Cryptography Reference
In-Depth Information
9
. Mobile phones are becoming more general computing platforms, with more
and more functionality and support for applications. What implications do
you think this has for the future functionality, security and management of
cryptography on mobile phones?
10
. EMV is largely based on a symmetric key infrastructure.
(a) Explain precisely where, and why, EMV uses public-key cryptography.
(b) Identify which operations within EMV essentially provide non-repudiation,
and justify the cryptographic mechanisms used by EMV to provide this
service.
(c) Why does EMV not currently deploy AES?
11
. EMV cards are supported online by 3DSecure, which replaces a previous
architecture known as
Secure Electronic Transactions
(SET).
(a) Briefly explain the main cryptographic design features of SET and explain
why it did not become well established.
(b) Identify the main features of 3DSecure that have led to its successful
adoption on a large scale.
12
. Find an example of an application supporting EMV-CAP.
(a) Provide some details on how EMV-CAP is used to support the overall
security requirements of that application.
(b) What advantages are there of using EMV-CAP for your application as
opposed to other authentication technologies?
13
. Broadcast networks have some very specific properties. Explain how the
nature of a broadcast channel provides particular challenges to the design of a
cryptographic architecture to support a broadcast application.
14
. Recall the various issues that we discussed in Chapter 7 concerning the use
of digital signatures in practical applications. Which of these issues do you
regard as being the most significant when using a Belgian eID card to provide a
non-repudiation service?
15
. The Belgian eID card issuing process is complex and involves several different
organisations.
(a) Identify the different organisations involved and explain what role they each
play in the process.
(b) Why are these various roles provided by
different
organisations?
16
. Belgium is not the only country to issue identity cards that have cryptographic
capability to its citizens. Find another example of a national identity card scheme
based on smart cards and attempt to find out:
(a) what functionality the card is intended to have;
(b) what security services it requires;
(c) what cryptography it deploys;
