# Prüfung Information Security 2010

This is what I remember from the exam. There were a total of 16 exercises. The questions covered the whole lecture. Most of them were based on the exercises but a few were based also on the lecture. If anybody remembers more feel free to complete this :-)

## One Way Function

a) Give definition of a one way function

b) Given one-way functions ${\displaystyle f:\{0,1\}^{k}\rightarrow \{0,1\}^{n}}$ and ${\displaystyle g:\{0,1\}^{n}\rightarrow \{0,1\}^{m}}$. Proof that ${\displaystyle g\circ f}$ is not necessarily one-way.

## RSA

a)

i) Explain Schema for Key generation, encryption decryption
ii) Secure against computationally unbounded adversary?

b) Given group ${\displaystyle G}$ with ${\displaystyle |G|=2m}$, ${\displaystyle g}$ as generator, show how to check if the discrete logarithm of ${\displaystyle y}$ is even or odd.

## Security Symbols

Given one-way function f, shared key k. A sends to B ${\displaystyle c=m\oplus k}$ and f(m).

a) Is m computable from c and f(m)?

b) Does the protocol achieve confidentiality?

c) Does the protocol achieve non-repudiation?

## Diffie Hellman

Some questions involving a simulator and proving some invariants.

## Secret Channels

Given A ->. X ->. Y ->. B

a) Use trust based transformations to derive A ->. B (2 ways)

b) Argue which way is the better one to do it (from left to right or from right to left)

## Trust and Authenticity

a) give rules for deriving auth and trust

b) Give example graph where one can see that trust and authenticity are disjoint. (Authenticity and trust are derived over 2 different paths).

c) Given Graph with entities find minimal subset which leads to ${\displaystyle Aut_{a,b}}$ and give derivation

d) Find confidence value in graph (analog exercise 8.1)

## Certificate Verifier

You needed to give the verifier predicates v(d,s) := ... for a certificate with two timestamp TAS1, TAS2. And you needed to draw how the certificate would look like (which stuff is in it), and what a verifier has to check to accept the certificate.

## Attacker

a) Define the ${\displaystyle has}$ predicate including the following transformations.

• x,y -> (x,y) (pairing)
• encryption ${\displaystyle {m}_{k},k^{-1}\rightarrow m}$
• hash(x)

b) some implications were given like ${\displaystyle has(x,{m}_{x})\Rightarrow has(m)}$ and you had to state if they are possible

## Matrix Access Control

System has subjects (S) and objects (O), and permissions read, write, own. Given the following functions:

CreateObject(s, o, x):
if (o not in O):
insert o into O
insert 'own' into M[s,o]
insert x into M[s,o]
RevokeRight(s, o, x):
if ('own' in M[s,o] and x in M[s,o]):
remove x from M[s,o]

The system wants to ensure that it is not possible for an object to be writeable by someone who doesn't own it.

a) You had to give a call stack of functions which violates this property.

b) You had to draw the access matrix of that state

c) You had to draw the capability list of that state

Given were access Levels public, confidential and properties allgemein, halbprivat. Doctor has rights confidential {allgemein, halbprivat}, Nurse has rights confidential {allgemein}, Janitor public {}.

a)

b)

c) Can the Janitor write to a document with rights confidential {allgemein}

Some more question about what are maximum/minimum rights to read/write document x.

## RBAC Access Model

Some new modelling was described and you had to define the relations.

## Security Protocols

Given following protocol: (might contain errors!)

I -> R: {I, R, n}sk(I)
R -> I: {I, R, k, n}pk(I)

a) Seen from I, is k secret? If yes, justify; if no, give an attack.

b) Seen from R, ..

## Single Sign-On

Give 2 positive and 2 negative aspects of single sign-on.

## Perfect Forward Secrecy (PFS)

a) Define PFS.

b) Give a simple protocol which ensures PFS.

c) Given following protocol (might contain errors!) show why it does not achieve PFS.

A -> B: {A, B, nA}pk(B)
B -> A: {A, B, nA, k}pk(A)
A -> B: {A, B, nB}k

## Mix Networks

a) A sends B a Message over a Mix K1, how would a message look like

b) Some way to sign messages such that a Mix can guarantee to the sender that he sent the message is described.

You have to describe what the sender has to do to check if the message was correctly sent and how he can convince others that the message really was from him.

c)

d)

## Crowds

A crowd network where the jondos keep their network paths the same after the first message is sent.

a) Define anonymity set, define: absolute anonymity, beyond suspicion, probable innocence, exposed, provably exposed.

b) Given a network of n operational and m corrupted jondos. How big is the anonymity set?

c) Given an adversary who can read all and only the messages to and from a certain jondo. Is anonymity achieved? To what degree?

d) Explain why the jondos have to reset their network paths every time a new jondoe joins the network.