Assignment #2
Security in Computing COSC2536/2537
Total Marks: 35
Submission Deadline: Week 10, May 11 2018 11:59pm
Q1 (Privacy) (Mark 6)
Answer either Question (a) or (b)
(a): Suppose there are seven voters to vote for YES or NO to give their opinions.
Design a secure voting prototype as shown in Fig. 1 using Paillier cryptosystem where the votes must be encrypted from Voting Booth before sending them to the Voting Server. Assume, four voters will vote for YES and three voters will vote for NO. The Voting Authority should find four YESs and three NOs after counting the votes. The Voting Authority chooses p=59, q=97 and select g=5724. Seven voters select the random numbers as 𝒓𝟏 = 𝟗𝟎,𝒓𝟐 = 𝟗𝟏,𝒓𝟑 = 𝟗𝟐,𝒓𝟒 = 𝟗𝟑,𝒓𝟓 = 𝟗𝟒,𝒓𝟔 = 𝟗𝟓 and 𝒓𝟕 = 𝟗𝟔 respectively. Show the encryption, homomorphic computations and decryption processes.
Fig. 1: Secure E-voting Scenario
Hints: Refer to the lecture-5 Secure e voting. You need to represent the total number
of votes by 6-bit string. The first three of bits should represent the votes for YES and the rest for NO. When adding a vote for YES, the system adds 001000, which is 8 in integer. Similarly, the system adds 000001 when voting for NO, which is 1 in the integer form.
(b) As shown in Fig. 2, Alice owns two different shops where she sells mobile phones of a specific brand. The prices of the phones are different based on the shops. Now with
the help of a third-party cloud server, Alice wants to know remotely and securely, how much she earned by selling the mobile phones in both shops with different price rate (assume that Alice does not have the homomorphic computation power). Note that, Alice does not want to reveal how many phones are sold also the total amount of money that she earned to the server.
How can you build a secure protocol using Exponential ElGamal cryptosystem where the cloud server can perform such computations without knowing the number of phones that are sold and the total earnings?
Please refer to the below table for detail information.
|
Shops |
Shop 1 |
Shop 2 |
|
Phones sold |
20 |
25 |
|
Price rate |
50 |
30 |
|
Total Earning per shop |
1000 |
750 |
|
Total Earning |
1750 |
|
Fig. 2: Secure Transactions
Hints: Alice as a receiver, should generate the public and private key pairs (as shown in figure) and sends the public keys to the shops. The corresponding shops as senders can encrypt (with random numbers given in the figure) the number of phones sold and send the cipher-texts with the price rate (as plaintext) to the cloud server. The server with computation power should perform the required computations homomorphically so that it cannot reveal the total amount that is earned by selling the phones, since it is
privacy sensitive. Only Alice should decrypt and find the Total earning. Q2 (Signatures) (Mark 2+2+1+1=6)
(a)
Suppose Bob (the sender) wants to send a signed message m=456789 to Alice (the receiver). However, before sending the message he would like to sign the message. When Alice receives the signed message, she would like to verify that the message is
indeed from Bob. To facilitate signing and verification Bob generates public and private keys using RSA encryption algorithm and sends the public key to Alice. Bob uses parameter p=10009 and q=9739, and chooses a suitable public key parameter e=5737. How would Bob sign message m=456789? How would Alice verify the signed message from Bob?
(b)
Suppose Bob (the sender) wants to send a signed message m=3456 to Alice (the receiver). However, before sending the message he would like to sign the message. When Alice receives the signed message, she would like to verify that the message is indeed from Bob. To facilitate signing and verification Bob generates public and private keys using ElGamal encryption algorithm and sends the public key to Alice. Bob chooses p=8081, g=2849, x=59. How would Bob sign message m=3456? How would Alice verify the signed message from Bob?
(c)
(d)
Why is it a bad idea to use the same RSA key pair for both signing and decryption? Explain with an example (i.e. a numerical example). Is this also true for ElGamal?
Q3 (BlockChain) (Mark 12)
Study (i.e. research) various supply-chain systems as listed below. Choose one of the supply-chain systems as a case study (or you may choose any, which is not listed) and write a short report/proposal on how integrity and traceability of the chosen system can be improved by using BlockChain principle. Use plenty of diagrams to explain your concept. We are not asking you to write code and develop the system, but your report should contain enough information for a system architect to understand and build the proposed system. Some existing Blockchain based Supply-chain case studies are as follows.
- Blockchain in Pharmaceutical supply chain to prevent counterfeit drugs supply.
- Blockchain based Port logistics
- Food safety and traceability using Blockchain: Meat traceability, Sea food
traceability etc.
- Blockchain based garment products supply chain.
- Tracking and tracing the provenance of diamonds using blockchain.
Some resources to study about existing Blockchain based Supply chain systems to improve the trust, traceability and integrity:
Seafood Traceability using Blockchain
IBM’s Solution on Blockchain based Food Supply chain
Recall that we use both a public key system and a hash function when computing digital signatures. Suppose that the hash function used to compute and verify
signatures is insecure, but the public key system is secure. Show that you can forge
signatures.
