Page : 1 Date : 31.08. 2013 Duration : 90 Minutes Maximum marks 70% Vorname ……………………………………….. Nachname ……………………………………….. Matrikel-Nr. ………………………………………..

Slides:



Advertisements
Similar presentations
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Advertisements

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Cryptography & Number Theory
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.
Public Key Algorithms 4/17/2017 M. Chatterjee.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
Computer Science Public Key Management Lecture 5.
Introduction to Public Key Cryptography
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, "A Public-Key Cryptosystem and a Signature Scheme.
1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Lecture 14 ISAKMP / IKE Internet Security Association and Key Management Protocol / Internet Key Exchange CIS CIS 5357 Network Security.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Computer and Network Security - Message Digests, Kerberos, PKI –
CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.
Key Management Network Systems Security Mort Anvari.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
Cryptography and Network Security Chapter 13
Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-9 Public-Key Cryptography.
Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-5 Mathematical Background:
Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-12 Public-Key Cryptography.
What is in a name? Identity-based cryptography. How public-key crypto works When you use public key cryptography, you can publish a value (public key)
Public-Key Cryptography ElGamal Public-Key Crypto-System
Network Security Netzwerksicherheit Lecture ID: ET-IDA-082 and 111
Rabin Lock and Public-Key Systems
RSA Slides by Kent Seamons and Tim van der Horst
Public-Key Cryptography RSA Rivest-Shamir-Adelmann Public-Key System
RSA Public-Key Secrecy and Signature
DH Public-Key Exchange
Public Key Encryption and Digital Signatures
Design Problems (Open book)
Sample Solution Cryptology Design Fundamentals
Network Security Sample Solution Short questions (Closed book)
ElGamal Public-Key Systems over GF(p) & GF(2m)
Cryptography: Basics (2)
Chapter 29 Cryptography and Network Security
Cryptology Design Fundamentals
Cryptology Design Fundamentals
Cryptology Design Fundamentals
Cryptology Design Fundamentals
Cryptology Design Fundamentals
Cryptology Design Fundamentals
Cryptology Design Fundamentals
Sample Solution Cryptology Design Fundamentals
Cryptology Design Fundamentals
Cryptology Design Fundamentals
Cryptology Design Fundamentals
Cryptology Design Fundamentals
Cryptology System Design Fundamentals
Network Security Standards
Cryptographic Protocols Secret Sharing, Threshold Security
Network Security Tutorial-14 Design Fundamentals IPSEC, KERBEROS
Cryptology Design Fundamentals
Network Security Tutorial-16 Design Fundamentals PGP ET-IDA-082
Network Security Tutorial-16 Design Fundamentals PGP ET-IDA-082
Network Security Tutorial-14 Design Fundamentals IPSEC, KERBEROS
Network Security Tutorial-17 Design Fundamentals E-Commerce ET-IDA-082
Cryptology Design Fundamentals
Public-Key Cryptography Quadratic Residues and „Rabin Lock“
Mathematical Background: Extension Finite Fields
Presentation transcript:

Page : 1 Date : Duration : 90 Minutes Maximum marks 70% Vorname ……………………………………….. Nachname ……………………………………….. Matrikel-Nr. ……………………………………….. Network Security Netzwerksicherheit Lecture ID:ET-IDA-082and 111 Lecture ID: ET-IDA-082and 111 Final Examination Open book examination v18 Prof. W. Adi Sample Solution

Page : 2 Marks: Problem 1 ∑ Problem 2 Problem 3 Problem 5 Problem Problem 6

Page : 3 P1:A RSA cryptosystem with two users A and B having the secret prime number pairs for A: 7 and 13 and for B: 29 and 3 is used 1.Find out the adequate open key of user A from the following list of integers: [27, 25, 75]. Compute the corresponding secret key for user A. 2. Find out the adequate open key of user B from the following list of integers: [24,35,9]. Compute the corresponding secret key for user B.. 3.User A encrypts the message M=3 to get the cryptogram Y AB. Then signs the cryptogram Y AB to get the signature S A. Compute Y AB and S A. 4.Decipher the cryptogram Y AB on user B’s site and verify the Signature S A. 5.B signs the received message M and sends his signature S B back to A. Compute the signature S B. 6.How many open keys are possible for each user (15p )

Page : 4 Solution: 1.Find out the adequate open key of user A from the following list of integers: [27, 25, 75]. Compute the corresponding secret key for user A. N A = 7 x 13 = 91, φ (N A ) = (7-1)(13-1) = 72 gcd [ E A, φ (N A ) ] = 1 => select 25 as gcd (72,25) = 1 E A = 25 D A = -23 mod 72 = = 49 (see computation below) D A = mod 72 = -23 mod 72 =49 2. Find out the adequate open key of user B from the following list of integers: [24,35,9]. Compute the corresponding secret key for user B. N B = 29 x 3 = 87, φ (N B ) = (29-1)(3-1) = 56 gcd (E B, φ (N B ) ] =1 => select 9 as gcd (56,9) = 1 E B = 9 D B = 25mod 56 = 25 (see computation below) D B = 9 -1 mod 56 = 25

Page : 5 3. User A encrypts the message M=3 to get the cryptogram Y AB. Then signs the cryptogram Y AB to get the signature S A. Compute Y AB and S A. 4. Decipher the cryptogram Y AB on user B’s site and verify the Signature S A. Decryption: Verification: 5. B signs the received message M and sends his signature S B back to A. Compute the signature S B. 6. How many open keys are possible for each user? # of keys for user A = φ [φ (N A )] = φ (72 ) = φ ( )= 72 (1 -1/2 ) ( 1 – 1/3 )= 24 keys # of keys for user B = φ [φ (N B )] = φ (56 ) = φ (2 3.7 )= 56 (1 -1/2 ) ( 1 – 1/7 )= 24 keys

Page : 6 P2: Secrecy theory: A block cipher has a key size of 256 bits is encrypting a clear text having the entropy of 100 bits and a block size of 128 bits. 1.Compute the cipher‘s unicity distance n u. 2.Compute the length of the clear text padding pattern necessary to reach a unicity distance of 1400 bits 3.After all the above cipher changes, an observer was able to watch 1500 cipher text bits. Would the observer with unlimited resources theoretically be able to break the cipher in that case ? Give reasoning for your answer. (6 Marks)

Page : 7 Solution: K= 256 bits, H(x)=100 bits, N = 128 bits 1. Unicity distance As r = [ N – H(x) ] / N => r = [ ] / 128 = 0,22 2. the length of the clear text is : Unicity distance n u = K/r = 256/0,22 = 1163,6 bits 3. The observer would be principally able to break the cipher as he was able to observe a number of cipher text bits which is larger than the unicity distance.

Page : 8 P3. Compute the multiplicative inverse of x 3 + x modulo P(x) = x 5 + x (6p) Verify your result R(x)Q(x)B2(x)B1(x)P2(x)P1(x) Solution

Page : 9 Solution Compute the multiplicative inverse of x 3 + x modulo P(x) = x 5 + x (6p) Verify your result R(x)Q(x)B2(x)B1(x)P2(x)P1(x) x 3 + x 2 + 1x2x2 10x 3 + xx 5 + x x 2 + x – x 2 = x 2 1x 3 + x 2 + 1x 3 + x x + 1x1 – (x 2 )1 = x 2 +1x2x2 x 2 + x + 1x 3 + x xx 2 – (x 2 +1)(x)= x 3 +x 2 +xx 2 +1x + 1x 2 + x + 1 0x+1x (x 4 + x 3 + x 2 ) = x 4 + x 3 + 1x 3 +x 2 +x1x + 1 Verification: => (x 4 + x 3 + 1) * (x 3 + x) modulo (x 5 + x ) = 1

