# HG changeset patch # User Christian Urban # Date 1414984961 0 # Node ID d7109c6e721d87d093a0a4ab08b5fa23b0bbbea2 # Parent 06a04b3b2dda85fc1dd71695f56d2af4ea06f0af updated diff -r 06a04b3b2dda -r d7109c6e721d handouts/ho02.pdf Binary file handouts/ho02.pdf has changed diff -r 06a04b3b2dda -r d7109c6e721d handouts/ho02.tex --- a/handouts/ho02.tex Thu Oct 30 01:17:51 2014 +0000 +++ b/handouts/ho02.tex Mon Nov 03 03:22:41 2014 +0000 @@ -468,7 +468,12 @@ \noindent At the beginning she describes the complete break-in by the group of Alex Halderman at the try-out voting at -Washington D.C. +Washington D.C. Halderman's amusing paper including pictures +is at + +\begin{center} +\url{https://jhalderm.com/pub/papers/dcvoting-fc12.pdf} +\end{center} \end{document} diff -r 06a04b3b2dda -r d7109c6e721d handouts/ho09.tex --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/handouts/ho09.tex Mon Nov 03 03:22:41 2014 +0000 @@ -0,0 +1,18 @@ +\documentclass{article} +\usepackage{../style} +\usepackage{../langs} +\usetikzlibrary{patterns,decorations.pathreplacing} + +\begin{document} + +\section*{Handout 9 (Zero-Knowledge Proofs)} + +Paper about breaking HiTag2 (gave hash, but cannot verify +it without giving the paper) + +\end{document} + +%%% Local Variables: +%%% mode: latex +%%% TeX-master: t +%%% End: diff -r 06a04b3b2dda -r d7109c6e721d hws/hw03.tex --- a/hws/hw03.tex Thu Oct 30 01:17:51 2014 +0000 +++ b/hws/hw03.tex Mon Nov 03 03:22:41 2014 +0000 @@ -16,7 +16,7 @@ \item How does a buffer-overflow attack work? (Hint: What happens on the stack.) -\item Why is it crucuial for a buffer overflow attack that the stack +\item Why is it crucial for a buffer overflow attack that the stack grows from higher addresses to lower ones? \item If the attacker uses a buffer overflow attack in order to diff -r 06a04b3b2dda -r d7109c6e721d hws/hw05.pdf Binary file hws/hw05.pdf has changed diff -r 06a04b3b2dda -r d7109c6e721d hws/hw05.tex --- a/hws/hw05.tex Thu Oct 30 01:17:51 2014 +0000 +++ b/hws/hw05.tex Mon Nov 03 03:22:41 2014 +0000 @@ -1,26 +1,51 @@ \documentclass{article} -\usepackage{charter} -\usepackage{hyperref} -\usepackage{amssymb} +\usepackage{../style} \begin{document} \section*{Homework 5} \begin{enumerate} +\item What can attacker that controls the network do to a communication +between a client and a server? + +\item Before starting a TCP connection, client and servers +perform a three-way handshake. Describe how can this three-way +handshake can be abused by an attacker? + \item Consider the following simple mutual authentication protocol: \begin{center} \begin{tabular}{ll} -$A \rightarrow B$: & $N_a$\\ -$B \rightarrow A$: & $\{N_a, N_b\}_{K_{ab}}$\\ -$A \rightarrow B$: & $N_b$\\ +$A \to B$: & $N_a$\\ +$B \to A$: & $\{N_a, N_b\}_{K_{ab}}$\\ +$A \to B$: & $N_b$\\ \end{tabular} \end{center} Explain how an attacker $B'$ can launch an impersonation attack by intercepting all messages for $B$ and make $A$ decrypt her own challenges. +\item What is the main problem with the following +authentication protocol where $A$ sends $B$ mutually +shared key? + +\begin{center} +$A \to B: K_{AB}$ +\end{center} + +\item Nonces are unpredicatble random numbers used in protocols? +Consider the following protocol + +\begin{center} +\begin{tabular}{ll} +$A \to B$: & $N$\\ +$B \to A$: & $\{N + 1\}_{K_{ab}}$\\ +\end{tabular} +\end{center} + +Write down three facts that $A$ can infer after this protocol has been +successfully completed? \item Before starting a TCP connection, client and servers perform a three-way handshake: @@ -35,6 +60,29 @@ How can this protocol be abused causing trouble on the server? +\item Write down a protocol which establishes a secret key +between $A$ and $B$ using a mutually trusted third party $S$. +You can assume $A$ and $S$, respectfully $B$ and $S$, share +secret keys. + +\item Consider the following protocol between a car and a +key transponder: + +\begin{enumerate} +\item $C$ generates a random number $r$ +\item $C$ calculates $(F,G) = \{r\}_K$ +\item $C \to T$: $r, F$ +\item $T$ calculates $(F',G') = \{r\}_K$ +\item $T$ checks that $F = F'$ +\item $T \to C$: $r, G'$ +\item $C$ checks that $G = G'$ +\end{enumerate} + +In Step 2 and 4 a message is split into two halves. Explain +what the purpose of this split is? + + + \end{enumerate} \end{document}