1

Mid-Semester Examination
Communication Networks (EE 706), Spring’22
Feb. 21, 2022; Total: 25 marks; Time: 2 hours

• You are allowed to use two A4 sheets with handwritten notes on both sides of each sheet.
• You are allowed to use any result discussed in class without proof. For all other results, a
proof needs to be provided.

Q UESTION 1 (1.5 M ARKS )

[1.5 marks] Show how IPSec reacts to a brute-force attack. That is, can an intruder do an
exhaustive computer search to find the encryption key for IPSec? If yes, then how can it be
protected?

Q UESTION 2 (1.5 M ARKS )

[1.5 marks] Assume that 16-bit initialization vectors are generated randomly in a WLAN using
WEP. Calculate the number of frames an attacker should collect before the first occurrence of a
repeated keystream with the following probability: (a) 30 %, (b) 60 %.

Q UESTION 3 (3 M ARKS )

(a) [1.5 marks] Explain how CRC is vulnerable to the bit flipping attack. (A bit flipping attack
is one in which an attacker can flip bits in the message and CRC while keeping message
integrity check intact).
(b) [1.5 marks] In WEP, if an attacker does not know the encryption key, the attacker does not
have access to the plaintext, only to the ciphertext. Does message integrity still hold? Justify
your answer.
 2

Q UESTION 4 (2 M ARKS )

[2 marks] Suppose an organization uses a VPN to securely connect its sites over the Internet.
Jim, a user in the organization, uses the VPN to communicate with his boss, Mary, over the
Internet. Describe one type of communication between Jim and Mary that would not require the
use of encryption, and another type of communication, which would require encryption. Explain
your answers.

Q UESTION 5 (2 M ARKS )

(a) [1 mark] Encrypt the message m = 13 using the RSA algorithm with p = 11, q = 3 and
e = 3.
(b) [1 mark] Find the private key corresponding to the values in part (a).

Q UESTION 6 (2 M ARKS )

(a) [1 mark] Suppose a Certification Authority (CA) issues Certificate Revocation Lists (CRL)
at times t = 0, 1, 2, . . .. If no certificates are revoked in the interval [i, j], where i and j
are integers and 0 < i < j, then is it necessary that the CRLs issued at times i and j are
identical? Justify your answer. Assume that delta CRLs are not used, and all CRLs issued
are full CRLs.
(b) [1 mark] Suppose certifier.com creates a certificate for foo.com. Would it be acceptable if
the entire certificate were encrypted with certifier.com’s public key? Justify your answer.

Q UESTION 7 (2 M ARKS )

[2 marks] Recall that we studied two methods using which the client and server in TLS can
agree upon the Pre-Master Secret (PMS): the Ephemeral Diffie-Hellman method and the method
in which the client generates a random PMS, encrypts it and sends it to the server. State an
advantage and a disadvantage of each of these methods.

Q UESTION 8 (2 M ARKS )

Consider the following threats to Web security and explain how each is countered by some
particular features of SSL.
 3

(a) [0.5 marks] Man-in-the-Middle Attack: An attacker interposes during the SSL handshake,
acting as the client to the server and as the server to the client.
(b) [0.5 marks] Password Sniffing: Passwords in HTTP or other application traffic are eaves-
dropped.
(c) [0.5 marks] IP Spoofing: Uses forged IP addresses to fool a host into accepting bogus data.
(d) [0.5 marks] IP Hijacking: An active, authenticated connection between two hosts is disrupted
and the attacker takes the place of one of the hosts.

Q UESTION 9 (3 M ARKS )

Consider a cryptographic hash function H(.) with n possible outputs (e.g., if the output is a
128-bit string, then n = 2128 ). As a simple model, assume that for a random input, the output
is selected uniformly at random from the n possible output values.
(a) [1 mark] If the total number of input messages is k < n, then find the probability, say
P1 (n, k), that all input messages result in different hashes.
(b) [2 marks] Let the total number of input messages be k < n and P2 (n, k) be the probability
that at least two different input messages result in the same hash. Then find the minimum
value of k which ensures that P2 (n, k) > 21 .

Q UESTION 10 (2 M ARKS )

Consider a cryptographic hash function H(.) with n possible outputs (e.g., if the output is
a 128-bit string, then n = 2128 ). As a simple model, assume that for each input, the output
is selected uniformly at random from the n possible output values, independently of the other
inputs. An attacker performs the birthday attack on H(.) as follows. He/ She generates two sets,
say A and B, containing k1 and k2 input messages, respectively, where k1 + k2 < n, and finds
the hash value of each message in the set A ∪ B. Define an “A − B-collision” to be a pair of
messages m1 ∈ A, m2 ∈ B such that H(m1 ) = H(m2 ).
(a) [1 mark] Find the expected number of A − B-collisions.
k1
(b) [1 mark] Let the ratio be k2
be equal to 83 . Then using the result obtained in part (a), find
the minimum value of k1 such that the expected number of A − B-collisions is at least 6.
 4

Q UESTION 11 (2 M ARKS )

Suppose Alice and Bob share a secret symmetric key K. Alice authenticates to Bob using
protocol ap4.0, which we discussed in class. Let R denote the nonce used in the protocol
and {X}(Y ) denote Y encrypted using the key X. After executing protocol ap4.0, which of
the following would be secure as a session key? Justify your answers. Note that providing an
answer without a justification will fetch 0 marks.
(a) [0.5 marks] {K}(R ⊕ K).
(b) [0.5 marks] {K + R}(K).
(c) [0.5 marks] {K}(K + 2).
(d) [0.5 marks] {R + K}(R + K).

Q UESTION 12 (2 M ARKS )

Suppose we are using a three-message mutual authentication protocol, and Alice initiates
contact with Bob. Suppose we wish Bob to be a stateless server, and therefore it is inconvenient
to require him to remember the challenge he sent to Alice.
Let us modify the exchange so that Alice sends the challenge back to Bob, along with the
encrypted challenge. So the modified protocol is as shown in Fig. 1.

Fig. 1. Modified protocol

(a) [0.5 marks] Is this modified protocol secure?

(b) [1.5 marks] Provide a justification for your answer of part (a).