1. What is penetration testing?
A procedure for testing libraries or other program components for vulnerabilities
Whole-system testing for security flaws and bugs
A security-minded form of unit testing that applies early in the development process
All of the above
2. Which of the following are benefits of penetration testing?
Results are often reproducible
Full evidence of security: a clean test means a secure system
Compositionality of security properties means tested components are secure even if others change
They specifically consider adversarial thinking, which is not usually necessary for normal tests
3. What does it mean to "be stealthy" during a penetration test?
Performing the tests from an undisclosed location
Using encryption during tests to make the source of attacks impossible to determine
Performing penetration testing without the target organization knowing
Taking care to avoid activities during a penetration test that might attract attention, e.g., by operators or IDS services
4. What is a web proxy?
A piece of software that intercepts and possibly modifies requests (and responses) between a web browser and web server
An agent that makes decisions on the client's behalf when interacting with web applications
A piece of software that makes a web application look like a standalone application, making it easier to test
A simulator for the web, for use when off-line
5. What is Nmap?
It is a scanner which works by injecting packets to a range of addresses, and inferring what hosts and services might be at those addresses, based on the responses
It is a network fuzz testing tool
It is a map of the Internet
It is a suite of tools for scripting attacks: probe, construct, encode, inject, wait for response
6. What is ethical hacking?
"Hacking" ethics so they justify unintended selfish behavior
Hacking systems (e.g., during penetration testing) to expose vulnerabilities so they can be fixed, rather than exploited
Hacking into systems run by those whose ethics you disagree with
A slang term for rapid software development, e.g., as part of hackathons
7. Which of the following statements describe fuzz testing (aka fuzzing)?
It is concerned with finding known-bad behaviors, like crashes and hangs
It is always black-box, in being indifferent to the software's functionality
It is a cost-effective replacement for functional testing
It has been used to find security vulnerabilities in many commodity programs
8. Which of the following are true of whitebox fuzzing?
It makes no sense to combine it with grammar-based fuzzing since the latter is just another way to consider the program's semantics
SAGE is (at least in part) a whitebox fuzzer
Radamsa is (at least in part) a whitebox fuzzer
It takes into account the program's internals in some manner when deciding which inputs to choose
9.
Which of the following is true of mutation-based fuzzing?
It generates each different input by modifying a prior input
It works by making small mutations to the target program to induce faults
Each input is mutation that follows a given grammar
It only makes sense for file-based fuzzing, not network-based fuzzing
10. Which of the following styles of fuzzer is more likely to explore paths covering every line of code in the following program?
Generational
Blackbox
Whitebox
Mutation-based
11. Which of the following are functions of a network-based fuzzer?
Acting as a client
Acting as a server
Acting as a "man in the middle"
12. Suppose you want to use fuzzing on a program to try to find memory errors; which of the following statements is true?
You should not use a grammar-based fuzzer, because its adherence to the grammar means it will not find memory errors
Compiling the program with address sanitizer (ASAN) will make errors harder to reproduce
Compiling the program with address sanitizer (ASAN) will make the source of a memory error easier to find
Fuzzing doesn't find memory errors, it finds crashes and hangs
Wednesday, January 25, 2017
Hardware Quiz 2
1. Which of the followings are the goals of IP protection? Check all that apply.
Ensure that the IP is compatible with other IPs
Improve the quality of the IP
Protect IP against unauthorized use
Trace IPs
Protect testing data associated with the IP
2. You want to minimize a 4-variable function F(a,b,c,d) with two don't care conditions, {a=b=c=d=1} and {a=d=1,b=c=0} (or abcd and ab′c′d). To embed your signature with the watermarking approach described on slide "Watermarking a Boolean Formula" (page 1 in "Watermarking Examples"), you decide to minimize F(a,b,c,d)+abcd instead, what is your signature?
01
11
00
10
3. A good watermark will be difficult or impossible to be removed by any adversary without detailed knowledge about the watermark, this property is known as
easy detectability
high credibility
resilience
transparency
4. A good watermark should not require major modification to the industrial design tools and design software, this property is known as
resilience
low overhead
fairness
transparency
5. In the slide of "Public Watermarking GP Problem" (page 6 in "Good Watermarks"), which of the followings should be made to the public? Check all that apply.
The public watermark you want to embed in the solution
The rules on how each public watermarking bit will be embedded
The scheme that public watermark head and body will be constructed
The pairs of nodes selected to embed the public watermark bits
6. In the node duplication example for fingerprinting graph coloring solutions, (see slide "Fingerprinting: Node Duplication", page 4 in "Fingerprinting"), if we add a new node B' as the duplicate of node B, which nodes should B' be connected to? Check all that apply.
A
D
F
B
C
E
7. Bob decides to use the clique manipulation method to generate fingerprinting solutions to the graph coloring problem, (see slide "Fingerprinting: Clique Manipulation", page 5 in "Fingerprinting"). He finds a clique of 4 nodes and apply the method. How many distinct solutions can Bob generate?
24 = 16
4
1
4! = 24
44 = 256
8. In the slide "Fingerprinting: Don’t Cares (I)" (page 6 in "Fingerprinting"), Alice decides to create fingerprinting copies of the original circuit by adding a new connection to the OR gate, which of the followings are correct? Check all that apply.
connect signal X' to the OR gate
connect signal A to the OR gate
connect signal X to the OR gate
connect signal B to the OR gate
9. When we use serial number as the tag for a device, which property does this tag have? Check all that apply.
unclonable
functional
passive
reproducible
intrinsic
10.
IC metering methods that can also be used to lock, unlock, enable, disable, or controll the IC are known as ________ metering method.
active
passive
11. IC tags that are based on fabrication variations have the property of ____________ and therefore will be a good candidate to countermeasure foundry overbuilding.
extrinsic
intrinsic
reproducible
unclonable
Ensure that the IP is compatible with other IPs
Improve the quality of the IP
Protect IP against unauthorized use
Trace IPs
Protect testing data associated with the IP
2. You want to minimize a 4-variable function F(a,b,c,d) with two don't care conditions, {a=b=c=d=1} and {a=d=1,b=c=0} (or abcd and ab′c′d). To embed your signature with the watermarking approach described on slide "Watermarking a Boolean Formula" (page 1 in "Watermarking Examples"), you decide to minimize F(a,b,c,d)+abcd instead, what is your signature?
01
11
00
10
3. A good watermark will be difficult or impossible to be removed by any adversary without detailed knowledge about the watermark, this property is known as
easy detectability
high credibility
resilience
transparency
4. A good watermark should not require major modification to the industrial design tools and design software, this property is known as
resilience
low overhead
fairness
transparency
5. In the slide of "Public Watermarking GP Problem" (page 6 in "Good Watermarks"), which of the followings should be made to the public? Check all that apply.
The public watermark you want to embed in the solution
The rules on how each public watermarking bit will be embedded
The scheme that public watermark head and body will be constructed
The pairs of nodes selected to embed the public watermark bits
6. In the node duplication example for fingerprinting graph coloring solutions, (see slide "Fingerprinting: Node Duplication", page 4 in "Fingerprinting"), if we add a new node B' as the duplicate of node B, which nodes should B' be connected to? Check all that apply.
A
D
F
B
C
E
7. Bob decides to use the clique manipulation method to generate fingerprinting solutions to the graph coloring problem, (see slide "Fingerprinting: Clique Manipulation", page 5 in "Fingerprinting"). He finds a clique of 4 nodes and apply the method. How many distinct solutions can Bob generate?
24 = 16
4
1
4! = 24
44 = 256
8. In the slide "Fingerprinting: Don’t Cares (I)" (page 6 in "Fingerprinting"), Alice decides to create fingerprinting copies of the original circuit by adding a new connection to the OR gate, which of the followings are correct? Check all that apply.
connect signal X' to the OR gate
connect signal A to the OR gate
connect signal X to the OR gate
connect signal B to the OR gate
9. When we use serial number as the tag for a device, which property does this tag have? Check all that apply.
unclonable
functional
passive
reproducible
intrinsic
10.
IC metering methods that can also be used to lock, unlock, enable, disable, or controll the IC are known as ________ metering method.
active
passive
11. IC tags that are based on fabrication variations have the property of ____________ and therefore will be a good candidate to countermeasure foundry overbuilding.
extrinsic
intrinsic
reproducible
unclonable
Hardware Quiz 1
1. As her Christmas gift, Joyce received a toy doll with a small computer chip embedded. When she presses the tummy of the doll, it says "Hello, Joyce!"; when she presses again, it says "Merry Christmas!"; on the next press, it says "I love you!"; and whenever Joyce presses twice quickly, it says "Good-bye!".
Which of the following statements about the doll are correct? Check all that apply.
the chip is a synchronous system
the chip contains memory elements
the chip can recongize two different inputs
the chip is a combinational system
2. Bob is designing a digital system to implement the multiplication table. When two single-digit integers (0-9), e.g. 4 and 7, are entered, the system will output their product (28 in this case). When both input and output are expressed in binary, the system should have 8 bits as input (4 bits for each number) and 7 bits as output (the largest output is 81 and needs no more than 7 bits).
There are 2^8 = 256 combinations for the 8 input bits. However, for the multiplication table, there will be only 100 entries (axb with both a and b go from 0 to 9). So there will be 256-100 = 156 don't care conditions.
Please enter 1 to show that you have understood this and earn the point :)
3. Which of the following gate(s) are universal? Check all that apply.
hint: A universal gate should be able to implement {AND, OR, NOT}
{OR, NOT}
NAND
XOR
{AND, OR}
4. For the 3-input gate f(x,y,z)=x′yz+xy′+y′z, what is the value of f(x,0,1)?
0
none of the others
x'
1
x
5. f(x,y,z) is a 3-input 2-output function. How many different f(x,y,z) can we have to make f(0,0,1)=01,f(0,1,0)=10,f(1,0,0)=11 ?
(hint: Two functions are different if there is an input combination on which the two functions give different output. Think about what could be the output of f on each of the input combinations other than the 3 specified cases).
1024
6. For the four 2-input logic gates (NAND, NOR, XOR, XNOR), each with x and y as their inputs, which of the following statements about observability don't care (ODC) are true? Check all that apply. (If you forget the definition of these standard logic gates, you can find them in the slide "Example: System Implementation").
when y=0, x input is ODC for NAND gate
when y=0, x input is ODC for XOR gate
when x=0, y input is ODC for NOR gate
there is no ODC for XNOR gate
7. Consider the following two functions, S and C, defined on three inputs x, y, z: S(x,y,z)=x⊕y⊕z, C(x,y,z)=x∙y+z∙(x⊕y), where ⊕ is the XOR gate, + is the OR gate, and ∙ is the AND gate.
Which of the following conditions are satisfiability don't cares? Check all that apply.
x=1, y=1, z=0, C=1
x=0, y=0, z=1, S=0
x=1, y=1, z=1, S=1
x=0, z=0, C=1
Which of the following statements about the doll are correct? Check all that apply.
the chip is a synchronous system
the chip contains memory elements
the chip can recongize two different inputs
the chip is a combinational system
2. Bob is designing a digital system to implement the multiplication table. When two single-digit integers (0-9), e.g. 4 and 7, are entered, the system will output their product (28 in this case). When both input and output are expressed in binary, the system should have 8 bits as input (4 bits for each number) and 7 bits as output (the largest output is 81 and needs no more than 7 bits).
There are 2^8 = 256 combinations for the 8 input bits. However, for the multiplication table, there will be only 100 entries (axb with both a and b go from 0 to 9). So there will be 256-100 = 156 don't care conditions.
Please enter 1 to show that you have understood this and earn the point :)
3. Which of the following gate(s) are universal? Check all that apply.
hint: A universal gate should be able to implement {AND, OR, NOT}
{OR, NOT}
NAND
XOR
{AND, OR}
4. For the 3-input gate f(x,y,z)=x′yz+xy′+y′z, what is the value of f(x,0,1)?
0
none of the others
x'
1
x
5. f(x,y,z) is a 3-input 2-output function. How many different f(x,y,z) can we have to make f(0,0,1)=01,f(0,1,0)=10,f(1,0,0)=11 ?
(hint: Two functions are different if there is an input combination on which the two functions give different output. Think about what could be the output of f on each of the input combinations other than the 3 specified cases).
1024
6. For the four 2-input logic gates (NAND, NOR, XOR, XNOR), each with x and y as their inputs, which of the following statements about observability don't care (ODC) are true? Check all that apply. (If you forget the definition of these standard logic gates, you can find them in the slide "Example: System Implementation").
when y=0, x input is ODC for NAND gate
when y=0, x input is ODC for XOR gate
when x=0, y input is ODC for NOR gate
there is no ODC for XNOR gate
7. Consider the following two functions, S and C, defined on three inputs x, y, z: S(x,y,z)=x⊕y⊕z, C(x,y,z)=x∙y+z∙(x⊕y), where ⊕ is the XOR gate, + is the OR gate, and ∙ is the AND gate.
Which of the following conditions are satisfiability don't cares? Check all that apply.
x=1, y=1, z=0, C=1
x=0, y=0, z=1, S=0
x=1, y=1, z=1, S=1
x=0, z=0, C=1
Tuesday, January 24, 2017
Week 2 Quiz
1. Two ASCII messages containing English letters and spaces only are encrypted using the one-time pad and the same key. The 10th byte of the first ciphertext is observed to be 0xB7 and the 10th byte of the second ciphertext is observed to be 0xE7. Let m1 (resp., m2) denote the 10th ASCII character in the first (resp., second) message. What is the most you can conclude about m1 and m2?
One of m1 or m2 is the space character, and the other is the character 'p'.
m1 is the space character and m2 is the character 'p'.
m1 is the character 'p' and m2 is the space character.
m1 is the character 'B' and m2 is the character 'E'.
Nothing can be determined about m1 or m2 since the one-time pad is perfectly secret.
2. Three ASCII messages containing English letters and spaces only are encrypted using the one-time pad and the same key. The 10th byte of the first ciphertext is observed to be 0x66, the 10th byte of the second ciphertext is observed to be 0x32, and the 10th byte of the third ciphertext is observed to be 0x23. Let m1 (resp., m2, m3) denote the 10th ASCII character in the first (resp., second, third) message. What is the most you can conclude about m1, m2, and m3?
Nothing can be determined about m1, m2, or m3 since the one-time pad is perfectly secret.
m1 is the character 't', m2 is the space character, and m3 is the character 's'.
m1 is the space character, m2 is the character 't', and m3 is the character 'e'.
Exactly one of m1, m2, or m3 is the space character, but nothing else can be determined.
3. Which of the following is true about computational secrecy? (Select all that apply.)
Computational secrecy means that it is trivial for an attacker to always learn the entire message.
Computational secrecy currently relies on unproven assumptions.
Computational secrecy only ensures secrecy against attackers running in some bounded amount of time.
Computational secrecy allows an attacker to learn information about the message with small probability.
4. Let G be a function mapping n-bit inputs to 2n-bit outputs. Which of the following is true of the pseudo one-time pad encryption scheme based on G? (Check all that apply.)
The scheme is computationally secret if G is a pseudorandom generator.
The key space of the scheme is at least as large as the message space.
The scheme can be used securely to encrypt multiple messages using the same key.
The scheme is perfectly secret.
5. Which of the following attackers can be used to demonstrate that the shift cipher for 3-character messages does not satisfy perfect indistinguishability?
Output m0 = 'aaa' and m1 = 'abc'. Given challenge ciphertext C, output 0 if the first character of C is 'a'.
Output m0 = 'aaa' and m1 = 'bbb'. Given challenge ciphertext C, output 0 if the first character of C is 'a'.
Output m0 = 'aaa' and m1 = 'abc'. Given challenge ciphertext C, output 1 if the three characters of C are all different.
Output m0 = 'abc' and m1 = 'bcd'. Given challenge ciphertext C, output 1 if the three characters of C are all different.
6. Which of the following is a negligible function? (Check all that apply.)
f(n) = 1/n.
f(n) = 1/2^n
f(n) = 1/2
One of m1 or m2 is the space character, and the other is the character 'p'.
m1 is the space character and m2 is the character 'p'.
m1 is the character 'p' and m2 is the space character.
m1 is the character 'B' and m2 is the character 'E'.
Nothing can be determined about m1 or m2 since the one-time pad is perfectly secret.
2. Three ASCII messages containing English letters and spaces only are encrypted using the one-time pad and the same key. The 10th byte of the first ciphertext is observed to be 0x66, the 10th byte of the second ciphertext is observed to be 0x32, and the 10th byte of the third ciphertext is observed to be 0x23. Let m1 (resp., m2, m3) denote the 10th ASCII character in the first (resp., second, third) message. What is the most you can conclude about m1, m2, and m3?
Nothing can be determined about m1, m2, or m3 since the one-time pad is perfectly secret.
m1 is the character 't', m2 is the space character, and m3 is the character 's'.
m1 is the space character, m2 is the character 't', and m3 is the character 'e'.
Exactly one of m1, m2, or m3 is the space character, but nothing else can be determined.
3. Which of the following is true about computational secrecy? (Select all that apply.)
Computational secrecy means that it is trivial for an attacker to always learn the entire message.
Computational secrecy currently relies on unproven assumptions.
Computational secrecy only ensures secrecy against attackers running in some bounded amount of time.
Computational secrecy allows an attacker to learn information about the message with small probability.
4. Let G be a function mapping n-bit inputs to 2n-bit outputs. Which of the following is true of the pseudo one-time pad encryption scheme based on G? (Check all that apply.)
The scheme is computationally secret if G is a pseudorandom generator.
The key space of the scheme is at least as large as the message space.
The scheme can be used securely to encrypt multiple messages using the same key.
The scheme is perfectly secret.
5. Which of the following attackers can be used to demonstrate that the shift cipher for 3-character messages does not satisfy perfect indistinguishability?
Output m0 = 'aaa' and m1 = 'abc'. Given challenge ciphertext C, output 0 if the first character of C is 'a'.
Output m0 = 'aaa' and m1 = 'bbb'. Given challenge ciphertext C, output 0 if the first character of C is 'a'.
Output m0 = 'aaa' and m1 = 'abc'. Given challenge ciphertext C, output 1 if the three characters of C are all different.
Output m0 = 'abc' and m1 = 'bcd'. Given challenge ciphertext C, output 1 if the three characters of C are all different.
6. Which of the following is a negligible function? (Check all that apply.)
f(n) = 1/n.
f(n) = 1/2^n
f(n) = 1/2
f(n) = n/2^n
7. Define the following function G taking n-bit inputs and producing (n+1)-bit outputs: G(x)=x∥0, where ∥ denotes concatenation. Which of the following attackers shows that this G is not a pseudorandom function?
On input an (n+1)-bit string y, output 0 if the last bit of y is 0.
On input an (n+1)-bit string y, output 1 if the first bit of y is 0.
On input an (n+1)-bit string y, output 0 if the first bit of y is 0.
On input an (n+1)-bit string y, output 0 if the first bit of y is equal to the last bit of y.
8. Say G is a pseudorandom generator taking n-bit inputs and producing 2n-bit outputs. Which of the following are necessarily true? (Check all that apply. The symbol '|' is used here for string concatenation.)
G(r) | G(r+1) is computationally indistinguishable from a uniform, 4n-bit string if r is a uniform n-bit string.
G(r) is computationally indistinguishable from a uniform, 2n-bit string if r is a uniform n-bit string.
r | G(r) is computationally indistinguishable from a uniform, 3n-bit string if r is a uniform n-bit string.
G(0 | r) is computationally indistinguishable from a uniform, 2n-bit string if r is a uniform (n-1)-bit string.
9. Which of the following is a setting in which a pseudorandom generator could be applied?
You have a 1 MB file that you would like to compress.
You have a way to generate random bits at the rate of 100 bits/second, but you need 1,000,000 random bits to run a statistical simulation.
You have a 1 MB file and you would like to make sure that it has not been tampered with.
10. Consider a pseudo one-time pad encryption scheme Π constructed using some function G. Which of the following did our proof of security for the pseudo one-time pad show?
Π is always perfectly secret, for any G.
If G is a pseudorandom generator, then Π is computationally secret.
If G is a pseudorandom generator, then Π is perfectly secret.
Π is always computationally secret, for any G.
7. Define the following function G taking n-bit inputs and producing (n+1)-bit outputs: G(x)=x∥0, where ∥ denotes concatenation. Which of the following attackers shows that this G is not a pseudorandom function?
On input an (n+1)-bit string y, output 0 if the last bit of y is 0.
On input an (n+1)-bit string y, output 1 if the first bit of y is 0.
On input an (n+1)-bit string y, output 0 if the first bit of y is 0.
On input an (n+1)-bit string y, output 0 if the first bit of y is equal to the last bit of y.
8. Say G is a pseudorandom generator taking n-bit inputs and producing 2n-bit outputs. Which of the following are necessarily true? (Check all that apply. The symbol '|' is used here for string concatenation.)
G(r) | G(r+1) is computationally indistinguishable from a uniform, 4n-bit string if r is a uniform n-bit string.
G(r) is computationally indistinguishable from a uniform, 2n-bit string if r is a uniform n-bit string.
r | G(r) is computationally indistinguishable from a uniform, 3n-bit string if r is a uniform n-bit string.
G(0 | r) is computationally indistinguishable from a uniform, 2n-bit string if r is a uniform (n-1)-bit string.
9. Which of the following is a setting in which a pseudorandom generator could be applied?
You have a 1 MB file that you would like to compress.
You have a way to generate random bits at the rate of 100 bits/second, but you need 1,000,000 random bits to run a statistical simulation.
You have a 1 MB file and you would like to make sure that it has not been tampered with.
10. Consider a pseudo one-time pad encryption scheme Π constructed using some function G. Which of the following did our proof of security for the pseudo one-time pad show?
Π is always perfectly secret, for any G.
If G is a pseudorandom generator, then Π is computationally secret.
If G is a pseudorandom generator, then Π is perfectly secret.
Π is always computationally secret, for any G.
Cryptography Quiz 1
1. Consider the Vigenere cipher over the lowercase English alphabet, where the key length can be anything from 8 to 12 characters. What is the size of the key space for this scheme?
4 * 26^12
26^8 + 26^9 + 26^10 + 26^11 + 26^12
26!
26^12
2. Consider the Vigenere cipher over the lowercase English alphabet, where the key has length 8. For which of the following message spaces will this scheme be perfectly secret? (Check all that apply.)
The set of all 8-character strings of lowercase English letters.
The set of all 7-character strings of lowercase English letters.
The set of all 9-character strings of lowercase English letters.
The set of all strings of lowercase English letters containing at most 8 characters.
4. Say we have a scheme with a claimed proof of security with respect to some definition, based on some assumption. The scheme was successfully attacked when used in the real world. What are possible reasons for this? (Check all that apply.)
The proof might be incorrect.
The assumption may be false.
The definition of security may not correctly capture the real-world threat model.
The attacker did not read the proof of security.
5. In the definition of perfect secrecy, what threat model is assumed?
The attacker can eavesdrop on as many ciphertexts as it likes.
The attacker can eavesdrop on a single ciphertext.
The attacker is able to interfere with the communication channel between the two honest parties.
The attacker can carry out a chosen-plaintext attack.
6. Consider the Vigenere cipher over the lowercase English alphabet, where the key can have length 1 or length 2, each with 50% probability. Say the distribution over plaintexts is Pr[M='aa'] = 0.4 and Pr[M='ab'] = 0.6. What is Pr[C='bb']? Express your answer to 4 decimal places with a leading 0, i.e., if your answer was 1/2 then you would enter 0.5000 (without a trailing period).
0.0084
7. Consider the Vigenere cipher over the lowercase English alphabet, where the key can have length 1 or length 2, each with 50% probability. Say the distribution over plaintexts is Pr[M='aa'] = 0.4 and Pr[M='ab'] = 0.6. What is Pr[M='aa' | C='bb']? Express your answer to 4 decimal places with a leading 0, i.e., if your answer was 1/2 then you would enter 0.5000 (without a trailing period). Note: carry out the calculation exactly (i.e., do not use the truncated result that you entered as your answer in the previous question) before truncating your answer to 4 decimal places.
0.9473
8. Which of the following are true for obtaining perfect secrecy using the one-time pad, assuming the message space contains messages all of some fixed length? (Check all that apply.)
The all-0 key must be avoided, since when the all-0 key is used the ciphertext is equal to the message being encrypted.
The key must be as least as long as the messages in the message space.
The key should be shared between the two communicating parties, and kept secret from any potential attacker.
The key should be chosen uniformly.
9. Consider the one-time pad over the message space of 5-bit strings, where Pr[M=00100] = 0.1 and Pr[M=11011] = 0.9. What is Pr[C=00000]? Express your answer to 5 decimal places with a leading 0. I.e., if your answer was 1/2, then you would enter 0.50000 (without a trailing period).
0.03125
10. Which of the following are true about the Vigenere cipher? (Check all that apply.)
The Vigenere cipher is computationally infeasible to break if the key has length 100, even if 1000s of characters of plaintext are encrypted.
The Vigenere cipher can always be broken, regardless of the length of the key and regardless of the length of plaintext being encrypted.
A Vigenere cipher with key of length 100 can be broken (in a reasonable amount of time) using exhaustive search of the key space.
The Vigenere cipher is perfectly secret if the length of the key is equal to the length of the messages in the message space.
4 * 26^12
26^8 + 26^9 + 26^10 + 26^11 + 26^12
26!
26^12
2. Consider the Vigenere cipher over the lowercase English alphabet, where the key has length 8. For which of the following message spaces will this scheme be perfectly secret? (Check all that apply.)
The set of all 8-character strings of lowercase English letters.
The set of all 7-character strings of lowercase English letters.
The set of all 9-character strings of lowercase English letters.
The set of all strings of lowercase English letters containing at most 8 characters.
3. What is the result of encrypting the ASCII plaintext "cool!" using the variant Vigenere cipher (where encryption is done using byte-wise XOR) and key 0x01 3F?
0x62 50 6E 53 20
0x62 50 6F 6C 21
0x63 6F 6F 6C 21
0x26 05 E6 35 02
0x62 50 6E 53 20
0x62 50 6F 6C 21
0x63 6F 6F 6C 21
0x26 05 E6 35 02
4. Say we have a scheme with a claimed proof of security with respect to some definition, based on some assumption. The scheme was successfully attacked when used in the real world. What are possible reasons for this? (Check all that apply.)
The proof might be incorrect.
The assumption may be false.
The definition of security may not correctly capture the real-world threat model.
The attacker did not read the proof of security.
5. In the definition of perfect secrecy, what threat model is assumed?
The attacker can eavesdrop on as many ciphertexts as it likes.
The attacker can eavesdrop on a single ciphertext.
The attacker is able to interfere with the communication channel between the two honest parties.
The attacker can carry out a chosen-plaintext attack.
6. Consider the Vigenere cipher over the lowercase English alphabet, where the key can have length 1 or length 2, each with 50% probability. Say the distribution over plaintexts is Pr[M='aa'] = 0.4 and Pr[M='ab'] = 0.6. What is Pr[C='bb']? Express your answer to 4 decimal places with a leading 0, i.e., if your answer was 1/2 then you would enter 0.5000 (without a trailing period).
0.0084
7. Consider the Vigenere cipher over the lowercase English alphabet, where the key can have length 1 or length 2, each with 50% probability. Say the distribution over plaintexts is Pr[M='aa'] = 0.4 and Pr[M='ab'] = 0.6. What is Pr[M='aa' | C='bb']? Express your answer to 4 decimal places with a leading 0, i.e., if your answer was 1/2 then you would enter 0.5000 (without a trailing period). Note: carry out the calculation exactly (i.e., do not use the truncated result that you entered as your answer in the previous question) before truncating your answer to 4 decimal places.
0.9473
8. Which of the following are true for obtaining perfect secrecy using the one-time pad, assuming the message space contains messages all of some fixed length? (Check all that apply.)
The all-0 key must be avoided, since when the all-0 key is used the ciphertext is equal to the message being encrypted.
The key must be as least as long as the messages in the message space.
The key should be shared between the two communicating parties, and kept secret from any potential attacker.
The key should be chosen uniformly.
9. Consider the one-time pad over the message space of 5-bit strings, where Pr[M=00100] = 0.1 and Pr[M=11011] = 0.9. What is Pr[C=00000]? Express your answer to 5 decimal places with a leading 0. I.e., if your answer was 1/2, then you would enter 0.50000 (without a trailing period).
0.03125
10. Which of the following are true about the Vigenere cipher? (Check all that apply.)
The Vigenere cipher is computationally infeasible to break if the key has length 100, even if 1000s of characters of plaintext are encrypted.
The Vigenere cipher can always be broken, regardless of the length of the key and regardless of the length of plaintext being encrypted.
A Vigenere cipher with key of length 100 can be broken (in a reasonable amount of time) using exhaustive search of the key space.
The Vigenere cipher is perfectly secret if the length of the key is equal to the length of the messages in the message space.
Subscribe to:
Posts (Atom)