CALIFORNIA STATE UNIVERSITY CHANNEL ISLANDS
|
COURSE: COMP 524 - SECURITY - FALL 2007
|
STUDENT: JOSIF KURUNCZI |
E-MAIL ADDRESS : jkurunczi@yahoo.com |
ASSIGNMENT #1 |
DUE DATE : Wednesday, September 5, 2007 |
Guideline: You are allowed to use internet to search for the answers, however it is not allowed to work with other students to solve this assignment. Each individual should solve/search the answer himself/herself.
Reading Assignment: Read Section “2.4: One-Time Pads” from Fundamentals of Secure Computer Systems” by Brett C. Tjaden.
Q1:
1. Describe a security risk associated with networked systems that is not present in stand-alone systems.
Denial-Of-Service Attack is a security risk that is associated with networked systems. A Denial-Of-Service attack, causes the network or the computer to crash or to become so busy processing data/packets that users are not able to use it.
Another security risk associated with networked systems is using open wireless networks. Any user with a laptop and a wireless network card can authenticate and change wireless settings, such as the channel it communicates, SSID, WEP/WPA encryption and so forth.
2. Describe a security risk associated with internetworked systems that is not present in networked systems.
A security risk associated with internetworked systems are:
a) not disabling/removing terminated user accounts. This also applies to system/network administrators. When a system/network administrator leaves the current job, all his accounts must be revoked, all administrator passwords must be changed. All access to databases/websites must be revoked.
b) not assigning passwords to hardware devices, such as switches/routers/wireless access points.
Q2: Let S1 = “ELVISISALIVE” and S2 = “DNOYZWLFEDSL”.
*******************************************************
********SOLUTION BASED ON THE BOOK EXPLANATION
*******************************************************
1. What ciphertext results from using S1 as plaintext and S2 as a one-time pad?
In this case consider the following notation specified by the book:
A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
I wrote the following C++ program that performs the encryption. Click here for the C++ encrpyt.txt program.
The results are as follows:
PLAINTEXT given: E L V I S I S A L I V E
Values of PLAINTEXT: 5 12 22 9 19 9 19 1 12 9 22 5
KEY given: D N O Y Z W L F E D S L
Values of KEY: 4 14 15 25 26 23 12 6 5 4 19 12
Values of CIPHERTEXT: 9 26 11 8 19 6 5 7 17 13 15 17
CIPHERTEXT encrypted: I Z K H S F E G Q M O Q
2. If S2 is ciphertext what characters must have been used as key material from a one-time pad if the plaintext is “ANDINMEMPHIS”?
I wrote the following C++ program that performs the decryption. Click here for the C++ decrpyt.txt program.
The results are as follows:
PLAINTEXT given: A N D I N M E M P H I S
Values of PLAINTEXT: 1 14 4 9 14 13 5 13 16 8 9 19
CIPHERTEXT given: D N O Y Z W L F E D S L
Values of CIPHERTEXT: 4 14 15 25 26 23 12 6 5 4 19 12
Values of KEY: 3 26 11 16 12 10 7 19 15 22 10 19
KEY decrypted: C Z K P L J G S O V J S
**************************************************************************************
********SOLUTION BASED ON EXPLANATION FROM http://en.wikipedia.org/wiki/One_time_pad
**************************************************************************************
Let S1 = “ELVISISALIVE” and S2 = “DNOYZWLFEDSL”.
1. What ciphertext results from using S1 as plaintext and S2 as a one-time pad?
In this case consider the following notation specified by the website:
A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z |
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
The following method was used to figure out the ciphertext.