CLNT and SRVR are constants, and K = h(S,RA,Re) is the session
3. We want to design a secure mutual 3asut.hentication protocol based on a
key.
shared symmetric key. We also want to establish a session key, and we
is Alice
7. Consider
and the session
(d)
ts,
s
ymmetric key known only to Alice and Bob. Which of the following are secure
.
(c)
a
t
h
e fo
(
R
a
r
o
n
s
t
a
n
i
.
D
oe
s
A
ii)
W
l
E(S, Κ^), E(CLNT.K) Alice ■* “I’m Alice”, RA
t
want perfect forward secrecy. E(SRVR,K) 3s.
Bob
ic
e
au
th
e
nt
ic
a
te
B
o
b
?
J
u
s
t
i
f
y
y
o
u
r
a
n
s
w
er
.
AB
on just a few?
ll
re
(
o
h
k
S, RA, RB)·
ly
w
y
m
e
in
y
is
K
=
h
in
go
ig
g
p
ro
to
c
o
l,
w
h
e
C
N
S
ht
it
no
nj
t
be a
g
ust
a fe
tb
E(S, Κ^), E(CLNT.K)
a. Design such a protocol that uses three messages. a. Does Alice authenticate Bob? Justify your answer. Q4 (Authentication and Intrusion Detection) (Mark 2+2+3+2=9)
Alice ■* E(SRVR,K) Bob b. Desigbn. Dsuocehs BaopbraouttohceontlictahtaetAulisce?s Jtwusotifymeysosuargaens.wer.
(a)
symmetric key. Give two different attacks that Trudy can use to convince Bob b. Does Bob authenticate Alice? Justify your answer.
4. Consider the following mutual authentication protocol, where KAB is a
tion and to establish a session key K. Here, T is a timestamp. shared symmetric key.
that she is Alice.
9. The following two-message protocol is designed for mutual authentica- tion a
This protocol is insecure. Illustrate a successful attack by Trudy.
the following are secure session keys and which are not? Justify your and K is a symmetric key known only to Alice and Bob. Which of
session keys and which are not? Justify your answers.
answers.
the following are secure session keys and which are not? Justify your
5. Consider the attack on TCP authentication illustrated in Figure 9.28. answers.
c. E(K,R) to succeed?
(i)
a. R®K
Suppose that Trudy cannot guess the initial sequence number 62 ex-
a. R®K (ii)
b. E{R,K)
actly. Instead, Trudy can only narrow 62 down to one of, say, 1,000
b. E{R,K)
possible vacl.uesE.(KH,Ro)w can Trudy conduct an attack so that she is likely
o
w
?
e
a
g
od
i
d
ea
t
oo
d
id
o
c
o
ea
to
c
mb
i
ne
s
ev
om
bin
er
t
ere K
9. The following two-message protocol is designed for mutual authentica-
Con
s
id
er
th
e
f
o
ll
ow
in
g
m
u
tu
a
la
u
t
h
en
ti
c
a
t
i
o
n
p
r
o
to
c
o
l
,w
h
is a shared
nd to establish a session key K. Here, T is a timestamp. “I’m Alice”, \J]Miœ, {K>Bob
Alice
Alice ~ Alice
Bob
“I’m Alice”, R
“I’m Alice”, \J] E(R,K )
►
, {K>Bob E(R+1,KAB)
Miœ
AB
r Bob Bob
(b)
This protocol is insecure. Illustrate a successful attack by Trudy.
10. Suppose R is a random challenge sent in the clear from Alice to Bob
Give two different attacks that Trudy can use to convince Bob that she
Suppose R is a random challenge sent in the clear from Alice to Bob and K is a
and K is a symmetric key known only to Alice and Bob. Which of 10. Suppose R is a random challenge sent in the clear from Alice to Bob
The popular method for anomaly-based intrusion detection is based on file-use statistics.
6. Timestamps can be used in place of nonces in security protocols.
b. Wha
(i) Many other statistics could be used as part of an anomaly-based IDS. For
(
s e
? c
t
is th
e
p
ri
m
a
r
y
d
is
a
d
v
a
n
t
a
e
o
g n
ii)
W
example, network usage would be a sensible statistic to consider. List five
a. What is the primary advantage of using timestamps?
other statistics that could reasonably be used in an anomaly-based IDS.
g re
Alice forgets her password. She goes to the system administrator’s office, and the admin resets her password and gives Alice the new password.
- (i) Why does the SA reset the password instead of giving Alice her previous (forgotten) password? Why should Alice re-reset her password immediately after the SA has reset it?
- (ii) Suppose that after the SA resets Alice’s password, she remembers her
hy
m
ig
ht
i
f L
u
t d
i
m
e
s
ta
m
p
s T
in a
al s
t
e
s
ev
a
tis
ti
er
al
st
R
cs
ra
V
atis
ti
th
er
t
c
sr
at
han relying
he
r
t
h
a
n
previous password. Alice likes her old password, so she resets it to its previous value. Would it be possible for the SA to determine that Alice has chosen the same password as before? Why or why not?
