2003_quiz2sol

2003_quiz2sol - Massachusetts Institute of Technology...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Massachusetts Institute of Technology Handout 21 6.857: Network and Computer Security November 25, 2003 Professor Ronald L. Rivest Quiz 2 1. Do not open this booklet until the quiz begins. Read all the instructions first. 2. When the quiz begins, write your name on every page of this quiz booklet. 3. This quiz booklet contains 15 pages, including this one. An extra sheet of scratch paper is attached. 4. This quiz is open-book, open-notes. No calculators or programmable devices (including laptop computers) are permitted. 5. You have 80 minutes to earn 111 points. 6. Write your solutions in the space provided. If you need more space, write on the back of the sheet containing the problem. Do not put part of the answer to one problem on the back of the sheet for another problem; pages may be separated for grading. 7. Partial credit will be given. You will be graded not only on the correctness of your answer, but also on the clarity with which you express it. Be neat. 8. Good luck! Problem Points Grade Initials 1 30 2 62 3 19 Total 111 Your Name: Academic Honesty: by signing below, I arm that the work on this quiz is my own, and that I have complied with the quiz policies. Your Signature: 2 Handout 21: Quiz 2 Name: Problem Q2-1. Short Answer [30 points] (a) For convenience, you set up your email program to automatically decrypt your in- coming encrypted mail, and to quote the plaintext in your replies. To what kind of cryptographic attack might you be opening yourself? Solution: A chosen-ciphertext attack. (b) In the above scenario, name a cryptosystem that is believed to be secure under such an attack. Solution: RSA-OAEP or Cramer-Shoup. (c) Briey describe two ways a computer program can get access to (some reasonable representation of) its own code. Solution: Load self from the file system; look at self in memory; use the recursion theorem. (d) In its next chip, Intel finds a way to make the stack non-executable. Does this solve the problem of buffer-overow attacks? Explain briey. Solution: No. Its still possible to maliciously modify the return address and param- eters on the stack, which could cause undesired behavior. (e) Professor M. U. Lator doesnt believe that Trusted Computing proposals really sup- port attestation. Someone could just alter the operating system to impersonate the TPM, says the professor. Critique this suggestion. Solution: The TPM contains secret keys that are tough to extract (due to tamper- resistance), and software cannot emulate the TPM without those keys. 3 Handout 21: Quiz 2 Name: (f ) Fill in the blanks: biometric authentication is unsuitable for some security applica- tions, such as 1. (give one example) because 2. (give one reason)....
View Full Document

This note was uploaded on 04/28/2009 for the course CS 6.857 taught by Professor Rivest during the Spring '03 term at MIT.

Page1 / 16

2003_quiz2sol - Massachusetts Institute of Technology...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online