Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

1. What properties must a hash function have to be used for message authenticati

ID: 3586335 • Letter: 1

Question

1. What properties must a hash function have to be used for message authentication?

2. Suppose in a chat room, there is n number of people. Every person wants to communicate with every other person in the room.The policy of the chat room is to use encrypted message to communicate other people of this chat room. If they are using symmetric key, how many symmetric keys will be needed for n number of people If they are using asymmetric key, how many asymmetric key pair will be needed for n number of people

3. In this problem, we will compare the security services that are provided by digital signatures (DS) and message authentication codes (MAC). We assume that Oscar is able to observe all messages sent from Alice to Bob and vice versa. Oscar has no knowledge of any keys but the public one in case of DS. State whether and how (i) DS and (ii) MAC protect against each attack. The value auth(x) is computed with a DS or a MAC algorithm, respectively. (Message integrity) Alice sends a message x = “Transfer $1000 to Mark” in the clear and also sends auth(x) to Bob. Oscar intercepts the message and replaces “Mark” with “Oscar.” Will Bob detect this? (Replay) Alice sends a message x = “Transfer $1000 to Oscar” in the clear and also sends auth(x) to Bob. Oscar observes the message and signature and sends them 100 times to Bob. Will Bob detect this? (Sender authentication with cheating the third party) Oscar claims that he sent some message x with a valid auth(x) to Bob but Alice claims the same. Can Bob clear the question in either case? (Authentication with Bob cheating) Bob claims that he received a message x with a valid signature auth(x) from Alice (e.g., “Transfer $1000 from Alice to Bob”) but Alice claims she has never sent it. Can Alice clear this question in either case?

4. List and briefly describe the principal threats to the secrecy of passwords.

5. In general terms, what are four means of authenticating a user’s identity?

6. It was stated that the inclusion of the salt in the UNIX password scheme increases the difficulty of guessing by a factor of 4096. But the salt is stored in plaintext in the same entry as the corresponding ciphertext password. Therefore, those two characters are known to the attacker and need not be guessed. Why is it asserted that the salt increases security?

7. Assuming that you have successfully answered the preceding problem and understand the significance of the salt, here is another question. Wouldn’t it be possible to thwart completely all password crackers by dramatically increasing the salt size to, say, 24 or 48 bits?

8. Assume that passwords are limited to the use of the 100 printable ASCII characters and that all passwords are 10 characters in length. Assume a password cracker with an encryption rate of 6.4 million encryptions per second. How long will it take to test exhaustively all possible passwords on a UNIX system?

9. Briefly, define the difference between DAC and MAC.

10. In the context of access control, what is the difference between a subject and an object?

11. What is the difference between an access control list and a capability ticket?

12. Suggest a way of implementing protection domains using access control lists.

Explanation / Answer

1. Crytography which is technique used for secure communication is used for message authentication. In crytography HMAC (Keyed hash message authentication code) is used for message authentication which involves a cryptographic hash function and secret cryptographic key.

A Crytographic hash function is a special type of hash function which has certai properties which makes it suitable for cyrtography.A Crytographic hash function is mathematical algorithm which maps data of arbitrary size to a bit string of fixed size(hash function) which a non invertable hash function.

A cryptographic has function has the following properties:

Thus given above are the properties that a cryptographic function has to be used for message authentication.

4. Passwords are one of the most common and easy way of protecting the useful data or account of a user these days. But with the advancement of technology comes greater risks, given below are the threats to the security of the password:

Related Questions

1. What measure of disease frequency is each of the following? a. The percentage
Question #247318
1. What mechanisms prevent the entire blood supply from clotting after a minor i
Question #205337
1. What method is generally the most cost-effective means for dealing with pure
Question #3240773
1. What method is generally the most cost-effective means for dealing with pure
Question #3255493
1. What method of depreciation does the company use? 2. What is the amount of ac
Question #2458493
1. What method of depreciation does the company use? 2. What is the amount of ac
Question #2458498
1. What method(s) could you use to enhance air stripping, air sparging, and soil
Question #445745
1. What might be lost by doing partial equilibrium analysis instead of general e
Question #1123397

Navigate

Previous
1. What prompted the development of the Minitel? Were the end results of the Min
Next
1. What properties of soils affect the availability of nutrients for plants? 2.

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.