Ask Computer Engineering Expert

1. 1) ] While logging yourself in using a pair of username and password, say, at a web mailing service, you might have noticed that you are often timed-out after 3 failed attempts. What do you think this might protect against? 
a) This protects against an automated brute force password guessing attack, such as a dictionary attack. It is assumed that such an attack cannot succeed in a limited number of attempts and that a legitimate user can successfully authenticate in at most 3 attempts.

2. 2)  What happens if you forget the password for your favorite web-site? Is it possible to recover your forgotten password? If so, how? Do you think the mechanism to recover the password is secure? In other words, can another person (perhaps a friend who knows you well) possibly retrieve your password? describe your answer. 

a) This is referred to as "Fall-Back Authentication", and is achieved via secret personal problems that a user can set-up while registering with the service. The assumption is that only you would know the answer to the problems. In practice, however, this turns out to be a weak way of Fallback. Users tend to choose problems whose answers may not be hard to guess for a person who knows the user personally. 

3. 3)  Define the terms "authentication" and "non-repudiation." 

a) Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially (or is registered by someone else), using an assigned or self-declared password. On each subsequent use, the user must know and use the previously declared password. The weakness in this system for transactions that are significant (such as the exchange of money) is that passwords can often be stolen, accidentally revealed, or forgotten.
For this reason, Internet business and many other transactions require a more stringent authentication process. The use of digital certificates issued and verified by a Certificate Authority (CA) as part of a public key infrastructure is considered likely to become the standard way to perform authentication on the Internet.
Logically, authentication precedes authorization (although they may often seem to be combined).

b) Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated.

To repudiate means to deny. For many years, authorities have sought to make repudiation impossible in some situations. You might send registered mail, for ex, so the recipient cannot deny that a letter was delivered. Similarly, a legal document typically requires witnesses to signing so that the person who signs cannot deny having done so.

On the Internet, a digital signature is used not only to ensure that a message or document has been electronically signed by the person that purported to sign the document, but also, since a digital signature can only be created by one person, to ensure that a person cannot later deny that they furnished the signature.

Since no security technology is absolutely fool-proof, some experts warn that a digital signature alone may not always guarantee nonrepudiation. It is suggested that multiple approaches be used, such as capturing unique biometric information and other data about the sender or signer that collectively would be difficult to repudiate.

Email nonrepudiation involves methods such as email tracking that are designed to ensure that the sender cannot deny having sent a message and/or that the recipient cannot deny having received it.

Problem 2 [15pts] 

In the class, we studied the Caesar's cipher. A similar cipher is called the affine cipher which works as follows. 

Encryption: each plaintext letter P is encrypted to obtain the ciphertext letter C such that C = aP + b (mod 26), (where a, b are numbers between 0, 1,...., 25, and represent the secret key).

Decryption: each ciphertext letter C is decrypted to obtain the plaintext letter such that P = (C-b)a-1 (mod 26). 

I need to send a message to the class:
"HELLOCLASSALLOFYOUWILLGET ANA YOUDONOTNEEDTODOTHEHOMEW ORK" (I don't mean it!), and want to send it encrypted using the affine cipher so that the Department chair does not learn the message ?. The chair intercepts the 8th and 3rd letters of the cipher text, 'J' and 'Q' respectively, and somehow learns the corresponding plaintext letters, i.e., 'A' and 'L' respectively. Can he decrypt the message (and take a Disciplinary action against me ?)? If so, describe how? What is the secret key? What is the original ciphertext that I sent out? 

C = aP + b (mod 26) P = (c - b)a-1 (mod 26)
J = aA + b (mod 26) L = (Q - 9)a-1 (mod 26)
J = a0 + b (mod 26) 11 = (16 - 9)a-1 (mod 26)
9 = a0 + b (mod 26) 11 = (7)a-1 (mod 26)
9 = 0 + b (mod 26) 11/a=7/a-1 (mod 26)
9 = b (mod 26) 11/a= 7 (mod 26)
9 = b 3 = a

Can he decrypt the message (and take a disciplinary action against me)? Yes, if so describe:


 Since the affine cipher is still a monoalphabetic substitution cipher, it inherits the weaknesses of that class of ciphers. The Caesar cipher is the Affine cipher when since the encrypting function simply reduces to a linear shift.
Considering the specific case of encrypting messages in English (i.e. ), there are a total of 286 non-trivial affine ciphers, not counting the 26 trivial Caesar ciphers. This number comes from the fact there are 12 numbers that are coprime with 26 that are less than 26 (these are the possible values of ). Each value of can have 26 different addition shifts (the value); therefore, there are 12*26 or 312 possible keys. This lack of variety renders the system as highly insecure when considered in light of Kerckhoffs' Principle.
The cipher's primary weakness comes from the fact that if the cryptanalyst can discover (by means of frequency analysis, brute force, guessing or otherwise) the plaintext of two ciphertext characters then the key can be obtained by solving a simultaneous equation. Since we know and are relatively prime this can be used to rapidly discard many "false" keys in an automated system.
The same type of transformation used in affine ciphers is used in linear congruential generators, a type of pseudorandom number generator. This generator is not a cryptographically secure pseudorandom number generator for the same reason that the affine cipher is not secure.
What is the secret key?
 
What is the original cipher text that I sent out?

'VMHHQGHACCAHHQP UQIOYHHSMFANAUQIJQNQFNMMJFQJQFVMVQKMOQZE"

Problem 3 

Show that DES exhibits a complementation property, i.e., if C = Enc(K, P), then Cc = Enc(Kc, Pc). Here, P is a plaintext, K is the key and C is the ciphertext, and Xc denotes the bitwise complementation of X. Show all steps. 

