Cryptography Reference
In-Depth Information
exploited by attackers in order to attack computer systems, which is quite the
opposite intention of most cryptographic applications.
1
. Unauthorised access to information could also be reasonably described as
'stealing' information. What is one significant difference between 'stealing'
information and 'stealing' physical goods?
2
. Consider the two common (but analogous) scenarios of sending a letter in the
post and sending an email message.
(a) Write down a few lines that summarise the differences between these two
processes with respect to:
i. ease of creation of a message;
ii. ease of sending a message;
iii. ease of interception of a message;
iv. ease of forgery of a message;
v. ease of repudiation (denial of sending) of a message.
(b) Having outlined the differences in process, now comment in each case on
how the two scenarios differ with respect to the security mechanisms in
place at each stage.
(c) Is there an equivalent of
registered post
for sending an email?
(d) Is there an equivalent of
secure email
for sending a letter by post?
(e) In your opinion, which scenario is 'more secure' than the other?
3
. For each of the physical world and the electronic world, provide two examples
of the following:
(a) Two weak security mechanisms that, when adopted together, represent a
fairly strong security mechanism.
(b) A strong security mechanism that, when used incorrectly, becomes a weak
security mechanism.
(c) A strong security mechanism that, when used without an appropriate
security infrastructure, becomes a weak security mechanism.
4
. Provide an example of at least one application (if there are
any
such applications)
where:
(a) data integrity is more important than data confidentiality;
(b) entity authentication is more important than data origin authentication;
(c) entity authentication and data origin authentication are both required;
(d) data origin authentication is necessary but non-repudiation is not necessar-
ily required;
(e) data integrity is required but not data origin authentication;
(f) data origin authentication is required but not data integrity;
(g) entity authentication is provided using more than one mechanism.
