Problems Problem 1 - Slotted ALOHA - Computer Networking: A Top-Down Approach Featuring the In

Slotted ALOHA

Chapter 8 Problems Problem 1

After the client will generate a pre-master secret (PMS), it will encrypt it with Alice’s public key, and then send the encrypted PMS to Trudy. Trudy will not be able to decrypt the PMS, since she does not have Alice’s private key. Thus Trudy will not be able to determine the shared authentication key. She may instead guess one by choosing a random key. During the last step of the handshake, she sends to Bob a MAC of all the handshake messages, using the guessed authentication key. When Bob receives the MAC, the MAC test will fail, and Bob will end the TCP connection.

Question 24.

False. Typically an IPsec SA is first established between Host A and Host B. Then all packets in the stream use the SA.

Question 25.

False. IPsec will increment the sequence number for every packet it sends.

Question 26.

False. An IKE SA is used to establish one or more IPsec SAs.

Question 27.

01011100 Question 28.

True

Question 29.

Filter table and connection table. The connection table keeps track of connections, allowing for a finer degree of packet filtering.

Question 30.

True

Question 31.

True

Question 32.

If there isn’t a packet filter, than users inside the institution’s network will still be able to make direct connections to hosts outside the institution’s network. The filter forces the users to first connect to the application gateway.

Question 33.

True

Chapter 8 Problems

The decoding of “rmij'u uamu xyj” is “wasn't that fun”.

Problem 2.

If Trudy knew that the words “bob” and “alice” appeared in the text, then she would know the ciphertext for b,o,a,l,i,c,e (since “bob” is the only palindrome in the message, and “alice” is the only 5-letter word. If Trudy knows the ciphertext for 7 of the letters, then she only needs to try 19!, rather than 26!, plaintext-ciphertext pairs. The difference between 19! and 26! is 26*25*24...*20, which is 3315312000, or approximately 10⁹. Problem 3.

Every letter in the alphabet appears in the phrase “The quick fox jumps over the lazy brown dog.” Given this phrase in a chosen plaintext attack (where the attacker has both the plain text, and the ciphertext), the Caesar cipher would be broken - the intruder would know the ciphertext character for every plaintext character. However, the Vigenere cipher does not alway translate a given plaintext character to the same ciphertext character each time, and hence a Vigenere cipher would not be immediately broken by this chosen plaintext attack.

Problem 4.

(a) The output is equal to 00000101 repeated eight times.

(b) The output is equal to 00000101 repeated seven times + 10000101.

1. For (a), the output is 10100000 repeated eight times;

2. For (b), the output is 10100001 + 10100000 repeated seven times.

Problem 5.

(a) There are 8 tables. Each table has 2⁸ entries. Each entry has 8 bits.

number of tables * size of each table * size of each entry = 8*2^8* 8= 2¹⁴bits (b) There are 2⁶⁴ entries. Each entry has 64 bits. 2⁷¹ bits

Problem 6.

(a) 100100100 ==> 011011011

(b) Trudy will know the three block plaintexts are the same.

c(1) = KS(100 XOR 111) = KS (011) = 100 c(2) = KS(100 XOR 100) = KS (000) = 110 c(1) = KS(100 XOR 110) = KS (010) = 101 Problem 7.

(a) We are given p =3 and q=11. We thus have n=33 and q=11. Choose (it might be a good idea to give students a hint that 9 is a good value to choose, since the resulting calculations are less likely to run into numerical stability problems than other

=9 e

choices for ) since 3 and e. (p−1)*(q−1)=20 have no common factors. Choose d =9 also so that e*d =81 and thus e*d −1=80 is exactly divisible by 20. We can now perform the RSA encryption and decryption using n=33, e=9 and d =9.

letter m m**e ciphertext = m**e mod 33

d 4 262144 25

o 15 38443359375 3

g 7 40353607 19

ciphertext c**d m = c**d mod n letter

25 38146972265625 4 d

3 19683 15 o

19 322687697779 7 g

(b) We first consider each letter as a 5-bit number: 00100, 01111, 00111. Now we concatenate each letter to get 001000111100111 and encrypt the resulting decimal number m=4583. The concatenated decimal number m (= 4583) is larger than current n (= 33). We need m < n. So we use p = 43, q = 107, n = p*q = 4601, z = (p-1)(q-1)

= 4452. e = 61, d = 73 ciphertext = m**e mod 4601

m**e= 21386577601828057804089602156530567188611499869029788733808438804 302864595620613956725840720949764845640956118784875246785033236197777129 730258961756918400292048632806197527785447791567255101894492820972508185 769802881718983

ciphertext = m**e mod 4601 = 402

c**d

= 1283813313619771634195712132539793287643533147482536209328405262793027 158861012392053287249633570967493122280221453815012934241370540204581459 8714979387232141014703227794586499817945633390592

ciphertext = m**e mod 4601 = 4583

Problem 8.

p = 5, q = 11

(a) n = p*q = 55, z = (p-1)(q-1) = 40

(b) e = 3 is less than n and has no common factors with z.

