MSIT 3150-Assignment 4

docx

School

Clark University *

*We aren’t endorsed by this school

Course

3150

Subject

Computer Science

Date

Jan 9, 2024

Type

docx

Pages

5

Uploaded by PrivateMorning9896

Report
Assignment 4 Assignment 4 School of Professional Studies, Clark University MSIT3150-01-F23 : Security Architecture & Design Professor Peter Sullivan September 24, 2023 1. Question 1 1
Assignment 4 The solution used by Jim Doe does not address the security of sending the hash that appends a hash digest to each message does not provide data integrity is that while appending a hash digest to each message is a step in one direction specifically in the right. Therefore, it does not offer total data integrity, security and it does not enable authentication. An attacker might intercept the message, edit both the message and the attached hash, and then recompute the tampered message's hash. Although the receiver would see a legitimate hash, the message content would be compromised. In addition, this approach from Jim Doe is vulnerable to Collision Attacks and Communication. Appending a hash digest to messages does not assure total data integrity since it does not ensure safe transmission of the hash itself. Furthermore, it is vulnerable to collision attacks, in which attackers can identify two separate messages with the same hash and replace one with another without being noticed. These flaws reduce the method's capacity to ensure the integrity of received communications. Jim can use the different strategies to ensure data integrity without employing digital signatures or encryption for example: Shared Secret Key: To assure that both the sender and the recipient share a secret key. The sender can use this key to construct a MAC of the message and then add the MAC to the message. With the same secret key, the recipient may validate the MAC to assure message integrity. Checksums: While not as safe as cryptographic hashes, basic checksums such as CRC (Cyclic Redundancy Check) can be used to detect transmission issues. Timestamps: Jim may implement a timestamp in the communication, and the receiver can determine whether or whether the timestamp is within an acceptable time limit. If the 2
Assignment 4 timestamp on the communication is too outdated or too distant in the future, this might suggest manipulation. 2. Question 2 In the case where Frank has to securely communicate information to Nina, I would recommend that he make use of digital signatures and encryption to ensure data integrity, secrecy, authenticity, and non-repudiation. Digital Signature technique satisfies each condition as follows: Data integrity - Frank digitally signs the communication using his private key. Any changes to the message will render the signature invalid, allowing Nina to identify alterations. Confidentiality - Before signing, the message can be encrypted with Nina's public key to ensure that only Nina can view the contents. Authentication - Nina can confirm that the signature was made using Frank's private key, confirming that it originated with him. Non-repudiation - The signature establishes conclusively that Frank signed the communication, ensuring non-repudiation. He cannot subsequently deny sending the message. Frank uses his private key to sign the message, encrypts it with Nina's public key, and transmits the encrypted and signed message to Nina. She may then decode it with her private key and use Frank's public key to validate his signature. Here are the steps that the method is used between Frank and Nina using Digital Signature: 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Assignment 4 Generation of Key Pairs: The procedure starts with the creation of a key pair, consisting of a private key and a public key. Frank should be the only one who has access to the private key. The public key is made available to, Nina) who verify the digital signatures. Signing the document: Frank takes the message and generates a cryptographic hash of it using a secure hash function. Frank then uses his private key to encrypt the hash value, resulting in the digital signature. Message and Signature Delivery: Frank transmits the original message to Nina, complete with the digital signature. Verifying the Signature (From the Recipient's Point of View - Nina): Nina has received the message as well as the digital signature. Signature Encryption: Nina decrypts the digital signature with Frank's public key. This should yield the original message's hash value. The Received Message Hash: Nina uses the same secure hash function as Frank did to calculate the hash of the received message. Hashes Comparison: Nina checks the hash value for the received message to the hash value acquired from decrypting Frank's digital signature. Verification: If the two hash values match, the message was not tampered with during transmission and the signature is legitimate. Non-Repudiation and Authentication: Nina can be sure that the communication originated from Frank if the hash values match, authentication. Because only Frank holds the private key required to generate the digital signature, he cannot subsequently deny transmitting the message, non-repudiation. 4
Assignment 4 5

Related Documents

McCurley-Shimer_Assignment #2.docx
Lab 5 - Stego.docx
McCurley-Shimer_Assignment #3.docx
McCurley-Shimer_Assignment #1.docx
McCurley-Shimer_Assignment #6.docx
MSIT 3150 -Assignment 1.docx
T09.pdf
Salesforce Platform Developer I Certification Practice Questions and Answers.docx
2.3.11.pdf
Previous Resource 7.3.5 Compare an MD5 Hash.pdf
TPC3DQ1.docx
Discussion 5.docx
Recommended textbooks for you
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781285196145
Author:Steven, Steven Morris, Carlos Coronel, Carlos, Coronel, Carlos; Morris, Carlos Coronel and Steven Morris, Carlos Coronel; Steven Morris, Steven Morris; Carlos Coronel
Publisher:Cengage Learning
Text book image
Programming Logic & Design Comprehensive
Computer Science
ISBN:9781337669405
Author:FARRELL
Publisher:Cengage
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781305627482
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781285196145
Author:Steven, Steven Morris, Carlos Coronel, Carlos, Coronel, Carlos; Morris, Carlos Coronel and Steven Morris, Carlos Coronel; Steven Morris, Steven Morris; Carlos Coronel
Publisher:Cengage Learning
Text book image
Programming Logic & Design Comprehensive
Computer Science
ISBN:9781337669405
Author:FARRELL
Publisher:Cengage
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781305627482
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS