\documentclass{article}\usepackage{../style}\begin{document}\section*{Homework 5}\HEADER\begin{enumerate}\item Imagine you are researching security products (e.g.~CCTV, alarms etc) on a helpful website. They ask you for your address details? Think about whether this can be bad for you.\item What can attacker that controls the network do to a communicationbetween a client and a server?\item Before starting a TCP connection, client and serversperform a three-way handshake. Describe how can this three-wayhandshake can be abused by an attacker? \item Consider the following simple mutual authentication protocol:\begin{center}\begin{tabular}{ll}$A \to B$: & $N_a$\\ $B \to A$: & $\{N_a, N_b\}_{K_{ab}}$\\$A \to B$: & $N_b$\\\end{tabular}\end{center}Explain how an attacker $B'$ can launch an impersonation attack by intercepting all messages for $B$ and make $A$ decrypt her own challenges.\item What is the main problem with the followingauthentication protocol where $A$ sends $B$ mutuallyshared key?\begin{center}$A \to B: K_{AB}$\end{center}\item Nonces are unpredicatble random numbers used in protocols.Consider the following protocol\begin{center}\begin{tabular}{ll}$A \to B$: & $N$\\ $B \to A$: & $\{N + 1\}_{K_{ab}}$\\\end{tabular}\end{center}Write down three facts that $A$ can infer after this protocol has beensuccessfully completed?\item Write down a protocol which establishes a secret keybetween $A$ and $B$ using a mutually trusted third party $S$.You can assume $A$ and $S$, respectively $B$ and $S$, share secret keys.\item Consider the following protocol between a car and akey transponder: \begin{enumerate}\item $C$ generates a random number $N$\item $C$ calculates $(F,G) = \{N\}_K$\item $C \to T$: $N, F$\item $T$ calculates $(F',G') = \{N\}_K$\item $T$ checks that $F = F'$\item $T \to C$: $N, G'$\item $C$ checks that $G = G'$\end{enumerate}In Step 2 and 4 a message is split into two halves. Explainwhat the purpose of this split is? Assume the key $K$ is shared only between the car and the transponder. Does the protocol achieve that the transponder $T$ authenticates itself to the car$C$? Does the car authenticate itself to the transponder?\item What are the main disadvantages of the following protocol that establishes a mutual key between two parties $A$ and $B$ with the help of a mutually trusted third party $S$:\begin{center}\begin{tabular}{l@{\hspace{2mm}}l}$A \to S :$ & $A, B$\\$S \to A :$ & $\{K_{AB}\}_{K_{AS}}$ and $\{\{K_{AB}\}_{K_{BS}} \}_{K_{AS}}$\\$A \to B :$ & $\{K_{AB}\}_{K_{BS}}$\\$A \to B :$ & $\{m\}_{K_{AB}}$\\\end{tabular}\end{center}\item Explain briefly the purpose of the certification authority in the public-private key encryption scheme.\item Explain briefly what is meant by a certification authority becoming ``too big to fail'' when it has issued a large number of certificates.\item In which situations does it make sense to install invalid (self-signed) certificates?\item \POSTSCRIPT\end{enumerate}\end{document}%%% Local Variables: %%% mode: latex%%% TeX-master: t%%% End: