Download CS 772 Network Security Exam, Fall 2006 - Prof. H. Abdel-Wahab and more Exams Computer Science in PDF only on Docsity!
CS 772
Network Security: Concepts, Protocols and Programming
Fall 2006
Final Exam
Time 2 & 1/2 hours
Open Book & Notes
Name:
Login:
All questions are of equal weights.
Please be brief and try not to exceed the space allocated for each answer.
Q1:
The following illustrates the operation of Kerberos when Alice likes to rsh to Bob. Modify these figure
if the KDC uses public-key infrastructure , i.e, the KDC does not have any shared secretes with the
principles; it is only a trusted mediator among the principles.
Alice workstation KDC Alice, passwd > Alice needs a TGT > < KA { SA }, Kkdc {T} Alice workstation KDC Bob rsh Bob > Alice wants Bob, TGT > < SA {"Bob", KAB , ticket to Bob} ticket to Bob = KB { "Alice", KAB }, KAB {t} > < KAB {t+1} solution: Alice workstation KDC Alice, passwd > Alice needs a TGT > < { SA }eA, Kkdc {T} Alice workstation KDC Bob rsh Bob > Alice wants Bob, TGT > < SA {"Bob", KAB , ticket to Bob} ticket to Bob = { "Alice", KAB }eB, KAB {t} > < KAB {t+1}
Q4:
The security handshake protocols are evaluated according to security & pereformance.
The performance parameters are:
- Number of messages,
- Processing power required, and
- Compactness of messages.
Compare the following two protocols, P1 and P2, with respect to the above performance measures:
Alice Bob
P1: I'm Alice, K{timestamp} --- > P2: I'm Alice, timestamp, hash {K, timestamp} >
Ans:
P2 requires less power, since hash requires less computational power than encryption.
Q5:
The following is a proposed mutual authentication protocol.
Alice Bob
I'm Alice >
< R, hash (K,R)
hash(K, R+1) >
What are the possible flaws in this protocol?
Ans:
Bob is sure that she is Alice, but Alice can not be sure that Bob it Trudy
since Trudy can record and a play a previous message between Alice and Bob.
Propose how to fix the possible flaws with minimal modifications to the protocol.
Fix: Alice Bob I'm Alice > < Rb hash (K, Rb), Ra > < hash (K, Ra)
Q6:
How Trudy may exploit the “source routing” feature of the IP protocol?
Ans:
He can insert pretend to be Alice and get the answer from Bob
by inserting himself in the middle:
<Alice, Trudy, Bob>
and Bob will reply with source route:
<Bob, Trudy, Alice>
Q7:
Assume that UNIX uses the user login name in lieu of the traditional salt , what is the effect on
security of this modification?
Ans: No effect, it still requires |D|.|F| to perform dictionary attack.
Q10:
In SSL, explain how the client and server mutually authenticate each other?
Ans: The client first authenticates the server, by checking the certificate presented by the server. Normally the server authenticates the client using: <name, password> sent securely over the ssl connection.
Q11:
In SSL, explain how to ensure that two identical plain messages will be transmitted as two different
cipher messages?
Ans: If block cipher is used, the IV is used to encrypt the first record; the final block of each record is used as the IV for the next record.
Q12:
Assume that Alice likes to have a secure conversation with Bob and she wants a trusted 3rd^ party T to
record the conversation. One possible scheme is to establish two SSL connections from Alice and Bob
to T. How many times a message typed by one person to be encrypted/decrypted before the other
person can read it? Explain?
Ans: 2
Since it has to encrypted from Alice to T,
decrypted then encrypted by T and
then decrypted by Bob.
Q13:
Consider the following PEM message:
From: Alice To: Bob Subject: CS772 Final Date: Mon Dec 4, 2006 -----BEGIN PRIVACY ENHANCED MESSAGE----- Proc-Type: 4, ENCRYPTED Content-Type: RFC DEK-Info: DES-CBC, IV Originator-ID-Asymmetric: < Alice certificate ID> Key-Info: RSA, <encoded message key encrypted with Alice public key> MIC-Info: RSA-MD5, RSA, <encoded encrypted MIC> Recipient-ID-Asymmetric: < Bob certificate ID> Key-Info: RSA, <encoded message key encrypted with Bob public key> -----END PRIVACY ENHANCED MESSAGE-----
Is it possible for Bob to prove that indeed Alice sent that message to him? Explain?
No, since it is not signed.
Is it possible for Trudy to intercept and the read and modify the message? Explain?
No, since he does not have Bob private key.
Consider the above listings of certificates:
1. Who is the CA?
2. How long the certificate is valid?
3. What is the value of the subject public key <e, n>?
4. What is the value of the issuer public key?
5. Why you think that the signed certificate indeed corresponds to the certificate request?
6. Is it possible for the owner of the signed certificate to issue and sign other certificates?
Ans:
- Dr. wahab?
- 1 year
- e=65537, n= 00:9b:5e:7d:fc:c8:73:4e:
- not there, since the CA certificate is not listed.
- since the public keys are the same in both.
- no, since CA=False.
Q15:
In RSA, assume e = 3, p = 11 and q =23.
Show that 147 is a possible value of d.
n=pq=11.23=
Phi(n)=(p-1)(q-1)=10.22=
e.d=3.147=441=1 mod 220
So e is the inverse of d
Q16:
Calculate the value of 857 mod 100 without using a calculator.