data communications chapter 8
Internet entities (routers, switches, DNS servers, Web servers, user end ~ystems, and so on) often need to communicate securely. Give three specific example pairs of Internet entities that may want secure communication.
User's laptop and a web server; (ii) two routers; (iii) two DNS name servers.
Suppose n =10,000, a =10,023, and b = 10,004. Use an identity of modular arithmetic to calculate in your head (a • b) mod n.
a mod n = 23 , b mod n = 4. So (a*b) mod n = 23*4=92
Signature-based IDSs and IPSs inspect into the payloads of TCP and UDP segments. True or False?
True
Suppose an SSL session employs a block cipher with CBC. True or False: The server sends to the client the IV in the clear?
True. The IV is always sent in the clear. In SSL, it is sent during the SSL handshake.
An IKE SA and an IPsec SA are the same thing? True or False?
False. An IKE SA is used to establish one or more IPsec SAs.
Suppose that TCP is being run over IPsec between headquarters and the branch office in Figure S.29. If TCP retransmits the same packet, then the two cOITesponding packets sent by R I packets will have the same sequence number in the ESP header. True or False?
False. IPsec will increment the sequence number for every packet it sends.
In the SSL record, there is a field for SSL sequence numbers. True or False?
False. SSL uses implicit sequence numbers.
Consider sending a stream of packets from Host A to Host B usiog IPsec. Typically, a new SA will be established for each packet sent in the stream. True or False?
False. Typically an IPsec SA is first established between Host A and Host B. Then all packets in the stream use the SA.
Stateful packet filters maintain two data structures. Name them and briefly describe what they do.
Filter table and connection table. The connection table keeps track of connections, allowing for a finer degree of packet filtering.
Suppose Alice has a message that she is ready to seod to anyone who asks. Thousands of people want to obtain Alice's message, but each wants to be sure of the integrity of the message. Ln this context, do you think a MAC-based or a digital-signature-based integrity scheme is more suitable? Why?
For a MAC-based scheme, Alice would have to establish a shared key with each potential recipient. With digital signatures, she uses the same digital signature for each recipient; the digital signature is created by signing the hash of the message with her private key. Digital signatures are clearly a better choice here.
Suppose N people want to communicate with each of N - I other people using symmetric key encryption. All communication between any two people, i and j, is visible to all other people in this group of N, and no other person in this group should be able to decode the ir communication. How many keys are required in the system as a whole? Now suppose that public key encryption is used . How many keys are required in this case?
If each user wants to communicate with N other users, then each pair of users must have a shared symmetric key. There are N*(N-1)/2 such pairs and thus there are N*(N-1)/2 keys. With a public key system, each user has a public key which is known to all, and a private key (which is secret and only known by the user). There are thus 2N keys in the public key system.
Why must an application gateway work in conjunction with a router filter to be effective?
If there isn't a packet filter, than users inside the institution's network will still be able to make direct connections to hosts outside the institution's network. The filter forces the users to first connect to the application gateway.
What is the man-in-the-middle attack? Can this attack occur when symmetric keys are used?
In a man-in-the-middle attack, the attacker puts himself between Alice and Bob, altering the data sent between them. If Bob and Alice share a secret authentication key, then any alterations will be detected.
Suppose that an intruder has an encrypted message as well as the decrypted version of that message. Can the intruder mount a ciphertext-only attack, a known-plaintext attack, or a chosen-plaintext attack?
In this case, a known plaintext attack is performed. If, somehow, the message encrypted by the sender was chosen by the attacker, then this would be a chosen-plaintext attack.
Consider a traditional (stateless) packet filter. This packet filter may filter packets based on TCP flag bits as well as other header fields . True or False?
True
In WEP, an IV is sent in the clear in every frame. True or False?
True
In a traditional packet filter, each interrace can have its own access control list. True or False?
True
Consider an 8-block cipher. How many possible input blocks does this cipher have'! How many possible mappings are there? If we view each mapping as a key, then how many possible keys does this cipher have?
An 8-block cipher has 28 possible input blocks. Each mapping is a permutation of the 28 input blocks; so there are 28! possible mappings; so there are 28! possible keys.
Suppose Bob initiates a TCP connection to Trudy who is pretending to be Alice. During the handshake, Trudy sends Bob Alice's certificate. In what step of the SSL handshake algorithm will Bob discover that he is not communicating with Alice?
After the client will generate a pre-master secret (PMS), it will encrypt it with Alice's public key, and then send the encrypted PMS to Trudy. Trudy will not be able to decrypt the PMS, since she does not have Alice's private key. Thus Trudy will not be able to determine the shared authentication key. She may instead guess one by choosing a random key. During the last step of the handshake, she sends to Bob a MAC of all the handshake messages, using the guessed authentication key. When Bob receives the MAC, the MAC test will fail, and Bob will end the TCP connection.
