Networking Chapter 8 Encryption And Decryption Using And Letter

Chapter 8 Review Questions

1. Confidentiality is the property that the original plaintext message can not be

determined by an attacker who intercepts the ciphertext-encryption of the original

plaintext message. Message integrity is the property that the receiver can detect

2. o routers; (iii) two DNS name servers.

3. One important difference between symmetric and public key systems is that in

symmetric key systems both the sender and receiver must know the same (secret) key.

4. In this case, a known plaintext attack is performed. If, somehow, the message

6. If each user wants to communicate with N other users, then each pair of users must

have a shared symmetric key. There are N*(N-1)/2 such pairs and thus there are

7. a mod n = 23 , b mod n = 4. So (a*b) mod n = 23*4=92

9. One requirement of a message digest is that given a message M, it is very difficult to

find another message M that has the same message digest and, as a corollary, that

10. No. This is because a hash function is a one-way function. That is, given any hash

11. This is scheme is clearly flawed. Trudy, an attacker, can first sniff the communication

12. Suppose Bob sends an encrypted document to Alice. To be verifiable, Alice must be

able to convince herself that Bob sent the encrypted document. To be non-forgeable,

Alice must be able to convince herself that only Bob could have sent the encrypted

document (e.g.,, no one else could have guessed a key and encrypted/sent the

13. A public- need only encrypt (using

14. This is false. To create the certificate, certifier.com would include a digital signature,

15. For a MAC-based scheme, Alice would have to establish a shared key with each

17. Once in a lifetimes means that the entity sending the nonce will never again use that

18. In a man-in-the-middle attack, the attacker puts himself between Alice and Bob,

20. False. SSL uses implicit sequence numbers.

22. True. The IV is always sent in the clear. In SSL, it is sent during the SSL handshake.

23. After the client will generate a pre-

public key, and then send the encrypted PMS to Trudy. Trudy will not be able to

25. False. IPsec will increment the sequence number for every packet it sends.

27. 01011100

28. True

32.

33. True

Chapter 8 Problems

Problem 1

The

Problem 2

know the ciphertext for b,o,a,l,i,c,e

Problem 3

er has both

Problem 4

a) The output is equal to 00000101 repeated eight times.

Problem 5

a) There are 8 tables. Each table has 28 entries. Each entry has 8 bits.

Problem 6

a) 100100100 ==> 011011011

b) Trudy will know the three block plaintexts are the same.

Problem 7

a) We are given

3

p

and

.

11

q

We thus have

33

n

and

.

11

q

Choose

9

e

(it

might be a good idea to give students a hint that 9 is a good value to choose, since the

resulting calculations are less likely to run into numerical stability problems than

We first consider each letter as a 5-bit number: 00100, 01111, 00111. Now we

concatenate each letter to get 001000111100111 and encrypt the resulting decimal

number m=4583. The concatenated decimal number m (= 4583) is larger than current

n (= 33). We need m < n. So we use p = 43, q = 107, n = p*q = 4601, z = (p-1)(q-1)

= 4452. e = 61, d = 73

c**d

= 1283813313619771634195712132539793287643533147482536209328405262793

027158861012392053287249633570967493122280221453815012934241370540204

5814598714979387232141014703227794586499817945633390592

Problem 8

p = 5, q = 11

Problem 9

Alice Bob

secrect key: SA SB

public key: TA = (g^SA) mod p TB = (g^SB) mod p

shared key: S = (TB^SA) mod p S’ = (TA^SB ) mod p

a) S = (TB^SA ) mod p = ((g^SB mod p)^SA ) mod p = (g^(SBSA )) mod p

d)

The Diffie-Hellman public key encryption algorithm is possible to be attacked by man-in-

the-middle.

1. In this attack, Trudy receives Alice’s public value (TA) and sends her own public

TA

TT

Alice

Trudy Bob

Problem 10

Problem 11

The message

I O U 1

Problem 12

Internet

Decription

algorithm

S2

(m,h) m

S1

Compare

(m,h)

m+encription

algorithm

KS2 (m,h) KS2 (m,h)

H(.)

KA-KDC{A,B}

Alice

KDC

Bob

Problem 13

The file is broken into blocks of equal size. For each block, calculate the hash (for

Problem 14

Digital signatures require an underlying Public Key Infrastructure (PKI) with certification

Problem 15

Bob does not know if he is talking to Trudy or Alice initially. Bob and Alice share a

secret key KA-B that is unknown to Trudy. Trudy wants Bob to authenticate her (Trudy)

as Alice. Trudy is going to have Bob authenticate himself, and waits for Bob to start:

1. Bob-to-

authentication of himself to the other side then stops for a few steps.

2. Trudy-to- Commentary: Trudy starts to authenticate herself as

Alice

Problem 16

This wouldn’t really solve the problem. Just as Bob thinks (incorrectly) that he is

Problem 17

Problem 18

a) No, without a public-private key pair or a pre-shared secret, Bob cannot verify that

Problem 19

a) Client

Problem 20

Again we suppose that SSL does not provide sequence numbers. Suppose that Trudy, a

woman-in-the-

Problem 21

KS(m,KA–(H(m))

KB+( KS), KS(m,KA–(H(m)))

KS( )

–

KA+( )

Internet

Problem 22

a) F

Problem 23

If Trudy does not bother to change the sequence number, R2 will detect the duplicate

Problem 24

a) Since IV = 11,

b) The receiver extracts the IV (11) and generates the key stream 111110100000

c) Since the ICV is calculated as the XOR of first 4 bits of message with last 4 bits of

Problem 25

Filter Table:

Action Source

Address

Dest

address Protocol Source

port

Dest

port

Flag

bit

Check

connection

allow 222.22/16 outside of

222.22/16 TCP > 1023 23 any

Connection Table:

Source

address

Dest

address

Source

port

Dest

port

222.22.1.7 37.96.87.123 12699 23

Problem 26

a)

b)

c)

K1+(S1)

Alice

Proxy1

S1( K2+(S2))

Alice

Proxy1 Proxy2

K2+(S2)

S1(S2(req))

Alice

Proxy1

Proxy2

S2(req)

Activist.com