ICOM 5018 EXAM II - Spring 2007

March29, 2007


Open books and notes. Only the course text and notes in your own handwriting may be used.


1.       The following relate to electronic mail security, specifically PGP.

a.       What protection does including the first two octets of the message digest in the signature block of PGP provide, and why is it not necessary to use more than two blocks?

It is used so the recipient can check whether the correct public key was used to decrypt the message digest, which appears only decryptable with Aís public key.

b.       Suppose someone evil has obtained temporary access to your PGP key rings, and has a complete record of your traffic.What protection do you still have?

Your passphrase. Since the public key ring contains only publicly available certificates, the question is whether the private key ring contains anything dangerous. It contains only the private key, encrypted with the passphrase, which is not stored.So provided this encryption is strong enough, nothing private has been disclosed.OTOH, if someone has picked up your passphrase with a keystroke logger, all is revealed.

c.       What difficulties, if any, does this present for other people whose keys are on your public key rings?

Again, none, since only publicly available certificates and trust levels are there.


2.       The following apply to collision resistance issues and hash/MAC functions.Please answer them briefly, but avoiding the dreaded RADQ.

a.       What are the underlying reasons for using a MAC rather than a hash function?

It provides authentication, provided the authentication key is known only to sender and receiver, and also makes brute-force attacks more difficult, since they cannot necessarily be precomputed.

b.       If a MAC rather than a hash function is in use, does this affect oneís ability to perform a birthday attack?Explain.

Yes, since without the authentication password the perpetrator canít compute the hash code of the two sets of variations needed for this attack.

c.       Computation resistance means that if one knows one or more text-MAC pairs (meaning you know both text and the corresponding MAC, but not the key, that it is computationally infeasible to find the MAC for a new text.How would you exploit a computationally nonresistant MAC algorithm?

One way would be a birthday attack as such. The birthday attack starts with computing hash functions for variations on the good and the evil, and then looking for a match.Without computation resistance this is possible with the knowledge of text-match pairs.


3.       The following apply to Kerberos and also to X.509 authentication.Please answer them briefly, but avoiding the dreaded RADQ

a.       Is it possible to have more than one TGS (ticket-granting server) in a Kerberos realm?Explain.

It is possible, both TGSís would have to have the necessary key to validate the ticket.

b.       If a second (AS) authentication server is also present in one realm, does this necessarily create another realm?Explain.

Not necessarily.A separate realm would exist if the two ASís had separate user databases.Then the significance of cooperating ASís is that enough keys are shared by TGSís in the two realms so the outside TGS can believe the remote ticket (Steps 3-5 in figure 14.2)

c.       The author compares two-way and three-way authentication in X.509, stating that two-way requires comparison of timestamps, but three-way does not.Explain what would happen in two-way if the clocks were out-of-tolerance

This is based on Figure 14.6.In two-way authentication A must check for originality by seeing if the timestamp from B is in range.If it isnít, A either starts a new exchange or assumes something is wrong and abandons the attempt.Using three-way, each side can check the nonces.

d.       How does a browser verify that a certificate from say, Verisign is valid?This means what information does it have or may have to obtain, not just the mechanics of verification.

The browser as distributed contains a public key for Verisign.It uses this key to verify certificates issued by Verisign for other hosts when needed.A nonauthentic browser update could contain a false key, but this would probably come to light when verifying other users than the malicious one.