(COMP2631)[2009](f)final~=_8bizrdd^_54763.pdf

=========================preview======================
(COMP2631)[2009](f)final~=_8bizrdd^_54763.pdf
Back to COMP2631 Login to download
======================================================
COMP364 Computer Security, 2009 Fall Semester
Sample Solutions to Final Exam

(1) Consider the proxy signature by warrant covered in Lecture 15. Is the proxy sig-nature distinguishable from the original signature? Justify your answer brie.y. 13 marks
Solution: Yes, they are distinguishable, as a proxy signature can only be veri.ed by the proxy signers public key, while the original signature can only be veri.ed with the original signers public key.
(2) Consider the proxy signature by warrant covered in Lecture 15. Assume that the signature schemeis secure. Cantheoriginalsignerforgeaproxysignature?Justify your answer brie.y. 12 marks
Solution: No. This is because the original signer does not know the private key of the proxy signer.
(3) Consider the digital signature protocol on Page 12 of Lecture 14. Explain why the underlying hash function should have the one-way property.
13 marks Solution: Assume that h does not have the one-way property. After observing
(A)
m||Dkd (h(m)), one can compute h(m), and then may be able to .nd another message m such that h(m )is equal to the given hash value h(m). Then one will be able to forge Alices digital signature for m .
(4) IsKerberosatype-2authenticationprotocol?Justifyyouranswerbrie.y. 12 marks

Solution: No. Secret keys are preshared among the partities involved. So this is type-1 authentication protocol.
(5) Consider the Example on page 31 of Lecture 22. What are the access rights given to MichaelW for that object? Justify your answer brie.y. 12 marks
Solution: MichaelWs rights for this object are withdrawn by using the negative permisision. So MichaelW has no access rights to this object anymore.
(6) Can AH in transport or tunnel mode provide limited tra.c .ow con.dentiality? Justify your answer brie.y. 13 marks
Solution: AH will not be able toprovide limited tra.c con.dentiality in both the transport and tunnel mode, as it does not encrypt data, so the original IP header is still reable by others.
(7)
In SSL, when are the Server Write MAC Secret and Client Write MAC Secret are di.erent and when they are identical?

(8)
IusetheSSHinmylaptop toaccessmyUnixaccount. Theclient authenticationis password-based. My Unixaccountpassword and accountID willbeencrypted and theencrypted versionswillbe senttotheUnix serverfrommylaptop. Assumethat

13 marks Solution: They are identical only except the synchronization time units.
1

I used SSH to access my Unix account two times yesterday, and I did not change my password yesterday. Are the two encrypted versions of my password yesterday identical? Justify your answer brie.y.
12 marks
Solution: No. The same password is encrypted using a di.erent secret key each time, as whenever SSH is invoked a set of new security parameters is negotiated.
2