Order the following four items to match with the process of digital signature generation and verification: (circle one)
1. Encrypt the digest with your private key.
2. Compare the message digest to one you created.
3. Generate a message digest.
4. Decrypt the signature with the sender's public key.
A. 4, 2, 1, 3
B. 1, 4, 3, 2
C. 3, 1, 4, 2
D. 3, 4, 2, 1
2. What is the purpose of including Message Authentication Code (MAC) with the message?
3. What is the difference between a MAC and a HMAC?
4. Who generates the authenticator in Kerberos and what is the purpose of the authenticator?
5. What primary problem does public-key cryptography solve?
6. Which of the following statements are true about Diffie-Hellman (D-H) key exchange?
A. The security of the scheme depends on it being difficult to solve ax = b mod n for a given b, n and x
B. The security of the scheme depends on it being difficult to solve ax = b mod n for x given a, b and n
7. Suppose a One-way hash function is used in a message exchanged between Alice and Bob.
A. Provide an example forgery scenario if the hash function lacks weak collision resistance property.
B. Provide an example forgery scenario if the hash function lacks strong collision resistance property.
8. A. Decrypt the following English cipher-text which has been produced by using substitution (Caeser) cipher:
kbkxeutk (Hint: Use the frequency distribution table of the letters of English language and the Vigenere Tableau given at the end of this script)
B. Consider a substitution cipher where 52 symbols were used instead of 26. In particular, each symbol in the cipher text is for either a lowercase English letter, or an uppercase English letter. For example, let E be the encryption function then we could have E(A) = T and E(a) = m. Such a modification augments the key space to 52! (52 factorial). Does this provide added security compared to a standard substitution cipher? Why or why not?
9. Suppose Alice wants to send a message to Bob containing her name N, her computers IP address IP, and a request R for Bob. Design encrypted messages that Alice must send to meet the security requirements below. Suppose that K-A and K-B are the private keys of Alice and Bob respectively.
Assume that Alice and Bob share a symmetric key K and have securely distributed their public keys K+A and K+B to each other. Assume that all the messages include Alice's name, IP address, and the request.
Recall the notation that x||y means the concatenation of x with y, {x}k denotes the encryption of x using key k, and that h(x) denotes a hash of x. Using the notation above, answer each question below using a message exchange diagram (like the ones we used in class), being specific about what is computed, what is transmitted, and who the sender and receiver of the message is.
A. Using the symmetric key, design a message that enables Bob to verify that the messages integrity has not been violated and that it is from Alice.
B. Using the symmetric key, design a message that protects the confidentiality of the request and ensures that Bob can verify the messages
integrity and source.
C. Using public key cryptography, design a message that enables Bob to verify that the messages integrity has not been violated and that it is from Alice.
D. Using public key cryptography, design a message that protects the confidentiality of the request and ensures that Bob can verify the messages integrity and source.
10. A. Illustrate how Meet-in-the-Middle attacks can be devised with a double DES encryption scheme? How does 3DES protect against this attack.
B. Explain the self-healing property of cipher block chaining mode.
11. A. Perform encryption and decryption using the RSA algorithm where p = 3, q = 11, e = 7, and M = 5.
B. Consider a Diffie-Hellman scheme with a common prime q = 11 and a primitive root g = 2.
i) If user A has public key Ya = 9. What is A's private key Xa?
ii) if user B has public key Yb = 3, what is the shared secret key K?
12. A. A system allows the user to choose a password with a length of one to five characters, inclusive. Assume that 10,000 passwords can be tested per second. The system administrators want to expire passwords once they have a probability of 0.10 of having been guessed. Determine the expected time to meet this probability under the condition that the password characters may be any number from 0 to 9.
B. Does using passwords with salts make attacking a single account more difficult than using passwords without salts? Explain why or why not.