Name____________________________________
ICOM 5018 EXAM II - Spring
2007
March 29,
2007
Open books and notes.
Only the course text and notes in your own handwriting may be used.
1.
The following relate
to electronic mail security, specifically PGP.
a.
What protection
does including the first two octets of the message digest in the signature
block of PGP provide, and why is it not necessary to use more than two blocks?
It is used so the recipient can check
whether the correct public key was used to decrypt the message digest, which
appears only decryptable with A’s public key.
b.
Suppose someone
evil has obtained temporary access to your PGP key rings, and has a complete
record of your traffic. What protection
do you still have?
Your passphrase.
Since the public key ring contains only publicly available certificates, the
question is whether the private key ring contains anything dangerous. It
contains only the private key, encrypted with the passphrase,
which is not stored. So provided this
encryption is strong enough, nothing private has been disclosed. OTOH, if someone has picked up your passphrase with a keystroke logger, all is revealed.
c.
What
difficulties, if any, does this present for other people whose keys are on your
public key rings?
Again, none, since only publicly
available certificates and trust levels are there.
2. The following apply to collision
resistance issues and hash/MAC functions.
Please answer them briefly, but avoiding the dreaded RADQ.
a.
What are the
underlying reasons for using a MAC rather than a hash function?
It provides authentication, provided the
authentication key is known only to sender and receiver, and also makes
brute-force attacks more difficult, since they cannot necessarily be precomputed.
b.
If a MAC rather
than a hash function is in use, does this affect one’s ability to perform a
birthday attack? Explain.
Yes, since without the authentication
password the perpetrator can’t compute the hash code of the two sets of
variations needed for this attack.
c.
Computation resistance
means that if one knows one or more text-MAC pairs (meaning you know both text
and the corresponding MAC, but not the key, that it is computationally
infeasible to find the MAC for a new text.
How would you exploit a computationally nonresistant MAC algorithm?
One way would be a birthday attack as
such. The birthday attack starts with computing hash functions for variations
on the good and the evil, and then looking for a match. Without computation resistance this is possible
with the knowledge of text-match pairs.
3.
The following apply to Kerberos and also to X.509 authentication. Please answer them briefly, but avoiding the
dreaded RADQ
a.
Is it possible to
have more than one TGS (ticket-granting server) in a Kerberos realm? Explain.
It is possible,
both TGS’s would have to have the necessary key to
validate the ticket.
b.
If a second (AS)
authentication server is also present in one realm, does this necessarily
create another realm? Explain.
Not necessarily. A separate realm would exist if the two AS’s
had separate user databases. Then the
significance of cooperating AS’s is that enough keys are shared by TGS’s in the two realms so the outside TGS can believe the
remote ticket (Steps 3-5 in figure 14.2)
c.
The author
compares two-way and three-way authentication in X.509, stating that two-way
requires comparison of timestamps, but three-way does not. Explain what would happen in two-way if the
clocks were out-of-tolerance
This is based on Figure 14.6. In two-way authentication A must check for
originality by seeing if the timestamp from B is in range. If it isn’t, A either starts a new exchange
or assumes something is wrong and abandons the attempt. Using three-way, each side can check the nonces.
d.
How does a
browser verify that a certificate from say, Verisign
is valid? This means what information
does it have or may have to obtain, not just the mechanics of verification.
The browser as distributed contains a
public key for Verisign. It uses this key to verify certificates
issued by Verisign for other hosts when needed. A nonauthentic
browser update could contain a false key, but this would probably come to light
when verifying other users than the malicious one.