* 5 *

Data Integrity

Self-test questions

  1. What is a replay attack? How can we avoid replays?
  2. What is meant by a session key? What is meant by a one-time password?
  3. Explain how encryption can help with message authentication, even if the encryption is weak and easily broken.
  4. Describe the basic idea behind the Kerberos system. What are the major drawbacks of Kerberos?

Graded problems

This week, the practical work is about preparing for the coming weeks ahead, and testing your understanding of Hamming codes.
  1. This part of the exercise should be documented in your project. Download the file SecurityCourseKit.tar.gz from ftp.iu.hio.no, using anonymous ftp. Unpack the contents of this file into a directory which you use for your security work, using tar zxf SecurityCourseKit.tar.gz. The file contains a program which is a mixture of C and C++ code. Compile the program by typing:
    1. Something funny happens when you do this? Examine the Makefile and try to find out what happens when you type make. What could have happened if you compiled this program with root privileges?
    2. Examine the make-up of the program appl which is built. It is composed of some parts made of C++ and other parts made of C. There are many functions provided for you which are not yet used by the program, but which you will use in the coming weeks.
    3. Describe for yourself how the program works. Where is the main() function, where the program starts? Where are the other functions used by main()?
    4. Run the program appl. Would it be safe to run this as superuser?

  2. This part of the exercises must be submitted electronically. You can only submit these answers once, and your score will contribute to your final grade.

    The following exercises on Hamming codes are randomly generated:

    Complete the following table, relating the size of the syndrome to message length.

    # syndrome bitsCan address (bits)Message lengthEfficiency
    30->7 = 77-3 = 44/7

    Fill in the syndrome bits for the following 11-bit messages (Examples/Practice this) and verify that the recalculated syndrome is zero, with these bits added.

    12345678910 1112131415


    Calculate the 4-bit syndromes from the following messages and find the single bit errors in each of them (note, you cannot just read off the syndrome, after an error has occurred):

    Enter position of error:


    Enter position of error:
    Login name 1: Password: