Exam 2013 Questions and Answers PDF

Preview

Summary

Download Exam 2013 Questions and Answers PDF

Description

COMP38411 Two hours

UNIVERSITY OF MANCHESTER SCHOOL OF COMPUTER SCIENCE

Cryptography and Network Security

Date:

Tuesday 22nd January 2013

Time:

14:00 - 16:00

Please answer any THREE Questions from the FOUR Questions provided This is a CLOSED book examination The use of electronic calculators is NOT permitted

[PTO]

COMP38411

1. RSA is a well-known public key cipher, whereas AES (Advanced Encryption Standard) is a well-known symmetric key cipher. Both ciphers are block ciphers. Answer the following questions. a) Contrast the two ciphers: RSA versus AES. Can AES be used to replace RSA or vice versa? Justify your answer by discussing the pros and cons of each type of cipher. (7 marks) b) Use block diagrams to illustrate how a message is encrypted and decrypted using AES Counter Mode and outline two main advantages of this mode of operation. (6 marks) c) Use a block diagram to illustrate how a Cipher-Block-Chaining MessageAuthentication-Code (CBC-MAC) is generated and also explain how such a MessageAuthentication-Code (MAC) is verified. Can the CBC-MAC be used to replace a digital signature scheme, e.g. RSA signature scheme? Justify your answer. (7 marks) 2. Studies have shown that on-line banking services have become primary targets of cyber attacks. Phishing, password database theft, Man-in-the-Middle attack, Man-in-theBrowser attack, key logging and pharming are among the top threats identified in on-line banking services. Pick up any five attacks from the above named six attacks/threats and answer the following questions. a) Explain how each of the five attacks is performed. (10 marks) b) For each of the five attacks you pick, name and explain one countermeasure. (10 marks)

3. A digital signature scheme is one of the cryptographic building blocks that can be used to demonstrate the authenticity of a message. A valid digital signature gives an assurance that the message is indeed created by a known sender, and that it has not been altered during transit. a) Design a digital signature protocol using symmetric encryption and an arbiter, but do not expose the content of the message to be signed to the arbiter. (7 marks) b) Explain how a DSA (Digital Signature Algorithm) digital signature is generated and verified. Give the necessary equations. (7 marks) c) Contrast the signature scheme in question a) with the DSA signature scheme in question b) in terms of their respective strengths and limitations. (6 marks) [PTO]

Page 2 of 3

COMP38411

4. A Public-Key Infrastructure (PKI) is essential for large-scale applications of public-key cryptography. Answer the following questions. a) Explain what a PKI is, and outline the mandatory fields of an X.509v3 certificate. (4 marks) b) Name three checks (or verifications) that ought to be performed by the recipient of a digital certificate. What is a CRL (Certificate Revocation List) and why is it necessary? (6 marks) c) Design a certificate acquisition protocol by which a user could submit her public key to a CA, and obtain an X.509 certificate for the public key from the CA. You should give a step-by-step description of the protocol, explaining any measures taken to ensure that the certificate acquisition process is secure against any potential attacks and forgeries. (10 marks)

END OF EXAMINATION

Page 3 of 3...