Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exercises 2013-04-18 Information Security Course Eric Laermans – Tom Dhaene.

Published byBrooke Hopkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Exercises 2013-04-18 Information Security Course Eric Laermans – Tom Dhaene."— Presentation transcript:

1 Exercises 2013-04-18 Information Security Course Eric Laermans – Tom Dhaene

2 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 2 Exercise 1 (1) RSA PKCS#1 v1.5 “Million Message Attack” (MMA): illustration of principle Given  C (= M e mod n), n and e  M formatted according to PKCS#1 v1.5 (M = 00||02||PS||00||D)  error message from victim if decryption of C’ fails because of erroneous formatting Question  find a strategy to recover M  hint: think of the multiplicative properties of RSA

3 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 3 Exercise 1 (2) RSA-formatting: MMA illustration using more limited formatting Given  formatting: M = 0010xxxx  n = 187; e = 3; C = 81 Question  find M  hint: 32 ≤ M ≤ 47

4 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 4 Exercise 2 ElGamal Given  in ElGamal-encryption or –signature, and also in DSA, a unique and secret random value k is used Question  what happens if an attacker knows k?  what are the consequences if the random value k is reused: –in ElGamal-encryption? –in ElGamal-signature? –in DSA?

5 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 5 Exercise 3 ElGamal Given:  RSA-signatures exhibit the issue of “existential forgery”, i.e. given some messages with their corresponding RSA-signatures, it is possible to generate new signed messages using RSA’s multiplicative properties, without requiring knowledge about the private key Question:  is there a similar problem with ElGamal-signatures?

6 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 6 Exercise 4 ElGamal Given:  in ElGamal-encryption of –signature, and in DSA, a unique and secret random value k is used Question:  how could the owner of the private key used in the digital signature add hidden information without the person receiving the signature noticing? –such a technique is called a “subliminal channel”  can you find a way to use (a small part) of this subliminal channel without needing to use the private key for this purpose? (harder)

7 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 7 Exercise 5 Hash functions Given  a hash function with a hash value of n bits, e.g. 128 bits  a limited storage capacity (N 1 hash values), e.g. 1 TB –you may assume N 1 ≪ 2 n/2 Question:  how many hash computations are required to find two messages with identical hash values with a given probability P (e.g. 95%)? –compute this with the given values –suppose a modern PC can compute 10 million hash values per second, how much time would be required?

8 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 8 Exercise 6 Hash functions Given:  a competition at XKCD to generate a hash value with as many bits as possible corresponding to the bits of a givcen hash value (Skein-1024-1024) –Skein is 1 of the 5 finalists for SHA-3, used here with a 1024 bit hash value and 1024 bit internal state –winner was CMU, with only 384 wrong bits on 1024 (i.e. 640 corresponding bits)CMU Question:  compute if this result is an indication of some weakness in the weak collision resistance for the hash algorithm used –i.e. compute how many hash values should typically be generated to obtain a hash value with at most 384 bits (on 1024) differing from the bits of the original hash values, assuming that hash values are uniformly randomly distributed –does this seem a feasible number?

9 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 9 Exercise 6 Hash functions Hints:  N C k = N!/(k! (N–k)!) –number of combinations of k elementes from a group of N  for k sufficiently small w.r.t. N –∑(j:0..k. N C j ) ≈ (N–k–1)/(N–2*k–1)* N C k  for k more in the neighbourhood of N/2 –∑(j:0..k. N C j ) ≈ CDF_Norm(N/2,sqrt(N)/2) (k+½) »central limit theorem –CDF_Norm(mean, stdev) (x) = Φ ((x–mean)/stdev) –Φ (x) = ½ + ½ *erf(x/sqrt(2)) –erf(x) ≈ 1–(a 1 *t+ a 2 *t² + a 3 *t³)*exp(-x²) »with t=1/(1+p*x) »with p=0,47047 and a 1 =0,3480242 and a 2 =-0,0958798 and a 3 =0,7478556  best approximation is minimum of both

10 Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 10 Exercise 7 Hash functions Given  11,4 million 1024 bit RSA-keys, of which the prime factors were generated randomly Question  estimate the probability that at least two keys in this set have a common prime factor  Note –according to http://eprint.iacr.org/2012/064.pdf however 26965 keys shared a prime factor with another RSA- keyhttp://eprint.iacr.org/2012/064.pdf

Download ppt "Exercises 2013-04-18 Information Security Course Eric Laermans – Tom Dhaene."

Similar presentations

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Cryptography and Network Security

Cryptography and Network Security
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.
7. Asymmetric encryption-

7. Asymmetric encryption-
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Introduction to Modern Cryptography Homework assignments.

Introduction to Modern Cryptography Homework assignments.
Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,

Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,
Chapter 7-1 Signature Schemes.

Chapter 7-1 Signature Schemes.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: 361-396 Authors: D. Pointcheval and J. Stern Presented.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
CS470, A.SelcukRSA1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukRSA1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 CIS 5371 Cryptography 9. Data Integrity Techniques.

1 CIS 5371 Cryptography 9. Data Integrity Techniques.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Similar presentations

Ads by Google