FREE Trial
Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Question 4 (10 marks). Consider security of TLS. (a) (3 marks) Explain the three methods defined for key exchange in TLS and determine their corresponding

image text in transcribed

Question 4 (10 marks). Consider security of TLS. (a) (3 marks) Explain the three methods defined for key exchange in TLS and determine their corresponding pre-master secret for each case. b) (2 marks) If ServerKeyExchange is not sent, what is their shared pre-master secret? (c) (3 marks) Two TLS cipher suites are given below TLS DHE DSSWITHAES256CBCSHA256 TLS ECDHE RSAWITHAES256 CBCSHA1 Provide the definitions for those cipher suites (i.e., for key exchange, encryption and MAC) and determine modulo's sizes in the public-key schemes in order to match AES-256 security strength. (Hint. Use the data in Table 1 in Formulae Sheet). What is the overall security strength for each cipher suite? Comments your results. (d) (2 marks) For protecting application data encryption is AES-256 in CBC mode, and MAC is AES-256 CBC-MAC (see CBC-MAC in Formulae Sheet). Assume that CBC-MAC is modified so that a random IV is used each time a tag is computed, and tag - (to, te) where data P if the key is not changed, knowing one pair (P, tag), an attacker can forge 2256 valid tags. 1,... ,pe) where p,'s are 256 bits. If encryption in TLS is removed, show that Question 4 (10 marks). Consider security of TLS. (a) (3 marks) Explain the three methods defined for key exchange in TLS and determine their corresponding pre-master secret for each case. b) (2 marks) If ServerKeyExchange is not sent, what is their shared pre-master secret? (c) (3 marks) Two TLS cipher suites are given below TLS DHE DSSWITHAES256CBCSHA256 TLS ECDHE RSAWITHAES256 CBCSHA1 Provide the definitions for those cipher suites (i.e., for key exchange, encryption and MAC) and determine modulo's sizes in the public-key schemes in order to match AES-256 security strength. (Hint. Use the data in Table 1 in Formulae Sheet). What is the overall security strength for each cipher suite? Comments your results. (d) (2 marks) For protecting application data encryption is AES-256 in CBC mode, and MAC is AES-256 CBC-MAC (see CBC-MAC in Formulae Sheet). Assume that CBC-MAC is modified so that a random IV is used each time a tag is computed, and tag - (to, te) where data P if the key is not changed, knowing one pair (P, tag), an attacker can forge 2256 valid tags. 1,... ,pe) where p,'s are 256 bits. If encryption in TLS is removed, show that

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

PC Magazine Guide To Client Server Databases

PC Magazine Guide To Client Server Databases

Authors: Joe Salemi

1st Edition

156276070X, 978-1562760700

More Books

Students also viewed these Databases questions

Question

The following instrument was given to Matthew Andrea: Chapel Hill, N.C. April 15, 2017 Ninety days after date pay to the order of Matthew Andrea, seven hundred and fifty dollars ($750). Value...

Answered: 1 week ago

Question

Which of the following statement is true Recursive function is one that calls itself either directly or indirectly through another function Every array's first element has position number 1 Each...

Answered: 1 week ago

Question

3. Ask an employer for an interview with one of the company's expatriates who has recently returned home or arrange for a phone interview with an expatriate currently on an international assignment....

Answered: 1 week ago

Question

As auditor of the Star Manufacturing Company, you have obtained a. A trial balance taken from the books of Star one month before year-end: Dr. (Cr.) Cash in bank .............. $ 87,000 Trade...

Answered: 1 week ago

Question

Question 4 (10 marks). Consider security of TLS. (a) (3 marks) Explain the three methods defined for key exchange in TLS and determine their corresponding pre-master secret for each case. b) (2...

Answered: 1 week ago

Question

Use the data below to create a Balance Sheet and Income Statement for the bank Investment Securities Demand Deposits Now accounts Cash and due from banks Taxes Interest on fees and loans Retail CDs...

Answered: 1 week ago

Question

3. Megan's lawsuit is considered fairly large because of the extent of her injuries and the amount of damages. Which form of settlement request would her attorney most likely use? a. Settlement...

Answered: 1 week ago

Question

EJH has a beta of 1.2, CSH has a beta of 0.4, and KMS has a beta of 0.8. If you put 23% of your money in EJH, 20% in CSH, and 57% in KMS, what is the beta of your portfolio? The beta of your...

Answered: 1 week ago

Question

6. An economy consists of 2 risky assets, A and B, and a riskless asset. The risk-free rate of return is rf = 3%. The Market portfolio M consists of 50% in stock A and 50% in stock B, and the...

Answered: 1 week ago

Question

A company is 40% financed by risk-free debt. The interest rate is 10%, the expected market risk premium is 8%, and the beta of the companys common stock is .5. What is the company cost of capital?...

Answered: 1 week ago

Question

The Generic Genetic (GG) Corporation pays no cash dividends currently and is not expected to for the next four years. Its latest EPS was $7.00, all of which was reinvested in the company. The firm's...

Answered: 1 week ago

Question

LO2 Outline key provisions in the Civil Rights Acts of 1964 and 1991 and compare the two theories of unlawful employment discrimination.

Answered: 1 week ago

Question

1. Why do HR personnel need to think more strategically in companies? Why might such an approach enable HR to be taken more seriously by other managers?

Answered: 1 week ago

Question

LO1 Identify the major government agencies that enforce employment discrimination laws.

Answered: 1 week ago

Previous Question Next Question