Call/WhatsApp: +1 914 416 5343

Special Forces

2.2 This problem uses a real-world example of a symmetric cipher, from an old U.S.Special Forces manual (public domain). The document, filename Special Forces.pdf, isavailable at box.com/CompSec4e.

a. Using the two keys (memory words) cryptographic and network security, encrypt thefollowing message:

Be at the third pillar from the left outside the lyceum theatre tonight at seven. If youare distrustful bring two friends.

Make reasonable assumptions about how to treat redundant letters and excessletters in the memory words and how to treat spaces and punctuation. Indicate whatyour assumptions are.

Note: The message is from the Sherlock Holmes novel The Sign of Four.

b. Decrypt the ciphertext. Show your work.

c. Comment on when it would be appropriate to use this technique and what itsadvantages are.

2.5 In this problem, we will compare the security services that are provided by digitalsignatures (DS) and message authentication codes (MAC). We assume Oscar is able toobserve all messages sent from Alice to Bob and vice versa. Oscar has no knowledge ofany keys but the public one in case of DS. State whether and how (i) DS and (ii) MAC

C=(PK0)K1

C=ciphertext; K=secret key; K0=leftmostK1=rightmost=bitwise264.

K1K2.

C=(PK0) K1; C′=(P′K0) K1

K0K0?

(L0, R0),(K0, K1, K2, K3).i+1:

Li=Ri−1Ri=Li−1 F(Ri−1, K0, K1, δi)Li+1=RiRi+1=Li F(Ri, K2, K3, δi+1)F(M, Kj, Kk, δi)=((M4)Kj)((M5)Kk)(M+δi)

xy;xy;δi

(L2, R2).

protect against each attack. The value auth(x) is computed with a DS or a MAC algorithm,respectively.

a. (Message integrity) Alice sends a message x = “Transfer $1000 to Mark” in the clearand also sends auth(x) to Bob. Oscar intercepts the message and replaces “Mark”with “Oscar.” Will Bob detect this?

b. (Replay) Alice sends a message x=“Transfer $1000 to Oscar” in the clear and alsosends auth(x) to Bob. Oscar observes the message and signature and sends them100 times to Bob. Will Bob detect this?

c. (Sender authentication with cheating third party) Oscar claims that he sent somemessage x with a valid auth(x) to Bob but Alice claims the same. Can Bob clear thequestion in either case?

d. (Authentication with Bob cheating) Bob claims that he received a message x with avalid signature auth(x) from Alice (e.g., “Transfer $1000 from Alice to Bob”) but Aliceclaims she has never sent it. Can Alice clear this question in either case?