D |
N |
O |
Y |
Z |
W |
L |
F |
E |
D |
S |
L |
-----------> KEY | |||||||
3 |
13 |
14 |
24 |
25 |
22 |
11 |
5 |
4 |
3 |
18 |
11 |
||||||||
E |
L |
V |
I |
S |
I |
S |
A |
L |
I |
V |
E |
----------->MESSAGE - PLAINTEXT | |||||||
4 |
11 |
21 |
8 |
18 |
8 |
18 |
0 |
11 |
8 |
21 |
4 |
||||||||
7 |
24 |
35 |
32 |
43 |
30 |
29 |
5 |
15 |
11 |
39 |
15 |
----------->KEY + MESSAGE | |||||||
7 |
24 |
9 |
6 |
17 |
4 |
3 |
5 |
15 |
11 |
13 |
15 |
----------->(KEY + MESSAGE ) MOD 26 | |||||||
| A | N | S | W | E | R | : | H |
Y |
J |
G |
R |
E |
D |
F |
P |
L |
N |
P |
-----------> CIPHERTEXT |
2. If S2 is ciphertext what characters must have been used as key material from a one-time pad if the plaintext is “ANDINMEMPHIS”?
Perform everything backwards to find the KEY.
A |
N |
S |
W |
E |
R |
: |
D |
A |
L |
Q |
M |
K |
H |
T |
P |
W |
K |
T |
----------->KEY | ||
x |
x |
x |
x |
x |
x |
x |
x |
x |
x |
x |
x |
||||||||||
3 |
0 |
11 |
16 |
12 |
10 |
7 |
-7 |
-11 |
-4 |
10 |
-7 |
||||||||||
19 |
15 |
22 |
19 |
||||||||||||||||||
A |
N |
D |
I |
N |
M |
E |
M |
P |
H |
I |
S |
----------->MESSAGE - PLAINTEXT | |||||||||
0 |
13 |
3 |
8 |
13 |
12 |
4 |
12 |
15 |
7 |
8 |
18 |
||||||||||
D |
N |
O |
Y |
Z |
W |
L |
F |
E |
D |
S |
L |
-----------> CIPHERTEXT | |||||||||
3 |
13 |
14 |
24 |
25 |
22 |
11 |
5 |
4 |
3 |
18 |
11 |
||||||||||
| D | x+0=3 => x=3 => 3 mod 26 = 3 | ||||||||||||||||||||
| A | x+13=13 => x=0 => 0 mod 26 = 0 | ||||||||||||||||||||
| L | x+3=14 => x=11 => 11 mod 26 = 11 | ||||||||||||||||||||
| Q | x+8=24 => x=16 => 16 mod 26 = 16 | ||||||||||||||||||||
| M | x+13=25 => x=12 => 12 mod 26 = 12 | ||||||||||||||||||||
| K | x+12=22 => x=10 => 10 mod 26 = 10 | ||||||||||||||||||||
| H | x+4=11 => x=7 => 7 mod 26 = 7 | ||||||||||||||||||||
| T | x+12=5 => x=-7 => (26-7) = 19 => 19 mod 26 = 19 | ||||||||||||||||||||
| P | x+15=4 => x=-11 => (26-11) = 15 => 15 mod 26 = 15 | ||||||||||||||||||||
| W | x+7=3 => x=-4 => (26-4) = 22 => 22 mod 26 = 22 | ||||||||||||||||||||
| K | x+8=18 => x=10 => 10 mod 26 = 10 | ||||||||||||||||||||
| T | x+18=11 => x=-7 => (26-7) = 19 => 19 mod 26 = 19 | ||||||||||||||||||||
Resource:
http://en.wikipedia.org/wiki/One_time_pad
NOTE: Using different values for the alphabet we obtain different results.
3. Provide some drawbacks of one-time pad if used in computer/networked security?
Drawbacks:
a) The key and the plaintext must be the same length.
b) The sender and the receiver must keep the key in secret.
c) The key must be used only once, then must be destroyed.
Q3:
Explain in simple words that how could you break (cryptanalysis) a monoalphabetic cipher? Hint: There could be more than one method to break monoalphabetic cipher.
In order to break a monoalphabetic cipher perform the following:
a) identify high frequency letters in the cryptogram. The most common letters used in English are: ETNORIA
b) identify one-letter words - (a and I)
c) identify two-letter words - (an, is, at, by, be, of)
d) identify three-letter words - (off, the, two, and, one, can, see, but, low)
e) identify four-letter words - (that, this, they, done, with, high)
f) requires a lot of guesses for missing letters
Resources:
http://www-math.cudenver.edu/~wcherowi/courses/m5410/exsubcip.html#frequency
http://www.antilles.k12.vi.us/math/cryptotut/mono_crack.htm