Cryptographic Applications - Everyday Cryptography

Cryptography Reference

In-Depth Information

(d) how the necessary keys are managed;

(e) how the card protects the data contained on it.

17 . Full disk encryption is an option for users who are concerned that their

computer disk might be accessed or stolen.

(a) Explain at least three different ways in which an attacker could overcome

basic login password protection on a laptop in order to access the files on

the machine.

(b) Why, in general, do you think data origin authentication is not a requirement

for file encryption systems?

(c) Describe one of the modes of operation that has been proposed for full disk

encryption and explain what properties it has that are particularly suitable

for this type of application.

18 . File encryption is supported by many operating systems and third-party

software applications.

(a) Explain why most file encryption mechanisms use hybrid encryption.

(b) Select an example of a file encryption mechanism using hybrid encryption

and explain:

i. how a user accesses an encrypted file;

ii. which encryption algorithms are supported;

iii. where the user's private key is stored;

iv. what mechanisms exist to support a user who has lost their private key (or forgotten

how to activate it).

19 . Discuss the relative advantages and disadvantages of using full disk encryption,

virtual disk encryption and file encryption from:

(a) a security perspective;

(b) a usability perspective;

(c) a management perspective.

20 . Amongst the most important data managed by home users is personal data

relating to information such as contact information, usernames and passwords.

A number of commercial and open source products exist to assist usersmanage

and secure this type of personal data. Choose an example of a technology

that claims to protect personal data on a portable device. Write a short report

commenting on the securitymechanisms (including cryptographicmechanisms)

deployed and the extent to which personal data is protected in the event that

the portable device is stolen.

21 . We discussed email security from the perspective of a home user securing email

through the use of a standard email client.

(a) Compare the security of email accessed through an OpenPGP-compliant

email client with that of email accessed via an SSL-protected channel to a

webmail application.

Search WWH ::

Custom Search

Home