I.D. Number Desk Number
Faculty of Science, Engineering and Computing
Postgraduate Modular Scheme January Examinations 2019/2020 Level 7
Instructions to Candidates
This paper contains FIVE questions in TWO sections: Section A and Section B. Answer FOUR questions only:
Section A: Answer TWO questions out of three
Section B: Answer ALL questions
Label each answer clearly e.g. 1a, 2b. Do not rewrite the question or write in the margins.
THIS PAPER MUST BE HANDED IN AT THE END OF THIS EXAMINATION. CANDIDATES ARE PERMITTED TO BRING ONE APPROVED CALCULATOR
INTO THIS EXAMINATION: from either Casio FX83 or Casio FX85 series (with any suffix), FX115MS, FX570ES or FX991ES
Invigilators are under instruction to remove any other calculators
|Stationery||Salmon Answer Books|
Number of Pages: 1 – 4
This section contains THREE questions. Answer TWO questions only.
- Secret sharing can provide protection without the use of keys.
- Explain the cryptographic technique of secret sharing. Describe the interaction between dealer, players and combiner by referring to the diagram below, and using the notation it introduces.
- Explain Shamir’s secret sharing scheme, and in particular the role of polynomial evaluation and interpolation. Give an example calculation of two shares of the secret s = 4 in a (2,3) threshold scheme that could be distributed to players.
- Secret sharing is a suitable cryptographic technique for implementing cloud security. Explain the approach, and detail which security goals are achieved, depending on the threshold value t of the scheme in relation to n.
(Total 20 marks)
- The AES algorithm is one of the most important symmetric encryption methods available at present.
- Explain the standardisation approach that led to the development of AES. How was the process motivated and what were the technical criteria? Give a brief account of the events from the late nineties to the present.
- Explain the principal difference between symmetric and asymmetric key encryption. Explore the advantages and disadvantages of the two approaches.
- Give an high-level overview of the different steps in the AES algorithm. You may use diagrams for illustrative purpose, provided you explain them in your own words.
- A supercomputer performing 1013 decryptions/second performs brute- force cryptanalysis of the following two ciphertext messages:
- A message encrypted in DES.
- A message encrypted in AES using a 128 bit key.
Explain, using calculations where necessary, whether each of these attacks is viable.
- Secure commitment schemes are important building blocks for advanced cryptographic protocols.
- Classify the different types of cryptographic protocols and briefly explain the individual categories.
- Review how a secure commitment scheme works in principle, by explaining the goal, different stages and properties of the protocol.
- Design a basic secure commitment scheme, using a secure hash function. List all required security assumptions.
- Outline how secure commitment schemes can be used to verify shares in a secret sharing scheme.
(Total 20 marks)
This section contains TWO questions. Answer ALL questions.
- PGP is a freely available cryptosystem that can provide confidentiality and integrity of email messages.
- Briefly sketch the history of PGP. Why was it considered controversial at the time it was developed, and how did the creator of PGP overcome legal challenges?
- Explain the basic functionality of PGP for ensuring message
confidentiality of an email message m that Alice wishes to send to Bob.
- Assume Bob receives the following email message:
—–BEGIN PGP SIGNED MESSAGE—–
Decision will be made tomorrow lunchtime.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2 iQEcBAEBCAAGBQJYIShMAAoJEJEz+Ka1DFq9jlAIALaXEk8dM8OrV9WtHcgMjQMT
cJYJcTvUdd0yoOU7dWsp5OOdx3+W+tNClRYsy909GQclxYDVLiTLksGL664HdDPj V5xUVBdZicEK5FfYfQb2pEkDBQiO5C9x6uslue5p31/GuRbTbp/ELJMxYonmENGw M8Mu2BgSEIQQLMI9eaWWsxUHtLNHUgugSywaJthxU8t7wnc+Pl6C0VCHms/VikGk ldIkH/fftetcZQeV6F27zizCk/SGEqqtk4exD+CBaDE8adZHIAYl/Z3Ry7kMDbO/ NacQmHtm+byWOB61Posq6fHbaQzGLpJrv0xUBfDb2jZR9/+gq9c5Isd38oDA/qo=
—–END PGP SIGNATURE—–
- Which security goal can be achieved with the information provided in this message, and for which text? Explain the approach and state any assumptions concerning the availability of additional information prior to receiving the message.
- Reflect on the trust that Bob may have in the implementation mechanism for the aforementioned security goal. Discuss approaches which may help with managing and increasing this trust.
(20 marks total)
- Securely browsing the web can be achieved using public key cryptography and a suitable cryptographic protocol.
- Describe how public key cryptography allows messages to be digitally “signed”. What are the security requirements that can be implemented using digital signatures, and why is this stronger than what one can achieve with symmetric key encryption?
- Explain the different steps how a server (Alice) can send confidential and authenticated information to a client (Bob), as soon as public keys have been distributed. Justify why these security requirements are met.
- A website uses Apache in order to serve web requests. The Apache SSL configuration file contains the following lines:
# Certificate config info # (c) nissoft ‘19
SSLCertificateFile /etc/apache2/ssl/ca.crt SSLCertificateKeyFile /etc/apache2/ssl/ca.key
For each line, explain how it contributes to the configuration and management of security for this website.
(20 marks total)