UNIVERSITY OF HERTFORDSHIRE

Academic Year: 2019/2020

Semester: B

Student ID _________________

Q1 /25

Q2 /25

Total /50

Percentage

School of Computer Science

7COM1027

Distributed Systems Security

Mock Exam (/50)

There are TWO questions in this Mock. You should answer BOTH questions.
Question 1 (25 marks)

Dr Watson is worried that a 56 bit key is not long enough, so he has invented a new
combination of DES with a one-time pad.

“You see Holmes” he explains, “the government just chooses a one-time pad R,
exclusive-or’s this pad with the plaintext P, and then encrypts the result under the
first DES key k1. The result is sent by ordinary e-mail to the embassy, and the
ambassador was given k1 before he left the country.”

Holmes is intrigued. “But won’t the embassy also need to know R in order to decrypt
P?” “Ah, that’s the clever bit” says Watson modestly. “The government then encrypts
the pad R under a second shared DES key k2, and sends that to the embassy as
well. The attacker will need to guess both k1 and k2 correctly to decipher P, and
that’s 112 bits! Not only that, but the one-time pad really is unbreakable, so the
ambassador can keep on using the same k1 and k2. “

GàE: E"# (P XOR R), E", (R)

“Oh dear, says Holms sadly, “I think Moriarty would have no more difficulty with your
system than he would with ordinary DES. Embassy messages are very formal, and
we must assume that Moriarty knows the Ambassador’s name and title at least…”

a) Explain how a one-time pad can be used in order to provide provable

confidentiality. Under what assumptions is confidentiality guaranteed?
(6 marks)

b) What is a meet-in-the-middle attack? What is a man-in-the-middle attack?

(6 marks)

c) Explain in detail how Moriarty could mount a meet-in-the-middle attack against

Watson’s protocol in order to obtain both k1 and k2. How much known plaintext
would Moriarty need? How much storage would he need? How many trial DES
decryptions should he expect to make? Show your working.

What other difficulties do you foresee with Watson’s protocol, what changes
would you suggest and why?
(13 marks)
Question 2 (25 Marks)

Both grid and cloud computing rely upon middleware in order to realise their
intended purpose. Allied to the development of middleware are the concepts of
heterogeneity and transparency.

a) There are various forms of transparency to be found in a distributed system.

Explain what is meant by this and to what degree this is may be achieved in
the case of RPC (Remote Procedural Calls). How does this relate to
middleware?

[Your discussion should outline a selection of different forms of transparency that

one may meet in a distributed system, identify those forms raised in your
discussion on RPC and outline the types of problem requiring resolution in
contrast to local invocation]

(10 marks)

Asymmetric key cipher systems often rely upon the perceived difficulty in solving a
mathematical problem that the cipher systems employ.

b) Give one example of such a problem. Compare and contrast two asymmetric
key cipher schemes that employ the El Gamal algorithm for their plaintext and
ciphertext. Include examples to support your discussion with primitives and
their orbits. Describe two strengths and two weaknesses that you feel your El
Gamal examples are susceptible to.
(10 marks)

c) Given that the ordered 5-tuple (n, p, q, a, b) = (55, 5, 11, 7, 23) is to be

employed to encrypt a plaintext value m = 6 using RSA, derive the ciphertext
value that results.
(5 marks)