Q5 (Data Hiding) (Mark 2)
Assume that we have a stego ECG signal with 200 samples in which binary bits of a text message is hidden as secret message. There are 168 bits of the binary secret message. A bit is hidden in the least significant bit (LSB) of an ECG sample. Please note that the bits are embedded sequentially. For example, we have a text message “hello world”. The equivalent binary of secret message is:
011010000110010101101100011011000110111100100000011101110110111
1011100100110110001100100
Now, if we hide first 5 bits of the binary string given above in LSB of first 5 ECG samples then the resultant ECG samples will look like as follows:
ECG Equivalent Binary Samples
-0.045 10111101001110000101000111101100 -0.055 10111101011000010100011110101110 -0.055 10111101011000010100011110101110 -0.075 10111101100110011001100110011010 -0.065 10111101100001010001111010111000
Binary After Hiding a bit in LSB
10111101001110000101000111101100 10111101011000010100011110101111 10111101011000010100011110101111 10111101100110011001100110011010 10111101100001010001111010111001
⁞⁞⁞
You need to perform steganalysis to find out the secret text message from the stego ECG signal. In order to do this, convert each ECG samples into 64 bit binary and read corresponding LSB to store. At the end, convert retrieved bits into text.
The contents of stego ECG signal file (stego_ecg.txt) are given in the Appendix.
Stego_ecg.txt:
-0.16999999999999998 -0.16
-0.17
-0.165 -0.15499999999999997 -0.15999999999999998 -0.17
-0.15 -0.10499999999999998 -0.045000000000000005 -0.030000000000000002 0.019999999999999997 0.065 0.12000000000000001 0.05499999999999999 0.01 -0.07999999999999999 -0.16
-0.17
-0.19 -0.21499999999999997 -0.21499999999999997 -0.4000000000000001 -0.39000000000000007 0.475
2.07
3.28
2.345 0.22499999999999998 -0.48000000000000004 -0.235 -0.23500000000000001 -0.275 -0.26000000000000006 -0.26000000000000006 -0.2800000000000001 -0.265
-0.255 -0.2750000000000001 -0.24
-0.24
-0.23
-0.215
-0.195 -0.19000000000000003 -0.16999999999999998 -0.175 -0.13500000000000004 -0.12
-0.08
-0.08
-0.08
-0.07
-0.055
-0.05 -0.004999999999999999 -0.015
APPENDIX
-0.030000000000000002 -0.04 -0.07000000000000002 -0.08 -0.07999999999999999 -0.135 -0.12000000000000001 -0.135
-0.135
-0.17 -0.16499999999999998 -0.175 -0.16499999999999998 -0.14
-0.14
-0.175 -0.13500000000000004 -0.145
-0.14 -0.13000000000000003 -0.13 -0.15499999999999997 -0.14000000000000004 -0.16499999999999998 -0.16 -0.13500000000000004 -0.135
-0.165
-0.15
-0.155 -0.15999999999999998 -0.15999999999999998 -0.15499999999999997 -0.17 -0.14999999999999997 -0.14999999999999997 -0.15999999999999998 -0.15499999999999997 -0.13 -0.14999999999999997 -0.12000000000000001 -0.10000000000000002 -0.05499999999999999 -0.03
0.045
0.085
0.11
0.09
0.02 -0.10000000000000002 -0.14 -0.18500000000000003 -0.19000000000000003 -0.20000000000000004 -0.18000000000000002 -0.395 -0.34500000000000003 0.5200000000000001 2.0299999999999994 3.1300000000000003
2.1600000000000006 0.1
-0.505
-0.26 -0.24000000000000002 -0.26000000000000006 -0.26000000000000006 -0.275
-0.24
-0.235 -0.22499999999999998 -0.255 -0.25000000000000006 -0.24000000000000002 -0.19000000000000003 -0.18 -0.19000000000000003 -0.18
-0.165 -0.15999999999999998 -0.12000000000000001 -0.10000000000000002 -0.09500000000000001 -0.07999999999999999 -0.07000000000000002 -0.07999999999999999 -0.039999999999999994 -0.06
-0.04 -0.030000000000000002 -0.035 -0.07000000000000002 -0.07
-0.1
-0.105
-0.14 -0.12000000000000001 -0.14000000000000004 -0.14
-0.165 -0.18000000000000002 -0.15
-0.13
-0.175
-0.155 -0.13500000000000004 -0.13 -0.14499999999999996 -0.115 -0.12000000000000001 -0.14000000000000004 -0.15
-0.145
-0.15
-0.16
-0.17
-0.145
-0.165
-0.155
-0.18
-0.18 -0.175 -0.165 -0.19 -0.17 -0.175 -0.155 -0.12 -0.06 -0.04 0.01 0.06 0.1 0.08 0.06 -0.06 -0.12 -0.185 -0.195 -0.2 -0.195 -0.27 -0.425