My online Vidhya

0 0

Cryptography Assignment

These Questions based on ” Information security : Principles and practice. John Wiley & Sons“

Attacks

Q.

Consider the following mutual authentication protocol. Give two different attacks Trudy can convince Bob she is Alice.  

Alice –“I am Alice”, R—>Bob

Alice<—E(R,K(ab))——-Bob

Alice——E(R+1,K(a,b))–Bob

Answer: 

This mutual authentication protocol appears to be vulnerable to two different attacks that Trudy can use to convince Bob that she is Alice.

Attack 1: Replay Attack

In this attack, Trudy intercepts Alice’s message “I am Alice” and records the message and the value of R. Trudy then sends the same message and R value to Bob. When Bob sends the challenge E(R,K(ab)) to Trudy, she can simply forward this message to Alice, who will encrypt it and return the result to Trudy. Trudy can then forward the encrypted message back to Bob, who will accept it as proof of Alice’s identity.

Attack 2: Man-in-the-Middle Attack

In this attack, Trudy intercepts Alice’s message “I am Alice” and sends a message to Bob pretending to be Alice. Bob will send the challenge E(R,K(ab)) to Trudy, who will forward it to Alice. Alice will encrypt the challenge with her key and send the result back to Trudy, who will forward it to Bob. Trudy will intercept Bob’s challenge E(R+1,K(a,b)) and forward it to Alice, pretending to be Bob. Alice will encrypt the challenge with her key and send the result back to Trudy, who will forward it to Bob. Bob will accept the result as proof of Alice’s identity, even though Trudy was able to intercept and modify all of the messages exchanged between Alice and Bob.

To prevent these attacks, Bob and Alice should use a more secure mutual authentication protocol, such as one that uses digital signatures or challenge-response authentication with a shared secret key.

Two-message authentication protocol

Q

Design a secure two-message authentication protocol that provides mutual-authentication and establishes a session key K. Assume that Alice and Bob know each other’s public keys beforehand.

Answer: 

A secure two-message authentication protocol that provides mutual-authentication and establishes a session key K, assuming that Alice and Bob know each other’s public keys beforehand:

1. Alice generates a random value R_A and encrypts it with Bob’s public key, creating the message E(R_A, K_B).
2. Alice sends the message E(R_A, K_B) to Bob.
3. Bob decrypts the message E(R_A, K_B) using his private key, obtaining the value R_A.
4. Bob generates a random value R_B and encrypts it with Alice’s public key, creating the message E(R_B, K_A).
5. Bob sends the message E(R_B, K_A) to Alice.
6. Alice decrypts the message E(R_B, K_A) using her private key, obtaining the value R_B.
7. Alice concatenates the values R_A, R_B, and a secret shared key K_AB, and calculates the hash value H of the concatenation, i.e. H = hash(R_A || R_B || K_AB).
8. Alice encrypts the hash value H with Bob’s public key, creating the message E(H, K_B).
9. Alice sends the message E(H, K_B) to Bob.
10. Bob decrypts the message E(H, K_B) using his private key, obtaining the hash value H.
11. Bob concatenates the values R_B, R_A, and the secret shared key K_AB, and calculates the hash value H’ of the concatenation, i.e. H’ = hash(R_B || R_A || K_AB).
12. Bob verifies that H’ is equal to H. If the values match, then Bob knows that Alice has the secret shared key K_AB and that the message came from Alice. Bob also generates the session key K using a secure key derivation function, based on the values R_A, R_B, and K_AB.
13. Bob encrypts the session key K with Alice’s public key, creating the message E(K, K_A).
14. Bob sends the message E(K, K_A) to Alice.
15. Alice decrypts the message E(K, K_A) using her private key, obtaining the session key K.

Now both Alice and Bob have established a session key K that they can use to communicate securely. This protocol is secure because it provides mutual authentication, ensuring that both parties are who they claim to be, and it also establishes a session key that is known only to Alice and Bob, and cannot be intercepted or modified by an attacker. Additionally, the use of hash functions provides message integrity, ensuring that the messages exchanged have not been tampered with.

SSL and IPSec

Q

SSL and IPSec are both designed to provide security over the network.

a.What are the significant similarities between the two protocols?

b.What are the significant differences between the two protocols?

c.For SSL, what protocol does it use to establish security contexts (e.g., keys and algorithms) between two parties? How about IPSec?

d.What will a packet look like if you (IP address A) send a packet to another machine (IP address B) with AH at tunnel mode?

