network security quiz questions
let n = pq, with p,q primes. Euler's theorum says that, for all x we have x^phi(n) = 1modn. what is phi(n) in this case?
(p-1)(q-1)
all public key algorithms currently used (rsa, diffie-hellman, etc) are insecure against ...
QC attacks
In a reflection attack on a challenge-response authentication system the attacker, Trudy, uses the same protocol in both directions.Trudy first initiates a connection to Bob pretending to be Alice with a challenge R2. Bob responds with the encryption of R2 and his ownchallenge R1. To get the encryption of R1 Trudy initiates a new connection to Bob using the challenge R1 (Bob's challenge in the firstconnection). When Trudy gets the encryption of Bob's challenge in the second connection, she sends this to Bob in the first connection.There are several ways to mitigate this attack: one is wrong. identify the wrong one. The Responder (Bob) :
Uses a MAC instead of an encryption in his response, e.g., MAC(K;R2) instead of {R2}K.
non-linearity can be achieved by using a keyed-based subsitituion on the plaintext input bits. DES uses purpose designed subsitituitons (s-boxes). other ciphers such as AES use an appropriate operation. This des subsitution is based on:
XORing the key and plaintext
Following are two definitions for forward secrecy. Which one is wrong? A. Compromising long-term keys, should not compromise future session keys B. Compromising long-term keys, should not compromise previous session keys
a
One of the following statements is TRUE. Which one? A. TLS that uses the the RSA + Diffie-Hellman protocols for key exchange guarantees forward secrecy B. TLS that only uses the RSA protocol for key exchange guarantees forward secrecy C. In the TCP handshake of the TLS protocol the Client and Server exchange their identifiers. D. In the TLS handshake of the TLS protocol the Client and Server exchange their supported TLS versions, cipher suites, compressionmethod etc.
a
one of the following statements is incorrect. which one?
a QC can solve np-hard problems
PKCS (public key cryptography standards) proposes solutions to avoid pitfalls. one such pitfall involves encrypting messages m < n^(1/3) where n is the rsa modulus. what goes wrong in this case?
anyone can easily recover the message
In the context of Cryptography the initials C, I, A are used. What does A stand for?
availability
One of the following statements is incorrect. Which one? A. TLS that uses the Diffie-Hellman protocol for key exchange guarantees forward secrecy B. TLS that uses the RSA protocol for key exchange guarantees forward secrecy C. TLS that uses the RSA protocol is more efficient than the version that uses the Diffie Hellman protocol
b
The following public key protocol is an authentication protocol that implicitly mutually authenticates Alice and Bob. Alice -> Bob: "I am Alice", {R1}Bob Bob to Alice: "I am Bob" {R2}Alice where R1, R2 are random numbers. "Implicit" here means that: (pick one) A. Additional private information is need to confirm the identity of the parties. B. Additional flows are needed to confirm that each party received the message that it was sent. C. The protocol is subject to impersonation attacks D. Something else.
b
the cost of encrypting using protocol FANCY LINEAR is cn, where c is a constant and n is the length of the secret key. The adversary has designed a protocol BREAK LINEAR for which the cost to break LINEAR is 2^(n/2) .Recent technology improvements have necessitated doubling the length of secret keys. So the cost of FANCY linear has doubled to 2cn. What has happened to the cost of BREAK LINEAR? A. It has, also, doubled. B. It has increased by 2^(n/2) C. It has been halved D. something else
b
Consider the following authentication protocol: Alice -> Bob: f(KAB, g^a mod p) Bob to Alice: f(KAB, g^b mod p) where f is symmetric key encryption, KAB a shared secret key, p a prime number and a generator g. One of the following statements is false. Which one? A. This protocol mutually authenticates Alice and Bob B. The authentication is implicit C. This protocol is subject to reflection attacks D. This protocol is subject to DoS attacks E. This protocol establishes a session key for which we have forward secrecy.
c
In the context of Cryptography the initials C, I, A are used. What does C stand for?
confidentiality
Only one of the following statements is not true. Which one? A. The number of relatively prime numbers to a prime p is: phi(p) = p -1 B. The number of relatively prime numbers to a composite number p x q , where p,q are primes is: phi(p x q) = (p-1)(q-1) C. If n = pq, p,q primes, the probability of picking a number not relatively prime to n is 1 - phi(n)/n~ 2/ sqrt(n) D. Finding a number that is not relatively prime to n=pq, p,q primes is easier than factoring n
d
Consider the following authentication protocol: Alice -> Bob: "I am Alice", R1 Bob to Alice: f(KAB, R1) R2 Alice to Bob: f(KAB, R2) where f is an encryption function. One of the following statements is false. Which one? A. The protocol mutually authenticates Alice and Bob B. The authentication is implicit C. The protocol is subject to reflection attacks D. The protocol is subject to DoS attacks E. The protocol establishes a session key
e
The Needham-Schroeder protocol is one of the two transport key protocols (TCP) intended for use over an insecure network: a symmetric key protocol and apublic key protocol (this protocol was discussed in class). These protocols aim to establish a (symmetric) session key and provide mutual authentication.Following is a list of properties/services/uses of the Needham-Schroeder protocol, except for one, Identify the wrong one. A. Is a transport key protocol (TCP) intended for use over an insecure network B. It aims to provide full (not only implicit) mutual authentication C. It aims to establish a session key D. it uses nonces to prevent replay attacks E. the nonce are timestamps F. a key distribution center is used to distribute keys
e
the cost of the encryption of a secure cipher system should be while that of a brute force attack should be
exp(N), poly(N)
A DoS attack is possible when the workload of the non-initiating party is significantly larger than that of the initiator.The following public key protocol is subject to a DoS attack (TRUE or FALSE) Alice -> Bob: "I am Alice", Bob to Alice: R1 Alice to Bob: {R1}Alice
false
True or false: Consider the following three pass challenge-response authentication protocol, in which Alice initiates contact with Dory. Dory is a stateless server, and is not required to remember the challenges he sent to Alice.Alice first sends the message to Dory. "Hi, I am Alice" Dory then responds with a challenge, Challenge: , that is a random number. Finally Alice sends Dory her response that includes (Dory is forgetful): Response: the pairwhere is the encryption of using the a key that Alice and Dory share. This authenticates Alice.
false
commitment protocol: Alice and Bob play a game of "odd or even" online, they each pick a number. alice wins if the numbers have the same parity, otherwise bob wins. Alice makes a verifiable commitment: Md(rA), where rA number, and sends it to Bob. Then Bob sends Alice his number rA. When alice recieves it she reveals her number. Bob must also commit to his number: rB before sending it to Alice (assumes the channel is reliable)?
false
kerkchoffs' principles stipulates that for security, the cipher system (the encryption device) should never be captured
false
the entropy of a fair coin toss is .5 bits
false
true or false A quantum computer can solve NP-hard problems
false
true or false H is a cryptographic hash function. This means that:It is computationally infeasible to compute H(m) given message m, but feasible to find m given only H(m).
false
true or false Hashing data is used to provide secrecy
false
true or false The cost of the encryption of a secure cipher system should be exp(N) while that of a brute force attack should be poly(N).
false
true or false The following public key authentication protocol: Alice -> Bob: "I am Alice", Kalice{g^R1 modp} Bob to Alice: Kbob{g^R2 mod p} with session key Ks = g^R1R2 modp, provides forward secrecy even when Alice and Bob are compromised
false
true or false The following public key authentication protocol: Alice -> Bob: "I am Alice", {R1}Bob Bob to Alice: {R2}Alice with session key Ks= R1 XOR R2, provides forward secrecy even when Alice and Bob are compromised
false
true or false The one-time pad XOR's a string of random (uniformly distributed) bits with the plaintext bit string to get the ciphertext. The bits of the ciphertext have the same distribution asthe plaintext.
false
true or false There are several modes of operation that are used with block ciphers. One of them is CBC (Cipher Block Chaining). With CBC theencryption of the same block twice results in the same ciphertext blocks.
false
true or false kerkchoffs' principle stipulates that for security, the cipher system (the encryption device), should never be captured
false
true or false: A DoS attack is possible when the workload of the non-initiating party is significantly larger than that of the initiator.The following protocol is subject to a DoS attack. Alice -> Bob: "I am Alice", Bob to Alice: R1 Alice to Bob : f(KAB, R1) where f is an encryption function
false
true or false: DES is a secret key encryption scheme for which the plaintext is 64 bits, the key size is 56 bits plus 8 parity check bits, and the number of rounds is 10.
false
true or false: For secret key encryption, confusion requires that each bit of the ciphertext must depend on one bit of the key.
