CS 772/872 Network and Systems Security Spring 2003 Final Exam Time 2 & 1/2 hours Open Book & Notes Total points: 100, each question is 5 points. Please be brief and try not to exceed the space allocated for each answer. 1) Given a public key <e,n>, where e=3 and n=10. Assuming that p=2, what is the value d of the private key <d,n>? Explain the details of how you determined the value of d. Since n=p.q, 10=2.q , q=5. Phi(n)=(p-1)(p1-)=1.4=4 e.d=1 mod 4 Thus d is the multiplicative inverse of e mod 4 using Euclide's Algorithm which produces d=7. 2) Assume that someone like to encrypt 8, what is the corresponding cipher value? 8e mod 10=83 mod 10 = 8.8.8 mod 10 = 64.8mod 10 = 4.8 mod 10 = 32 mod 10 = 2. 1 3) Assume that someone like to sign the value x=7, what is the corresponding signed value? 7d mod 10=77 mod 10= 72)7)2)7= 9.7)2)7= 3)2)7= 9)7= 3 4) Calculate the value of 857 mod 100 without using a calculator. 57 = 1 1 1 0 0 1 82)8)2)8)2) 2) 2)8 = 64) 8)2)8)2) 2) 2)8= 12)2)8)2) 2) 2)8= 44)8)2) 2) 2)8= 52)2) 2) 2)8= 4) 2) 2)8= 16) 2)8= 56)8= 48 2 5) Consider Diffie-Hellman with p=7 and g=5. Assume Alice picket 2 as her random number while Bob picked 3 as his random number. What is the value of the shared secret between Alice and Bob following the Diffie-Hellman message exchange? p=7, g=5, SA=2, SB=3 TA=gSA mod p = 52 mod 7 = 25 mod 7 = 4 TB=gSB mod p = 53 mod 7 = 125 mod 7 = 6 X = TB SA mod p = 62 mod 7 = 36 mod 7 =1 Y = TA SB mod p = 43 mod 7 = 64 mod 7 =1 Thus the shared secret X=Y=1. 3 6) Consider the Zero Knowledge Proof Systems example using the Graph Isomorphism problem. Explain why Alice is foolish to choose the following two graphs as her public key: She is foolish since this graph is very small that everyone can figure our her private key which is the mapping between the two graphs. For this example, the maming is: A maps to f B maps to g C maps to h D maps to i E maps to j 4 7) The following are the listings of certificate request and a signed certificate. Explain why in both listings the public keys are the same while the signatures are different? In the certificate request, this is the public key of the requester “Kelvin Edwards” and the signature is his signature on the MD of the request to enable the CA “Dr. wahab” to verify that indeed its Kelvin’s public key since he is the only one who knows Kelvin’s private key. In the signed certificate the CA certify that the public Key is Kelvin’s public key and the signature is the CA’s signature. Therefore, the public key in both is Kelvin’s public key while the signature in the certificate request is Kelvin’s signature and the signature in the signed certificate is Dr. wahab’s signature. This explains why the public keys are the same while the signatures are different. 8) In sending signed-encrypted mail using openssl SMIME, explain why the sender should have access to: 1. The sender’s private key and certificate 2. The recipient’s certificate. To sign the mail he computes the MD of the message and sign it using his private key. He sends his certificate with the mail to enable the receiver to verify his signature. To encrypt the mail, the sender generates symmetric key to encrypt the message and uses the recipient’s certificate to obtain the public key to encrypt the symmetric key. The encrypted symmetric key is send along with the encrypted signed message. 5 9) Figure I-A shows n clients connected with the Chat Server using TCP connections. The Chat Server distributes any message typed by any client to the other n-1 clients. Since TCP connections are not secured this architecture is not suitable for secure chatting. In order to secure this chat application, some programmer suggests using SSL to connect the n clients to the server as shown in Figure I-B. What do you think about this suggestion? It is very inefficient since any message typed by one person has to be decryptedand then encrypted individually to each of the n-1 participants. A better way is to generate one common symmetric key and each use that key for encrypting/decrypting the chat messages. The key may be changed when some one leaves in order to prevent him from continuing to decrypt the chat messages. 10) Figure J-A shows n clients connected with the Echo Server using TCP connections. The Echo Server reflects back any message typed by any client to only that client. Since TCP connections are not secured this architecture is not suitable for secure echoing. In order to secure this echo application, some programmer suggests using SSL to connect the n clients to the server as shown in Figure J-B. What do you think about this suggestion? This is OK, since there is only one decryption/encryption for each message received by the Server. We can even avoid this by letting the server receive the message from the socket (not the ssl socket) and send back as it is to the same socket with decryption/encryption. 11) Compare the advantage and disadvantage of storing user passwords: i. Encrypted using the server password. Advantage: user does not have to send his password in the clear Disadvantage: compromising the server password will compromise all users passwords. ii. As message digests. Disadvantage: users have to send their password in the clear. Advantage: difficult to break all user passwords, dictionary attack can only break some of the users passwords. 6 12) In general, we assume that it is easier to impersonate the source IP address of a request than to divert the reply to reach the impersonator. Describe one technique that can be used for such packet diversion. Trudy may use source routing to achieve that by sending a message with source route: <Alice, Trudy, Dist> and Dist will reply with source route: <Dist, Trudy, Alice> Thus Trudy can get the reply! 13) Describe how to establish a session key between Alice and Bob using: i. Public key cryptography. Alice picks a random number R, send R encrypted with Bob public key, only Bob can decrypt R. ii. Secret key cryptography. Alice picks a random number R, send R to Bob using the shared secret key between Alice and Bob. 7 14) Assume a server has a password file containing the hash of 3000 user passwords. Assuming that a person has access to dictionary containing 50,000 possible passwords, how many hash operations are required to perform a dictionary attack on such password file if: i. The server is not using a salt. The size of dictionary: 50,000. ii. The server is using a salt. The size of dictionary times the size of the password file: 50,000x3,000= 150 millions. 15) Consider the following mutual authentication protocol, where At is Alice timestamp. Alice Bob I'm Alice, f(K, At) > < f(K, At++) Assume Bob message is replaced as follows, where Bt is his timestamp. < f(K, Bt++) What are the possible pitfalls of this replacement? Any one can impersonate Bob by reflecting the message from Alice. If Alice check that At <> Bt and is within the allowable skew then she can authenticate Bob. Hover, what there is a chance that Bob time is stamp is skewed such that his Bt=At, in such case Alice will reject him thought he is honest. 8 16) How to find out that if a given host is running https? Use telnet to see if you can connect to port 443, e.g.: > telnet localhost 443 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused > telnet www 443 Trying 128.82.4.2... Connected to xenon.cs.odu.edu. Escape character is '^]'. 17) Consider the following PEM message. Assume Bob like to forward this message to Wahab. Describe how Bob can do so without re-encryption the message. Bob gets the symmetric key from: Key-Info: RSA, <encoded message key encrypted with Bob public key> Using his private key. Then re-encrypt the key using Wahab’s public key. 18) Briefly describe three differences between Kerberos V4 and V5. V5 allows: delegation, ticket lifetime is variable and uses real MD algorithms. 9 19) From the application programmer’s view-point, which protocol is easier to use to secure the application: SSL or Ipsec. Explain. Ipec. Since the application interacts with the TCP or UDP and not with Ipsec directly. 20) The following is the basic IKE protocol. Describe how can we reduce the number of messages from 6 to 4? You may combine message 1,3 and 2,5 10