









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Midterm Examination Answers: Semester 2/2009. Course Title ... e) Can the modified Vigenere cipher in this question be used as a one-time pad. If yes, then.
Typology: Study notes
1 / 16
This page cannot be seen from the preview
Don't miss anything!










Name …....................................................ID …................................ Section …........Seat No..........
Midterm Examination Answers: Semester 2/ Course Title : CSS322 Security and Cryptography Instructor : Dr Steven Gordon Date/Time : Monday 21 December 2009, 13:30 to 16: Instructions:
Questions [100 marks] Question 1 [11 marks] a) Given the ciphertext and key below, find the plaintext if the Playfair cipher was used. x is the special character used for padding and i and j are treated as the same character. [4 marks] C = eiioqoyldc K = security P = ______________________ (write your final answer here; show your calculations below) Answer With K = security the Playfair matrix is: s e c u r i/j t y a b d f g h k l m n o p q v w x z Considering the ciphertext C, find the pairs of input plaintext: C = ei io qo yl dc P = st al xl in gs P = stalxlings As there are two l 's separated by an x , remove the special padding character x to get the original plaintext: P = stallings b) The following ciphertext was obtained by encrypting the original plaintext P with a Rows/Column Transposition cipher using a key K. No padding was necessary. What is the original plaintext and key K? (Hint: the 5th^ character of the plaintext is y ; Note: this question may take you a long time – complete other questions before attempting a brute force attack) [7 marks] C = r a a y e m x n p w y a a e r e m d p y r s h n a K = ____________________ P = _____________________________________________________ (write your final answers above; show calculations below) Answer There are 25 characters. Since no padding is used that means the 25 characters must evenly be divided across the columns. The practical option is only: 5 rows by 5 columns. Hence write every 5 characters in a column.
Question 2 [14 marks] Consider a modified Vigenere cipher where the set of characters are the hexadecimal digits (instead of letters from the English alphabet). a) If Pi is the i th digit of the plaintext, Ci is the i th digit of the ciphertext, and Ki is the i th digit of the key, write equations for the encryption and decryption operations: [4 marks] E( Pi , Ki ) = Ci = _________________________________________ D( Ci , Ki ) = Pi = _________________________________________ Answer E( Pi , Ki ) = Ci = ( Pi + Ki ) mod 16 D( Ci , Ki ) = Pi = ( Ci - Ki ) mod 16 b) For P = 3AE60A3 and keyword = 17E, what is C? [3 marks] C = ___ ___ ___ ___ ___ ___ ___ (write final answer here; show calculations below) Answer P 3 A E 6 0 A 3 K 1 7 E 1 7 E 1 C 4 1 C 7 7 8 4 c) A polyalphabetic cipher such as the above Vigenere is stronger against letter frequency analysis when compared to a monoalphabetic cipher like Caesar. Explain why (hint: the answer in part (b) may help). [2 marks] Answer With a monoalphabetic cipher the same input plaintext character will always encrypt to the same ciphertext letter. Hence it is easy to count the frequencies of letters in the ciphertext and determine the mapping from the expected frequency of letters in the plaintext. With a polyalphabetic cipher the same input plaintext letter often will not encrypt to the same ciphertext letter. For example, above A encrypts to 1 and 8, because the key changes. d) Despite being stronger than monoalphabetic ciphers, the Vigenere cipher is still subject to letter frequency attacks. Explain why (hint: the answer in part (b) may help). [2 marks] Answer With long plaintext and short keys, repetitions in the key may lead to occurrences of the same input plaintext character encrypting to the same ciphertext letter. For example, above 3 maps to 4 and because the the short, repeated key, 3 maps to 4 again at the end. This pattern can be exploited for letter/diagram frequency analysis.
e) Can the modified Vigenere cipher in this question be used as a one-time pad. If yes, then explain how. If no, then explain why not. [3 marks] Answer Yes. The key must be the same length as the input plaintext. The key must be random. The key must be changed for each encryption.
