ICOM 5018 EXAM II - Spring 2007
March† 29, 2007
Open books and notes. Only the course text and notes in your own handwriting may be used.
The following relate
to electronic mail security, specifically PGP.
does including the first two octets of the message digest in the signature
block of PGP provide, and why is it not necessary to use more than two blocks?
It is used so the recipient can check whether the correct public key was used to decrypt the message digest, which appears only decryptable with Aís public key.
evil has obtained temporary access to your PGP key rings, and has a complete
record of your traffic.† What protection
do you still have?
Your passphrase. Since the public key ring contains only publicly available certificates, the question is whether the private key ring contains anything dangerous. It contains only the private key, encrypted with the passphrase, which is not stored.† So provided this encryption is strong enough, nothing private has been disclosed.† OTOH, if someone has picked up your passphrase with a keystroke logger, all is revealed.
difficulties, if any, does this present for other people whose keys are on your
public key rings?
Again, none, since only publicly available certificates and trust levels are there.
What are the
underlying reasons for using a MAC rather than a hash function?†
It provides authentication, provided the authentication key is known only to sender and receiver, and also makes brute-force attacks more difficult, since they cannot necessarily be precomputed.
If a MAC rather
than a hash function is in use, does this affect oneís ability to perform a
birthday attack?† Explain.
Yes, since without the authentication password the perpetrator canít compute the hash code of the two sets of variations needed for this attack.
means that if one knows one or more text-MAC pairs (meaning you know both text
and the corresponding MAC, but not the key, that it is computationally
infeasible to find the MAC for a new text.†
How would you exploit a computationally nonresistant MAC algorithm?
One way would be a birthday attack as such. The birthday attack starts with computing hash functions for variations on the good and the evil, and then looking for a match.† Without computation resistance this is possible with the knowledge of text-match pairs.
The following apply to Kerberos and also to X.509 authentication.† Please answer them briefly, but avoiding the
Is it possible to
have more than one TGS (ticket-granting server) in a Kerberos realm?† Explain.
It is possible, both TGSís would have to have the necessary key to validate the ticket.
If a second (AS)
authentication server is also present in one realm, does this necessarily
create another realm?† Explain.
Not necessarily.† A separate realm would exist if the two ASís had separate user databases.† Then the significance of cooperating ASís is that enough keys are shared by TGSís in the two realms so the outside TGS can believe the remote ticket (Steps 3-5 in figure 14.2)
compares two-way and three-way authentication in X.509, stating that two-way
requires comparison of timestamps, but three-way does not.† Explain what would happen in two-way if the
clocks were out-of-tolerance
This is based on Figure 14.6.† In two-way authentication A must check for originality by seeing if the timestamp from B is in range.† If it isnít, A either starts a new exchange or assumes something is wrong and abandons the attempt.† Using three-way, each side can check the nonces.
How does a
browser verify that a certificate from say, Verisign
is valid?† This means what information
does it have or may have to obtain, not just the mechanics of verification.
The browser as distributed contains a public key for Verisign.† It uses this key to verify certificates issued by Verisign for other hosts when needed.† A nonauthentic browser update could contain a false key, but this would probably come to light when verifying other users than the malicious one.