December 28th, 2015

German University in Cairo

Media Engineering and Technology
Lecturer: Amr El Mougy
TA: Mostafa Talaat

BINF 711: Information Security

Winter Term 2015
Final Exam

Bar Code

Instructions: Read carefully before proceeding.

1) Duration of the exam: 3 hours (180 minutes).
2) (Non-programmable) Calculators are allowed.
3) No books or other aids are permitted for this test.
4) This exam booklet contains 14 pages, including this one. All papers have to be kept attached. Note
that if one or more pages are missing, you will lose their points. Thus, you must check that
your exam booklet is complete.
5) Write your solutions in the space provided. If you need more space, write on the back of the sheet
containing the problem and make an arrow indicating that.
6) When you are told that time is up, stop working on the test.
7) Include any assumptions that you need to make.
8) You are required to follow the instructions of the proctors under all conditions.
Good Luck!
Don’t write anything below ;-)

Exercis 1 2 3 4 5 6 7 Σ
e
Marks 10 10 15 20 20 15 15 105 (5 bonus)
Final
Marks

Page 1 of 13
Question 1:
Indicate whether the following statements are True (T) or False (F). If you need to justify your
answer, please do so below the table.
a) The Vigenere cipher is effectively multiple Caesar ciphers T

b) RC4 is a block cipher that accepts 64 bits of plaintext as input F

c) To digitally sign data using public key cryptography, the data is encrypted using F
the sender’s public key
d) Message Authentication Codes (MAC) can be considered a form of symmetric T
encryption
e) The birthday attack is a type of security attack where the attacker exploits the F
knowledge of a user’s birthday
f) A malicious program that attempts to establish connections in order to spread from T
machine to machine is known as a worm
g) One of the most important recommendations to limit Denial of Service (DoS) T
attacks is to stop source address spoofing
h) A virus that changes its appearance as well as its behavior as it spreads is known F
as a polymorphic virus
i) In biometric authentication systems, a false match occurs when the system fails to F
authenticate a legitimate user
j) In discretionary access control, one user can delegate access to another user for a T
particular resource

Additional Justifications (only if needed):

Page 2 of 13
Question 2:
Choose the “most” correct answer. The grade will be given to the best 10 out of 15
questions you answer. If you need to make any assumptions, please list them fully.
1) Rotor machines perform the following cryptographic operation(s) A
a) Substitution
b) Transposition
c) Substitution and transposition
d) Mathematical operations

2) Which of the following does not affect the operation of a Feistel cipher D
a) Block size of the plaintext
b) Subkey generation algorithm
c) Number of rounds
d) Having a large prime number for key generation

3) Which of the following modes of encryption is sometimes used in message authentication B

a) Electronic Code Book (ECB)
b) Cipher Block Chaining (CBC)
c) Output Feedback (OFB)
d) Counter (CTR)

4) Which of the following encryption algorithms is used in WiFi for its speed D
a) DES
b) RSA
c) Vigenere
d) RC4

5) The complexity of performing a successful brute force attack on double DES with two keys is
equivalent to B
a) Single stage DES
b) Two times that of single stage DES
c) Triple DES with two keys
d) AES

6) The Diffie-Hellman algorithm can be used for C

a) Encryption/Decryption
b) Digital signatures
c) Key exchange
d) User authentication

Page 3 of 13
7) In order to break the RSA algorithm, the most common attack is C
a) Brute force
b) Man-in-the-middle
c) To factor large prime numbers
d) To email Saruman the white wizard

8) Which of the following techniques is able to achieve non-repudiation B

a) Encryption using public key of receiver
b) Encryption using private key of sender
c) Message authentication code (MAC)
d) Encryption using AES

9) Given the strongest possible anti-virus software, which of the following cannot be prevented
from affecting the system D
a) Rootkits
b) Viruses
c) Trojan horses
d) Denial of Service (DoS) attacks

10) A man waiting at a bus stop is approached by a girl scout selling cookies. Turns out the girl
scout is an evil witch in disguise and the cookies are the bait. Which type of attack is this
similar to A
a) Trojan horse
b) Virus
c) Bot program
d) Worm

11) A message is passed through a hash function. Then, the message and its hash are encrypted
using the sender’s private key. Which security objectives are achieved D
a) Confidentiality
b) Integrity
c) Confidentiality and integrity
d) Integrity and non-repudiation

12) Which of the following is an example of a good password choice D

a) 12345678
b) Dog123
c) John17081981
d) JM@joT376

Page 4 of 13
13) Top secret, secret, and public are examples of access privileges one would expect to find in
B
a) Discretionary access control
b) Mandatory access control
c) Role-based access control
d) Ridiculous access control

14) Diffie-Hellman is vulnerable to which kind of attack B

a) Brute force
b) Meet-in-the middle
c) Birthday attack
d) None of the above

15) Generic decryption is an antivirus detection technique where C

a) Public key encryption is used to digitally sign all the files
b) Symmetric encryption is used to hide file contents
c) The virus is fooled to decrypt itself
d) The virus is completely deleted

Page 5 of 13
Question 3:
a) Suppose that we use DES in cipher block chaining (CBC) mode. The encryption rule for
message Mi, key K and cipher Ci is:
C i=DES ( M i ⊕ Ci −1 , K ) i=1 ,2 , … …
where C0 is an initial block and ⊕ is the XOR operation.
- What is the decryption rule (i.e. what is M i=………)?
- Suppose an attacker changes Ci into C 'i ≠ Ci . How many messages are then decrypted
incorrectly?
b) Suppose that we use DES in counter mode. The encryption rule for key K and message Mi, at
time i > 0 is
C i=DES ( R i , K ) ⊕ M i R i=Ri−1+ 1
where R0 = some starting value and ⊕ is the XOR operation.
- What is the decryption rule (i.e. what is M i=………)?
- Suppose an attacker changes Ci into C 'i ≠ Ci . How many messages are then decrypted
incorrectly?
Answer to 3:
a) M i=DES ( Ci ⊕ Ci −1 , K ) i=1 ,2 , … … The messages decrypted correctly are i and all the
subsequent ones
b) M i=DES ( Ri , K ) ⊕ C i R i=Ri−1+ 1 The message decrypted correctly is only i

Page 6 of 13
Question 4:
For this problem, assume that Alice wants to send a single message M to Bob. To do so, Alice
and Bob can potentially use a number of different approaches and cryptographic technologies,
which we will describe using the following terminology:
M Plaintext for a single message
sK Symmetric cryptography key
AES s K Symmetric-key encryption using CBC mode, with the key sk
PRNG s K Bit-stream from a cryptographically strong pseudo-random number generator,
seeded with sk. This is typically used in stream cyphers
SHA256 SHA-256 hash function (simply a regular hash function)
AES-EMAC s K Keyed MAC function, using the key sk
KA Alice’s public key
−1
KA Alice’s corresponding private key
KB Bob’s public key
−1
KB Bob’s corresponding private key
EK Public-key encryption with the public key K
Sign K−1 Digital signature using the private key

You can assume that the public keys have been securely distributed, so Alice and Bob know their
correct values.
Consider the following properties that Alice and Bob might desire their communication to have:
Confidentiality, Integrity, and Non-Repudiation.
For each of the following possible communication approaches, Mention (and explain why)
which of these properties will securely hold (or not hold) in the presence of Mallory, a Man In
The Middle (MITM) attacker. Mention None if none of the properties hold. If an approach fails
entirely (will not result in Bob being able to read a given message M), mention Broken.
(a) Alice generates a new symmetric key sK and sends to Bob: E K ( s K ), M XOR PRNGs
B K

(b) Alice generates a new symmetric key sK and sends to Bob: E K ( s K ), E K ( s K ), AES s (M).
−1
A B K

(c) Alice sends to Bob: E K (M), Sign K ( SHA 256 ( M ) )

A
−1
A

(d) Alice and Bob privately exchange a symmetric key sK in advance. Alice later uses this key to
send to Bob: E K ( s K ), ( AES ­EMACs SHA256(M)), AES s (M)
B K K

(e) Alice generates a new symmetric key sK and sends to Bob: E K (M), Sign K ( SHA 256 ( M ) )
B
−1
A

Page 7 of 13
Answer to 4:
a) Confidentiality will hold because only Bob can retrieve the key with his private key.
Integrity will not hold because the message can be manipulated on the way. Non-repudiation
will not hold because anyone can generate the message with Bob’s public key.
b) Only non-repudiation due to using Alice’s private key. Anyone can decrypt using Alice’s
public key and obtain the key.
c) Broken. No one can retrieve the message because it needs to be decrypted with Alice’s
private key.
d) Confidentiality will hold because only Bob can retrieve the key using his private key.
Integrity will hold due to the use of a MAC. Non-repudiation will not hold because the key
is shared between the sender and receiver.
e) All properties hold. Bob decrypts using private key, digital signature ensures integrity and
non-repudiation.

Page 8 of 13
Question 5:
a) A security system is to be designed based on RSA. In this system, Alice’s public key is {173,
323} while Bob’s public key is {7, 133} (the public key is denoted by {e, n}).
1- Alice wishes to send a confidential message M = 80 to Bob. What is the ciphertext C?
2- Alice has just received a confidential ciphertext C = 107 from Bob. What was the
plaintext?
b) Given are two protocols in which the sender's party performs the following operation:

Protocol A:
y=ek ( x∨¿ H ( k 2∨¿ x ) )
1

Where x is the message, H is a hash function such as SHA-1, e() is a symmetric encryption
algorithm, “||” denotes simple concatenation, and k 1, k 2 are secret keys which are only known
to the sender and the receiver.

