Scribd
Upload
687 views2 pages

WRK6sol - PDF 3031

This document discusses key concepts in key management and encryption. It addresses: 1) The differences between link and end-to-end encryption. Link encryption encrypts each link but requires more devices, while end-to-end encryption encrypts only between end systems but exposes traffic patterns. 2) Nonces are randomly generated numbers or phrases used as challenges in key agreement protocols to prevent replay attacks. 3) Natural sources of random numbers for true random number generators include thermal noise, system timestamps, user inputs and network latency. 4) The appropriate uses of three common ways nonces are used as challenges in encrypted communications between two parties. 5) Digital Signature Standard signatures differ from RSA in

Uploaded by

Munatsi Zimai
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
687 views2 pages

WRK6sol - PDF 3031

This document discusses key concepts in key management and encryption. It addresses: 1) The differences between link and end-to-end encryption. Link encryption encrypts each link but requires more devices, while end-to-end encryption encrypts only between end systems but exposes traffic patterns. 2) Nonces are randomly generated numbers or phrases used as challenges in key agreement protocols to prevent replay attacks. 3) Natural sources of random numbers for true random number generators include thermal noise, system timestamps, user inputs and network latency. 4) The appropriate uses of three common ways nonces are used as challenges in encrypted communications between two parties. 5) Digital Signature Standard signatures differ from RSA in

Uploaded by

Munatsi Zimai
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

433645: SOFTWARE SYSTEM SECURITY WORKSHEET: (KEY MANAGEMENT) (1) What is the dierence between link and end-to-end

encryption? With link encryption each, each vulnerable communications link is equipped on both end with an encryption device. Traffic over all communications links is secured but a large number of devices are required. Traffic must also be decrypted at routers and switches to read the address header. With end-to-end, encryption is done at the two end systems. Data is encrypted and then transmitted unaltered across the network. Here, the traffic-pattern is exposed because packet headers are transmitted in the clear. (2) What is nonce. Explain its use in key agreement protocols. A nonce is a locally generated one-time challenge (pseudo-)random number or phrase. It is used as a countermeasure to certain attacks on key-exchange protocols (see page 206 of the text). Typical use: Initiator sends a nonce and expects that nonce (or a transformation of it) in the response. The response cannot have been stored or intercepted, it must be produced in response to a new nonce each time. (3) Name at least ve sources of natural random numbers. Truerandom number generators comprise a high-entropy source (any of those listed below) as their key component: (a) White-noise (audio captured from a computers microphone). (b) Computer environments ambient temperature or any source of thermal noise. (c) Ticks since last boot. (d) Keystrokes and mouse-movements. (e) Network latency, ICMP request response time (PING). (4) There are three typical ways to use nonces as challenges. Suppose Na is a nonce generated by an entity A, entities A and B share key K, and f () is a function such as increment. Three usages are given below: Usage 1 (1) A B : Na
1

2433645: SOFTWARE SYSTEM SECURITY WORKSHEET: (KEY MANAGEMENT)

B A : E(K, Na ) (2) Usage 2 (1) A B : E(K, Na ) B A : Na (2) Usage 3 (1) A B : E(K, Na ) (2) B A : E(K, f (Na ))

Describe situations for which each usage is appropriate. All three really serve the same purpose. The difference is in the vulnerability. In Usage 1, an attacker could breach security by inflating Na and withholding an answer from B for future replay attack, a form of suppress-replay attack. The attacker could attempt to predict a plausible reply in Usage 2, but this will not succeed if the nonces are random. In both Usage 1 and 2, the messages work in either direction. That is, if N is sent in either direction, the response is E[K, N]. In Usage 3, the message is encrypted in both directions; the purpose of function f is to assure that messages 1 and 2 are not identical. Thus, Usage 3 is more secure. (5) With DSS, because of the value of k is generated with each signature, even if the same message is signed twice on dierent occasions, the signature will dier. This is not true of RSA signatures. What is the practical implication of this dierence? The signer must be careful to generate the values of k in an Unpredictable manner, so that the scheme is not compromised.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy