Test 2 Review Name Student ID number Notation: {X} Bob Apply Bob s public key to X [Y ] Bob Apply Bob s private key to Y E(P, K) Encrypt P with symmetric key K D(C, K) Decrypt C with symmetric key K h(x) Apply the cryptographic hash function h to x Directions: Read each problem carefully and provide complete but concise answers. Note that when analyzing protocols, we assume that the cryptography is secure. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks. (a) Give one significant advantage of a timestamp over a nonce. (b) Give one significant advantage of a nonce over a timestamp. 2. (10 points) Consider passwords that are stored in a file. (a) What is a salt? (b) How and why is a salt used when hashing passwords?
3. (10 points) (a) Methods used to prevent covert channels are inherently weak. Is it better to use such weak methods or to do nothing at all? (b) Methods used for inference control are inherently weak. Is it better to use such weak methods or to do nothing at all? (c) Suppose that the only cryptosystem you have access to is known to be weak. Is it better to use this weak system to encrypt your data or to do nothing at all? 4. (10 points) In term of Lampson s access control matrix (a) What are capabilities (C-lists)? (b) What are access control lists (ACLs)? 5. (10 points) This problem deals with biometrics. (a) What are the most significant differences between the authentication problem and the identification problem? (b) Which is the easier problem, authentication or identification? Why?
6. (10 points) Suppose that passwords are stored as follows, where there are 128 possible choices for each character: If a password exceeds 16 characters, it is truncated to 16 characters. If a password is less than 16 characters, it is padded with A until it is exactly 16 characters. The resulting 16-character password is split into two parts, X 0 and X 1, where X 0 consists of the first 6 characters and X 1 consists of the last 10 characters. Then we compute and store Y 0 = h(x 0 ) and Y 1 = h(x 1 ), which are used for password verification. (a) What is the expected work for an exhaustive search to recover one specific password? (b) How would you attack a password in a way that would, in general, provide a significant shortcut as compared to an exhaustive search or a standard dictionary attack? 7. (10 points) Conceptually, at which layer of the protocol stack does each of the following types of firewalls operate? (a) Packet filter (b) Stateful packet filter (c) Application proxy
8. (10 points) Consider the following 2-message protocol, which is based on public key cryptography. Alice Message 1 [T + 1] Bob Bob For each part below, answer the following questions: Is the protocol practical, given that Bob is a server who must deal with many clients? Who is securely authenticated and who is not? Is the session key K secure? (a) Message 1: {[T, K] Alice } Bob (b) Message 1: { Alice, [T, K] Alice } Bob (c) Message 1: Alice, {[T, K] Alice } Bob (d) Message 1: T, Alice, {[K] Alice } Bob (e) Message 1: Alice, {[T ] Alice } Bob and let K = h(t )
9. (10 points) Consider the following 3-message protocol, based on the shared symmetric key K AB. Message 1 Alice Message 2 Bob R B For each part below, answer the following questions: Is the protocol practical, given that Bob is a server who must deal with many clients? Who is securely authenticated and who is not? Is the session key K secure? (a) Message 1: E( Alice, K, R A, K AB ) Message 2: R A, E(R B, K AB ) (b) Message 1: Alice, E(K, R A, K AB ) Message 2: R A, E(R B, K) (c) Message 1: Alice, E(K, R A, K AB ) Message 2: R A, E(R B, K AB ) (d) Message 1: Alice, E(K, R A, K) Message 2: R A, E(R B, K AB ) (e) Message 1: Alice, R A Message 2: E(K, R A, R B, K AB )
10. (10 points) The Fiat-Shamir zero knowledge protocol is illustrated below. x = r 2 mod N Alice e {0, 1} Bob y = r S e mod N Suppose that N = 55 and v = 34. (a) In the first iteration of the protocol, Alice sends x = 4 in message one, Bob sends e = 1 in message two and Alice sends y = 24 in message three. Does Bob accept this iteration of the protocol? Show your work. (b) In the second iteration of the protocol, Alice sends x = 4, Bob sends e = 0, and Alice sends y = 13. Find S. Hint: 13 1 mod 55 = 17. Extra Credit: TBD