Homework3_Solution (1)

pdf

School

Rutgers University *

*We aren’t endorsed by this school

Course

446

Subject

Computer Science

Date

Jan 9, 2024

Type

pdf

Pages

Uploaded by dan47433

ECE 446/579:04 (Spring 2023) Homework #3 Solution 1. ( Threat Models ) As we discussed in the lecture, there are three categories of attacks that aim to break the confidentiality, integrity, and availability of computer systems or data. Please give one example for each category and discuss whether it can be addressed by a cryptography-based approach. Examples for each category of attack: - Confidentiality: eavesdropping attack, such as listening and stealing the secret information from the network. - Integrity: modifying important data, such as ransomware attacks, which maliciously encrypts user data. - Availability: denial-of-service (DOS) attack. In the lecture we discussed in details on using crypto techniques to address confidentiality (e.g., using encryption) and integrity (e.g., using HMAC) problems. We have not discussed the DOS attack, which may not be addressed by crypto-based approaches - Will leave this as an open question. This is a typical system security attack that is wroth some additional reading. 2. (Attacks on Cryptography) Attackers may break cryptography by either doing a brute-force search on the key or by attacking the cryptographic algorithm itself. Can you please give the real world examples of well known cryptographic mechanisms that have been broken by these two approaches? Example of attacked by brute-force: DES Example of attacked on algorithm itself: SHA-1 3. (Security in e-Commerce Systems) Please briefly discuss the potential security issues in an online shopping process, as well as the security countermeasures that may address these issues. This was discussed on Page 10 in Slides3. In an online shopping process, the following security problems and solutions may apply: (1) Confidentiality of the data (e.g., order information) sent from the buyer to the buyer. A solution would be encrypting the message. (2) Integrity of the data (e.g., order information) sent from the buyer to the buyer. A solution would be appending a keyed hash (e.g., HMAC) to the message, which the buyer can compare with to verify the integrity. (3) Identity spoofing attack on the buyer (e.g., the attacker pretends to be the buyer and place an order). A solution would be doing authentication (e.g., password, biometric, and challenge/response-based authentication). 4. (Hash) Please discuss the difference (1) between a simple hash (e.g., hash table) and a secure hash (e.g., SHA-1); and (2) between a secure hash and HMAC. (1) Simple hash can be many-to-one mapping; Secure hash is one-to-one mapping with certain security properties: (a) Given the hash, it is computationally infeasible to infer the message (i.e., the input); and (b) given one message, it is computationally infeasible to find another message that results in the same secure hash. (2) Secure hashes like SHA-1 do not include authentication, i.e., any party can calculate the hash given the message; HMAC is hash + authentication, i.e., only the party that has the HMAC key can calculate the correct HMAC based on the key.

5. (Data Integrity/Confidentiality) Please design an end-to-end security approach that can protect both the integrity and confidentiality of the data transmitted from user A to user B. One possible workflow is the following: (1) Sender and receiver establish shared symmetric keys k1 and k2 using public-key cryptography. (2) Sender encrypts the message m using k1 (with AES) and calculates the HMAC of m using k2. (3) Sender sends the encrypted m and the HMAC of m to receiver. (4) Receiver decrypts m using k1. (5) Receiver calculates HMAC of decrypted m using k2 and compare the calculated HMAC with the received HMAC. 6. (RSA) Please describe the procedure of RSA-based encryption, decryption, signature, and verification. Please use symbols to represent plaintext, cipher text, private key, and public key if necessary. public key: (n, e); private key: (d); plaintext: m; cipher text: c; signature: s - Encrypt: c = m^e (mod n) - Decrypt: c^d = (m^e)^d = m (mod n) - Sign: h = hash(m); s = h^d (mod n) - Verify: s^e = (h^d)^e = h (mod n) 7. (TPM) Please describe what is “hash extend” operation and how it is related to TPM? See Page 18 in Slides3. The relationship with TPM lies in the PCR measurement and “extend” operation done by TPM, see Page 29 in Slides3. 8. (TPM) Please describe what is key derivation function, how it is typically implemented, and how it is related to TPM? See Page 19 in Slides3. Key derivation function is used to generate multiple keys from a single seed/secret. TPM needs multiple keys and thus the key derivation function. In particular, TPM uses HMAC as a key derivation function based on an algorithm (NIST SP 800-108). 9. (TPM) Please briefly discuss the motivation behind developing a virtualized TPM. The motivation of vTPM is to provide a virtualized TPM instance for each client/VM that shares a single physical TPM with other clients/VMs.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Related Documents

Homework6_Solution (1).pdf

Homework5_Solution (1).pdf

Homework8_Solution (1).pdf

Homework10_Solution (1).pdf

Homework12_Solution (1).pdf

Homework9_Solution (1).pdf

M08 Final Exam Part 1 SDEV 120.docx

CourseProject_Phase4_DeandreWheelington.docx

CourseProject_Phase2_DeandreWheelington.docx

Computer_Science_211a_Final_Examination_Fall_2003.pdf

Assignment 1 Exercise Answers.docx

Computer WA1.docx

Recommended textbooks for you

Principles of Information Security (MindTap Cours...

Computer Science

ISBN:9781337102063

Author:Michael E. Whitman, Herbert J. Mattord

Publisher:Cengage Learning

Management Of Information Security

Computer Science

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:Cengage Learning,

Fundamentals of Information Systems

Computer Science

ISBN:9781337097536

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

Principles of Information Systems (MindTap Course...

Computer Science

ISBN:9781305971776

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

Principles of Information Systems (MindTap Course...

Computer Science

ISBN:9781285867168

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

CMPTR

Computer Science

ISBN:9781337681872

Author:PINARD

Publisher:Cengage

SEE MORE TEXTBOOKS

Recommended textbooks for you

Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
CMPTR
Computer Science
ISBN:9781337681872
Author:PINARD
Publisher:Cengage