CS 334: Computer Security (Prof. Szajda) Exam 2 October 31, 2008

Name:______

Note: This exam is open book, open note. You are, however, limited to your course papers, note, tests, etc. Under no circumstances can you be assisted by anyone other than myself. The Honor Code applies. Your completed test is to be returned to my office by no later than 5:00pm on Friday, November 7, 2008.

Please keep your answers concise and to the point (though one line answers rarely suffice). To be clear, when I say “Explain”, that means that a one line answer does not suffice, even if a one line answer technically “answers” the question. That does not, however, mean I require a book length answer. It means that you should consider the Other Student Criteria.

Questions 3 and 14 are each worth 8 points. All remaining questions are worth 6 points.

1. (9 points) Describe in some detail the RSA public-key encryption algorithm. Among the topics that should be discussed are: a. The way in which a person chooses a public-private key pair. b. The way in which a message is encrypted and decrypted. c. The reason why the scheme is secure.

2. (7 points) Describe in detail the Diffie-Helmann key exchange algorithm.

3. (12 points) In the paper “Why Cryptosystems Fail”, Ross Anderson presents a number of problems with the way security systems are typically designed, developed, deployed, and tested. In particular, discuss a. His assertion that “information security is at heart an engineering problem. The hardware and software products which are designed to solve it should in principle be judged in the same way as any other products: by their cost and effectiveness”. b. The problems that arise due to integration of multiple security software packages c. The inclusion of the “people” factor in the security equation d. The reasons why the security community lacks the type of useful feedback system found in the airline industry.

4. (6 points) What is meant by the term “security through obscurity”? Is this considered to be a good security technique? Be sure to explain your answer. 5. (8 points) Explain the primary differences between public key and symmetric key cryptography. Does public key cryptography effectively eliminate the key management problem? Explain.

6. (6 points) Consider the following classical substitution cipher to be used to encrypt English language ASCII text. The cipher chooses 26 distinct integers at random, and assigns one to each letter of the alphabet. The message is then encrypted by mapping individual letters to their associated integer. Is this cipher secure? Explain why or why not. If not, explain how an adversary might attempt to break the cipher.

7. (6 points) Consider the following scenario. An adversary is attempting to decrypt a message encrypted with AES. The adversary has the computational power to perform (and complete) an exhaustive key search. Is the adversary guaranteed to determine the key used to decrypt the message? Be sure to explain your answer (and be careful here).

8. (6 points) What exactly is steganography? What are its advantages and disadvantages?

9. (8 points) Why specifically do we require a structure (such as a Fiestel cipher) for our ciphers? Be sure to specifically address the question of why we can’t use arbitrary mappings of, say, n bit strings to n bit strings.

10. (12 points) This question concerns hash functions and MACS (as defined in the context of computer security). a. What are hash functions and MACs, and (specifically) why are they necessary? b. What is the difference between a hash function and a MAC? c. Define the following terms, as applied to hash functions: c.i. One-way property c.ii. Weak collision resistance c.iii. Strong collision resistance

11. (12 points) Explain in some detail (though without going into assembly code or the like) why buffer overflow attacks are possible, and how they are implemented.

12. (8 points) You have been approached by a journalist who is asking for your evaluation (as an expert in computer security) of DRE voting machines. What do you tell her? Be sure to discuss the goals of an election system and how they are met (or not, as the case may be) by current state-of-the-art DRE systems.