CS 472
Network and Systems Security
Fall 2003
Final Exam
Time 2 & 1/2 hours
Open Book & Notes
Name:
Login:
A total of 10 questions, each question is assigned 10 points.
Please be brief and try not to exceed the space allocated for each answer.
1
1) Given a public key <5,133>, p = 7 and q =19.
Show that <65, 133> is a possible corresponding private key.
2) Assume we have a public key e=<3,10> and its corresponding
private key d= <7,10>. Given a message m = 7, what are the values of:
i. {m} e
ii. [m] d
2
3) Calculate the value of 813 mod 100 without using a calculator.
4) Consider Diffie-Hellman with p=7 and g=5. Assume Alice picket 3 as her
random number while Bob picked 4 as his random number. What is the value of
the shared secret between Alice and Bob following the Diffie-Hellman message
exchange?
3
5) Compare the advantage and disadvantage of storing user passwords at the
server as:
i.
Encrypted using the server password.
ii.
As message digests.
6) Assume a server has a password file containing the hash of 1000 user
passwords. Assume that a person has access to dictionary containing 100,000
possible passwords. How many hash operations are required to perform a
dictionary attack on such password file if:
i.
The server is not using a salt.
ii.
The server is using a salt.
4
7) Briefly Describe:
i. The “difference” and “similarity” between KDC and CA.
ii. The role of nonce in security protocols.
iii. The purpose of the six keys used during an SSL session.
5
8)
A. How to establish a session key between Alice and Bob using:
i. Public key cryptography.
ii. Secret key cryptography.
B. In sending signed-encrypted mail using openssl SMIME explain why the sender
should have access to:
i. The sender’s private key.
ii. The recipient’s certificate.
6
9)
A. Which protocol to use by Alice and Bob for mutual authentication that have
the following property:
i. The least number of exchanged messages.
ii. The most number of exchanged messages.
B. In Kerberos:
i. Is it possible for Alice to see the content of the ticket to Bob?
ii. How Alice and Bob can mutually authenticate each other?
iii. List three major differences between Version 4 and Version 5.
7
10 ) The following are the listings of certificate request and a signed certificate.
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, ST=Virginia, L=Norfolk, O=ODU, CN=Andrew/Email=agood@cs.odu.edu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b5:ba:aa:1e:7f:71:0d:41:15:98:b5:d7:0f:c8:
29:59:36:10:a1:e0:1f:5d:c7:b5:b0:a0:d8:b2:30:
51:a9:24:e3:bb:a4:0c:6f:f8:ab:f5:9b:e0:a0:75:
6c:96:ec:12:e6:1d:90:bf:d9:50:93:5b:b7:0b:84:
bf:8d:64:f0:94:17:e2:ab:f4:02:5e:ec:52:e1:83:
f3:50:29:a5:da:33:5f:95:de:9d:e3:2f:af:4b:5c:
d2:c8:e4:c6:f9:e0:7d:43:ff:bb:ab:96:7c:5a:ac:
b4:4e:43:db:40:cb:73:7c:47:f3:1d:b6:30:8f:a0:
1c:88:61:2b:e3:76:c8:0c:79
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
2a:84:f3:d3:ed:aa:b0:97:7f:22:02:ac:ec:bb:dd:8c:55:bc:
66:81:2c:81:cf:9a:17:da:a8:7e:17:bd:6f:7e:28:f0:9a:43:
fe:d2:98:8d:c7:ca:00:3e:3f:fc:2e:34:b0:73:49:80:62:3f:
fa:c3:14:e4:b1:08:86:3e:ad:3e:d5:cf:1b:c0:e4:b7:0f:99:
0e:32:da:59:ec:09:b5:16:eb:61:4d:7a:68:09:e0:60:b7:a7:
36:58:7c:a9:b0:10:2e:ad:41:1f:76:3f:82:98:ff:a4:2e:bc:
47:ff:93:1e:a3:53:cf:b2:b4:3d:0a:8f:0a:c8:1a:e4:33:37:
e0:34
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=Dr. Wahab, ST=Virginia, C=US/Email=wahab@cs.odu.edu,O=Old Dominion University
Validity
Not Before: Oct 28 02:21:18 2003 GMT
Not After : Oct 27 02:21:18 2004 GMT
Subject: CN=Andrew, ST=Virginia, C=US/Email=agood@cs.odu.edu, O=ODU
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b5:ba:aa:1e:7f:71:0d:41:15:98:b5:d7:0f:c8:
29:59:36:10:a1:e0:1f:5d:c7:b5:b0:a0:d8:b2:30:
51:a9:24:e3:bb:a4:0c:6f:f8:ab:f5:9b:e0:a0:75:
6c:96:ec:12:e6:1d:90:bf:d9:50:93:5b:b7:0b:84:
bf:8d:64:f0:94:17:e2:ab:f4:02:5e:ec:52:e1:83:
f3:50:29:a5:da:33:5f:95:de:9d:e3:2f:af:4b:5c:
d2:c8:e4:c6:f9:e0:7d:43:ff:bb:ab:96:7c:5a:ac:
b4:4e:43:db:40:cb:73:7c:47:f3:1d:b6:30:8f:a0:
1c:88:61:2b:e3:76:c8:0c:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: md5WithRSAEncryption
47:da:6f:44:3f:a3:f4:09:6e:8c:a2:0b:e8:a3:2d:f9:69:89:
12:55:9a:ae:1a:c3:43:34:b3:1e:66:fa:34:ae:07:9a:48:2a:
5f:aa:74:5c:0a:ff:e4:1a:17:a3:43:44:da:9a:96:a5:8f:86:
9e:99:f9:9a:e1:99:68:fc:aa:3b:1d:7b:9a:1b:71:c3:45:a4:
39:05:96:2a:16:47:f9:2d:9b:8f:ae:5c:e0:89:0a:f5:ca:88:
8
56:23:3a:0e:f7:99:8d:a4:ec:df:76:e6:67:5c:60:28:4a:c2:
0a:ce:a2:85:ea:86:ad:6b:8a:5f:77:37:64:d7:a9:9b:0b:06:
5b:97
9
i.
Who is the requester?
ii.
Who is the Certificate Authority?
iii.
What are the algorithms used for generating the signatures?
iv.
For how many days the certificate is valid?
v.
Why the public key <e, n> are the same in both the request and the
certificate?
vi.
What is the value of e of the public key <e, n>?
vii.
Why the signatures are different in both the request and the
certificate?
10