0 Up votes0 Down votes

2 views6 pagesDistributed Systems

Dec 19, 2016

© © All Rights Reserved

PDF, TXT or read online from Scribd

Distributed Systems

© All Rights Reserved

2 views

Distributed Systems

© All Rights Reserved

- MIS 6800I Research Paper FINAL
- Harris Citadel Data Sheet_tcm26-9030
- Hakin9 en 04 2014 Teaser
- ias code
- wewo
- Noise Driven Encryption Algorithm (NDEA) Version-1
- A Contemporary Polyalphabetic Cipher Using Comprehensive Vigenere Table
- 2.Literature Review-soumya Balachandran
- Privacy-Preserving in Cloud Computing With Security-As-A-Service
- Paper 14-An Approach to Keep Credentials Secured in Grid Computing Environment for the Safety of Vital Computing Resources
- Assignment1 (Strings)
- Back-end Security.docx
- East On
- Privacy
- V3I6KJ04
- Distinguishing Attack
- Crypto Primer
- Ijetae Ncmira 0113 23
- Term Project Topics
- Introduction

You are on page 1of 6

Session: 2001/2002

Semester: B

Faculty of Engineering and Information Sciences

Department of Computer Science

MAST1/DSN1/SE1/DCN1/full-time

Module Code: MCOM0041

DISTRIBUTED SYSTEMS & SECURITY

THE FOLLOWING IS PROVIDED FOR THIS EXAMINATION:

ONE answer book.

INSTRUCTIONS TO CANDIDATES:

Answer any FOUR questions.

ALL questions carry equal marks.

Ex2001/2002 MCOM0041

bc/pw/rgd/js/dc

18 March 2002

1/6

1.

Alice and Bob are using their Personal Computers to send one another confidential

e-mails. Each e-mail is encrypted using DES in Output Feedback (OFB) Mode. Each

e-mail is encrypted using a different DES key. These DES keys are encrypted using

RSA. Alice and Bob met at a party, where they exchanged their RSA public keys.

Whenever Alice wishes to ask Bob a question q, she randomly chooses two DES keys

k1 and k2, together with random OFB initialization vectors i1 and i2. Then Alice sends

Bob the following message:

A->B: EB+(EA-(k)),c

where k is the block k = (k1 | i1 | k2 | i2), and c is the message m encrypted with k1 as

key and i1 as initialization vector. Alice signs k with her private RSA key KA- so that

Bob can be sure that the question is from her. She then encrypts the result with Bob's

public key KB+ to make sure that only Bob can obtain the value of k.

Bob sends Alice his reply r encrypted under i2 and k2, so that Alice knows his reply is

fresh.

Professor Moriarty is desperate to find out what Alice and Bob are saying to each other.

a) Indicate how Moriarty might go about obtaining each of the following:

cyphertexts, known plaintexts, matching plaintext cyphertext pairs, DES-keys.

Make explicit any assumptions which you are making about how Alice and Bob

have configured their systems, and briefly suggest countermeasures to the attacks

which you propose.

(10 marks)

b) "I say Holmes" says Watson suddenly, "Bob can't be sure that the keys are fresh. If

Moriarty can obtain one pair of DES keys which Alice has used in the past, he can

cut-and-paste, mount a replay attack, masquerade as Alice to Bob and get the

answers to as many questions as he likes."

"Oh it's much worse than that" replies Holmes sadly. "Moriarty can masquerade as

Alice to Bob without needing anything more than the public RSA keys KA+ and,

KB+, and I am sure that Moriarty was at the party when Alice and Bob exchanged

public keys."

Explain what is meant by the terms "cut and paste", "replay" and "masquerade".

Explain carefully how Moriarty can masquerade as Alice to Bob. Advise Alice and

Bob what they should do to avoid this attack, and any other attacks which you

identify. Be explicit about the threat model which you are using at each stage.

