Mt2sol-f06 - CS 161 Fall 2006 Computer Security Joseph/Tygar MT 2 Solutions Problem 1[Covert Channels(30 points(a(5 points Write down the

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 161 Computer Security Fall 2006 Joseph/Tygar MT 2 Solutions Problem 1. [Covert Channels] (30 points) (a) (5 points) Write down the Fiat-Shamir zero-knowledge protocol (as presented in class) where Alice proves her identity to Bob with probability 50% each iteration. Care needs to be taken that one is having Alice authenticate, as the problem requests, and not Bob. Given a fixed pq, product of large primes, all values are taken modulo pq. A has previously published a 2 , a known only to A. For a random r, A sends r 2 , B replies with a random bit, and depending on the bit, A sends r or ar. This is iterated n times, to establish A’s identity with probability 1 - 2 ( - n ) . (b) (5 points) Identify all the covert channels in the Fiat-Shamir protocol that Alice can use to leak infor- mation to Bob . Methods include timing of messages, chosen values of r, and the actual final message sent by A, regardless of the demands of the protocol (e.g., deliberate failure). (c) (5 points) Identify all the covert channels in the Fiat-Shamir protocol that Bob can use to leak informa- tion to Alice . Methods include timing of message and chosen values of bits. CS 161, Fall 2006, MT 2 Solutions 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
knowledge protocol — since it leaks information how can it be “zero knowledge”? The question of covert channels is orthogonal to the question of zero-knowledge. A zero- knowledge protocol has no side-channels. (e) (5 points) How do nonces present an opportunity for covert channels? The bits of the nonce itself may contain covert messages. (f) (5 points) How can we limit leakage of covert channel information via nonces? This is a bit of a trick question: it is quite difficult, and indeed could be said to be practically impossible. While a scheme could be proposed using a trusted third party to generate signed nonces, the details of such a scheme would likely introduce new security flaws. CS 161, Fall 2006, MT 2 Solutions
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 05/31/2008 for the course EECS 161 taught by Professor Tyger/joseph during the Fall '06 term at University of California, Berkeley.

Page1 / 5

Mt2sol-f06 - CS 161 Fall 2006 Computer Security Joseph/Tygar MT 2 Solutions Problem 1[Covert Channels(30 points(a(5 points Write down the

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online