(d) m = 8, m^e = 512, Ciphertext c= m^e mod n = 17

Problem 9.

Alice Bob

secrect key: SA SB

public key: TA = (g^SA) mod p TB = (g^SB) mod p shared key: S = (TB^SA) mod p S' = (TA^SB ) mod p

(a) S = (TB^SA ) mod p = ((g^SB mod p)^SA ) mod p = (g^(SBSA )) mod p

= ((g^SA mod p)^SB ) mod p = (TA^SB ) mod p = S' (b and c) p = 11, g = 2

Alice Bob

secrect key: SA= 5 SB = 12

public key: TA = (g^SA) mod p = 10 TB = (g^SB) mod p = 4 shared key: S = (TB^SA) mod p = 1 S' = (TA^SB ) mod p = 1 (d)

The Diffie-Hellman public key encryption algorithm is possible to be attacked by man-in-the-middle.

1. In this attack, Trudy receives Alice's public value (TA) and sends her own public value (TT) to Bob.

2. When Bob transmits his public value (TB), Trudy sends her public key to Alice (TT).

3. Trudy and Alice thus agree on one shared key (SAT) and Trudy and Bob agree on another shared key (SBT).

4. After this exchange, Trudy simply decrypts any messages sent out by Alice or Bob by the public keys SAT and SBT.

Bob

Alice Trudy

Problem 10.

Bob and Alice now communicate using the symmetric session key K

KB-KDC(A, K) KA-KDC{K, KB-KDC(A, K)}

KA-KDC{A,B}

Alice KDC Bob

Problem 11.

The message

I O U 1 9 0 . 9 0 B O B has the same checksum Problem 12.

Internet

Problem 13.

The file is broken into blocks of equal size. For each block, calculate the hash (for example with MD5 or SHA-1). The hashes for all of the blocks are saved in the .torrent

file. Whenever a peer downloads a block, it calculates the hash of this block and compares it to the hash in the .torrent file. If the two hashes are equal, the block is valid.

Otherwise, the block is bogus, and should be discarded.

Problem 14.

Digital signatures require an underlying Public Key Infrastructure (PKI) with certification authorities. For OSPF, all routers are in a same domain, so the administrator can easily deploy the symmetric key on each router, without the need of a PKI.

Problem 15.

Bob does not know if he is talking to Trudy or Alice initially. Bob and Alice share a secret key KA-B that is unknown to Trudy. Trudy wants Bob to authenticate her (Trudy) as Alice. Trudy is going to have Bob authenticate himself, and waits for Bob to start:

1. Bob-to-Trudy: “I am Bob” Commentary: Bob starts to authenticate himself.

Bob’s authentication of himself to the other side then stops for a few steps.

2. Trudy-to-Bob: “I am Alice” Commentary: Trudy starts to authenticate herself as Alice

3. Bob-to-Trudy: “R” Commentary: Bob responds to step 2 by sending a nonce in reply. Trudy does not yet know KA-B(R) so she can not yet reply.

4. Trudy-to-Bob: “R” Commentary: Trudy responds to step 1 now continuing Bob’s authentication, picking as the nonce for Bob to encrypt, the exact same value that Bob sent her to encrypt in Step 3.

5. Bob-to-Trudy: “KA-B(R)” Bob completes his own authentication of himself to the other side by encrypting the nonce he was sent in step 4. Trudy now has KA-B(R). (Note: she does not have, nor need, KA-B

6. Trudy-to-Bob: “KA-B(R)” Trudy completes her authentication, responding to the R that Bob sent in step 3 above with KA-B(R). Since Trudy has returned the properly encrypted nonce that Bob send in step 3, Bob thinks Trudy is Alice!

Problem 16.

This wouldn't really solve the problem. Just as Bob thinks (incorrectly) that he is authenticating Alice in the first half of Figure 7.14, so too can Trudy fool Alice into thinking (incorrectly) that she is authenticating Bob. The root of the problem that neither Bob nor Alice can tell is the public key they are getting is indeed the public key of Alice of Bob.

Problem 17.

KB+( KS) KS(m,KA-(H(m)) KB+( KS), KS(m,KA-(H(m)))

-KB-( ) KS

Internet

KA+( )

-KS( )

Figure: Operations performed by Bob for confidentiality, integrity, and authentication

compare

H( )

Problem 18

(a) No, without a public-private key pair or a pre-shared secret, Bob cannot verify that Alice created the message.

(b) Yes, Alice simply encrypts the message with Bob’s public key and sends the encrypted message to Bob.

Problem 19

在文檔中 Computer Networking: A Top-Down Approach Featuring the Internet, 5 (頁 136-142)