 So, I trust that everybody has completed the quiz and the questions are reasonable, I will just discuss the answers over here. So, the first question, so please make sure before we discuss the answers that you have kept one answer sheet with the coordinator and that you have one answer sheet with you. So, you just grade only one of those, keep one with the coordinator, coordinator please keep it with you only and the other one with the participant. So, the one with the participant is to be graded by the participant himself or herself. So, the first question, which of the following is used to resolve a domain name in Linux? So, if config trace route, host, arp and ping. So, the answer to that as you might have already tested in the first day in the lab is host. Next question, which of the following attacks is or are likely to result in identity theft? So, some of the questions have more than one answer. So, over here a phishing attack. So, a phishing attack is typically used to get information on things like passwords and so on. So, this necessarily constitutes identity theft, getting of the password. So, A is a correct choice, B denial of service attack that is not the goal of a denial of service attack to identity theft is not a goal, rather it is to cripple the infrastructure of the victim. So, that is the purpose of a denial of service attack. A dictionary attack. So, once again as mentioned before dictionary attack you are trying to get the passwords and so on. So, that would be also one of the correct answers A and C. A dictionary attack would also be used for identity theft purposes and finally, virus infection that is may or may not. So, there are different viruses with different motives. So, in general that would not be always true. So, I would say A and C and D partially true. Then question number 3, for the same key a single bit change in a block of plain text. So, you just change use the same key, same plain text and in the plain text you just make one change, just change any one bit. Again you could have tested this in the lab on the first day, change one bit and what is the change in the resulting output. A change in exactly half the bits in the block of the cipher text, a change in half the bits in the block of cipher text on average you try this experiment again and again and on average you will get half the bits that have changed. A change in most of the bits in the block of cipher text and a change in the region of cipher text different from the affected region of plain text. So, the answer is B on the average about half the bits get changed only on the average not always are not exactly. So, the next one is let the RSA modulus n be 77, if the encryption key is 7 what is the decryption key. So, what is the answer to that? So, let us just write this down. So, n is the product of 2 prime numbers. So, phi of n will be and the encryption key e is 7. So, the question is what is the decryption key? So, we know that the these two are mathematically related by the equation ed is congruent to 1 modulo 60. So, basically I am looking for the inverse of 7 what is 7 inverse modulo 60. So, let me try different numbers here there are 4 choices 51, 29, 43 and 58. So, whatever that number is 7 multiplied by d 7 d should be equal to 1 plus some constant k some integral constant k times 60. So, what could d possibly be? Could d be 51 7 times 51 that is a number that will end with 7 and then if I subtract 1 from it I certainly would not get a multiple of 10. Could it be 29? If it is 29 7 9s are 63 it should end with 3 and then when I bring the 1 this side it should be 2. So, that number certainly is not a multiple of 60. Let us try 43 7 multiplied by 43 7 3s are 21. So, it ends with a 1 when I bring the 1 this side I get a number that ends with 0. So, that is probably the answer let us just check. So, does this hold for some integer k? Indeed it does if k is 5 then this equation is true. So, the correct answer is 43 that is c then question number 5 a MAC provides which of the following message integrity message confidentiality message authentication message non-repudiation. So, the correct answers as I have been saying many times message integrity and message authentication not non-repudiation if I wanted non-repudiation I would have to use a digital signature not confidentiality it is only for integrity protection. So, as the name suggests MAC message authentication code for authentication and also for integrity purposes. So, the correct answer is A and C a MAC may be implemented using DES in ECB. So, electronic code book mode or CBC cipher block chaining mode or CFB cipher feedback mode or counter mode. So, the correct answer is CBC mode where you change the whole thing and your final encrypted output is the MAC. So, the answer to C to question number 6 is B CBC mode the digital signature provides which of the following message confidentiality non-repudiation authentication message integrity. So, everything but confidentiality you cannot use the signature to protect the confidentiality of the message. So, it is B C and D moving on to question number 8 the original Diffie-Helman key exchange protocol is vulnerable to a man in the middle attack because the key exchange takes place in the clear. Notice that G raise to A mod P and G raise to B mod P are not encrypted and send they just send in the clear. So, is that a problem the answer is no next question the prime numbers chosen are not safe. So, that also results. So, we will talk about this in the advance section what is meant by a safe prime number, but that is not the reason for this basic simple a man in the middle attack that we looked at yesterday. The computational Diffie-Helman problem is not infeasible. So, it is not related to the discrete law problem. So, that was not the reason for the man in the middle attack the last one is probably true the two communicating parties do not authenticate themselves to each other actually they do not authenticate their messages they were sending G raise to A mod P and G raise to B mod P and what is the attacker do the attacker in the middle he took that G raise to A mod P and he substituted it for G raise to C mod P. Now, had that G raise to A mod P been signed somehow authenticated for example, by a signature digital signature from A then this problem would not have occurred you would know that G raise to A mod P has been replaced by G raise to C mod P, but in the absence of a signature you cannot figure that out. So, the problem is there is an absence of message authentication. So, D is the most likely answer then question number 9 which of the following measures is are effective in thwarting an online dictionary attack. So, what is meant by an online dictionary attack how does it differ from an offline dictionary attack just think about it for a second. So, whether online or offline dictionary attack means you are trying to guess the password. So, you can do it in an online fashion meaning you enter the user name of some person you are trying to impersonate and then you just guess that person's password and send it across and then it will come back and say sorry wrong password try again and again and again. Now, obviously to prevent this kind of guessing what should the server do at the other end it should disable these login attempts. So, the correct answer is server disables the login after 4 incorrect login attempts D is the correct answer to question number 9. Now, just as we answer that the next question that you should ask yourself is what if I have an offline dictionary attack. Now, the thing becomes a little bit more complicated what should I do to thwart an offline dictionary attack. So, one thing of course, is trying to use better passwords, but let us suppose that people will not change some people will change, but most people will use or many people will use insecure passwords. So, what could be the solution? So, I have got a big dictionary and do not forget I look at every single I take every single entry in that dictionary and I try and see whether that is the valid password. So, for example, if the function is if I am storing on the server side the hash of each password then I would take that dictionary and take every candidate password perform a hash and check whether it appears in that password file. Now, what you can do is instead of just doing a hash of the password suppose I do a hash of the hash of the hash of the password 100 times. It takes me more time of course, of the server end, but in but by doing this I make the job of password guessing 100 times more difficult instead of taking 5 hours to guess it will take now 50 hours. So, I can make it arbitrarily difficult to guess the password simply by storing not the hash of the password, but a more complicated function of the password such as as I just gave the example the hash of the hash of the hash let us say a 100 times and there are other ways also using sort and things of that sort. So, you can check the text for more ways of doing this and then the last question number 10 the KDC functions as an or as a authentication server trusted third party certification authority time stamp authority. So, the KDC that we have seen in the case of Needham Shroder certainly is like an authentication server and it also is like a trusted third party a TTP. So, who is a trusted third party somebody you entrust your password with there are two parties that want to communicate and they go and get the services of the TTP for in this case to get the session key to get a session key from the TTP. So, the KDC functions as both an authentication server as well as a trusted third party and as mentioned in the lecture in the KDC is logically split in fact into two parts the authentication server and the ticket granting server in the case of Kerberos. So, the correct answer to question 10 is the KDC functions as an authentication server and as a trusted third party. So, that is A and B it is not a certification authority it does not try to create any certificates and certificates and give you the certificates it does not usually I mean you can have a version of a KDC that does this well does not also time stamp messages and so on. So, it functions as an authentication server and a trusted third party. So, that is basically the solution to this quiz I hope most of you have gained something by solving this thing we will have two more quizzes and hopefully they will be as easy as this one I do not guarantee, but let us hope so and then of course, there are other questions that people have been asking and that have been coming to us. So, maybe I can answer some of them we have still about more than 10 minutes left before break. So, I could either answer them some of them are being looked at by the TAs. So, one of the questions that came up is the question is there any vulnerability in RSA. So, all the participants kindly think about this that is an important question when we talk about an algorithm or anything a protocol the immediate question is what are the vulnerabilities how can I attack this thing and then after you have attacked it the next question is how can I defend against it. So, there are there is at least one attack that is in the textbook on RSA. So, as I mentioned before in the case of RSA there is a slight problem if you do not use this properly. So, it is not inherently that there is something wrong in using exponent equal to 3 the problem is if it is not used correctly. So, for example, one of the problems with using exponent equal to 3 just imagine now that I have a block it is also block cipher right RSA. So, it splits the message into blocks of size key size let us say 1024. I am talking about textbook RSA the actual practical case is slightly different using padding and so on the padding thing is also explained in the text. So, those of you got time to read it just see how padding is done and why should it be done. So, let us suppose that this particular block of plain text has been encrypted let us suppose this block contains my credit card number. So, the credit card number is 16 digits. So, this is 1024 bits and these are 16 digits which are let us say numerics. So, we know very well that 2 raise to 10 is approximately 10 raise to 3. So, there is an expansion factor of about 3 let us say. So, these 16 digits will be approximately 50 bits. So, now I put my credit card the software I do not do it myself the software does it the software is trying to encrypt the credit card number and send it across and let us just suppose that it encrypts it the number is over here this is 50 bits and notice that this is very small compared to 1024 bits. So, this is where the credit card is in the plain text. Now, when I encrypt it and as I said there are cases where the exponent is equal to 3 and of course, there is a modulus. So, these two things the