ICS 134 – Spring 2011: Homework 3
Name: Student ID:
Q1 Q2 Q3 Q4 Q5 TOTAL /20 /20 /20 /20 /20 /100
Due: Wednesday, June 1 @ noon
Turning it in: Email your homework as a single-file PDF attachment to [email protected]. Use subject line: “ICS134 HW3”.
Warning: Homework submissions not following above guidelines will not be graded.
1 Problem 1.
Consider two protocols below. In each of them, B authenticates to A using a pre-shared key K. In Protocol 1, A uses a nonce to challenge B (and vice versa) and, in Protocol 2, A and B use non-wrapping ever-increasing sequence numbers. Which protocol is more secure and why?
Protocol 1: (1) A B: RA (2) B A: E (K, RA), RB (3) A B: E (K, RB)
Protocol 2: (1) A B: SEQA (2) A increments SEQA (3) B A: E (K, B, SEQA,), SEQB (4) B increments SEQB (5) A B: E (K, A, SEQB,)
2 Problem 2.
Suppose that today is December 31, 2011. You have Alice’s public key certificate that expires at midnight on January 1, 2012. You receive two signed email messages from Alice: one arrives at 11pm on December 31, 2011 and the other – at 1am on January 1, 2012. You do not check your email until January 2nd (due to massive hangover). How should you treat these two “new” messages from Alice?
3 Problem 3.
Recall that each certificate includes an expiration time. A Certificate Revocation List (CRL) is issued periodically. It lists all currently revoked certificates. Do we still need the expiration time in each certificate if certificates are revoked using CRLs? Explain why or why not.
4 Problem 4.
Alice and Bob share a key K.
A) Bob has a clock. Alice has no clock and no source of random numbers. How can Alice authenticate Bob? Explain…
B) Alice has a clock. Bob does not have a clock but has a source of random numbers. How does Bob authenticate Alice? Explain…
5 Problem 5.
All web browsers are pre-configured with root certificates of many certification authorities. (a) Why? (b) Look into the security settings for your web browser. What key lengths and public key encryption/signatures are used the most?
6