CSC4222 Homework 4 Solution

1. Describe a method for protecting users against URL obfuscation attacks.

2. Suppose a web client and web server for a popular shopping website have performed a key exchange so that they are now sharing a secret session key. Describe a secure method for the web client to navigate various shopping site pages, optionally placing things into a shopping cart. Your solution is allowed to use one-way hash functions and pseudo-random number generators, but it cannot use HTTPS, so it does not need to achieve confidentiality. In any case, your solution should be resistant to HTTP session hijacking even from someone who can sniff all the packets.

3. What is the encryption of the following string using the Caesar cipher: INFORMATIONSECURITY?

4. a. Compute the multiplicative inverse of 7 in Z23.
b. Show the steps and intermediate results of applying the extended Euclidean algorithm to compute the GCD of 512 and 240.


6. Demonstrate that the hash function H(x) = 5x + 11 mod 19 is not weakly collisionresistant, for H(4).

7. Explain why nonforgeability and nonmutability imply nonrepudiation for digital signatures.

8. Alice wants to send a large document as an encrypted attachment to an email to Bob over the internet. Alice also wants Bob to know that this attachment was sent by her (and not a forged attachment sent by someone else). Assume Alice and Bob have each other’s public keys.
In the questions below, use the cryptographic primitives we’ve discussed in class.
Define any cryptographic functions that you use. For example: one could say:
- H is cryptographic hash function, or H is MD5;
- PKa, SKa, PKb, SKb ­ Alice and Bob’s public/private key pairs
- Ek()/Dk() ­­ Authenticated encryption/decryption scheme using key k (say, AES­GCM)
- Enc()/Dec() ­­ Public key encryption/Decryption (say, RSA encryption)
- Sign/Verify ­­ Digital signature/verification algorithm (say, RSA signature)

A. Give the steps for Alice to prepare the attachment that will be sent.

B. Give the steps for Bob to decrypt Alice’s attachment and verify that the message is valid and authentic (it has not been tampered and it was definitely sent by Alice).

9. Bitcoin is designed such that the attacker cannot reverse or tamper with the transactions. Explain how, referencing its technical design features as needed.

10. a. Describe the difference between privacy and confidentiality.

b. In Cyber Forensics, it is important to acquire the evidence without altering the original. Name an approach to allow us to demonstrate that the image evidence is a true, unaltered copy of the original?