14.1 List ways in which secret keys can be distributed to two communicating parties.
Get 14.1 exercise solution
14.2 What is the difference between a session key and a master key?
Get 14.2 exercise solution
14.3 What is a nonce?
Get 14.3 exercise solution
14.4 What is a key distribution center?
Get 14.4 exercise solution
14.5 What are two different uses of public-key cryptography related to key distribution?
Get 14.5 exercise solution
14.6 List four general categories of schemes for the distribution of public keys.
Get 14.6 exercise solution
14.7 What are the essential ingredients of a public-key directory?
Get 14.7 exercise solution
14.8 What is a public-key certificate?
Get 14.8 exercise solution
14.9 What are the requirements for the use of a public-key certificate scheme?
Get 14.9 exercise solution
14.10 What is the purpose of the X.509 standard?
Get 14.10 exercise solution
14.11 What is a chain of certificates?
Get 14.11 exercise solution
14.12 How is an X.509 certificate revoked?
Get 14.12 exercise solution
Problems
14.1 One local area network vendor provides a key distribution facility, as illustrated in Figure 14.18. a. Describe the scheme. b. Compare this scheme to that of Figure 14.3. What are the pros and cons?
Get 14.1 exercise solution
14.2 “We are under great pressure, Holmes.” Detective Lestrade looked nervous. “We have learned that copies of sensitive government documents are stored in computers of one foreign embassy here in London. Normally these documents exist in electronic form only on a selected few government computers that satisfy the most stringent security requirements. However, sometimes they must be sent through the network connecting all government computers. But all messages in this network are encrypted using a top-secret encryption algorithm certified by our best crypto experts. Even the NSA and the KGB are unable to break it. And now these documents have appeared in hands of diplomats of a small, otherwise insignificant, country. And we have no idea how it could happen.” “But you do have some suspicion who did it, do you?” asked Holmes. “Yes, we did some routine investigation. There is a man who has legal access to one of the government computers and has frequent contacts with diplomats from the embassy. But the computer he has access to is not one of the trusted ones where these documents are normally stored. He is the suspect, but we have no idea how he could obtain copies of the documents. Even if he could obtain a copy of an encrypted document, he couldn’t decrypt it.” “Hmm, please describe the communication protocol used on the network.” Holmes opened his eyes, thus proving that he had followed Lestrade’s talk with an attention that contrasted with his sleepy look. “Well, the protocol is as follows. Each node N of the network has been assigned a unique secret key Kn. This key is used to secure communication between the node and a trusted server. That is, all the keys are stored also on the server. User A, wishing to send a secret message M to user B, initiates the following protocol: 1. A generates a random number R and sends to the server his name A, destination B, and E(Ka, R). 2. Server responds by sending E(Kb, R) to A. 3. A sends E(R, M) together with E(Kb, R) to B. 4. B knows Kb, thus decrypts E(Kb, R), to get R and will subsequently use R to decrypt E(R, M) to get M. You see that a random key is generated every time a message has to be sent. I admit the man could intercept messages sent between the top-secret trusted nodes, but I see no way he could decrypt them.” “Well, I think you have your man, Lestrade. The protocol isn’t secure because the server doesn’t authenticate users who send him a request. Apparently designers of the protocol have believed that sending E(Kx, R) implicitly authenticates user X as the sender, as only X (and the server) knows Kx. But you know that E(Kx, R) can be intercepted and later replayed. Once you understand where the hole is, you will be able to obtain enough evidence by monitoring the man’s use of the computer he has access to. Most likely he works as follows. After intercepting E(Ka, R) and E(R, M) (see steps 1 and 3 of the protocol), the man, let’s denote him as Z, will continue by pretending to be A and … Finish the sentence for Holmes.
Get 14.2 exercise solution
14.3 The 1988 version of X.509 lists properties that RSA keys must satisfy to be secure given current knowledge about the difficulty of factoring large numbers. The discussion concludes with a constraint on the public exponent and the modulus n: It must be ensured that e 7 log2(n) to prevent attack by taking the eth root mod n to disclose the plaintext. Although the constraint is correct, the reason given for requiring it is incorrect. What is wrong with the reason given and what is the correct reason?
Get 14.3 exercise solution
14.4 Find at least one intermediate certification authority’s certificate and one trusted root certification authority’s certificate on your computer (e.g. in the browser). Print screenshots of both the general and details tab for each certificate.
Get 14.4 exercise solution
14.5 NIST defines the term cryptoperiod as the time span during which a specific key is authorized for use or in which the keys for a given system or application may remain in effect. One document on key management uses the following time diagram for a shared secret key.
Explain the overlap by giving an example application in which the originator’s usage period for the shared secret key begins before the recipient’s usage period and also ends before the recipients usage period.
Get 14.5 exercise solution
14.6 Consider the following protocol, designed to let A and B decide on a fresh, shared session key K=AB. We assume that they already share a long-term key KAB. 1. AS B:A, NA. 2. B S A:E(KAB, [NA, K=AB]) 3. AS B:E(K=AB, NA) a. We first try to understand the protocol designer’s reasoning: — Why would A and B believe after the protocol ran that they share K=AB with the other party? —Why would they believe that this shared key is fresh? In both cases, you should explain both the reasons of both A and B, so your answer should complete the sentences A believes that she shares K=AB with B since… B believes that he shares K=AB with A since… A believes that K=AB is fresh since… B believes that K=AB is fresh since… b. Assume now that A starts a run of this protocol with B. However, the connection is intercepted by the adversary C. Show how C can start a new run of the protocol using reflection, causing A to believe that she has agreed on a fresh key with B (in spite of the fact that she has only been communicating with C). Thus, in particular, the belief in (a) is false. c. Propose a modification of the protocol that prevents this attack.
Get 14.6 exercise solution
14.7 What are the core components of a PKI? Briefly describe each component.
Get 14.7 exercise solution
14.8 Explain the problems with key management and how it affects symmetric cryptography. Note: The remaining problems deal with the a cryptographic product developed by IBM, which is briefly described in a document at this book’s Premium Content Web site (IBMCrypto. pdf). Try these problems after reviewing the document.
Get 14.8 exercise solution
14.9 What is the effect of adding the instruction EMKi EMKi: XS E(KMHi, X) i = 0, 1
Get 14.9 exercise solution
14.10 Suppose N different systems use the IBM Cryptographic Subsystem with host master keys KMH[i](i = 1, 2,cN). Devise a method for communicating between systems without requiring the system to either share a common host master key or to divulge their individual host master keys. Hint: each system needs three variants of its host master key.
Get 14.10 exercise solution
14.11 The principal objective of the IBM Cryptographic Subsystem is to protect transmissions between a terminal and the processing system. Devise a procedure, perhaps adding instructions, which will allow the processor to generate a session key KS and distribute it to Terminal i and Terminal j without having to store a key-equivalent variable in the host.
Get 14.11 exercise solution
