CS 431 homework assignment #6

This homework assignment is due on December 12.

Problem 1

Suppose that Alice and Bob already have a key K known only to them. Now they want to use that K to construct a new session key S, in such a way that they can both compute the new key S from K, both will be convinced that the other is using the same key, and no eavesdropper will know S. Imagine a protocol constructed as follows (R is a random number chosen by Bob):
                    I'm Alice
         -------------------------------->

                        R
ALICE    <-------------------------------   BOB

                      E_K(R)
         -------------------------------->
At the end of this protocol, Bob is convinced that the person on the other end of the line is Alice, because only she could supply the correct response E_K(R). Note that Alice has no such guarantee, but that can be fixed by reversing the protocol.

Now they need to construct the session key from their conversation. Discuss the security of each of the following choices (here + denotes bitwise exclusive or, and E(x,k) is the DES encryption of x under the key k):

  1. R
  2. R+K
  3. E(K,K)
  4. E(K,R)
  5. E(R,R+K)

Problem 2

In the protocol on page 269 (Figure 8.4), what happens if the encryption algorithm is vulnerable to a known-plaintext attack against the key? What can be recovered by an adversary in this case? You should explicitly state any assumptions that you make.

Problem 3

Do problem 9.3 from the textbook.

Return to the CS431 page.