false
true or false: a brute force attack on 2DES requires roughly 2^56 x 2^56 = 2^112 key searches
false
true or false: a cryptographic hash function normally has 64 or 96 bits of output.
false
true or false: a mangler function should be an invertible function (/can decrypt ciphertexts
false
true or false: hashing data is used to provide secrecy.
false
true or false: in rsa, it is possible for more than one d to work with a given e, p, and q.
false
true or false: secret key cryptography uses two keys: a secret key and a public key
false
true or false: the cbc (cipher block chaining) encryption is parallelizable
false
true or false: the length of a roundkey in DES is 32 bits
false
true or false: we know that x^(phi(n)) = 1modn, with phi(p) = p-1, if p is a prime and phi(pq)= (p-1)(q-1) if p,q are distinct primes. suppose that n=13. then 5^13 = 1mod13
false
a lattice L consists of vectors (points) <x1, x2, ..., xn> whose coordinates are:
integers
the rsa modulus is n=pq with p,q primes of (roughly) equal size. supose you find a non-trivial root of unity j (that is j^2 modn =1 with j!= +- 1) then: given n, j
it is easy to factorize n using the euclidean algorithm
Given that the Lamport hash value is sent in the clear over the network, why is it more secure than a password?
knowing the hash still requires funding a hash preimage
suppose that fred sees your rsa signature on m1 (s=m1^d mod n). How does he compute the signature on m1^3 mod q?
raises the signature to the 3rd power modulo n
hmac involves two message digests: the first one processes the input message while the second on processes the output of the first one. the key use is both digests is...
slightly modified
strong collision resistance for a cryptogrphic hash function H means:
something else
H is a cryptographic hash function of length n. A brute force attack to get a collision with probability at least .5 requires
sqrt(2 ^n) hash tries
H is a cryptographic hash function. Then we have: It is computationally infeasible to find a pair of messages m1, m2 != m1 such that H(m1) = H(m2).This property is called:
strong collision resistance
Let m = m1 || m2 (two blocks) and m' = m3 (one block) be two messages with CBC residues t, t' respectively. What is CMCMACk(m)?
t
Let m = m1 || m2 (two blocks) and m' = m3 (one block) be two messages with CBC residues t, t' respectively. What is CMCMACk(m || m' XOR t)?
t'
Let m = m1 || m2 (two blocks) and m' = m3 (one block) be two messages with CBC residues t, t' respectively. What is CMCMACk(m3)?
t'
we have symmetric and asymmetric (also called public key) encryption. What can you say about the encryption and decryption keys of symmetric encryption
the keys are the same
salt is a per-user unique system value appended to the password. who appends this to the password?
the server
macs use padding rules that are designed to address a "padding" attack (as well as extended a message so that its length is a multiple of the block size). the block length of md5 is 512 bits. padding consists of a 1 followed by enough 0 bits used for?
to describe the number of blocks
The DSA uses two prime moduli: a short one q (256 bits) and a long one p (3,072 bits). The signature is a pair of numbers (T,S) that are reduced modulo q. What is the primary reason for this?
to reduce the size of the digital signature
the SSL/TLS handshake protocol enables the TLS client and server to establish the secret keys with which they communicate. What do the initials TLS stand for?
transport layer security
DES and AES are secret key ciphers
true
H is a cryptographic hash function. Collision resistance: given a message m, it is computationally infeasible to find another message m' such that H(m)=H(m').
true
H is a cryptographic hash function. Then we have: Given a message m, it is computationally infeasible to find another message m != m' such that H(m') = H(m).
true
The DSA uses a per-message key T = (g^t modp) modq, in which the size of g^t mod p (2,072 bits) is significantly reduced to that of(256 bits). The primary reason for this is to reduce the size of the digital signature.
true
true or false All public key algorithms currently used (RSA, Diffie-Hellman, etc) are insecure against quantum computer attacks.
true
true or false One way to authenticate a message is to use a CBC residue. With this, a message is authenticated by attaching to it its CBC residue(CBCMAC). To compute the CBC residue of a message one uses the CBC mode of encryption.
true
true or false With secret key encryption, confusion requires that each bit of the ciphertext must depend on several bits of the key.
true
true or false With secret key encryption, diffusion requires that by changing any single bit of the plaintext roughly half of the bits of the ciphertext will change.
true
true or false: H is a cryptographic hash function. Given it is computationally infeasible to find another message m' such that H(m)=H(m').
