CS 450/650 Fundamentals of Integrated Computer Security

Fall 2014

Homework 6

Due on Tuesday, Dec 16 at 1:00 pm

The following problems are from the text book (Stallings and Brown, 3nd edition):

Chapter 21: 6.e

Perform encryption and decryption using the RSA algorithm, as in Figure 21.6, for the following:
e. p = 17; q = 31, e = 7; M = 2

Chapter 21: 12

Consider a Diffie-Hellman scheme with a common prime q = 11 and a primitive root a = 2.
a. If user A has public key YA = 9, what is A's private key XA?
b. If user B has public key YB = 3, what is the shared secret key K?

Chapter 22: 2

Consider the following threats to Web security and describe how each is countered by a particular feature of SSL.
a. Man-in-the-middle attack: An attacker interposes during key exchange, acting as the client to the server and as the server to the client.
b. Password sniffing: Passwords in HTTP or other application traffic are eaves- dropped.
c. IP spoofing: Uses forged IP addresses to fool a host into accepting bogus data.
d. IP hijacking: An active, authenticated connection between two hosts is disrupted and the attacker takes the place of one of the hosts.
e. SYN flooding: An attacker sends TCP SYN messages to request a connection but does not respond to the final message to establish the connection fully. The attacked TCP module typically leaves the "half-open connection" around for a few minutes. Repeated SYN messages can clog the TCP module.

Chapter 23: 3

Consider the details of the X.509 certificate shown below.
a. Identify the key elements in this certificate, including the owner's name and public key, its validity dates, the name of the CA that signed it, and the type and value of signature.
b. State whether this is a CA or end-user certificate, and why.
c. Indicate whether the certificate is valid or not, and why.
d. State whether there are any other obvious problems with the algorithms used in this certificate.

Certificate:
 Data:
  Version: 3 (0x2)
  Serial Number: 3c:50:33:c2:f8:e7:5c:ca:07:c2:4e:83:f2:e8:0e:4f
  Signature Algorithm: md5WithRSAEncryption
  Issuer: O=VeriSign, Inc.,
      OU=VeriSign Trust Network,
      CN=VeriSign Class 1 CA Individual - Persona Not Validated
  Validity
   Not Before: Jan 13 00:00:00 2000 GMT
   Not After : Mar 13 23:59:59 2000 GMT
  Subject: O=VeriSign, Inc.,
      OU=VeriSign Trust Network,
      OU=Persona Not Validated,
     OU=Digital ID Class 1 - Netscape
     CN=John Doe/Email=john.doe@adfa.edu.au
  Subject Public Key Info:
   Public Key Algorithm: rsaEncryption
   RSA Public Key: (512 bit)
    Modulus (512 bit):
      00:98:f2:89:c4:48:e1:3b:2c:c5:d1:48:67:80:53:
      d8:eb:4d:4f:ac:31:a9:fd:11:68:94:ba:44:d8:48:
      46:0d:fc:5c:6d:89:47:3f:9f:d0:c0:6d:3e:9a:8e:
      ec:82:21:48:9b:b9:78:cf:aa:09:61:92:f6:d1:cf:
      45:ca:ea:8f:df
    Exponent: 65537 (0x10001)
  X509v3 extensions:
   X509v3 Basic Constraints:
    CA:FALSE
   X509v3 Certificate Policies:
    Policy: 2.16.840.1.113733.1.7.1.1
     CPS: https://www.verisign.com/CPS
   X509v3 CRL Distribution Points:
    URI:http://crl.verisign.com/class1.crl
 Signature Algorithm: md5WithRSAEncryption
  5a:71:77:c2:ce:82:26:02:45:41:a5:11:68:d6:99:f0:4c:ce:
  7a:ce:80:44:f4:a3:1a:72:43:e9:dc:e1:1a:9b:ec:64:f7:ff:
  21:f2:29:89:d6:61:e5:39:bd:04:e7:e5:3d:7b:14:46:d6:eb:
  8e:37:b0:cb:ed:38:35:81:1f:40:57:57:58:a5:c0:64:ef:55:
  59:c0:79:75:7a:54:47:6a:37:b2:6c:23:6b:57:4d:62:2f:94:
  d3:aa:69:9d:3d:64:43:61:a7:a3:e0:b8:09:ac:94:9b:23:38:
  e8:1b:0f:e5:1b:6e:e2:fa:32:86:f0:c4:0b:ed:89:d9:16:e4:
  a7:77	  

Chapter 24: 2 [bonus]

Prior to the introduction of IEEE 802.11i, the security scheme for IEEE 802.11 was Wired Equivalent Privacy (WEP). WEP assumed all devices in the network share a secret key. The purpose of the authentication scenario is for the STA to prove that it possesses the secret key. Authentication proceeds as shown in Figure 24.13. The STA sends a message to the AP requesting authentication. The AP issues a challenge, which is a sequence of 128 random bytes, sent as plaintext. The STA encrypts the challenge with the shared key and returns it to the AP. The AP decrypts the incoming value and compares it to the challenge that it sent. If there is a match, the AP confirms that authentication has succeeded.
a. What are the benefits of this authentication scheme?
b. This authentication scheme is incomplete. What is missing and why is this important? Hint: The addition of one or two messages would fix the problem.
c. What is a cryptographic weakness of this scheme?

What to turn in: A softcopy of your solutions (could be a scanned version of the hard copy) to be uploaded as a single file to WebCampus.