• The 700,000 containers in total were valued at $2 billion which is only second to vessel fuel in termsof cost.
• It is evident that having empty containers are nothing but wasting of space and resource.
• Reducing this will improve the efficiency of the company in terms of performance and also expenditures.

Ans2.

• PART1
  • On performing a Web search with reference to the empty container problem, I could find a few companies facing the same issue.
  • In addition to CSAV, Maersk Line and Magellan are the few other companies that are struggling with the empty container issue.
  • The big issues with these empty containers are the cost, problem of repositioning the empty containers, and waste of space.
  • In addition to this, since the containers are leased from other sources, it is tough to decide on which containers to retain.

4.1 Example Protocol Attack You notice that Bob's protocol has a number of flaws that would allow you to get a copy of SecretValue. First, you notice that the Session Key is sent from the client unencrypted; therefore, after seeing (1) and (2), you could decrypt E(SessionKey, SecretValueo) with the plaintext copy of the SessionKey that you captured while eavesdropping. However, you notice a second attack that you find more interesting: 1. C S: Session Key || E(KC50, From client") 2. M +S: MallorySessionKey || E(Kc80, "From client") 3. S + M: E(MallorySessionKey, SecretValue() After seeing the first half of a legitimate run-through of the protocol(1)you have a copy of the ciphertext produced by E(KCS0, "From client"). Since that functions as the proof to the server that the client is legitimate, you can actually: (2) create a session key of your choice and send it to the server concatenated with the ciphertext you previously captured. The server then responds in (3) with the SecretValueencrypted with the session key that you chose, which of course you can decrypt. It looks like the flaws in Bob's other two protocols are less obvious, but your guess is that you can use the same general ideas and pre-existing security knowledge) to attack the other protocols. 5 Protocol A You see that Bob distributed a different client executable to customers that uses a second (different) protocol to talk to a different server. 1. 2. S C+S: E(Kcs1, SessionKey) C : nonce || E(Kc81, nonce) || E(Session Key, SecretValuel) In this protocol, a client C and server S share a longterm symmetric key Kcsl. This key is only known to the server and client. You do not know the key. First, the client initiates a connection by generating a random 32-byte session key, encrypt- ing it with the shared key Kcsl, and sending the result to the server. Second, to prove to the client that the reply really came from the server, the server generates a random 32-byte nonce and sends this to the client both in the clear and encrypted with the shared key Kcs1. The client checks that these values (nonce and the result of decrypting E(Kc81, nonce)) are the same to ensure that the message really did come from the server. If this check succeeds, the client believes that E(SessionKey, SecretValuel) came from the server. Note that if you, as an attacker, attempt to craft a E(Kcs1, MallorySessionKey) without knowing Kcsl, the server will either immediately be able to tell that the message did not come from the client (if authenticated encryption is being used) or the server will decrypt the bytes you sent to some session key you do not know, in which case you will not be able to decrypt E(Mallory Session Key, SecretValuel). This protocol is flawed. 5.1 To Do [12 Points] Analyze this protocol and find an attack that will let you learn SecretValuel from the server. Make sure that your attack is agnostic with respect to encryption method (e.g., cipher, cipher block mode). The attack can be achieved in 2 steps after seeing a legitimate protocol run-through. You will be penalized for any attacks longer than this. Describe each step of your attack using the above notation with the addition of the attacker M (see the Example Protocol Attack). You will be penalized if you use different notation. 4.1 Example Protocol Attack You notice that Bob's protocol has a number of flaws that would allow you to get a copy of SecretValue. First, you notice that the Session Key is sent from the client unencrypted; therefore, after seeing (1) and (2), you could decrypt E(SessionKey, SecretValueo) with the plaintext copy of the SessionKey that you captured while eavesdropping. However, you notice a second attack that you find more interesting: 1. C S: Session Key || E(KC50, From client") 2. M +S: MallorySessionKey || E(Kc80, "From client") 3. S + M: E(MallorySessionKey, SecretValue() After seeing the first half of a legitimate run-through of the protocol(1)you have a copy of the ciphertext produced by E(KCS0, "From client"). Since that functions as the proof to the server that the client is legitimate, you can actually: (2) create a session key of your choice and send it to the server concatenated with the ciphertext you previously captured. The server then responds in (3) with the SecretValueencrypted with the session key that you chose, which of course you can decrypt. It looks like the flaws in Bob's other two protocols are less obvious, but your guess is that you can use the same general ideas and pre-existing security knowledge) to attack the other protocols. 5 Protocol A You see that Bob distributed a different client executable to customers that uses a second (different) protocol to talk to a different server. 1. 2. S C+S: E(Kcs1, SessionKey) C : nonce || E(Kc81, nonce) || E(Session Key, SecretValuel) In this protocol, a client C and server S share a longterm symmetric key Kcsl. This key is only known to the server and client. You do not know the key. First, the client initiates a connection by generating a random 32-byte session key, encrypt- ing it with the shared key Kcsl, and sending the result to the server. Second, to prove to the client that the reply really came from the server, the server generates a random 32-byte nonce and sends this to the client both in the clear and encrypted with the shared key Kcs1. The client checks that these values (nonce and the result of decrypting E(Kc81, nonce)) are the same to ensure that the message really did come from the server. If this check succeeds, the client believes that E(SessionKey, SecretValuel) came from the server. Note that if you, as an attacker, attempt to craft a E(Kcs1, MallorySessionKey) without knowing Kcsl, the server will either immediately be able to tell that the message did not come from the client (if authenticated encryption is being used) or the server will decrypt the bytes you sent to some session key you do not know, in which case you will not be able to decrypt E(Mallory Session Key, SecretValuel). This protocol is flawed. 5.1 To Do [12 Points] Analyze this protocol and find an attack that will let you learn SecretValuel from the server. Make sure that your attack is agnostic with respect to encryption method (e.g., cipher, cipher block mode). The attack can be achieved in 2 steps after seeing a legitimate protocol run-through. You will be penalized for any attacks longer than this. Describe each step of your attack using the above notation with the addition of the attacker M (see the Example Protocol Attack). You will be penalized if you use different notation