CPSC 42500 Homework 6

docx

School

College of DuPage *

*We aren’t endorsed by this school

Course

42500

Subject

Computer Science

Date

Apr 3, 2024

Type

docx

Pages

Uploaded by Error69

Name _________________________ Score: ____ / 30 CPSC 42500 Homework 6: MACs, the Secure Channel 1. (2 points) The purpose of authentication protocols is to make _________________ and __________________ detectable. (One word in each blank) 2. (5 points) Use the internet to answer the following questions about the SHA-2 family of hash functions. a. What are the digest sizes supported by SHA-2 algorithms? b. How many bits of collision resistance does SHA-384 provide? c. How many rounds is the compression function for SHA-512? d. (2 pts) What is the basic difference between SHA-224 and SHA-512/224? 3. (3 points) Using HMAC, even if an adversary can find a collision in the underlying hash function, why does this not necessarily mean that they can forge a message? Page 1 of 3

4. (4 points) You find out that your University is using an authenticated messaging system that is vulnerable to a length extension attack, because it uses an iterative hash function with the insecure MAC construction t = h ( K || m ). By eavesdropping on the network you intercept the following message m from your professor to the administration: “Set final course grade to A for J. Smith,” along with its tag t . Give an example of a believable message that you could forge and send using a length- extension attack, and describe how the attack would work. Specify how you would use the hash function and what pieces of data you would send. 5. (2 points) A small company has 10 employees who all want to send authenticated messages to each other. It’s not enough to know that a message came from one of the 10 employees; it must be verifiable that a message is from one specific employee . To solve this problem using MACs, how many different secret keys would be needed in total? Explain your answer. You only need to consider one-to-one messages; don’t worry about messages sent to an entire group. 6. (3 pts) In our definition of a secure channel, what are the two things that an eavesdropper is “allowed” to learn? Why do we allow the eavesdropper to learn them? Page 2 of 3

7. (4 pts) You are placing an order with an online retailer. To complete a purchase, your web browser sends a single encrypted, authenticated message to the web site, consisting only of the following information: a) your credit card information, b) the item number and quantity being ordered. a. Say an adversary is sitting between you and the retailer, with the ability to intercept traffic and send messages. Describe an attack the adversary could carry out to “max out” your credit card. What type of attack is this? b. What could the retailer do to prevent this attack, simply by changing what data is sent in the single encrypted, authenticated message? 8. (3 pts) The use of session keys and message numbers both serve to prevent replay attacks. Then why do we need to use both to have a secure channel? 9. (4 pts) The following sentence describes steps that are used to generate a ciphertext c and authentication tag t . “The message number i is concatenated with the message and encrypted with key K enc to produce the ciphertext. The key K auth is concatenated with i and the message and hashed with SHA-256 to produce the tag.” Write the definitions of c and t as a formula, using the notation we use in class and the textbook. Page 3 of 3

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Related Documents

Notes to be PRINT.docx

Data Wrangling quiz.docx

Chapter 1 Practice Quiz_ Attempt review.pdf

Resources for MADS Python and Statistics Assessments.pdf

Quiz 5 (Information Systems and Digital Transformation chapter).pdf

M1_ Quiz.pdf

Storytelling.docx

CPSC 425 Homework 1.docx

CPSC 42500 Homework 7 - 2024.docx

HW1.pdf

Case Study 1 _ The Alset Electric Car.docx

3FN3 Midterm 2.pdf

Recommended textbooks for you

Systems Architecture

Computer Science

ISBN:9781305080195

Author:Stephen D. Burd

Publisher:Cengage Learning

MIS

Computer Science

ISBN:9781337681919

Author:BIDGOLI

Publisher:Cengage

Management Of Information Security

Computer Science

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:Cengage Learning,

Enhanced Discovering Computers 2017 (Shelly Cashm...

Computer Science

ISBN:9781305657458

Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell

Publisher:Cengage Learning

LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.

Computer Science

ISBN:9781337569798

Author:ECKERT

Publisher:CENGAGE L

Principles of Information Systems (MindTap Course...

Computer Science

ISBN:9781285867168

Author:Ralph Stair, George Reynolds

Publisher:Cengage Learning

SEE MORE TEXTBOOKS

Recommended textbooks for you

Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
MIS
Computer Science
ISBN:9781337681919
Author:BIDGOLI
Publisher:Cengage
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning