Cryptography Reference
In-Depth Information
Problems
13.1.
In this exercise, we want to analyze some variants of key derivation. In prac-
tice, one
masterkey k
MK
is exchanged in a secure way (e.g. certificate-based DHKE)
between the involved parties. Afterwards, the session keys are regularly updated by
use of key derivation. For this purpose, three different methods are at our disposal:
(1)
k
0
=
k
MK
;
k
i
+1
=
k
i
+ 1
(2)
k
0
=
h
(
k
MK
);
k
i
+1
=
h
(
k
i
)
(3)
k
0
=
h
(
k
MK
);
k
i
+1
=
h
(
k
MK
||
k
i
)
where
h
() marks a (secure) hash function, and
k
i
is the
i
th session key.
1. What are the main differences between these three methods?
2. Which method provides
Perfect Forward Secrecy
?
3. Assume Oscar obtains the
n
th session key (e.g., via brute-force). Which sessions
can he now decrypt (depending on the chosen method)?
4. Which method remains secure if the masterkey
k
MK
is compromised? Give a
rationale!
i
||
13.2.
Imagine a peer-to-peer network where 1000 users want to communicate in an
authenticated and confidential way without a central Trusted Third Party (TTP).
1. How many keys are collectively needed, if symmetric algorithms are deployed?
2. How are these numbers changed, if we bring in a central instance (Key Distribu-
tion Center, KDC)?
3. What is the main advantage of a KDC against the scenario without a KDC?
4. How many keys are necessary if we make use of asymmetric algorithms?
Also differentiate between keys which
every
user has to store and keys which are
collectively necessary.
13.3.
You have to choose the cryptographic algorithms for a KDC where two differ-
ent classes of encryption occur:
e
k
U
,
KDC
(), where
U
denotes an arbitrary network node (user),
e
k
ses
() for the communication between two users.
You have the choice between two different algorithms, DES and 3DES (Triple-
DES), and you are advised to use distinct algorithms for both encryption classes.
Which algorithm do you use for which class? Justify your answer including aspects
of security as well as celerity.
13.4.
This exercise considers the security of key establishment with the aid of a
KDC. Assume that a hacker performs a successful attack against the KDC at the
point of time
t
x
, where all keys are compromised. The attack is detected.
1. Which (practical) measures have to be taken in order to prevent decryption of
future communication between the network nodes?
