CS 461 Final Exam Questions With
100% Verified Answers
What is the threat model for message integrity? -
correct answer ✅- Don't fully trust the messenger or the network
carrying the message
- Want to make sure that what the receiver receives is actually what
we sent
- The adversary can see, modify, forge messages and wants to trick
the receiver into accepting a message not sent by the sender
What is a MAC and how is it computed? -
correct answer ✅Message Authentication Code
Using a function that both the receiver and the sender know and
only they know, compute a value v = f(m) to be appended to the
message contents. Then, sending over the message + value, the
receiver can then verify that the message is from the sender if and
only if v' = f(m') where v' and m' are the received value and
message from the messenger.
This function should be easily computable by sender, receiver, but
not computable by adversary. If adversary were to learn what it is,
then we are doomed.
What are some possible candidates for MACs? -
correct answer ✅Random function
,CS 461 Final Exam Questions With
100% Verified Answers
- Arbitrary size input -> fixed size output, defined by giant lookup
table that's filled in by doing random action
- Completely impractical because it's really hard to generate true
randomness / hard to come by, and also the lookup table will be
gigantic
- Provably secure because it makes it very very very hard to guess
the output or input
Psuedorandom function
- Have a big family of functions that are all known to the adversary
- Have k be a secret value known only to sender/receiver and
chosen randomly - this is the key and we'll choose the function
associated with this key, fk
- A psuedorandom function is secure if the adversary has no
advantageous strategy other than just random guessing. It will be
indistinguishable in practice from a random function unless k is
known.
What is Kerckhoff's Principle? -
correct answer ✅Don't rely on secret functions because if the
function is found out, we have to create an entirely new function
and that is a lot of work / really hard.
,CS 461 Final Exam Questions With
100% Verified Answers
Use a secret key, to choose from a function family. If the key is
found out, then we know that we can replace it.
What is another solution for message integrity? -
correct answer ✅Having a secure PRF and using a random k known
only to the sender and receiver
- We still compute a value v = fk(m) for the sender to attach to
message m
- The receiver still needs to verify v' = fk(m') and accept iff this is
true
- The important assumption is that k is shared only between sender
and the receiver
- We're not sure if secure PRFs exist though.
What is the best solution for message integrity? -
correct answer ✅Hash-based MAC (HMAC)
- HMAC-SHA256
- SHA256 - cryptographic hash function: input arbitrary length data
-> output of 256 bits, built with a compression function that is
designed to be super hairy
, CS 461 Final Exam Questions With
100% Verified Answers
Describe the Merkle-Damgard Construction. -
correct answer ✅- arbitrary length input, fixed length output
- we add padding to our original message and split into blocks
- We start with an initialization vector and for each block, hash
consecutively, using the previous block to hash the next block, until
we get a fixed size output
What are the characteristics of a hash function? -
correct answer ✅should be difficult to find:
- first pre-image - given h(m), find m
- second pre-image - given m1, find m2 s.t. h(m1) = h(m2)
- collision - find any m1 != m2 s.t. h(m1) = h(m2)
Why is the distinction between a MAC and a cryptographic hash
now needed? -
correct answer ✅length extension attacks. Cryptographic hash
functions are not strong PRFs
Why do we prefer pseudorandomness to randomness? -
correct answer ✅Randomness - hard to achieve because we
depend on the output of a physical process that is inherently
random
100% Verified Answers
What is the threat model for message integrity? -
correct answer ✅- Don't fully trust the messenger or the network
carrying the message
- Want to make sure that what the receiver receives is actually what
we sent
- The adversary can see, modify, forge messages and wants to trick
the receiver into accepting a message not sent by the sender
What is a MAC and how is it computed? -
correct answer ✅Message Authentication Code
Using a function that both the receiver and the sender know and
only they know, compute a value v = f(m) to be appended to the
message contents. Then, sending over the message + value, the
receiver can then verify that the message is from the sender if and
only if v' = f(m') where v' and m' are the received value and
message from the messenger.
This function should be easily computable by sender, receiver, but
not computable by adversary. If adversary were to learn what it is,
then we are doomed.
What are some possible candidates for MACs? -
correct answer ✅Random function
,CS 461 Final Exam Questions With
100% Verified Answers
- Arbitrary size input -> fixed size output, defined by giant lookup
table that's filled in by doing random action
- Completely impractical because it's really hard to generate true
randomness / hard to come by, and also the lookup table will be
gigantic
- Provably secure because it makes it very very very hard to guess
the output or input
Psuedorandom function
- Have a big family of functions that are all known to the adversary
- Have k be a secret value known only to sender/receiver and
chosen randomly - this is the key and we'll choose the function
associated with this key, fk
- A psuedorandom function is secure if the adversary has no
advantageous strategy other than just random guessing. It will be
indistinguishable in practice from a random function unless k is
known.
What is Kerckhoff's Principle? -
correct answer ✅Don't rely on secret functions because if the
function is found out, we have to create an entirely new function
and that is a lot of work / really hard.
,CS 461 Final Exam Questions With
100% Verified Answers
Use a secret key, to choose from a function family. If the key is
found out, then we know that we can replace it.
What is another solution for message integrity? -
correct answer ✅Having a secure PRF and using a random k known
only to the sender and receiver
- We still compute a value v = fk(m) for the sender to attach to
message m
- The receiver still needs to verify v' = fk(m') and accept iff this is
true
- The important assumption is that k is shared only between sender
and the receiver
- We're not sure if secure PRFs exist though.
What is the best solution for message integrity? -
correct answer ✅Hash-based MAC (HMAC)
- HMAC-SHA256
- SHA256 - cryptographic hash function: input arbitrary length data
-> output of 256 bits, built with a compression function that is
designed to be super hairy
, CS 461 Final Exam Questions With
100% Verified Answers
Describe the Merkle-Damgard Construction. -
correct answer ✅- arbitrary length input, fixed length output
- we add padding to our original message and split into blocks
- We start with an initialization vector and for each block, hash
consecutively, using the previous block to hash the next block, until
we get a fixed size output
What are the characteristics of a hash function? -
correct answer ✅should be difficult to find:
- first pre-image - given h(m), find m
- second pre-image - given m1, find m2 s.t. h(m1) = h(m2)
- collision - find any m1 != m2 s.t. h(m1) = h(m2)
Why is the distinction between a MAC and a cryptographic hash
now needed? -
correct answer ✅length extension attacks. Cryptographic hash
functions are not strong PRFs
Why do we prefer pseudorandomness to randomness? -
correct answer ✅Randomness - hard to achieve because we
depend on the output of a physical process that is inherently
random
