CS 361 Sample FinalInstructor: Dr. Bill YoungName:This was an actual final from a previous semester. Some of the questions may covermatters we didn’t cover this semester.Answer all questions in the space provided. You may use scratch paper to do your workbut only answers recorded on the test paper will be graded. Be as concise as possible.Page 1: (10)Page 2:(10)Page 3:(10)Page 4: (10)Page 5:(20)Page 6:(20)Page 7: (5)Page 8:(5)Page 9:(5)Page 10: (5)Total : (100)CS361 Sample Final 11. (4 parts) Assume you have a public key cryptosystem in which Kxis X’s public key,and K−1xis the corresponding private key. Consider the following simple protocol:1. A → B : {{M}K−1a}Kb2. B → A : {{M}K−1b}KaThe goal is for A to share with B a secret message M, such that each party isauthenticated to the other.(a) (5 points) List what B is supposed to believe at the end of step 1. Justify eachpoint.(b) (5 points) List what A is suppo sed to believe at the end of step 2. Justify eachpoint.CS361 Sample Final 2(c) Continuation of question 1: (5 points) This protocol is not secure. Anattacker H might learn the secret M as follows. Assume that H listens in andobtains from step 1 the message {{M}K−1a}Kbthat A sent to B. By initiatinga new run of the protocol with B and using this message as if it were a newsecret M, it is possible for H to discover the o r ig inal secret. Provide a rigorousargument fo r this claim.(d) (5 po ints) Can you suggest a change to the protocol that would defeat thisattack.CS361 Sample Final 32. (5 points) Suppose you have a secure system with exactly the four subjects givenbelow, with security levels as listed:TypeName LevelSubject S1(H, {A, B})SubjectS2(L, ∅)SubjectS3(H, {A, B, C})SubjectS4(L, {B, C})Here H dominates L. The go al is to enforce Bell and LaPadula-style security forthis system, and prohibit informatio n from flowing “down” in the system. Youdecide to use a noninterference model.Using the notation Si7→ Sjto indicate that Simay interfere with Sj, list allinterferences allowed in the system (except the reflexive interferences of the formSk7→ Sk). That is, what is the noninterference p olicy of the system?3. (5 points) A system provides pro t ection using the Bell and LaPadula policy. Avirus writer finds a way to introduce a virus into the system at an arbitrary level.The goal is to propag ate as widely as possible by infecting other objects on thesystem. Should the virus be introduced into an object at system-low (the levelthat all other levels dominate) or at system-high (the level that dominates all otherlevels)? Explain.CS361 Sample Final 44. (2 parts) Supp ose you have a n unbalanced coin that is twice as likely to yield ahead as to yield a tail.(a) (5 points) What is the entropy of this language? Give the appropriate instanceof the formula rather than a numeric answer.(b) (5 points) The entropy of this languag e is less than 1, suggesting that you canactually represent the outcome of a series of n flips of this coin in less than nbits. One way to a ccomplish this is to encode pairs of flips rather than singleflips. The following is one such encoding: enco de HH as 0; encode HT as 10;encode TH as 110; encode TT as 11 1. Argue rigorously that this encoding isbetter on average than using one bit per flip. (Hint: consider on average howmany bits it takes to encode 18 flips of this coin.)CS361 Sample Final 55. (Short answer: 2 po ints each—40 points total) Fill in the word or phrase that bestmatches the description provided. In most cases, what is needed is a general term,not a specific instance of the concept.(a)Haven’t covered. Names a program that, in ad-dition to a useful effect, has a second, no nobvious malicious effect.(b)Transmitted with a document, this “cryptograph-ically seals” the document to ensure that it has not been altered.(c)Artifact generated by one party to “vouch for”the identity or trustworthiness of another.(d)Haven’t covered. Describes a malicious programthat attaches itself to another program, runs when that program executes, andterminates when that program terminates.(e)Describ es the attempt to extract the meaning ofencrypted messages without knowledge of the key.(f)Term for any cryptographic system that encodesby reordering of symbols in the plaintext.(g)The major problem greatly reduced by the in-vention of public-key cryptosystems.(h)Names a random number included within a mes-sage to show that the message is “fresh,” i.e., is not being replayed from anearlier exchange.(i)An encryption algorithm that uses a long seriesof numbers as a key, usually a pseudorandom sequence. Used on computers asa good approximation to a one-time pad.(j)Security attack that attempts to limit the avail-ability of resources.CS361 Sample Final 6(k)Haven’t covered. According to the IEEE, thename for an incorrect step or command in a program that may lead to a failure.(l)Methodology due to Richard Kemmerer for find-ing covert channels in a system.(m)General concern in commercial security that of-ten outweighs confidentiality.(n)Policy due to Biba that is the dual of Bell andLaPadula security.(o)List that stores with an object the names andpermissions of any subjects currently permitted access to that o bject.(p)General name for interference in a communica-tion channel that may cause a message to be corrupted or distorted.(q)Theoretically unbreakable cryptographic algorithmthat uses a key as long as the plaintext.(r)General name for any encryption algorithm thatencodes a text in large “chunks” rather than on a symbol-by-symb ol basis.(s)Commercial symmetric encryption algorithm de-signed as a successor to DES.(t)International standard for the evaluation of se-cure computer systems.CS361 Sample Final 76. (5 points) The notation we introduced for cryptographic protocols is very expressive.We usedA → B : Mto mean that A sends message M to B. Along with our no tation for describingencryption of message M with key K, {M}K, we can succinctly describe almostany cryptographic protocol. Using this notatio n, what is the message exchange thatoccurs when PGP is used by A to send to B a message M in a confidential manner(encrypted). Assume any keys you need, but explain what they are. Don’t worryabout authentication, compression or segmentation.CS361 Sample Final 87. (5 po ints) A public key system can be used to ensure nonrepudiation of origin;that is, the sender cannot claim that she did not send the message because itis
View Full Document
Unlocking...