CS691 S2005 Midterm Exam

Enter your CS Unix machine login and the last 4 digits of student ID as password and submit the midterm before 11:59pm 3/15/2005.   You can work at home or at PC lab where you can access it through a web browser.  For multiple-choice questions, you must choose either yes or no for each answer.

After filled in the answers in the text areas and selected the answers, please print a copy of the web page with your answers before you hit the submit button. Note that "save file" menuitem does not save the data you enter. It only saves the HTML source file. Submit your answers by pressing the submit button at the end of this web page.  You will get a confirm web page with all your answers. Save or print  the answer confirmation web page for your record. If you have problem getting the confirm web page or submitting midterm answers using the web page, just email me the answers.

Your name:
Your login on CS UNIX machines:
Your password (last four digits of your SID):

  1. Introduction
    1. What types of threats are the surreptitious forwarding attacks mentioned in Section 1.1 of Don Davis' paper on "Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML", according to Shirey's classification
    2. From hw2 Problem A we know encrypt & sign produces the same result as sign & encrypt. Will the encrypt & sign solves the above surreptitious forwarding attacks? Explain.

    3. What is the major advantage of using client certifcate authentication vs. the basic authentication (login and password) with SSL?

  2. Basic Cryptography
    1. Besides the chaining mode, suggest one technique that can prevent the simple block swap attack.
    2. What is the key length of the 3DES?
    3. What is the size of the message digest generated by SHA1?
    4. What is the advantage of using Diffe-Hellmen key exchange?
    5. How can an Apache server verify the received client certificate is indeed signed by a known CA? As a hint, answer the following related question in the context of hw2 problem E: In which directory does Apache looks for such information?

  3. OpenSSL
    1. CA signing.
      1. What is the OpenSSL command that a webmaster uses to request the certificate request for the web server?
      2. What is the wrong with the  certificate request generated by /usr/share/ssl/misc/CA -newreq in your hw2? Hint can be obtained from the result of 3b.
      3. Does a signed certificate includes CA's public key?

    2. A hint for problem 3a2 is encrypted with the public key contained in ~cs691/public_html/crypto/hw2/chowsignedcert.pem using the following command

      openssl rsautl -encrypt -certin -inkey chowsignedcert.pem -in CS691S2005midtermHint.txt -out CS691S2005midtermHintCipher.txt

      Try to use the openssl command to decrypt the CS691midtermHintCipher.txt. The corresponding private key is in chowprivatekey.pem in the same directory.
      1. What is the hint?
        Note that the CS691S2005midtermHint.txt is protected with access right. You only have access to CS691S2005midtermHintCipher.txt.  Also if you run the command in that directory, the -out parameter needs to specify a file path where you have write access.   An easy way is to copy the related  .pem and .txt  files to your own directory.
      2. What is the command you used to decrypt the hint? It is one of the commands in hw2 option E.
  4. Design Principles

    1. Explain why the current implementation of IE browser for basic authentication violates the Complete Mediation Principle?
    2. In Secure Collective Defense System, we only inform the client to use a subset of proxies for indirect routing and hide the  designated alternate gateway from the client. What principle is applied here?

If you feel some of the questions are ambiguous, state the problem # and your assumptions on the answers.