Two hours of reviewing the most recent flashcards once more and staring at flow diagrams for cryptographic procedures or access control systems, as the professor had occasionally reproduced one of them in exams and asked the students to add the proper labels, one point per correct label. Then one final time into one of those class rooms the CS department for some reason prefers for exams–13th floor, center of the building, no windows.
The first thing I saw was that mercifully the room was full of people I’d never seen before. Meaning they are students taking that exam for at least the second time, which in turn means, in my experience, that they will do badly, the overall results will be poor, and the exam has a good chance of being graded kindly. Good start. And then the professor took his time arriving, gave a little pep talk, said we had two hours to complete the exam, but he expected us to solve this set of trivial questions (he really said that) within 20 minutes or so. It was 11:20 or so when we finally got started, and by that time I was awfully fidgety, had low blood sugar, and my hands were shaking. Waiting too long for an exam to start does that to me.
And he must have been joking. Trivial? Yeah, there was one “warm-up” question (name and explain the three major security goals–that’s confidentiality, integrity, and availability) and one almost equally banal (what’s a digital certificate and name five things it must contain). Then we had to encrypt a short text with a polyalphatic Vigenère chiffre, and I already hated that because encrypting something you have no way of knowing if you got it right–if you’re decrypting on the other hand the resulting plain text should make sense and that’s a way of verification. Good thing though that I had practiced this just yesterday, even to the extent of exchanging ciphers with my recent practicum partner, and had come up with the idea of checking my own cipher text by decrypting it again. So I simply did the same in the exam and did indeed find a couple of errors in my encryption (seems I’m too stupid for modulo). Close one.
We had to explain what a Message Authentication Code (MAC) is and what it’s good for, describe the difference between a weak and a strong Hash algorithm (easy) and then name a strong one. That one I had to guess, going by the heuristics that the most recent I knew (SHA-3) should supposedly be stronger than earlier ones such as MD5 or SHA-1. And, as expected, one question was about block chiffres–explain the counter mode, draw a flow diagram, and name two advantages over one other mode, cipher block chaining, though I could think of only one and made up two other more or less bogus ones.
But one question baffled me at least initially. Evaluate a security strategy for a company that has only a central internet access point and installs virus scanners on all servers, but not on the clients. Virus scanners? What do I know about viruses and the internet? I totally had to guess and said something weak like you can get a virus other ways than from the company internet, say by plugging in a USB stick or using your company laptop in any old WLAN out there, and besides, viruses are not the only threats (but was that even the question?). Oh, and define a trojan horse, but that was easy.
And the remaining two questions were really nasty. One was on the Diffie-Hellman key exchange protocol where two people choose each a private number with which they exponentiate a shared (public) number (a generator), modulo another public (prime) number, exchange the results, exponentiate again with their respective own private number, and arrive at the same shared secret key without ever actually having exchanged it. Sheer genius! The exam question was, how does it work with three people? Of course, with a few minutes of reflection this could be solved, particularly since the order of exchanges in the resulting protocol was provided. You simply have three two-step exchanges where the second person exponentiates the result received from the first with their own private number and then sends the result on to the third. Since it’s still not the complete shared key, that’s not a problem. At the end of the three exchanges, each person has the generator exponentiated with the other two persons’ private numbers and simply exponentiates with their own third, and again all three share the same key.
But that took some thinking, and after the exam I learned to my surprise that almost nobody had figured it out, because they had not bothered to remember the Diffie-Hellman principle, working on the assumption that in an exam without a crib the professor can’t expect us to reproduce formulas. But then how can you understand Diffie-Hellman without knowing this simple (and brilliant) two-step procedure?
I had real problems with the final question though. We had to find a way for an attacker to authenticate himself in a system where clients exchange random numbers with the server, with each returning the other side’s number encrypted with the client’s key that’s known to both but not the attacker. Again, a hint was provided in that the attacker might open two parallel sessions and use the second to gain the client-key-encrypted server side random number for replay, and I finally figured it out: In the second session, send the server its own random number from the first session as your initial random number, and the server will, by way of authenticating itself, return that random number encrypted with the client key, which is just what you needed in the first place. Alright. Then we had to improve the protocol so to prevent that attack, and there I totally had to guess. My simplest solution was to encrypt the entire server reply again with the client key, so that the attacker, who does not know the key, can’t retrieve the server random number for the replay attack. But that was a total guess, and it’s entirely possible the professor had a different solution in mind. Or there are several. It’s hard to say, and I simply hope he will accept any solution that makes (some) sense.
But these two questions were really tough. In fact, from the five Altklausuren we had available, I would say ours came close to the one I had considered really unfair (among other things it asked for a detailed rewrite of the insanely bloated Kerberos authentication protocol in order to allow accessing a server in a different domain). The other four were an awful lot easier than either of these two, so in fact the Altklausuren, once again, had given us no real indication of what to expect in the exam.
It’s odd. The professor had said several times in the last weeks how much he had enjoyed working with our semester group because we were so active and interested. We certainly are (or were, for it’s time to start talking of this thing in the past tense). I suppose that at least subconsciously he wanted to do us justice in giving us an exam that contained some brain-teasers. But seriously, I could have done without that, and hope that the probably quite mixed results, particularly from those many students who took the exam without having attended the lecture, will provide a corrective for his expectations and his grading scheme. We’ll know in a little while, because he said he’d try to have the result within a fortnight, which would be a blessing. I so hate waiting for a grade.
One thing is true though, it didn’t take long to complete the exam. Almost everyone in our core group was done after an hour, by which time I had triple-checked all my answers and found no way of improving them.
One last time we went to the local pub after the last exam in a term. Nine of us, the remainder of a semester group that had started out 60 strong three years ago. We took a group picture to compare with the one we had done on the roof of the BT7 tower during orientation week in September 2015. Sadly not all of us are in the first picture, but a load of people are that have been gone for a long time. That gave us plenty of opportunity to talk about how we had lost them, and soon we were at general recollections of these six terms, of people, professors, exams, anecdotes. I suppose that’s how it starts. I can just see us doing this 10 years hence, if we’re all alive and still in the general Hamburg area. But we also talked shop and generally felt quite on top of things. After all, we have done it. We have come through. We have survived, where so many haven’t. Three years of computer science at UAS Hamburg have come to a close. At least for this group. For what’s left, we’re all on our own.