mod encrypts

advertisement
CS 472 - Network and Systems Security
Fall 2011
Final Exam
Time 2 & 1/2 hours
Open Book & Notes
Name:
Login:
1
Question 1: 20 points
Assume a person chooses: p=3, q=11 and e=3:
1. Find a number d (the exponentiative inverse of e ).
2. Let m=2:
a) Encrypt m using the public key <e,n>
b) Sign
m using the private key <d,n>
Solution:
p = 3, q=11
n = p*q =3*11=33
Ø(n) = (p-1)*(q-1) = (3-1) * (11-1) = 2x10=20
e=3, Ø(n) = 20
i
qi
-2
-1
ri
ui
vi
3
1
0
20
0
1
0
0
3
1
0
1
6
2
-6
1
2
1
1
7
-1
Since r2 is 1 then e-1 is 7
Thus d=7.
e.d mod Ø(n) = 3 x 7 mod 20 = 1
m= 2, e =3 , n = 33 and d=7:
me mod n = 23 mod 33 = 8
md mod n = 27 mod 33 = 29
2
Question 2: 10 points
Consider Diffie-Hellman with p=7 and g=2.
Assume Alice picked 2 as her random number while Bob picked 4 as his
random number.
What is the value of the shared secret between Alice and Bob following
Diffie-Hellman message exchange?
Solution:
TA = 22 mod 7 = 4
X = 22 mod 7 = 4
TB= 24 mod 7 = 2
Y = 44 mod 7 =4
Thus shared secret is: 4
3
Question 3: 10 points
The following is Alice’s public key graphs G1 and G2
Find Alice’s private key (the mapping between G1 and G2).
Solution:
Alice Private Key
G1
1
2
3
4
G2
A
B
D
C
4
5
Question 4: 10 points
Consider the following certificate request and the corresponding issued certificate.
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=US, ST=Virginia, L=Portsmouth, O=Taylor
Made Tutoring,
CN=Mary Ellen
Taylor/emailAddress=mtaylor@cs.odu.edu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:a7:68:b7:c1:99:55:d4:c3:39:59:e3:e1:e4:3f:
3f:3c:17:5f:83:84:bc:77:7f:d2:11:6a:d6:1e:2a:
27:c7:e0:05:a4:27:40:a0:e4:f0:e2:9f:16:ba:27:
0f:5b:95:21:6a:4e:7c:7b:c0:b3:c3:92:84:b7:88:
ed:88:5f:b9:fb:99:ce:09:50:e4:0a:f8:04:17:ac:
c0:b8:a4:65:19:42:56:bc:f6:cb:99:06:44:6c:dd:
37:5a:ee:d7:49:ba:77:82:21:cd:0f:d1:1a:93:d2:
0f:7c:ad:60:55:d7:3f:99:a9:d8:17:ae:48:3e:25:
d1:b2:66:84:e9:2b:52:ea:c7
Exponent: 65537 (0x10001)
Attributes:
challengePassword
:Steffie
Signature Algorithm: sha1WithRSAEncryption
1c:1d:f8:05:45:e2:b1:80:ac:f0:8a:b9:3d:ec:aa:2e:8d:96:
86:94:4d:5c:02:41:88:2b:c0:67:8a:a7:55:6a:8f:68:f4:8d:
08:9b:23:44:87:45:2b:4e:14:cb:87:76:0b:1a:8c:62:b3:c9:
de:f0:93:87:16:fc:a0:8a:d3:7d:b6:9d:0a:84:38:99:49:e7:
a8:0f:b0:32:0b:52:83:5c:a2:5c:f7:5a:a9:3c:90:aa:96:6e:
39:ef:bc:7d:9b:ad:68:74:5f:20:46:5c:e4:07:99:20:54:8f:
ed:c8:09:56:e1:da:5f:8d:c3:1b:cd:af:f6:45:f2:70:1a:c4:
b2:e4
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14 (0xe)
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=Dr. Wahab,
ST=Virginia,
C=US/emailAddress=wahab@cs.odu.edu, O=Old
Dominion University
Validity
Not Before: Nov 17 01:52:20 2011 GMT
Not After : Nov 16 01:52:20
2012 GMT
Subject: CN=Mary Ellen Taylor, ST=Virginia,
C=US/emailAddress=mtaylor@cs.odu.edu, O=Taylor
Made Tutoring
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:a7:68:b7:c1:99:55:d4:c3:39:59:
e3:e1:e4:3f:
3f:3c:17:5f:83:84:bc:77:7f:d2:11:6a
:d6:1e:2a:
27:c7:e0:05:a4:27:40:a0:e4:f0:e2:9
f:16:ba:27:
0f:5b:95:21:6a:4e:7c:7b:c0:b3:c3:9
2:84:b7:88:
ed:88:5f:b9:fb:99:ce:09:50:e4:0a:f8
