Question

Try to make it as simple as you can and explain as much as it needed.

1. What is Trusted Third Party (TTP)? What are the problems with TTP? (3 points)

Ans:

2. Using Caesar cipher algorithm and key value = 4, encrypt the plain text “Network Security”. Show your work.          (3 points)

Ans:

1. Let k be the encipherment key for a Caesar cipher. The decipherment key differs; it is 26 - k. One of the characteristics of a public key system is that the encipherment and decipherment keys are different. Why then is the Caesar cipher a classical cryptosystem, not a public key cryptosystem? Be specific.                                                 (3 points)

Ans:

2. A cryptographer once claimed that security mechanisms other than cryptography were unnecessary because cryptography could provide any desired level of confidentiality and integrity. Ignoring availability, either justify or refute the cryptographer’s claim. (3 points)

Ans:

3. How can you ensure Authentication using Challenge and Response method? Explain and give an example. (4 points)

Ans:

Answer 1

1) In cryptography a trusted third party is an entity which facilitates the communication of both the sender and reciever and both sender and receiver trusts this entity regarding their message integrity . TTPs are common in any number of commercial transactions and in cryptographic digital transactions as well as cryptographic protocols.

The main problem with TTPs is that you can only trust them as you dont have any physical essence, there is no way to verify if that system is operating in your interests, hence the need to trust it. Also the Trusted third party are sometimes security holes as if someone hacks these parties they can gain access to our personal informations and can use it negatively .

2)

3)

Ans. As above mentioned one of the characteristics of a public key system is that the encipherment and decipherment keys are different , thats true . But this doesnt make Caesar cipher as a public key cryptosystem

Because in public key cryptosystem the sender and the reciever both have 2 keys i.e Sender's Public key(known to receiver), Sender's private key (known only to him) , Receiver's public key(known to the sender) and Receiver's private key .

The sender will encrypt the message using the receiver's public key , and the receiver will decrypt using his own private key

this is the basic structure of a Public key Cryptography....which is not in the Case of Caesar cipher.  

4)

ans. I do not agree with the cryptographer beacuse cryptography may provide a desired level of confidentiality and integrity in terms of encipherment and decipherment . But this is not the only way in which the intruder can hack your data .

There are many aspect to security. Cryptography only handle one aspect, namely “Information Disclosure”.

You can encrypt your data all you want. What do you do if I format your hard-drive?

What do you do if I login as you (spoofing) to your bank and transfer all your money away?

So there are other ways in which the attack can happen .

Cryptography alone, cannot stop an end-point attack. You would need some additional tamper protection which could be supported by additional cryptology.

5)

The best example of Challenge and response method is the password authentication, where the challenge is asking for the password and the valid response is the correct password.

We can basically add or include multiple passwords to make it more safe with an identifier for each password so that whenever a person logs in he have to answer the identifier along with the respective password

Challenge-response authentication allows to prove that the user knows the password without revealing the password itself.It then computes the response by applying a cryptographic hash function to the server challenge combined with the user's password.