ICS 134 Spring 2011: Homework 3

ICS 134 Spring 2011: Homework 3

<p> ICS 134 – Spring 2011: Homework 3</p><p>Name: Student ID:</p><p>Q1 Q2 Q3 Q4 Q5 TOTAL /20 /20 /20 /20 /20 /100</p><p>Due: Wednesday, June 1 @ noon</p><p>Turning it in: Email your homework as a single-file PDF attachment to [email protected]. Use subject line: “ICS134 HW3”.</p><p>Warning: Homework submissions not following above guidelines will not be graded.</p><p>1 Problem 1.</p><p>Consider two protocols below. In each of them, B authenticates to A using a pre-shared key K. In Protocol 1, A uses a nonce to challenge B (and vice versa) and, in Protocol 2, A and B use non-wrapping ever-increasing sequence numbers. Which protocol is more secure and why? </p><p>Protocol 1: (1) A  B: RA (2) B  A: E (K, RA), RB (3) A  B: E (K, RB)</p><p>Protocol 2: (1) A  B: SEQA (2) A increments SEQA (3) B  A: E (K, B, SEQA,), SEQB (4) B increments SEQB (5) A  B: E (K, A, SEQB,)</p><p>2 Problem 2.</p><p>Suppose that today is December 31, 2011. You have Alice’s public key certificate that expires at midnight on January 1, 2012. You receive two signed email messages from Alice: one arrives at 11pm on December 31, 2011 and the other – at 1am on January 1, 2012. You do not check your email until January 2nd (due to massive hangover). How should you treat these two “new” messages from Alice?</p><p>3 Problem 3.</p><p>Recall that each certificate includes an expiration time. A Certificate Revocation List (CRL) is issued periodically. It lists all currently revoked certificates. Do we still need the expiration time in each certificate if certificates are revoked using CRLs? Explain why or why not. </p><p>4 Problem 4.</p><p>Alice and Bob share a key K. </p><p>A) Bob has a clock. Alice has no clock and no source of random numbers. How can Alice authenticate Bob? Explain…</p><p>B) Alice has a clock. Bob does not have a clock but has a source of random numbers. How does Bob authenticate Alice? Explain…</p><p>5 Problem 5.</p><p>All web browsers are pre-configured with root certificates of many certification authorities. (a) Why? (b) Look into the security settings for your web browser. What key lengths and public key encryption/signatures are used the most?</p><p>6</p>

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    6 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us