(15 marks)

Ex2001/2002 MCOM0041

bc/pw/rgd/js/dc

18 March 2002

2/6

2.

Dr Watson is worried that a 56 bit key is not long enough, so he has invented a new

combination of DES with a one-time pad.

"You see Holmes" he explains, "the government just chooses a one-time pad R,

exclusive-or's this pad with the plaintext P, and then encrypts the result under the first

DES key k1. The result is sent by ordinary e-mail to the embassy, and the ambassador

was given k1 before he left the country."

Holmes is intrigued. "But won't the embassy also need to know R in order to decrypt P?"

"Ah, that's the clever bit" says Watson modestly. "The government then encrypts the pad

R under a second shared DES key k2, and sends that to the to the embassy as well. The

attacker will need to guess both k1 and k2 correctly to decypher P, and that's 112 bits!

Not only that, but the one-time pad really is unbreakable, so the ambassador can keep on

using the same k1 and k2."

G -> E: Ek1 (P XOR R) , Ek2 (R)

"Oh dear" says Holmes sadly, "I think Moriarty would have no more difficulty with your

system than he would with ordinary DES. Embassy messages are very formal, and we

must assume that Moriarty knows the Ambassador's name and title at least..."

a) Explain how a one-time pad can be used in order to provide provable

confidentiality. Under what assumptions is confidentiality guaranteed?

(6 marks)

b) What is a meet-in-the-middle attack? What is a man-in-the-middle attack?

(6 marks)

c) Explain in detail how Moriarty could mount a meet-in-the-middle attack against

Watson's protocol in order to obtain both k1 and k2. How much known plaintext

would Moriarty need? How much storage would he need? How many trial DES

decryptions should he expect to make? Show your working.

What other difficulties do you foresee with Watson's protocol, what changes would

you suggest and why?

(13 marks)

Ex2001/2002 MCOM0041

bc/pw/rgd/js/dc

18 March 2002

3/6

3.

The University wishes to set up a public key infrastructure (PKI). They have made the

following proposals:

A. Every student will be issued with a public key by the university when they enrol.

B. The corresponding private key will be stored on a chip on the student's id-card.

C. Students will use this key to authorise transactions (eg loan of library books,

photocopying).

D. Students will also be able to use their public key to ensure privacy (eg of e-mail).

E. Students will be able to exchange public keys by posting to a bulletin board.

a) Identify four major shortcomings of these proposals, and indicate the threat in each

case.

(8 marks)

b) Suggest alternatives to these proposals, and explain carefully their relative merits,

together with any other advice or recommendations which you believe the

University needs. Make explicit any assumptions upon which your answer relies,

and indicate what threats any proposed coutermeasures address.

(12 marks)

c) Suppose a student borrows a library book. What paper record (if any) is required to

record this transaction? How could a dispute about whether or not the library book

was returned or overdue be resolved?

Justify your answers.

(5 marks)

Ex2001/2002 MCOM0041

bc/pw/rgd/js/dc

18 March 2002

4/6

diagram define a classical communication channel.

(3 marks)

b) Decipher the following cyphertext given that the original plaintext was encrypted

using the Affine Cypher with key (7, 5).

TZAH

(2 marks)

c) Compare and contrast the cryptanalytic techniques employed against the Vigenre

Cypher and one of the following:

Substitution Cypher

Affine Cypher

Hill Cypher

(You should define each stage of the cryptanalytic attack, stating in detail the

method employed, the purpose of each stage involved, any significant values and

their significance. The type of attack should also be stated).

(12 marks)

d) Differential Cryptanalysis is a standard attack against which all new block cypher

algorithms need to be resistant.

Explain the method employed in a differential cryptanalysis attack on 3 round DES.

You should include a diagram of the DES round function at round 3, with inputs and

outputs for each step of the round function clearly shown.

(8 marks)

5. a) Describe ways in which systems or networks might be attacked or security breached

when an organisation connects itself to the Internet. In each case describe what

confidentiality, data or system loss could result.

