CS 472 Network and Systems Security Fall 2009 Midterm Exam Time 2 & 1/2 hours Open Book & Notes Name: Unix Login: Each Question is 10 points 2 Question 1: The crypto program of assignment #1 is used to encrypt files. The syntax of this program is: % crypto key plainfile cipherfile. Assume you got hold of a cipherfile and find out that the content of the file is all 0s. How you interpret this? Key and Plainfile are identical 2 3 Question 2: XOR is a very important ingredient in symmetric encryption techniques. Why is that? It is Reversible: K (+) P = C K (+) C = P Give two examples of symmetric encryption techniques that use XOR and refer to the specific steps of these techniques where the XOR is actually used. DES: Inside Rounds: Left (+) Righ (after Mangler Function) Inside Mangler Function: Input Date (+) Round Key chunks. AES: Mix column step. Between Rounds: Input Data after Mix Column (+) Round Key. Inside Key Expansion steps. 3 4 Question 3: The traditional combination lock, T, requires three turns between 1 and 40. Assume that you have the option of buying new weaker combination locks, W that requires two turns between numbers 0 and 9. W is weaker than T by X%. What is the value of X? T 40.40.40 = 64000 W 10.10 = 100 W is weaker that T by 640 % 4 5 Question 4: Almost all encryption algorithms use the concepts of substitution.. How many bits are required to store the substitution table to map 8-bit blocks to other arbitrary 8-bit blocks? 2^8 * 8 = 256 * 8 = 2048 bits. 5 6 Question 5: Assume that Bob and Alice share a secret K . (e.g., by meeting at Starbucks in Chicago ) Describe two methods by which Alice can authenticate Bob using the shared secret K. Encryption: Alice authenticating Bob: Alice challenge: r response: r >>>>>>> K{r} r <<<<<<< K{r} is a random number, K{r} Bob is the secret key encryption of r using shared key K. Hash: Alice authenticating Bob: Alice r challenge: r >>>>>>> response: d <<<<<<< Bob r d =MD{K|r} is a random number, D{K|r} is the message digest of K concatenated with r. Alice computes MD{K|r} and if = d, then Bob must know K. 6 7 Question 6: UNIX stores the hash of a random salt and the user password. What is the security value of this salt? To prevent dictionary attach. 7 8 Question 7: Consider In the following openssl commands: % openssl genrsa -out rsaprivatekey.pem -des3 1024 What is the meaning of the option –des3 ? Encryption used to save the private password. What is the value of 1024 represents? Lenght of the private key When using this command in class, what is the specific password that Dr. wahab have used? ***** % openssl rsautl -encrypt -pubin -inkey rsapublickey.pem -in file1 -out file2 What is the size limit imposed on file1 and why? < 1024 Since it does not use symmetric key encryption. 8 9 Question 8: Show the result, in HEX, of the 1st octet out of the S-Boxes of the 1st round of DES to encrypt one data block of all 0s using a key of all 0s. EF 9 10 Question 9: Show the result, in HEX, of the 1st octet of the 1st round of AES-128 to encrypt one data block of all 1s using a key of all 0s. 16 10 11 Question 10: Here is a description of a Silly Encryption Algorithm (SEA): The algorithm has a single round. The input data block size and the encryption key lengths are one octet. Just XOR the input data block with the encryption key. Use the SEA algorithm to encrypt the message: “F0F0” using the CBC chaining. Assume the IV is “FF” and the encryption key is “FF”. F0FF 11