Question

In: Computer Science

In this problem we will compare the security services that are provided by digital signatures (DS)...

In this problem we will compare the security services that are provided by digital signatures (DS) and hashed message authentication codes (HMAC). Alice and Bob are communicating over the Internet. We assume that Oscar Hacker is able to observe all messages sent from Alice to Bob and vice versa. Oscar has no knowledge of any key but only knows the public keys used for the DS.

State whether and how (a) DS and (b) HMAC protect against each attack.

Suppose that the value auth(x) is computed with a DS or a HMAC algorithm, respectively.

1. Message integrity:

Alice sends a message x

x = “Transfer $1000 to Mark”

in the clear and also sends auth(x) to Bob. Oscar intercepts the message and replaces “Mark” with “Oscar.”

a-Will Bob detect this if auth(x) is computed with DS?

b-Will Bob detect this if auth(x) is computed with HMAC?

2. Replay:

Alice sends a message

   x = “Transfer $1000 to Oscar”

in the clear and also sends auth(x) to Bob. Oscar observes and captures the message and signature. Then Oscan sends them 3 times to Bob.

a-Will Bob detect this if auth(x) is computed with DS?

b-Will Bob detect this if auth(x) is computed with HMAC?

3. Sender authentication with cheating third party:

Oscar claims that he sent some message x with a valid auth(x) to Bob but Alice claims the same.

a-Can Bob clear the question if auth(x) is computed with DS?

b-Can Bob clear the question if auth(x) is computed with HMAC?

4. Nonrepudiation:

Bob claims that he received a message x with a valid signature auth(x) from Alice (e.g., “Transfer $1000 from Alice to Bob”) but Alice claims she has never sent it.

a-Can Alice clear this question if auth(x) is computed with DS?

b-Can Alice clear this question if auth(x) is computed with HMAC?

Solutions

Expert Solution

Ans 1. Message integrity

(A) Bob will be able to detect this if auth(x) is computed with DS because auth (x) will not be match with x.

(B) Bob will be able to detect this if auth(x) is computed with HMAC because auth (x) will not be match with x.

Ans 2. Replay

(A) Bob will not be able to detect this if auth(x) is computed with DS untill auth(x) sequence number is not changed.

(B) Bob will not be able to detect this if auth(x) is computed with HMAC untill auth(x) sequence number is not         changed.

Ans 3. Sender authentication with cheating third party

(A) Bob can easily clear this question if auth(x) is computed with DS because alice's generates two key one is private and other one is public. Private key used by alice to encrypt the message and Public key is used by bob to detect the message is legitimate or not once the public and private key match then it only be considered as a legitimate sender.

(B) Bob can easily clear this question if auth(x) is computed with HMAC because bob and alice both has the same key to make the auth(x) of message if the oscar able to make valid auth(x) but it will not authenticate by bob's auth(x).

Ans 4. Nonrepudiation

(A) Alice can easily clear this question if auth(x) is computed with DS beccause as i said earlier alice generates two key one is public other one is private key . Private key is to make the auth(x). and public key is to authenticate the auth(x). so we can conclude that alice can be able to make auth(x) only.

(B) Bob will not be able to detect this if auth(x) is computed with HMAC because bob and alice both has the same key to make the auth(x) and verifying it. To prevent this there is a requirement of different key to verify the auth(x).

Pleaase hit the like button if you find this helpful for you THANK YOU AND HAPPY LEARNING!!


Related Solutions

Part 01 It is stated that digital signatures are more secure than handwritten signatures. Give three...
Part 01 It is stated that digital signatures are more secure than handwritten signatures. Give three (3) arguments to support the above statement and one (1) argument to counter the above statement. Part 02 Briefly explain two (02) advantage of a Public Key Cryptosystem (PKC) over asymmetric cryptosystem (shared secret key) from the perspective of networking.
Today, several security services are increasingly provided as common security services. These include audit and monitoring...
Today, several security services are increasingly provided as common security services. These include audit and monitoring services, authentication services, access management services, directory services, and a variety of detection, prevention, and mitigation services. What is meant by common security services, and what advantage and disadvantage do they provide when compared to commodity security controls?
Compare the attestation services provided by independent professionals with other assurance services provided by CPAs. Next,...
Compare the attestation services provided by independent professionals with other assurance services provided by CPAs. Next, discuss at least two goals of each service and how the service contributes to decreasing the risk of reporting errors or misstatements in financial statements. Provide the underlying principles supporting your response. Evaluate the effectiveness of the current quality control standards and practices in the accounting profession. Next, identify at least one standard or practice that merits improvement and the corresponding improvements recommended.
In 800 words describe the digital signatures and certifying authorities including their relation to RSA Public...
In 800 words describe the digital signatures and certifying authorities including their relation to RSA Public and Private Key encryption.mathematics behind the technology, what are the major recognized authorities, and the likely future for this technology/business practice. Include digital signatures and certifying authorities including their relation to RSA Public and Private Key encryption. Please type A. Describe how its use in large companies B Compare the laws USA and other countries
in original words, please. In 800 words describe the digital signatures and certifying authorities including their...
in original words, please. In 800 words describe the digital signatures and certifying authorities including their relation to RSA Public and Private Key encryption.mathematics behind the technology, what are the major recognized authorities, and the likely future for this technology/business practice. Include digital signatures and certifying authorities including their relation to RSA Public and Private Key encryption. Please type A. Describe how its use in large companies B Compare the laws USA and other countries
3. When signing and verifying a plaintext document electronically using digital signatures, describe the function of...
3. When signing and verifying a plaintext document electronically using digital signatures, describe the function of the message digest or hash function in this process. Describe also how the X.509 Digital Certificate and the chain of trust concept could be related to digital signatures.
How has the protocol behind Digital Signatures changed in the last 20 years? Briefly discuss the...
How has the protocol behind Digital Signatures changed in the last 20 years? Briefly discuss the history and background of this issue, and the current and future impact on the Network Security and Cryptography field.
A brief description of three core business services provided by bank and security and privacy needs...
A brief description of three core business services provided by bank and security and privacy needs in relation to the bank’s core business services.
For many years, Sinclair Graphic Design has provided design and digital-printing services for indoor banners. The...
For many years, Sinclair Graphic Design has provided design and digital-printing services for indoor banners. The nylon banners, which come in a standard size, are used for a variety of purposes, including trade shows, sporting events, and other promotional activities. Three years ago, the company introduced a second printing and production service for outdoor banners that has become increasingly popular. The outdoor banners are a more complex product than the indoor banners, requiring weatherproof vinyl materials and a different printing...
Discuss how different types of encryption systems work, and explain how digital signatures provide the means...
Discuss how different types of encryption systems work, and explain how digital signatures provide the means for creating legally-enforceable contracts.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT