1. Consider a system for distributing keys, based on the existence of a
central key master. Every user has an individual key known to them and the key master. When two users want to communicate, they request a new “session key” from the key master, which creates a key and sends a copy to each, using their individual key. Does such a system really help with the key distribution problem? Could such a system be made secure? What vulnerabilities might it have? Any other drawbacks?
Exercises
1. Consider a system for distributing keys, based on the existence of a
central key master. Every user has an individual key known to them and the key master. When two users want to communicate, they request a new “session key” from the key master, which creates a key and sends a copy to each, using their individual key. Does such a system really help with the key distribution problem? Could such a system be made secure? What vulnerabilities might it have? Any other drawbacks?
A system closely related to this system is the basis of the Kerberos system that has been effectively used for key distribution in local networks. There are,
however, a number of issues that need to be addressed to offer a meaningful solution.
One of them is the fact that the approach is open to replay attacks. Another is the need for synchronization between parties before they can communicate securely. Without this, one side may need to buffer messages, which would allow simple DoS attacks. One approach to handle this issue is to have the server send both keys (encrypted) to on party, and have that party forward the second key to the other party before sending any data.
Exercises
2. Consider a simple block cipher that uses 4 bit blocks, where each block is encrypted by adding 3 to it and discarding any “overflow bits”. So for example,
0010 0101 1110 becomes 0101 1000 0001
To make this more secure, we add cipher block chaining. Suppose the initial vector is 1011. What is the cipher text corresponding to the
following clear text? 0101 1011 0011
Exercises
2. Consider a simple block cipher that uses 4 bit blocks, where each block is encrypted by adding 3 to it and discarding any “overflow bits”. So for example,
0010 0101 1110 becomes 0101 1000 0001
To make this more secure, we add cipher block chaining. Suppose the initial vector is 1011. What is the cipher text corresponding to the
following clear text? 0101 1011 0011
We start by adding (mod 2) 1011 to 0101, which gives 1110, to which we add 3=0011 to get 0001 after discarding the overflow bits.
Next 0001 is added (mod 2) to 1011, which gives 1010, to which we add 3 to get 1101.
Finally, 1101 is added (mod 2) to 0011, which gives 1110, to which we add 3 to get 0001.
Exercises
3. Consider the RSA key pair (91,5), (91,29). Assume the first is the encryption key and the second is the decryption key. What is the encrypted value of the number 10? (Hint: 102 mod 91=9)
Exercises
3. Consider the RSA key pair (91,5), (91,29). Assume the first is the encryption key and the second is the decryption key. What is the encrypted value of the number 10? (Hint: 102 mod 91=9)
Recall that given (n,e), (n,d) and message m<n Encrypt by computing K+(m) = c = me mod n
Decrypt by computing K–(c) = c d mod n = m
So c = 105 mod 91 = (102 mod 91)*(102 mod 91)*10 mod 91
Exercises
4. Consider (31,5), (31,11) as a possible RSA key pair. Does it satisfy the requirements for such a key pair (ignore the fact that the values are too small)? Why or why not? What about (77,5), (77,43)? What about (77,7), (77,43)?
Exercises
4. Consider (31,5), (31,11) as a possible RSA key pair. Does it satisfy the requirements for such a key pair (ignore the fact that the values are too small)? Why or why not? What about (77,5), (77,43)? What about (77,7), (77,43)?
n=31 is a prime number itself, and so cannot be the product of two primes, i.e., be of the form n=pq with p,q>1. Hence (31,5), (31,11) cannot be a possible RSA key pair.
n=77=7*11 is the product of two primes, but e =5 <n has a factor in common with (p-1)(q-1)= 60 = 5*3*2, namely 5. Hence, (77,5),
(77,43) is also not a possible RSA key pair. Note that it is also not
possible to find a d value that satisfies 5*d=k*60+1, since any such d is of the form d = 5*k+0.2.
(77,7), (77,43) satisfies the conditions that 77=n=pq=7*11 is the
product of two primes and e=7 is relatively prime with (p-1)(q-1)=60. We also have d = 43 = (5*6*10+1)/7, which satisfies the condition
Exercises
Exercises
5. Construct a valid RSA key pair using p=11, q=13.
We have n = 143, and (p-1)(q-1) = 10*12 = 120 =2*2*2*3*5. We can, therefore, choose e = 7*11 = 77.
Next, we need to pick d so that d = (k(p–1)(q–1)+1)/e = (k*120+1)/77 for some value of k. A value of k = 34 yields d = (34*120+1)/77 = 53. Hence, (143,77), (143,53) is a valid RSA key pair.
Exercises
6. Suppose that we distributed public keys by simply posting them on the internet on a public web site. Users would then retrieve keys using their web browser and http. Why is this not an acceptable solution to the key distribution problem? How might you change it to make it workable? How does this compare to the approach that uses certificate
Exercises
6. Suppose that we distributed public keys by simply posting them on the internet on a public web site. Users would then retrieve keys using their web browser and http. Why is this not an acceptable solution to the key distribution problem? How might you change it to make it workable? How does this compare to the approach that uses certificate
authorities?
Posting a key on the Internet does not address the issue of certifying the association of an entity’s identity with the key.
Addressing this issue would require that the hosting company of the
public web site on which keys are posted, perform an identity verification step of the stated identity of the entity posting the key. This is in a sense similar to the verification step that is required from any Certification