Security and Cooperation in Wireless Networks
Exercise Sheet1
WS 12/13
Youssef Shehadeh
Telematics Group,
University of Goettingen,
November 23, 2012
- Security of existing wireless networks
(1)What security services are provided by the GSM security architecture? What important security services does it not provide?
(2)Let us consider the authentication vector in UMTS. What is the purpose of the AUTN field? Does the MAC in AUTN authenticate the keys CK and IK? How is the freshness of CK and IK ensured?
(3)How does the authentication scheme of 802.11i differ from that of 802.1X?
(4)Why do you think the MAC address of the device is included in the computation of the message keys in TKIP (see Slide 37)?
- Introduction to cryptographic algorithms and protocols
(1)Suppose that someone suggests the following way to confirm that the two of you are both in possession of the same secret key. You create a random bit string the length of the key, XOR it with the key, and send the result over the channel. Your partner XORs the incoming block with the key (which should be the same as your key) and sends it back. You check and if what you receive is your original random string, you have verified that your partner has the same secret key, yet neither of you has ever transmitted the key. Is there a flaw in this scheme?
(2)Prior to the discovery of any specific public-key schemes, such as RSA, an existenceproof was developed whose purpose was to demonstrate that public-key encryptionis possible in theory. Consider the functions f1(x1) = z1; f2(x2,y2) = z2;f3(x3,y3) = z3,where all values are integers with 1 ≤xi, yi, zi≤N. Function f1 can be represented by a vector M1 of length N, in which the kth entry is the value of f1(k). Similarly, f2 andf3 can be represented by NxN matrices M2 and M3. The intent is to represent theencryption/decryption process by table look-ups.With very large values ofN, such tables would be impractically huge but could, in principle, be constructed.The scheme works as follows: construct M1 with a random permutation of all integersbetween 1 and N; that is, each integer appears exactly once in M1. Construct M2 sothat each row contains a random permutation of the first N integers. Finally, fill in M3to satisfy the following condition:
f3(f2(f1(k),p),k) = p,for all k,p with 1≤ k,p≤ N
In other words,
1. M1 takes an input k and produces an output x.
2. M2 takes inputs x and p giving output z.
3. M3 takes inputs z and k and produces p.
The three tables, once constructed, are made public.
- It should be clear that it is possible to construct M3 to satisfy the preceding condition.As an example, fill in M3 for the following simple case:
Convention: The ith element of M1 corresponds to k = i. The ith row of M2 correspondsto x = i; the jth column of M2corresponds to p = j. The ith row of M3corresponds to z = i; the jth column of M3 corresponds to k =j.
- Describe the use of this set of tables to perform encryption and decryptionbetween two users.
(3)In the case of the ElGamal encryption, why is it important that each message is encrypted with a different random number r? Hint: compare two messages encrypted using same random number r.
(4)RSA encryption:
- Perform encryption and decryption using the RSA algorithm for the following:p = 17; q = 31, e = 7;M = 2.
- In a public-key system using RSA, you intercept the ciphertext C = 10 sent to a userwhose public key is e = 5, n = 35. What is the plaintext M?
- In an RSA system, the public key of a given user is e = 31, n = 3599. What is the privatekey of this user?
Hint: Start searching with largest pq possible.
(5)Try to propose a correction to the Wide Mouth Frog protocol so that it resists the attack described.
(6)Consider a Diffie-Hellman scheme with a common prime p = 11 and a primitive root (generator)g= 2.
- If user A has public key YA = 9, what is A's private key XA?
- If user B has public key YB = 3, what is the shared secret key K?
Note: if a is a primitive root ofthe prime number p, then the numbers: a modp, a2modp,..., aP-1modpare distinct and consist of the integers from 1 through p-l in some permutation.