Page : 10 P4: Users A and B are using a simplified IPSEC IKE system in aggressive mode according to Fig. 1. Assuming that : A=1, B=0, CP=4, IC= 0, RC= 1, R A = 4, R B = 7 1.Design a Diffie-Hellmann key exchange system over GF(2 5 ) using p(x) = x 5 + x 4 + x 3 + x + 1 as a field modulus assume the secret keys for users A and B as a=25, b=30 respectively. Compute a primitive element g and the common key g ab as a binary vector in GF(2 5 ). (hint = prime number) K = h(IC|RC|g ab mod p(x) |R A |R B ) 2.Compute the common session key as K = h(IC|RC|g ab mod p(x) |R A |R B ) Assuming the hash function h(X) is defined as : h(X) = (X 2 mod 91 ) h(X) = (X 2 mod 91 ) (see also all parameters on Fig. 1 ) (show all necessary computations) SKEYID = h( R A | R B |g ab mod p(x) ) 3. Compute SKEYID where SKEYID = h( R A | R B |g ab mod p(x) ). (show all necessary computations in your solution!) ( the symbol “| “ stands for concatenation) 4. Compute the signature proof B of B assuming the proof B to be a secret key signature computed by a double hashing as follows: proof B = h [ h(SKEYID |g ab mod p(x)|IC|RC|CP|“B”) | K ] proof B = h [ h(SKEYID |g ab mod p(x)|IC|RC|CP|“B”) | K ] (25 P)

Page : 11 IKE Phase 1: Public Key Signature (Aggressive Mode) IC, “Alice”, g a mod p, R A, CP IC,RC, “ Bob ”, R B, g b mod p, CS, proof B IC,RC, proof A User A Alice User B Bob CP = 4=crypto proposed DHGF= Diffie-Hellman key exchange over GF(2 5 ) p(x) = x 5 + x 4 + x 3 + x + 1 as field modulus, a=25, b=30 CS = crypto selected = 1 IC = initiator “cookie” = 0 RC = responder “cookie”= 1 “A” = 1, R A = 4, “B” = 0, R B = 7 2. K = h(IC|RC|g ab mod p|R A |R B ) Assume h(X) = X 2 mod SKEYID = h(R A | R B |g ab mod p(x)) 4. proof B = h [ h(SKEYID |g ab |IC|RC|CP|“B”) | K ] Fig. 1 Session key= K

Page : 12 Solution: p(x) = x 5 + x 4 + x 3 + x + 1 = 0 => x 5 = x 4 + x 3 + x + 1 x 1 = x x 2 = x 2 x 3 = x 3 x 4 = x 4 x 5 = x 4 + x 3 + x + 1 x 6 = x 5 + x 4 + x 2 + x = x 4 + x 3 + x x 4 + x 2 + x = x 3 + x 2 + 1=13 x 7 = x 4 + x 3 + x = = 26 1.DH setup: User A: a= 24, Y a = α 25 =( x 25 ) = = x 4 + x 3 + x 2 + x + 1 Public directory GF(2 5 ) α=(x), p(x) = x 5 + x 4 + x 3 + x + 1 Y a = x 4 + x 3 + x 2 + x + 1 Y b = x 4 + x 3 + x User B: b= 30, Y b = α 30 =( x 30 ) = x 30 = x 4 + x 3 + x Compute the polynomial and binary pattern for the users A and B shared key Z AB. Common secret key for users A and B Z ab = ( (x 25 ) 30 ) mod 31 = x 750 mod 31 = x 6 = x 3 + x = = Design a Diffie-Hellmann key exchange system over GF(2 5 ) using p(x) = x 5 + x 4 + x 3 + x + 1 as a field modulus assume the secret keys for users A and B as a=25, b=30 respectively. Compute a primitive element g and the common key g ab as a binary vector in GF(2 5 ). (hint = prime number)

