30) The man or woman in the middle attack is a hole in authentication where
a With no CA, it's difficult to detect
b With no CA, the intruder Trudy can get the private key of Alice
c With no CA, the intruder Trudy can be found when she sends her public key to Bob
d With no CA, the intruder Trudy can get the private key of Bob
In cryptography CA is an acronym for Certificate Authority or Certifying Authority.
It is an authority that certifies that the public key belongs to
a particular party. It allows the receiver check if the key
actually belongs to the sender that he's/she's claiming to be (and
it is not an impersonation) by verifying the certificate assigned
to the sender (by the CA). If the certificate is valid, then, it is
guaranteed that the public key belongs to the sender and he/she is
not an impostor. The receiver can therefore proceed by encrypting
the message using the public key provided and sending it to the
intended party.
Option (a) is correct because:
Without any CA, it would be difficult to detect if any one is impersonating some other person in the network or not since there won't be any proof of ownership which is provided through digital certificate issued by the certificate authority. It is important to note that this option is different from option (c) in the sense that this option is about detection of the man-in the-middle attack whereas option (c) advocates identification of the attacker, the two are different scenarios. The detection becomes difficult because there is no particular standard method of detection of the man in the middle attacks and various techniques like the tamper detection & latency analysis may come in handy according to the scenario in which the attack occurs.
Option (b) and (d) are incorrect because:
Intruder can never get the private key of the sender or the receiver in any case because "private key" is a term used in asymmetric key cryptography and private key (as the name suggests) is never shared and is kept private.
Option (c) is incorrect because:
In absence of certification authority, there is no way possible for the receiver/Bob to actually know that whether it is Alice or it is Trudy who is sending her public key. This is because the proof of ownership lies only with the certificate issued by the CA.
30) The man or woman in the middle attack is a hole in authentication where a...
Briefly explain each attack scenario performed by Trudy with a proper diagram which on the protocol. Q4 (Authentication Protocol) [3 Marks] The following mutual authentication protocol is proposed based on a symmetric-key cryptography algorithm. We assume that the cryptography algorithm that is used here is secure. Given that the following protocol does not provide mutual authentication. Give two different attack scenarios where Trudy can convince Bob that she is Alice. Briefly explain each attack scenario performed by Trudy with proper...
Authentication Protocol: 3 Marks] Q4 (Authentication Protocol) The following mutual authentication protocol is proposed based on a symmetric-key cryptography algorithm. We assume that the cryptography algorithm that is used here is secure. Given that the following protocol does not provide mutual authentication. Give two different attack scenarios where Trudy can convince Bob that she is Alice. Briefly explain each attack scenario performed by Trudy with proper diagram which on the protocol. "Alice",R E(R, KAB E(R+1, KAB) Alice Bob [Hints: You...
your answer. Refer to attack scenarios on mutual authentication protocols that were discussed during the Lecture-7 and Tutorial-7.] 5 Marks] Q5 (OpenSSL and IPFS) Assume that the School of Science of RMIT University is planning to use IPFS-based repository of sensitive files for sharing among staffs. An owner of a particular file, say Alice wants to share the file to her supervisor, say Bob. Therefore, Alice encrypts the file with Alice and Bob's shared AES secret key (KaB) using OpenSSL,...
The Diffie-Hellman key exchange is vulnerable to the following type of attack. An opponent Carol intercepts Alice’s public value and sends her own public value to Bob. When Bob transmits his public value, Carol substitutes it with her own and sends it to Alice. After this exchange, Carol simply decrypts any messages sent out by Alice or Bob, and then reads and possibly modifies them before re-encrypting with the appropriate key and transmitting them to the other party. Choose all...
(Authentication with Alice cheating) Let’s assume Trudy is Alice’s little sister. Alice produces the message “Transfer $100,000 from Bob to Trudy’s account” and appends it with a valid signature sign(x) of Bob. She then claims that she received this message from Bob. Can Bob prove that he could not have signed this message? 1. In this problem, we will compare the security services provided by Digital Signatures (DS) and Message Authentication Codes (MAC). We assume that Trudy is able to...
Show how an attacker can conduct a man-in-the-middle attack when Alice and Bob perform the Diffe-Hellman protocol.
Question1: Alice and Bob use the Diffie–Hellman key exchange technique with a common prime q = 1 5 7 and a primitive root a = 5. a. If Alice has a private key XA = 15, find her public key YA. b. If Bob has a private key XB = 27, find his public key YB. c. What is the shared secret key between Alice and Bob? Question2: Alice and Bob use the Diffie-Hellman key exchange technique with a common...
(7) (2 pts) The simplified version of the handshaking procedure between a client and a bank server for establishing a secure connection is described below (just consider it identical to the SSL/TLS described in class): 1. A client connects to the TLS-enabled bank server requesting a secure connection, and presents a list of supported ciphers (RC4, DES, AES, etc) and hash functions (MD5, SHA-1, etc). 2. The server picks the strongest cipher and hash. It then server sends back its...
2. Alice is a student in CSE20. Having learned about the RSA cryptosystem in class, she decides to set-up her own public key as follows. She chooses the primes p=563 and q = 383, so that the modulus is N = 21 5629. She also chooses the encryption key e-49. She posts the num- bers N = 215629 and e-49 to her website. Bob, who is in love with Alice, desires to send her messages every hour. To do so,...
Problem 1 Which of the following information is specified by a bitcoin transaction: A. A number of inputs (coins being consumed ). B. A number of outputs (coins being created). C. The user's account balance. Problem 2 In a Bitcoin transaction, which of the following statements is INCORRECT when Alice wants to pay Bob 19 bitcoins to Bob (given the output she owns is worth 25 bitcoin): A. Alice needs to create a new output where all 25 bitcoins are...