Questions and Answers of Cryptography And Network Security

a. Consider the following hash function. Messages are in the form of a sequence of numbers inThe hash value is calculated asfor some predefined value . Does this hash function satisfy any of the
It is possible to use a hash function to construct a block cipher with a structure similar to DES. Because a hash function is one way and a block cipher must be reversible (to decrypt), how is it
Now consider the opposite problem: using an encryption algorithm to construct a oneway hash function. Consider using RSA with a known key. Then process a message consisting of a sequence of blocks as
Suppose H( ) is a collision-resistant hash function that maps a message of arbitrary bit length into an -bit hash value. Is it true that, for all messages x, x′ with x ≠ x′ we have H(x) Z
In Figure 11.11, it is assumed that an array of 80 64-bit words is available to store the values of Wt so that they can be precomputed at the beginning of the processing of a block. Now assume that
For SHA-512, show the equations for the values of W16,W17,W18 and W19.
State the value of the padding field in SHA-512 if the length of the message isa. 1919 bitsb. 1920 bitsc. 1921 bits
State the value of the length field in SHA-512 if the length of the message isa. 1919 bitsb. 1920 bitsc. 1921 bits
Suppose a1a2a3a4 are the 4 bytes in a 32-bit word. Each ai can be viewed as an integer in the range 0 to 255, represented in binary. In a big-endian architecture, this word represents the integerIn a
This problem introduces a hash function similar in spirit to SHA that operates on letters instead of binary data. It is called the toy tetragraph hash (tth).2 Given a message consisting of a sequence
Develop a table similar to Table 4.9 for GF(28) with m(x) = x8 + x4 + x3 + x2 + 1. Table 4.9 Generator for GF(2) using x + x + 1 Power Representation Polynomial Representation 0 g(=g') "o "oo oo oo 0
Show the E and E-1 mini-boxes in Table N.2 in the traditional S-box square matrix format, such as that of Table 5.4. Table 5.4 AES Example Start of Round 01 89 fe 76 23 ab de 54 45 cd ba 32 67 ef 98
Verify that Figure N.5 is a valid implementation of the S-box shown in Table N.2a. Do this by showing the calculations involved for three input values: 00, 55, 1E.
Provide a Boolean expression that defines the S-box functionality of Figure N.5.
Whirlpool makes use of the construction Now notice that the key schedule for Whirlpool resembles encryption of the cipher key under a pseudo-key defined by the round constants, so that the core of
What types of attacks are addressed by message authentication?
What two levels of functionality comprise a message authentication or digital signature mechanism?
What are some approaches to producing message authentication?
When a combination of symmetric encryption and an error control code is used for message authentication, in what order must the two functions be performed?
What is a message authentication code?
What is the difference between a message authentication code and a one-way hash function?
In what ways can a hash value be secured so as to provide message authentication?
Is it necessary to recover the secret key in order to attack a MAC algorithm?
What changes in HMAC are required in order to replace one underlying hash function with another?
If \(\mathrm{F}\) is an error-detection function, either internal or external use (Figure 12.2) will provide error-detection capability. If any bit of the transmitted message is altered, this will be
The data authentication algorithm, can be defined as using the cipher block chaining (CBC) mode of operation of DES with an initialization vector of zero (Figure 12.7). Show that the same result can
At the beginning of Section 12.6, it was noted that given the CBC MAC of a oneblock message \(X\), say \(T=\operatorname{MAC}(K, X)\), the adversary immediately knows the CBC MAC for the two-block
In this problem, we demonstrate that for CMAC, a variant that XORs the second key after applying the final encryption doesn't work. Let us consider this for the case of the message being an integer
In the discussion of subkey generation in CMAC, it states that the block cipher is applied to the block that consists entirely of 0 bits. The first subkey is derived from the resulting string by a
Listed three general approaches to authenticated encryption: MtE, EtM, and E\&M.a. Which approach is used by CCM?b. Which approach is used by GCM?
Show that the GHASH function calculates\[\left(X_{1} \cdot H^{m}ight) \oplus\left(X_{2} \cdot H^{m-1}ight) \oplus \cdots \oplus\left(X_{m-1} \cdot H^{2}ight) \oplus\left(X_{m} \cdot Hight)\]
Draw a figure similar to Figure 12.11 that shows authenticated decryption. IV encode Jo A = Ass. Data KE incr OF K. Jo Plaintext GCTR C = Ciphertext GHASH GCTR MSB 0 [len(A)]64 Tag Figure 12.11
Alice want to send a single bit of information (a yes or a no) to Bob by means of a word of length 2. Alice and Bob have four possible keys avialable to perform message authentication. The following
List two disputes that can arise in the context of message authentication.
What are the properties a digital signature should have?
What requirements should a digital signature scheme satisfy?
What is the difference between direct and arbitrated digital signature?
In what order should the signature function and the confidentiality function be applied to a message, and why?
What are some threats associated with a direct digital signature scheme
Dr. Watson patiently waited until Sherlock Holmes finished. "Some interesting problem to solve, Holmes?" he asked when Holmes finally logged out."Oh, not exactly. I merely checked my e-mail and then
DSA specifies that if the signature generation process results in a value of \(s=0\), a new value of \(k\) should be generated and the signature should be recalculated. Why?
What happens if a \(k\) value used in creating a DSA signature is compromised?
The DSS document includes a recommended algorithm for testing a number for primality.1. [Choose \(\boldsymbol{w}\) ] Let \(w\) be a random odd integer. Then \((w-1)\) is even and can be expressed in
With DSS, because the value of \(k\) is generated for each signature, even if the same message is signed twice on different occasions, the signatures will differ. This is not true of RSA signatures.
