Showing Page:
1/5
ASSIGNMENT-05
Name: Burair Ali
Class: BSCS 7
TH
ROLL NO: 183190
Submitted TO: Sir Tauqeer
Showing Page:
2/5
Question 1: Recall that the heart of DES is a round of the form:
(a) Express L1, R1, L2, R2 in terms of L0, R0, and K.
(b) Show and comment on why increasing the number of rounds n can actually
decrease security?
(c): Draw the DES Key Creation Process:
(d): Draw or list the S-AES Key Calculation process.
(a)
L1 = R0
R1 = L0 R0 K
L2 = R1 = L0 R0 K
R2 = L1 R1 K = R0 L0 R0 K K = L0
(b) If we continue the encryption to the third round, we will find that
L3 = R2 = L0
R3 = L2 R2 K = L0 R0 K L0 K = R0
(c) This is a simplified DES-like cryptosystem. Like DES, decryption can be done by starting with the
left and right halves of the cipher text, Ln and Rn respectively, and working backwards round by
round to the plaintext message M = L0 · R0. In round i of encryption, the algorithm works as
follows:
Li+1 = Ri
Ri+1 = Li Ri K
To decrypt, we solve to express Li and Ri in terms of Li+1 and Ri+1. This yields
Li = Li+1 Ri+1 K
Ri = Li+1
Applying (4) for i = n − 1, n − 2, . . ., 0 yields the desired plaintext.
We remark that, also like DES, the encryption and decryption functions for each round are almost
the same. Let EK (Li · Ri) = Li+1 · Ri+1 be the encryption function defined by (3). Let DK(Li+1 ·Ri+1) =
Li ·Ri be the corresponding decryption function defined by (4). One can easily verify that
Ri · Li = EK (Ri+1 · Li+1)
Showing Page:
3/5
Thus, if S (L · R) = R · L is the function that swaps the left and right halves of its 64-bit argument,
then it follows from that
S(Ek(S(Li+1 · Ri+1))) = Li · Ri = DK(Li+1 · Ri+1).
Question 2: What is the Threat Modelling process? Explain with all the steps.
Threat modeling is a structured process with these objectives: identify security requirements,
pinpoint security threats and potential vulnerabilities, quantify threat and vulnerability criticality,
and prioritize remediation methods. The threat modeling process can be decomposed into three
high level steps. Each step is documented as it is carried out. The resulting document is the threat
model for the application.
Step 1: Decompose the Application
The first step in the threat modeling process is concerned with gaining an understanding of the
application and how it interacts with external entities. This involves:
Creating use cases to understand how the application is used.
Identifying entry points to see where a potential attacker could interact with the application.
Identifying assets, i.e. items or areas that the attacker would be interested in.
Identifying trust levels that represent the access rights that the application will grant to
external entities.
This information is documented in a resulting Threat Model document. It is also used to produce
data flow diagrams (DFDs) for the application. The DFDs show the different paths through the
system, highlighting the privilege boundaries.
Step 2: Determine and Rank Threats
Critical to the identification of threats is using a threat categorization methodology. A threat
categorization such as STRIDE can be used, or the Application Security Frame (ASF) that defines
threat categories such as Auditing & Logging, Authentication, Authorization, Configuration
Management, Data Protection in Storage and Transit, Data Validation, and Exception
Management.
The goal of the threat categorization is to help identify threats both from the attacker (STRIDE)
and the defensive perspective (ASF). DFDs produced in step 1 help to identify the potential threat
targets from the attacker’s perspective, such as data sources, processes, data flows, and interactions
with users.
These threats can be classified further as the roots for threat trees; there is one tree for each threat
goal. From the defensive perspective, ASF categorization helps to identify the threats as
weaknesses of security controls for such threats. Common threat lists with examples can help in
the identification of such threats. Use and abuse cases can illustrate how existing protective
Showing Page:
4/5
measures could be bypassed, or where a lack of such protection exists. The determination of the
security risk for each threat can be made using a value-based risk model such as DREAD, or a less
subjective qualitative risk model based upon general risk factors (e.g. likelihood and impact).
Step 3: Determine Countermeasures and Mitigation
A vulnerability may be mitigated with the implementation of a countermeasure. Such
countermeasures can be identified using threat-countermeasure mapping lists. Once a risk ranking
is assigned to the threats in step 2, it is possible to sort threats from the highest to the lowest risk
and prioritize mitigation efforts.
The risk mitigation strategy might involve evaluating these threats from the business impact they
pose. Once the possible impact is identified, options for addressing the risk include:
Accept: decide that the business impact is acceptable
Eliminate: remove components that make the vulnerability possible
Mitigate: add checks or controls that reduce the risk impact, or the chances of its occurrence
Question 3: Information-theoretic security
(a) Consider the cryptosystem with M = {a, b} and C = K = {0, 1, 2}. The
encryption function is given by
Ek(m) = (m + k) mod 3. Is this system information-theoretically secure?
Explain.
(b) Suppose now M = {a, b}, C = {0, 1}, and K = {0, 1, 2}. Does there exist an
information theoretically
secure encryption function on these sets? Explain.
part a. It is information-theoretically secure. The pre-images of any element M is C with the same
probability distribution as without information about C. As a result, the entropy doesn’t change.
Notice that seeing a cipher text leaks information about the key but no information about the
message. That is what information-theoretically secure is all about.
part b. It is NOT information-theoretically secure. In a similar argument as before the pre-images
of an element in M is not C with the same probability distribution. That is because the size of the
Showing Page:
5/5
key space K is bigger so there have to be two keys that map each element in M to the same one in
C. The result is a change in the probability distribution; therefore, the entropy changes.