• View
• Edit
• History
• Print

CryptoReview

Symmetric Cryptography

1. Suppose Alice and Bob want to communicate.
   1. When using symmetric cryptography, what are the secrets they each have? What public knowledge do they each have?
   2. When using asymmetric cryptography, what are the secrets each have? What public knowledge do they each have?
   3. In each case, how do Alice and Bob know they have the right knowledge - why do they think their knowledge is correct?
2. You are an eavesdropper listening in on communications. Someone is sending 16-digit numbers using a simple substitution cipher, replacing each digit with a different digit. In what conditions can you decrypt the 16-digit encrypted numbers?
3. I decide to use a one-time pad when placing an order with Amazon, and order 10 copies of a textbook. The format of the order is:

  struct order {
     int number;
     char item[60];
  }

  00000000  4e b4 cd b1 69 df 16 cf  ca 69 e4 e3 00 80 49 40  |N...i....i....I@|
  00000010  4f 00 8a f2 27 54 f5 47  91 49 b7 ea a9 23 6e 41  |O...'T.G.I...#nA|
  00000020  fc 9d da db 1b 74 7b 75  4c 6e ec a2 c5 1b 2d 8e  |.....t{uLn....-.|
  00000030  19 98 f8 49 36 41 8c 7a  f3 33 0d cc c3 87 69 60  |...I6A.z.3....i`|

Block ciphers and MACs

• Background reading:
  • Block Ciphers: https://www.geeksforgeeks.org/computer-network-block-cipher-modes-of-operation/, http://www.crypto-it.net/eng/theory/modes-of-block-ciphers.html
  • MACs: http://www.crypto-it.net/eng/theory/mac.html

1. I am using an old web browser that supports TLS using a block cipher using ECB and using an HMAC over data. Suppose I’m mostly doing online shopping.
   1. What can an attacker learn about my activity from watching my traffic? For example, suppose I buy the same things multiple times. Can an attacker tell?
   2. I’ve upgraded to a browser using TLC with a block cipher in CBC mode but it lacks any kind of MAC over data. The initial vectors and chosen from with a good random number generator. In the same scenario from above, what can an attacker learn?
   3. Suppose the attacker is an active attacker. What kinds of data can the attacker change without me or the web server detecting?

Here is a mechanism for encrypting data using CTR-mode (counter mode encryption.

 Encrypt (K,M)
 1. Parse M into n-bit blocks M1, M2, …, Mm
 2. Let Y0 be a random n-bit string
 3. For i = 0 to m-1 do:
 4.	Ci+1 = Ek(Y0+i) XOR M[i+1]
 5. C0 = Ek(Y0)
 6. Return C0, C1, …, Cm

1. Give a decryption algorithm for this code.
2. Suppose you are give the two blocks of ciphertext C0, C1 of length 2n bits for an unknown message M with unknown key K. Can you recover the message M?
3. Suppose you are give the two blocks of ciphertext C0, C1 of length 2n bits for an known message M with unknown key K. Can you recover the key K?

Asymmetric encryption

1. Suppose a software company xyz.com sells a product P and wants to distribute a software update D. The company wants to ensure that its clients only install software updates published by the company. They decide to use the following approach: The company places D on its web server and designs the software P to periodically check this server for updates over HTTPS.
   1. Explain what can go wrong if P downloads the software update over HTTP.
   2. The company decides to buy a public key certificate for its web server from a reputable CA. Explain what checks P should apply to the server’s certificate to defeat a network attacker?
   3. The company worries that an attacker will break in and steal the web server’s secret key. How would you design the software update system so that it can recover from such an event?
   4. Later on engineers at the company proposed the following very different design: Sign D using an xyz private key to obtain a signature s and then distribute (s, D) in the clear to all customers. The corresponding public key is embedded in the P. Let’s compare the signature vs. HTTPS designs.
      1. If we want to distribute the patch D using a content distribution network like BitTorrent, which of the two designs should we use? Like regular HTTP, BitTorrent does not encrypt data or provide authentication. Is this as secure as downloading over HTTPS?
      2. How much computing time does xyz.com spend doing crypto calculations in each of the designs? Which is better?

Certificates

1. Suppose I gave you the secret key for the University of Wisconsin’s certificate authority. Explain how you could use this key, in conjunction with understanding the TLS protocol, to eavesdrop on data uploaded to canvas.wisc.edu using TLS. Assume that the web server for canvas.wisc.edu has its own certificate signed by UW’s CA. Why does this scenario present an attack? How can it be exploited?
2. John Smith generates a public/private key pair, and buys from a trusted CA (e.g. Symantec) a personal certificate for John Smith on his public key. He then generates a second public/private key pair, and uses his John Smith private key to sign a certificate on the second public key where the common name is set to www.amazon.com. Now, John, being the malicious sort, intercepts an SSL connection to Amazon.com. John presents his forged certificate for www.amazon.com to the intercepted user.
   1. Explain why the The intercepted user’s browser might incorrectly recognizes the fake Amazon certificate as legitimate
   2. Why does this scenario present an attack? How can it be exploited?
   3. How would you fix this problem?