Question

In this problem we will compare the security services that are provided by digital signatures (DS) and hashed message authentication codes (HMAC). Alice and Bob are communicating over the Internet. We assume that Oscar Hacker is able to observe all messages sent from Alice to Bob and vice versa. Oscar has no knowledge of any key but only knows the public keys used for the DS.

State whether and how (a) DS and (b) HMAC protect against each attack.

Suppose that the value auth(x) is computed with a DS or a HMAC algorithm, respectively.

1. Message integrity:

Alice sends a message x

x = “Transfer $1000 to Mark”

in the clear and also sends auth(x) to Bob. Oscar intercepts the message and replaces “Mark” with “Oscar.”

a-Will Bob detect this if auth(x) is computed with DS?

b-Will Bob detect this if auth(x) is computed with HMAC?

2. Replay:

Alice sends a message

   x = “Transfer $1000 to Oscar”

in the clear and also sends auth(x) to Bob. Oscar observes and captures the message and signature. Then Oscan sends them 3 times to Bob.

a-Will Bob detect this if auth(x) is computed with DS?

b-Will Bob detect this if auth(x) is computed with HMAC?

3. Sender authentication with cheating third party:

Oscar claims that he sent some message x with a valid auth(x) to Bob but Alice claims the same.

a-Can Bob clear the question if auth(x) is computed with DS?

b-Can Bob clear the question if auth(x) is computed with HMAC?

4. Nonrepudiation:

Bob claims that he received a message x with a valid signature auth(x) from Alice (e.g., “Transfer $1000 from Alice to Bob”) but Alice claims she has never sent it.

a-Can Alice clear this question if auth(x) is computed with DS?

b-Can Alice clear this question if auth(x) is computed with HMAC?

Answer 1

Ans 1. Message integrity

(A) Bob will be able to detect this if auth(x) is computed with DS because auth (x) will not be match with x.

(B) Bob will be able to detect this if auth(x) is computed with HMAC because auth (x) will not be match with x.

Ans 2. Replay

(A) Bob will not be able to detect this if auth(x) is computed with DS untill auth(x) sequence number is not changed.

(B) Bob will not be able to detect this if auth(x) is computed with HMAC untill auth(x) sequence number is not         changed.

Ans 3. Sender authentication with cheating third party

(A) Bob can easily clear this question if auth(x) is computed with DS because alice's generates two key one is private and other one is public. Private key used by alice to encrypt the message and Public key is used by bob to detect the message is legitimate or not once the public and private key match then it only be considered as a legitimate sender.

(B) Bob can easily clear this question if auth(x) is computed with HMAC because bob and alice both has the same key to make the auth(x) of message if the oscar able to make valid auth(x) but it will not authenticate by bob's auth(x).

Ans 4. Nonrepudiation

(A) Alice can easily clear this question if auth(x) is computed with DS beccause as i said earlier alice generates two key one is public other one is private key . Private key is to make the auth(x). and public key is to authenticate the auth(x). so we can conclude that alice can be able to make auth(x) only.

(B) Bob will not be able to detect this if auth(x) is computed with HMAC because bob and alice both has the same key to make the auth(x) and verifying it. To prevent this there is a requirement of different key to verify the auth(x).

Pleaase hit the like button if you find this helpful for you THANK YOU AND HAPPY LEARNING!!