Compare the security services provided by a digital signature (DS) with those of a message authentication code (MAC). Assume that Oscar can observe all messages sent between Rina and Naseem. Oscar has no knowledge of any keys but the public one, in the case of DS. State whether DS and MAC protect against each attack and, if they do, how. The value auth(x) is computed with a DS or a MAC algorithm. In each scenario, assume the message M = x#####auth(x). (Message integrity) Rina has the textual data x = “Transfer $1000 to Mark” to send to Naseem. To ensure the integrity of the data, Rina generates auth(x), forms a message M, and then sends M in cleartext to Naseem. Oscar intercepts the message and replaces “Mark” with “Oscar.” Will Naseem detect this in the case of either DS or MAC? If yes, how will Naseem detect it? If not, why? (Replay) Rina has the textual data x = “Transfer $1000 to Mark” to send to Naseem. To ensure the integrity of the data, Rina generates auth(x), forms a message M, and then sends M in cleartext to Naseem. Oscar observes the message and signature and sends them to Naseem 100 times. Will Naseem detect this? If yes, how will he detect it? If not, what change(s) can Rina make to the message so Naseem can detect such a replay attack? (Sender authentication with a cheating third party) Oscar claims he sent message M to Naseem, while Rina claims she sent message M to Naseem. Can Naseem tell who really sent him the only copy of message M he received? If Naseem cannot tell, what changes can be made to the message? (Authentication with Naseem cheating) Naseem claims he received message M, but Rina claims she never sent such a message. Can Rina resolve this question in the case of either DS or MAC? If yes, how can Rina do so? If no, why not?

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter2: Compliance: Law And Ethics

Section: Chapter Questions

Problem 1EDM

See similar textbooks

Related questions

Question

Compare the security services provided by a digital signature (DS) with those of a message authentication code (MAC). Assume that Oscar can observe all messages sent between Rina and Naseem. Oscar has no knowledge of any keys but the public one, in the case of DS. State whether DS and MAC protect against each attack and, if they do, how. The value auth(x) is computed with a DS or a MAC algorithm. In each scenario, assume the message M = x#####auth(x).

(Message integrity) Rina has the textual data x = “Transfer $1000 to Mark” to send to Naseem. To ensure the integrity of the data, Rina generates auth(x), forms a message M, and then sends M in cleartext to Naseem. Oscar intercepts the message and replaces “Mark” with “Oscar.” Will Naseem detect this in the case of either DS or MAC? If yes, how will Naseem detect it? If not, why?
(Replay) Rina has the textual data x = “Transfer $1000 to Mark” to send to Naseem. To ensure the integrity of the data, Rina generates auth(x), forms a message M, and then sends M in cleartext to Naseem. Oscar observes the message and signature and sends them to Naseem 100 times. Will Naseem detect this? If yes, how will he detect it? If not, what change(s) can Rina make to the message so Naseem can detect such a replay attack?
(Sender authentication with a cheating third party) Oscar claims he sent message M to Naseem, while Rina claims she sent message M to Naseem. Can Naseem tell who really sent him the only copy of message M he received? If Naseem cannot tell, what changes can be made to the message?
(Authentication with Naseem cheating) Naseem claims he received message M, but Rina claims she never sent such a message. Can Rina resolve this question in the case of either DS or MAC? If yes, how can Rina do so? If no, why not?

Expert Solution