Chris Chambers
                                                                              4/17/2010

ECE 399H Informati...
Chris Chambers
                                                                          4/17/2010


      SKD_V(D). This ...
Chris Chambers
                                                                            4/17/2010

       o   if X=Y th...
Chris Chambers
                                                                     4/17/2010



o   In Step (1), A sends ...
Upcoming SlideShare
Loading in …5
×

chambers2.doc

542 views
382 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
542
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

chambers2.doc

  1. 1. Chris Chambers 4/17/2010 ECE 399H Information Security & Cryptography Oregon State University Fall 2004 - Instructor: Dr. Cetin K. Koc Homework # 2 - Due: Friday, December 3 1. Consider the following: o Let P be a datablock of arbitrary length. o Let SKE_K(.) and SKD_K(.) represent the secret-key encryption and decryption operations of a secret-key cryptosystem (e.g., DES), where K is the key. o Let PKE_U(.) and PKD_V(.) represent the public-key encryption and decryption operations of a public-key cryptosystem (e.g., RSA), where U is the public key and V is the private key of the user. o Let X and Y be the public and private of the company president. o Let A||B represent the concatenation of two data blocks A and B. Answer the following: o Explain in plain english what the following operations are and give the terminology we use to describe these operations: o C := SKE_K(P) This operation is encrypting the datablock P with the secret key encryption method. This encryption will be stored in C o destroy P This operation is destroying the datablock P. o D := PKE_U(K) This operation is encrypting the key of the secret key encryption method, it does this by using the public key encryption method. The key that is used is the public key of the user. o E := PKE_X(K) This operation is encrypting the key of the secret key encryption method. It is encrypted using the public key encryption method and the key that it uses is the public key of the company president. o destroy K next we destroy K, since it is encrypted and we don’t want anyone else to know about it. o F := C||D||E Then we concatenate all of the encryptions together in one datablock(F) o Show how to obtain P from F with the knowledge of V. If we know V then this is the private key of the User. We can then do
  2. 2. Chris Chambers 4/17/2010 SKD_V(D). This will give us the key, K, that will allow us to decrypt the datablock C. We can then do SKD_K(C) and the result will be P. The K is the key that we just decrypted. o Show how to obtain P from F with the knowledge of Y. If we know Y then this is the private key of the company president. We can then do: SKD_Y(D). This will give us the key, K, that will allow us to decrypt the datablock C. We can then do SKD_K(C) and the result will be P. The K is the key that we just decrypted. o How can we obtain P from F if we lose V? If we lose V then we can always go to the company president to get Y. This will allow us to decrypt C using Y and so we will get P. o How can we obtain P from F if we lose Y? If we lose Y then we can always go to the company president to get V. This will allow us to decrypt C using V and so we will get P. o How can we obtain P from F if we lose both V and Y? If we lose both V and Y then we will not be able to get P. This is because we will not have any key that can be used in one of the decyption methods. Without V and Y we won’t be able to get K, and so we will not be able to get P. 2. Explain what is wrong with the following login protocol: o user knows password P o user knows Hash function H(.) and has a mobile calculator o user gives login name N to machine o machine generates random number R o machine gives R to user o user computes X := Hash(P) + Hash(R) o user gives X to machine o machine uses N to obtain P from password table o machine computes Y := Hash(P) + Hash(R)
  3. 3. Chris Chambers 4/17/2010 o if X=Y then machine allows login Hint: What does an attacker who listens the line learn? What can he do with it the next time? A person listening to the line would be able to learn: The login name, the random number and also X. One thing that is wrong with this is that if the same random number is generated for this login name, then an attacker could just send X and get in. So the attacker could submit over and over until the same random number was generated, then send X, and they would be able to “break in” Another thing that could go wrong is that if the attacker knew the Hash function and that a bitwise XOR was performed then they could get the password P Notation: + is bitwise XOR and Hash(x) means the hash of x. 3. Consider the decentralized key distribution method as given in this figure. Assume that there are 10 computers in the network. o How many master keys must each computer have? A computer would need to have nine master keys. One for every other computer in the network. o Should a master key shared between A & B be different from a master key shared between C & D? Why or why not? Yes, they should be different; we do not want any other computers listening in on encrypted messages. If the master key of C & D is the same as the one of A & B then C or D would be able to decrypt the first message between A & B and get the session variable. o Should a master key shared between A & B be different from a master key shared between A & C? Why or why not? Yes, we do not want any other computer being able to decrypt messages that are only meant for
  4. 4. Chris Chambers 4/17/2010 o In Step (1), A sends the request Request||N1 unencrypted. Does this cause a vulnerability? Why or why not? No. Request ||N1 is asking for the session variable from B. Once it does this B will encode the session variable using the master key shared by A & B only. Since the master key is only known by A and B A will not respond to any other reply. o What is the role of N1 and f(N1) ? N1 and f(N1), are basically identification devices. A sends N1 to B. B will then apply f to N1 and send it back. This will inform A that B received the request. o What is the role of N2 and f(N2) ? N2 and f(N2) have a similar role to N1 and f(N1). B will send N2 to A along with the session key. A will then encrypt f(N2) with the session key and send it to B. This will let B know that A has the session key and the session will begin, and “real” data can begin being exchanged. o Explain what the function f(*) does and what security purpose it serves. f(*) will take an input and modify it. Then the respondent will encrypt f(*) and send it to the other computer. The other computer will be able to “undo” f so that the can see that the input that they passed was received and passed back to them. This provides extra security since attackers may not have this function and just pass back N1, or an incorrect modification of f. A will be able to see this and realize that this is not the desired computer and then will not continue communicating.

×