Question

Part 1: In each of the following scenarios, tell whether there is a violation of confidentiality, integrity, or availability, or some combination of the three. In addition, for each item, write a two- or three-sentence paragraph explaining why your answer is correct.

Alex disables Barbara's router by logging in remotely with the manufacturer's default password.

Mallory builds a WiFi jammer using plans she found on the Internet and jams wireless signals over a large part of her apartment building.

Charlene uses a key logger to capture Darla's banking password.

Eve rewrites the magetic stripe on a gift card to change the amount from $10 to $100.

(Adapted from an exercise in Bishop, Matt, Introduction to Computer Security.)

Part 2: Distinguish among vulnerability, exploit, threat, risk, and control mechanism (called "countermeasure" in chapter one of the text) in five brief paragraphs. If you do any research outside the textbook, which you are encouraged to do, be sure to cite your sources. You can see how to do that in An Example of Proper Writing in the "Required Reading" section.

Part 3: Using the tool at http://www.fileformat.info/tool/hash.htm, compute the SHA-256 checksum of the MS-Word file that is your work on this assignment so far, or some similar file if you don't have that one available. Copy the calculated cryptographic hash into Windows Notepad or word processing document to save it temporarily. Now change one character from a capital to a lowercase letter or vice-versa in the original document, re-save, and recompute the the cryptographic hash. Paste the old and new cryptographic hashes into your homework document. Be sure to identify which one is before and which is after.

Using the information from the textbook, explain at least two uses for a cryptographic hash, and explain how the experiment you just performed confirms those uses.

Do some research and explain in a paragraph or so what a "hash collision" is. Be sure to cite your research.

Part 4: Explain in a couple of paragraphs how public key encryption can be used to implement a digital signature. Be sure you are very clear on when a private key is used and when a public key is used.

Part 5: Generally, a digital signature involves encrypting a cryptographic hash, or digest, generated from the message. Explain why we do we not encrypt the message itself. You can answer this question in one sentence.

Part 6: For each of the following scenarios below, tell what type of encryption is most appropriate and in a sentence or two explain the reasoning for your choice.

Alice wants to send a confidential message to Bill, whom she has never met and who lives in a distant country.

Charlie wants to be sure that no one but he can see the financial and medical records he has stored on his computer.

David needs a way to check that large computer files stored on corporate servers have not been modified.

Eddard uses a "cloud" backup service; he wants to be sure the operators of the service cannot read his files.

Frank needs to send a message to George. The message need not be confidential, but George must be assured that it actually came from Frank.

Answer 1

Part 1:

a.) When Alex disables Barbara's root, it results in violation of availability as she is not able to connect her system to outside network till router is disabled.

b.) While using jammer, it causing violation of confidentiality as now she can see the data that is not intended to her.

c.) Similarly, key logger is used to get the private data such passwords therefore it also cause violation of confidentiality.

d.) Rewriting the rate results in violation of integrity as data is getting tampered in this case.

Part 4:

In digital signature, user digitally signed the data or encrypted the data using his private keywhile receiver verifies the signature using user's public key.

Part 5:

Possible reason for encrypting hash function rather than message itself is message is very large in size in comparison of hash key.

Part 6:

a.) In that case, Alice can public key encryption method. He can use Bill's public key to encrypt the message and send to him. We know message can be decrypted using Bill's private key and since only Bill has access to its private key, only he can decrypt the message.

b.) Charlie can use one-key encryption method as only he has access to that key then no one other than himself can see the actual data.

c.) In order to preserve integrity of the data, David can use hash function to convert the whole data into a message digest.

d.) In order to ensure that message is came from the intended person, Frank can digitally sign the message using his private key and at the receiving end George can verify it using Frank's public key.