[Hint: Consider the operations that take place in each round of DES encryption; focus on say the i-th round, and carefully analyze how the input changes after each step] 

Problem 4 ] 

1. 1)  You are the director of a top-secret government espionage agency. Every month you securely transmit a new set of one time pad values to each of the spies you have placed in various countries. Each of these values is used to encrypt a single message back to headquarters and then destroyed. You realize that last month the same pad was accidentally sent to every spy. Does this ruin the security of your system? Under what circumstances? What if one spy received the same pad two months in a row instead? describe your answers. [Note: "pad" is the "key"] 

2. 2)  A 4 bit long message was encrypted using one-time pad to yield a cipher- text "1100". Assuming the message space consists of all 4 bit long messages, what is the probability that the corresponding plain-text was "1001"? describe your answer. 


Problem 5 : Option A 

The reading assignment in the last lecture covered how AES (Rjindael) works. This problem will give you an idea as to how much processing time AES requires to perform key generation, encryption and decryption. 

Download the AES implementation source code from: http://www.cis.uab.edu/saxena/teaching/csx36-s14/labs/aes-src-modified.zip. 
The folder contains a README file for instructions, and a Makefile is also provided. 

First, familiarize yourself with the AES key generation, encryption and decryption functions in this source code. Choose a key and block size of 128 bits. Choose any plaintext M 128*5 bit long. Then, perform the following: 

1) Execute the key generation function to get a key K. 
• Compute the execution time. 
2) Execute the encryption function to encrypt M using K and obtain the ciphertext. 
• Compute the execution time. 
3) Execute the decryption function to decrypt C using K and once again obtain M.
• Compute the execution time. 

Repeat each of the above steps 100 times and give the average execution time for each of the three functions. List the type and speed of the processor, and the memory (RAM) of the machine you execute the code on. 

I hope you know how to measure execution time! If not, please try to figure it out yourself before asking for help. Please include a description (such as in the form of a README file) of how you measured the timing, such as what functions you measured the execution time of. Submit your modified code along with the homework submission. 

Problem 5 : Option B 

1)  Is the following statement True or False:

"The Triple DES variant which uses three (single) DES encryption/decryption operations in series and two independent keys - C = Enc(K1, Dec(K2, (Enc(K1, P))) - has an effective keyspace size of 2112 under the known-plaintext attack"? 

Argue your answer in details. 
2)  Demonstrate a chosen-ciphertext attack (CCA) against the CBC mode of encryption with Triple-DES as the building block. Discuss all details.  

Computer Engineering, Engineering

  • Category:- Computer Engineering
  • Reference No.:- M985654

Have any Question?


Related Questions in Computer Engineering

Does bmw have a guided missile corporate culture and

Does BMW have a guided missile corporate culture, and incubator corporate culture, a family corporate culture, or an Eiffel tower corporate culture?

Rebecca borrows 10000 at 18 compounded annually she pays

Rebecca borrows $10,000 at 18% compounded annually. She pays off the loan over a 5-year period with annual payments, starting at year 1. Each successive payment is $700 greater than the previous payment. (a) How much was ...

Jeff decides to start saving some money from this upcoming

Jeff decides to start saving some money from this upcoming month onwards. He decides to save only $500 at first, but each month he will increase the amount invested by $100. He will do it for 60 months (including the fir ...

Suppose you make 30 annual investments in a fund that pays

Suppose you make 30 annual investments in a fund that pays 6% compounded annually. If your first deposit is $7,500 and each successive deposit is 6% greater than the preceding deposit, how much will be in the fund immedi ...

Question -under what circumstances is it ethical if ever to

Question :- Under what circumstances is it ethical, if ever, to use consumer information in marketing research? Explain why you consider it ethical or unethical.

What are the differences between four types of economics

What are the differences between four types of economics evaluations and their differences with other two (budget impact analysis (BIA) and cost of illness (COI) studies)?

What type of economic system does norway have explain some

What type of economic system does Norway have? Explain some of the benefits of this system to the country and some of the drawbacks,

Among the who imf and wto which of these governmental

Among the WHO, IMF, and WTO, which of these governmental institutions do you feel has most profoundly shaped healthcare outcomes in low-income countries and why? Please support your reasons with examples and research/doc ...

A real estate developer will build two different types of

A real estate developer will build two different types of apartments in a residential area: one- bedroom apartments and two-bedroom apartments. In addition, the developer will build either a swimming pool or a tennis cou ...

Question what some of the reasons that evolutionary models

Question : What some of the reasons that evolutionary models are considered by many to be the best approach to software development. The response must be typed, single spaced, must be in times new roman font (size 12) an ...

  • 4,153,160 Questions Asked
  • 13,132 Experts
  • 2,558,936 Questions Answered

Ask Experts for help!!

Looking for Assignment Help?

Start excelling in your Courses, Get help with Assignment

Write us your full requirement for evaluation and you will receive response within 20 minutes turnaround time.

Ask Now Help with Problems, Get a Best Answer

Why might a bank avoid the use of interest rate swaps even

Why might a bank avoid the use of interest rate swaps, even when the institution is exposed to significant interest rate

Describe the difference between zero coupon bonds and

Describe the difference between zero coupon bonds and coupon bonds. Under what conditions will a coupon bond sell at a p

Compute the present value of an annuity of 880 per year

Compute the present value of an annuity of $ 880 per year for 16 years, given a discount rate of 6 percent per annum. As

Compute the present value of an 1150 payment made in ten

Compute the present value of an $1,150 payment made in ten years when the discount rate is 12 percent. (Do not round int

Compute the present value of an annuity of 699 per year

Compute the present value of an annuity of $ 699 per year for 19 years, given a discount rate of 6 percent per annum. As