and Technology

Stream Ciphers. Stream Ciphers 1

ENEE 457: Computer Systems Security 09/12/16. Lecture 4 Symmetric Key Encryption II: Security Definitions and Practical Constructions

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

SecureDoc Disk Encryption Cryptographic Engine

Computers and Security

10EC832: NETWORK SECURITY

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

Modern Symmetric Block cipher

SMart esolutions Information Security

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

CSCE 715: Network Systems Security

Information Security CS526

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Transcription:

Security I exercises Markus Kuhn Lent 2013 Part IB 1 Cryptography 1.1 Some mathematical prerequisites 1.2 Historic ciphers Exercise 1 Decipher the shift cipher text LUXDZNUAMNDODJUDTUZDGYQDLUXDGOJDCKDTKKJDOZ Exercise 2 How can you break any transposition cipher with log a n chosen plaintexts, if a is the size of the alphabet and n is the permutation block length? 1.3 Unconditional security Exercise 3 Show that the shift cipher provides unconditional security if K Z 26 : p(k) = 26 1 for plaintexts P Z 26. 1.4 Block ciphers Exercise 4 How can you distinguish a Feistel cipher from a random function if it has only (a) one round, (b) two rounds? Exercise 5 If the round function f in a Feistel construction is a pseudo-random function, how many rounds n are at least necessary to build a pseudo-random permutation? What test can you apply to distinguish a Feistel structure with n 1 rounds (with high probability) from a random permutation? Exercise 6 Using a given pseudo-random function F : {0, 1} 100 {0, 1} 100, construct a pseudo-random permutation P : {0, 1} 300 {0, 1} 300 by extending the Feistel principle appropriately. Exercise 7 What happens to the ciphertext block if all bits in both the key and plaintext block of DES are inverted? Exercise 8 Given a hardware implementation of the DES encryption function, what has to be modified to make it decrypt? 1

1.5 Modes of operation Exercise 9 Explain for each of the discussed modes of operation (ECB, CBC, CFB, OFB, CTR) of a block cipher how decryption works. Exercise 10 A sequence of plaintext blocks P 1,..., P 8 is encrypted using DES into a sequence of ciphertext blocks. Where an IV is used, it is numbered C 0. A transmission error occurs and one bit in ciphertext block C 3 changes its value. As a consequence, the receiver obtains after decryption a corrupted plaintext block sequence P 1,..., P 8. For the discussed modes of operation (ECB, CBC, CFB, OFB, CTR), how many bits do you expect to be wrong in each block P i? Exercise 11 Your opponent has invented a new stream cipher mode of operation for DES. He thinks that OFB could be improved by feeding back into the key port rather than the data port of the DES chip. He therefore sets R 0 = K and generates the key stream by R i+1 = E Ri (R 0 ). Is this better or worse than OFB? Exercise 12 A programmer wants to use CBC in order to protect both the integrity and confidentiality of network packets. She attaches a block of zero bits P n+1 to the end of the plaintext as redundancy, then encrypts with CBC. At the receiving end, she verifies that the added redundant bits are after CBC decryption still all zero. Does this test ensure the integrity of the transferred message? 1.6 Secure hash functions Exercise 13 Explain the collision resistance requirement for the hash function used in a digital signature scheme. Exercise 14 Show how the DES block cipher can be used to build a 64-bit hash function. Is the result collision resistant? 1.7 Applications of secure hash functions 1.8 Secret sharing 1.9 Public-key cryptography Exercise 15 Popular HTTPS browsers come with a number of default high-level certificates that are installed automatically on client machines. As a result, most certificate chains used on the Web originate near the top of a CA tree. Discuss the advantages and disadvantages of this top-down approach for the different parties involved compared to starting with bottom-up certificates from your local system administrator or network provider. 2

1.10 Software tools Exercise 16 Generate a key pair with PGP or GnuPG and exchange certificates with your supervisor. Sign and encrypt your answers to all exercises. Explain the purpose of the PGP fingerprint and the reason for its length. 2 Entity authentication 2.1 Passwords Exercise 17 Users often mix up user-id and password at login prompts. How should the designer of a login function take this into consideration? Exercise 18 The runtime of the usual algorithm for comparing two strings is proportional to the length of the identical prefix of the inputs. How and under which conditions might this help an attacker to guess a password? 2.2 Protocols Exercise 19 (a) Describe a cryptographic protocol for a prepaid telephone chip card that uses a secure 64-bit hash function H implemented in the card. In this scheme, the public telephone needs to verify not only that the card is one of the genuine cards issued by the phone company, but also that its value counter V has been decremented by the cost C of the phone call. Assume both the card and the phone know in advance a shared secret K. (b) Explain the disadvantage of using the same secret key K in all issued phone cards and suggest a way around this. Exercise 20 Read Gus Simmons: Cryptanalysis and protocol failures, Communications of the ACM, Vol 37, No 11, Nov. 1994, pp 56 67. http://doi.acm.org/10.1145/188280.188298 and describe the purpose and vulnerability of the Tatebayashi-Matsuzaki-Newman protocol. 3 Access control 3.1 Discretionary access control Exercise 21 Which Unix command finds all installed setuid root programs? Exercise 22 Which of the Unix commands that you know or use are setuid root, and why? 3

Exercise 23 What Unix mechanisms could be used to implement capability based access control for files? What is still missing? 3.2 Mandatory access control Exercise 24 If a multilevel security OS has to run real-time applications and provides freely selectable scheduling priorities at all levels, how does that affect security? Exercise 25 How can you implement a Clark-Wilson policy under Unix? Exercise 26 How can you implement a Clark-Wilson policy under WinNT? Exercise 27 How can the GNU Revision Control System (RCS) be set up to enforce a Clark/Wilson-style access control policy? (Hint: man ci) 4 Operating-system security Exercise 28 Read Ken Thompson: Reflections on Trusting Trust, Communications of the ACM, Vol 27, No 8, August 1984, pp 761 763 http://doi.acm.org/10.1145/358198.358210 and explain how even a careful inspection of all source code within the TCB might miss carefully planted backdoors. Exercise 29 You are a technician working for the intelligence agency of Amoria. Your employer is extremely curious about what goes on in a particular ministry of Bumaria. This ministry has ordered networked computers from an Amorian supplier and you will be given access to the shipment before it reaches the customer. What modifications could you perform on the hardware to help with later break-in attempts, knowing that the Bumarian government only uses software from sources over which you have no control? Exercise 30 The Bumarian government is forced to buy Amorian computers as its national hardware industry is far from competitive. However, there are strong suspicions that the Amorian intelligence agencies regularly modify hardware shipments to help in their espionage efforts. Bumaria has no lack of software skills and the government uses its own operating system. Suggest to the Bumarians some operating system techniques that can reduce the information security risks of potential malicious hardware modifications. Exercise 31 Read in the Common Criteria Controlled Access Protection Profile the Security Environment section. Was this profile designed to evaluate whether a system is secure enough to be connected to the Internet? http://www.commoncriteriaportal.org/files/ppfiles/capp.pdf 4

5 Software security Exercise 32 Suggest a mandatory access control policy against viruses. Exercise 33 How can you arrange that an attacker who has gained full access over a networked machine cannot modify its audit trail unnoticed? 5.1 Common vulnerabilities Exercise 34 The log file of your HTTP server shows odd requests such as GET /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\ GET /scripts/..%u002f..%u002fwinnt/system32/cmd.exe?/c+dir+c:\ GET /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c:\ Explain the attacker s exact flaw hypothesis and what these penetration attempts try to exploit. (Is there a connection with the floor tile pattern outside the lecture theatre?) 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback