CS 431 homework assignment #6
This homework assignment is due on December 12.
Problem 1
Suppose that Alice and Bob already have a key K known only to them. Now they
want to use that K to construct a new session key S, in such a way that they
can both compute the new key S from K, both will be convinced that the other
is using the same key, and no eavesdropper will know S. Imagine a protocol
constructed as follows (R is a random number chosen by Bob):
I'm Alice
-------------------------------->
R
ALICE <------------------------------- BOB
E_K(R)
-------------------------------->
At the end of this protocol, Bob is convinced that
the person on the other end of the line is Alice,
because only she could supply the correct response E_K(R).
Note that Alice has no such guarantee, but that can be fixed
by reversing the protocol.
Now they need to construct the session key from their
conversation. Discuss the security of each of the following
choices (here + denotes bitwise exclusive or, and E(x,k) is the DES
encryption of x under the key k):
- R
- R+K
- E(K,K)
- E(K,R)
- E(R,R+K)
Problem 2
In the protocol on page 269 (Figure 8.4), what happens if the encryption
algorithm is vulnerable to a known-plaintext attack against the key? What can
be recovered by an adversary in this case? You should explicitly state any
assumptions that you make.
Problem 3
Do problem 9.3 from the textbook.
Return to the CS431 page.