The following problems are from the text book (Stallings and Brown, 3nd edition):
Chapter 21: 6.e
Perform encryption and decryption using the RSA algorithm, as in Figure 21.6, for the following:
e. p = 17; q = 31, e = 7; M = 2
Chapter 21: 12
Consider a Diffie-Hellman scheme with a common prime q = 11 and a primitive root a = 2.
a. If user A has public key YA = 9, what is A's private key XA?
b. If user B has public key YB = 3, what is the shared secret key K?
Chapter 22: 2
Consider the following threats to Web security and describe how each is countered by a particular feature of SSL.
a. Man-in-the-middle attack: An attacker interposes during key exchange, acting as the client to the server and as the server to the client.
b. Password sniffing: Passwords in HTTP or other application traffic are eaves- dropped.
c. IP spoofing: Uses forged IP addresses to fool a host into accepting bogus data.
d. IP hijacking: An active, authenticated connection between two hosts is disrupted and the attacker takes the place of one of the hosts.
e. SYN flooding: An attacker sends TCP SYN messages to request a connection but does not respond to the final message to establish the connection fully. The attacked TCP module typically leaves the "half-open connection" around for a few minutes. Repeated SYN messages can clog the TCP module.
Chapter 23: 3
Consider the details of the X.509 certificate shown below.
a. Identify the key elements in this certificate, including the owner's name and public key, its validity dates, the name of the CA that signed it, and the type and value of signature.
b. State whether this is a CA or end-user certificate, and why.
c. Indicate whether the certificate is valid or not, and why.
d. State whether there are any other obvious problems with the algorithms used in this certificate.
Certificate: Data: Version: 3 (0x2) Serial Number: 3c:50:33:c2:f8:e7:5c:ca:07:c2:4e:83:f2:e8:0e:4f Signature Algorithm: md5WithRSAEncryption Issuer: O=VeriSign, Inc., OU=VeriSign Trust Network, CN=VeriSign Class 1 CA Individual - Persona Not Validated Validity Not Before: Jan 13 00:00:00 2000 GMT Not After : Mar 13 23:59:59 2000 GMT Subject: O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Persona Not Validated, OU=Digital ID Class 1 - Netscape CN=John Doe/Emailfirstname.lastname@example.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (512 bit) Modulus (512 bit): 00:98:f2:89:c4:48:e1:3b:2c:c5:d1:48:67:80:53: d8:eb:4d:4f:ac:31:a9:fd:11:68:94:ba:44:d8:48: 46:0d:fc:5c:6d:89:47:3f:9f:d0:c0:6d:3e:9a:8e: ec:82:21:48:9b:b9:78:cf:aa:09:61:92:f6:d1:cf: 45:ca:ea:8f:df Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Certificate Policies: Policy: 2.16.840.1.1137188.8.131.52.1 CPS: https://www.verisign.com/CPS X509v3 CRL Distribution Points: URI:http://crl.verisign.com/class1.crl Signature Algorithm: md5WithRSAEncryption 5a:71:77:c2:ce:82:26:02:45:41:a5:11:68:d6:99:f0:4c:ce: 7a:ce:80:44:f4:a3:1a:72:43:e9:dc:e1:1a:9b:ec:64:f7:ff: 21:f2:29:89:d6:61:e5:39:bd:04:e7:e5:3d:7b:14:46:d6:eb: 8e:37:b0:cb:ed:38:35:81:1f:40:57:57:58:a5:c0:64:ef:55: 59:c0:79:75:7a:54:47:6a:37:b2:6c:23:6b:57:4d:62:2f:94: d3:aa:69:9d:3d:64:43:61:a7:a3:e0:b8:09:ac:94:9b:23:38: e8:1b:0f:e5:1b:6e:e2:fa:32:86:f0:c4:0b:ed:89:d9:16:e4: a7:77
Chapter 24: 2 [bonus]
Prior to the introduction of IEEE 802.11i, the security scheme for IEEE 802.11 was
Wired Equivalent Privacy (WEP). WEP assumed all devices in the network share a
secret key. The purpose of the authentication scenario is for the STA to prove that
it possesses the secret key. Authentication proceeds as shown in Figure 24.13. The
STA sends a message to the AP requesting authentication. The AP issues a challenge,
which is a sequence of 128 random bytes, sent as plaintext. The STA encrypts the
challenge with the shared key and returns it to the AP. The AP decrypts the incoming
value and compares it to the challenge that it sent. If there is a match, the AP confirms
that authentication has succeeded.
a. What are the benefits of this authentication scheme?
b. This authentication scheme is incomplete. What is missing and why is this important? Hint: The addition of one or two messages would fix the problem.
c. What is a cryptographic weakness of this scheme?
What to turn in: A softcopy of your solutions (could be a scanned version of the hard copy) to be uploaded as a single file to WebCampus.