COMPUTER SECURITY

(TEXT BOOK_ASSIGNMENT # 2)

Name Muhammad Jahad Tariq

Registration no BS-LB-21-109885
Assignment No 02
Topics CS4e_Chapter_2
 (Problem # 2.1)

Q: Typically, in practice, the length of the message is greater than the

block size of the encryption algorithm. The simplest approach to
handle such encryption is known as electronic codebook (ECB) mode.
Explain this mode. Mention a scenario where it cannot be applied.
Explain briefly why it is not a secure mode of encryption ?

Ans:

Electronic Codebook (ECB) Mode:

In Electronic Codebook (ECB) mode, the plaintext is divided into
blocks, and each block is independently encrypted using the same
key. The same key is used for all blocks in the message, and each
block is encrypted separately. The result of encrypting each block is
the ciphertext.
Key Characteristics of ECB Mode:

1. Independence: Each block of plaintext is encrypted

independently of other blocks.
2. Repetition: If the same plaintext block appears in different
parts of the message, the corresponding ciphertext blocks will
be identical.
3. Lack of Diffusion: Changes in the plaintext only affect the
corresponding ciphertext block without influencing other parts
of the ciphertext.

Scenario where ECB Mode Cannot be Applied:

ECB mode is not suitable for encrypting large amounts of data with a
repeating pattern or structure, as it doesn't provide sufficient
diffusion. For example, images, where identical blocks represent the
same pixel values, will exhibit recognizable patterns in the ciphertext
when encrypted using ECB. In such scenarios, other modes like
Cipher Block Chaining (CBC) or Counter (CTR) mode are more
appropriate.
Security Issues with ECB Mode:

1. Deterministic Encryption: Since each block of plaintext always

maps to the same ciphertext block when using the same key,
attackers can detect patterns and repetitions in the ciphertext.
This lack of variability can lead to security vulnerabilities.
2. Pattern Recognition: Identical blocks of plaintext result in
identical blocks of ciphertext, making it easier for an attacker to
identify repeated patterns within the encrypted data. This
compromises confidentiality, especially when encrypting
structured or repetitive data.
3. Semantic Security Concerns: ECB mode does not provide
semantic security, meaning an attacker can gain information
about the plaintext by observing the patterns in the ciphertext.
This makes it less suitable for secure communication.

In summary, while ECB mode is simple and efficient, it lacks the

necessary properties to ensure a high level of security, particularly
when encrypting large datasets with repeating patterns. It is
generally not recommended for secure encryption of sensitive
information, and other modes that provide better diffusion and
randomness, such as CBC or GCM, are preferred in practice.

(Problem # 2.2)

Q: In this problem, we will compare the security services that are

provided by digital signatures (DS) and message authentication codes
(MAC). We assume Oscar is able to observe all messages sent from
Alice to Bob and vice versa. Oscar has no knowledge of any keys but
the public one in case of DS. State ……?

Ans:
(1)
Digital Signatures (DS) and Message Authentication Codes (MAC) are
cryptographic techniques used to provide integrity, authentication,
and non-repudiation in communication. Let's discuss how DS and
MAC protect against various attacks in the scenario where an
eavesdropper, Oscar, can observe all messages sent between Alice
and Bob.
Digital Signatures (DS):
1. Data Integrity:
 DS: Digital signatures provide data integrity by ensuring

that the signed content has not been tampered with. If

the content is altered, the signature verification will fail.
2. Authentication:
 DS: Digital signatures authenticate the sender. Only the

entity possessing the private key corresponding to the

public key used for signature verification could have
produced the signature.
3. Non-Repudiation:
 DS: Digital signatures provide non-repudiation. The

sender cannot later deny sending the message, as the

digital signature is uniquely tied to their private key.
4. Protection Against Oscar's Observation:
 DS: Even if Oscar observes the digital signature, he cannot

forge a valid signature without the private key. The

security relies on the secrecy of the private key.
Message Authentication Codes (MAC):
1. Data Integrity:
 MAC: Message Authentication Codes also provide data

integrity. If the message is altered, the MAC verification

will fail.
2. Authentication:
  MAC: MACs authenticate the sender if they share a secret
key. Only parties with the secret key can generate a valid
MAC.
3. Non-Repudiation:
 MAC: MACs do not provide non-repudiation. Since both

parties share the same key, the sender could deny

sending a message, claiming someone else with access to
the key generated the MAC.
4. Protection Against Oscar's Observation:
 MAC: If Oscar observes the MAC but does not possess the

secret key, he cannot generate a valid MAC for a

tampered message. However, if he gains access to the
shared key, he could generate valid MACs.
Comparison:
 DS Strengths: Provides non-repudiation and strong

authentication due to the use of asymmetric keys.

