by ·0 Comments

Question 1

 

Describe four different approaches to message authenticity without using PKS.  Suppose you need to provide only authenticity protection in a network.

 

Suppose further that performing encryption is very much more time consuming than computing checksum, MAC or hash. Explain which of these approaches is likely to be the least suitable if efficiency is a main concern in your network.  Is this approach still more appropriate that one using PKS?  Explain your answer.

Solutions:

 

The four different approaches are:

 

(1)        Encrypt a message using secret key algorithm but enhance the message using timestamp and checksum as follows:

 

Actual Data Timestamp Sequence Number Checksum

 

(2)        Using MAC.  The sender may compute the MAC for the following message

 

Actual Data Timestamp Sequence Number

 

Append the MAC at the back of the message before sending it out.

 

(3)        Using Hash function with secret-key algorithm.  The sender computes the hash H of the message

 

Actual Data Timestamp Sequence Number

 

Append the encrypted hash H using the secret key she shared with Bob before sending it out.

 

(4)        Using Hash function without secret-key algorithm.  The sender is assumed to share a Secret Number with the receiver.  He computes the hash of the message

 

Secret Number Actual Data Timestamp Sequence Number

 

He then sends out

 

Actual Data Timestamp Sequence Number Hash

 

 

The first approach is likely to be the least suitable.                                        

This is because it involves encrypting the entire packet.                                 

But it should still be faster than an approach using PKS since PKS algorithm is in general much slower than a secret-key algorithm.                                    

 

Question 2

 

(b) Suppose you just used one key and the message sent comes with a time stamp, a sequence and a checksum as follows:

 

Actual Data Timestamp Sequence Number Checksum

 

The entire packet is encrypted.  Are there any key management issues in this case?  Explain your answer.  Does this provide any form or certain degree of authenticity protection? Also explain your answer.

 

There is a key management issue.  If one of the users’ machine is compromised, the key for the entire network will need to be changed.  This could be a complex process.                                                                                                                                             

Yes, there is certain degree of authenticity protection.                                   

 

The user can be assured that the message is from another user in the network.  On the other hand, he is unable to confirm exactly which user sent the message.

The timestamp helps one verify that the message is fresh and not a reply message. The sequence number would indicate that it is the legitimate message. The checksum will be able to detect if the message is a modified message.

 

Question 3

 

(a)        Suppose you have a network of n users.  Suppose each pair of users need to have secure channel of communication of communication that others could not listen in.

 

(i)         How many keys are needed if you are using PKS algorithm, assuming there is one CA?  Explain your answer

 

(ii)        What will be the number of keys needed if a secret-key algorithm is used instead?  Explain your answer.

 

(iii)       Which type of algorithms is better when the network is large, taken into consideration efficiency of communication as well?  Again explain your answer.

 

(b)        Suppose a secret key algorithm is used to provide confidentiality protection between two communicating parties.  Below is the packet format.  The shaded entry represents encrypted data.

 

Actual Data Timestamp Checksum

 

Here the Checksum is obtained by applying a secured hash function (without key or secret parameter) on the encrypted Actual Data.  Is this sufficient to provide authenticity?  Give three reasons to substantiate your answer.

Solutions

 

(a)   (i) When a PKS algorithm is used, each user will have a pair of public-private key.  Thus for n users, 2n keys are needed by the users.          As the CA needs a pair of keys, there will be 2n+2 keys altogether

 

(ii) When a secret key algorithm is used, each channel will require a dedicated key. 

There are n users.  Thus altogether n(n-1)/2 keys will be needed.     