Page : 13 x 8 = x 5 + x 4 + x 2 = x 4 + x 3 + x x 4 + x 2 = x 3 + x 2 + x + 1 x 9 = x 4 + x 3 + x 2 + x x 10 = x 5 + x 4 + x 3 + x 2 = x 4 + x 3 + x x 4 + x 3 + x 2 = x 2 + x + 1 x 11 = x 3 + x 2 + x x 12 = x 4 + x 3 + x 2 x 13 = x 5 + x 4 + x 3 = x 4 + x 3 + x x 4 + x 3 = x + 1 x 14 = x 2 + x x 15 = x 3 + x 2 X 25 = (x 12 ) 2. x = (x 4 + x 3 + x 2 ) 2. x = (x 8 + x 6 + x 4 ). x = (x 3 + x 2 + x x 3 + x x 4 ). X = ( x 4 + x ). X = x 4 + x 3 + x 2 + x + 1 X 30 = (x 15 ) 2 = (x 3 + x 2 ) 2 = x 6 + x 4 = x 4 + x 3 + x K = h(IC|RC|g ab mod p(x) |R A |R B ) 2. Compute the common session key as K = h(IC|RC|g ab mod p(x) |R A |R B ) Assuming the hash function h(X) is defined as : h(X) = (X 2 mod 91 ) h(X) = (X 2 mod 91 ) (see also all parameters on Fig. 1 ) K = h(IC|RC|g ab mod p(x) |R A |R B ) = h(0|1|13|4|7) =( ) 2 mod 91 = mod 91 K = 56

Page : 14 SKEYID = h( R A | R B |g ab mod p(x) ) 3. Compute SKEYID where SKEYID = h( R A | R B |g ab mod p(x) ). (show all necessary computations in your solution!) ( the symbol “| “ stands for concatenation) SKEYID = h(R A | R B | g ab mod p(x)) = h(4| 7| 13) = (4713) 2 mod 91 = mod 91 SKEYID = 88 proof B = h [ h(SKEYID |g ab mod p(x)|IC|RC|CP|“B”) |K ] 4. Compute the signature proof B of B assuming the proof B to be a secret key signature computed by a double hashing as follows: proof B = h [ h(SKEYID |g ab mod p(x)|IC|RC|CP|“B”) |K ] proof B = h [ h(SKEYID |g ab |IC|RC|CP|“Bob”) | K ] = h [ h(88 |13|0|1|4|0) | 56 ] = h [ (88 |13|0|1|4|0) 2 | 56 ] = h [ mod 91 | 56 ] = h [ 49 | 56 ] = (4956) 2 mod 91 = mod 91 proof B = 35

Page : 15 IKE Phase 1: Public Key Signature (Aggressive Mode) 0, 1, x 25 mod p(x), 4, 4 0,1, 0, 7, x 30 mod p, 1, 35 0,1, proof A User A Alice User B Bob Fig. 1 Solution: K= 56

Page : 16 P5: A bank B is required to sign blindly a bill of 10€ (M=10). 1. The bank publishes his public key e=13 and his modulus as m=77, keeping both prime products p=11 and q=7 secret. Compute the banks secret key d. 2. Bank client user A selects a random r for the blinding factor BF from the list (21,22,4) and give the reasons for a correct selection. 3. Make all necessary computations to calculate a blinded message BM sent to the bank. 4. Let the bank sign the blinded message BM and generates a blindly signed response BSR. Compute BSR. 5. Make the necessary computations by user A to extract the blind signature BS for M=10 and give the blindly signed bill in numerical form. 6. Verify the bill validity when received by other party by using the open directory. (25 P)

Page : 17 Blindly signing a Message M of user A by user B User A User B Open directory Authority Public key e Arithmetic modulo m m = p q (RSA Modulus) Private key d D= e -1 mod φ(m) d.e = 1 mod φ(m) Solution Select a random unit r gcd(m,r) = 1 Blinding factor BF r e mod m BF= r e mod m r e mod m BM = M r e mod m BM) d mod m BMr= (BM) d mod m BM) d BMr = (BM) d = M d r BMr = M d r BMr) r -1 BS = (BMr) r -1 = M d BS = M d Blinding Factor

