is2150_hw6_stm57

is2150_hw6_stm57 - StevenMadara(stm57 IS2150Prof.Joshi...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: StevenMadara(stm57) IS2150Prof.Joshi November30,2009 HW6Section9.8#5,6,7Section11.9#2 5.ConsiderthevariantoftheNeedhamandSchroederprotocol.Showthatthis protocolsolvestheproblemofreplayasaresultofstolensessionkeys. Iftherewasanindividual(John)hemighttrytoreplayanoldmessage5 directedtoBob.IfBobhasn'treceivedamessagefromAliceitwillbe rejectedbecauseanewnegotiationisn'thappening.Inthecasethatthe messageissentafteranegotiationhasbeenstartedbyAliceBobwillopen themessageanddeterminerand3(rand3isapreviouslygeneratednonce). Thereislittletonochancethatthisrandomlygeneratedvaluewillbe repeated,allowingBobtodeterminethatareplayofanoldmessageistaking place.Therefore,themessagewouldberejected.Also,thereisthecase whereJohnlistenstomessage2andreplaysanoldmessage5toBob.Bob wouldsimplyhavetoopenthemessageandcomparethevalueofrand3with thenonceassociatedwiththemessagehehasjustsenttoAlice.Thesevalues willbedifferent;therefore,themessagewillberejectedandareplayattack unsuccessful. 6.ConsideranRSAdigitalsignaturescheme.AlicetricksBobintosigningmessages m1andm2suchthatm=m1m2modnBob.ProvethatAlicecanforgeBob'ssignature onm. Weknow: m=m1m2modnBob nBobispublic Bob'sdigitalsignatureonm,m1,m2(respectively): c=mdBobmodnBob c1=m1dBobmodnBob c2=m2dBobmodnBob Aliceknowsc1andc2canconstructcasfollows: =c1c2modnBob =[(m1dBobmodnBob)(m2dBobmodnBob)]modnBob =(m1dBobm2dBob)modnBob =(m1m2)dBobmodnBob =mdBobmodnBob =c Therefore,AlicecanforgeBob'ssignatureonm. 7.Returntotheexampleonpage140.BobandAliceagreetosignthecontractG (06).Thistime,Alicesignsthemessagefirstandthenencipherstheresult.Show thattheattackBobusedwhenAliceencipheredthemessageandthensigneditwill nowfail. Weknowthefollowing: nAlice=95,eAlice=59,dAlice=11,nBob=77,eBob=53,dBob=17 Alicesignsfirst:0611mod95=36 thenenciphers:c=(36)17mod77=48 IfBobwantedthecontracttobeN(13)hecouldcomputeanrsuchthat 13rmod77=6onesuchrisr=59.Thenextstepwouldbefor Bobtocomputeanewpublickey,butheisunableto... TheprocesscannotcontinuefromherebecauseBobcan'taccessthedatahe needstoconstructanewpublickeyhewouldneedtoalterAlice'spublic key. 2.Asystemallowstheusertochooseapasswordwithalengthofonetoeight characters,inclusive.Assumethat10,000passwordscanbetestedpersecond.The systemadministratorswanttoexpirepasswordsoncetheyhaveaprobabilityof 0.10ofhavingbeenguessed.Determinetheexpectedtimetomeetthisprobability undereachofthefollowingconditions. *Assumethatthepasswordsareexactly8characters* a)PasswordcharactersmaybeanyASCIIcharactersfrom1to127,inclusive. N=AS(A=#ofcharsinalphabetfromwhichpasswordisdrawn,S =lengthofpassword) N=1278=6.77x1016 P=0.10 G=10,000/second T=? T<=(NP)/G <=[(6.77x1016)(0.10)]/(10,000/second) <=6.77x1011seconds b)Passwordcharactersmaybeanyalphanumericcharacters("A"through "Z","a"through"z",and"0"through"9"). N=(26+26+10)8=628=2.18x1014 P=0.10 G=10,000/second T=? T<=(NP)/G <=[(2.18x1014)(0.10)]/(10,000/second) <=2.18x109seconds c)Passwordcharactersmustbedigits. N=108=1.00x108 P=0.10 G=10,000/second T=? T<=(NP)/G <=[(1.00x108)(0.10)]/(10,000/second) <=1000seconds ...
View Full Document

This note was uploaded on 02/07/2012 for the course SIS 2150 taught by Professor Joshi during the Fall '11 term at Pittsburgh.

Ask a homework question - tutors are online