UNIVERSITY OF LONDON FOR EXTERNAL AND INTERNAL STUDENTS (WESTERN ZONE) BSc EXAMINATION 2004 Computing and Information Systems Computer Science CIS326 Computer Security Date: June 2004 Duration: 2 hours 15 minutes Answer all questions in section A (48 marks) and two questions (26 marks each) from section B. Electronic calculators may be used. The make and model should be specified on the script. The calculator must not be programmed prior to the examination. Calculators which display graphics, text or algebraic equations are not allowed. This examination paper must not be removed from the examination room CIS326 Western and Internal Version 1 Section A You must answer all 8 questions in this section. There are 6 marks for each question 1. 2. Three aspects of security are prevention, detection and reaction. Write a paragraph explaining why methods used for the prevention of, detection of and reaction to, theft of physical property, may not be appropriate when the crime involves the theft of digital information. [6] a) A password system is used to provide authentication and access control. Define the terms: i. Authentication ii. Access Control [1] b) What does it mean to say that an attacker performs: i. An intelligent search for a user’s password? ii. A dictionary search for a user’s password? iii. An exhaustive search for a user’s password? [2] c) For each type of attack listed in part b) give an example of a situation when this type of attack would be the most likely to succeed. [3] 3. 4. A password system requires that the user chooses a password which comprises 3 lower case letters (any of a...z) followed by 3 digits (any of 0..9). a) How many different possible passwords are there? [2] b) A hacker has an automated program that can try 10,000 passwords per minute. On average, how long would it take the hacker to find a particular user’s password? Give your answer to the nearest hour. [3] c) It is decided to make the password more secure by adding another digit onto the end so that a password now comprises 3 letters followed by 4 digits. If the hacker can still test 10,000 passwords per minute, how long will it take him to find the users password now? [1] a) In a public key cryptosystem, you do not need to keep the encryption key secret. Why is it essential to keep the encryption key secret in a symmetric key cryptosystem? [1] b) In a symmetric cryptosystem, what do the terms blocksize and keyspace mean? [2] c) Why would a symmetric cryptosystem be insecure if the blocksize is not large enough? [1] d) Triple DES and Rijndael are two widely used symmetric key cryptosystems. State one advantage and one disadvantage of Rijndael when compared to Triple DES. [2] CIS326 Western and Internal Version 2 5. 6. a) Explain why the efficiency of certain algorithms, such as factorization and exponentiation, are of paramount importance when studying cryptographic protocols. [2] b) Give an example of a cryptographic application when it is desirable to use an inefficient algorithm. [1] c) A particular implementation takes 8s to perform a multiplication of two numbers of size 100. Showing your working, calculate how long it will take to perform a multiplication of two numbers of size 50 using the same implementation. [3] a) State the discrete logarithm problem. [2] b) Describe the key generation process for the El Gamel public key cryptosystem. [4] 7. 8. PGP combines public and symmetric key cryptography to provide confidentiality as follows: 1. Alice creates a message m 2. Alice generates a random session key k 3. Alice encrypts the session key using Bob’s public key and public key cryptosystem to obtain k’ 4. Alice encrypts the message m using a symmetric cryptosystem with session key k to obtain ciphertext c 5. Alice sends Bob the values of k’ and c. a) List the steps that Bob must take to recover the message m. [4] b) Why does PGP use both public and symmetric key cryptography and not just one or the other? [2] a) What is the purpose of a key escrow protocol? [1] b) What does it mean to say that a key escrow protocol is “t of n” ? [1] c) Describe how keys can be generated for a 3 of 3 key escrow protocol. [2] d) In a 2 of 2 key escrow scheme, the two keyholders have keys X = 10011101 and Y = 11011000 respectively. What is the value of the key K which has been divided into the two pieces X and Y?. [1] e) Why might an “n of n” key escrow protocol not be practical in some situations? [1] End of Section A CIS326 Western and Internal Version 3 Section B Answer two questions from this section. There are 26 marks for each question. 