March 27th, 2017
German University in Cairo
Media Engineering and Technology
Lecturer: Amr El Mougy
TA: Alaa Gohar and Heba Anwar
Computer and Network Security
Spring term 2017
2nd Chance Midterm Exam
Bar Code
Instructions: Read carefully before proceeding.
CSEN
DMET
1) Duration of the exam: 2 hours (120 minutes).
2) (Non-programmable) Calculators are allowed.
3) No books or other aids are permitted for this test.
4) This exam booklet contains 12 pages, including this one. Note that if one or more pages are
missing, you will lose their points. Thus, you must check that your exam booklet is complete.
5) Write your solutions in the space provided. If you need more space, write on the back of the sheet
containing the problem or on the extra sheets and make an arrow indicating that.
6) When you are told that time is up, stop working on the test.
7) Include any assumptions that you need to make.
8) Follow the instructions of your proctors under all circumstances.
Good Luck!
Don’t write anything below ;-)
Exercise
Marks
Final Marks
1
10
2
20
3
20
4
15
5
20
Σ
85
Page 1 of 9
Question 1:
Specify if the following statements are True (T) or False (F). If you need to justify your
answer, please do so in the space provided.
1) An attacker intercepting a message on its way from a sender to a receiver and then T
replaying the message to the receiver later is an example of an active attack.
2) A digital signature can be accomplished by encrypting the message with the public F
key of the receiver.
3) In cipher block chaining (CBC), an error occurring in a block of ciphertext at the F
receiver will result in all subsequent blocks to be decrypted incorrectly.
4) In RSA, the public key exponent e has to be a prime number.
F
5) AES can accept variable size plaintext blocks.
F
6) The monoalphabetic cipher can be broken using a brute force attack on the key.
F
7) Encrypting the contents of a packet as well as all its headers is done in end-to-end F
encryption.
8) A particular function in a system not executing properly is a violation of system T
integrity.
9) Rotor machines perform permutation operations on the plaintext.
F
10) Confusion is the process by which the encryption algorithm hides the relationship F
between the ciphetext and the plaintext,
Extra space for justification:
Page 2 of 9
Question 2:
A rotor machine that has three rotors was used to produce the ciphertext shown below. The
tables show the settings of the three rotors before the ciphertext was produced.
rpcwpmppwtjvrkdkyvjqltutpuij
First rotor:
Plain a b c d e f g h i j k l m n o p q r s t u v w x y z
Ciph F A S T N D H E U R I O K Y W J L V Q X Z B C G M P
er
Direction of rotor movement during encryption 
Second rotor:
Plain a b c d e f g h i j k l m n o p q r s t u v w x y z
Ciph P L S D V M Z E U O I R K Y W J A N X Q H G C B T F
er
Direction of rotor movement during encryption 
Third rotor:
Plain a b c d e f g h i j k l m n o p q r s t u v w x y z
Ciph Q H S Z F B T E X O I M K J A Y W N U P L G C R D V
er
Direction of rotor movement during encryption 
a)
Show the settings of the three rotors after the ciphertext is produced.
b) Use these settings to decrypt the last 13 letter of the ciphertext (kyvjqltutpuij).
Page 3 of 9
Answer 2:
a) The total number of letters is 28. This will cause the first rotor to move one complete cycle +
two positions, the second rotor will move by one position, and the third rotor not to move at
all.
First rotor:
Plain a b c d e f g h i j k l m n o p q r s t u v w x y z
Ciph M P F A S T N D H E U R I O K Y W J L V Q X Z B C G
er
Direction of rotor movement during encryption 
Second rotor:
Plain a b c d e f g h i j k l m n o p q r s t u v w x y z
Ciph F P L S D V M Z E U O I R K Y W J A N X Q H G C B T
er
Direction of rotor movement during encryption 
Third rotor:
Plain a b c d e f g h i j k l m n o p q r s t u v w x y z
Ciph Q H S Z F B T E X O I M K J A Y W N U P L G C R D V
er
b) We need to decrypt from the last letter to be able to reverse the movement.
jd
ie
uv
pl
to
us
tm
le
ql
jb
vo
yr
kp
Page 4 of 9
Question 3:
The figure below shows an encryption algorithm based on the Feistel structure. The algorithm
accepts plaintext blocks of 16 bits and uses a key of 8 bits. The plaintext is first passed to an
initial permutation block which rearranges the 16 bits of plaintext according to the table shown.
The output of this block divided into two halves. The right half is Xor-ed with the key, and a
permutation of the left half, to become the right half of ciphertext, CR. The left half undergoes
substitution and permutation operations before becoming the left half of ciphertext, CL. Note that
the key to the row transposition matrix is fixed.
a) Determine the decryption algorithm after finding all the inverse substitution and permutation
boxes.
b) Does P16 have any fixed points? Is it self-inverting?
Page 5 of 9
Answer:
b) Fixed points 6 and 11. Self-inverting 1 and 16
Page 6 of 9
Question 4:
Let a block cipher with secret key K be chained in the following way:
𝐶𝑖 = 𝑀𝑖−1 ⨁𝐸((𝑀𝑖 ⨁𝐶𝑖−1 ), 𝐾)
for i > 0
where M0 and C0 are fixed public initialization vectors, K is the secret key known to both
transmitter and receiver, and E and D represent encryption and decryption, respectively.
a) Determine the equation for decryption and draw the block diagram.
b) Suppose that ciphertext Cj is damaged in transmission, which plaintext blocks will be
decrypted incorrectly?
Answer:
𝑀𝑖 = 𝐷(𝐶𝑖 ⊕ 𝑀𝑖−1 , 𝐾)⨁𝐶𝑖−1
Chaining depends, not on the previous ciphertext, but on the previous message. Thus, an error Cj
results in all subsequent blocks to be decrypted incorrectly.
Page 7 of 9
Question 5:
In an RSA system, three users have chosen e = 3 as their public key exponent. The first user
chooses the modulus n1, second user chooses the modulus n2, while the third user chooses the
modulus, n3. Consider that a user A sends the same encrypted message M to all three users (C1 =
M3 mod n1, C2 = M3 mod n2, and C3 = M3 mod n3).
a)
Assume that n1, n2, n3 are pairwise relatively prime, which means that the attacker can
compute M3 mod (n1n2n3). Show how this vulnerability can be used to retrieve M.
b) For n1 = 255, n2 = 2911, and n3 = 7383, user A sends C1 = C2 = C3 =125, user the method
you specified in part a) to obtain M.
Answer:
a)
According to the rules of RSA, since M < n1, n2, n3, then M3 < n1n2n3. Thus, if the attacker
compute M3 mod (n1n2n3) the result will simply be equal to M3. Thus, the attacker can
simply calculate the cubic to find M.
3
b) 𝑀 = √125 = 5
Page 8 of 9
RSA Cryptosystem:
Page 9 of 9