You are on page 1of 6


Session: 2001/2002
Semester: B
Faculty of Engineering and Information Sciences
Department of Computer Science
Module Code: MCOM0041


ONE answer book.

Answer any FOUR questions.
ALL questions carry equal marks.

This paper consists of SIX questions on SIX pages

Ex2001/2002 MCOM0041
18 March 2002



Alice and Bob are using their Personal Computers to send one another confidential
e-mails. Each e-mail is encrypted using DES in Output Feedback (OFB) Mode. Each
e-mail is encrypted using a different DES key. These DES keys are encrypted using
RSA. Alice and Bob met at a party, where they exchanged their RSA public keys.
Whenever Alice wishes to ask Bob a question q, she randomly chooses two DES keys
k1 and k2, together with random OFB initialization vectors i1 and i2. Then Alice sends
Bob the following message:
A->B: EB+(EA-(k)),c
where k is the block k = (k1 | i1 | k2 | i2), and c is the message m encrypted with k1 as
key and i1 as initialization vector. Alice signs k with her private RSA key KA- so that
Bob can be sure that the question is from her. She then encrypts the result with Bob's
public key KB+ to make sure that only Bob can obtain the value of k.
Bob sends Alice his reply r encrypted under i2 and k2, so that Alice knows his reply is
Professor Moriarty is desperate to find out what Alice and Bob are saying to each other.
a) Indicate how Moriarty might go about obtaining each of the following:
cyphertexts, known plaintexts, matching plaintext cyphertext pairs, DES-keys.
Make explicit any assumptions which you are making about how Alice and Bob
have configured their systems, and briefly suggest countermeasures to the attacks
which you propose.
(10 marks)

b) "I say Holmes" says Watson suddenly, "Bob can't be sure that the keys are fresh. If
Moriarty can obtain one pair of DES keys which Alice has used in the past, he can
cut-and-paste, mount a replay attack, masquerade as Alice to Bob and get the
answers to as many questions as he likes."
"Oh it's much worse than that" replies Holmes sadly. "Moriarty can masquerade as
Alice to Bob without needing anything more than the public RSA keys KA+ and,
KB+, and I am sure that Moriarty was at the party when Alice and Bob exchanged
public keys."
Explain what is meant by the terms "cut and paste", "replay" and "masquerade".
Explain carefully how Moriarty can masquerade as Alice to Bob. Advise Alice and
Bob what they should do to avoid this attack, and any other attacks which you
identify. Be explicit about the threat model which you are using at each stage.
(15 marks)

Ex2001/2002 MCOM0041
18 March 2002



Dr Watson is worried that a 56 bit key is not long enough, so he has invented a new
combination of DES with a one-time pad.
"You see Holmes" he explains, "the government just chooses a one-time pad R,
exclusive-or's this pad with the plaintext P, and then encrypts the result under the first
DES key k1. The result is sent by ordinary e-mail to the embassy, and the ambassador
was given k1 before he left the country."
Holmes is intrigued. "But won't the embassy also need to know R in order to decrypt P?"
"Ah, that's the clever bit" says Watson modestly. "The government then encrypts the pad
R under a second shared DES key k2, and sends that to the to the embassy as well. The
attacker will need to guess both k1 and k2 correctly to decypher P, and that's 112 bits!
Not only that, but the one-time pad really is unbreakable, so the ambassador can keep on
using the same k1 and k2."
G -> E: Ek1 (P XOR R) , Ek2 (R)
"Oh dear" says Holmes sadly, "I think Moriarty would have no more difficulty with your
system than he would with ordinary DES. Embassy messages are very formal, and we
must assume that Moriarty knows the Ambassador's name and title at least..."
a) Explain how a one-time pad can be used in order to provide provable
confidentiality. Under what assumptions is confidentiality guaranteed?
(6 marks)
b) What is a meet-in-the-middle attack? What is a man-in-the-middle attack?
(6 marks)
c) Explain in detail how Moriarty could mount a meet-in-the-middle attack against
Watson's protocol in order to obtain both k1 and k2. How much known plaintext
would Moriarty need? How much storage would he need? How many trial DES
decryptions should he expect to make? Show your working.
What other difficulties do you foresee with Watson's protocol, what changes would
you suggest and why?
(13 marks)

Ex2001/2002 MCOM0041
18 March 2002



The University wishes to set up a public key infrastructure (PKI). They have made the
following proposals:
A. Every student will be issued with a public key by the university when they enrol.
B. The corresponding private key will be stored on a chip on the student's id-card.
C. Students will use this key to authorise transactions (eg loan of library books,
D. Students will also be able to use their public key to ensure privacy (eg of e-mail).
E. Students will be able to exchange public keys by posting to a bulletin board.
a) Identify four major shortcomings of these proposals, and indicate the threat in each
(8 marks)
b) Suggest alternatives to these proposals, and explain carefully their relative merits,
together with any other advice or recommendations which you believe the
University needs. Make explicit any assumptions upon which your answer relies,
and indicate what threats any proposed coutermeasures address.
(12 marks)
c) Suppose a student borrows a library book. What paper record (if any) is required to
record this transaction? How could a dispute about whether or not the library book
was returned or overdue be resolved?
Justify your answers.
(5 marks)

Ex2001/2002 MCOM0041
18 March 2002


4. a) Define the term Cryptosystem in terms of a 5-tuple and using an appropriate

diagram define a classical communication channel.
(3 marks)
b) Decipher the following cyphertext given that the original plaintext was encrypted
using the Affine Cypher with key (7, 5).
(2 marks)
c) Compare and contrast the cryptanalytic techniques employed against the Vigenre
Cypher and one of the following:

Substitution Cypher
Affine Cypher
Hill Cypher

(You should define each stage of the cryptanalytic attack, stating in detail the
method employed, the purpose of each stage involved, any significant values and
their significance. The type of attack should also be stated).
(12 marks)
d) Differential Cryptanalysis is a standard attack against which all new block cypher
algorithms need to be resistant.
Explain the method employed in a differential cryptanalysis attack on 3 round DES.
You should include a diagram of the DES round function at round 3, with inputs and
outputs for each step of the round function clearly shown.
(8 marks)
5. a) Describe ways in which systems or networks might be attacked or security breached
when an organisation connects itself to the Internet. In each case describe what
confidentiality, data or system loss could result.
(8 marks)

What is a firewall system and how does it work?

(4 marks)


Compare and contrast the different approaches taken by SSL to encrypting

connections and of the approach that IPSec takes to connection encryption. What
are the relative advantages of each approach.
(6 marks)


Elliptic Curve Cryptography and Quantum Cryptography are currently two very
active research areas in the field of cryptography.
Explain the encryption/decryption process for either:
Elliptic Curve Cryptography
Quantum Cryptography

Ex2001/2002 MCOM0041
18 March 2002

(7 marks)


a) Explain the difference between physical and logical time.

(2 marks)
b) Give examples of applications for each type of time. (There are two marks for each
example given).
(6 marks)
c) Outline Cristians method for agreeing physical time.
(4 marks)
d) Describe and contrast the different approaches of the NFS and Coda networked filesystems to client-side caching (do not consider server replication issues unless it is
relevant to caching). Include in your answer a description of how they maintain and
check cache currency and the implications for both usage and one-copy file
(13 marks)

Ex2001/2002 MCOM0041
18 March 2002