Network Security Netzwerksicherheit Lecture ID: ET-IDA-082 and 111 Final Examination Closed book examination v14 Prof. W. Adi Date : 31.08. 2013 Duration : 25 Minutes Maximum marks 30% Vorname ……………………………………….. Nachname ……………………………………….. Matrikel-Nr. ………………………………………..

Number of invertible elements modulo 34 is φ (34) Q1: Compute gcd for (506,418). (1 P) n1 n2 q r 506 418 1 88 4 66 22 3  gcd ( 506,418) = 22 Q2: Compute the gcd (2 P) m u a1 a2 b1 b2 q r GCD =u 39 9 1 4 3 -4 GCD= MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen? Q3: Compute the number of integers smaller than 34 having multiplicative inverse modulo 34. (3 P) Number of invertible elements modulo 34 is φ (34) φ (34)=φ(2 * 17)= 1 * 16 = 16 elements 2

1. Diffie-Hellman key-exchange system Q4: On which claimed unsolved mathematical problems is the security of the following cryptosystems based? 1. Diffie-Hellman key-exchange system Discrete logarithm problem 2. Rabin lock Integer factoring problem 3. „Blind Signature“ As RSA system, that is integer factoring 4. Fiat-Shamir proof of identity protocol 5. RSA Crypto-System 6. Massey Omura Lock for Shamir 3-pass crypto-protocol Discrete logarithm problem (6 P) 3

2- Compute the highest multiplicative order for a unit in Z*m? Q5: 1- How many elements are there in the group of units Z*m , if m = 49. 125? Number of elements in Z*m = φ( 49. 125 ) = 72 * 53 *( 1 – 1/7 )( 1 – 1/5 ) = 4200 2- Compute the highest multiplicative order for a unit in Z*m? The highest multiplicative order is φ ( 7 2 * 5 3 ) called Carmichael’s function λ ( m ). λ( 7 2 * 5 3 ) = lcm [φ ( 7 2 ) , φ ( 5 3 ) ] = lcm [ ( 7 – 1 ). 7 2 – 1 , ( 5 – 1 ). 5 3 – 1 ] = lcm ( 42, 100 ) = ( 42 * 100 ) / gcd ( 42 * 100 ) = ( 42 * 100 ) / 2 = 2100 (5 P) 4

Q6: What is the linear complexity of a key stream sequence? Linear complexity is the length of the shortest linear feedback shift register LFSR which generates the sequence. . Q6-1: What is the difference between a primitive and irreducible polynomial of degree m? (2 P) A primitive polynomial: is an irreducible polynomial p(x) of degree m, where the multiplicative order of x mod p(x) is maximum (that is 2m-1). Or a primitive polynomial is an irreducible polynomial with the maximum possible period. Q6-2: What is a cyclic group? (2 P) MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen? In group theory, a cyclic group is a group that can be generated by one of its elements using the group operation repeatedly. 5

Compute the number of primitive elements in GF(83). Q7: in GF(83): Which multiplicative orders are possible for elements in GF(83)? Possible orders are the divisors of ( 83 ). The divisors of (83 - 1) = 82 are: 1, 2, 41, 82 Compute the number of primitive elements in GF(83). # of primitive elements =  [ ( 83 ) ] =  ( 82 ) =  ( 2 * 41 ) = 1 * 40 = 40 3. Which are the minimum tests required to find out weather an element σ from GF(83) is primitive? If all the following conditions are true σ ≠ 1, σ 2 ≠ 1, σ 41 ≠ 1, then σ is primitive! (8 P) MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen? 6

Compute the smallest positive integer n for which 4-5 = 4n holds. 4. Compute the multiplicative order of 4 in GF(83). 4 ≠ 1, 4² ≠ 1, 441 mod 83 = 1  the order of 4 is 41 Compute the smallest positive integer n for which 4-5 = 4n holds. 4-5 mod 41 = 4-5 + 41 = 436  n = 36 7

Compute α110 and give the corresponding binary vector for α110 . Q8: GF(27) is generated by the irreducible polynomial P(x)= x7 + x + 1. The element α=000011 = x + 1 is selected from GF(27). (Hint: 27-1=127=prime). Compute α110 and give the corresponding binary vector for α110 . As 27-1=127=prime, the order of any element in GF(27) is a divisor of 127. that is 1 or 127: α110 = (x7 )110 = x770 mod127 = x8 as x 7 + x + 1 = 0  x 7 = x + 1 = α  x 8 = x 2 + x  α110 = x8 = x 2 + x = (000101)2 (8 P) MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen? 8

Q9: On which ISO-OSI layer does IPSEC protocol reside? -Network Layer Give three basic security functions offered by IPSEC -Authentication, Integrity and Confidentiality What is the main difference between IPSEC key exchange in normal and aggressive mode (3 P) Main mode : user identities do not appear on the open channel Aggressive mode: user identities are sent in clear For public key signature authentication Passive attacker knows identities of Alice and Bob in aggressive mode However attacker need to be active to determine Alice’s and Bob’s identity in main mode Q10: Which differences do „ silicon physical unclonable functions (PUFs) make use of to differentiate between same fabricated chips? - Delay time

“I am Alice” R K (R) A-B Q11: Define the term „Nonce“ Q12: Sketch a three-way protocol using a nonce R with a shared secret key KA-B for user authentication in a network (6 P) A random number used once in the system lifetime “I am Alice” R K (R) A-B Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice!

Q13: Sketch the cryptographic functions for a public key certificate scheme Source Destination Private key of a Public key of a Public directory

Q15: Which are the main tasks of KERBEROS key distribution center KDC? Q14: If a 2n search is considered to be computationally infeasible, How many bits should a Hash function at least deliver to be considered as a collision-resistant function ? (3 P) 2n Q15: Which are the main tasks of KERBEROS key distribution center KDC? Does it use secret or public key cryptography? How many keys are required to set up the system for N users? (4 P) Key Generation/Distribution Authentication Confidentiality Secret key systems Only N secret keys instead of usually N (N-1)/2 keys

The Dual signature allows proof that: Q16: State one reason for which a certificate revocation becomes necessary in a certification service. (2 P) Certificates have a period of validity Certificates can also be revoked because: user’s key is compromised user no longer certified by CA CA’s certificate is assumed to be compromised Q17: State one benefit gained by applying the dual signature in SET payment system. (2 P) The Dual signature allows proof that: Merchant has received Order Information (OI). Bank has received Payment Information (PI) and verified the Customer signature. Customer has linked OI and PI and can prove later that PI was not related to a different purchase.

To detect double spending of coins Q18: What is the use of secret-splitting technique in electronic cash systems? (2 P) To detect double spending of coins

Q19: What is a one time password? Give one application example A one time password is a password that is valid for only one login session or transaction. Like secret transaction numbers used to transfer money from Bank to another Bank. Q20: State two “Biometric” human properties” which are used to enhance secured person identification (3 P) Fingerprints: optical comparison of fingerprints. Voices: speaker voice verification or recognition. Eyes: patterns in irises are unique for each person. Faces: image, or specific characteristics like distance from nose to chin. MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen?

Carmicheal´s function (m) : Annex: Euler Function (m) For m = p1 p2 p3 .... pt e1 e2 e3 et (m) = m ( 1 - ) ( 1 - ) …… P1 1 P2 1 Carmicheal´s function (m) :  (2)= 1, (22) = 2, (2e) = 2e-2 for e  3: (pe)= (pe) = (p - 1)pe-1 for p odd prim. for m = p1e1 p2e2 p3e3 ... pnen (m) = lcm [ (p1e1 ), (p2e2 ), … (pnen ) ] 16