Page : 18 The bank B blindly signs a message M from user A Bank: User B Open directory Bank’s public key e = 13 Arithmetic modulo 77 m = 11 x 7 = 77 D = e -1 mod φ(m) φ(m) = φ(55)=φ(7.11)=(7-1)(11-1)=60 d = mod 60=37 Private key d = = 37 User A Message/Value = M = 10 mod m = mode 77 = 68 BM = M. BF mod m = mode 77 = 68 M d r mod m =40 BSR = M d r mod m =40 = M d r Y 2 = (Y 1 ) d = M d r =mode 77 = 40 = (68) 37 mode 77 = 40 r -1 BS = BSR r -1 = mod 77 = 10 = mod 77 = 10 = M d = 10 BS = M d = 10 r e mod m BF= r e mod m = 4 13 mod 77 = 53 = 4 13 mod 77 = 53 Blinding Factor BF BS )10 ) Blindly Signed check: ( M, BS ) : ( 10, 10 ) gcd(r,77)=1 => r =4 r -1 = -19 mod 77 = = 58 Verification (BS) e = M (10) 13 mod 77 = 10=M that is M is authentic (10) 13 mod 77 = 10=M that is M is authentic

Page : 19 P6:A KERBEROS system is set up as shown in Fig. 2 with the parameters given on Fig. 2. h(x) = x 3 mod 41 The used hash function is : h(x) = x 3 mod 41 Y = E(X,K) = X · K mod 53 The adopted encryption function is: Y = E(X,K) = X · K mod 53 Notice: split your encrypted blocks when necessary such that the system becomes operational!! K A TGT 1.In Fig. 2 Compute K A and TGT. 2.In Fig. 2 Compute the number of possible key choices for K KDC. Res 3.In Fig. 2 Compute the KDC response Res Res 4.In Fig. 2 Decrypt Res on Alice side REQUEST 5.In Fig. 3 compute Alice’s REQUEST REPLYticket to Bob 6.In Fig. 3 Compute K B and KDC REPLY to Alice including the ticket to Bob Authenticator A 7.In Fig. 3 Compute Authenticator A to Bob and decrypt ticket to Bob on Bob’s side Res B Verify it at A side 8.In Fig. 3 compute Res B on B side and Verify it at A side 9.How secure is the proposed system? 10.Is it possible for KDC to encrypt TGT such that TGT becomes perfectly secure (impossible to break)? Give the reasons for your answer. If possible, how to do that by using the above adopted encryption function? (30 P)

Page : 20 Fig. 2 Kerberized Login (Ticket Granting Ticket : TGT ) Alice Alice’s Password Alice wants Alice’s Secret key K A = h(Password A ) a TGT a TGT Res = E(S A |TGT, K A ) KDC h(x) = x 3 mod 41 h(x) = x 3 mod 41 TGT = E(“Alice”|S A, K KDC ) TGT = E(“Alice”|S A, K KDC ) S A = 8 KDC proposed session key S A = 8 Password A = 7, Password B = 9 Password A = 7, Password B = 9 K KDC = 22 K KDC = 22 Alice = 1, Bob= 2 Alice = 1, Bob= 2 (TGT= Ticket Granting Ticket), E(X,Y,Z, K) means data XYZ are encrypted using the key K Computer Encryption function E: Y = E(X,K) = X · K mod 53

Page : 21 Alice Requests Ticket to Bob Alice Talk to Bob I want to talk to Bob REQUEST REPLY KDC REQUEST = (TGT, authenticator), authenticator = E(timestamp, S A ) REQUEST = (TGT, authenticator), where authenticator = E(timestamp, S A ) REPLY = E(“Bob”|K AB | ticket to Bob, S A ) REPLY = E(“Bob”|K AB | ticket to Bob, S A ) ticket to Bob = E(“Alice”|K AB, K B ) ticket to Bob = E(“Alice”|K AB, K B ) generated by KDC Timestamp = 9, proposed K AB = 6 Timestamp = 9, proposed K AB = 6 Computer Fig. 3 ticket to Bob = E(“Alice”|K AB, K B ), authenticator A = E(timestamp, K AB ) Res B = E(timestamp + 1,K AB ) Alice’s Computer Bob (Knows K B ) ( K AB = 6)

