Scribd
Upload
398 views2 pages

CS5460 Assignment4

This document contains instructions for an assignment on computer security including exercises from the textbook and additional questions to answer. It asks the student to complete textbook problems on chapter 7 and explain their answers. It also poses 3 additional questions: 1) Explain how shared secrets and public/private keys authenticate parties, 2) Consider if a described authentication protocol protects against eavesdropping and server database disclosure without public key cryptography, and 3) Determine if a described protocol is susceptible to reflection attacks. It provides context about mutual authentication and forming session keys.

Uploaded by

the_tigdra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
398 views2 pages

CS5460 Assignment4

This document contains instructions for an assignment on computer security including exercises from the textbook and additional questions to answer. It asks the student to complete textbook problems on chapter 7 and explain their answers. It also poses 3 additional questions: 1) Explain how shared secrets and public/private keys authenticate parties, 2) Consider if a described authentication protocol protects against eavesdropping and server database disclosure without public key cryptography, and 3) Determine if a described protocol is susceptible to reflection attacks. It provides context about mutual authentication and forming session keys.

Uploaded by

the_tigdra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

CS 5460 Computer Security I Fall 2011

Assignment #4 (Due: 10/27/2011)


You must complete all the questions. Each question is worth 10 points except mentioned. Do not simply show the answers to the questions; justify your answers through analysis. Exercises from the Textbook: Chapter 7: Problem 13; Problem 23; Problem 27; Problem 29; Problem 35;

Additional questions: 1. Explain how to use (a) a shared secret and (b) public/private keys, to authenticate two communicating parties. 2. In the class we asserted it is extremely difficult, without public key cryptography, to have an authentication scheme which protects against both eavesdropping and server database disclosure. Consider the following authentication protocol (based on Novell version 3 security). Alice knows a password. Bob, a server that will authenticate Alice, stores a hash of Alices password. Alice types her password (say, fiddlesticks) to her workstation. The following exchange takes place:

Is this an example of an authentication scheme that isnt based on public key cryptography and yet guards against both eavesdropping and server database disclosure? 3. In mutual authentication, we discussed the reflection attack and note that Protocol 11-8 is susceptible to it, but Protocol 11-7 is not. How about Protocol 11-11? (see following)

4. In class we discussed several possibilities for forming a session key. Remember that R is the challenge sent by Bob to Alice, and K (or KAlice-Bob) is the shared secret between Alice and Bob. Which of the following are secure for a session key? { } ; { } ; { } The following was the authentication protocol we discussed for shared secret:
;

You might also like