User Account

All Pages

Write a security policy for a distributed version control

Assignment Help Other Subject
Reference no: EM133286104

Network and Computer Security

Problem Set 1

You are to work on this problem set with your assigned group of three or four people. Please see the course website for a listing of groups for this problem set. Be sure that all group members can explain the solutions. See Handout 1 (Course Information) for our policy on collaboration.

Homework must be submitted electronically! Each problem answer must appear on a separate page. Mark the top of each page with your group member names, the course number (6.857), the problem set number and question, and the date. We have provided templates for LATEX and Microsoft Word on the course website (see the Resources page).

Grading: All problems are worth 10 points.

With the authors' permission, we will distribute our favorite solution to each problem as the "official" solution-this is your chance to become famous! If you do not wish for your homework to be used as an official solution, or if you wish that it only be used anonymously, please note this in your profile on the homework submission website.

Problem 1-1. Security Policy for Github

Write a security policy for a distributed version control hosting site like Github. Make sure to define relevant roles, functions, and policies. Your policy should be of the sort that would be usable to an implementor of a clone of Github. For the purposes of this problem, assume that Github is the maintainer of Git.

If you can't find relevant material on Github as currently implemented, invent new material as appropriate. Try to be as complete as you can, but emphasize the Github-specific aspects-in particular, what security goals are the most relevant for Github? What roles does (or, rather, should) Github have, and what should each principal be allowed to do?

(This problem is a bit open-ended, but should give you excellent practice in writing a security policy. Also, you may actually care about such security policies for designing systems used by large numbers of people-or if you use Github yourself! We have included sample solutions from similar questions in previous years on the course website.)

Problem 1-2. One-time pad with ciphertext feedback

It is well known that re-using a "one-time pad" can be insecure. This problem explores this issue, with some variations.

In this problem all characters are represented as 8-bit bytes with the usual US-ASCII encoding (e.g."A" is encoded as 0x41). The bitwise exclusive-or of two bytes x and y is denoted x ⊕ y.

Let M = (m1, m2, . . . , mn) be a message, consisting of a sequence of n message bytes, to be encrypted. Let P = (p1, p2, . . . , pn) denote a pad, consisting of a coresponding sequence of (randomly chosen) "pad bytes" (key bytes).

In the usual one-time pad, the sequence C = (c1, c2, . . . , cn) of ciphertext bytes is obtained by xor-ing each message byte with the corresponding pad byte:
ci = mi ⊕ pi, for i = 1 . . . n .

When we talk about more than one message, we will denote the messages as M1, M2, . . . , Mk and the bytes of message Mj as mji, namely Mj = (mj1, . . . , mjn); we'll also use similar notation for the corresponding ciphertexts.

(a) Here are two 8-character English words encrypted with the same "one-time pad". What are the words?
e9 3a e9 c5 fc 73 55 d5 f4 3a fe c7 e1 68 4a df
Describe how you figured out the words.

(b) Ben Bitdiddle decided to fix this problem by making sure that you can't just "cancel" pad bytes by xor-ing the ciphertext bytes.
In his scheme the key is still as long as the ciphertext. If we define c0 = 0 for notational convenience, then the ciphertext bytes c1, c2, . . . , cn are obtained as follows:
ci = mi ⊕ ((pi + ci-1) mod 256) .
That is, each ciphertext byte is added to the next key byte and the addition result (modulo 256) is used to encrypt to the next plaintext byte.
Ben is now confident he can reuse his pad, since (ki + ci-1) mod 256 will be different for different messages, so nobody would be able to cancel the ki's out. You are provided with otp-feedback.py, which contains an implementation of Ben's algorithm.
You are also given the file tenciphs.txt, containing ten ciphertexts C1, C2, . . . , C10 produced by Ben, using the same pad P . You know that these messages contain valid English text.

Submit the messages and the pad, along with a careful explanation of how you found them, and any code you used to help find the messages. The most important part is the explanation.

Problem 1-3. Detecting Pad Reuse

In the previous problem, we saw how to attack a scheme in which a one-time pad, or a scheme like it, is reused. This problem will walk you through how rare pad reuse for the standard one-time pad (not the previous part's scheme) can be efficiently detected. We will look at the extreme case in which a pad is reused just once.

The following fact may be useful in this problem: Let Rp(n) be the longest run of heads in n coin ?ips, each of which is heads with probability p. With high probability as n grows, Rp(n) is between log 1 n log 1/Pn - log 1/P ln ln n and log 1/P n + log 1/P ln n. Note: you are not responsible for this paper; it is provided as a reference only.

(a) Suppose you are given poly(n) n-bit ciphertexts c1, . . . , cl, each of which are properly encrypted with an independently uniformly randomly chosen one-time pad. Show that with high probability, the length of the longest repeated bitstring (i.e. a substring of both ci and cj for some i = j) is less than log2 n + log2 ln n.

(b) We have collected data on the average length of the longest run of identical characters in identical positions in passages of English text by randomly sampling from the collected works of American writer Winston Churchill.

How do these run lengths compare to the previous part's upper bound on the longest repeated bitstring if English plaintext is US-ASCII encoded?

(c) Assume that each pair of plaintexts does share a long common run of identical characters, and any pair of ciphertexts with independently chosen pads does not. Show that given poly(n) n-bit ciphertexts with total length N and one instance of pad reuse, you can find the two ciphertexts which share a key in time which is O˜(N ) in the total ciphertext length. This means that your solution should run in O(N logc N ) time for some constant c.

Hint: You may wish to read about and use suffix trees in your solution. They are a type of tree which store all of the suffixes of an n-character string, can be constructed in O(n log n) time and can be used, among other things, to find a string's longest repeated substring in linearithmic time by finding the deepest non-leaf node. Note that longest repeated substring isn't exactly what you need to solve this problem. If you're not familiar with suffix trees, you may or may not find suffix arrays simpler and easier to understand.

Reference no: EM133286104

Questions Cloud

Explain why the model is important for investigators : In the text, we learned that the items most often stolen in robberies fit into the CRAVED model. Explain why the model is important for investigators
Determine the payback period and internal rate of return : FNCE 623 Financial Management, University Canada West Determine the payback period, internal rate of return and net present value. Based on your analysis
Is home confinement with electronic monitoring a deterrent : CJBS 300Is home confinement with electronic monitoring a deterrent? Are there negatives to being confined to one's home
What the priorities for each phase for event you selected : Considering the four phases of emergency management, what are the priorities for each phase for the event you selected
Write a security policy for a distributed version control : 6.857 Network and Computer Security - Massachusetts Institute of Technology - Write a security policy for a distributed version control hosting site
Identify traits and characteristics of successful leaders : Identify traits and characteristics of successful leaders. Is it (Leadership) a skill anyone can develop? Discuss how important is it to organizational success
Faith-based tool for substance use counselors : Is Solution focused a faith-based tool for substance use counselors? If not, what is a faith-based tool that a counselor may use in sessions?
Explain each component in four phase of emergency management : Explain each component in the four phases of emergency management. Describe local, state, and national emergency preparedness resources or plans
Making processes increase the participation of aboriginal : How can consultation with community representatives and community participation in decision-making processes increase the participation of Aboriginal

Reviews

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd