Question

please answer fast and neatly . please make sure its right

1 Hash (10 pts) m Alice Bob t = CRC(m) Attacker 'Y' or 'N' = V(m,t) 1. Describe the security vulnerability of the system provided above. (3 pts)

Answer 1

1Q) Describe the Security vulnerabilities of the system

Ans) In the cyber Security, a Vulnerability is the weakness that can be exploited by an attack to gain unauthorized access in order to perform unauthorized intrution on the system. Vulnerabilities can allow the attackers to run the code, access the memory of the system, inject the malware, destroy the system by unwanted data incorporation and steal the data or modify the sensitive data. In order to exploit a vulnerability the attacker has to follow few varieties of methods which include opensource exploit which are known vulnerabilitiesbuffer overflow, SQL injection, cross-site scripting, in the web applications vulnerabilities,and also format string vulnerabilities.

Hash function Vulnerability Index and Hash Chain Attack are the attacks are constructed by repeated hashing which becomes threats to the hash function and collition freee properties. It also finds applications for network protocol design

Approaches to the Message Authentication requirements when the following attacks are identified across the network are as follows: 1) Disclosure 2) Traffic Analysis 3) Masquerade 4) Content Modification 5) Sequence Modification 6) Timing Modification 7) Source Repudiation 8) Destination repudiation

2Q) What is the solution for the problem found.

Ans) The solution for these type of problems are Message Authentication. Which includes the a) some sort of functions which is used to authenticate the message and b) the protocol is used which enables a receiver to check the authenticate the message..

In order to produce an authentication we have

(i) Message Encryption (ii) Message Authentication Code (MAC) (iii) Hash function

1) Message Encryption: The plain text(message) is converted into cipher text(encrypted form), where in which there are a) Symmetric Encryption and b) Asymmetric Encryption

A MAC(message authentication code) is also know as cryptographic check sum, generated by a fucntion C of

Model for symmetric Encryption:

Secret key shared by sender and recipient Secret key shared by sender and recipient K K Transmitted ciphertext Y = E(K, X) X = DIK, YI Plaintext input Encryption algorithm (e.g., AES) Decryption algorithm (reverse of encryption algorithm) Plaintext output

MAC = C_k(M), where M is th emessage, k is the secret key and C_k(M) is the fixed length authenticator.

Public Key Encryption is

b bits Plaintext Key (K) Encryption algorithm Ciphertext b bits

Public key encryption provides confidentiality but not authentication, why because any opponent can use the public key to encrypt the message.

If the Privater key is used by the Sender to enccrypt the message the receiver uses the public key to decrypt then it is Private Key Encryption. This will increase the confidentiality and authentication.

3Q) One example of the solutions that was found in the problem2 is Hash Message Authentication Code(MAC). Describe the operation and principle of Hash MAC at i) sender and ii) receiver

Source A Destination B H M COD M Compare ECK.IM || (MD H(M) (a) H M Compare E (b) BOK, H(M)) M S Compare H HCM | 5) M S Compare BK,IM || HCM || 891 H( MS) Figure 11.2 Simplified Examples of the Use of a Hash Function for Message Authentication (d)

Message Authentication Code is the cryptographic checksum generated by a function C.

MAC = C_k(M), where M is th emessage, k is the secret key and C_k(M) is the fixed length authenticator. The message authentication code is attached to the plain text for authenticatiopn check. At the source side the MAC is attacked to the plain text (M), then transmitted to the destination. At the destination side the reciever calculates the MAC over the received message M.

Requirements for MAC: The attacker is able to construct the message to match the Message Authenticatiopn Code even the unautherized attaker dontknow the key. The bruteforce attack based on plain text has to be prevented.

Properties of MAC:

a) MAC is a cryptographic checksum used for condensing the variable length message M

b) MAC uses the secret key K for providing the authentication.

Properties of Hash function(H):

a) Hash function can be applied to the message M of any size.

b) It produces fixed length block as output.

c) H(M) comp[utation is relatively easy for any message M.

d) One-way property: For any given code h, it is infeasible to find M such that H(M)=h

The geneeral Hash code expression is given as

$Hi=mi1\oplus mi2\oplus mi3\oplus .........\oplus miL$

where Hi = ith bit of the hash code

L is the number of n bit blocks in the input.

$\oplus$ = XOR Operation.

Secure of HASH Function and HMAC:

The attacks on the hash and MAC can be categorized into two types

1) Brute Force attack and 2) Cryptoanalysis

Brute Force attack: It is the process of trying every possible key one by one and checks whether the resulting plain text is meaningful. For example if sender is using 16 bits as a key, the attacker prepares all the 2¹⁶ possible keys and apply on the cipher to get plain text.

Hash Function: The strength of the hash function against the brutforce is on the length of the hash code produced by the algorithm.

Cryptoanalysis for Hash Function: Before moving to the security provisions to the hash function first we will look at the overall structure of a typical secure hash function.

Crptoanalysis for Message Authentication Code: There is more variety in the structure of the MAC than in the hash function. So it is difficul to generalize the cryptanalysis of the MAC