**Due**: November 8, 2016 (note extension!)**Points**: 100

Remember to justify your answers where appropriate.

- (
*20 points*) The relations*certified*(see ER1) and*allowed*(see ER2) can be collapsed into a single relation. Please do so and state the new relation. Why doesn’t the Clark-Wilson model do this? - (
*28 points*) Consider the RSA cipher with*p*= 5 and*q*= 7. Show that*d*=*e*for all choices of public key*e*and private key*d*. - (
*20 points*) Alice and Bob are creating RSA public keys. They select different moduli*n*_{Alice}and $n_\mathrm{Bob}$. Unknown to both,*n*_{Alice}and*n*_{Bob}have a common factor.- How could Eve determine that
*n*_{Alice}and*n*_{Bob}have a common factor without factoring those moduli? - Having determined that factor, show how Eve can now obtain the private keys of both Alice and Bob.

- How could Eve determine that
- (
*32 points*) Consider the Otway-Rees protocol. Assume that each enciphered message is simply the bits corresponding to the components of the message concatenated together. So, for example, in the first message, one must know the names “Alice” and “Bob”, and the length of the random numbers*r*_{1}and*n*, to be able to parse the portion of the first message that is enciphered with*k*_{Alice}. The separate parts of the enciphered message have no indicators; the recipient is expected to determine them.- Consider Alice when all 4 steps of the protocol have been completed. How does Alice know that steps 2 and 3 have taken place?
- Massicotte asks us to assume that an adversary Edgar is impersonating Bob, and has sufficient control over the exchange
so that he receives the messages intended for Bob. Bob never sees them. What components of the protocol does Edgar know —
that is, does he know
*r*_{1},*r*_{2},*n*, or*k*, or the names of “Alice” and “Bob”? How?_{session} - Given this, in step 4 of the protocol, how might Edgar provide Alice with a session key that he knows?
- How might someone fix this?

- (
*30 points*) Assume that a cryptographic checksum function computes hashes of 128 bits. Prove that the probability is 0.5 that at least one collision will occur after hashing 2^{64}randomly selected messages.

You can also obtain a PDF version of this. | Version of October 23, 2016 at 10:58PM |