Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Chapter 8 Review Questions
1. Confidentiality is the property that the original plaintext message can not be
determined by an attacker who intercepts the ciphertext-encryption of the original
plaintext message. Message integrity is the property that the receiver can detect
2. User’s laptop and a web server; (ii) two routers; (iii) two DNS name servers.
3. One important difference between symmetric and public key systems is that in
symmetric key systems both the sender and receiver must know the same (secret) key.
4. In this case, a known plaintext attack is performed. If, somehow, the message
6. If each user wants to communicate with N other users, then each pair of users must
have a shared symmetric key. There are N*(N-1)/2 such pairs and thus there are
7. a mod n = 23 , b mod n = 4. So (a*b) mod n = 23*4=92
9. One requirement of a message digest is that given a message M, it is very difficult to
find another message M’ that has the same message digest and, as a corollary, that
10. No. This is because a hash function is a one-way function. That is, given any hash
11. This is scheme is clearly flawed. Trudy, an attacker, can first sniff the communication
12. Suppose Bob sends an encrypted document to Alice. To be verifiable, Alice must be
able to convince herself that Bob sent the encrypted document. To be non-forgeable,
Alice must be able to convince herself that only Bob could have sent the encrypted
document (e.g.,, no one else could have guessed a key and encrypted/sent the
13. A public-key signed message digest is “better” in that one need only encrypt (using
14. This is false. To create the certificate, certifier.com would include a digital signature,
15. For a MAC-based scheme, Alice would have to establish a shared key with each
16. The purpose of the nonce is to defend against the replay attack.
18. In a man-in-the-middle attack, the attacker puts himself between Alice and Bob,
19. Alice provides a digital signature, from which Bob can verify that message came
from Alice. PGP uses digital signatures, not MACs, for message integrity.
21. The purpose of the random nonces in the handshake is to defend against the
connection replay attack.
23. After the client will generate a pre-master secret (PMS), it will encrypt it with Alice’s
public key, and then send the encrypted PMS to Trudy. Trudy will not be able to
24. False. Typically an IPsec SA is first established between Host A and Host B. Then all
packets in the stream use the SA.
26. False. An IKE SA is used to establish one or more IPsec SAs.
28. True
30. True
32. If there isn’t a packet filter, than users inside the institution’s network will still be
33. True
Chapter 8 Problems
Problem 1
Problem 2
If Trudy knew that the words “bob” and “alice” appeared in the text, then she would
Problem 3
Every letter in the alphabet appears in the phrase “The quick fox jumps over the lazy
Problem 4
a) The output is equal to 00000101 repeated eight times.
Problem 5
Problem 6
c(1) = KS(100 XOR 111) = KS (011) = 100
c(1) = KS(100 XOR 110) = KS (010) = 101
Problem 7
other choices for
.e
) since 3 and
20)1(*)1( qp
have no common factors.
Choose
9 d
also so that
81* de
and thus
801* de
is exactly divisible by
letter m m**e ciphertext = m**e mod 33
d 4 262144 25
o 15 38443359375 3
g 7 40353607 19
ciphertext c**d m = c**d mod n letter
25 38146972265625 4 d
3 19683 15 o
19 322687697779 7 g
ciphertext = m**e mod 4601
m**e= 21386577601828057804089602156530567188611499869029788733808438
c**d
= 1283813313619771634195712132539793287643533147482536209328405262793
027158861012392053287249633570967493122280221453815012934241370540204
Problem 8
p = 5, q = 11
Problem 9
Alice Bob
secrect key: SA S
B
public key: TA = (g^SA) mod p TB = (g^SB) mod p
shared key: S = (TB^SA) mod p S' = (TA^SB ) mod p
(b and c) p = 11, g = 2
Alice Bob
d)
The Diffie-Hellman public key encryption algorithm is possible to be attacked by man-in-
the-middle.
2. When Bob transmits his public value (TB), Trudy sends her public key to Alice (TT).
T
A
TT
Alice
Trudy
Bob
Problem 10
Problem 11
The message
Problem 12
S2
S1
K
A-KDC
{A,B}
Alice
KDC
Bob
Problem 13
The file is broken into blocks of equal size. For each block, calculate the hash (for
Problem 14
Problem 15
Bob does not know if he is talking to Trudy or Alice initially. Bob and Alice share a
secret key KA-B that is unknown to Trudy. Trudy wants Bob to authenticate her (Trudy)
as Alice. Trudy is going to have Bob authenticate himself, and waits for Bob to start:
2. Trudy-to-Bob: “I am Alice” Commentary: Trudy starts to authenticate herself as
Alice
4. Trudy-to-Bob: “R” Commentary: Trudy responds to step 1 now continuing Bob’s
5. Bob-to-Trudy: “KA-B(R)” Bob completes his own authentication of himself to the
6. Trudy-to-Bob: “KA-B(R)” Trudy completes her authentication, responding to the R
Problem 16
This wouldn't really solve the problem. Just as Bob thinks (incorrectly) that he is
Problem 17
Figure: Operations performed by Bob for confidentiality, integrity, and
authentication
Problem 18
a) No, without a public-private key pair or a pre-shared secret, Bob cannot verify that
Problem 19
a) Client
Problem 20
Again we suppose that SSL does not provide sequence numbers. Suppose that Trudy, a
Problem 21
No, the bogus packet will fail the integrity check (which uses a shared MAC key).
K
S
(m,K
A
-(H(m))
KB+( KS), KS(m,KA-(H(m)))
K
S
( )
-
K
A
+( )
compare
Problem 22
a) F
Problem 23
Problem 24
a) Since IV = 11, the key stream is 111110100000 ……….
Given, m = 10100000
Hence, ICV = 1010 XOR 0000 = 1010
The three fields will be:
1010 XOR 0000 = 1010 (which equals the recovered ICV)
c) Since the ICV is calculated as the XOR of first 4 bits of message with last 4 bits of
message, either the 1st bit or the 5th bit of the message has to be flipped for the
received packet to pass the ICV check.
d) For part (a), the encrypted message was 01011010
Problem 25
Filter Table:
Action
Source
Address
Dest
address
Protocol
Source
port
Dest
port
Flag
bit
Check
connection
allow
222.22/16
outside of
222.22/16
TCP
> 1023
23
any
outside of
222.22/16
x
222.22/16
outside of
222.22/16
deny
All
all
all
all
all
All
222.22.1.7
37.96.87.123
12699
23
222.22.93.2
Problem 26
a)
K
1
+(S
1
)
Alice
Proxy1