Question 4 [12 marks] In all parts of this question assume an attacker can identify the correct plaintext when performing attacks. Consider a block cipher B with n -bit plaintext input and a k -bit key. Assume an encrypt operation takes 1μs and a decrypt operation takes 1μs. a) In the worst case, how many microseconds (μs) will it take an attacker to find the plaintext/key if a brute force attack is applied on cipher B? [2 marks] Answer 2 k^ μs Consider a block cipher, Double-B , which involves applying the block cipher B two times (e.g. encrypt the plaintext to obtain a temporary value, then encrypt the temporary value to obtain the ciphertext), each time using a potentially different k -bit key. b) In the worst case, how many microseconds (μs) will it take an attacker to find the plaintext/key if a brute force attack is applied on cipher Double-B? [2 marks] Answer 2 2k^ μs c) If the attacker applied a meet-in-the-middle attack on Double-B , what is the approximate time it takes to find the plaintext/key? [2 marks] Answer 2 k+1^ μs d) Show how the meet-in-the-middle attack works by applying it against Double-A , where cipher A is given in Question 3. Use the attack to find the key used if the attacker already knows the (plaintext, ciphertext) pairs: (1110, 0111) (0100, 1101) Explain clearly the steps applied by the attacker and how the key is identified. [6 marks] Answer Using the first known (plaintext, ciphertext) pair, the attacker attempts a brute force on the input plaintext: 1110 K=00 => X1p = 1110 K=01 => X2p = 1110 K=10 => X3p = 1110 K=11 => X4p = Then using the output ciphertext the attacker decrypts: 1101 K=00 => X1c = 0011
Question 5 [9 marks] Assuming the output of the first application (round) of fK of S-DES is 00101011 and K 2 is 10111001, what is the output ciphertext? You may use the information below (note: you need to determine IP-1^ yourself). C = ___ ___ ___ ___ ___ ___ ___ ___ (write your final answer above; show calculations on next page) IP: 2 6 3 1 4 8 5 7 E/P: 4 1 2 3 2 3 4 1 P4: 2 4 3 1 S0 =
- = d) In the key distribution protocol, what information must be known by the KDC before step 1 can occur? [2 marks] Answer KDC must know the IDs and master keys of A and B: IDA , IDB , Ka , Kb. e) Explain why an attacker , after intercepting message (2), does not know the value of Ks. [ marks] Answer The first instance of Ks is encrypted with Ka and the second instance is encrypted with Kb. The attacker does not know either Ka or Kb and therefore cannot determine Ks. f) Explain the purposes of messages (4) and (5), including what type of attack they can prevent, how they can be used to prevent an attack (e.g. how the attack is detected), and what is an appropriate function F. [4 marks] Answer The messages are used to prevent an attacker replaying message (3), masquerading as A. If the attacker replays (3) then B will respond with a nonce value encrypted with Ks. B expects a reply containing the function F of the nonce value, where the function may be incrementing the value by 1. Since the attacker cannot determine the nonce value, it cannot send back the valid response. g) Explain an advantage of using the KDC based approach for key distribution. [1 mark] Answer Automates the distribution of session keys, so that only Master keys need to exchanged manually. h) Explain a disadvantage of using the KDC based approach for key distribution. [1 mark] Answer Requires the KDC to be trusted. If the KDC is compromised then the security of the system fails. The KDC can be a performance bottleneck in the system.
Question 7 [10 marks] The following information may (or may not) be useful in this question: Fermat's theorem: ap^ ≡ a (mod p ) if p is prime Euler's theorem: a Ф( n )+1^ ≡ a (mod n ) First 20 prime numbers: 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71 a) Find the answer of 54^3433 mod 3551. Show your calculations (e.g. explain which theorem(s) can be used and why; do not use a calculator). [5 marks] Answer Using Euler's theorem, if n is 3551, then find Ф(3551). It is difficult to find this manually, but if we notice that 3551 is in fact 53x67 (multiplication of 2 prime numbers) then Ф(3551). = 52x66 = 3432. Therefore the statement is in the form of Euler's theorem which says the answer is 54. b) Show that 7^60 ≡ 34 (mod 47). Show your calculations (e.g. do not use a calculator). [ marks] Answer 760 mod 47 = (7^2 mod 47)^30 mod 47 = 2^30 mod 47 = (2^6 mod 47)^5 mod 47 = (17 mod 47)(289 mod 47)(289 mod 47) mod 47 = 17 x (7 x 7 mod 47) mod 47 = 34 mod 47 = 34
Question 9 [10 marks] Suppose A and B want to confirm that they are both in possession of the same secret key. Consider this scheme to provide such confirmation: A creates a random sequence of bits the length of the key, XORs the random bits with the key, and sends the result over the network to B. B XORs the received bits with B's key (which is supposed to be the same as A's key) and sends back the result. A compares the received result with the original random bits to determine if the keys held by A and B are the same. In this scheme, neither A nor B transmit the key over the network. a) Prove that the scheme works. (that is, if the keys held by A and B are the same, then A can confirm this; and if they are different, A will detect this). [6 marks] Answer Lets define: R = random bits Ka = key held by A Kb = key held by B Mab = message sent by A to B Mba = message sent by B to A The scheme works as follows: At A: Mab = R ⊕ Ka A sends Mab to B At B: Mba = Mab ⊕ Kb B sends Mba to A At A: A compares Mba with R; if they are equal, then Ka = Kb. Why? The property of ⊕ is: if A ⊕ B = C then A = B ⊕ C So if Ka = Kb, then Mab = R ⊕ Ka and Mba = Mab ⊕ Ka = R ⊕ Ka ⊕ Ka = R ⊕ 0 = R b) Show how an attacker can take advantage of this scheme to discover the secret key. [ marks] Answer If the attacker intercepts the two messages, they can find Ka (assuming keys are the same): Mab = R ⊕ Ka and Mba = Mab ⊕ Ka = R Mab ⊕ Mba = R ⊕ Ka ⊕ R = Ka