Quiz 1 PostMortem Bruce Maggs Quiz Scores Quiz

  • Slides: 10
Download presentation
Quiz 1 Post-Mortem Bruce Maggs

Quiz 1 Post-Mortem Bruce Maggs

Quiz Scores • • Quiz is graded on a curve Average score: 66. 76

Quiz Scores • • Quiz is graded on a curve Average score: 66. 76 / 100 Median score: 68 / 100 High score: 92 / 100 2

The operator can learn who (which IP addresses) are accessing TOR, and which relay

The operator can learn who (which IP addresses) are accessing TOR, and which relay is next. But the operator cannot see the contents of any traffic, because it is encrypted all the way to the exit relay. The exit relay can see which “sites” the users of Tor are connecting to, and if the traffic to those sites is unencrypyted, it can see the traffic itself. 3

With enough relays, the attacker might be able to see the entire path from

With enough relays, the attacker might be able to see the entire path from first relay to exit relay. Even without seeing the entire path, using timing information, the attacker might still be able to determine which clients were connecting to which sites. Access to illegal Web sites might be attributed to you! Or downloading copyrighted content by Tor users might get you sued! Plus who wants the scrutiny of being on the public list of Tor relays? 4

If both sides can store a lot of shared private data in advance, then

If both sides can store a lot of shared private data in advance, then they can store a one-time pad of random bits, and have the most secure communication possible. Diffie-Hellman, SSH, TLS/SSL, Quantum Communication: (1) not the “most” secure, and (2) don’t require pre-stored private shared data 5

In advance, client and server share a private key to initialize CSPRNG. Now, for

In advance, client and server share a private key to initialize CSPRNG. Now, for each login session, both sides use CSPRNG to generate next password, e. g. , next 128 bits of pseudo-random data. Note: this problem does not mention/require encryption. 6

Bob’s login password on livingontheedge. cs. duke. edu, and the file permissions on the

Bob’s login password on livingontheedge. cs. duke. edu, and the file permissions on the private key protect the key. The administrator of livingontheedge. cs. duke. edu can become root, and then change user to become Bob and read the private key. If gatewaymachine. getrichquick. com is compromised, then the attacker can get everyone’s password, and users often use the same password on muiltiple machines. 7

The client cannot differentiate between the hosting service and the content provider. The hosting

The client cannot differentiate between the hosting service and the content provider. The hosting service can modify the page so that the client never connects directly to the content provider, and now the hosting service is set up as a man in the middle and can see all traffic. 8

By multiplying the two signatures, the attacker gets ((m 12 k+r 1)(m 22 k+r

By multiplying the two signatures, the attacker gets ((m 12 k+r 1)(m 22 k+r 2))d mod n = (m 1 m 222 k+m 1 r 22 k+m 2 r 12 k+r 1 r 2)d mod n ≠ (m 1 m 22 k+r 3)d mod n 9

Multiplying the two signatures together gives (MD 5(m 1)MD 5(m 2))d mod n ≠

Multiplying the two signatures together gives (MD 5(m 1)MD 5(m 2))d mod n ≠ MD 5(m 1 m 2)d mod n Note: m 1 and m 2 are not secret. (And in part (a) r 1 and r 2 are not secret. ) Therefore m 1 m 2 and MD 5(m 1 m 2) are also not secret. The difficulty “inverting” MD 5 isn’t the main issue here. (Except, it would be difficult to find an m 3 such that MD 5(m 3) = MD 5(m 1 m 2), but even if you could find such an m 3, it would likely be garbage. ) 10