 

To see this, we note that User 1 will need a key to talk to each of User 2 to User n, thus there is a need of n-1 keys for these communications.  User 2 already has a key to talk to User 1.  But he will also need a key to talk to each of User 3 to User n.  Thus there is a need of n-2 keys for these communications..  Similarly, there is a need of n-3 keys for communications between User 3 and the rest (less User 1 and 2), etc.  In total, we will need

 

(n-1) + (n-2) + (n-3) + .. + 1 = n(n-1)/2 keys                        

 

(iii) It is not clear which algorithm is better. The reasoning is as follows:

 

(1)        When the network is large, the number of keys needed when secret key algorithm is used increases faster.                                                             

 

(2)        On the other hand, the protection needed is to ensure that no one can listen-in to the communication (i.e. confidentiality)                                    

 

(3)        The speed for PKS is in general slower for purpose of encrypting messages.           

 

                                                                                               

(b)       

Actual Data Timestamp Checksum

 

No it is not sufficient                                                                           

 

A few reasons are as follows

 

(1)        Sequence number is missing.  This means that it may be possible to link this message block to a fragment from another message.                                                                                           

(2)        The Checksum does not apply to the Timestamp. Thus it may be possible to replace the Timestamp by another one.    

 

(3)        The Checksum is applied to the encrypted Actual Data and does not have a key or secret parameters. Thus it may be possible to take a piece of encrypted data, compute the checksum to produce a “legitimate” packet.

(4)        Key management issue

(5)        Issue with not knowing where the packet came from

 

 

Suppose the checksum is obtained by applying a secured hash function on the encrypted Actual Data and Timestamp.  Suppose also that the Checksum is encrypted as well.  In this case it does provide integrity protection on the data.  If an adversary attempt to modify part of the packet, he is able to compute the checksum but unable to compute the encrypted checksum.  Thus the modification will be detected.           

 

 

 

 

 

Question 4

 

There are some differences between AES and RSA encryptions. Describe five differences in terms of the types of algorithms, the way the algorithms work, the common functions served, and the difference in speed and key size.

 

 

 

The differences are

 

(1)        AES is a secret key algorithm and RSA is a public key algorithm.

(2)        AES uses a single key.  The same key is used for both encryption and decryption.  Two users need to have the same key to communicate.

            RSA uses pair of keys: a public key and a private key.  One key is used for encryption and the other for decryption.  For two users to communicate, each user will forward the public key to another user and key his private key.

(3)       AES is used to typically use to provide confidentiality protection and RSA is for authentication and key management.

(4)        AES functions much faster than RSA  .

(5)        The key size of AES is in the order of a few hundred bits (e.g. 256) and that for RSA is in the order of a few thousand bits (e.g. 1024)

                                                           

by ·0 Comments

Question 1

 

(a)        Suppose you have a network of n users.  You need to protect the communication in the network such that a non-user cannot read the messages transmitted.  On the other hand, every user can read all the messages.  How many keys do you need if you are using a secret-key algorithm to encrypt the message?

(b)    Explain the following types of cryptanalytic attacks:

(i)    Ciphertext only

(ii)   Chosen plaintext

(iii)  Chosen ciphertext

(a)        You just need to have 1 key.                                                               

 

This is because every user can use the same key to encrypt and decrypt all the messages; whereas a non-user without the key cannot read any of the messages.       

 

There is a key management issue.  If one of the users’ machine is compromised, the key for the entire network will need to be changed.  This could be a complex process.                                                                                                                                             

(b)

Ciphertext only: One possible attack is the brute-force approach of trying all possible keys. If the key space is very large, this becomes impractical. Thus, the opponent must rely on an analysis of the ciphertext itself, usually applying various statistical tests to it.

 

Known plaintext:  The analyst may be able to capture one or more plaintext messages as well as their encryptions. With this knowledge, the analyst may be able to deduce the key on the basis of the way in which the known plaintext is transformed.

                                                                                                            

Chosen plaintext: If the analyst is able to choose the messages to encrypt, the analyst may deliberately pick patterns that can be expected to reveal the structure of the key.

 

                                                                                               

Question 2

 

(a) Consider a symmetric key algorithm with a 11-bit key. Suppose you are using this algorithm. How many times do you have to try to obtain the key for the following cases?

