Computer Security Coursework

M30606
Due Date: 2023-03-31
Question 1:
The correct answer is E because it attempts the protocol that consists of 3
messages.

1. A -> S : A, B 1. A communicates with S by giving the names of the two

people who will share the secret.
2. S -> A : KAB 2. S transmit the secret “KAB” to A
3. A -> B : KAB , A3. A provides B with KAB and its identification. KAB is just a
symbolic term for the bit string indicating the secret supposed to be
exchanged by the principals performing the parts of A and B; it doesn't contain
any information about A or B. We employ M, N, and hM, but the protocol
specification is noticeably incomplete. Assume that in order for Ni to represent
concatenation, the server that is initially playing the role of S will share a
secret key called sk(U, S) for each user who can assume the position of U in
the system. The symbol |m |k indicates symmetric cryptography of m with key

1.A -> S : A, B 2.S −→ A : {| KAB |}sk(A,S) , {| KAB |}sk(B,S) 3.A −→ B : {| KAB

|}sk(B,S) , A

interception A −→ O(B) : m

injection O(A) −→ B : m

cryptography cannot be broken by the adversary, hence we represent the nth stage
of the mth sessions by m.n.

1.1 a −→ s : a, b

1.2 s −→ a : {| kab |}sk(a,s) , {| kab |}sk(b,s)

1.3 a −→ i(b) : {| kab |}sk(b,s) , a 2.3 i(x) −→ b : {| kab |}sk(b,s) , x

The hacker I hijacks the communication from sender a to recipient b, replacing a's
identity with x.

Because I am aware of this key, I can further assume the identity of b and discover
all the data that an is going to provide to b. As a result, a will believe that the
conversation with b has indeed been successfully concluded and she's actually
sharing the key information with b.

Question 2:

F is the right answer Because, KAB doesn't really contain any information about the
a or B. KAB is just a symbolic term for the bit string indicating the secret expected to
be exchanged by the principal that take on the identities of A and B observe the
severely incomplete method specification that utilizes both M, N & hM, Ni to express
the concatenation.

Assume that each user who can play the part U in the system has access to the
secret key sk(U, S), which is shared at the beginning by the server assuming the
position S. The symbol |m |k indicates encryption algorithm of m with key

1.A −→ S : A, B

2.S −→ A : {| KAB |}sk(A,S) , {| KAB |}sk(B,S)

3.A −→ B : {| KAB |}sk(B,S) , A

Consequences: Depending on the situation in which the framework is used, for

instance, b may divulge to an information that was intended to be communicated
only with x. As a result, even though I doesn't really obtain kab, the framework is
broken because it doesn't satisfy the requirement that users should be aware of who
else is in possession of the key pair.

Question 3:
Part D is False
According to the Zhou- Gollman

O - Originator, R - Recepient, TTP - Trusted Third Party, k - key, Sx - Signature

of entity X

It appears that your reference's notation begins at point in time 0, with 5 steps.
Changing the answer's numbering to correspond to the inquiry.

A - Origin

B - Recipient

➔ Part A is TRUE

Explanation: Step 3: R executes an ftp connection with TTP and key confirmation.

Step 4 : O uses TTP to do an ftp action while having the key

confirmed.

➔ Part B is TRUE

Explanation: Step 0, O -> R transmission of signed message.

 Step 1, R -> O, Transmission of signed message.

➔ Part C is TRUE

Explanation: Till the Step 0, Only O -> R communication is there. S is not involved
at all.

➔ PART D is FALSE.

Explanation: Step 3, B performs the ftp with TTP and gets confirmation of key Conk.

➔ Part E is TRUE

Explanation: In 2nd step, Recipient sends the signature to Origin. Hence , A can
verify that B is still alive..

➔ Part F is TRUE.

Explanation: At step 4, FTP is being used with confirmation flags between A & S.

➔ Part G is TRUE

Explanation: Step 3, O -> TTP, A sends key to S, hence S can prove that A has
access to key.

➔ Part H is FALSE.

Explanation: A starts the entire procedure. To begin the procedure, you must be
alive.

➔ Part I is TRUE

Explanation: Step 2, R -> O; Here B sends evidence of receipt to A. So A knows

that B is alive.

➔ Part J is TRUE.

Explanation: Self explanatory.

Question 4:

b) is the Correct answer

Explanation-

1. A → S: (B, {(A, K1)}KpbS)

It simply means that a packet containing the key KpbS and the identity of A has been
sent to S.
Key K1 is for communication between A and B

2. S → B: A

Message is decrypted by B

3. B → S: (A, {(B, K2)}KpbS)

That simply means that a packet with the key KpbS and the Identity of B has been
sent to S.

Key K2 is for communication between B and A

4. S → A: (B, {K2}K1)

Now after this Authentication takes place.

From the above Protocol we get that the message is sent from A to B

and B to A

Authentication takes place at the last step.

K1 Key For A to B

K2 Key For B to A

We have Three Runs So All the Keys are independent of each other.

That is if K1 is compromised, it has no effect on K2

We have Three Runs

For P3

P3.K1 is compromised

As P3 happens after P2 and P2 happens after P1.

Question 5:

Answer is C, (2. S -> B: {A}KpbB)

B is erroneously assuming that KbpB is the 1st step and that communication with A
is necessary.

1. A -> S: (B, {(A, K1)}KpbS)

means

A is contacting "S" by sending the identities of the B & {(A,K1)}KpbS they are going
to share the secret
2. S ->B: A

"S" is sending the secret message "B"->"A"

3. B ->S: (A, {(B, K2)}KpbS)

"B" is passing "A" together along with the identity to "S"

4. S -> A: (B, {K2}K1)

"S" is sending the secret to "A" to "(B,{k2}K1)"fresh key generated for the 2 of them
by S

Step 2

is the attack trace

1. I(A) -> S: (B, {(A, K)}KpbS)

2. S ->B: A

3. B -> S: (A, {(B, K2)}KpbS)

4. S -> I(A): (B, {K2}K)

Hence the answer is c) 2. S -> B: {A}KpbB

Question 6:

B has just received the following message, which represents a cryptographic data
object:

{(

{(KPbB)KPrS mod KPbS}K1,

{|(NB, NA , {{({K2}KPbB, NS)}(G1)KPrA mod NA}K1, {|{( {G3}(KPbA)KPrS mod

KPbS, G2)}K1|}KPrB)|}KPrA

)}KBS

The following explains various terms in this object and some of the abbreviations
used:

- {M} K represents the encryption of some message/data M using the key K

- {|M|} K represents the digital signing of some message/data M using the key K
- NX represents a nonce (i.e. a fresh and possibly random number used once only)
generated by X

- KpbX represents the public part of the key pair presumably owned by X

- KprX represents the private part of the key pair presumably owned by X

- KAB represents a symmetric key shared between A and B

- K (or K1, K2, K3 etc.) represents some arbitrary key with no assumptions about its
scope

- M represents some alphanumeric/textual message with no assumptions

- G1, G2, G3 etc. are prime numbers

References

Tilborg, H. C.A. (2011). Encyclopedia of Cryptography and Security (Second

ed.). Springer.

Murdoch, S. J. (Ed.). (2011). Security – protocols, crypto. murdoch.