course-HW 4 Solutions

# course-HW 4 Solutions - prev:: [[course-2022-12-09 Session 4 Notes]] ## Exercises > https://uncloak.org/courses/rust+cryptography+engineering/course-2022-12-09+Session+4+Notes#Exercises 1. Justify or disqualify each of the following schemes, with message $m$, tag $t$, and ciphertext $c$. - I assume I should write some proofs here... - OMG... they are just simply E and M, M then E, E then M. - $t = MAC(m)$ $c = E(m)$, send $(c, t)$ - because $c,t$ both relate to $m$, is too much data leaked? Is there a "linear" relation between $E$ and $MAC$ on $m$?. - or... is insecure because you have to check the message with $t$ before $E$ so you leak some of $m$ on failed attempts? *** (this seems more general of an answer than above) - $t = MAC(m)$ $c = E(m||t)$, send $c$ - seems more secure, $t$ is never sent in clear. Encrypted with || m, but not sure if extra data needs to be sent to decrypt? - Aren't you supposed to concat $0^b$ or random bits instead of $m$? - $t = MAC(c)$ $c = E(m)$, send $(c,t)$ - seems secure and allows the receiver, with $c,t$, check if $c$ has been tampered with from seeing $t$, so no leaking of data about $m$ from failed attempts? - Intuition above.... no justification... 2. You're the adversary, watching a TLS handshake. Pick three steps from [TLS Handshake - OSDev Wiki](https://wiki.osdev.org/TLS_Handshake#Handshake_Overview), and describe how the step prevents you from (pick one): - Reading message content (confidentiality) - The client sends a Encrypted Handshake Message; first ones to be sent encrypted. - They contain a hash of the initial handshake messages and are here to ensure these were not tampered with. - Tampering with message content (integrity) - The server sends a Server Key Exchange message, initiating the key exchange and signing it with its public key: because server signed with public key. - Once this step is achieved, the server and client can communicate without the attacker being able trick either party by injecting their own messages: Change Cipher Spec message - Impersonating either party (authenticity) - The server sends its certificates. These are used by the client to verify that it is actually talking to the site it thinks it is talking to, as opposed to a malicious site.