Page : 22 K A TGT 1. In Fig. 2 Compute K A and TGT. K A = h(7) = 7 3 mod 41 = 7 3 mod 41 = 343 mod 41 = 343 mod 41 = 15 = 15 TGT = E(“Alice”|S A, K KDC ) TGT = E(“Alice”|S A, K KDC ) = E( 1 | 8, 22) = E( 1 | 8, 22) = (18 * 22) mod 53 = 396 mod 53 = In Fig. 2 Compute the number of possible key choices for K KDC. # possible keys for K DC = φ(53) = 52 Res 3. In Fig. 2 Compute the KDC response Res Res = E(S A |TGT, K A ) = E(8|25, 15) = E(8,15) | E(25,15) = 8.15 mod 53 | mod 53 = 120 mod 53 | 375 mod 53 = 14 | 4

Page : 23 DecrypRes 4. In Fig. 2 Decrypt Res on Alice side Decrypt Alice: Res = 14 | 4 Decrypt Res = D( Res, K A -1 ) = D( 14 | 4, K A -1 ) = ( mod 53 | mod 53) = 8 | 25 =S A | TGT K A -1 mod 53 = mod 53 = -7 mod 53 = = 46 REQUEST 5. In Fig. 3 compute Alice’s REQUEST REQUEST = (TGT, authenticator) authenticator = E (timestamp, S A ) = E(9, 8) = 9. 8 mod 53 = 72 mod 53 = 19 REQUEST = (TGT, authenticator) = (25, 19)

Page : 24 REPLYticket to Bob 6. In Fig. 3 Compute K B and KDC REPLY to Alice including the ticket to Bob ticket to Bob = E(“Alice”|K AB, K B ) ticket to Bob = E(“Alice”|K AB, K B ) generated by KDC = E(1|6, 32) = mod 53 = 512 mod 53 = 35 REPLY = E(“Bob”|K AB | ticket to Bob, S A ) = E( 2 | 6 | 35, 8 ) = E( 26, 8 )| E( 35, 8 ) = mod 53 | mod 53 = 208 mod 53 | 280 mod 53 = 49 | 15 K B = h(Password B ) = h(9 3 ) mod 41 = h(9 3 ) mod 41 = 729 mod 41 = 729 mod 41 = 32 = 32 Authenticator A 7. In Fig. 3 Compute Authenticator A to Bob and decrypt ticket to Bob on Bob’s side Authenticator A = E(timestamp, K AB ) = E(9,6) = 9. 6 mod 53 = 54 mod 53 = 1

Page : 25 Res B Verify it at A side 8. In Fig. 3 compute Res B on B side and Verify it at A side K B -1 mod 53 = 5 Ticket to bob = 35 Decrypt on Bob‘s side = D(Ticket to bob, K B -1 ) = D(35,5) = mod 53 = 175 mod 53 = 16 = 1|6 = „Alice“ | K AB Res B = E(timesatamp+1, K AB ) = E(9+1, 6) = 10.6 mod 53 = 60 mod53 = 7 K AB -1 mod 53 = 9 D(Res B, K AB -1 ) = E(ResB,K AB -1 ) = E(7,9) = 7. 9 mod 53 = 63 mod 53 = 10 = timestamp +1

Page : 26 9.Basically not secure as knowing one clear-text/cipher-text pair would allow computing the secret key K. As K = X -1. Y mod 53. As 53 is a prime, any non-zero X is invertible modulo 53. The hash function using x 3 mod 41 could be invertible if the cube root in GF(41) is computable. However, if the key K is not repeatedly used, then the cipher is equivalent to Vernam cipher over the multiplicative group of GF(53), as 53 is a prime and hence the cipher usage becomes unconditionally secure. 10. Yes, if of the KDC do not repeat using the same encryption key K kDC for creating TGT. As 53 is a prime and the system is operating in the multiplicative group of GF(53), therefore KDC would be using a Vernam-cipher -equivalent scheme and makes TGT perfectly secure. KDC should not repeat the usage of any key (use it just one time).

Page : 27 Alice Alice’s Password Alice wants Alice’s Secret key K A = 15 a TGT = 25 a TGT = 25 Res = 14 | 4 KDC Computer Alice Talk to Bob I want to talk to Bob REQUEST = (25,19) REPLY=49 |15 KDC Computer ticket to Bob = 35, authenticator A = 1 Res B = 7 Alice’s Computer Bob (Knows K B ) K AB = 6 Fig. 2 Fig. 3

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.