{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

hw7-sol_Security

# hw7-sol_Security - udaya shankar Page 1 of 4 CMSC 414 HW 4...

This preview shows pages 1–2. Sign up to view the full content.

Page 1 of 4 November 20, 2006 CMSC 414: HW 4 ___________________________________________________________ 1. (text 11.3) In section 11.3.1, we discuss various ways for forming a session key. Remember that R is the challenge sent by Bob to Alice, and A is Alice’s secret, which Bob also knows. Which of the following are secure for a session key? A R {R + A} A {A} A {R} R+A Solution A R is not secure: eavesdropper who discovers it also discovers A. {R + A} A is secure. {R} R+A is secure. {A} A is not secure: it is the same for all sessions. ___________________________________________________________ 2. (text 11.4) Design a variant of Otway-Rees that only has one nonce generated by Alice and one nonce generated by Bob. Explain why it is still as secure. Solution Essentially, replace N C by K A {N A , “A”, “B”} A (Alice) KDC B (Bob) 1 generate nonces N A send [ A, B, K A {N A , A, B} ] to B 2 generate nonce N B send [ K B {N B , K A {N A , A, B}, A, B} ] to KDC 3 invent session key K AB extract N A , N B send [ K A {N A , K AB }, K B {N B , K AB }] to B 4 send K A {N A , K AB } to A 5 send K AB {anything recognizable} to B <-------- A and B establish data session key (eg, (K AB +1){R 1 R 2 } -----> When the KDC extracts N A and N B (step 3), it ensures that B is making the request, that A made the request that B is forwarding inside B’s request, and that A and B want to talk to each other. The nonce N B in B’s ticket ensures that the ticket is freshly created by KDC. The nonce N

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

### Page1 / 4

hw7-sol_Security - udaya shankar Page 1 of 4 CMSC 414 HW 4...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online