Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Similar documents
CIS 4360 Secure Computer Systems Symmetric Cryptography

ENEE 457: Computer Systems Security 09/12/16. Lecture 4 Symmetric Key Encryption II: Security Definitions and Practical Constructions

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Feedback Week 4 - Problem Set

Lecture 3: Symmetric Key Encryption

Lecture 1 Applied Cryptography (Part 1)

Winter 2011 Josh Benaloh Brian LaMacchia

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Lecture 4: Symmetric Key Encryption

Computer Security CS 526

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Introduction to Cryptography. Lecture 6

CPSC 467b: Cryptography and Computer Security

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

SOLUTIONS FOR HOMEWORK # 1 ANSWERS TO QUESTIONS

Using block ciphers 1

Block Cipher Operation. CS 6313 Fall ASU

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

Chapter 3 Block Ciphers and the Data Encryption Standard

1 Achieving IND-CPA security

Homework 2: Symmetric Crypto Due at 11:59PM on Monday Feb 23, 2015 as a PDF via websubmit.

EE 595 (PMP) Introduction to Security and Privacy Homework 1 Solutions

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Secret Key Cryptography (Spring 2004)

Cryptography [Symmetric Encryption]

CS 161 Computer Security

7. Symmetric encryption. symmetric cryptography 1

Lecture Note 05 Date:

Jordan University of Science and Technology

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

CSC 474/574 Information Systems Security

Modes of Operation. Raj Jain. Washington University in St. Louis

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Some Aspects of Block Ciphers

CPSC 467b: Cryptography and Computer Security

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Computational Security, Stream and Block Cipher Functions

Elastic Block Ciphers: Method, Security and Instantiations

Content of this part

The Rectangle Attack

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

Stream Ciphers An Overview

Cryptography Functions

Chapter 6 Contemporary Symmetric Ciphers

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

P2_L6 Symmetric Encryption Page 1

CSCE 813 Internet Security Symmetric Cryptography

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Message Authentication Codes and Cryptographic Hash Functions

CPSC 467: Cryptography and Computer Security

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Computer Security 3/23/18

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Study and Analysis of Symmetric Key-Cryptograph DES, Data Encryption Standard

ENEE 459-C Computer Security. Message authentication

Information Security CS526

Differential Cryptanalysis

Network Security Essentials Chapter 2

Secret Key Cryptography

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Course Business. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Allowed to bring one index card (double sided) Location: Right here

Data Integrity. Modified by: Dr. Ramzi Saifan

CS 495 Cryptography Lecture 6

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

symmetric cryptography s642 computer security adam everspaugh

Modern Symmetric Block cipher

Symmetric Primitives. (block ciphers, stream ciphers, hash functions, keyed hash functions and (pseudo)random number generators)

Double-DES, Triple-DES & Modes of Operation

Cryptography MIS

Cryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1

Homework 1 CS161 Computer Security, Spring 2008 Assigned 2/4/08 Due 2/13/08

Symmetric Encryption Algorithms

Hash Function. Guido Bertoni Luca Breveglieri. Fundations of Cryptography - hash function pp. 1 / 18

Solutions to exam in Cryptography December 17, 2013

Lecture 1: Course Introduction

Chapter 6: Contemporary Symmetric Ciphers

Data Encryption Standard (DES)

Network Security Essentials

CSCE 548 Building Secure Software Symmetric Cryptography

Introduction to Modern Symmetric-Key Ciphers

Summary on Crypto Primitives and Protocols

Some Stuff About Crypto

CSE 127: Computer Security Cryptography. Kirill Levchenko

Data Integrity & Authentication. Message Authentication Codes (MACs)

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Cryptography 2017 Lecture 3

Symmetric Cryptography

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Block Cipher Modes of Operation

symmetric cryptography s642 computer security adam everspaugh

Computer Security: Principles and Practice

Syrvey on block ciphers

CS 161 Computer Security

Jaap van Ginkel Security of Systems and Networks

Applied Cryptography Data Encryption Standard

Goals of Modern Cryptography

CSC574: Computer & Network Security

Transcription:

UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING ENEE 457 Computer Systems Security Instructor: Charalampos Papamanthou Homework 2 Out: 09/23/16 Due: 09/30/16 11:59pm Instructions 1. Strictly adhere to the University of Maryland Code of Academic Integrity. 2. Submit your solutions as a pdf document at Canvas. Include your full name in the solutions document. Name the solutions document as x-hw2.pdf, where x is your last name. Problem 1 (20 points) Let E k ( ) and D k ( ) be the encryption and decryption algorithms of a symmetric key cryptosystem with l-bit keys and n-bit plaintexts and ciphertexts. We derive another symmetric key cryptosystem with a 2l-bit key by applying twice E k ( ) and D k ( ): E (k 1,k 2 ) (M) = E k 2 (E k1 (M)) D (k 1,k 2 ) (C) = D k 1 (D k2 (C)). Consider an adversary who wants to perform a brute-force attack on the above cryptosystem to recover keys k 1 and k 2 but knows only a single valid pair of plaintext M and ciphertext C. 1. Suppose that the adversary has only O(n) bits of space. Describe the attack in pseudocode and estimate the number of encryption and decryption operations performed in addition to the overall runtime of the algorithm. 2. Suppose now that the adversary has O(n 2 l ) bits of space. Describe, again in pseudocode, a more efficient way to perform the attack and estimate the number of encryption and decryption operations performed and the overall runtime. 3. In response to increases in computational power, the Data Encryption Standard (DES) was extended to support longer keys without designing a new algorithm. This was accomplished by developing Triple DES (3DES), which encrypts the plaintext three times with three different keys, with decryption applying the same keys in reverse order (the same as previously described scheme, but with one more key). Given again O(n 2 l ) bits of space, describe how to modify the attack of (2) to break 3DES. Again, estimate the number of decryption and encryption operations performed along with the overall runtime. All answers estimating the number of cryptographic operations should be in big-o notation in terms of n and l, and all answers should have at least a short justification.

2 Problem 2 (20 points) 1. Describe how Merkle-Damgard construction works. 2. Suppose that you can find two different large files (e.g., movies) f 1 and f 2 for which the Merkle-Damgard construction outputs the same hash. Show that this implies that you can also find a collision in the small hash function h(.) that is used at each step of the Merkle- Damgard computation. You should consider two cases, one where the files are of the same size and one when the files are not the same size. Problem 3 (20 points) 1. Two of the security properties of cryptographic hash functions are collision resistance and second-preimage resistance. A hash function is collision resistant if it is hard to find two inputs m 1, m 2 that hash to the same output. A hash function is second pre-image resistant if for a given input m 1, it is difficult to find a second different input m 2 that hash to the same output as m 1. Prove that collision resistance implies second pre-image resistance. 2. State the security property of a message authentication code (MAC) that we mentioned in class. 3. Let f k (m) be a secure message authentication code, i.e., it satisfies the previous definition (k is the secret key). Consider the following MAC that is based on f k (.) and is consisted of n bits. On input a message a b with a = b = n 1 and key k {0, 1} n, the MAC is computed as f k (0 a) f k (1 b), where denotes concatenation. Is the new MAC secure? If yes, prove it. If not, give an attack. How about the MAC f k (0 a) f k (f k (1 b))? Again, either prove security or give an attack. Problem 4 (20 points) Let F be a pseudorandom permutation (PRP). Show that each of the following message authentication codes is insecure. (In each case the shared key is a random k {0, 1} n ) 1. To authenticate a message m = m 1 m 2 m l, where m i {0, 1} n, compute t := F k (m 1 ) F k (m l ). 2. To authenticate a message m = m 1 m 2 m l, where m i {0, 1} n, choose r {0, 1} n at random, compute t := F k (m 1 ) F k (m l ), and send r, t. 3. To authenticate a message m = m 1 m 2 m l, where m i {0, 1} n/2, choose r {0, 1} n at random, compute t := F k (r) F k ( 1 m 1 ) F k ( l m l ), (where i is the n/2-bit encoding of the integer i), and send r, t. Problem 5 (20 points) DES algorithm is a cryptographic scheme that is used for symmetric encryption (besides AES). The output of a single round of the DES algorithm with input (L i, R i ) (where L i and R i are 32-bit blocks) is given by the Feistel Network L i+1 = R i

3 R i+1 = L i f ki (R i ), where k i is the 48-bit round key. Recall also that the output of the round function f ki (.) is computed with the S-boxes, that map a 48-bit string (which equals k i e i where e i is the expansion of R i into 48 bits) to a 32-bit string. 1. Why does DES use eight S-boxes, each mapping 6 bits to 4 bits, and not a single S-box that directly maps 48 bits to 32 bits? How many bits would be required to store such an S-box? 2. Devise an algorithm that breaks a single-round DES and retrieves the round key k 1. Assume you are given one pair of valid input/output (i.e., L 1, R 1 and L 2, R 2 ). How many operations does the algorithm require? 3. Devise an algorithm that breaks a double-round DES when you are given one pair of valid input/output (i.e., L 1, R 1 and L 3, R 3 ). Can this attack be extended to a triple-round DES (in this case you are given L 1, R 1 and L 4, R 4 )? Justify your answer. 4. In class we talked about different modes of block cipher encryption. Below are diagrams detailing ECB, CBC, CFB, and OFB modes of operation. For each mode of operation, explain what happens, in terms of which plaintext block(s) or plaintext bit(s) get corrupted, when you flip a single bit in the ciphertext and then try to decrypt it using the same mode. Hint: In all these mode of operations there are either whole affected plaintext blocks or affected plaintext bits (not the whole block). In order to investigate the different modes, it is better if you present in detail the decryption formula for a plaintext block m i. In addition, notice that XOR operation is bitwise. (a) ECB mode:

4 (b) CBC mode: (c) CFB mode:

5 (d) OFB mode:

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback