CS 231: Computer Security

Cryptographic scenarios

You may work alone or with a partner.

What you have to work with

Suppose Alice, Bob, Eve, and all their friends and enemies have access to the following.

• A symmetric encryption algorithm (e.g. AES). Use the function S to represent this, so SK(M) is the message M encrypted using the key K. If you need to represent decryption, use a -1 superscript to indicate inverse. For example, SK-1(SK(M)) = M. (Note that before Alice and Bob can use this algorithm, they have to agree on a key K, which is not automatically provided to them.)

• Public/private key pairs for everybody. Instead of (n, e) and (n, d), use functional notation for this, with EA for public key encryption and DA for private key decryption. For example, if Bob wants to send an encrypted message to Alice, he will send her EA(M) and she will then compute DA(EA(M)) = M to read the message.

  Keep in mind that public key encryption is used in practice exclusively for short messages (e.g. hash function digests).

  You may assume unless instructed otherwise that everybody has a correct copy of everybody else's public key, and that they have all kept their private keys private. This assumption is a big one--exchanging public keys safely is a hard problem.

• A Diffie-Hellman key exchange procedure. If you want to use this, just say "Alice and Bob use Diffie-Hellman to agree on a shared secret key K" or something like that.
• A cryptographic hash function H (e.g. SHA-256). Represent the hash of a message M by H(M).

The scenarios

For each of the following scenarios, describe as concisely as you can how you would use the tools listed above to achieve the goals described in the scenario. Then, briefly explain why your plan achieves those goals. These answers can be short. (Also, it's possible that a single plan might address the goals in more than one of the scenarios.)

We'll use Eve to refer to any eavesdropper, and Mal to refer to any person attempting a man-in-the-middle attack.

1. Alice wants to send Bob a long message, and she doesn't want Eve to be able to read it.
2. Alice wants to send Bob a long message, and she doesn't want Eve to be able to read it. (Give me a different solution than in the previous scenario. You may need to abuse one of the available tools.)
3. Alice wants to send Bob a long message. She doesn't want Mal to be able to intercept, read, and modify the message without Bob detecting the change.
4. Alice wants to send Bob a long message, she doesn't want Eve to be able to read it, and she wants Bob to have confidence that it was Alice who sent the message.
5. Alice wants to send Bob a long message (in this case, it's a contract between AliceCom and BobCom). She doesn't want Eve to be able to read it. She wants Bob to have confidence that it was Alice who sent the message. She doesn't want Bob to be able to change the document and claim successfully in court that the changed version was the real version. And finally, Bob doesn't want Alice to be able to say in court that she never sent the contract in the first place.
6. Alice owns a well-known software development company, and she wants to post some new free software online. Her customers want to make sure that when they download it, they're getting the original AliceCom software, and not a modified (and possibly malicious) version.