Binary file handouts/ho02.pdf has changed
--- a/handouts/ho02.tex Thu Oct 30 01:17:51 2014 +0000
+++ b/handouts/ho02.tex Mon Nov 03 03:22:41 2014 +0000
@@ -468,7 +468,12 @@
\noindent At the beginning she describes the complete break-in
by the group of Alex Halderman at the try-out voting at
-Washington D.C.
+Washington D.C. Halderman's amusing paper including pictures
+is at
+
+\begin{center}
+\url{https://jhalderm.com/pub/papers/dcvoting-fc12.pdf}
+\end{center}
\end{document}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/handouts/ho09.tex Mon Nov 03 03:22:41 2014 +0000
@@ -0,0 +1,18 @@
+\documentclass{article}
+\usepackage{../style}
+\usepackage{../langs}
+\usetikzlibrary{patterns,decorations.pathreplacing}
+
+\begin{document}
+
+\section*{Handout 9 (Zero-Knowledge Proofs)}
+
+Paper about breaking HiTag2 (gave hash, but cannot verify
+it without giving the paper)
+
+\end{document}
+
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: t
+%%% End:
--- a/hws/hw03.tex Thu Oct 30 01:17:51 2014 +0000
+++ b/hws/hw03.tex Mon Nov 03 03:22:41 2014 +0000
@@ -16,7 +16,7 @@
\item How does a buffer-overflow attack work? (Hint: What happens on
the stack.)
-\item Why is it crucuial for a buffer overflow attack that the stack
+\item Why is it crucial for a buffer overflow attack that the stack
grows from higher addresses to lower ones?
\item If the attacker uses a buffer overflow attack in order to
Binary file hws/hw05.pdf has changed
--- a/hws/hw05.tex Thu Oct 30 01:17:51 2014 +0000
+++ b/hws/hw05.tex Mon Nov 03 03:22:41 2014 +0000
@@ -1,26 +1,51 @@
\documentclass{article}
-\usepackage{charter}
-\usepackage{hyperref}
-\usepackage{amssymb}
+\usepackage{../style}
\begin{document}
\section*{Homework 5}
\begin{enumerate}
+\item What can attacker that controls the network do to a communication
+between a client and a server?
+
+\item Before starting a TCP connection, client and servers
+perform a three-way handshake. Describe how can this three-way
+handshake can be abused by an attacker?
+
\item Consider the following simple mutual authentication protocol:
\begin{center}
\begin{tabular}{ll}
-$A \rightarrow B$: & $N_a$\\
-$B \rightarrow A$: & $\{N_a, N_b\}_{K_{ab}}$\\
-$A \rightarrow B$: & $N_b$\\
+$A \to B$: & $N_a$\\
+$B \to A$: & $\{N_a, N_b\}_{K_{ab}}$\\
+$A \to B$: & $N_b$\\
\end{tabular}
\end{center}
Explain how an attacker $B'$ can launch an impersonation attack by
intercepting all messages for $B$ and make $A$ decrypt her own challenges.
+\item What is the main problem with the following
+authentication protocol where $A$ sends $B$ mutually
+shared key?
+
+\begin{center}
+$A \to B: K_{AB}$
+\end{center}
+
+\item Nonces are unpredicatble random numbers used in protocols?
+Consider the following protocol
+
+\begin{center}
+\begin{tabular}{ll}
+$A \to B$: & $N$\\
+$B \to A$: & $\{N + 1\}_{K_{ab}}$\\
+\end{tabular}
+\end{center}
+
+Write down three facts that $A$ can infer after this protocol has been
+successfully completed?
\item Before starting a TCP connection, client and servers
perform a three-way handshake:
@@ -35,6 +60,29 @@
How can this protocol be abused causing trouble on the server?
+\item Write down a protocol which establishes a secret key
+between $A$ and $B$ using a mutually trusted third party $S$.
+You can assume $A$ and $S$, respectfully $B$ and $S$, share
+secret keys.
+
+\item Consider the following protocol between a car and a
+key transponder:
+
+\begin{enumerate}
+\item $C$ generates a random number $r$
+\item $C$ calculates $(F,G) = \{r\}_K$
+\item $C \to T$: $r, F$
+\item $T$ calculates $(F',G') = \{r\}_K$
+\item $T$ checks that $F = F'$
+\item $T \to C$: $r, G'$
+\item $C$ checks that $G = G'$
+\end{enumerate}
+
+In Step 2 and 4 a message is split into two halves. Explain
+what the purpose of this split is?
+
+
+
\end{enumerate}
\end{document}