Homework 1 

Reading due Wednesday, September 10, 2008, 7:20pm

Web Site Development due Saturday, September 13, 2008, midnight (please submit using Blackboard)

Written Assignment, due Wednesday, September 17, 2008, 7:20pm

 

Web Site Development

 

Task 1 (5 points)

Review the Crypto Web Resources available at

          http://teal.gmu.edu/courses/Crypto_resources/web_resources.htm

Choose or propose AT LEAST ONE area of this web site you would like to contribute to.

Examples of pages that are in particular need of your contribution include:

Update the list of companies developing products and offering services in the area of network and computer security, with a special focus on cryptography.
Determine which of these companies have their main offices or local branches in the near vicinity of GMU (Nothern Virginia, Maryland, D.C.).
Try to find out which of the companies limit their employment to U.S. citizens and permanent residents only.

Update this list of courses with courses offered within the last two years (i.e., between Fall 2006 and Fall 2008).
Significantly extend the list of courses offered in other countries.

Update the list of open-source cryptographic libraries. Pay particular attention to the cryptographic algorithms supported by these libraries as of September 2008.

Update the list of cryptographic and security standards, grouped by a type of a standard and/or standardization body.

Verify and update the links to MS and PhD theses in the area of cryptography and network security that are available on the web.

Please feel free to suggest and design any other cryptography-related web page that would be of interest to you and other students.

You can work individually or in groups of two students, but your contribution must be proportional to the size of the group.

Please submit your designs in the plain HTML or MS Word format, with a white background. Use Blackboard for your submissions.

 

Please submit your choice of three pages you would like to contribute to by e-mail to kgaj@gmu.edu by Saturday, 6 PM. Please indicate whether you would like to work alone or with another student. For new pages you would like to create, please provide a title and a 1-3 sentence description. You will receive your final assignment by Saturday, midnight.

 

 Required Reading

I.
Matt Curtin, “SnakeOil Warning Signs: Encryption Software to Avoid.”

II.
W. Stallings, "Cryptography and Network-Security," 4th Edition:

 

Recommended Reading

III.

Please read
A. Menezes, P. van Oorschot, and S. Vanstone, “Handbook of Applied Cryptography”

Chapters 1.3-1.9.

 

Written Assignment

Problem 1 (2 points)

Part 1 (1 point)

Random J. Protocol Designer has been told to design a scheme to prevent messages from being modified by an intruder. Random J. decides to append to each message a hash of that message. Why doesn't this solve the problem?

Part 2 (1 point)

It is common, for performance reasons, to generate a digital signature by applying a public key transformation determined by the private key of the sender to the hash value of a message, rather than the message itself. Why is it important that it be difficult to find any two messages with the same hash value? Describe an attack that works and gives a true benefit to the attacker if this condition is not met.

 

Problem 2 (4 points)

Part 1 (1 point)

Which of the following five security services are attempted to be implemented by the following two protocols?

Services:

Protocol 1:

1. A sends to B    
     (A, EKUb[M], B)

2. B sends to A
     (B, EKUa[M], A)

Protocol 2:

1. A sends to B    
     (A, EKUb[M, A], B)

2. B sends to A
     (B, EKUa[M, B], A)

All notations consistent with the Stallings textbook.

Part 2 (2 points)

Find, shortly describe, and illustrate using a diagram, an attack against Protocol 1 that breaks all security services that are intended to be implemented by this protocol. Assume that the underlying public key cryptosystem is unbreakable.

Part 3 (1 point)

Is Protocol 2 vulnerable to the same attack? If yes, describe and illustrate an attack. If not, justify why attack against Protocol 1 does not apply to Protocol 2.