Homework 5 - Answer Key - Digital Forensics | CS 498, Assignments of Computer Science

Material Type: Assignment; Class: Digital Forensics; Subject: Computer Science; University: University of Illinois - Urbana-Champaign; Term: Fall 2006;

Typology: Assignments

Pre 2010

Uploaded on 03/16/2009

koofers-user-dpo-2
koofers-user-dpo-2 🇺🇸

4

(1)

10 documents

1 / 3

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Information Assurance: Homework 5 – Answer key
Due October 13, 2006.
1. The strength of the RSA algorithm is based on the difficulty of factoring large prime
numbers. Assume you are given the factorization for the modulus of a public key (n
= p x q). Show now this breaks the RSA key pair.
If we know n = p*q, we can easily compute Φ(n) = (p-1)(q-1). The public key exponent e
is relatively prime to n and the private key exponent d is the inverse of e modulo Φ(n),
i.e., e*d mod Φ(n) = 1. If we know the toitent and e, we can compute d. Once we know d
the key pair is broken.
2. Suppose Alice and Bob have RSA public keys in a file on a server. They
communicate regularly using authenticated, confidential messages. Eve wants to read
the messages but is unable to crack the RSA private keys of Alice and Bob. However,
she is able to break into the server and alter the file containing Alice's and Bob's
public keys.
a. How should Eve alter that file so that she can read confidential messages sent
between Alice an Bob, and forge messages from either?
Assume Alice has a public key (eA, nA) and Bob has a public key (eB, nB) registered. Eve
could create two new key pairs (eEA, nEA) and (eEB, nEB) and register them for Alice and
Bob. Then if Eve can intercept all communication exchanged between Alice and Bob,
she can undo their computation and replace it with a signature/encryption using her
version of the key. E.g., suppose Bob sends a signed encrypted message to Alice
{m {h(m)}dB}eEA. Eve would intercept it, decrypt it using her version of Alice's private
key, recalculate the hash using her version of Bob's private key, and re-encrypt using her
version of Alice's public key to compute {m {h(m)}dEB}eA.
b. How might Alice and/or Bob detect Eve's subversion of the public keys?
If Eve fails to intercept a message the deception is found, because the messages destined
to Alice and Bob will not correctly decrypt, since Alice and Bob will use their real
private keys to decrypt rather than Eve's fake private keys.
Alternatively, Alice and Bob should periodically verify that the public key they have
posted on the key server is correct. They could also post a fingerprint of their public key
at a separate location (e.g. On their personal web site or at the end of emails) to
encourage people they communicate to validate what they receive from the certificate
server.
3. Thanks to the birthday paradox one can find collisions using the DES-MAC
cryptographic hash function in 232 messages. Alice wants to take advantage of that
fact to make it swindle Bob. She has two contracts. One that Bob is willing to sign
pf3

Partial preview of the text

Download Homework 5 - Answer Key - Digital Forensics | CS 498 and more Assignments Computer Science in PDF only on Docsity!

Information Assurance: Homework 5 – Answer key

Due October 13, 2006.

