Documente Academic
Documente Profesional
Documente Cultură
Ticketv || Authenticatorc
E(Kc,v, [TS5 + 1])
b) No,
If BG captures (2) i.e. the communication from AS to C.
Step (2) AS C: E(Kc, [Kc,tgs|| IDtgs || TS2 || Lifetime2 || Tickettgs])
BG cannot decrypt it as it is encrypted with Kc , secret key known to C not by
BG and can get hands on Kc,tgs
Hence BG cannot generate Authenticatorc = E(Kc,tgs, [IDc, ADc, IDv, TS3]) as
Kc,tgs is not known to BG.
Therefore BG cannot pose as C to TGS to grant him ticket.
If in case Kc,tgs is captured by BG then BG can pose as C to TGS to grant him
ticket.
c) No,
In Kerberos V4, The authentication server need not have a certified public
key.
The request is sent in plain by C to AS.
(1) C AS: IDc || IDtgs || TS1
Kerberos uses secret key encryption, AS keeps a database of clients and
servers and their secret keys, can convince one entity of another entitys
identity
Solution 2
a) if A first signs a message H(M1) to get a signature r1, s1. Then A, using
the same k value, signs a message H(M2) to get a signature r2, s2.
Then BG would do following to get K value
BG knows algorithm and hash function as those are published. p,q,g are
shared global public keys are known to BG
M ,r, s are sent in clear. there for BG knows M1,r1,s1 and M2,r2,s2
So can calculate H(M1) and H(M2)
r =(gk mod p ) mod q
s = (k-1 [ H(M)+ x.r])mod q
r is independent of Message M, if same k is used then r1 = r2 = r
Then BG does following calculation.
s1 = (k-1 [ H(M1)+ x.r])mod q --------------------> equation (1)
s2 = (k-1 [ H(M2)+ x.r])mod q --------------------> equation (2)
s1-s2 = (k-1 [ H(M1)+ x.r])mod q - (k-1 [ H(M2)+ x.r])mod q
s1-s2 = (k-1 [ H(M1)+ x.r] - k-1 [ H(M2)+ x.r])mod q
s1-s2 = (k-1 [ H(M1)+ x.r - H(M2)- x.r])mod q
s1-s2 = (k-1 [ H(M1) - H(M2])mod q
k =(
( H ( M 1 )H ( M 2 ] )
s 1s 2
) mod q
b) BG knows, q = 11
H(M1) = 7, r1 = 5, s1 = 2
H(M2) = 1, r2 = 5, s2 = 1
H(M3) = 4
Gets k value
as k =(
( H ( M 1 )H ( M 2 ] )
s 1s 2
) mod q
therefore
k=(
( 71 )
21 ) mod 11
k= 6 mod 11
k=6
Gets x value
s1 = (k-1 [ H(M1)+ x.r1])mod q
2= (6-1 [ 7+ x.5])mod 11
12 = (7+x.5) mod 11
5 = x.5 mod 11
therefore x= 1
Calculates s3
s3 = (k-1 [ H(M3)+ x.r3])mod q
r1=r2=r3=5
s3 =(6-1 [ 4+ 1*5])mod 11
6s3 =(9)mod 11 =9
3
s3 = ( 2 ) =1.5
Solution3:
a)
Solution4:
a) No, (it is not a good scheme)
b) Given h(M) = ((M mod 91) 10) mod 73
Following requirements need to be satisfied by hash function to be used for a good
scheme
one-way property
given h is infeasible to find x s.t. H(x)=h
weak collision resistance
given x is infeasible to find y s.t. H(y)=H(x)
strong collision resistance
is infeasible to find any x,y s.t. H(y)=H(x)
Given M= 101
h(101) = ((101 mod 91) 10) mod 73 = 27
Solution:3
a)
Nounce
TimeStamp
No such need
No such need
No such need
b)
In PGP Compression is applied after Signature.
Because at receiving end after decompression, the receiver gets the clear message
and signature, can store them directly for later verification. No need to worry of
third party verifying the signature to do decompression.
Programming Problem:
1) Self Critique:
2)
3)