Protocol B:
y=ek ( x∨¿ sigk ( H (x ) ) )
pr

where k is a shared secret key, and k pr is a private key of the sender (not shared with the
receiver).

Provide a step-by-step description (e.g., with an itemized list) of what the receiver does upon
reception of y. Also, state whether each of the two protocols are able to achieve the objectives
of confidentiality, integrity, and non-repudiation.

Page 9 of 13
Answer to 5:
a) C = Me mod n = 807 mod 133 = [(804 mod 133) (803 mod 133)] mod 133 = (123)(83) mod
133= 101
M = Cd mod n
To obtain d, factorize n = 323 into 17 and 19. Thus, ϕ(n) = 16*18 = 288
Solve 173.d mod 288 = 1. Thus, d = 5
Now, M = 1075 mod 323 = [(1073 mod 323) (1072 mod 323)] mod 323 = (227) (144) mod 323
= 65

b) Protocol A performs the following:

1. Decryption of y using symmetric key k 1

d k ( y )=x∨¿ H (k 2∨¿ x )
1

2. Concatenate k 2 and x, where k 2 is 2nd secret key (shared).

3. Compute hash of k 2∨¿ x, that is H (k ¿¿ 2∨¿ x)¿.
4. Compare computed hash value with the one obtained in 1.

Protocol B performs the following:

1. Decrypt as in 1A, d k ( y )=x∨¿ sigk ( H ( x ) ) using shared symmetric key k.
pr

2. Compute H(x)
3. Feed H(x) and sigk ( H ( x ) ) into verification algorithm, check if signature on H(x) is valid.
pr

Verication algorithm needs public key of the sender.

For protocol A we have:

Confidentiality: YES through encryption
Integrity: YES through hashing; changing y lead to invalid pair x’ and H (k 2∨¿ x ') .
Non-repudiation: NO, both Alice (sender) and Bob (receiver) can generate valid message:
y=ek ¿1

For protocol B we have:

Confidentiality: YES through encryption
Integrity: YES through signing; changing y lead to invalid pair x’ and sigk ( H ( x ' ) )
pr

Non-repudiation: YES, only sender can send a message with valid signature.

Page 10 of 13
Question 6:
a) Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection
requests on a system so that it is unable to respond to legitimate connection requests.
Consider a server system with a table for 2048 connection requests. This system will retry
sending the SYN-ACK packet five times when it fails to receive an ACK packet in response,
at 10 second intervals, before purging the request from its table. Assume that no additional
countermeasures are used against this attack and that the attacker has filled this table with an
initial flood of connection requests. At what rate must the attacker continue to send TCP
connection requests to this system in order to ensure that the table remains full? Assuming
that the TCP SYN packet is 40 bytes in size (ignoring framing overhead), how much
bandwidth does the attacker consume to continue this attack?
b) The following table shows the pseudo codes of two viruses. Describe the effect that the
additional statements have on the execution of the virus. What type of virus is this
(encrypted, polymorphic, metamorphic, etc.)?

Virus 1 Virus 2
Set EAX = 5 Set EAX = 5
Set EBX = 0 Set ECX = 0
Add EAX, EBX Print ECX
Call EAX Set EBX = 0
Add EAX, EBX
Swap EAX, EBX
Swap EBX, EAX
Call EAX

Page 11 of 13
Answer to 6:
a) Each connection request will occupy an entry in the table for 6*10 secs (initial + 5 repeats) =
1 minute. Thus, for the table to remain full, the attacker must send 2048/1 = 2048 TCP
connection requests per minute. If the TCP SYN packet is 40 bytes, then the consumed
bandwidth is 2048*40*8/60 = 10.922 kbps, which is very small.
b) Nothing. They are designed to fool the antivirus. The virus is polymorphic if the same
instructions are repeated with every copy. If the instructions change then its metamorphic

Page 12 of 13
Question 7:
a) A typical bank’s ATM machine uses a combination of two types of authentication
mechanisms, Token and PIN number. The Pin number is 4 decimal digits.
- How many different combinations of the PIN number are there? Is this length considered
secure? If not, why is this length used in ATM machines?
- Can tokens be used for computer access? Justify your answer.
b) A system has N job positions. For each position, i, there are U i different users. Each one of
these users requires Pi different permissions.
- For a traditional Discretionary Access Control (DAC) scheme, how many relationships
between users and permissions must be defined?
- For a Role-Based Access Control (RBAC) scheme, how many such relationships must be
defined? What is the advantage that RBAC has over DAC?
Answer to 7:
a) Combinations = 10^4 = 10000. This is a short length, however the ATM machine gives you
only 3 trials.
Tokens would be inconvenient for computer access

b) For DAC its N*U i * Pi . For RBAC it is the same. The advantage is in the flexibility of the
role structure. Users can be assigned roles and the permissions of the roles doesn’t change.

Page 13 of 13