Security
Question 1 |
Anarkali digitally signs a message and sends it to Salim. Verification of the signature by Salim requires
Anarkali's public key. | |
Salim's public key. | |
Salim's private key. | |
Anarkali's private key. |
Question 2 |
Consider that B wants to send a message m that is digitally signed to A. Let the pair of private and public keys for A and B be denoted by Kx- and Kx+ for x = A,B, respectively. Let Kx(m) represent the operation of encrypting m with a key Kx and H(m) represent the message digest. Which one of the following indicates the CORRECT way of sending the message m along with the digital signature to A?
 | |
 | |
 | |
 |
Message digest is a hash value generated by applying a function on it.
Message digest is encrypted using private key of sender, so it can only be decrypted by public key of sender.
This ensures that the message was sent by the known sender.
Message digest is sent with the original message to the receiving end, where hash function is used on the original message and the value generated by that is matched with the message digest.
This ensures the integrity and thus, that the message was not altered.
Digital signature uses private key of the sender to sign message digest.
Question 3 |
(I) S can launch a birthday attack to replace m with a fraudulent message.
(II) A third party attacker can launch a birthday attack to replace m with a fraudulent message.
(III) R can launch a birthday attack to replace m with a fraudulent message.
Which of the following are possible security violations?
(I) and (II) only | |
(I) only | |
(II) only | |
(II) and (III) only |
(I) Can the sender replace the message with a fraudulent message?
Yes, definitely because the sender will encrypt the message with its private key.
It can encrypt another message also with its private key.
(II) Can the third party send a fraudulent message?
No, because the third party doesn't know about the private key of the sender.
(III) Can receiver send the fraudulent message?
No, the receiver also doesn't know about the Private key of the sender.
So receiver also cannot send the fraudulent message.
Question 4 |
An IP machine Q has a path to another IP machine H via three IP routers R1, R2, and R3.
Q—R1—R2—R3—H
H acts as an HTTP server, and Q connects to H via HTTP and downloads a file. Session layer encryption is used, with DES as the shared key encryption protocol. Consider the following four pieces of information:
[I1] The URL of the file downloaded by Q [I2] The TCP port numbers at Q and H [I3] The IP addresses of Q and H [I4] The link layer addresses of Q and H
Which of I1, I2, I3, and I4 can an intruder learn through sniffing at R2 alone?
Only I1 and I2 | |
Only I1 | |
Only I2 and I3 | |
Only I3 and I4 |
An Intruder can learn [I2] through sniffing at R2 because Port Numbers are encapsulated in the payload field of IP Datagram.
An Intruder can learn [I3] through sniffing at R2 because IP Addresses and Routers are functioned at network layer of OSI Model.
An Intruder can’t learn [I4] through sniffing at R2 because it is related to Data Link Layer of OSI Model.