('Dawn Song', 'Midterm 1', '(solution)') Spring 2012

An active adversary can send his public key to bob

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: he ciphertext he receives with his private key to obtain a message. Which of the following are true? (circle all that apply) Page 12 ◦ This protocol is secure against passive adversaries (eavesdroppers). ◦ This protocol is secure against active adversaries (man in the middle). ◦ None of the above. Answer: This protocol is secure against passive adversaries (eavesdroppers) only. An active adversary can send his public key to Bob instead of Alice’s public key. Then Bob will send out a message encrypted with the adversary’s public key and the adversary can use his own private key to decrypt it and read the message. The adversary can then encrypt the message (or some other maliciously chosen message) using Alice’s public key and send it to Alice. Look at certificate authority topic in the cryptography notes for a similar attack. (f) (3 points) Suppose that you have a game installed on your laptop. The game periodically downloads executable updates from http:// <game-website>/updates/. You now bring your laptop to class and connect it to the AirBears WiFi network. Note that AirBears is susceptible to man-in-the middle attacks. In order to prevent your computer from being compromised, when the game downloads an update http://<game-website>/updates/updateX.exe which of the following can the game do? (circle all that apply) ◦ Verify it against the digital signature stored in http://<game-website>/ updates/updateX-signature.txt using the game company’s public key that is already embedded in the game’s code. ◦ Compute a MAC of updateX.exe and verify that it matches the MAC stored in http://<game-website>/updates/updateX-mac. txt using a MAC key that is already embedded in the game’s code. ◦ Compute a cryptographic hash of updateX.exe and verify that it matches the cryptographic hash stored in http://<game-website>/ updates/updateX-hash.txt ◦ It is not necessary to perform any cryptographic operations because it is not possible to perform man-in-the-middle attacks aga...
View Full Document

This document was uploaded on 02/23/2014.

Ask a homework question - tutors are online