School of Science

COSC2536/2537Security in Computing and Information Technology

Assignment 2

 
Assessment Type: Individual assignment; no group work.  Submit online via Canvas→Assignments→Assignment 2.

Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via announcements/relevant discussion forums.

 
Due date: Week 9, Sunday the 10th May 2020 11:59pm

As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per each working day applies for up to 5 working days late, unless special consideration has been granted.

 
Weighting: 35 marks (Contributes 35% of the total Grade)

 

Overview

The objective of Assignment 2 is evaluating your knowledge on the topics covered mainly in Lecture 5 to 8. Topics include Hash Function, Digital Signature, Key Management and Authentication. However, topics covered in Lecture 1 to 4 are required as prerequisite. Assignment 2 will focus on developing your abilities in application of knowledge, critical analysis and decision making. Assignment 2 contains several problems related to the topics mentioned above. You are required to prepare your answers and upload them as a single PDF or Word document in CANVAS.

In this assignment, there are 7 (seven) questions in total. Question 1 is on Message Authentication Code (MAC) Based on Hash Function. Hash functions are extremely useful and appear in almost all information security applications. Hash-based Message Authentication Code is a specific type of Message Authentication Code (MAC) involving a hash function and a secret key. It can be used to achieve message authentication and data integrity in information exchange over Internet. SHA-1 (Secure Hash Algorithm 1) is a hash function which takes an input and produces a 160-bit digest. In question Q1, you are expected to apply your understanding of SHA-1 to generate MAC.

The second question Q2 is about Security Analysis on a Simple Hash Function. A hash function is a mathematical function that converts a numerical input value into another compressed numerical value. The input to the hash function is of arbitrary length but output is always of fixed length. A secure hash function needs to be collision resistance, preimage resistance, and second preimage resistance. In question Q2, you are expected to perform security analysis on a simple hash function and improve its security.

The third question Q3 is about Security Analysis on RSA Digital Signature Scheme. The question has three parts. In the first part, you are expected to demonstrate your understanding of the RSA digital signature verification. In the second part, you are expected to perform a signature forgery attack to the RSA digital signature scheme. In the third part, you are expected to give your suggestion how to improve the security of the RSA digital signature scheme against the signature forgery attack.

Question 4 is about Public Key Certificate with Digital Signature Standard (DSS). The question has three parts. In the first part, you are expected to demonstrate your understanding of the key generation of DSS. In the second part, you are expected to demonstrate your understanding of the signing process of DSS for public key certificate. In the third part, you are expected to demonstrate your understanding of how to verify public key certificate based on DSS. For part 1 to 3 of Question 4, values of required parameters are provided and you should demonstrate the key generation, signing and verification processes with detail computations and brief explanations. Marks will be deducted if you fail to show the detail computation correctly, skip the computation steps, or do not provide explanations.

Question 5 is about Security Analysis on Diffie-Hellman Key Agreement Protocol. The question has three parts. In the first part, you are expected to demonstrate your understanding of the Diffie-Hellman key exchange protocol. In the second part, you are expected to perform a man-in-the-middle attack to the Diffie-Hellman key exchange protocol. In the last part, you are expected to propose an improved key exchange protocol which is able to overcome the man-in-the-middle attack.

Question 6 is about Key Agreement with Symmetric Key. The question has three parts. In the first part, you are expected to understand the protocol designer’s reasoning. In the second part, you are expected to perform an attack to the protocol. In the last part, you are expected to fix the security weakness by modifying the protocol.

Question 7 is on Use Authentication with Kerberos. The question has three parts. In the first part, you are expected to demonstrate your understanding of how to send a request to the Authenticated Server for a ticket in Kerberos. In the second part, you are expected to demonstrate your understanding of how to forward the ticket together with your authentication code to the server. In the last part, you are expected to demonstrate your understanding of how to retrieve the session key to access the service server. Your answer should contain both diagram and explanation. Marks will be deducted if you fail to provide diagram and explanation correctly, skip the diagram, or do not provide explanations.

Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to start preparing your answers immediately after Lecture-5 (in Week-5). At the end of each week starting from Week-5 to Week-8, you should be able to solve at least one question.

If there are questions, you may ask via the relevant Canvas discussion forums in a general manner.

Overall, you must follow the special instructions below:

You must use the values provided in the questions.
Hand-written answers are not allowed and will not be assessed. Compose your answers using any word processing software (e.g. MS Word).
You are required to show all of the steps and intermediate results for each question.
Please DO NOT provide codes as an answer. Only codes will not be assessed.
Upload your solution as a single PDF or Word document in CANVAS.

Assessment Criteria

This assessment will determine your ability to:

Follow requirements provided in this document and in the lessons.
Independently solve a problem by using security concepts taught over the last six weeks from fifth to tenth weeks of the course.
Meeting deadlines.

Learning Outcomes

This assessment is relevant to the following Learning Outcomes:

understand applications of hash function, digital signature, key management, and user authentication.
explain the security issues in networked applications.
discuss various types of confidentiality, authentication and data integrity mechanisms.
analyze the strength and limitations of security protocols.
design new security mechanisms and protocols.

Assessment details

Please ensure that you have read Section 1 to 3 of this document before going further. Assessment details (i.e. question Q1 to Q7) are provided in the next page.

Q1. Message Authentication Code Based on Hash Function (Marks: 1+1+2+2=6)

A hash function is a mathematical function that converts a numerical input value into another compressed numerical value. The input to the hash function is of arbitrary length but output is always of fixed length.

SHA-1 (Secure Hash Algorithm 1) is a hash function which takes an input and produces a 160-bit digest. Hash functions are extremely useful and appear in almost all information security applications. Message authentication or data origin authentication is a property that a message has not been modified while in transit (data integrity) and that the receiving party can verify the source of the message. Hash function can be used to authenticate messages by Message Authentication Code (MAC) as shown in Figure-Q1.

 

A MAC requires two inputs: a message and a secret key known only to the originator of the message and its intended recipient(s).

 

Assume that you are sending a message including your student ID and your full name to a network server and you have shared with the server a secret c93e7a61b539d8a1 (Hexadecimal) in advance. To prevent the modification attack, you decide to send your message together with a MAC to the server and use SHA-1 to generate the MAC as shown in Figure-Q1 (c).

 

(1) What is the first 512-bit block input to SHA-1? Show steps.

(2) The 512-bit block is divided into 16 32-bit sub-blocks and extended to 80 32-bit sub-blocks. What are the first 20 sub-blocks? Show steps.

(3) What is the result of hashing the first 32-bit sub-block? Show steps.

(4) What is the result of hashing the second 32-bit sub-block? Show steps.

 

Q2. Security Analysis on a Simple Hash Function (Marks: 1+1+1+1=4)                                                                                                                   

Consider a simple hash function that operates using the following general principles:

 

– The input is viewed as a sequence of 8-bit blocks;

– The input is processed one block at a time in an iterative fashion to produce an 8-bit hash function.

 

If a message has m bytes B1, B2, …, Bm, the hash value H is computed as

 

H = B1B2 . . .  Bm

 

as shown in Figure-Q2, where  stands for Bit-by-bit exclusive-OR (XOR).

 

 

 

 

 

 

This hash function produces a simple parity for each bit position and is known as a longitudinal redundancy check, reasonably effective for random data as a data integrity check.

 

(1) Use this hash function to hash your student ID. Show steps.

(2) Perform a collision attack to the hash function, i.e., finding another possible student ID which has the same hash value as your student ID. Show steps.

(3) Propose a way to improve the security of the hash function.

(4) Use the improved hash function to hash your student ID. Show steps.

 

 

 

Q3. Security Analysis on RSA Digital Signatures (Marks: 1+2+1+1 = 5)

Suppose that David Jones is a network manager and uses RSA digital signature scheme to sign his messages sent to servers in the network as illustrated in Figure-Q3.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Figure-Q3: RSA Digital Signature Scheme

 

Assume that David is sending the following message to Alice (the server).

