Homework 3

Due: February 22, 2016
Points: 100

1. (32 points) Consider the Otway-Rees protocol. Assume that each enciphered message is simply the bits corresponding to the components of the message concatenated together. So, for example, in the first message, one must know the names “Alice” and “Bob”, and the length of the random numbers r₁ and n, to be able to parse the portion of the first message that is enciphered with k_Alice. The separate parts of the enciphered message have no indicators; the recipient is expected to determine them.
   1. Consider Alice when all 4 steps of the protocol have been completed. How does Alice know that steps 2 and 3 have taken place?
   2. Massicotte asks us to assume that an adversary Edgar is impersonating Bob, and has sufficient control over the exchange so that he receives the messages intended for Bob. Bob never sees them. What components of the protocol does Edgar know — that is, does he know r₁, r₂, n, or k_session, or the names of “Alice” and “Bob”? How?
   3. Given this, in step 4 of the protocol, how might Edgar provide Alice with a session key that he knows?
   4. How might someone fix this?

2. (28 points) Revisit the example for x := y + z in Section 17.1.1. Assume that x does not exist in state s. Confirm that information flows from y and z to x by computing H(y_s | x_t), H(y_s), H(z_s | x_t), and H(z_s) and showing that H(y_s | x_t) < H(y_s)$ and H(z_s | x_t) < H(z_s)$.

3. (40 points) This problem asks you to extend the buffer overflow attack from the last homework assignment. In the Resources area of SmartSite (or the Homework area of the nob.cs.ucdavis.edu class web site) is a program realbad.c (also see below). This program contains a buffer overflow vulnerability; see the call to gets(3) at line 13. Your job is to exploit the overflow by providing input to the running process that will cause the program to invoke the function runcom and cause the system(3) function to be executed with a command embedded in the input you have given. You must pass in a parameter that is a Linux command, which the program will then execute. (I recommend the command id(1).)

   Please turn in the following:

   1. A hex dump of the input you use. Please also show where the parameter to trap() is in your input.
   2. A screenshot of the program’s output for that input.

   realbad.c

   This is a listing of realbad.c.

   \lstset{numbers=left,numberstyle=\tiny,language=c,xleftmargin=3ex}

   
   #include <stdio.h>
   #include <stdlib.h>
   
   void runcom(char *cmd)
   {
   	system(cmd);
   	exit(0);
   }
   
   int getstr(void)
   {
   	char buf[12];
   	gets(buf);
   	return(1);
   }
   
   int main(void)
   {
   	getstr();
   	runcom("echo Overflow failed");
   	return(1);
   }
   

Extra Credit

4. (20 points) Consider the RSA cryptosystem. Show that the ciphertexts corresponding to the messages 0, 1 and n−1 are the messages themselves. Are there other messages that produce the same ciphertext as plaintext?