(i) the best case

(ii) the worst case

(iii) the average case.

 

Explain your answers.

 

(b) Consider the two plaintext-ciphertext pairs (P1, C1) and (P2, C2). The ciphertext C1 is obtained by encrypting the plaintext P1 using an algorithm with a 20 bits key K1. The C2 is obtained by encrypting P2 using another algorithm with a 40 bits key K2.

 

(i)                 Suppose exhaustive search is used to find the keys. Which key is more likely to take a shorter time to find? Explain your answer.

(ii)               Is it possible that you could obtain the other key first? Explain your answer.

 

 

Solutions:

(a)

 

(i)                 For the best case, you need only one try.

This is because each try has an equal chance to succeed. If you happen to choose the correct one in the first try, you will get the key.

                                                                                                                       

 

(ii)               For the worst case, you need  211 = 2048  tries.

      This could happen when the correct key happens to be the last one you try.

                                                                                                                       

 

(iii)             On the average, you have to do  (1/2)*2048=1024 tries.

       If you do a large number of tries, statistically, the average will give half of the maximum  tries i.e. 1024 tries.

 

(b)

(i) Most likely, K1 will be found first. This is because K1 (20 bits) has a smaller search space than K2 (40 bits).

                                                                                                           

 

(ii)  Yes, it is possible. This is because one cannot be certain how long the search is needed. One could be lucky to select the correct key, K2, first.

 

 

Question 3

 

A company is run by a management committee, consisting of a CEO, Bob, and 4 managers: Mary, John, Tan and Lee. You are required to set up a secure means of communications among the five persons. Each pair of users must have a means of sending each other confidential message that the rest are unable to decipher. Suppose you want to use AES. How many keys are required? List down all the keys needed.

 

Solutions

 

Given the 5 users are Bob, Mary, John, Tan and Lee. There will be 10 keys needed as follows:

            Bob and Mary will need a key K(B, M)

            Bob and John will need a key K(B, J)

            Bob and Tan will need a key K(B, T)

            Bob and Lee will need a key K(B, L)

 

            Mary and John will need a key K(M, J)

            Mary and Tan will need a key K(M, T)

            Mary and Lee will need a key K(M, L)

 

            John and Tan will need a key K(J, T)

            John and Lee will need a key K(J, L)

 

            Tan and Lee will need a key K(T, L)

 

Question 4

 

 

(a)    What is the difference between a monoalphabetic cipher and a polyalphabetic cipher?

 

(b)    Given the monoalphabetic cipher as follows:

 

a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z

m  n  b  v  c  x  z  a  s  d  f  g  h  j  k  l  p  o  i  u  y  t  r  e  w  q

 

(i)                 Using the above cipher, encode the message “This is an easy problem”

 

 

(ii)               Using the above cipher, decode the message “rmij’u uamu xyj”

 

 

(a)     A monoalphabetic cipher maps a plaintext alphabet to a ciphertext alphabet, so that each letter of the plaintext alphabet corresponds to a single unique letter of the ciphertext alphabet.

                                                                                                            

 

A polyalphabetic cipher uses a separate monoalphabetic cipher for each successive letter of plaintext, depending on a key.

                                                                                                            

 

 

(b)  (i)  The encoding  gives:  “uasi si my cmiw lokngch” 

                                                                                                            

 

      (ii)  The decoding gives:  “wasn’t that fun”

 

by ·0 Comments

Question 1

 

(a)    Describe Active Attacks and Passive Attacks.  Also describe three different types of passive attacks and four different types of active attacks.

(b)   Give examples of two possible scenarios when one cannot be absolutely certain that an adversary is launching a modification-of-message attack or denial-of-service attack, even when the proper security protections are in place.  Explain your answer.

 

(c)    How could traffic analysis jeopardize security? Give an example to illustrate your answer.

Solutions

(a)

Passive Attack:  With this type of attacks, the adversary attempts to learn or make use of the information from the system but does not affect system resources.