 

m = Please allow Robert Smith, student ID 3700000 to access Enterprise Web Server. Network Manager: David Jones / Date: 01/04/2020

 

Before sending the message, he would like to sign the message. When Alice receives the signed message, she would like to verify that the message is indeed from David. To facilitate signing and verification, David generates public and private keys using RSA signature algorithm and sends the public key to Alice. Assume that David uses RSA public key (e, n), where

 

e= 65537

n=74087141572284449682718734326125796080814723027395443954915049185347325070243

 

and his RSA signature on the hash value of the message (assuming SHA-224 https://emn178.github.io/online-tools/sha224.html is used) is

 

s = 64529024687804941216479660659470760692180713879019138284151840959581216498525

 

(1) How does Alice verify the signed message if she receives (m,s) from David? Show steps.

(2) Can you forge a signature of David on the following modified message?

 

m’= Please allow your name, student ID your student ID to access Enterprise Web Server. Network Manager: David Jones / Date: 01/04/2020

 

If yes, show steps and compute the forged signature s’.

 

(3) How does the modified message and the forged signature (m’,s’) pass Alice’s verification?   Show steps.

(4) How do you recommend improving the security of the RSA digital signature scheme?

Q4. Public Key Certificate with DSS (Marks: 1+2+2 = 5)

Digital Signature Standard (DSS) is the digital signature algorithm (DSA) developed by the U.S. National Security Agency (NSA) to generate a digital signature for the authentication of electronic documents. Suppose that you are the network manager to be respobsible for issuing public key certificates to network users. You will use the Digital Singature Standard (DSS) as shown in Figure-Q4 to sign the certificates for network users, including your own certificate.

 

Assume that you have chosen the following public paremeters (p, q, g).

p = 93186344784980379327844173784511558665386855920112643132746731261507638172561

q = 2860 746045 115534 081174 829981 436578 008870 289376 689464 094621 435627

g = 53974743592015271302148966481825584756593673836983901410136154937507399116198

 

(1) Key generation: randomly choose your private key and compute your public key for DSS.

(2) Signing: Assume that your certificate includes your full name, your student ID, and your public key, expiry date, compute your siganture on your certificate with DSS?

(3) Verification: Verify the signature on your certificaticate with your public key.

 

 

Hint: https://www.boxentriq.com/code-breaking/modular-multiplicative-inverse

https://www.boxentriq.com/code-breaking/big-number-calculator

 

 

Q5. Security Analysis on Diffie-Hellman Key Exchange (Marks: 1+2+3 = 6)

The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a symmetric key cryptosystem. Suppose that a client (Alice) and a server (Bob) in a network use Diffie-Hellman key exchange protocol to establish a secret key by which their communication can be protected with the Data Encryption Standard (DES) as shown in Figure-Q5.

 

 

 

Assume that Alice and Bob agree with the following public parameters (p, g).  

p = 93186344784980379327844173784511558665386855920112643132746731261507638172561

g = 53974743592015271302148966481825584756593673836983901410136154937507399116198

and Alice chooses a=H(your student ID), where H stands for SHA-1 hash function and Bob chooses

b=H(your full name).

 

(1) What is the secret key established between Alice and Bob?

(2) Can you perform a Man-in-the-Middle Attack to the Diffie-Hellman key exchange protocol? If so, what secret keys can you share with Alice and Bob, respectively? Show steps.

(3) How can you improve the security of the Diffie-Hellman key exchange protocol so that it can withstand the Man-in-the-Middle Attack? Show steps and numbers exchanged in detail. 

 

 

 

 

 

 

Q6. Key Agreement With Symmetric Key (Marks: 1+2+1 = 4)

Consider the protocol illustrated in Figure-Q4, designed to let A and B decised on a fresh, shared session key KAB’. We assume that the already share a long-term key KAB.

 

 

                                                                               A, NA

                                                                        E(KAB,[NA,KAB’])

                                                                             E(KAB’, NA)

 

 

Figure-Q6: Key Agreement with Symmetric Key (NA is a nounce)

 

(1) We first try to understand the protocol designer’s reasonning:

– Why would A and B believe after the protocol ran that they share KAB’ with the other party?

