CS 772
Network and Systems Security
Fall 2010
Midterm Exam
Time 2 & 1/2 hours
Open Book & Notes
Name:
Unix Login:
Each Question is 10 points
2
Question 1:
Consider the following three methods of encrypting a plain English text:
1. Generalized Caesar cipher.
2. Mono alphabetic cipher
3. XOR the text with a short repeated Key.
For each of the above methods specify which of the following strategies is
preferred to use for breaking the encryption:
A. Trying all possible keys.
B. Statistical Analysis of the English language.
Answer:
1. A. & B. can be used. A is just 26 trails. So A. is preferred.
2. A. & B can be used. A is 26!=4*(10**26) so B. is better preferred.
3. Only A. can be used.
2
3
Question 2:
If both the input data block and the encryption key are all zeros, which of the
following encryption algorithms produces an all zeros cipher block.
1.
2.
3.
4.
DES
IDEA
AES
RC4
Explain why?
Answer:
1.
2.
3.
4.
DES is non-zero starting from the Mangle function step.
IDEA is Zeros all the way, since there are no tables involved.
AES is non-zero starting from octal substitution.
RC4 is non-zero since random pad is non-zero.
3
4
Question 3:
XOR is an essential ingredient in encryption algorithms.
Show that each of the following algorithms uses XOR somewhere in its steps.
1.
2.
3.
4.
DES
IDEA
AES
RC4
Answer:
1.
2.
3.
4.
DES at the Mangle function.
IDEA at the even rounds.
AES at the column-mix
RC4 XOR the pad with the text.
4
5
Question 4:
Suppose a message M has more than one data blocks of zeros and the encryption
key K is also zero. Explain why the resulting cipher blocks C are the non-zeros
when using the following chaining techniques regardless of the used encryption
algorithms.
1.
2.
3.
4.
Cipher Block Chaining (CBC)
Output Feedback Mode (OFB)
Cipher Feedback Mode (CFB)
Counter Mode (CTR)
Answer:
In all of them, the IV is non-zero, thus all blocks will be non-zeros.
5
6
Question 5:
Using MD2, explain why the message checksum of the following messages are all
different:
M1:
M2:
M3:
M4:
is 16 octets of all zeros
is 32 octets of all zeros.
is 10 octets of all zeros.
is 11 octets of all zeros.
Answer:
M1 the checksum C1 ends after one round.
M2 the checksum C2 ends after two rounds.
M3 the pad will be 666666 and the checksum C3 will end after one round.
M4 the pad will be 66666 and the checksum C4 will end after one round.
Clearly C1, C2, C4 are all one round but different since the content of the blocks
are different.
C2 is two rounds thus it is different for C1, C2 and C3.
6
7
Question 6:
What is the minimum number of different messages to be hashed using MD2 such
that the probability is better than 50% two of the messages will have the same
digest?
Answer:
In MD2 the digest is 160 bits. Thus there are 2160 different values. Using the
Birthdate rule, we need square root of that: 280 messages.
7
8
Question 7:
Assume that Bob & Alice share a secret K.
Describe how Alice can authenticate herself to Bob using the shared secret K.
Answer:
Using MAC:
Alice sends the message: M = “I am Alice” and d= MD (K|M).
Bob receive M and d, computer d’= MD(K|M) and if d=d’ she is Alice.
Using Encryption/Decryption:
Alice sends the message M and C= Enc(M,K)
Bob receive M and C, compute M’=Dec(C, K) and if M=M’ she is Alice.
8
9
Question 8:
Consider In the following openssl command:
% openssl genrsa -out privatekey.pem -des3 1024
What is the meaning of –des3?
What is the meaning of 1024?
Answer:
-des3: to save the private key using DES3 with a passphares.
The private key length is 1024
9
10
Question 9:
Suppose the resulting cipher file of the crypto program is all zeros.
How this could have happened?
Answer:
It means the key and the plain file are the same.
10
11
Question 10:
Assume a person has two UNIX accounts and he/she uses the same password for
both accounts.
Explain why the stored password hashes of the two accounts are different?
Answer:
Since UNIX uses a random salt for each account to hash the password.
Thus two identical passwords will be hashed to two different values since the salt
is different.
11