Network security Q&A

profileWuweijia
Assignment-Copy.docx
Home>Engineering homework help>Telecommunications Engineering homework help>Network security Q&A

Question 1: Cryptosystems

A. Provide a brief description of the RSA algorithm, referring to both its operation and use

B. What is a timing attack? How can a timing attack be used against naïve implementations of RSA.

C. The Mafia family you belong to is holding elections for a new boss. It is suggested that each member of the family votes privately by encrypting their nomination (either “Sammy the Knife", “Big Kevsta" or “Teflon Hook") with the family's 4096-bit RSA public key (which is well known) and then e-mail the ciphertext in. If everyone can read everyone else's e-mail, is this system still secure? Why?

D. Explain the avalanche effect in DES, with reference to the three major building blocks which cause it to occur. (Hint: two are 'black boxes' and the third is the overall structure).

E. Is the rate at which we're improving attacks on asymmetric cryptosystems greater or less than symmetric cryptosystems? What is the end game for attacks on asymmetric algorithms?

Question 2: Protocols

Commitment schemes allow Alice to commit a value x to Bob. The scheme is secure if the commitment does not reveal any information about the committed value to Bob. At a later time, Alice can open the commitment and convince Bob that the committed value is x. The commitment is binding if Alice cannot convince Bob that some other value is the committed value.

Consider the following commitment scheme:

Commitment: Alice chooses a random r the same size as x and calculates y = h(x||r), where h is a hash function (e.g. MD5). She sends the values r and y to Bob.

Open: Alice sends x to Bob, and Bob calculates y = h(x||r).

A. Show that the proposed scheme is binding.

B. Show that the proposed scheme is insecure, i.e. that the scheme reveals information which allows Bob (with some work) to determine the committed value.

C. Suggest a modification to the scheme to secure the protocol

Question 3: Network and Software Security

A. Explain how password salting increases the security of password files. What is the difference between a salt and a secret salt?

B. OS Fingerprinting: Explain how operating systems can be precisely identified across a network.

C. List 5 common programming mistakes resulting in security problems, and describe with a sentence for each how to avoid them.

D. In a page, address both sides of the following statement: “It would be good for security if everyone on the Internet ran the same operating system”.