From: "Saved by Windows Internet Explorer 7" Subject: COMP 150-CA Special Topics: Computer and Network Security Date: Sat, 16 Feb 2008 02:16:16 -0500 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Content-Location: http://www.ccs.neu.edu/course/csg254/ProblemSet-IV.htm X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16545 COMP 150-CA = Special Topics: Computer and Network Security

           &nbs= p;            = ;    =20         =20 Problem=20 Set - IV           &nbs= p;            = ;           =20       =20 10/30/07

(Due at the = beginning of=20 class on 11/6/07)

 

CS = G254/U645=20 Network Security

This problem set = will be=20 graded out of 40 points. It will count for 8% of your final=20 grade.

 

1)     =20 DES

a)     =20 What is the size = of a=20 plain-text block in DES? [1]

b)     =20 Why must it be the = case that=20 the size of the cipher-text block is at least as big as the size of the=20 plain-text block for any encryption algorithm? [2]

c)     =20 How many different = DES keys=20 are there? [1]

d)     =20 How many rounds = does DES=20 consist of? [1]

e)     =20 DES consists of = the=20 following transformation in the ith round: = it takes=20 input Li = Ri and=20 the round key Ki = and=20 returns as output Li+1 Ri+1 where Li+1 =3D Ri and Ri+1 =3D = Li=20 =C5 (Ki = mangle=20 Ri). Show how to = recover LiRi from=20 Li+1Ri+1 and Ki even when mangle = is not=20 invertible. [3]

f)       =20 What is an upper = bound on=20 the worst case number of attempts a brute force algorithm (one that = sequentially=20 tries all keys) must make to crack 3DES? [2]

 

2)     =20 Passwords

a)     =20 Describe the Lamport one-time password scheme? = [3]

b)     =20 Why is the Lamport scheme secure against eavesdropping?=20 [1]

c)     =20 Why is the Lamport scheme vulnerable to the offline = dictionary attack,=20 even though no secret key is held in the server (Bob=92s) database?=20 [3]

d)     =20 Describe the small = n attack?=20 [3]

 

3)     =20 Session=20 keys

a)     =20 Let=20 Alice and Bob share the = secret=20 key KAB. Let R be a random string that is = exchanged=20 in the clear during the authentication phase. Why are the=20 following

      bad choices as session keys: KAB(KAB),=20 R(KAB)  and=20 R=C5KAB? = [3]

b)     =20 What are some = reasons for=20 having a session key in the first place. Why = not simply=20 use the shared secret for encrypting the session? = [3]

c)     =20 After doing a = mediated=20 authentication using a KDC, Alice wishes to check = that Bob=20 and she indeed have the same session key. To confirm this she XORs (=C5) her key with a = random=20 string of the same length and sends it to Bob. Bob then XORs his key to the received string and returns it = to Alice=20 who checks that the received string is the same as the random string she = originally chose. What is wrong with this scheme for session key = verification?=20 [2]

d)     =20 Consider another = alternate=20 scheme for session key verification. Bob sends over an encryption, using = the=20 session key, of a known fixed message to Alice who decrypts and checks. = What is=20 the weakness in this scheme? [2]

 

 

 

4)     =20 Otway-Rees (slightly=20 modified)

      Alice=20 =E0 Bob: Alice, Bob, = KA(NA,Alice,Bob)

      Bob = =E0 KDC: KB(NB, Alice, Bob), KA(NA,Alice,Bob)

      KDC = =E0 Bob: KA(NA,KAB),=20 KB(NB,KAB)

      Bob = =E0 Alice: KA(NA,KAB)

      Alice=20 =E0 Bob: KAB(Anything = recognizable)

a)     =20 What does the KDC = check to=20 ensure that it is talking to Bob? [2]

b)     =20 When Bob replies = to=20 Alice how does she = ensure that=20 Bob has talked to KDC? [3]

c)     =20 In the last = message=20 Alice is proving her = identity to=20 Bob. Why isn=92t this followed by a message from Bob proving his = identity to=20 Alice? = [2]

d)     =20 Why is it a = problem for=20 =93Anything recognizable=94 to be a fixed message? Show how the use of = salt solves=20 the problem. [3]