Guaranteed Higher Grade!

Free Quote
Cybersecurity Cryptanalysis and Protocols

Question:

a) In a recent cybersecurity challenges event, contestants were given some ciphertext to decrypt. They also had access to a server that performed the encryption; they could enter any plaintext and observe the result of encryption. What is the name of this type of cryptanalysis: ciphertext-only, known-plaintext, or chosenplaintext? How does its difficulty compare with the other two types?

(b) Consider the following cipher for encrypting English letters. Choose a secret integer value

x. Each letter is encrypted independently. The i-th plaintext letter is encrypted to a letter

x + i positions down the alphabet; if the end of the alphabet is reached, the counting continues from the beginning. For example, if the plaintext is GROUP and x = 3, then the ciphertext is KWUBX.

i. Encrypt the plaintext RING with x = 2.

ii. Explain a weakness of this cipher.

(c) Consider the RSA cipher. Two prime numbers p = 17 and q = 5 are chosen to initiate the key generation process.

i. Show how to generate a public key. You can choose any other unspecified parameters in any way you like (but you may want to choose some small values for your own benefit).

ii. Encrypt the plaintext value M = 10 using the key you generated. Show your working.

In particular you should demostrate how the properties of modular arithmetic can be used to keep the numbers small during the calculation.

iii. State the formula that the decryption key d must satisfy, in terms of other key parameters given to you or chosen by you.

(d) Alice and Bob are two users of a secret communication system. Each user of the system has a pair of RSA public/private keys, and they already have each other’s public key. When Alice wants to send a message to Bob, she generates a new random AES key, encrypts her message with that AES key, and encrypts the AES key with Bob’s public key. All the encrypted contents are sent to some secret server. Bob will later connect to that server and download the encrypted materials.\

i. Describe the decryption steps Bob needs to go through so he can read the contents of the message.

ii. Suppose Carol is an attacker and downloaded a message intended for Bob. Without the correct decryption key, she tries to decrypt anyway with some random key and encounters a BadPaddingException (the program is written in Java). Explain why a BadPadding Exception happens.

(a) Explain whether each of the following statements is true or false. You MUST provide the correct explanations to get full marks.

i. In a public key system, if Alice uses her private key to generate a signature of a message, and sends the message and the signature to Bob, then Bob should verify the signature with his private key.

ii. In a public key system, if Alice wants other people to send her messages in such a way that the sender can be authenticated, she must first distribute her public key securely to others.

iii. Given two different cryptographically secure hash functions h1 and h2, and two messages M1 and M2, if h1(M1) = h1(M2) then it must be the case that h2(M1) = h2(M2).

iv. In passphrase-based encryption (without the use of salt or similar mechanisms), if the hash function used produces n-bit outputs, then the size of the dictionary required when performing a dictionary attack is 2 n

(b) Alice wants to forge a signature of Bob using the birthday attack. Bob always uses a signature scheme that uses 256-bit digests and 2048-bit public keys. Describe how Alice could carry out the attack, and quantify the level of computational effort required with these key/hash sizes

(a) Determine whether each of the following statements is true or false.

i. MD5 is an authentication protocol that can also provide encryption services

ii. Kerberos V3 always avoids clients from sending their passwords to the application server

iii. In IPsec, the AH transport mode is unsuitable for achieving data integrity when data is transmitted between two computers in a LAN

iv. In the concept of SSL, the web server sends the certificate to the user’s browser

v. Kerberos V4 can be used to distribute IPsec policies across all the computers in a single domain

(b) A company intends to implement a firewall solution that can apply network scanning policies at three layers of the OSI model. Present your recommended solution and explain how your solution acts and provides the firewall solution.

(c) A company has implemented its Intrusion Detection System (IDS) with signature based detection and pattern matching methodologies. Now an attacker is attempting to evade this IDS using DoS attack. What is the suitability of DoS in this scenario? Explain and justify your answer.

(d) What mechanism in the PGP protocol makes it more space efficient and helps effective transmission? Explain how this is achieved.

(e) Suppose that Alice received a digitally signed message from Bob that contains instructions for Alice to make a payment to Bob. Alice obtained Bob’s public key from the public key server and decrypted the digital signature, and further validated Bob’s message by comparing the received and computed hash values. Upon this verification, Alice initiated the payment to Bob. Now, a few days later Bob complains that he never received any payment. When Alice checked with her Bank, she found that the payment was made to Trudy not Bob. What could have gone wrong here? Provide your recommendation to avoid such issues.