CS 450/650 Fundamentals of Integrated Computer Security

Fall 2014

Homework 1 : Cryptographic Tools

Due on Tuesday, Sep 9 at 1:00 pm

1 : Consider the following encrypted text

JLQEBO: TEXQ AFA VLR IBXOK FK PZELLI QLAXV
PLK: ELT QL TOFQB
JLQEBO: TEXQ AFA VLR TOFQB?
PLK: F ALK'Q HKLT, QEBV EXSBK'Q QXRDEQ RP ELT QL OBXA VBQ!

Decrypt it using the tool available at http://www.simonsingh.net/The_Black_Chamber/caesar.html. What is the plain text? What is the key?

The following problems are from the text book (Stallings and Brown, 3rd edition):

Chapter 1:

1: Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirement.

5: Consider the following general code for allowing access to a resource:

DWORD dwRet = IsAccessAllowed(...);
if (dwRet == ERROR_ACCESS_DENIED) {
// Security check failed.
// Inform user that access is denied.
} else {
// Security check OK.
}

a. Explain the security flaw in this program.

b. Rewrite the code to avoid the flaw

Hint: Consider the design principle of fail-safe defaults.

Chapter 2:

1: Suppose that someone suggests the following way to confirm that the two of you are both in possession of the same secret key. You create a random bit string the length of the key, XOR it with the key, and send the result over the channel. Your partner XORs the incoming block with the key (which should be the same as your key) and sends it back. You check, and if what you receive is your original random string, you have verified that your partner has the same secret key, yet neither of you has ever transmitted the key. Is there a flaw in this scheme?

6: Suppose H(m) is a collision-resistant hash function that maps a message of arbitrary bit length into an n-bit hash value. Is it true that, for all messages x, x' with x ≠ x', we have H(x) ≠ H(x')? Explain your answer.

What to turn in: A softcopy of your solutions (could be a scanned version of the hard copy) to be uploaded as a single file to WebCampus.