This distinction reflects the difference between a communication and a user invo

Question

This distinction reflects the difference between a communication and a user
involved in that communication. Alice has a cryptographic key used specifically to
exchange information with Bob. This key does not change over interactions with
Bob. However, if Alice communicates twice with Bob (and “communication” can be
with, for example, an e-mail or a Web browser), she does not want to use the same
key to encipher the messages. This limits the amount of data enciphered by a single
key and reduces the likelihood of an eavesdropper being able to break the cipher. It
also hinders the effectiveness of replay attacks. Instead, she will generate a key for
that single session. That key enciphers the data only; it does not authenticate either
principal, and it is discarded when the session ends. Hence, the name “session key.”

Session keys also prevent forward searches [830]. A forward search attack
occurs when the set of plaintext messages is small. The adversary enciphers all plaintexts
using the target’s public key. When ciphertext is intercepted, it is compared
with the precomputed texts. This quickly gives the corresponding plaintext. A randomly
generated session key, used once, would prevent this attack.

An interchange key is associated with a principal. Alice can use the key she
shares with Bob to convince Bob that the sender is Alice. She uses this key for all
sessions. It changes independently of session initiation and termination.

1. Reconsider the case of Alice and her stockbroker, Bob. Suppose they
decide not to use a session key. Instead, Alice pads the message (BUY or
SELL) with random data. Explain under what conditions this approach
would be effective. Discuss how the length of the block affects your
answer.

Also, show how Cathy attacks in the case. Then, show why using random pads can defeat the attack. Then, discuss how the length of the random pads affects the security.

Explanation / Answer

i've done this in eclipse, here is the code:

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;

import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

public class AES {

private static SecretKeySpec secretKey;
private static byte[] key;

public static void setKey(String myKey)
{
MessageDigest sha = null;
try {
key = myKey.getBytes("UTF-8");
sha = MessageDigest.getInstance("SHA-1");
key = sha.digest(key);
key = Arrays.copyOf(key, 16);
secretKey = new SecretKeySpec(key, "AES");
}
catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
}

public static String encrypt(String strToEncrypt, String secret)
{
try
{
setKey(secret);
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
return Base64.getEncoder().encodeToString(cipher.doFinal(strToEncrypt.getBytes("UTF-8")));
}
catch (Exception e)
{
System.out.println("Error while encrypting: " + e.toString());
}
return null;
}

public static String decrypt(String strToDecrypt, String secret)
{
try
{
setKey(secret);
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
return new String(cipher.doFinal(Base64.getDecoder().decode(strToDecrypt)));
}
catch (Exception e)
{
System.out.println("Error while decrypting: " + e.toString());
}
return null;
}

public static void main(String[] args)

{

final String secretKey = "mysecretkey@1234";

String originalString = "Hi this is test message";

String encryptedString = AES.encrypt(originalString, secretKey) ;

String decryptedString = AES.decrypt(encryptedString, secretKey) ;

System.out.println(originalString);

System.out.println(encryptedString);

System.out.println(decryptedString);

}
}

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.