### What are the vulnerabilities of this protocol

Assignment Help Computer Network Security
##### Reference no: EM132233849

Problem 1 -

a) Remember that in double DES, the encryption of a message M is done with two keys K1 and K2, C = EK2(EK1(M)). How does the meet-in-the-middle attack work?

b) Remember than in triple DES with two keys K1 and K2 a message M is encrypted as C = EK1(DK2(EK1(M))). What happens if K1 is equal to K2? That is, what will C be equal to?

c) Remember that DES encrypts blocks of 64 bits at a time. How do the modes of operation covered in class (eg. ECB, CBC, CTR) handle the encryption of a message whose bit length is not a multiple of 64?

Problem 2 -

a) Describe how RSA works. That is, how are the public and private keys generated, how is the message encrypted and how is the ciphertext decrypted?

b) Prove that RSA works. Assume M is a message pk = (e, n) denotes an RSA public key and pr = (d, p, q) denotes the corresponding private key. Then, if C = E(pk, M) is the ciphertext obtained by encrypting M with the public key, prove that D(pr, C)=M.

Problem 3 -

The key distribution protocol using public key cryptography (Key management and distribution lecture), has a fundamental problem. The protocol works as follows:

In step 1, Alice sends to Trent the message A → T: "Hi", A, B

In step 2, Trent replies with Bob's public key T → A: B, pkB

In step 3, Alice generates session key KAB. In step 4, Alice contacts Bob with the message A → B: E(pkB, KAB)

Bob decrypts this message with his private key prB and recovers the session key KAB. From then on, Alice and Bob encrypt their messages with KAB.

a) What are the vulnerabilities of this protocol? That is, show an attack where Mallory is able to convince Alice that he is Bob.

b) Show how to address these vulnerabilities. That is, describe small modifications to the above protocol that prevent Mallory's attack.

Problem 4 -

Remember public key certificates and revocation procedures.

a) Why do we need certification revocation protocols? Describe 3 cases where one would need to revoke the public key certificate of a user or company.

b) Describe how certificate revocation changes the protocol of verifying public key certificates. Specifically, describe all the steps that Alice needs to perform when she receives a certificate that claims to be the valid public key certificate of Bob.

Textbook - Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth), Author(s): Bruce Schneier. ISBN: 0471128457.

#### Protecting intellectual property rights in software

Explain the reason of each of these approaches and explain how each of them can be used to protect property rights in software. Please include any experiences you have had wit

#### Audit program for application systems for auditing

Discuss which employees and organizations have a deeper-level of information assurance (IA) policy compliance and examine the factors that increased the individual's level of

#### How icv be used in network communication to detect errors

Briefly explain how an integrity check value (ICV) may be used in network communication to detect errors. When using an ICV, explain why a message might be transmitted correct

#### Build a pair of multi-threaded servers

In this assignment you will build a pair of multi-threaded servers that accept input from multiple clients, and return appropriate output - implement a secondary administrati

#### Cyber terrorism

competitive intelligenc, information safekeeping governance, administration, ISO/IEC 27002, Conceptual Framework

#### How would know your lexical knowledge support is effective

How could you use Lexical knowledge to support Spanish-speaking ELL students in a classroom setting? How would you assess this support? How would you know your lexical kno

#### Specify the vlan assignment

Specify the commands that you would use to set up the routers to use EIGRP. Outline the requirements to set up a VLAN and VPN access for the accountants. Specify the VLAN assi

#### Compare two-tier client-server system configuration

Compare 2-tier and 3-tier client/server system configurations and analyze how they are different. Based on your comparison, suggest the real life scenarios which are suitabl