CIS 4360 Introduction to Computer Security

CIS 4360 Introduction to Computer Security

CIS 4360 Introduction to Computer Security Home Assignment 9, Fall 2010 – with answers Due: Thu 12:30pm, 23/11/2010 This assignment concerns Key Establishment and Authentication. Examples taken from: Dieter Gollmann, Computer Security, 2nd Edition, John Wiley. 1. In the HTTP basic authentication protocol, analyze the security gains (if any) when the client sends a hash of the password instead of a base64 encoding of the password. Answer. No real gain. The attacker just intercepts the hash of the password and provides the hash later to imper- sonate the user. The protocol has to use some kind of nonce to avoid such replay attacks. N.B. In contrast, with the Digest Access Authentication the Server sends a nonce, which the client must include in the hash: request−digest = h(h(username||realm||password)||nonce||h(method||digest−uri)), and even though h(username||realm||password), h(method||digest−uri) are the same, the value of nonce (which the Server picks) changes. However this scheme can be broken with a dictionary attack. The dictionary will give the attacker a value for h(username||realm||password)||nonce||h(method||digest−uri), and if the attacker replaces the value of nonce, the hash of the new string is likely to have the correct value. 2. Justify that the AKEP2 protocol provides (a) mutual entity authentication and (b) implicit key authenti- cation. Answer. (a) Mutual entity authentication. A gets a reply hK (B, A, nA, nB) to its challenge nA that can only come from B (assuming the long term key K is not compromised). B gets a reply hK (A, nB) to its challenge nB that can only come from A. (b) Implicit key authentication. The session key k = hK (nB) is computed from the shared secret K and the nonce nB; thus, it can only be computed by A and B, and it cannot be the replay of a previously compromised session key. 3. Consider this simple password-based challenge-response protocol run between a user A and a server S. PA denotes A’s password, x is a random nonce generated by the server, and h is a known cryptographic hash function. (a) S → A : ePA(x) (b) A → S : ePA(h(x)) [ePA(x) is the encryption of x with password PA]. Show that this protocol is vulnerable to an off-line password guessing attack. Answer. The attacker intercepts the two messages and guesses a password, and gets two values, x and y, by decrypting both messages. If y = h(x), the guessed password is likely to be correct. Mike Burmester 1.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    1 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us