(T/F) A one-way hash function provides the property that there is only one way to verify if it is correct (i.e., using the correct cryptographic key)

F

(T/F) A major advantage of public key cryptographic over shared key cryptography is that key distribution is not required

F

T/F: The strength of a cryptographic key is determined by its length in bits.

F

T/F: Randomly selected passwords offer protection against dictionary attacks.

T

T/F: A side channel is a flaw in the implementation of a system that allows secret information to be inferred even though it is not directly exposed via the system's normal interface

T

T/F: Marking the memory in the heap as being non-executable (aka DEP) would protect against heap spray attacks.

T

T/F: The Diffie-Hellman key exchange protocol protects against Man-in-the-Middle attacks

F

For Bob to send a confidential message to Alice using public key cryptography requires that: **(select all that apply)**

i. Bob know Alice's public key

ii. Bob know Alice's private key

iii. Alice know Bob's private key

iv. Alice know Bob's public key

i. Bob know Alice's public key

In a system with 20 computers, each of whom may need to send confidentail messages to each other, how many unique public keys must each computer maintain to support this capability? **(select only one)**

i. 20

ii. 19

iii. 9

iv. 10

ii. 19

Suppose you wish to encrypt your own credit card number (16 numeric digits) using a standard block cipher such as AES (lets say using 256bit key size and a 128bit block size). What mode should you use the block cipher in? **(select only one)**

i. ECB mode

ii. CBC mode

iii. CFB mode

iv. Any of these will be equally good

iii. Any of these will be equally good

A nonce is used to protect against what kind of attack in a cryptographic protocol? **(select only one)**

i. tampering

ii. eavesdropping

iii. replay

iv. denial-of-service

replay

The cipher is weak because some ciphertexts excluse some potential plaintexts. For example, if E(M,K) = 3 (binary 11) then an attacker knows that M could not have been 0.

Part b) Q's summer intern, R, suggests that James instead should use the function (M + K) mod 3. Does this solve the problem? Explain why or why not?

Yes because any function whose output is unform (0,1,2) for arbitrary inputs M and K will provide no information about what M is. (M + K) mod 3 will work.

Another way of saying this is:

Yes because any function whose distribution of frequency of the ciphertext is even regardless of the key will provide no information about the plaintext. (M+K) mod 3 will work.

What are the assumptions under which stack cookies are effective at stopping buffer overflow attacks? **(select all that apply)**

i. The value of the stack cookie is secret

ii. The attacker must overflow the stack contiguously (i.e., they can not "skip" bytes)

iii. The stack cookie is at least as large as the largest buffer on the stack

iv. All functions validate stack cookies on function return

v. All functions validate stack cookies on function entry

vi. The stack cookie is properly salted

i. The value of stack cookie is secret

ii. The attacker must overflow the stack contiguously (i.e. they can not "skip" bytes)

iv. All functions validate stack cookies on function return

What are the assumptions under which Address Space Layout Randomization (ALSR) is effective at stopping buffer overflow attacks? **(select all that apply)**

i. The layout of memory is secret

ii. Attackers need to redirect control flow to a particular address they control

iii. The stack is arranged to be lower in memory than the heap

iv. All memory pointers are encrypted in memory

v. The attacker is unable to read te contents of memory

i. The layout of memory is secret

ii. Attackers need to redirect control flow to a particular address they control

v. The attacker is unable to read the contents of memory

What is the security vulnerability in this code?

control-flow vulnerability by off-by-one overflow

How could an attacker exploit this vulnerability to trigger the execution of some malicious code stored at some known address X? In particular, describe how the attacker should choose for values of track and newtracklen.

track should be 16 or a negative value to cause overflow.

newtracklen should be a pointer to an address (of the attackers choosing)