Cryptography Reference
In-Depth Information
(d) generating a one-time pad key for a high-security application;
(e) generating a nonce on a server for use in a dynamic password scheme.
3
.
In Section 8.1.3 we provided some examples of software-based non-
deterministic random number generation techniques. Find out which (com-
binations of) these techniques are currently recommended from:
(a) a security perspective;
(b) a practical perspective.
4
. One technique for proving freshness is to use a clock-based mechanism.
(a) What standard means are there of providing an internationally recognised
notion of clock-based time?
(b) Explain why it is important to protect the integrity of a timestamp.
(c) Describe in detail how to provide integrity protection for a timestamp.
5
.
In practice we often have to be more pragmatic about implementing security
controls than the theory suggests:
(a) Under what circumstances might it make sense for an application that
employs sequence numbers to accept a sequence number as 'fresh' even
if the most recently received sequence number is not greater in value than
the previously received sequence number?
(b) Suggest a simple 'policy' for managing this type of situation.
6
. A nonce, as we defined it in Section 8.2.3, is in most cases a pseudorandom
number.
(a) Explain why this means that we cannot guarantee that a particular nonce
has not been used before.
(b) What should we do if we require a
guarantee
that each nonce is used at
most once?
(c) The terms
nonce
and
salt
are used in different areas of cryptography (and
not always consistently). Conduct some research on the use of these terms
and suggest, in general, what the difference is between them.
7
. For each of the following, explain what problems might arise if we base a
freshness mechanism on the suggested component:
(a) an inaccurate clock;
(b) a sequence number that regularly cycles around;
(c) a nonce that is randomly generated from a small space.
8
. Freshness and liveness are closely related concepts.
(a) Explain the difference between freshness and liveness by providing
examples of applications that require these slightly different notions.
(b) For each of the freshness mechanisms discussed in this chapter, explain
how to use the freshness mechanism to provide a check of liveness.
