A
INSE 6110 Midterm
LAST NAME
Fall 2015
Duration: 75 minutes
Question sheet is double-sided
QUESTION
1
2
FIRST NAME
ID NUMBER
3
4
5
Total
GRADE
[01]
(6 marks; 1 mark each) Answer each of the following with a sentence or two:
(a) Explain why it is a security problem if the key stream of stream cipher is reused.
(b) If a hash function is found to be collision resistant, is it also pre-image resistant?
(c) A hash function has an output of 192 bits. Is this enough to be secure in terms
of weak collision resistance, given NIST’s recommendation? What about (strong)
collision resistance? Why or why not?
INSE 6150 Test
Page 1 of 5
Variant A
(d) Alice rolls a loaded 8 sided die once. Then she flips a fair coin three times.
Which generated the most randomness? Note: you do not have to compute any
values, but do explain your answer using generalizations.
(e) Describe one way to win the CPA-security game with a block cipher in ECB
mode (assume I know how the game works and just describe how to win it).
(f) What is more likely: (i) that at least one person in a room of 100 people has the
same birthday as you, or (ii) that at least one pair of people in a room of 25
people have the same birthday? You do not have to compute any probabilities,
but do explain your answer using generalizations.
INSE 6150 Test
Page 2 of 5
Variant A
[02] (4 marks) Alice works for a company and needs to generate 100 AES keys
which are each 128 bits long. She had a database file with 1000 secret bits of true
randomness in it but unfortunately she accidentally merged the file with a bunch of
financial data and can’t pull the random bits back out. Answer the following:
(a) Describe how Alice can safely generate the keys using the file as it is.
(b) For each cryptographic function that you use, give an appropriate size for its
input and for its output.
(c) Describe, with an appropriate measure of randomness, the minimum amount of
randomness that must be in the file for your approach to work.
INSE 6150 Test
Page 3 of 5
Variant A
[03] (2 marks) Alice and Bob are talking on the phone and are trying to decide
where to eat. Alice wants pizza and Bob wants shawarma. They don’t realize there are
places that serve both. They decide to flip a coin, but since they can’t both see the flip
and don’t trust each other to report the outcome of the coin honestly, the decide on the
following protocol: Alice (claims to) picks a random number A of any size, hashes it
with SHA256 and sends H(A) to Bob. Bob (claims to) pick a random number B of any
size, hashes it with SHA256 and sends H(B) to Alice. Alice accepts H(B) if it is different
from H(A). Then Alice tells her value A to Bob. Bob tells Alice B. If the most significant
(leftmost) bits are different, they get Pizza. If they are the same, they get shawarma.
Bob finds a way to cheat the protocol so that they are guaranteed to get shawarma.
Explain exactly how he does it.
[04] (2 marks) Alice sends a message to Bob that is encrypted with AES 256 in CBC
mode. The original message is exactly four blocks long: <m1,m2,m3,m4>. Assuming
no padding is used, the ciphertext is also four blocks: <c1,c2,c3,c4>. Eve sees the IV
and ciphertext on its way to Bob and decides to replace the last block, c4, with a copy
of the first, c1, resulting in <c1,c2,c3,c1>. When Bob decrypts this modified ciphertext,
what message will he have?
INSE 6150 Test
Page 4 of 5
Variant A
[05] (6 marks) Eve is a spy and starts working at a company to steal their secrets.
She is trying to break into her boss’s office. The office has an RFID reader. When Eve
scans her card, the sensor sends an encryption of her employee ID to a server and the
server returns one encrypted 128-bit block of ciphertext. The ciphertext is the
encryption of a bitstring such as 01110010… The first bit corresponds to the first office
door in the company and a 0 means Eve does not have access. The second bit
corresponds to the second office door and a 1 means Eve does have access. The
office of Eve’s boss is in the fifth bit and is set to 0, meaning Eve does not have access.
Eve is able to tap the network connection between the sensor on the door and the
server, and is able to change the ciphertext sent from the server to the door.
(a) Assume the encryption function is a stream cipher: Can Eve unlock the door?
Why or why not?
(b) Assume the encryption function is a block cipher in ECB mode: Can Eve unlock
the door? Why or why not?
(c) Assume the encryption function is a block cipher in CBC mode: Can Eve unlock
the door? Why or why not?
INSE 6150 Test
Page 5 of 5
Variant A