– Why would they believe that this shared key is fresh?

In both cases, you should explain both the reasons of both A and B, so your answer should complete the sentences

A believes that she shares KAB’ with B since …

B believes that he shares KAB’ with A since …

A believes that KAB’ is fresh since …

B believes that KAB’ is fresh since …

(2) Assume now that A starts a run of this protocol with B. However, the connection is intercepted by an adversary C. Show how C can start a new run of the protocol using reflectioin, causing A to believe that she has agreed on a fresh key with B (in spite of the fact that she has ony been communicating with C). Thus, in particular, the belief in (a) is false.

(3) Propose a modfication of the protocol that prevents this attack.

 

 

 

 

 

 

 

 

 

Q7. User Authentication with Kerberos (Marks: 1+1+1+1+1 = 5)

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily at a client/server model and it provides mutual authentication – both the user and the server verify each other’s identity. Kerberos protocol messages are protected against eavesdropping and replay attacks. Suppose that in a network, a Simplified Kerberos, as shown in the following figure, is used for servers to authenticate clients.

 

 

 

 

 

 

 

 

 

 

 

 

Assume that you are a client of the network and has shared a secret key KC with the Authentication Server (AS). The secret key KC is the last 56 bits of H(your student ID and your full name), where H is SHA-1 hash function. You would like to get access to a server S which has shared a secret key sk (randomly chosen) with the Authentication Server (AS).  Assume that DES CBC mode (http://des.online-domain-tools.com) with IV=(0000000000000000)16 is used for encryption and KC,S, KS are the last 56 bits of H(C,S) and H(S), resp.

(1) How do you request a ticket from AS for using the server S? Show the detail message.

(2) How do you send the ticket to the server S along with an authenticator to establish a shared secret? Show the detail message.

(3) How do you and the server authenticate each other?

(4) Is the simplified Kerberos secure against the eavesdropping attack? If not, how do you improve the security of the simplified Kerberos against the eavesdropping attack?

(5) Is the simplified Kerberos secure against the replaying attack? If not, how do you improve the security of the simplified Kerberos against replaying attack?

 

Academic integrity and plagiarism (standard warning)

Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas. You should take extreme care that you have:

Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly copied), summarized, paraphrased, discussed or mentioned in your assessment through the appropriate referencing methods,
Provided a reference list of the publication details so your reader can locate the source if necessary. This includes material taken from Internet sites.

If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own.

RMIT University treats plagiarism as a very serious offence constituting misconduct.  Plagiarism covers a variety of inappropriate behaviors, including:

Failure to properly document a source
Copyright material from the internet or databases
Collusion between students

For further information on our policies and procedures, please refer to the University website.

 

Assessment declaration

When you submit work electronically, you agree to the assessment declaration.

 

 

Rubric/assessment criteria for marking

All of the computations must be correct and only provided values must be used. Instructions must be followed.

Criteria

The characteristic or outcome that is being judged.

 
Total

Question 1

Message Authentication Code with Hash Function

Questions (1)-(4) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

All of the computations shown are correct.

 

 

Questions (1)-(3) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

Most of the computations are correct with few errors.

 

 

Question (1)-(2) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

Most of the computations are incorrect with few correct computations.

 

 

Question 1 is answered correctly.

 

Step-by-step processes are shown with detail computations.

 

But almost all of the calculations are wrong.

 

 

 

Steps are not shown with detail computations.

 

Or,

 

Not answered.

 

 

6 Marks

6 Marks
4 Marks
2 Marks
1 Mark
0 Mark

Question 2

Security Analysis on a Simplified Hash function

 

Questions (1)-(4) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

All of the computations shown are correct.

 

 

 

 

Any three of questions (1)-(4) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

Most of the computations are correct with few errors.

 

 

 

 

 

 

 

 

 

Any two of questions (1)-(4) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

Only the computation in two questions are correct.