Answer

a. Significant similarities between SSL and IPSec:

• Both protocols provide security over the network by encrypting and authenticating data transmitted between two parties.
• Both protocols use cryptographic algorithms to provide confidentiality, integrity, and authenticity of the data transmitted.
• Both protocols use key exchange mechanisms to establish secure communication channels between two parties.

b. Significant differences between SSL and IPSec:

• SSL is primarily used to secure communication between web browsers and servers, while IPSec can be used to secure communication between any two devices over the network.
• SSL is implemented at the application layer, while IPSec is implemented at the network layer.
• SSL is more commonly used for securing web-based applications, while IPSec is more commonly used for securing site-to-site or remote access VPNs.
• SSL supports a range of cryptographic algorithms and can negotiate which one to use during the handshake process, while IPSec uses a predefined set of algorithms.

c. SSL uses the Transport Layer Security (TLS) protocol to establish security contexts between two parties. IPSec, on the other hand, uses Internet Key Exchange (IKE) protocol to establish security contexts between two parties.

d. If IP address A sends a packet to IP address B with Authentication Header (AH) in tunnel mode, the packet will have the following format:

| IP header | AH header | ESP header | Inner packet |

The IP header will contain the source and destination IP addresses, and the protocol field will indicate that the packet contains AH. The AH header will contain information such as the security parameters index (SPI), sequence number, and authentication data. The ESP header may or may not be present, depending on whether encryption is used. The inner packet will contain the actual data being transmitted. The AH header provides integrity and authenticity of the packet, while the ESP header provides confidentiality, integrity, and authenticity of the data in the inner packet. The combination of AH and ESP provides both authentication and encryption of the packet.

Kerberized login

Q

Consider the Kerberized login. 

a.What is a TGT and what is its purpose?

b.Why is the TGT sent to Alice instead of being stored on the KDC?

c.Why is the TGT encrypted with KKDC?

d.Why is the TGT encrypted with KA when it is sent from the KDC to Alice’s computer?

Answer

a. TGT stands for Ticket Granting Ticket. Its purpose is to provide authentication credentials to a user, which can be used to request access to network resources without requiring the user to provide their password again. The TGT is obtained from the Kerberos authentication server (KDC) after the user authenticates with their password, and it contains information such as the user’s identity, a timestamp, and a session key.

b. The TGT is sent to Alice instead of being stored on the KDC because the KDC is not a trusted entity from the perspective of the user. By sending the TGT to Alice, she can store it securely on her own computer and use it to authenticate with other services without requiring further communication with the KDC.

c. The TGT is encrypted with KKDC to prevent unauthorized parties from intercepting and using the ticket. KKDC is a secret key shared between the KDC and the ticket-granting service (TGS), which is responsible for issuing service tickets to users. By encrypting the TGT with KKDC, only the TGS can decrypt and validate the ticket.

d. The TGT is encrypted with KA when it is sent from the KDC to Alice’s computer to prevent unauthorized parties from intercepting and using the ticket. KA is a secret key shared between Alice’s computer and the KDC, which is established during the initial authentication process. By encrypting the TGT with KA, only Alice’s computer can decrypt and use the ticket to request service tickets from the TGS.

GSM security protocol

Q

Describe (enumerate) the insecurity of GSM and then modify the GSM security protocol so that it can provide mutual authentication.

Answer

Insecurity of GSM:

1. Lack of mutual authentication: The original GSM security protocol only provides one-way authentication, where the mobile station (MS) authenticates the network (VLR/AuC), but the network does not authenticate the MS.
2. Vulnerability to eavesdropping: GSM uses a weak encryption algorithm (A5/1) that is vulnerable to eavesdropping and decryption.
3. Vulnerability to impersonation attacks: GSM uses a weak authentication algorithm (A3) that is vulnerable to impersonation attacks, where an attacker can obtain the user’s authentication information and use it to impersonate the user.
4. Vulnerability to replay attacks: GSM does not provide protection against replay attacks, where an attacker can intercept and replay previously transmitted messages.

Modification to provide mutual authentication:

To modify the GSM security protocol to provide mutual authentication, the following changes can be made:

1. Upgrade to a stronger encryption algorithm: The weak encryption algorithm A5/1 should be replaced with a stronger algorithm such as A5/3, which provides better security against eavesdropping and decryption.
2. Upgrade to a stronger authentication algorithm: The weak authentication algorithm A3 should be replaced with a stronger algorithm such as AKA (Authentication and Key Agreement), which provides better security against impersonation attacks.
3. Use a challenge-response mechanism for authentication: To provide mutual authentication, the MS should send a challenge to the network, and the network should respond with a challenge of its own. The MS should then authenticate the network using the challenge response.
4. Use time-stamping to prevent replay attacks: To prevent replay attacks, all messages transmitted between the MS and the network should be time-stamped. The network should only accept messages that have not expired and are not duplicates.
5. Use digital certificates for authentication: To provide stronger authentication, the MS and the network should exchange digital certificates during the authentication process. The certificates should be issued by a trusted certificate authority and should be verified before the authentication process is completed.

By implementing these modifications, the GSM security protocol can be strengthened to provide mutual authentication and better security against eavesdropping, impersonation attacks, and replay attacks.

Bid method

Q

Recall the online bid method discussed in Section 5.8.1. 

a. What property or properties of a secure hash function h does this 

scheme rely on to prevent cheating? 

b. Suppose that Charlie is certain that Alice and Bob will both submit bids between $10,000 and $20,000. Describe a forward search 

attack that Charlie can use to determine Alice’s bid and Bob’s bid 

from their respective hash values.

c. Is the attack in part b a practical security concern? 

d. How can the bidding procedure be modified to prevent a forward search such as that in part b?

Answer

a. The secure bid method relies on the following properties of a secure hash function h to prevent cheating:

• Collision resistance: It should be computationally infeasible to find two different inputs that result in the same hash value.
• Pre-image resistance: It should be computationally infeasible to find an input that generates a given hash value.
• Second pre-image resistance: Given an input and its hash value, it should be computationally infeasible to find a different input that has the same hash value.

b. If Charlie is certain that Alice and Bob will both submit bids between $10,000 and $20,000, he can use a forward search attack to determine their respective bids. Charlie can generate hash values for all possible bids in this range and compare them with the hash values submitted by Alice and Bob. The bids that produce the matching hash values will be the bids submitted by Alice and Bob.

c. The attack in part b is not a practical security concern because the range of possible bids is too large to perform a forward search attack in a reasonable amount of time. In addition, the hash function used in the secure bid method is typically a strong and secure hash function, making it computationally infeasible to find the corresponding input.

d. The bidding procedure can be modified to prevent a forward search attack such as that in part b by introducing salt values. Each bidder can choose a unique salt value and append it to their bid before hashing it. This will result in a unique hash value for each bidder, even if they submit the same bid amount. The salt value can be kept secret until the end of the bidding process, preventing attackers from performing a forward search attack. Additionally, the salt value can be randomized for each bidding process, making it more difficult for attackers to guess the correct salt value.

Symmetric Key

Q

Alice’s computer needs to have access to a symmetric key KA· Consider the following two methods for deriving and storing the key KA-

(i) The key is generated as KA = h(Alice’s password). The key is not stored on Alice’s computer. Instead, whenever KA is required, Alice enters her password and the key is generated. 

(ii) The key KA is initially generated at random, and it is then stored as E(KA,K), where K = ^(Alice’s password). Whenever KA is required, Alice enters her password, which is hashed to generate K 

and K is then used to decrypt the key KAGive one significant advantage of method (i) as compared to (ii), and one significant advantage of (ii) as compared to (i).

Answer

One significant advantage of method (i) over method (ii) is that the key KA is not stored on Alice’s computer, making it less susceptible to theft or unauthorized access. This reduces the risk of the key being compromised if Alice’s computer is lost or stolen. Additionally, since the key is generated each time it is required, there is less risk of the key being intercepted by an attacker.

One significant advantage of method (ii) over method (i) is that the key KA can be easily backed up and recovered in case Alice forgets her password or loses access to it. Since the key is initially generated at random and then encrypted with K, it can be decrypted using K whenever Alice needs to access it. This ensures that Alice always has access to the key KA, even if she forgets her password or is unable to access it for some reason. Additionally, this method allows Alice to easily change her password without having to re-generate a new key KA.

Extract

Q

Obtain the file stego.zip from the textbook website:”https://www.cs.sjsu.edu/~stamp/infosec/files/”. 

a. Use the program stegoRead to extract the hidden file contained in aliceStego.bmp. 

b. Use the programs to insert another file into a different (uncompressed) image file and extract the information. 

c. Provide screen snapshots of the image file from part b, both with and without the hidden information.

