代写CSE3400、代写book + notes、C/C++代做、代做Java，Python程序语言

日期：2019-05-01 10:00

CSE3400 Final Exam

Calculators are allowed

Closed book + notes.

Review HW Problems. An answer guide for HW5 will be available immediately after the due date.

Chapter 3: MAC

Know what a MAC is, but I won't ask you to prove or disprove something is a MAC. You will

have to use them though.

Know that MAC's are symmetric key systems.

Their purpose is to ensure integrity not secrecy

key holders can create a “tag” of any message

key holders can verify that the given tag and message are authentic (i.e., an adversary cannot

forge a tag without having the secret key)

Know the differences between MAC and digital signatures (beyond the latter being public key

of course).

Know how CBC MAC works to MAC a message of arbitrary, but fixed, length. Know the

definition of CBC MAC.

Chapter 5:

Know the definition of public key encryption

Be able to prove something is not a secure public key system

What is the difference between EAV and CPA in public key enc.? (Hint: there is none – but why?)

Know the DH key exchange protocol and text-book RSA. If you need OAEP I will provide you

the definitions

Be able to derive a public/private key given small numbers for textbook RSA.

Given the definition of OAEP, understand the meaning behind it (e.g., why pad with 0's?

Why pad with random “r”?)

If you need ElGamal, I will give you the definitions

Be able to construct MitM attacks against protocols (e.g., key exchange, enc., or more broad –

much like on HW4)

Chapter 7:

Know the SSL/TLS handshake protocol and why each part is important (e.g., why is it

important that both server and client choose “nonces”)

I will provide you with the general handshake protocol – but know why each part of it is

important for security

Also know how many keys are actually established at the end – and why? Also, why not

just use a single session key?

Given a variant of the handshake protocol, show it is insecure.

Know about certificate authorities – what problem do they solve? What are the strengths and

weaknesses of that system? What, at a minimum, must be in a certificate and why?

Know the history of SSL/TLS – not exact dates, but what was the difference in v2 and v3 for

instance?

What security guarantees does SSL/TLS give?

What is the cipher suite downgrade attack?

Wireless Security:

Given the four-way handshake used by WPA2, explain the importance of each step or certain

design choices

Given a modified handshake protocol, show it is insecure by constructing an actual attack.

Know the general history of WEP/WPA/WPA2 (not exact dates necessarily)

General (Combination of Chapters 3,5, and 7, plus past work):

Be able to construct attacks against a given protocol given a particular attack model (e.g., EAV

or MitM)

Be able to construct a secure protocol (e.g., key exchange), given certain tools and a security

model.