(8 marks)

b)

(4 marks)

c)

connections and of the approach that IPSec takes to connection encryption. What

are the relative advantages of each approach.

(6 marks)

d)

Elliptic Curve Cryptography and Quantum Cryptography are currently two very

active research areas in the field of cryptography.

Explain the encryption/decryption process for either:

Elliptic Curve Cryptography

or

Quantum Cryptography

Ex2001/2002 MCOM0041

bc/pw/rgd/js/dc

18 March 2002

(7 marks)

5/6

6.

(2 marks)

b) Give examples of applications for each type of time. (There are two marks for each

example given).

(6 marks)

c) Outline Cristians method for agreeing physical time.

(4 marks)

d) Describe and contrast the different approaches of the NFS and Coda networked filesystems to client-side caching (do not consider server replication issues unless it is

relevant to caching). Include in your answer a description of how they maintain and

check cache currency and the implications for both usage and one-copy file

semantics.

(13 marks)

Ex2001/2002 MCOM0041

bc/pw/rgd/js/dc

18 March 2002

6/6

- MIS 6800I Research Paper FINALUploaded byAparna Awasthi
- Harris Citadel Data Sheet_tcm26-9030Uploaded byLucho 2000
- Hakin9 en 04 2014 TeaserUploaded byHiepHenry
- ias codeUploaded bySatyam Lala
- wewoUploaded bywewuz kong
- Noise Driven Encryption Algorithm (NDEA) Version-1Uploaded byIJIRAE- International Journal of Innovative Research in Advanced Engineering
- A Contemporary Polyalphabetic Cipher Using Comprehensive Vigenere TableUploaded byWorld of Computer Science and Information Technology Journal
- 2.Literature Review-soumya BalachandranUploaded bysomy19jan
- Privacy-Preserving in Cloud Computing With Security-As-A-ServiceUploaded byEditor IJRITCC
- Paper 14-An Approach to Keep Credentials Secured in Grid Computing Environment for the Safety of Vital Computing ResourcesUploaded byEditor IJACSA
- Assignment1 (Strings)Uploaded byAbrar Hussain
- Back-end Security.docxUploaded byAnonymous Q8y48z
- East OnUploaded byEpic Win
- PrivacyUploaded byOKBSAPR
- V3I6KJ04Uploaded byneha_gaur
- Distinguishing AttackUploaded byMagdalena Christine Siahaan
- Crypto PrimerUploaded byMohd Hanif Hassan
- Ijetae Ncmira 0113 23Uploaded bySelvaKumar
- Term Project TopicsUploaded byKorhan Herguner
- IntroductionUploaded byPavan Dandge Deshmukh
- IeeeUploaded byHaribabu Veludandi
- A Lightweight and Secure Protocol for Mobile Payments via Wireless Internet in M-commerceUploaded byAswin Somanath
- Brad.mastersUploaded bye_talic
- D-87-13-IIIUploaded byAjay Malik
- Network SecurityUploaded byAtik Israk Lemon
- Embedded Intel Solutions Fall 2017Uploaded byBruno Leonardo Romão
- DesUploaded byS Shiva Surya
- Cryptopolitik and the DarknetUploaded byBernardo Wahl
- 2005 Spies Tan Ton SurveyUploaded bykirrukachik
- Paper15 Robbict Irstc Vol8Uploaded byRobbi Zhuge Rahim

