Introduction to Computer Security Example solutions

Exercise 4, 15.-18.2.2011

1.

2. (a) • Port 80 is usually used by unencrypted HTTP.

• Reason that that port is chosen may be that it could be the easiest port to open
to outside world.
• Port should be opened only when a good technical justification is given.
(b) • What data is collected and sent for the analysis?
• What happens to data after the analysis?
• What privileges does the data collection require?
• What reputable clients does the company have?
(c) • If the company C has enough expertise, it can ask for NDA-lisence to look through
the source code.
• A trusted third party could be used to check the program.
• A program could be first tested on a ”sand box” environment.
(d) • A company could buy their own server that the security company could use for se-
curity data analysis. That way all company data could be held inside the company
walls. After the analysis, the analysis software could be uninstalled.

3. • Since the message has to be split into 160 bit blocks, this hash function can’t be used
for arbitrary length messages. However, it could be extended very easily by appending
message with extra padding.
• Hash function produces constant length output.
• It is easy to calculate, since xor is easily implemented in hardware.
• Hash function h is not preimage resistant. For example given a hash y, h(y) = y.
• Hash function h is not secondary preimage resistant. Given a message m1 , we can
construct a message m2 = m1 ||0160 , where 0160 is a series of 160 zero bits. Since
x ⊕ 0 = x, also h(m2 ) = h(m1 ).
• Collision resistance property doesn’t hold, because for any message m1 , we can con-
struct a message m2 with the same hash by appending zero bits to m1 .

4. • We can do a meet-in-the-middle attack against the encryption

• Let m be a clear text and x a cipher text
• Calculate Ek (m) for all possible keys k and store results into a table A
• Calculate Dk (x) for all possible keys k and store results into a table B
• If table A and B have matching entries, the corresponding keys k 0 and k 00 are likely
the keys we are looking for.

5. (a)

Pj = Cj ⊕ L32 (EK (Xj ))

Xj+1 = R32 (Xj ) || Cj
(b)

P̃1 = C̃1 ⊕ L32 (EK (X1 ))

X̃2 = R32 (X1 ) || C̃1
P̃2 = C2 ⊕ L32 (EK (X̃2 ))
X̃3 = R32 (X̃2 ) || C2 = R32 (R32 (X1 ) || C̃1 ) || C2 = C̃1 || C2
P̃3 = C3 ⊕ L32 (EK (X̃3 ))
X4 = R32 (X̃3 ) || C3 = R32 (C̃1 || C2 ) || C3 = C2 || C3
P4 = C4 ⊕ L32 (EK (X4 ))

Corruption of C̃1 corrupts decrypted clear text P̃1 by one bit. Blocks P̃2 and P̃3 are
totally corrupted. Starting from X4 and P4 the corrupted block C̃1 doesn’t anymore
corrupt plain text blocks.