Consider the problem of creating domain parameters for DSA. Suppose we have already found primes \(p\) and \(q\) such that \(q \mid(p-1)\). Now we need to find \(g \in \mathbf{Z}_{p}\) with \(g\) of
It is tempting to try to develop a variation on Diffie-Hellman that could be used as a digital signature. Here is one that is simpler than DSA and that does not require a secret random number in
An early proposal for a digital signature scheme using symmetric encryption is based on the following. To sign an \(n\)-bit message, the sender randomly generates in advance \(2 n\) 56-bit
List ways in which secret keys can be distributed to two communicating parties. (2) IDA, E(Ka, Na), IDB, E(Kb, N) B Key Distribution Center (KDC) (3) E(Kb. [KS, IDA, Nb]), E(Kas [KS, IDB, Nal) Figure
What is the difference between a session key and a master key?
What is a nonce?
What is a key distribution center?
What are two different uses of public-key cryptography related to key distribution?
List four general categories of schemes for the distribution of public keys.
What are the essential ingredients of a public-key directory?
What is a public-key certificate?
What are the requirements for the use of a public-key certificate scheme?
What is the purpose of the X.509 standard?
What is a chain of certificates?
How is an X.509 certificate revoked?
One local area network vendor provides a key distribution facility, as illustrated in Figure 14.17.a. Describe the scheme.b. Compare this scheme to that of Figure 14.3.What are the pros and cons? (2)
“We are under great pressure, Holmes.” Detective Lestrade looked nervous. “We have learned that copies of sensitive government documents are stored in computers of one foreign embassy here in
The 1988 version of X.509 lists properties that RSA keys must satisfy to be secure given current knowledge about the difficulty of factoring large numbers. The discussion concludes with a constraint
Find at least one intermediate certification authority’s certificate and one trusted root certification authority’s certificate on your computer (e.g. in the browser). Print screenshots of both
NIST defines the term cryptoperiod as the time span during which a specific key is authorized for use or in which the keys for a given system or application may remain in effect. One document on key
Consider the following protocol, designed to let A and B decide on a fresh, shared session key K′AB. We assume that they already share a long-term key KAB.a. We first try to understand the protocol
What are the core components of a PKI? Briefly describe each component.
Explain the problems with key management and how it affects symmetric cryptography.
What is the effect of adding the instruction EMKi EMK;: X E(KMH; X) i = 0, 1
Suppose N different systems use the IBM Cryptographic Subsystem with host master keys KMH[i](i = 1, 2, . . . N). Devise a method for communicating between systems without requiring the system to
The principal objective of the IBM Cryptographic Subsystem is to protect transmissions between a terminal and the processing system. Devise a procedure, perhaps adding instructions, which will allow
Give examples of replay attacks.
List three general approaches to dealing with replay attacks.
What is a suppress-replay attack?
What problem was Kerberos designed to address?
What are three threats associated with user authentication over a network or Internet?
List three approaches to secure user authentication in a distributed environment.
What four requirements were defined for Kerberos?
What entities constitute a full-service Kerberos environment?
In the context of Kerberos, what is a realm?
What are the principal differences between version 4 and version 5 of Kerberos?
We outlined the public-key scheme proposed in [WOO92a] for the distribution of secret keys. The revised version includes IDA in steps 5 and 6.What attack, specifically, is countered by this revision?
The protocol referred to in Problem 15.1 can be reduced from seven steps to five, having the following sequence:1. A → B:2. A → KDC:3. KDC → B:4. B → A:5. A → B:Show the message transmitted
Reference the suppress-replay attack described in Section 15.2 to answer the following.a. Give an example of an attack when a party’s clock is ahead of that of the KDC.b. Give an example of an
There are three typical ways to use nonces as challenges. Suppose Na is a nonce generated by A, A and B share key K, and f() is a function (such as an increment). The three usages areDescribe
Show that a random error in one block of ciphertext is propagated to all subsequent blocks of plaintext in PCBC mode.
Suppose that, in PCBC mode, blocks Ci and Ci+1 are interchanged during transmission. Show that this affects only the decrypted blocks Pi and Pi+1 but not subsequent blocks.
In addition to providing a standard for public-key certificate formats, X.509 specifies an authentication protocol.The original version of X.509 contains a security flaw.The essence of the protocol
Consider a one-way authentication technique based on asymmetric encryption:a. Explain the protocol.b. What type of attack is this protocol susceptible to? A B: B A: A B: IDA R E(PR, R)
Consider a one-way authentication technique based on asymmetric encryption:a. Explain the protocol.b. What type of attack is this protocol susceptible to? A B: B A: A B: IDA E(PUa, R) R
In Kerberos, when Bob receives a Ticket from Alice, how does he know it is genuine?
In Kerberos, when Bob receives a Ticket from Alice, how does he know it came from Alice?
In Kerberos, when Alice receives a reply, how does she know it came from Bob (that it’s not a replay of an earlier message from Bob)?
In Kerberos, what does the Ticket contain that allows Alice and Bob to talk securely?
What are the advantages of each of the three approaches shown in Figure 16.1? HTTP FTP TCP IP/IPSec SMTP HTTP FTP SSL or TLS TCP IP SMTP S/MIME Kerberos SMTP HTTP UDP (a) Network level (b) Transport
What is the difference between an SSL connection and an SSL session?
List and briefly define the parameters that define an SSL session state.
List and briefly define the parameters that define an SSL session connection.
What steps are involved in the SSL Record Protocol transmission?
What is the purpose of HTTPS?
For what applications is SSH useful?

Showing 100 - 200 of 498