Exam Questions

Part 1: Short Answer. Answers should be no longer than a few sentences. “Bulletized” lists or small tables may be used for the sake of brevity. The point value of each question appears at the beginning of the question. Partial credit may be given if work is clearly shown.

1. (6 pts) Using the English alphabet (i.e., mod 26 arithmetic) let plaintext = {p1, p2,… , pn} and corresponding ciphertext = {c1, c2,… , cn}. Suppose the encryption function is ci = pi + 10 (mod 26). If you receive the ciphertext message MYXCDSDEDSYX and are asked to recover the plaintext. answer the following questions: a). What is the decryption function, b). What is the decrypted plaintext? c). What are some weaknesses of this cipher?

2. (4 pts) You are Alice. You have agreed with your friend Bob that you will use the Diffie-Hellman public-key algorithm to exchange secret keys. You and Bob have agreed to use the public base g = 19 and public modulus p = 739. You have secretly picked the value SA = 5.You begin the session by sending Bob your calculated value of TA. Bob responds by sending you the value TB = 113. What is the value of your shared secret key?

3. Consider the following plaintext message: INFA 640 IS A UMUC GRADUATE COURSE. a. (2 pts) If this message is sent unencrypted and successfully received, what is its entropy? b. (2 pts) If this message is encrypted with DES using a random 56-bit key, what is the encrypted message’s entropy?

4. A particular cipher is implemented by combining the ASCII representation of plaintext characters with pseudorandom bytes (eight-bit binary strings of 1s and 0s) using the XOR function. In the process of encrypting a message, a character in the plaintext is XORed with the pseudorandom byte 10110101. a. (2 pts) What is the ciphertext (in binary form) generated by the encryption of the character X? (Please show your work.) b. (2 pts) What is the plaintext for the ciphertext 11110110? (Please show your work.)

5. An organization has 250 members. It is desired that each member of the organization be able to communicate securely with any other member, without any other member being able to decrypt their messages. (Explain the details of each question below) a. (2 pts) What is the total number of keys that are required for the organization if symmetric cipher is used. b. (2 pts) What is the number of keys that are required for each member if symmetric cipher is used. c. (2 pts) What is the total number of public key(s) and private key(s) are required for the organization if asymmetric cipher is used. d. (2 pts) How many public key(s) and private key(s) are required for each member if the asymmetric cipher is used.

6. (4 pts) Acme Inc. is developing the next generation financial tracking program, and Alice has been given the task of writing the encryption component, which will encrypt each user’s data in a file on the hard drive. Alice has decided to use RSA as her encryption algorithm. As the cryptographic consultant for the project, do you think this is a good choice or not? You should state the reasons for your answer, and suggest an alternative if you do not think she made a good choice.

7. (4 pts) Briefly compare and contrast how asymmetric cryptography is used to provide encryption as opposed to how it can be used to provide a digital signature.

8. (4 pts) What is the purpose of the Diffie-Hellman algorithm? What are its major strength(s) and weakness(es)?

9. (4 pts) A foreign navy has implemented a secure communications system in which submarine commanders transmit a single 5-letter message every day. The messages may only use capital (English) letters, and all messages are equally probable. A crypto device encrypts each message into 20 bits of ciphertext. a. What is the entropy of the plaintext message? b. What is the entropy of the ciphertext message? c. Is this a good cryptosystem? Why or why not?

10. (4 pts) Bob is concerned about the possibility of having his 100k byte file modified without his knowledge, so he calculates a 100 byte hash. Alice, unbeknownst to Bob, changes a single character in Bob’s file. Assuming that Bob used a strong hash function, what would the hash value of the modified file look like, as compared with the original hash value?

11. Suppose that Alice and Bob need to communicate, and have decided to use asymmetric (public key) encryption. a. (4 pts) Using only asymmetric encryption algorithms, describe a process that would allow Alice to send a message that can only be read by Bob. You should also include any steps taken by Bob that allow him to read the message.

b. (4 pts) Using only asymmetric encryption algorithms, describe a process that would allow Alice to send a message that Bob could be confident was sent by Alice. You should also include any steps taken by Bob to determine whether or not Alice actually sent the message.

c. (4 pts) Using only asymmetric encryption algorithms, describe a process that would allow Alice to send a message that can only be read by Bob, and that Bob could be confident was sent by Alice. You should include any steps taken by Bob to read the message, or to determine whether Alice actually sent the message.

Suppose that Eve runs a key server. Alice downloads a key from the key server which Eve claims is Bob’s public key. Bob downloads a key from the key server which Eve claims is Alice’s public key. a. (4 pts) Given that Alice and Bob both assume that they have the correct public keys for the other party, and assuming that Eve can intercept any messages passed between Alice and Bob, is there any way that Eve can read the encrypted communications between the two parties? If so, how could she do it, and would Bob or Alice know that Eve was reading their messages?

b. (4 pts) What steps could Alice take to ensure that the public key which Eve claims belongs to Bob is actually correct?

Part 2: Essay Question. Maximum length: three (3) pages (double spaced). Use APA format for in-line citations and references. (10 pts)

Compare and contrast symmetric and asymmetric encryption algorithms. Your response should include a brief overview of the cryptographic basis for each type of algorithm, and a comparison of their relative strengths and vulnerabilities. Describe how a hacker might go about cracking a message encrypted with each type of algorithm. Suggest a specific application for each type of algorithm where the advantages clearly outweigh the disadvantages.