- Course Work 1Uploaded byJai Gaizin
- CourseWorkUploaded byJai Gaizin
- Link ReferenceUploaded byJai Gaizin
- Link IntroUploaded byJai Gaizin
- DAI-week3Uploaded byJai Gaizin
- DAI-week3Uploaded byJai Gaizin
- DAI-week2Uploaded byJai Gaizin
- DAI-week2Uploaded byJai Gaizin
- DAI-week1Uploaded byJai Gaizin
- DAI-week1Uploaded byJai Gaizin
- Lecture 1Uploaded byJai Gaizin
- MScDCOM-Lec09v3 With AnnotationsUploaded byJai Gaizin
- MScDCOM-Lec08v2 With AnnotationsUploaded byJai Gaizin
- MScDCOM-Lec07v2 With AnnotationsUploaded byJai Gaizin
- MScDCOM-Lec06v2 With AnnotationsUploaded byJai Gaizin
- MScDCOM-Lec05v2 With AnnotationsUploaded byJai Gaizin
- MScDCOM-Lec04v3 With AnnotationsUploaded byJai Gaizin
- MScDCOM-Lec03v3 With AnnotationsUploaded byJai Gaizin
- MScDCOM-Lec02v3 With AnnotationsUploaded byJai Gaizin
- MScDCOM-Lec01V3 With AnnotationsUploaded byJai Gaizin
- ISAD Tutorial ERM Week7Uploaded byJai Gaizin
- Access CommandsUploaded byJai Gaizin
- 12 PrototypingUploaded byJai Gaizin
- 11 Detailed DesignUploaded byJai Gaizin
- Exam 02-03Uploaded byJai Gaizin
- Linear Motion4Uploaded byJai Gaizin
- Linear EqnUploaded byJai Gaizin
- 10 System DesignUploaded byJai Gaizin

- Basic Cryptanalysis, Field Man - Department Of The Army Publica_23252.pdfUploaded byOmar Valenzuela
- Steganography (Rahul Raj)Uploaded byRahul Raj
- It2352 Cns 2unit 2maks TqUploaded bycollege
- 05364913Uploaded byStone Jin
- 1_ClassicCryptoUploaded byamitpanda
- Modular Arithmetic & CryptographyUploaded byvaski92
- CSN_513_INSUploaded byAnshul Shah
- Basic Encryption and DecryptionUploaded byHiro Motoki
- Algoritmul FEALUploaded bynanaciteste
- Alan Turing Genius and Wartime Code BreakerUploaded byFightInjustice AFormerstudent
- Crypto_ReadingListUploaded bycqchunter
- An Application of the Elzaki Transform in CryptographyUploaded byiaetsdiaetsd
- class2Uploaded byVinothKanna
- Security MeasuresUploaded byAdarsh Agarwal
- Cryptography Teacher Guide Brian VeitchUploaded byAung Kent
- syllabus for mid term.docxUploaded byMichael Maldonado
- CSE1ACF Subject Learning Guide 2018 Semester 2Uploaded byShubham
- Net Wizard's Handbook Third EditionUploaded byGnomeMadeIon
- Crypt 21 CipherUploaded byKashif Aziz Awan
- A survey on Existing Image Encryption TechniquesUploaded byIJSTE
- Latest Paper on CryptographyUploaded bysundarrajan1068
- hw1Uploaded byrnapando
- Classical CryptologyUploaded byXulfee Jabeer
- As 2805.5.1-1992 Electronic Funds Transfer - Requirements for Interfaces Ciphers - Data Encipherment AlgorithUploaded bySAI Global - APAC
- As NZS ISO IEC 18033.2-2008 Information Technology - Security Techniques - Encryption Algorithms Asymmetric cUploaded bySAI Global - APAC
- Cipher.javaUploaded byDamas Fajar Priyanto
- Cole E., Krutz R. - Hiding in Plain Sight. Steganography and the Art of Covert Communication(2003)(335)Uploaded byjaypatel40
- Secure Test Message Transmission in MCCDMA Wireless Communication System with Implementation of STBC And MIMO Beamforming SchemesUploaded byLawrence Avery
- A Joint Encryption/Watermarking Algorithm for Secure Image TransferUploaded byijcnac
- 1213104-9696-IJVIPNS-IJENS.pdfUploaded byStefhanieAndreaaneAdeliaTendean

## Much more than documents.

Discover everything Scribd has to offer, including books and audiobooks from major publishers.

Cancel anytime.