Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

tutorial sheet 06_an..

advertisement 
CSE 2500 Computer Security and Privacy
Tutorial Sheet 06
Q1) Given a modular exponentiation algorithm for n-bit integers that needs about n3
operations, how much does performance deteriorate by moving from 512-bit to 1024-bit
RSA?
We are given that performance, measured in operations, for an n-bit
cryptosystem is given by n3. We are asked what the deterioration of
performance is when moving from 512-bit RSA to 1024-bit RSA. First we need
to find the performance of 512-bit RSA.
5123 = 134,217,728 operations
For 1024-bit performance is
10243 = 1, 073,741,824 operations
Finally we need to find the difference in operations and measure the
percentage of the original by that difference.
1073741824-134217728 = 939524096/123217728 = 7  700%
increase in the amount of operations.
Q2) Consider a block cipher algorithm with the following properties:
- input and output block length of 64 bits and the key size is 56 bits
- Given a key K, the key scheduling requires 2 microseconds (2 x 10 -6 secs)
- After the key scheduling produces all the sub-keys (if required), the
encryption of a single block of 64 bits block takes 0.5 microseconds.
Compute the following information:
- The total time required (of course in microseconds) to encrypt 1MBytes (2
20
bytes) of data.
- Given 2 values C and M such that C = EK(M) under the unknown key value
K, how many years (at most) are required to crack the cipher on a single
computer.
First we need to find the number of 64-bit blocks in 1MByte of data as
# of bits in 1MB = 220 bytes * 8 bits/byte = 8,388,608
Number of data blocks = 8,388,608 / 64 bits = 131,072 blocks.
It is now simply a matter of recognizing that the key K will be scheduled only
once for this encryption, and that we need to encrypt 131,072 blocks of data.
Time= 2 microseconds + 131,072 * 0.5 microseconds = 65538
microseconds
The second part seeks the amount of time, at most, it would take to crack the
cipher given ciphertext C and the related plaintext M. In order to do this, it is
necessary to search the entire key space. Because a key is 56 bits long, the key
space is then
256 = 72,057,594,037,927,936
Prob03.ans
1 of 4
Now we know how many keys we need to try before we find the right one, we
must recognize that we only need to test a single block of data. Then each trail
requires key scheduling plus the time to encrypt/decrypt (depending on
which one you choose). Thus, the equation becomes
(256 (2 microseconds + 0.5 microseconds )) * 0.000001 secs
~= 1.8x 1011 secs
Translate this value into years ~= 2,084,999 days ~=5712
years!!
Q3) Consider the following scheme of encryption and decryption scheme:
- Let P be a data block of arbitrary length.
- EK(P) and DK(P) represent the secret key encryption and decryption
algorithms of a secret key cryptosystems (such as DES) where K is the secret
key.
- PEU (P) and PDV(P) represent the public-key encryption and decryption
algorithms of a public-key cryptosystem (such as RSA), where U is the public
key and V is the private key of the user.
- Let X and Y be the public and private key of Srini in the above public-key
cryptosystem.
Consider the following sequence of operations (and explain what are they in English)
C = EK(P)
destroy P
D = PEU (K)
E = PEX (K)
destroy K
F = C || D || E
The first operation encrypts the data block P with a secret key K. The original
file is destroyed and the key K is encrypted with the public key of the user
and then with the public key of Srini. Encrypting the key with Sini’s public
key servers as a mechanism for key recovery. At this point, the key K is also
destroyed.
- Is it possible to obtain P from F knowing V? If so how?
K = PDV (D)
P = DK(C)
- Is it possible to obtain P from F knowing Y? if so how?
K = PDY(E)
P = DK(C)
Prob03.ans
2 of 4
- Is it possible to obtain V if we know Y? If so how?
It is not possible to obtain V if we know Y. V and Y are the private keys of the
user and Srini respectively, but have no relation to each other mathematically
other than theya re being used for the same public-key cryptosystem.
- Is it possible to obtain P from F if we lose V? If so how?
We can leverage the key-escrow agent (what is this?) – the Srini’s private key
to decrypt the file as in second sub-question.
- Is it possible to obtain P from F if we lose Y? If so how?
We can still use the user’s private key as in first sub-question.
- Is it possible to obtain P from F if we lose both V and Y? If so how?
It is impossible short of a brute force attack on the cipertext C. Even then the
task is difficult because it is not a known plain text attack, so how will you
know which decryption is the correct one?
Q4) Consider a password system which uses all the 102 printable characters of the
English (or American) key board and the password is of 8 characters long.
- How many distinct passwords are possible under the above scheme? (give
the numbers approximately as a.b x 10 c).
- If the password scheme is limited to 26 lowercase English alphabets only (still
password length remains as 8 characters), how many passwords will there be?
- If the password length is limited to 6 characters (still the number of characters
is 102), how many passwords will there be?
Let a be the number of possible characters to choose from, and n be the length
of the password. Then the number of passwords of length n with character set
is given by an
How many passwords are there? = 1028 ~= 1.17 x 1016
If the password scheme is limited to 26 lowercase letters, the number of
passwords are = 268 ~= 2.09 x 1011
If the password length is limited to 6 characters, the number of passwords is
1026 ~= 1.12 x 1012
Q5) Assume that passwords have length six and all alphanumerical characters, upper and
lower case, can be used in their construction. How long will a brute force attack take on
average if:
- it takes one tenth of a second to check a password?
- it takes a microsecond to check a password?
The number of passwords is 626 = 56,800,235,584 (62 = 26 lower case
alpha+26 uppercase alpha + 10 numerals)
However it is important to note that the problem asks how long it will take to
find a given password on average which implies that we need not search
through the entire space, but that we have to search through only of that space
(on average). Thus the entire password space to search is
Prob03.ans
3 of 4
56,800,235,584 /2 = 28,400,117,792
Time to check = 0.1 sec  0.1 * 28,400,117,792 ~= 90
years
Time to check = 1 microsec  0.000001 * 28,400,117,792
~=7.9 hours.
Q6) Passwords are entered by users and checked by computers. Thus, there has to be
some communications channel between user and computer. So far we have taken a very
abstract view of this channel and assumed that it exists and that it is adequately secure.
When this assumption is justified? When it is not justified?
There are very few times when the transmission can be considered secure. The
line is secure when it is serving a user logging into a machine locally, e.g., a
keyboard cable running to a desktop machine. The line is secure if it is on an
internal LAN that only you have access to, or that a very few (assumed
trusted) individuals have access to. A line should never be considered secure
if it is somehow connected to the internet (even if is behind a firewall). In
short, a line should never be considered secure unless you can see it from
origin to destination.
Prob03.ans
4 of 4
Related documents
Tutorial Sheet 06
Tutorial Sheet 06
Password-Based Football
Password-Based Football
How to start Whitepins - AMAS-Team
How to start Whitepins - AMAS-Team
Slide 1
Slide 1
Registration Form - Request for Access to the Local Government
Registration Form - Request for Access to the Local Government
TPR O-chem Chapter 2
TPR O-chem Chapter 2
password - Department of Computer Science
password - Department of Computer Science
NID Password Change Frequency
NID Password Change Frequency
Download
advertisement