

Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Security vulnerabilities in a communication protocol, specifically focusing on replay attacks and session key sharing. How an attacker (eve) can intercept messages and manipulate them to gain unauthorized access to information. It also highlights the differences between symmetric and public key systems and their respective vulnerabilities. Examples of various scenarios and calculations.
Typology: Assignments
1 / 2
This page cannot be seen from the preview
Don't miss anything!


3- Z intercepts the message sent from A to B. Z then sends B the message (Z, EB (M), B). B will answer Z according to the protocol by sending message (B, EZ (M), Z). Z can now decode EZ (M) to find M. 4- B can fool A by replaying him/her with same nonce N1.
A → B: N
B → A: N
A → B: EK[N1]
B → A: EK[N1] 5- Two situations arise, the first in which Eve, the attacker, does not send an initial message to Bob (steps 1 and 2), and the second where she does. In both scenarios, assume that Eve knows the session key k session , and has intercepted the message at step
Begin with the first case. Eve replays the message to Bob. As Bob has not yet received a new message from Alice (steps 1 and 2), he rejects the message. But if Eve’s message comes during Alice’s execution of the protocol and after step 2, Bob opens the message and determines the random number rand 3. Because he kept track of the random number that he sent to Alice, he recognizes that this was not an attempt to begin a new session, but instead a replay of an older message (else it could not have been enciphered using the key he shares with Cathy, k Bob ). He therefore knows the message is legitimate but, since he has already seen the message with that random number in it, that it is a replay. In the second case, Eve sends message 1 to Bob, who replies with message 2. Eve immediately sends message 5 to Bob. Bob opens the message, compares rand 3 with the nonce in the message he just sent Eve (masquerading as Alice), and notes it is different. So he rejects the message. 7- a. n = 33; ( n ) = 20; d = 3; C = 26. b. n = 55; ( n ) = 40; d = 27; C = 14. c. n = 77; ( n ) = 60; d = 53; C = 57. d. n = 143; ( n ) = 120; d = 11; C = 106. e. n = 527; ( n ) = 480; d = 343; C = 128. For decryption, we have 128343 mod 527 = 128256 12864 12816 1284 1282 1281 mod 527 = 35 256 35 101 47 128 = 2 mod 527 = 2 mod 257 8- 3031
have a shared symmetric key. There are N(N-1)/2 such pairs and thus there are N(N- 1)/2 keys. With a public key system, each user has a public key which is known to all, and a private key (which is secret and only known by the user). There are thus 2N keys in the public key system.
symmetric key systems both the sender and receiver must know the same (secret) key. In public key systems, the encryption and decryption keys are distinct. The encryption key is known by the entire world (including the sender), but the decryption key is known only by the receiver. 11- a. YA = 7^5 mod 71= 51 b. YB = 7^12 mod 71= 4 c. K = 4^5 mod 71= 30 12- a. (11) = 10. 2^10 = 1024 = 1 mod 11. If you check 2 n^ for n < 10, you will find that none of the values is 1 mod 11. b. 6, because 2^6 mod 11 = 9 c. K = 3^6 mod 11= 3