\documentclass[11pt]{article}
\usepackage{amsmath, alltt, amssymb, xspace, times, epsfig}
\setlength{\evensidemargin}{0in} \setlength{\oddsidemargin}{0in}
\setlength{\textwidth}{6.5in} \setlength{\textheight}{8.5in}
\setlength{\topmargin}{0in} \setlength{\headheight}{0in}
\begin{document}
\thispagestyle{empty}
\noindent \textbf{CS426: Computer Security\hspace*{\fill}Fall 2010}
\begin{center}
{\LARGE Homework \#4}
\end{center}
\paragraph{Due date \& time:} 1:30pm on November 19, 2010.
Hand in at the beginning of class (preferred), or email to the TA
(twykoff@purdue.edu) by the due time.
\vspace*{-0.1in}\paragraph{Late Policy:} You have three extra days in total for all
your homeworks and projects. Any portion of a day used counts as one day; that is,
you have to use integer number of late days each time. If you emailed your homework
to the TA by 1:30pm the day after it is due, then you have used one extra day. If
you exhaust your three late days, any late homework won't be graded.
\vspace*{-0.1in}\paragraph{Additional Instructions:} (1) The
submitted homework must be typed. Using Latex is recommended, but
not required.
\\
\begin{description}
\item[Problem 1 (10 pts)]
The quantum key agreement protocol we discussed in class requires two channels: one quantum channel that is subject to adversary and/or noises, and one public channel that must be authentic and unjammable.
\begin{itemize}
\item
Explain how an adversary can break the protocol if the adversary can intercept, drop, and forge messages in the public channel. Describe what the adversary needs to do step by step, and what are the effects.
\item
Suppose that Alice and Bob want to agree on a key of 128 bits long. Estimate the minimal number of bits Alice needs to send to Bob to be able to do so, while detecting any eavesdropper with probability 0.999999999. Explain your answer. (You may want to refer to the wiki page \textit{http://en.wikipedia.org/wiki/Quantum\_key\_distribution})\\
\end{itemize}
\item[Problem 2 (10 pts)]
Suppose Alice uses the RSA method as follows. She wants to send a message consisting of
several letters, and assign $a=1,b=2,\ldots,z=26$. She then encrypts each letter
separately. For example, if her message is \textit{cat}, she calculates $3^e \mod n$,
$1^e\mod n$, and $20^{e} \mod n$. Then she sends the encrypted message to Bob. Explain
how Eve can find the message without factoring $n$. In particular, suppose $n=8881$ and
$e=13$. Eve intercepts the message
\begin{center}
$4461 \hspace*{0.1in} 794\hspace*{0.1in}2015\hspace*{0.1in}2015\hspace*{0.1in}3603$
\end{center}
Find the message without factoring 8881.\\
\item[Problem 3 (10 pts)]
Suppose Alice tries to implement an analog of the Diffie-Hellman key exchange as follows.
Alice wants to send the key $K$ to Bob. Alice chooses a one-time pad key $K_a$ and XORs it with
$K$ to compute $M_1=K \oplus K_a$, and then sends $M_1$ to Bob. Bob chooses a one-time key $K_b$
and sends to Alice $M_2=M_1 \oplus K_b$. Alice then sends to Bob $M_3=M_2\oplus K_a$.
\begin{itemize}
\item
Show how Bob can recover $K$.
\item
Suppose Eve intercepts $M_1,M_2,M_3$. How can she recover $K$?\\
\end{itemize}
\item
\item[Problem 4 (25 pts)] Read the article ``New Directions in
Cryptography'' by Diffie and Hellman~(available from the lectures \& handouts page), and answer the following questions.
\begin{description}
\item [a (6 pts)]
The paper gives rationales for building encryption schemes that are
secure against known plaintext attacks and chosen plaintext attacks, by
discussing how such schemes remove restrictions that are placed on the
ways of using them. Discuss these rationale in your own words.
\item [b (6 pts)]
List all the limitations and shortcoming discussed in the paper about
symmetric encryption schemes.
\item [c (6 pts)]
List all the limitations and shortcoming discussed in the paper about
symmetric message authentication schemes.
\item [d (7 pts)]
The paper establishes the relationships among (1) public-key encryption,
(2) public key distribution, and (3) digital signature (referred to in
the paper as one-way authentication). By relationships, we mean using
one scheme to implement another scheme. List these relationships, and
explain the constructions involved to use one scheme to implement
another.\\
\end{description}
\item[Problem 5 (20 pts)]
Read the paper titled ``Role-Based Access Control Models'' by Sandhu et al.~(available from the lectures \& handouts page), and answer the questions below.
\begin{itemize}
\item
Why is the notion of roles a useful concept? What are the differences between roles and groups?
\item
Briefly describe the four models in the paper: RBAC$_0$, RBAC$_1$, RBAC$_2$, and RBAC$_3$.
\item
Describe the constraints considered in the paper, and for each type of constraints discuss whether they are related to the ``Separation of privilege'' and ``least privilege'' principles identified by Salzer and Schroeder.\\
\end{itemize}
\item[Problem 6 (25 pts)]
Read the paper by Boebert and Jain, titled ``A Practical Alternative to Hierarchical Integrity Policies''~(available from the lectures \& handouts page), and answer the questions below.
\begin{itemize}
\item
What are the differences between integrity policies and confidentiality policies (called compromise policies in the paper)? Why they cannot be viewed as duals of each other?
\item
Describe what are ``Assured Pipeline'' policies. Come up with an example that is not in the paper.
\item
Why did the authors conclude that enforcing assured pipeline policies using hierarchical integrity policies (such as those in Biba) is unsatisfactory?
\item
Describe how the Type Enforcement system proposed in the paper work.
\item
Do you agree that the proposed Type Enforcement system is a better alternative to the hierarchical integrity policies for enforcing assured pipeline policies? Give your reasons.
\end{itemize}
\end{description}
\end{document}