This preview shows page 1. Sign up to view the full content.
Unformatted text preview: he ciphertext he receives with his private key to
obtain a message.
Which of the following are true? (circle all that apply)
Page 12 ◦ This protocol is secure against passive adversaries (eavesdroppers).
◦ This protocol is secure against active adversaries (man in the
◦ None of the above.
Answer: This protocol is secure against passive adversaries
(eavesdroppers) only. An active adversary can send his public key to Bob instead of Alice’s public key. Then Bob will
send out a message encrypted with the adversary’s public
key and the adversary can use his own private key to decrypt
it and read the message. The adversary can then encrypt the
message (or some other maliciously chosen message) using
Alice’s public key and send it to Alice. Look at certiﬁcate
authority topic in the cryptography notes for a similar attack.
(f) (3 points) Suppose that you have a game installed on your laptop.
The game periodically downloads executable updates from http://
<game-website>/updates/. You now bring your laptop to class and
connect it to the AirBears WiFi network. Note that AirBears is
susceptible to man-in-the middle attacks. In order to prevent your
computer from being compromised, when the game downloads an update http://<game-website>/updates/updateX.exe which of the
following can the game do? (circle all that apply)
◦ Verify it against the digital signature stored in http://<game-website>/
updates/updateX-signature.txt using the game company’s public key that is already embedded in the game’s code.
◦ Compute a MAC of updateX.exe and verify that it matches the
MAC stored in http://<game-website>/updates/updateX-mac.
txt using a MAC key that is already embedded in the game’s
◦ Compute a cryptographic hash of updateX.exe and verify that it
matches the cryptographic hash stored in http://<game-website>/
◦ It is not necessary to perform any cryptographic operations because it is not possible to perform man-in-the-middle attacks
View Full Document
This document was uploaded on 02/23/2014.
- Spring '14
- Computer Security