exponent of the modulus together constitute the RSA parameters. Now, when I encrypt this thing just imagine what will happen we know very well the encryption function is m raise to e mod n. So, guess what happens. So, when I cube this chances are that this number will be around 150 or less bits and all these things will be zeros. So, the hacker is very smart he knows very well that this particular block I mean he knows the format for example, a message he does not know the exact value, but he knows that this block let us say the 12th block contains the credit card number. So, called encrypted credit card number and it is encrypted using RSA and this particular implementation uses an encryption key equals 3. So, 3 is actually a you know another encryption key which is widely used. So, when I encrypt this thing it will be it will look like this and then there will be all zeros and I ask you to think and hack into this can I get the credit card number. What is the expression for decryption? Do I need to know the decryption key unless I know the decryption key I cannot figure this out right, but believe it or not if you look at this very carefully if I just know these let us say 150 bits out of the total of 1024. So, many zeros out there I just see these 150 bits and guess what I simply have to take the simple not any modulo operation the normal cube root of this number. So, whatever this thing is let us call it x I just take cube root of x and guess what that is the credit card number. So, what is the solution to this problem? So, somebody asked a question what are some of the problems with RSA what are some of the attacks that you can launch? If the exponent is 3 and if you are not very careful then this kind of an attack will work. Now, to thwart this attack what is act typically done is even though the block size may be 1024 the actual number of bits from the message will be somewhat less than this and there will be some bits over here let us say 10 bits some bits that will be reserved for what is called padding. So, the block will be padded you will put random information in this. So, now when I do the cube and again the cube is modulo n cube m raise to e mod n and e is let us say 3 then when I do the cube it will be a completely different result this number is now going to be very big because there will be a couple of ones over here this number will be very big. So, when I square it it will overflow this thing and then when I cube it will completely overflow that and then when I do the modulo operation the result will be completely different and unpredictable compared to what I see over here. So, there is no way for me to figure out the credit card number unlike in this case. So, this is the CCN credit card number which was about 16 digits of 50 bits and if I use very simple RSA without padding and with the encryption key equal to 3 then the encrypted version of the credit card number will be something that is pretty small like 150 bits and all the rest will be zeros and if I get this piece of cipher text it is trivial I just simply take the cube root of this quantity over here and that is the credit card number. So, the solution to this problem. So, this is the attack under these conditions the attack scenario where the credit card number has been encrypted and placed in a particular block with nothing else and the encryption key is 3 and there is no padding used. So, to launch an attack you must have some skill, but you must also have some luck. So, the luck in this case is that this block only holds the credit card number and then the not so unrealistic assumption that the E value is 3 and then these days padding is almost always used, but if you did not use it then you would run into this problem. So, this is one attack there is another attack on ESA again with exponent equal to 3 where the same message is sent to 3 different people encrypted with the public key which happens to be 3, but different modulus and then you will see that you can use the Chinese remainder theorem the whole Chinese remainder theorem and this discussion of it is in the chapter on mathematical background of cryptography in the text. So, if a person sends out the same message for example, through 3 different people encrypted with their encryption key which happens to be 3 as I say 3 is a widely used choice E is equal to 3 E is equal to 3 is equal to 3 even though the almost always they are modulus is moduli will be different. So, M raise to 3 mod n 1 M raise to 3 mod n 2 and M raise to 3 mod n 3 and is able to eavesdrop on these messages then believe it or not he can reconstruct M by just observing these cipher texts he can reconstruct M. So, this is the exponent 3 attack and look at this the attack basically makes use of the Chinese remainder theorem you want to look at the textbook to see how this attack actually works. So, that is the second attack and then the third attack has nothing to do mostly with cryptography, but this is what I mentioned earlier side channel attacks. So, this is a very dangerous kind of attack side channel attacks. So, these are by observing you know certain physical properties of the execution. So, side channel attacks make use of timing of cache access of power and so on and so forth. So, this is another area that has been researched greatly and we also doing some work here at IIT on this thing side channel attacks on various cryptographic schemes including RSA. So, we looked at RSA, we have looked at AES, we have looked at DSA. DSA stands for digital signature algorithm it is basically a modification of the L. Gamal signature algorithm that I talked about and the EC DSA which is the elliptic curve version of DSA. So, EC DSA, DSA, RSA and AES all of these things have been attacked by others and we are also attacking them using cache based attacks and using timing attacks and also another kind of attack which is lattice based. So, it uses lattice cryptography to attack some of these cryptographic algorithms. So, to answer your question there are many different attacks that are possible on RSA and the most important ones these days are side channel attacks. So, there are many other questions we are going to collate them put them together look at different categories of questions which are related to cryptography and which are related to the experiments and so on and so forth and try to answer all of them in the coming days. So, with that I say goodbye.