Answer

a. To extract the hidden file from aliceStego.bmp using stegoRead, follow these steps:

1. Download the stego.zip file from the website provided in the question.
2. Extract the contents of the zip file to a folder on your computer.
3. Open a command prompt or terminal window and navigate to the folder where you extracted the zip file.
4. Run the command “stegoRead.exe aliceStego.bmp” to extract the hidden file.
5. The extracted file will be saved in the same folder with the name “hidden.txt”.

b. To insert another file into a different image file and extract the information using the programs provided, follow these steps:

1. Choose an uncompressed image file that you want to use for hiding the data and copy it to the same folder where you extracted the stego.zip file.
2. Rename the image file to “cover.bmp”.
3. Create a text file with the data you want to hide and save it as “data.txt” in the same folder.
4. Open a command prompt or terminal window and navigate to the folder where you extracted the stego.zip file.
5. Run the command “stegoHide.exe cover.bmp data.txt stego.bmp” to hide the data in the image file.
6. The resulting stego.bmp file will contain the hidden data.
7. To extract the hidden data from stego.bmp, run the command “stegoRead.exe stego.bmp” in the same folder. The extracted data will be saved in a file called “hidden.txt”.

c. To provide screen snapshots of the image file before and after hiding the data, you can take screenshots of the file explorer or image viewer windows that display the image. These screenshots can then be edited or cropped as needed to show the relevant parts of the image.

Random numbers in cryptography

Q

This problem deals with the uses of random numbers in cryptography. 

a. Where are random numbers used in symmetric key cryptography? 

b. Where are random numbers used in RSA and Diffie-Hellman?

Answer

a. In symmetric key cryptography, random numbers are used to generate session keys for encryption and decryption of data, as well as for initialization vectors (IVs) for block ciphers in some modes of operation.

b. In RSA, random numbers are used to generate the public and private keys during key generation. Randomness is crucial to make it infeasible for an attacker to determine the private key given the public key. In Diffie-Hellman, random numbers are used to generate secret keys for encryption and decryption of data, as well as for generating shared secrets between two parties. Randomness is important to ensure that the shared secret is unpredictable to an attacker who may be monitoring the communication.

Q

According to the text, random numbers used in cryptography must be unpredictable. 

a. Why are statistically random numbers (which are often used in simulations) not sufficient for cryptographic applications? 

b. Suppose that the keystream generated by a stream cipher is predictable in the sense that if you are given n keystream bits, you can determine all subsequent keystream bits. Is this a practical security concern? Why or why not?

Answer

a. Statistically random numbers may appear to be unpredictable, but they are generated using a predictable algorithm. This means that an attacker who knows the algorithm and has access to some of the random numbers generated can predict future random numbers, compromising the security of the cryptographic system.

b. Yes, this is a practical security concern. If an attacker can predict the keystream of a stream cipher, they can decrypt the encrypted messages by XORing the keystream with the ciphertext. This can result in a complete compromise of the confidentiality of the communication. Therefore, it is crucial that the keystream generated by a stream cipher be unpredictable to prevent this type of attack.

SSH protocol

Q

1. Consider the SSH protocol in Figure 10.1. 

a. Explain precisely how and where Alice is authenticated. What prevents a replay attack? 

b. If Trudy is a passive attacker (i.e., she can only observe messages), she cannot determine the key K. Why? 

c. Show that if Trudy is an active attacker (i.e., she can actively send messages) and she can impersonate Bob, then she can determine the key K that Alice uses in the last message. Explain why this does not break the protocol. 

d. What is the purpose of the encrypting the final message with the key if?

Answer

a. Alice is authenticated using public key cryptography in the SSH protocol. Specifically, Alice’s SSH client uses Bob’s public key to encrypt a random number (nonce) and send it to Bob. Bob then decrypts the nonce using his private key, generates a session key (K), and encrypts the session key using Alice’s public key. Bob sends the encrypted session key to Alice, who decrypts it using her private key to obtain K. Alice is authenticated because only Bob’s private key can decrypt the nonce, and only Alice’s private key can decrypt the session key. A replay attack is prevented because the nonce is a random number generated by Alice, and Bob generates a new session key for each SSH session.

b. If Trudy is a passive attacker, she cannot determine the key K because she does not have access to Alice’s private key or Bob’s private key. Therefore, Trudy cannot decrypt any of the messages exchanged between Alice and Bob, including the final message that is encrypted with K.

c. If Trudy is an active attacker and can impersonate Bob, she can send a different session key (K’) to Alice instead of the actual session key K. Alice will then encrypt the final message using K’ instead of K, and Trudy can intercept and decrypt the message using K’. However, this does not break the protocol because Alice and Bob will not be able to establish a secure communication channel using K’. Therefore, Trudy cannot continue to intercept and decrypt messages after the first one.

d. The final message in the SSH protocol is encrypted with the session key K to ensure confidentiality and integrity of the message. Encrypting the message with K ensures that only Alice and Bob can read the message, as K is known only to them. Additionally, if the message is modified in transit, the encryption with K will ensure that the modification is detected.

About Post Author

MOV Inc.

hemantkavi@gmail.com

http://myonlinevidhya.com

Happy

0 0 %

Sad

0 0 %

Excited

0 0 %

Sleepy

0 0 %

Angry

0 0 %

Surprise

0 0 %