Homework 4

Due: December 10, 2014
Points: 100


  1. (20 points) Consider the RSA cipher with p = 5 and q = 7. Show that d = e for all choices of public key e and private key d.

  2. (20 points) Does using passwords with salts make attacking a specific account more difficult than using passwords without salts? Explain why or why not.

  3. (20 points) In the ISO model, peer processes communicate without regard for precise implementation of activities at other layers. For example, the application does not know or care what specific routing has been chosen by the network layer. What is the security effect of an application program’s not knowing the routing selected for a particular message, or even a particular session?

Do one of the following problems

  1. (40 points) The year 2038 will pose a problem for most 32-bit UNIX systems because of the way time is represented. What specific aspect of the representation makes that year a problem? When during the year does the problem occur? Give a specific date and time. Show how you got it. What is the date with the same effect on a 64-bit system?
    Hint: You will need to write a small program to find the specific date and time.

  2. (40 points) Needham and Schroeder suggest the following variant of their protocol:
      1.  Alice → Bob : Alice
      2.  Bob → Alice : { Alice || rand3 }kBob
      3.  Alice → Cathy : { Alice || Bob || rand1 || { Alice || rand3 }kBob }kAlice
      4.  Cathy → Alice : { Alice || Bob || rand1 || ksession || { Alice || rand3 || ksession }kBob }kAlice
      5.  Alice → Bob : { Alice || rand3 || ksession }kBob
      6.  Bob → Alice : { rand2 }ksession
      7.  Alice → Bob : { rand2 − 1 }ksession
    Show that this protocol solves the problem of replay as a result of stolen session keys.

Extra Credit

  1. (40 points) Do the other one of the last two problems.
  2. (40 points) Show that, under the Yaksha security scheme, Alice can obtain the session key by computing (CAlice)dAliceA mod nAlice

You can also obtain a PDF version of this. Version of December 1, 2014 at 7:54PM

ECS 235A, Computer and Information Security
Fall Quarter 2014