You are on page 1of 6



Course Code: CSE403 Course Title: Network Security

& Cryptography

School: LSE Department: CSE/IT

Name of the faculty member: Shashi Kant Rathore


Class: BT-MT-IT



Part A:

Q1. When a combination of symmetric encryption and an error control code is used for
message authentication, in what order must the two functions be performed?


The message is encrypted first, and then the MAC is calculated using the resulting cipher text to
form the transmitted block.

In particular,
message authentication involves two aspects:
• Source authentication, which verifies the identity of the source, prevents the acceptance of
from a fraudulent source.
• Data integrity, which protects the data from modification.
Let’s start with symmetric encryption. As shown in Fig. 1 (a), A sends B a message M encrypted
by their shared secret key K. Because a third party is unable to recover the plaintext of the
without the knowledge of K, confidentiality is provided. Now let’s examine how encryption
can provide message authentication. Generally, B is assured that the message is from A, because
A is the
only person (other than B) who is able to generate the ciphertext that can be decrypted using K.
if M is fully recovered, B knows none of the bits of M have been altered.
However, to achieve this goal B needs to be able to identify the “correct plaintext” from the ones
is decrypted from an altered ciphertext, or the ciphertext generated with a different key. And
there are
several scenarios:
• If M is in ordinary English, then B can recognize the message by reading off it. But this
is difficult to be recognized automatically.
• If M is in binary code, and can be any arbitrary bit pattern, then there is no way to determine
automatically, whether the recovered message is legitimate or not.
Lacking of an automatic way to verify the recovered message limits the usage of symmetric
as a mechanism for message authentication. Moreover, if a block cipher (such as DES, AES) is

Q2. In what ways can a hash values be secured so as to provide message authentication? Is
it necessary to recover the secret key in order to attack a MAC algorithm?


The ways in which a hash code can be used to provide message authentication are:

1. The message plus concatenated hash code is encrypted using symmetric encryption.The
hash code provides the structure required for authentication.

2. Only the hash code is encrypted using symmetric encryption. This reduces the processing

3. Only the hash code is encrypted using public key encryption and the sender’s private
key.This provides digital signature.

4. The message plus the public key-encrypted hash code may be encrypted using a
symmetric secret key.

5. A hash function may be used without encryption for message authentication.It assumes
that two communicating parties (A and B) share a common key (s). ’A’ computes the
hash value over the concatenation of M and S.B knows S and therefore can re-compute

6. The entire message plus the hash code may be encrypted.

Q3. a) What are the properties a digital signature should have and what requirements
should a digital signature scheme satisfy?
b) What are some threats associated with a direct digital signature scheme?


Data appended to, or a data unit that allows a recipient of the data unit to prove the source and
integrity if the data unit and protect against forgery.

A digital signature scheme using symmetric encryption is based on the following: To sign an n-
bit message, the sender randomly generates in advance 2n 56-bit cryptographic keys:

k1, K1, k2, K2,..., kn, Kn

which are kept secret. The sender prepares in advance two sets of corresponding nonsecret 64-bit
validation parameters, which are made public:

u1, V1, u2, V2,..., un, Vn and v1, V1, v2, V2,..., vn, Vn


vi = E(ki, ui), Vi = E(ki, Ui)

The message M is signed as follows. For the i th bit of the message, either ki or Ki is attached to
the message, depending on whether the message bit is 0 or 1. For example, if the first three bits
of the message are 011, then the first three keys of the signature are k1, K2, K3.

A digital signature is formed by taking the message digest of the content to be signed and then
encrypting that with the private key of signer. The content plus signature are the encoded using
base64 encoding. Clear-signed data: As with assigned data, a digital signature of the content is
formed. In this case only the digital signature is encoded using base64. Signed and enveloped
date: Signed-only and encrypted-only entities may be nested, so that encrypted data may be
signed and signed data or clear-signed data may be signed and signed data or clear-signed data
may be encrypted.

Digital Signature provides two levels of authentication:

1. Low-level authentication

2. Higher-level authentication

At the lower level there must be some sort of function that produces an authenticator: a value to
be used to authenticate a message. This lower level function is then used as primitive in a higher-
level authentication protocol that enables a receiver to verify the authenticity of message.
Part B:

Q4. Describe a Brute Force attack on a digitally signed message. Discuss the complexity of
the brute force attack. How can the complexity of the attack be increased without changing
the size of the key?

Q5. a) When would you use a MAC rather than a plain hash?

b) List out the design objectives for HMAC.


This technique assumes that two communicating parties A and B share a common key K.When
A sends a message to B it calculates the MAC as a function of the message and the


M=input message

C=MAC function

K=shared secret key

MAC=message authentication code

The message plus the MAC are transmitted to the recipient. The recipient performs the same
calculation on the received message to generate a new MAC.The received MAC is compared to
the calculated MAC.If only the sender and receiver know the secret key,if the received MAC
matches the calculated MAC , then

1.The receiver is assured that the message has not been altered.

2.The receiver is assured that the message is from the alleged sender.

3.If the message includes a sequence number then the receiver is assured of the proper sequence.

The MAC function need not be reversible.Usually, it is a many-to-one function.

If there are N possible messages then an n bit MAC is used where N>>2n and there are 2k
possible keys where the key has k bits.

Q6. What is difference between transport mode and tunnel mode? Why does ESP include
a padding field?

These are the two ways in which the IPSec authentication service can be used.In one case
authentication is provided directly between a server and client work stations;the work station can
be either on the same network as the server or on an external network.As long as the work station
and the server share a protected secret key, the authentication process is secure.This case uses a
transport mode SA. In the other case a remote work station authenticates itself to the corporate
firewall, either for access to the entire internal network or because the requested server does not
support the authentication feature. This case uses a tunnel mode SA.

For transport mode AH using IPv4, the AH is inserted after the original IP header and before the
IP payload. In the context of IPv6, the AH is viewed as an end-to-end payload;that is it is not
examined or processed by intermediate routers. Therefore the AH appears after the IPv6 base
header and the hop-by-hop,routing and fragment extension headers.

For tunnel mode AH the original IP packet is authenticated, and the AH is inserted between the
original IP header and a new outer IP header

Transport mode Tunnel mode

1.It provides protection for upper layer 1. It provides protection to the entire IP
protocols. packet.

2.Used for end-to-end communication 3.It is used when one or both ends of an
between two host SA is a security gateway , such as firewall
or router that implement IPSec.
3.AH:Authenticates IP payload and
selected portions of IP header and IPv6 3.Authenticates entir inner IP packet plus
extension header selected portions of outer IP header and
outer IPv6 extension headers.

ESP includes the padding field serves several purposes:

• If an encryption algorithm requires the plaintext to be a multiple of some number

of bytes (e.g., the multiple of a single block for a block cipher), the Padding field is used
to expand the plaintext (consisting of the Payload Data, Padding, Pad Length, and Next
Header fields) to the required length.
• The ESP format requires hat the PAD length and Next header fields be right
aligned within a 32-bit word. Equivalently, the cipher text must be an integer multiple of
32 bits. The padding field is used to assure this alignment.
• Additional padding may be added to provide partial traffic flow confidentiality by
concealing the actual length of the payload.