1. a) In a University department, there is an administrator (Mrs A), three lecturers (Dr B, Dr C and Dr E)) and a Head of Department (Prof H). Three documents concerning the department are salary.doc, timetable.doc and marks.doc. The Head of Department has permission to read all of the documents and has write access to salary.doc. The administrator has read and write access to timetable.doc and read access to salary.doc. The lecturers each have read access to timetable.doc and write and read access to marks.doc. Information regarding the permissions each staff member has regarding the documents is to be stored in an access control table indexed by subjects and objects. i. List the subjects, objects and operations, which will be used in the access control table. [3] ii. Explain how you could use a group to simplify the access control table. [1] iii. Represent the information given as an access control table. [4] b) A protection ring is a particular example of access control. When is it appropriate to use a protection ring model? [1] c) In a secret society, documents are classified as top-secret, secret, confidential or unclassified. Draw a protection ring to illustrate these security levels. [2] d) Explain how a graph can be used to represent security levels. [4] e) Draw a graph to represent the security levels of the protection ring model discussed in part b). [2] f) In an organization, documents are either unclassified (U) or confidential (C) or secret (S), with an ordering given by U<C<S A staff member can work for the national group {n} or the international {i} group, or for both groups {n,i}. Security levels are represented by a pair (X,Y) where X is one of U,C or S and Y is one of the sets {n}, {i} or {n,i}. A security level (X1, Y1) dominates another (X2, Y2) if X2 <= X1 and Y2 is a subset of Y1 i. How many security levels are there? [1] ii. Draw a graph of the security levels. [4] iii. Which security levels are dominated by (C,{n,i}) and (S,{i})? [2] iv. State with justification whether or not the graph is a lattice. [2] CIS326 Western and Internal Version 4 2. 3. 4. a) Describe the Diffie-Hellman Key Exchange protocol giving a justification for the security of the protocol. [4] b) Alice and Bob wish to exchange a session key using the Diffie Hellman key exchange protocol. They have agreed to use prime modulus p = 19 and generator g = 2. Alice chooses secret number a = 5 and Bob chooses secret number b = 8. What is the value of the session key that they generate? [4] c) Describe how cryptanalyst Charles could perform a man-in-the-middle attack and trick Alice and Bob into exchanging keys with himself instead of each other. Illustrate your answer assuming that Charles is using the secret number c = 3. [10] d) Name and describe a key exchange protocol, which does not rely on public key cryptography but uses instead a trusted third party or server. [8] a) Describe the RSA (Rivest Shamir and Adelman) public key cryptosystem. Your answer should include i. The generation of public and private keys ii. The encryption algorithm iii. The decryption algorithm iv. The basis for the security of RSA [12] b) Bob has public RSA key (n = 77, e = 7) Show that Bob’s private key is (d = 43) [5] c) Alice wants to send the message m = 13 to Bob. She encrypts the message using Bob’s public key. What is the value of the ciphertext that Alice sends to Bob? [3] d) David has also sent an encrypted message to Bob. The ciphertext value that Bob receives from David is 17. Showing all your working, use Bobs key to decrypt this ciphertext and recover the value of David’s message. [6] a) Name four essential properties for a cryptographic hash function, explaining for each why it is essential. [6] b) Give a brief overview of the Secure Hash Algorithm SHA-1. [4] c) How certain are we that SHA-1 has the 4 required properties of a cryptographic hash function? [1] d) Alice and Bob are using a public key cryptosystem and both have their own public and private key pairs. Describe how they can use the public key system in conjunction with SHA-1 to produce and verify digital signatures. [8] e) A cryptanalyst Charles wants to send Bob a false message purporting to be from Alice. How can Charles use his own RSA keys to try and trick Bob? [6] f) What could Alice and Bob do to prevent this type of attack? [1] End of Section B CIS326 Western and Internal Version 5