 

Active Attack: In this type of attacks, the adversary attempts to alter system resources or affect their operations.

 

Passive attacks include eavesdropping of conversations, sniffing of message content transmitted through the network, or monitoring of traffic patterns in the transmission.  The last type of attack is sometimes also known as traffic analysis.  In such an attack an adversary attempts to deduce information by looking at the frequency of messages transmitted, the length of messages, or the timing for transmission, etc.

 

Active attacks involve active manipulation of the messages and data.  There are a few possibilities:

 

Masquerade:  An adversary will pretend to be someone else and carry out transactions or interactions using the false identity.

 

Replay: The adversary captures some messages and replays, or injects, them in another transaction.  In this case, the recipient will receive information not intended for that transaction and may carry out wrong actions.

 

Modification of messages: The adversary will attempt to modify part of the messages to suit his needs.

 

Denial of Service: The adversary will attempt to “jam” the network or some services.  A well-known approach is to generate a large amount of false interactions in the system.  This will prevent proper processing of legitimate transactions.

 

Counter : detection and containment/recovery approach

 

 

(b) Two scenarios where one cannot be absolutely certain that an adversary is launching an active attack are as follows:

 

1.         When there are infrequent errors in the packets received.  This could be a result of communication errors as well as a modification attack.

 

2.         When there is an expected surge in network activities (e.g. near the closing date of Income Tax e-filing).  In this case the reduction is availability could be a result of legitimate users activities as well as a denial of service attack.

 

(c)   Traffic analysis could reveal the amount of traffic between communicating parties. For example, in a military environment, an increased level of traffic to and from a commander might serve as a prediction of troop movements. This information will be useful to the adversary.

 

Question 2

 

(a)        Is it likely to achieve perfect security for a network (i.e. to have a network that will never fail in terms of security) in the real business world?  Give three possible reasons to substantiate your answer.

 

(b)        The computing speed is much faster these days compared to that some years back.  On the other hand, old algorithms and systems are still in use.  Give three reasons to explain this situation.

 

Solutions

 

(a)        It is unlikely.

Reasons:

1.         Human is the weakest link.  No matter how strong are the protection mechanisms for a network, there is still a possibility that the users will make mistakes.

 

2.         Technological changes occur rapidly.  Mechanisms that are strong one day may suddenly become insufficient when new techniques or insights are discovered.

 

3.         In real business world, there is always a cost, schedule and efficiency issues.

 

(b)

Reasons

1.         There is a cost involved in migrating to the new algorithm/system.

2.         There is a need to be compatible to the rest of the community that are still using the old algorithm/system.

 

 

Question 3

 

(a)(i)    Explain Security Services and Security Mechanisms.

 

(ii)        Suppose the main threat of a network is replay attack.  Does the use of confidentiality services protect the network against such attack?  Explain your answer.

 

(iii)       Is it always the case that only one mechanism can be used to achieve the provision of a particular service?  Give an example to illustrate and explain the answer.

 

(b)

 

Question 3 (solutions)

 

(i)         Security Mechanism:            A mechanism that is designed to detect, prevent, or recover from a security attack.

 

Security Service:        A service that enhances the security of the data processing systems and the information transfers of an organization.  The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.

 

(ii)        No, confidentiality services does not provide the protection

 

Explanation:  Such services only help to ensure that only the legitimate users are allowed to see the relevant data or information (including traffic information).  An attacker launching a reply attack could re-send a message captured from the network.  Confidentiality services will not be able to alert the recipient that this is a repeated message.

 

(iii)       No, different mechanisms could be used to achieve the provision of the same service.

For example, to achieve confidentiality service, the security module may use encryption, or adds random traffic into the network (this is known as traffic padding), or regularly change the route of the traffic (route control).  Encryption, traffic padding and route control are different mechanisms.  On the other hand, they could all be used to provide confidentiality service for the network.