true
true or false: RC4 is no longer regarded as a secure steam cipher
true
true or false: SSH (secure shell) is a network communication protocol that enables two computers to communicate and share data over an insecure network.
true
true or false: The Lamport hash protocol is vulnerable to a dictionary attack by an eavesdropper (assuming communication is not using an encryptedchannel such as TLS)
true
true or false: With secret key encryption, diffusion requires that, changing one bit of the plaintext will change roughly half the bits of the ciphertext.
true
true or false: confusion means that each bit of the ciphertext depends on several parts of the key, to obscure their connection
true
true or false: security attacks are distinguished as passive or active. In a passive attack, the adversary attempts to learn information from the system.
true
true or false: security attacks are distinguished as passive or active. In an active attack, the adversary attempt to affect (alter) system resources.
true
true or false: the electronic code book (ecb) mode of encryption does not link any information
true
true or false: the one-time pad XORes a string of random (uniformly distributed) bits with the plaintext bit string to get the cipher text. The bits of the cipher text are random (uniformly distributed)
true
true or false: we know that x^(phi(n)) = 1modn, with phi(p) = p-1, if p is a prime and phi(pq)= (p-1)(q-1) if p,q are distinct primes. suppose that n=10. then 5^4 = 1mod10
true
true or false: with secret key encryption, diffusion requires that, changing one bit of the plaintext will change roughly half of the bits of the ciphertext
true
mac uses padding rules that are designed to address a "padding" attack (as well as extended a message so that its length is a multiple of the block size). the block length of md5 is 512 bits. suppose that the length of the original message is already a multiple of 512. In this case,
we still pad it
The DSA algorithm has parameters p,q,gp,q,g a hash function, the public/private key pair <T,S><T,S> and a per-message public/private key pair <Tm,Sm><Tm,Sm>. The signature on message mm is X=S−1m(dm+STm)modqX=Sm−1(dm+STm)modq . Does Sm always have (a multiplicative) inverse?
yes
cipher block chaining encryption: the plaintext is P1, P2, P3, P4.... the ciphertext is C1, C2, C3, C4... suppose P2 is corrupted to P2'. This will change C2 to C2'. Will C3, C4 be affected?
yes
is it true that in zp = {0,1,....,p-1} with p a prime: the only square roots of 1 are +1, -1?
yes
in rsa given that the primes p,q are approximately the same size, what is the size of phi(n) given that the size of n is 1024 bits?
1024 bits
RC4 is a stream cipher. It generates a pseudorandom stream of blocks that are then XOR-ed wit the block of the plaintext to get the ciphertext. What is the length of the blocks?
256 bits
the p-boxes permute a...
32 bit stream
which one of the following is true
3^18 mod 10 = 3^4 mod 10 = 1
sha-3 uses a special padding rule. the message should be padded so that its length is a multiple of the rate r = n x r. padding after a domain separator 01 involves a bit-string 10....01, where the number of 0's ranges from 0 to r+3. what is the smallest length of padding (including the separator)?
4 bits
the s-boxes substitute a...
48 bit string by a 32 bit string
Alice and Bob use the Diffie-Hellman key exchange with common prime p = 11 and generator g = 2. If the private key of Alice is Sa = 4 what is her public key Ta?
5
SHA-3 is novel hash function that offers several parameter choices and security options. The most secure version has has length:
512 bits
in rsa given that the primes p,q are approximately the same size, what is the size of p if the modulus n is 1024 bits?
512 bits
padding for MD5: consists of a bit 1 followed by as many zero's as needed to make the overall length of the message ___, where n is an integer
512 x n - 64 bits
the key size for DES is , and DES has rounds.
56, 16
parameters of des (blocksize, keysize, no. of rounds)
64, 56, 16
the multiplicative inverse of 5mod13 is
8
SHA-1 operates on 512-bit blockks and produces 160-bit security. Against a brute force attack the security of SHA-1 is
80 bits
cipher block chaining, at the receiver side: the plaintext is: P1, P2', P3, P4 ..., where P2' is corrupted This was encrypted, and then transmitted the receiver will receive....
P1, P2', P3, P4..., with only one plaintext changed
RC4: to generate a pseudorandom stream we use a secret key K that is an array of up to 256 numbers between 0 and 256, to generate an array T of 256 bytes. If the key K is [0, 13, 113, 213] then:
T = [0,13,113,213] repeated 64 times altogether
