Cryptographic Applications - Everyday Cryptography

Cryptography Reference

In-Depth Information

3 . The security provided by SSL to secure a web session depends, partially, on the

handling of the underlying public-key certificates.

(a) Explain how an SSL client can determine whether a server that they are

communicating with has supplied them with a valid public-key certificate

during the SSL Handshake Protocol.

(b) A university department decides to self-sign a public-key certificate for its

own web server. What might go wrong when a prospective student tries to

establish an SSL-protected connection with the departmental web server?

(c) A local government office decides to use a third-party payment provider to

process payments for electronic services offered through the government

website. What might go wrong when a local resident tries to make a secure

payment from the government website using SSL?

(d) Comment on the extent to which you think that the way in which current

web browsers manage certificate problems that arise during SSL sessions

is effective.

4 . SSL is generally regarded as a well-designed protocol.

(a) Explain why the use of SSL does not necessarily prevent phishing attacks.

(b) To what extent do you regard this as a design failure of SSL itself, or the

wider system in which it is deployed?

5 . SSL provides a secure channel at the Transport Layer of the Internet Protocol

Suite. On the other hand, SSH provides a secure channel at the Application

Layer and IPsec provides a secure channel at the Internet Layer. By reading

up about SSH and IPsec, compare SSL with SSH and IPsec from the

perspective of:

(a) Security services provided;

(b) Cryptographic primitives and algorithms supported;

(c) Examples of real-world use of the protocols;

(d) Key management requirements.

6 . Consider the following statement: The design of WEP is not fundamentally

flawed, but rather represents a misjudged efficiency-security tradeoff .By

considering the flaws in WEP, to what extent do you support this statement?

7 . CCMmode is adopted by a number of wireless network applications, including

WPA2. Find a description of CCM mode and explain, with the aid of diagrams,

how CCMmode encryption/authentication and decryption/verification work.

8 . GSM and UMTS both provide a degree of security to users of mobile phone

technology.

(a) Explain the role of the SIM card in GSM/UMTS security.

(b) What potential threats to mobile phone users do the security mechanisms

in GSM and UMTS not provide any protection against?

(c) Why do GSM and UMTS not employ public-key cryptography?

Search WWH ::

Custom Search

Home