Q1. News about Security Incident [10 Marks]
Write a summary for a recent piece of news about an Information Security or Network Security incident, and discuss the following points:
- How was it done?
- What was the technical issue behind?
- Why is the incident important?
- What is the lesson learnt?
- How can it be prevented?
- …
Write NO MORE THAN 300 words, and please also submit a copy of the news or the corresponding URL.
Q2. Security Implications of RC4 on Wi-Fi Security [20 Marks]
The security of Wi-Fi can be broken due to RC4. Investigate the issue and explain why it is the case in your own words.
Notes:
- Before diving into the “meat”, include a section titled Problem Statement, to clearly
define the problem, clarify relevant terms and concepts, and explain “what can go ” wrong .
- Provide at least two reasons and cite the referenced material.
- Go beyond a high-level overview; do include technical details.
Q3. Modes of Operation for AES [30 Marks]
Alice uses AES-128 and one of the modes of operation to encrypt 12 blocks/units of plaintexts, P1 P2 P3 … P12, to get the corresponding blocks/units of ciphertexts, C1 C2 C3 …C12. The IV together with the cipher blocks are then transmitted to Bob through an unreliable channel.
In the following cases, what will Bob get when he decrypts the received cipher blocks (i.e., recovering P1’ P2’ P3’ … P12’) with the same mode of operation as Alice uses? *
(a) The CBC mode is used; IV, C5, C6, C9 and C10 are corrupted.
(b) The CFB-16 (a.k.a. 16-bit CFB) mode is used; the leftmost (most significant) 10 bits of C2 are corrupted.
(c) The CFB-8 mode is used; the entire C2 (8-bit of it) is lost, and Bob treats the received C3 as C2, C4 as C3, …
(d) The OFB (a.k.a. OFB-128) mode is used; the rightmost (least significant) 32 bits of C4 are corrupted.
(e) The CTR mode is used; C2 is corrupted.
Your answer should include at least the following:
- Among P1’ to P12’ , Bob will decrypt which one(s) correctly and which one(s) incorrectly.
- For those blocks/units that cannot be decrypted correctly, what’s the reason? Please use their respective encryption/decryption equations to illustrate your point.
References:
- Chapter 20.5 “Cipher Block Modes of Operation” of the book Computer Security: Principles and Practice.
- Chapter 7.2 – 7.6 of the book Cryptography and Network Security: Principles and Practice.
* For simplicity, we assume that the actual data sent over the channel may vary across the 5 cases, but all are labeled P1 to P12 and C1 to C12. For example, the length and actual content of P1 in (a) (a 128-bit block) may differ from P1 in (b) (a 16-bit unit).
Q4. Meet-in-the-middle Attack [30 Marks]
Consider the Meet-in-the-Middle attack of Double DES (the weakened, exportable version), with 64-bit data blocks and two 40-bit keys.
If a pair of keys (K1, K2) can satisfy EK1(P1) = DK2(C1), i.e. lead to the same output in the middle stage, we call it a collision. The corresponding pair of keys is referred to as a colliding key-pair, which may or may not be the pair of authentic keys.
(a) For a random pair of 40-bit keys, what is the probability that they will produce a collision at the middle stage?
(b) If one enumerates all possible key-pairs (40-bit per key), on average, how many colliding key-pairs do we expect to find if we only check each key-pair against one given pair of plaintext and ciphertext, say (P1, C1)?
(c) For a random pair of 40-bit keys, what is the probability that it will lead to a collision at the middle stage for 2 different pairs of plaintext and ciphertext, i.e. (P1, C1) and (P2, C2)? That is, the probability that (K1, K2) will satisfy: EK1(P1) = DK2(C1) and EK1(P2) = DK2(C2).
(d) To follow up on part (c), if we enumerate over all possible key-pairs, what is the expected number of key-pairs that can satisfy EK1(P1) = DK2(C1) and EK1(P2) = DK2(C2) simultaneously?
Q5. Simple Key Exchange [10 Marks]
Dr. X suggests the following way to confirm that you and your friend are both in possession of the same (secret) key:
You can create a random bit string with a length equal to that of the key, XOR it with the key, and send the result over an open and vulnerable communication channel to your friend. Your friend XORs the incoming block with his key (which should be the same as your key) and sends the result back. You check, and if what you receive is your original random string, you have verified that your friend has the same secret key. Neither of you has ever transmitted the key, so it remains secret.
Is this scheme secure? Why or why not?