Homework Problems and Questions

Chapter 8 Review Problems

SECTION 8.1

R1. What are the differences between message confidentiality and message
integrity? Can you have confidentiality without integrity? Can you have integrity
without confidentiality? Justify your answer.
Message confidentiality and integrity are essential yet distinct aspects of
secure communication. Confidentiality focuses on keeping the content of a message
private and accessible only to authorized individuals. This is achieved through
encryption techniques like symmetric or asymmetric cryptography, ensuring
unauthorized parties cannot read the message. In contrast, integrity ensures that
the message remains unaltered during transmission or storage. Techniques such as
cryptographic hashing or digital signatures enable the recipient to confirm that the
message they receive matches the original.

It is possible to have confidentiality without integrity. For example, a message

might be encrypted to maintain secrecy, ensuring confidentiality. However, if the
encrypted message is tampered with and there is no mechanism to verify its
integrity, the recipient cannot detect the alteration. Similarly, integrity can exist
without confidentiality. A message can be transmitted in plain text along with a
cryptographic hash, allowing the recipient to verify that the content has not been
changed. However, since the message itself is not encrypted, its confidentiality is
not protected.

In conclusion, confidentiality protects the privacy of communication, while

integrity ensures its accuracy and reliability. Though these two properties are often
combined for comprehensive security, they can function independently based on the
needs of the communication system.
R2. Internet entities (routers, switches, DNS servers, Web servers, user end
systems, and so on) often need to communicate securely. Give three specific
example pairs of Internet entities that may want secure communication.
Certain pairs of internet entities require secure communication to ensure
confidentiality, integrity, and authentication. One example is the communication
between a user end system (such as a personal computer or smartphone) and a
web server. This relationship often uses protocols like HTTPS to secure sensitive
information, such as login credentials or payment details, from being intercepted
 or tampered with during transmission.

Another example is the interaction between DNS servers. DNS servers

communicate to resolve domain names into IP addresses, and secure protocols like
DNSSEC are used to prevent attacks such as DNS spoofing, which could redirect
users to malicious websites.

Lastly, communication between routers or switches within a network is

another critical example. Secure protocols, such as IPsec or SSH, can be employed
to safeguard configuration data and routing updates exchanged between these
devices, preventing unauthorized access or malicious modifications. In all these
scenarios, secure communication ensures the reliability and safety of internet
operations.

SECTION 8.2

R3. From a service perspective, what is an important difference between a

symmetric-key system and a public-key system?
From a service standpoint, the key distinction between a symmetric-key
system and a public-key system lies in their approach to key management and
usage. In symmetric-key systems, the same secret key is used for both
encryption and decryption, which requires the key to be securely shared
between the parties involved. This key distribution process can be complex and
poses security risks, particularly in large networks. Despite this, symmetric-key
systems are faster and better suited for encrypting large amounts of data once
the key is safely shared.

On the other hand, public-key systems utilize a pair of keys: a public key,
which is openly shared and used for encryption, and a private key, which
remains confidential and is used for decryption. This eliminates the need for
secure key sharing, as only the private key needs to be protected. Public-key
systems are often employed for tasks like secure key exchanges, digital
signatures, and initiating secure communications. However, they are generally
slower than symmetric-key systems, making them ideal for scenarios where
secure key distribution is difficult or infeasible.
R4. Suppose that an intruder has an encrypted message as well as the decrypted
version of that message. Can the intruder mount a ciphertext-only attack, a known-
plaintext attack, or a chosen- plaintext attack?
If an intruder has access to both an encrypted message (ciphertext) and its
corresponding decrypted message (plaintext), they can carry out a “known-plaintext
attack”. This type of attack uses the known pair of plaintext and ciphertext to attempt
to uncover the encryption key or gain insights into the encryption method.
 This scenario does not represent a “ciphertext-only attack” because the
intruder has more information than just the ciphertext. It also does not qualify as a
“chosen-plaintext attack”, as the plaintext was not selected by the intruder to
observe its encryption.

In conclusion, with the given information, the intruder can perform a “known-plaintext
attack”.
R5. Consider an 8-block cipher. How many possible input blocks does this cipher
have? How many possible mappings are there? If we view each mapping as a key,
then how many possible keys does this cipher have?
For an 8-block cipher, the number of possible input blocks depends on the size
of each block. If the block size is n bits, the total number of possible input blocks is
(2^n), as each bit can be either 0 or 1.

The number of possible mappings for the cipher corresponds to all

permutations of the input blocks. For (2^n) input blocks, the number of possible
permutations is ((2^n)!), as each input block can be mapped uniquely to another
block.

If each unique mapping is treated as a key, the number of possible keys is the
same as the number of permutations, which is ((2^n)!).

In summary, the number of possible input blocks is (2^n). The number of

possible mappings is ((2^n)!). The number of possible keys is also ((2^n)!).
R6. Suppose N people want to communicate with each of N−1 other people using
symmetric key encryption. All communication between any two people, i and j, is
visible to all other people in this group of N, and no other person in this group should
be able to decode their communication. How many keys are required in the system as
a whole? Now suppose that public key encryption
is used. How many keys are required in this case?

If N people want to communicate securely with one another using symmetric key
encryption, a unique key is required for every pair of individuals to maintain privacy. The
total number of keys needed is equal to the number of unique pairs in the group, which
can be calculated using the formula N(N−1)/2. For instance, if N=4, the total number of
keys required would be 4(4−1)/2=6.
On the other hand, if public key encryption is used, each person only needs one pair of
keys: a public key and a private key. This means the total number of keys required in
this case is 2N2N, where NN represents the number of people. In conclusion, symmetric
key encryption requires N(N−1)/2 keys, while public key encryption requires 2N keys.

R7. Suppose n=10,000, a=10,023, and b=10,004. Use an identity of modular

arithmetic to calculate in your head (a⋅b)mod n.
 simplifying a and b modulo n. Given n = 10,000, a = 10,023, and b = 10,004, first
compute a mod n and b mod n. For a mod n,find that 10,023 mod 10,000 = 23, and
for b mod n,find that 10,004 mod 10,000 = 4. This reduces the original problem to
calculating (23 · 4) mod 10,000. Next,multiply 23 and 4, giving 23 · 4 = 92. Finally,
since 92 < 10,000, the result of 92 mod 10,000 is simply 92. Therefore, (a · b) mod n
= 92.

R8. Suppose you want to encrypt the message 10101111 by encrypting the decimal
number that corresponds to the message. What is the decimal number?
convert it from binary to decimal. Each bit in the binary number represents a power of
2, starting from the rightmost bit as 2^0. The binary number 10101111 is calculated
as follows: 1 * 2^7 + 0 * 2^6 + 1 * 2^5 + 0 * 2^4 + 1 * 2^3 + 1 * 2^2 + 1 * 2^1 + 1
* 2^0. Breaking it down: 1 * 128 + 0 * 64 + 1 * 32 + 0 * 16 + 1 * 8 + 1 * 4 + 1 * 2 + 1
* 1, which equals 128 + 32 + 8 + 4 + 2 + 1, resulting in 175. Therefore, the decimal
number corresponding to the binary message 10101111 is 175.

SECTIONS 8.3–8.4