Provide answers to the following exercises from the Goodrich and Tamassia textbook.
1) Question C-1.3 (p. 48)
Suppose an Internet service provider (ISP) has a voice over IP (VOIP) telephone system that is manages and sells. Suppose further that this ISP is deliberately dropping 25% of the packets used in its competitors VOIP system when those packets are going through this ISP’s routers. Describe how a user could discover that his ISP is doing this.
2) Question C-1.12 (p. 50)
Barrack often sends funny jokes to Hillary. He does not care about confidentiality of these messages but wants to get credit for the jokes and prevent Bill from claiming authorship of or modifying them. How can this be achieved using public key cryptography?
3) Question C-1.15 (p. 51)
Describe a method that allows a client to authenticate multiple times to a server with the following requirements.
a. The client and server use constant space for authentication.
b. Everytime the client authenticates to the server, a different random value for authentication is used (for example, if you have an n different random value, this means that sharing a key initially and using it for every round of authentication is not a valid solution.
Can you find any vulnerability for this protocol?
4) Question C-2.2 (p.107)
For safety reasons, external locked doors on commercial buildings have mechanism for people on the inside to escape without using a key or combination. One common mechanism uses an infrared motion detector to open an electronic lock for people moving toward a door from the inside. Explain how an air gap under such an external door could be exploited to open that door from the outside?
5) Question C-2.6 (p.108)
A thief walks up to an electronic lock with a 10 digit keypad and he notices that all but three of the keys are covered in dust while the 2,4,6 and 8 keys show considerable wear. He thus can safely assume that the 4 digit code that opens the door must be made up of these numbers in some order. What is the worst case number of combinations he must now test to try to open this lock using a brute-force attack?
6) Question C-2.11 (p.109)
A bank wants to store the account number of its customer (an 8 digit number) in encrypted form on magnetic stripe ATM cards. Discuss the security of the following methods for storing the account number against an attacker who can read the magnetic stripe: (1) store a cryptographic hash of the account number; (2) store the cipher text of the account number encrypted with the bank’s public key using a public key cryptosystem; (3) store the cipher text of the account number encrypted with the bank’s secret key using a symmetric cryptosystem.
7) Question C-3.3 (p.168)
Charlie likes Alice’s picture-password system of the previous exercise, but he has changed the login so that it just shows the user 40 different pictures in random order and they have to indicate which of 20 of these are from their set of favourites. Is this an improvement over Alice’s system? Why or why not?
8) Question C-3.7 (p.168)
Dr. Blahblah has implemented a system with an 8-bit random canary that is used to detect and prevent stacke-based buffer overflow attacks. Describe an effective attack against Dr. Blahblah’s system and analyse its likelihood of success.
Hints
1) Question C-1.3 (p. 48) – What if the user bought both VoIP solutions?
2) Question C-1.12 (p. 50) – What is a digital way to tie one’s identity with the content of a message?
3) Question C-1.15 (p. 51) – Think of what could be stored in constant space and what could be the weaknesses with respect to someone eavesdropping on the communication between the client and the server.
4) Question C-2.2 (p.107) – Imagine how you might use a hot metal sheet.
5) Question C-2.6 (p.108) – There are only 4 keys that need to be used.
6) Question C-2.11 (p.109) – Consider each of the three possibilities in terms of how much information is leaked by an attacker who reads the card.
7) Question C-3.3 (p.168) – Compare the choice of 20 out of 40 versus choosing one each of 20 pairs.
8) Question C-3.7 (p.168) – An 8-bit canary only provides 256 possible canary values