1.

For each of the following assets, assign a low, moderate, or high impact level for the loss
of confidentiality, availability, and integrity, respectively. Justify your answers.
a. A student maintaining a blog to post public information.
b. An examination section of a university that is managing sensitive information
about exam papers.
c. An information system in a pathological laboratory maintaining the patient’s data.
d. A student information system used for maintaining student data in a university
that contains both personal, academic information and routine administrative
information (not privacy related). Assess the impact for the two data sets
separately and the information system as a whole.
2. A generalization of the Caesar cipher, known as the affine Caesar cipher, has the following
form: For each plaintext letter p, substitute the ciphertext letter C: C = E([a, b], p) = (ap
+ b) mod 26
A basic requirement of any encryption algorithm is that it be one-to-one. That is, if p ≠ q,
then E(k, p) ≠ E(k, q). Otherwise, decryption is impossible, because more than one
plaintext character maps into the same ciphertext character. The affine Caesar cipher is
not one-to-one for all values of a. For example, for a = 2 and b = 3 then E([a, b], 0) = E([a,
b], 13) = 3.
a. Are there any limitations on the value of b? Explain why or why not.
b. Determine which values of a are not allowed.
3. Consider a Feistel cipher composed of sixteen rounds with a block length of 128 bits and
a key length of 128 bits. Suppose that, for a given k, the key scheduling algorithm
determines values for the first eight round keys, k1, k2, c k8, and then sets k9 = k8, k10 =
k7, k11 = k6, c, k16 = k1
Suppose you have a ciphertext c. Explain how, with access to an encryption oracle, you
can decrypt c and determine m using just a single oracle query. This shows that such a
cipher is vulnerable to a chosen plaintext attack. (An encryption oracle can be thought of
as a device that, when given a plaintext, returns the corresponding ciphertext. The
internal details of the device are not known to you and you cannot break open the device.
You can only gain information from the oracle by making queries to it and observing its
responses.)
4. In the CTR mode, if any plaintext block that is encrypted using a given counter value is
known, then the output of the encryption function can be determined easily from the
associated ciphertext block. Show the calculation.
QUESTION 01 ANSWER
 a: A student maintaining a blog to post public information
Confidentiality Accessibility Integrity

Level Low Moderate Medium

Reason: In most Reason: Loss of Reason: Because the

cases, information is publicly available information about
posted on blogs and blog information will publicly available
published for the not have a major publications is stored
public good, so that impact, but will on the good, so that
publicly available interfere with publicly available
publications are information access publications are
available to everyone or use. The available to
information is everyone.
provided until the
server responds
effectively.

 b: An examination section of a university that is managing sensitive

information about exam papers.
Confidentiality Accessibility Integrity
 Level High High High

Reason: As Reason: The loss of Reason: Information on test

information is confidential paper is confidential, therefore
sensitive so it must information about only authorized persons can
not be available to the test paper is access that information and
public. significant. It should make changes. if intruder make
be available when changes in the information
you need it. regarding exam it will suffer a
lot.

c: An information system in a pathological laboratory maintaining the patient’s

data.
Confidentiality Accessibility Integrity

Level High Moderate High

Reason: The patient's Reason: Patient data Reason: Patient data is very
medical history is stored in the confidential and should not be
should not be shared system so that it can changed by unauthorized.
with anyone else. be accessed when
However, if the needed if the system
patient poses a threat is operating
to the community, efficiently and
the department and efficiently.
their relatives can be
informed about it.

 d: A student information system used for maintaining student data in a

university that contains both personal, academic information and routine
administrative information (not privacy related). Assess the impact for
the two data sets separately and the information system as a whole.
 Confidentiality Accessibility Integrity

Level High High High

Reason: student Reason: The system Reason: The academic records

university ID and must be secured and and other records must be
other academic available to the preserved. Loss of the integrity
record should not be students and might cause malicious or
disclosed to others. administrative users accidental changes to the
Loss of the all the time. The loss students’ records.
confidentiality might of the availability
cause compromise of might cause loss,
students’ destruction or
information, such as change in both
students’ academic information
records, etc.

QUESTION 2 (a)
Are there any limitations on the value of b? Explain why or why not.
Answer:
No, there is no limit on the value of b, since choosing a value for b will shift the ratio between
plaintext and ciphertext characters equally to the left or right. Thus, the relationship between
plaintext and ciphertext is one-to-one.

b: Determine which values of a are not allowed.

The values (0, 2, 4, 6, 8, 10, 12, 13, 14, 16, 18, 20, 22, 24) are not allowed for the file. The value
of a is valid for encryption only if GCD (a, 26) = 1. Values greater than 25 correspond to mode
26.
QUESTION 03
Feistel's network idea is that the decryption algorithm is the same as the encryption algorithm,
only the subkeys are used in reverse order. However, in the algorithm for generating subkeys
described in the task, the reverse order of the sub keys is the same as in the original one. Thus,
the encryption algorithm used as a black box decrypts the cipher text.

When a cleartext attack is chosen, the attacker chooses freetext and the oracle provides the
attacker with the corresponding ciphertext. With the key diagram shown above, if

E (P) = C and E (C) = P

AS the attacker transmits to the oracle C, and the corresponding "ciphertext" PA Feistel shows
that the encryption works as follows: At a more granular level than
C = (Ln, Rn),

the Feistel net divides the input string into two parts, L0, R0, and then updates the halves
according to the following rule: Hook Li-1, Ri-1 and put

Li = Ri-1, Ri = Li- 1 F (Ri-1, Ki),

where F is a recursive function (fixed, implemented by block S), and Ki is the i-th recursive subkey.
We now have

Ri-1 = Li, Li-1 = Ri F (Li, Ki)

(which means that if we apply the algorithm and replace the two halves, we end up with explicit
text). The first equation is clear. To get seconds, we observe

F (Li, Ki) = F (Ri-1, Ki) as Li = Ri-1.

QUESTION 04
If the cryptographic analyst knows the value of counter (i) in CTR mode, the output of the
cryptographic function can easily be compromised with the correct ciphertext, since the
encryption and temporary keys for the entire block remain the same as for encryption and
decryption process. Equations and graphs describe this problem.
Encryption: Ci = Pi E k [nonce i], where

nonce = number used once i =

counter P = plaintext

C = ciphertext.