 

 

Any one of questions (1)-(4) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

Only the computations in one question are correct.

 

 

 

 

 

 

 

 

 

 

 

 

 

None of the steps are shown correctly

 

 

Or

 

Not answered

 

 

 

 

 

 

 

 

 

 

 

 

4 Marks

4 Marks
3 Marks
2 Marks
1 Mark
0 Mark

Question 3

Security Analysis on RSA digital signature scheme

 

Questions (1)-(4) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

All of the computations shown are correct.

 

Only question (1), or (3) or (4) is answered incorrectly while other questions are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

Most of the computations are correct with few errors.

 

 

 

Any two of questions (1)(3)(4) or question (2) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

Only the computation in two of questions (1)(3)(4) or only the computation in question (2) are correct.

 

 

 

 

Any one of questions (1)(3)(4) is answered correctly.

 

Step-by-step processes are shown with detail computations.

 

Only the computation in one of questions (1)(3)(4) is correct.

 

 

 

 

None of the steps are shown correctly.

Or,

Calculations are not shown in detail.

Or,

Not answered.

 

5 Marks

5 Marks
4 Marks
2 Marks
1 Mark
0 Mark

Question 4

Public key certificate with DSS

 

Questions (1)-(3) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

All of the computations are shown correctly in detail.

 

 
Only questions (1)-(2) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

Only the computations in question (3) are incorrect.

 

 

 

 

Only question (1) is answered correctly.

 

Step-by-step processes are shown with detail computations.

 

Only the computations in question (1) is correct.

 

None of the steps are shown correctly

Or

Calculations are not shown in detail

Or

Not answered

 

 

5 Marks

5 Marks
 
3 Marks
1 Mark
0 Mark

Question 5

Security Analysis on Diffie-Hellman key agreement

 

Questions (1)-(3) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

All of the computations are shown correctly in detail.

 

Only question (2) is answered incorrectly while other questions are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

Only the computations in question (2) are shown incorrectly.

 

Only question (3) is answered correctly while other questions are answered incorrectly.

 

Step-by-step processes are shown with detail computations.

 

Only the computations in question (3) are shown correctly.

 

Only question (1) is answered correctly while other questions are answered incorrectly.

 

Step-by-step processes are shown with detail computations.

 

Only the computations in question (1) are shown correctly.

 

None of the steps are shown correctly

Or

Calculations are not shown in detail

Or

Not answered

6 Marks

6 Marks
4 Marks
3 Marks
1 Mark
0 Mark

Question 6

Key Agreement with Symmetric Key

 

Answers to questions (1), (2), (3) are correct

 

Security analysis is presented well.

Answers to questions (1)(2), or to question (2)(3) are correct.

 

Security analysis is presented correctly.

 

Answers to questions (1)(3), or to question (2) are correct.

 

Security analysis is presented correctly.

 

Answers to one of questions (1)(3) is correct.

 

Security analysis is partially correct.

Answer is not correct

 

Or

 

Not answered

 

 

 

4 Marks

4 Marks
3 Marks
2 Marks
1 Mark
0 Marks

Question 7

User Authentication with Kerberos

 

Questions (1)-(5) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

All of the computations and security analysis are shown correctly in detail.

 

 

 

Any 4 of questions (1)-(5) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

The computations and security analysis in the 4 questions are shown correctly in detail.

 

 

Any 3 of questions (1)-(5) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

The computations and security analysis in the 3 questions are shown correctly in detail.

 

 

Any 2 of questions (1)-(5) are answered correctly.

 

Step-by-step processes are shown with detail computations.

 

The computations and security analysis in the 2 questions are shown correctly in detail.

 

 

 

 

 

 

Any one of questions (1)-(5) is answered correctly.

 

Step-by-step processes are shown with detail computations.

 

The computations and security analysis in the question are shown correctly in detail.

 

 

Answer is not correct

 

Or

 

Not answered

 

 

 

 

 

 

5 Marks

5 Marks
4 Marks
3 Marks
2 Mark
1 Mark
0 Marks