  1. The strength of the RSA algorithm is based on the difficulty of factoring large prime numbers. Assume you are given the factorization for the modulus of a public key (n = p x q). Show now this breaks the RSA key pair. If we know n = pq, we can easily compute Φ(n) = (p-1)(q-1). The public key exponent e is relatively prime to n and the private key exponent d is the inverse of e modulo Φ(n), i.e., ed mod Φ(n) = 1. If we know the toitent and e, we can compute d. Once we know d the key pair is broken.
  2. Suppose Alice and Bob have RSA public keys in a file on a server. They communicate regularly using authenticated, confidential messages. Eve wants to read the messages but is unable to crack the RSA private keys of Alice and Bob. However, she is able to break into the server and alter the file containing Alice's and Bob's public keys. a. How should Eve alter that file so that she can read confidential messages sent between Alice an Bob, and forge messages from either? Assume Alice has a public key (eA, nA) and Bob has a public key (eB, nB) registered. Eve could create two new key pairs (eEA, nEA) and (eEB, nEB) and register them for Alice and Bob. Then if Eve can intercept all communication exchanged between Alice and Bob, she can undo their computation and replace it with a signature/encryption using her version of the key. E.g., suppose Bob sends a signed encrypted message to Alice {m {h(m)}dB}eEA. Eve would intercept it, decrypt it using her version of Alice's private key, recalculate the hash using her version of Bob's private key, and re-encrypt using her version of Alice's public key to compute {m {h(m)}dEB}eA. b. How might Alice and/or Bob detect Eve's subversion of the public keys? If Eve fails to intercept a message the deception is found, because the messages destined to Alice and Bob will not correctly decrypt, since Alice and Bob will use their real private keys to decrypt rather than Eve's fake private keys. Alternatively, Alice and Bob should periodically verify that the public key they have posted on the key server is correct. They could also post a fingerprint of their public key at a separate location (e.g. On their personal web site or at the end of emails) to encourage people they communicate to validate what they receive from the certificate server.
  3. Thanks to the birthday paradox one can find collisions using the DES-MAC cryptographic hash function in 2^32 messages. Alice wants to take advantage of that fact to make it swindle Bob. She has two contracts. One that Bob is willing to sign

and another that Bob is not willing to sign. She needs to generate a version of each that has the same DES-MAC crypto hash. Suggest how she might do this. Hint: adding white space and combinations of characters with back spaces do not change the meaning of the contracts. Using DES-MAC with 64 bits, there are 2^64 possible hashes. Just using the pigeon hole principle, you are very likely to find a match for a particular hash after trying 2^64 different messages. But in this case, you can vary both the original contract M1 and your goal contract M2. In this case, you have the birthday paradox. You are not trying to match a particular hash value, rather given two groups, you want to find one member in each group that matches each other. If you compute hashes of 2^32 versions of M1 and 232 versions of M2, then you have a probability of around ½ that you have a match between the variants of M1 and the variants of m2.

  1. Work with Gnu Privacy Guard (GPG) or Pretty Good Privacy (PGP). They both implement the same protocols, but PGP uses proprietary encryption algorithms. You can access free trial versions of PGP from http://pgp.com. I have used the Windows version. You can access GPG from http://gnupg.org. I have used this on Linux and installed it via yum on my personal system. It may already be installed on the University Linux systems. Type “man gpg” to see. I will be evaluating your results on my Linux box using GPG. So if you use PGP, be sure to create a key using some combination of DSA and ElGamel (algorithms supported by GPG). Once you get your GPG/PGP system operational perform the following tasks: a. Create a key pair. b. Get your key signed by at least one other person. Submit an exported version of your signed public key. c. Encrypt a file using the instructor’s public key (at http://www.cs.uiuc.edu/class/fa06/cs498sh/hw5/skh-pubkey.asc with fingerprint 388E 7466 4DD3 390E 8F36 A535 474D 5DC9 4912 BF7E) and sign it with your key. Submit the signed and encrypted file. This one was pretty straight forward. Some people didn't submit a signed key and lost a few points on that. One thing I noticed is for a fair number of submissions I had to decrypt the encrypted file twice. I'm not sure why that would be the case. It could be that the first decrypt was just verifying a signature. The first decrypt was definitely not using my key. I would only be prompted for my pass phrase (thus accessing my private key) on the second decrypt.
  2. In the Otway-Rees protocol, both a session id (n) and nonces (rand 1 and rand 2 ) are used. Are both really needed? Would the protocol be equally resilient if only the session id or the nonces were used? Explain why or why not. Yes, both the session ID and the nonces are needed. Assume that we only had the session id. One problem is the first two message exchanges, we would be handing Eve a pair of known ciphertext/plaintext pairs which could potentially weaken kAlice and kBob.