Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Answers to Practice Questions for Exam 1, Exams of Cryptography and System Security

Utah College of Dental HygieneCryptography and System Security

Practice Exam 1 Answer Section about Crypto Basics.

Typology: Exams

2021/2022

Uploaded on 02/24/2022

marylen
marylen 🇺🇸

4.6

(26)

250 documents

1 / 2

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Answers to Practice Questions for Exam 1
(Crypto Basics)
Answer 1-Crypto:
a) The three basic requirements that we discussed in class are:
1. Cryptosystem security: Roughly speaking, it must be infeasible for an eavesdropper to
compute xfrom ywithout knowing KAB. Moreover, it must be infeasible to infer KAB
even if the eavesdropper has access to many ciphertexts exchanged by Alice and Bob.
2. Endpoint security: Alice and Bob must store KAB securely (so that no one can steal it)
and use it in a secure computing environment (so that the eavesdropper cannot simply
obtain the plaintext before it is sent or after it is received, without having to “break”
the cryptosystem).
3. Secure key management: Alice and Bob, typically with the assistance of a key-dis-
tribution center, must obtain a unique key KAB and maintain its security until it is
retired.
.
b) Secure key management cannot be done at Internet scale. In particular, e-commerce web-
sites need to communicate securely with potential customers whom they have never “met”
and with whom they have not been able to establish shared keys.
Answer 2-Crypto:
a) Public-key certificates are signed (name, public key) pairs. The problem addressed is
that an impostor or man-in-the-middle, say Manny, could generate a key pair (P KM, SKM)
and then impersonate Alice by publishing the directory entry (Alice, P KM). Subsequently,
if someone sends a ciphertext to Alice that was encrypted using the encryption key PKM,
Manny could intercept it and decrypt it, because it is he, not Alice, who knows the corre-
sponding decryption key SKM. To prevent this, we require that public-key directory entries
be signed by certifying authorities or CAs. Instead of simply generating her key pair and
publishing her public key, Alice takes her public key PKAto a CA, along with proof that
she is indeed Alice. The CA verifies that her identification documents are valid and then
signs the (name, key) pair (Alice, P KA). The entry that is published in the directory is
Alice, P KA, σAlice,C A,
where σAlice,CA is the CA’s signature on (Alice, P KA). Someone who wants to use P KAmust
have a trustworthy copy of the CA’s verification key, but we have reduced the problem of
needing trustworthy copies of PKA, for every user Aof the public-key system, to the much
smaller-scale problem of needing a trustworthy verification key (or keys) for one (or a small
number of) CA(s).
pf2

Partial preview of the text

Download Answers to Practice Questions for Exam 1 and more Exams Cryptography and System Security in PDF only on Docsity!

Answers to Practice Questions for Exam 1

(Crypto Basics)

Answer 1-Crypto: a) The three basic requirements that we discussed in class are:

  1. Cryptosystem security: Roughly speaking, it must be infeasible for an eavesdropper to compute x from y without knowing KAB. Moreover, it must be infeasible to infer KAB even if the eavesdropper has access to many ciphertexts exchanged by Alice and Bob.
  2. Endpoint security: Alice and Bob must store KAB securely (so that no one can steal it) and use it in a secure computing environment (so that the eavesdropper cannot simply obtain the plaintext before it is sent or after it is received, without having to “break” the cryptosystem).
  3. Secure key management: Alice and Bob, typically with the assistance of a key-dis- tribution center, must obtain a unique key KAB and maintain its security until it is retired.

. b) Secure key management cannot be done at Internet scale. In particular, e-commerce web- sites need to communicate securely with potential customers whom they have never “met” and with whom they have not been able to establish shared keys.

Answer 2-Crypto: a) Public-key certificates are signed (name, public key) pairs. The problem addressed is that an impostor or man-in-the-middle, say Manny, could generate a key pair (P KM , SKM ) and then impersonate Alice by publishing the directory entry (Alice, P KM ). Subsequently, if someone sends a ciphertext to Alice that was encrypted using the encryption key P KM , Manny could intercept it and decrypt it, because it is he, not Alice, who knows the corre- sponding decryption key SKM. To prevent this, we require that public-key directory entries be signed by certifying authorities or CAs. Instead of simply generating her key pair and publishing her public key, Alice takes her public key P KA to a CA, along with proof that she is indeed Alice. The CA verifies that her identification documents are valid and then signs the (name, key) pair (Alice, P KA). The entry that is published in the directory is

Alice, P KA, σAlice,CA,

where σAlice,CA is the CA’s signature on (Alice, P KA). Someone who wants to use P KA must have a trustworthy copy of the CA’s verification key, but we have reduced the problem of needing trustworthy copies of P KA, for every user A of the public-key system, to the much smaller-scale problem of needing a trustworthy verification key (or keys) for one (or a small number of) CA(s).

b) If Bob wants to send a long traffic stream to Alice, he can obtain her public key P KA (and a certificate that allows him to verify that it is hers), generate a shared key KAB for a (fast) symmetric-key cryptosystem, and send her E(KAB , P KA), where E is the agreed- upon, (slow) public-key encryption function. Alice can decrypt this message (using SKA, which only she knows) to recover KAB. Bob can then encrypt his long traffic stream using the symmetric-key cryptosystem and the key KAB that only he and Alice know. This basic technique is an essential component of the SSL/TLC protocol for encrypting web traffic.

Answer 3-Crypto: a) If Alice (A) is a user, then her signing key skA consists of (d, n), where n = pq is the product of two equal-length, large primes p and q, and d is an integer that is relatively prime to φ(n) = (p − 1)(q − 1). Her verification key pkA consists of (e, n), where ed ≡ 1 mod φ(n). In order to sign a message M , where M ∈ [0, n − 1], Alice computes σA = M d^ mod n. In order to verify this signature, anyone can look up Alice’s (public) verification key and check that M = σAe mod n. b) At the very least, multiplication of equal-length primes must be one-way; that is, while it is easy to compute n = pq, it is hard to compute p and q given n, even if one is told that n is the product of two equal-length primes. Note that we actually need it to be easy to find large p and q of the same length and verify that they are prime, not just that it is easy to multiply them once we have them. More generally, we need it to be hard to find e if one is given (d, n) but is not given the factors p and q. c) No

Answer 4-Crypto: a) See Section 2.4 of Schneier’s book (http://proquest.safaribooksonline.com/book/ -/9780471117094). b) Because public-key signature and verification functions are often slow, one typically com- putes a one-way hash, say t, of a long document M and then signs t, which is much shorter than M. To verify a signature, one must first check that t is indeed the output that the one-way hash function produces on input M and then verify the signature on t.