:04:17:ac:
c0:b8:a4:65:19:42:56:bc:f6:cb:99:0
6:44:6c:dd:
37:5a:ee:d7:49:ba:77:82:21:cd:0f:d
1:1a:93:d2:
6
0f:7c:ad:60:55:d7:3f:99:a9:d8:17:a
e:48:3e:25:
d1:b2:66:84:e9:2b:52:ea:c7
Exponent: 65537
(0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: md5WithRSAEncryption
87:2a:86:cb:81:d4:ea:60:61:89:c8:50:43:df:30:48:14:f6:
ef:02:a9:a4:96:29:89:cc:b9:ec:c6:63:f5:34:84:7c:ca:df:
55:1c:0a:bc:ab:7b:42:fd:7d:5a:82:b2:48:65:3c:63:3b:d6:
08:3d:c7:23:58:10:7c:36:7c:bc:96:71:6e:c9:79:06:a9:d7:
97:e8:7e:b2:f5:30:2c:a0:d3:4f:45:62:0e:4a:9e:0b:8e:54:
e6:f7:26:81:2c:48:a3:05:97:b1:a1:9e:a9:18:d6:d4:1f:ca:
5b:aa:3f:45:04:b0:ec:39:86:b7:6c:72:bf:65:f9:bd:04:e7:
04:57
7
1. When this certificate should be renewed?
2. What is the value of the public key <e,n> for this certificate?
3. Who signed the certificate request?
4. Who signed the issued certificate?
5. Which algorithms were used to sign this certificate?
8
Question 5: 20 points
A. Which of the following two statements is true and why?
1. The ssl is used by the server to authenticate the client
2. The ssl is used by the client to authenticate the server
Answer: 2, Since server use login and passwd.
B. In ssl explain how the session keys are shared between the client and the server?
Answer: The client select shared secret and send it to server using public key in
server certificate.
C. Using open ssl to send a signed & encrypted email message from Alice to Bob,
Explain why Alice needs both her certificate as well as Bob’s certificate?
9
Answer: Use Bob public key in his certificate to encrypt shared secret used to
encrypt the message.
Use here private key corresponding to the public key in her certificate to sign the
message.
10
Question 6: 10 points
A. The following is Dr. wahab’s entry in the password file:
wahab:stg/i.0xxJ1zU:51:13:Hussein Abdel-Wahab:/home/wahab:/usr/local/bin/tcsh
Assume Dr. wahab changes his password to be the same as as the old password. Does this will
have any effect on his record in the password file? Explain.
Answer: Each time use new slat.
B. Why the systems group insists that the information stored in the password file should not be
made public to outsiders?
Answer: To avoid dictionary attach.
Question 7: 20 points
Some one proposed to use the following two protocols for mutual authentication between Alice and
Bob.
Which of these two protocols you secure and why?
Assume:
Ta is Alice Timestamp
Tb is Bob Timestamp
f ( X ) is either hashing or encrypting X.
11
[ X ]Alice is signing X using Alice’s private key.
[ X ]Bob is signing X using Bob’s private key.
Protocol 1:
{======================================
Alice
Bob
I'm Alice, f (K, Ta)
<
>
f (K, Tb)
======================================}
Protocol 2:
{======================================
Alice
Bob
I'm Alice , [Ta]Alice
<
---------
>
[Ta]Bob
======================================}
Solution:
Protocol 1: If BobTimestamp is not equal to AliceTimestamp then it can be used for
reflection attack,
Bob can reflect f (K, Ta).
Protocol 2: is better since each must have the private key of the person he claims to be.
12
13
Download