Question: 1. Question 1 True or false: CBC-mode encryption with PKCS #5 padding provides message integrity, as long as the receiver makes sure to verify the

1. Question 1

True or false: CBC-mode encryption with PKCS #5 padding provides message integrity, as long as the receiver makes sure to verify the padding upon decryption.

True

False

Question 2
1 point

2. Question 2

Let F be a block cipher with n -bit block length. Consider the message authentication code for 2n -bit messages defined by Mack(m1,m2)=Fk(m1m2) . Which of the following gives a valid attack on this scheme?

Obtain tag t on message m,00 (with m00 ), and then output the tag t on the message 00,00 .

Obtain tag t on message m1,m2 (with m1m2 ), and then output the tag t on the message m2,m1 .

Obtain tag t on message m,m , and then output the tag 00 on the message 00,m .

Obtain tag t on message m,0,0 , and then output the tag t(11) on the message m,11 .

Question 3
1 point

3. Question 3

Let F be a block cipher with n -bit block length. Consider the message authentication code for 2n -bit messages defined by Mack(m1,m2)=Fk(m1)Fk(m2) . Which of the following gives a valid attack on this scheme?

There is no attack; the scheme is secure.

Output the tag 00 on the message 00,00 .

Obtain tag t on the message 00,11 , and output the tag t(11) on the message 11,00 .

Obtain tag t on the message 00,11 , and output the tag t(11) on the message 11,11 .

Question 4
1 point

4. Question 4

Assume a sender and receiver use basic CBC-MAC but authenticate/accept messages of different lengths. Which of the following is a valid attack?

Obtain tag t1 on message m1 , and tag t2 on message m1,m2 . Then output the tag t1 on the message t2m2 .

Obtain tag t1 on message m1 , and tag t2 on message t1,m2 . Then output the tag t2 on the message m1m2 .

Obtain tag t1 on message m1 , and tag t2 on message m2,m1 . Then output the tag t2 on the message m1,m2 .

Obtain tag t1 on message m1 , and tag t2 on message m1,m2 . Then output the tag t2 on the message t1m2 .

Question 5
1 point

5. Question 5

Assume we want to use a hash function with output length as small as possible, subject to being collision resistant against a birthday attack running in time 2192 . Which hash function would be the best choice?

MD5.

SHA-1.

SHA-2, with output truncated to 192 bits.

SHA-3 with 384-bit output.

Question 6
1 point

6. Question 6

Let H,H be collision-resistant hash functions. Which of the following functions H is NOT necessarily collision-resistant?

H(x)=H(H(x)) .

H(x)=H(x)H(x) , where denotes concatenation.

H(x)=H(x)H(x) .

H(x)=H(x)00 , where denotes concatenation.

Question 7
1 point

7. Question 7

Assume a sender and receiver use the encrypt-and-authenticate approach for variable-length messages, using CTR-mode encryption and a variant of CBC-MAC secure for authenticating variable-length data (and independent keys for each). Which of the following statements is true?

The combination is not CPA-secure, and it does not provide integrity because CTR-mode encryption is malleable.

The combination is CPA-secure, but it does not provide integrity.

The combination is not CPA-secure, and it does not provide integrity because the CTR-mode encryption allows the attacker to forge a tag in the CBC-MAC.

The combination is not CPA-secure, but it does provide integrity.

Question 8
1 point

8. Question 8

Let F be a block cipher with block length n . Consider the following encryption scheme for n -bit messages: to encrypt message m using key k , choose a random c0{0,1}n and output the ciphertext c0,c1,Fk(Fk(c0)c1) , where c1=Fk(c0)m . Which of the following statements is true?

This looks like the encrypt-then-authenticate approach using CTR-mode and CBC-MAC, except that here the same key is being used for both -- Prof. Katz warned us about that; this looks insecure!

This is an example of the encrypt-then-authenticate approach using CTR-mode and CBC-MAC, so is secure.

This looks like the authenticate-then-encrypt approach using CBC-MAC and CBC-mode encryption (with the same key) -- but here it's ok, since CBC-MAC is applied to something random.

This can be viewed as an example of the encrypt-and-authenticate approach using CBC-mode and CBC-MAC (with the same key), and is insecure.

Question 9
1 point

9. Question 9

Which of the following is the most appropriate primitive for achieving message integrity between two users sharing a key?

Message authentication code.

Private-key encryption scheme.

Block cipher.

Collision-resistant hash function.

Question 10
1 point

10. Question 10

Which of the following is an example of a message authentication code used widely in practice?

HMAC.

CBC-mode encryption.

SHA-1.

AES.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

End of Chapter 1 Answers 1) Self-acceptance is getting to move on despite what people thinks about us, it is more of self- esteem, white self-esteem is how important we see our self. It is good to...

Q:

Question #1 (1 point) Character frequency analysis is an example of a ciphertext-only attack. True False Question #2 (1 point) Which item is the responsibility of key management? Access control, user...

Q:

This question concerns lexical grammars. (a) Tree Adjoining Grammars contain two types of elementary tree. (i) What are these trees called? [1 mark] (ii) If one were building a grammar for English...

Q:

Let A, B be sets. Define: (a) the Cartesian product (A B) (b) the set of relations R between A and B (c) the identity relation A on the set A [3 marks] Suppose S, T are relations between A and B, and...

Q:

Please help me use this book for citation for my essay Read the book Boss - 2014 "Moral Reasoning" Ethics for Life- A Text with Readings Ch2 CHAPTER 2 .first importance. Mo,af ReaEoning In a...

Q:

can someone solve this Modern workstations typically have memory systems that incorporate two or three levels of caching. Explain why they are designed like this. [4 marks] In order to investigate...

Q:

1. Congress is concerned that a number of states are mandating the use of inaccurate textbooks that give students a warped understanding of US history. Congress therefore passes a law conditioning a...

Q:

Dorshkind v. Oak Park Place of Dubuque II 835 N.W.2d 293 (lowa 2013) OPINION BY JUSTICE WIGGINS In this appeal, we must decide if an internal complaint by an employee against an assisted living...

Q:

\fThis is an electronic version of the print textbook. Due to electronic rights restrictions, some third party content may be suppressed. Editorial review has deemed that any suppressed content does...

Q:

Miller-Rabin test to check whether a number N is composite. This will involve computing a N1 mod N for some value of a. [10 marks] Carry out the steps for N = 65 and a = 1, 2, 8 and 12. on what each...

Q:

Find ' r and 2 for the random variable X that has the probability density In3 x 0 elsewhere

Q:

Do the contingent risks of interest rate, takedown, credit, and aggregate funding tend to increase the insolvency risk of an FI? Why or why not?

Q:

In the LIFO - LCM approach to valuing inventory, the ceiling is the inventory s net realizable value. Group startsTrue or False

Q:

1.) What's the two balances?2.) Determine the net income or net loss for October? eAssignment/takeAssignmentMain.do: Debit Credit Balances Balances Cash Accounts Receivable 7,800 Supplies 2,170...

Q:

Is money the prime driver of employee performance?

Q:

Explain the statement The design of reward systems is contingent upon the organizational context in which they must operate.

Q:

How should the university address the problem of disgruntled lecturers who feel underpaid?