Professional Documents
Culture Documents
1. How many keys are required for two people to communicate via a
symmetric cipher?
Answer: Sender and receiver use the same key, so only one key is required.
2. What are the two principal requirements for the secure use of symmetric
encryption?
Answer: Two requirements for secure use of symmetric encryption:–
I. a strong encryption algorithm.
II. a secret key known only to sender / receiver.
Y = EK(X).
X = DK(Y).
•Assume encryption algorithm is known.
•Implies a secure channel to distribute key.
Answer: (a) A hash code is computed from the source message, encrypted using symmetric
encryption and a secret key, and appended to the message. At the receiver, the same hash
code is computed. The incoming code is decrypted using the same key and compared with
the computed hash code. (b) This is the same procedure as in (a) except that public-key
encryption is used; the sender encrypts the hash code with the sender's private key, and the
receiver decrypts the hash code with the sender's public key. (c) A secret value is appended
to a message and then a hash code is calculated using the message plus secret value as input.
Then the message (without the secret value) and the hash code are transmitted.
The receiver appends the same secret value to the message and computes the hash value
over the message plus secret value. This is then compared to the received hash code.
5. Assume that you want to make the message available to the users who are
authorized to read the respective message. Each message contains some
confidential data; therefore, instead of sending the plain text to each user,
you decided to encrypt each message using secret key encryption and make
the encrypted messages available for read. You need to distribute the
encryption keys with the encryption methods to the authorized users. The
communication channel between the users and the website is insecure;
however, the pubic keys of the users are encrypted through double
encryption methods for 2-layer of authentication mechanism and convert
into cipher text as follows.
Plain Text Message:
Method 1: Method 2: Cipher Text
?
Transposition
Substitution Cipher
FIVE RED BALLONS Key: 16
Cipher
Key: 56410
b) What’s wrong with the shift cipher? Provide any three reasons.
Answer: Shift cipher disadvantages:
The main weakness of the Shift cipher is the fact that there are only 26 keys.
Ciphertext alphabets, one of which is the identity mapping that leaves the plaintext
unaltered.
6. Information security program development and implementation is not a
simple process, but it is an absolutely essential and on-going process;
particularly if your organization is responsible for maintaining the integrity,
availability, and confidentiality of customer information or business-critical
data. Explain TWO approaches with the help of a valid diagram to
Information Security Implementation in any organization.
Answer: The Information Security Triad: Confidentiality, Integrity, Availability
(CIA)
Confidentiality:
When protecting information, we want to be able to restrict access to those who are allowed
to see it; everyone else should be disallowed from learning anything about its contents. This
is the essence of confidentiality. For example, federal law requires that universities restrict
access to private student information. The university must be sure that only those who are
authorized have access to view the grade records.
Integrity:
Integrity is the assurance that the information being accessed has not been altered and truly
represents what is intended. Just as a person with integrity means what he or she says and
can be trusted to consistently represent the truth, information integrity means information
truly represents its intended meaning. Information can lose its integrity through malicious
intent, such as when someone who is not authorized makes a change to intentionally
misrepresent something. An example of this would be when a hacker is hired to go into the
university’s system and change a grade.
Integrity can also be lost unintentionally, such as when a computer power surge corrupts a
file or someone authorized to make a change accidentally deletes a file or enters incorrect
information.
Availability:
Information availability is the third part of the CIA triad. Availability means that information
can be accessed and modified by anyone authorized to do so in an appropriate timeframe.
Depending on the type of information, appropriate timeframe can mean different things. For
example, a stock trader needs information to be available immediately, while a sales person
may be happy to get sales numbers for the day in a report the next morning. Companies such
as Amazon.com will require their servers to be available twenty-four hours a day, seven days
a week. Other companies may not suffer if their web servers are down for a few minutes
once in a while.
Explanation:
Malicious Software is becoming a significant threat to information security. Using manual anti-
malware techniques cannot meet the demand because of the very large volume of malicious
software. So there is a need for automated classification of malware so that they can be
identified easily by computer systems automatically.
References
Islam, R., Tian, R., Batten, L., & Versteeg, S. (2010, July). Classification of malware based on
string and function feature selection. In 2010 Second Cybercrime and Trustworthy Computing
Workshop (pp. 9-17). IEEE.