CSE 2500 Computer Security and Privacy Tutorial Sheet 06 Q1) Given a modular exponentiation algorithm for n-bit integers that needs about n3 operations, how much does performance deteriorate by moving from 512-bit to 1024-bit RSA? We are given that performance, measured in operations, for an n-bit cryptosystem is given by n3. We are asked what the deterioration of performance is when moving from 512-bit RSA to 1024-bit RSA. First we need to find the performance of 512-bit RSA. 5123 = 134,217,728 operations For 1024-bit performance is 10243 = 1, 073,741,824 operations Finally we need to find the difference in operations and measure the percentage of the original by that difference. 1073741824-134217728 = 939524096/123217728 = 7 700% increase in the amount of operations. Q2) Consider a block cipher algorithm with the following properties: - input and output block length of 64 bits and the key size is 56 bits - Given a key K, the key scheduling requires 2 microseconds (2 x 10 -6 secs) - After the key scheduling produces all the sub-keys (if required), the encryption of a single block of 64 bits block takes 0.5 microseconds. Compute the following information: - The total time required (of course in microseconds) to encrypt 1MBytes (2 20 bytes) of data. - Given 2 values C and M such that C = EK(M) under the unknown key value K, how many years (at most) are required to crack the cipher on a single computer. First we need to find the number of 64-bit blocks in 1MByte of data as # of bits in 1MB = 220 bytes * 8 bits/byte = 8,388,608 Number of data blocks = 8,388,608 / 64 bits = 131,072 blocks. It is now simply a matter of recognizing that the key K will be scheduled only once for this encryption, and that we need to encrypt 131,072 blocks of data. Time= 2 microseconds + 131,072 * 0.5 microseconds = 65538 microseconds The second part seeks the amount of time, at most, it would take to crack the cipher given ciphertext C and the related plaintext M. In order to do this, it is necessary to search the entire key space. Because a key is 56 bits long, the key space is then 256 = 72,057,594,037,927,936 Prob03.ans 1 of 4 Now we know how many keys we need to try before we find the right one, we must recognize that we only need to test a single block of data. Then each trail requires key scheduling plus the time to encrypt/decrypt (depending on which one you choose). Thus, the equation becomes (256 (2 microseconds + 0.5 microseconds )) * 0.000001 secs ~= 1.8x 1011 secs Translate this value into years ~= 2,084,999 days ~=5712 years!! Q3) Consider the following scheme of encryption and decryption scheme: - Let P be a data block of arbitrary length. - EK(P) and DK(P) represent the secret key encryption and decryption algorithms of a secret key cryptosystems (such as DES) where K is the secret key. - PEU (P) and PDV(P) represent the public-key encryption and decryption algorithms of a public-key cryptosystem (such as RSA), where U is the public key and V is the private key of the user. - Let X and Y be the public and private key of Srini in the above public-key cryptosystem. Consider the following sequence of operations (and explain what are they in English) C = EK(P) destroy P D = PEU (K) E = PEX (K) destroy K F = C || D || E The first operation encrypts the data block P with a secret key K. The original file is destroyed and the key K is encrypted with the public key of the user and then with the public key of Srini. Encrypting the key with Sini’s public key servers as a mechanism for key recovery. At this point, the key K is also destroyed. - Is it possible to obtain P from F knowing V? If so how? K = PDV (D) P = DK(C) - Is it possible to obtain P from F knowing Y? if so how? K = PDY(E) P = DK(C) Prob03.ans 2 of 4 - Is it possible to obtain V if we know Y? If so how? It is not possible to obtain V if we know Y. V and Y are the private keys of the user and Srini respectively, but have no relation to each other mathematically other than theya re being used for the same public-key cryptosystem. - Is it possible to obtain P from F if we lose V? If so how? We can leverage the key-escrow agent (what is this?) – the Srini’s private key to decrypt the file as in second sub-question. - Is it possible to obtain P from F if we lose Y? If so how? We can still use the user’s private key as in first sub-question. - Is it possible to obtain P from F if we lose both V and Y? If so how? It is impossible short of a brute force attack on the cipertext C. Even then the task is difficult because it is not a known plain text attack, so how will you know which decryption is the correct one? Q4) Consider a password system which uses all the 102 printable characters of the English (or American) key board and the password is of 8 characters long. - How many distinct passwords are possible under the above scheme? (give the numbers approximately as a.b x 10 c). - If the password scheme is limited to 26 lowercase English alphabets only (still password length remains as 8 characters), how many passwords will there be? - If the password length is limited to 6 characters (still the number of characters is 102), how many passwords will there be? Let a be the number of possible characters to choose from, and n be the length of the password. Then the number of passwords of length n with character set is given by an How many passwords are there? = 1028 ~= 1.17 x 1016 If the password scheme is limited to 26 lowercase letters, the number of passwords are = 268 ~= 2.09 x 1011 If the password length is limited to 6 characters, the number of passwords is 1026 ~= 1.12 x 1012 Q5) Assume that passwords have length six and all alphanumerical characters, upper and lower case, can be used in their construction. How long will a brute force attack take on average if: - it takes one tenth of a second to check a password? - it takes a microsecond to check a password? The number of passwords is 626 = 56,800,235,584 (62 = 26 lower case alpha+26 uppercase alpha + 10 numerals) However it is important to note that the problem asks how long it will take to find a given password on average which implies that we need not search through the entire space, but that we have to search through only of that space (on average). Thus the entire password space to search is Prob03.ans 3 of 4 56,800,235,584 /2 = 28,400,117,792 Time to check = 0.1 sec 0.1 * 28,400,117,792 ~= 90 years Time to check = 1 microsec 0.000001 * 28,400,117,792 ~=7.9 hours. Q6) Passwords are entered by users and checked by computers. Thus, there has to be some communications channel between user and computer. So far we have taken a very abstract view of this channel and assumed that it exists and that it is adequately secure. When this assumption is justified? When it is not justified? There are very few times when the transmission can be considered secure. The line is secure when it is serving a user logging into a machine locally, e.g., a keyboard cable running to a desktop machine. The line is secure if it is on an internal LAN that only you have access to, or that a very few (assumed trusted) individuals have access to. A line should never be considered secure if it is somehow connected to the internet (even if is behind a firewall). In short, a line should never be considered secure unless you can see it from origin to destination. Prob03.ans 4 of 4