Consider WEP for S02. 11. Suppose that that the data is 10 I 0 1100 and the keystream is II J1000. What is the resulting ciphertext?
01011100
Suppose you want to encrypt the message 10 I 01111 by encrypting the dec imal number that corresponds to the message. What is the decimal number?
175
In what way does the public-key encrypted message hash provide a better digital signature than the public-key encrypted message?
A public-key signed message digest is "better" in that one need only encrypt (using the private key) a short message digest, rather than the entire message. Since public key encryption with a technique like RSA is expensive, it's desirable to have to sign (encrypt) a smaller amount of data than a larger amount of data.
Suppose that Bob receives a PGP message from Alice. How does Bob know for sure that Alice created the message (rather than, say, Trudy)? Does PGP use a MAC for message integrity?
Alice provides a digital signature, from which Bob can verify that message came from Alice. PGP uses digital signatures, not MACs, for message integrity.
What are the differences between message confidentiality and message integrity? Can you have confidentiality without integrity? Can you have integrity without confidentiality? Justify your answer.
Confidentiality is the property that the original plain text message can not be determined by an attacker who intercepts the cipher text-encryption of the original plain text message. Message integrity is the property that the receiver can detect whether the message sent (whether encrypted or not) was altered in transit. The two are thus different concepts, and one can have one without the other. An encrypted message that is altered in transmit may still be confidential (the attacker can not determine the original plain text) but will not have message integrity if the error is undetected. Similarly, a message that is altered in transit (and detected) could have been sent in plain text and thus would not be confidential.
Can you "decrypt" a hash of a message to get the original message? Explain your answer.
No. This is because a hash function is a one-way function. That is, given any hash value, the original message cannot be recovered (given h such that h=H(m), one cannot recover m from h).
What does it mean to say that a nonce is a once-in-a-lifetime value? In whose lifetime?
Once in a lifetimes means that the entity sending the nonce will never again use that value to check whether another entity is "live".
From a service perspective, what is an important difference between a symmetric-key system and a public-key system ?
One important difference between symmetric and public key systems is that in symmetric key systems both the sender and receiver must know the same (secret) key. In public key systems, the encryption and decryption keys are distinct. The encryption key is known by the entire world (including the sender), but the decryption key is known only by the receiver.
In what way does a hash provide a better message integrity check than a checksum (such as the Internet checksum)?
One requirement of a message digest is that given a message M, it is very difficult to find another message M' that has the same message digest and, as a corollary, that given a message digest value it is difficult to find a message M'' that has that given message digest value. We have "message integrity" in the sense that we have reasonable confidence that given a message M and its signed message digest that the message was not altered since the message digest was computed and signed. This is not true of the Internet checksum, where we saw in Figure 7.18 that it easy to find two messages with the same Internet checksum.
What does it mean for a signed document to be verifiable and non-forgeable?
Suppose Bob sends an encrypted document to Alice. To be verifiable, Alice must be able to convince herself that Bob sent the encrypted document. To be non-forgeable, Alice must be able to convince herself that only Bob could have sent the encrypted document (e.g.,, non one else could have guess a key and encrypted/sent the document) To be non-reputiable, Alice must be able to convince someone else that only Bob could have sent the document. To illustrate the latter distinction, suppose Bob and Alice share a secret key, and they are the only ones in the world who know the key. If Alice receives a document that was encrypted with the key, and knows that she did not encrypt the document herself, then the document is known to be verifiable and non-forgeable (assuming a suitably strong encryption system was used). However, Alice can not convince someone else that Bob must have sent the document, since in fact Alice knew the key herself and could have encrypted/sent the document.
What is the purpose of a nonce in an end-point authentication protoco}'7
The purpose of the nonce is to defend against the replay attack.
What is the purpose of the random nonces in the SSL handshake?
The purpose of the random nonces in the handshake is to defend against the connection replay attack.
Suppose certifier.com creates a certificate for foo.com. Typically, the entire certificate would be encrypted with certifier.com's public key. True or False?
This is false. To create the certificate, certifier.com would include a digital signature, which is a hash of foo.com's information (including its public key), and signed with certifier.com's private key.
Consider a variation of the MAC algorithm (Figure 8.9) where the sender sends (m, H(m) + s), where H(m) + s is the concatenation of H(m) and s. Is this variation flawed? Why or why not?
This is scheme is clearly flawed. Trudy, an attacker, can first sniff the communication and obtain the shared secret s by extracting the last portion of digits from H(m)+s. Trudy can then masquerade as the sender by creating her own message t and send (t, H(t)+s).