 MAC Strengths: Efficient and simpler, provides integrity and

authentication with a shared secret key.

 Weaknesses: Both DS and MAC are vulnerable if the private key

(DS) or secret key (MAC) is compromised.

 Recommendation: For situations requiring non-repudiation, DS

is preferred. For scenarios where a shared secret key is

acceptable, MAC is efficient and commonly used.

(a)
If Alice sends the message x = "Transfer $1000 to Mark" and its
corresponding authentication code auth(x) to Bob, and Oscar
intercepts the message and changes "Mark" to "Oscar," Bob will
detect this. The authentication code is generated based on the
original message content, and any modification to the message will
result in a failed authentication.
(b)
If Alice sends the message x = "Transfer $1000 to Oscar" and its
authentication code auth(x) to Bob, and Oscar replays the same
message and authentication code multiple times, Bob will likely
detect this. Properly designed authentication mechanisms include
mechanisms to prevent replay attacks. For example, a timestamp or
nonce may be included in the message or signature to ensure
freshness.

(c)
If Oscar and Alice both claim to have sent the same message x with a
valid authentication code auth(x) to Bob, and Bob only has access to
the public key used for authentication, he cannot determine the true
sender. The authentication process only verifies the integrity of the
message and the possession of the private key corresponding to the
public key used for verification. It does not identify the entity that
originally generated the message.

(d)
If Bob claims to have received a message x with a valid signature
auth(x) from Alice, but Alice denies sending it, it becomes a dispute.
The digital signature only verifies the authenticity of the message
and does not reveal the content. In such a scenario, additional
evidence or a trusted third party may be needed to resolve the
dispute.

(Problem # 2.6)

Q: Suppose H(M) is a cryptographic hash function that maps a

message of an arbitrary bit length on to an n-bit hash value. Briefly
explain the primary security requirements of the hash function H.
Assume that H outputs 16-bit hash values. How many random
messages would be required to find two different messages M and
M’ such that H(M) = H(M’).

Ans:

The primary security requirements of a cryptographic hash function,

denoted as H, include:

1. Preimage Resistance:
 Given a hash value h, it should be computationally

infeasible to find any message M such that H(M) = h. This

property ensures that it's difficult to reverse the hashing
process and determine the original input from the hash
output.

2. Second Preimage Resistance:

 Given a specific message M, it should be computationally

infeasible to find another message M' (not equal to M)

such that H(M) = H(M'). This property ensures that it's
difficult to find a different input that produces the same
hash value.

3. Collision Resistance:
 It should be computationally infeasible to find any two

distinct messages M and M' such that H(M) = H(M'). This

property ensures that it's difficult to find different inputs
that result in the same hash output. Collision resistance is
particularly crucial for the security of hash functions.

4. Avalanche Effect:
 A small change in the input message should produce a

significantly different hash value. This ensures that even a

 minor alteration in the input results in a drastically
different hash output, providing a high level of sensitivity
to changes in the input.

5. Efficiency:
 The hash function should be computationally efficient to

compute the hash value for any given input. This ensures
that the hashing process is practical and can be
performed in a reasonable amount of time.

6. Pseudo randomness:
 The hash function should produce output that appears

random, even though it is determined by a deterministic

algorithm. This property is important for preventing
attackers from predicting or exploiting patterns in the
hash output.

7. Resistance to Length Extension Attacks:

 The hash function should be resistant to length extension

attacks, where an attacker attempts to append additional

data to a hashed message without knowing the original
content.

8. Security Parameter:
 The hash function should have a sufficient bit length

(security parameter) to resist attacks. The longer the hash

output (e.g., 256 bits or more), the more secure the hash
function is against brute-force and collision attacks.

When a hash function produces 16-bit hash values, there are a total
of 2^16 (or 65,536) possible hash values. This means that there are
65,536 distinct hash values that can be generated by the hash
function.
The Birthday Paradox is a phenomenon in probability theory that
states that the probability of two different items having the same
value increases significantly as the number of items (in this case,
hash values) increases.
To find the number of random messages required to have a
significant probability of finding two messages M and M' such that
H(M) = H(M'), you can use the Birthday Paradox formula. The
formula is:
Number of messages ≈
√ Total Number of hash Values
2
Substituting in the given values:
Number of messages ≈
√ 65536
2
≈ √ 32768 ≈ 181.019
Therefore, you would need approximately 181 random messages to
have a 50% probability of finding two messages with the same hash
value. As you increase the number of random messages, the
probability of a collision (two different messages producing the same
hash value) increases.