IT 549 Scenario 1 Assignment

Scenario 1

Random J. Protocol-Designer has been told to design a scheme to prevent messages from being modified by an intruder. Random J. decides to append to each message a hash of that message. Why does this not solve the problem?

A hash value is thought of like a “fingerprint for files”. These are processed through a cryptographic algorithm. “The hash value is produced identifies the contents of the file. Two algorithms are currently widely used to produce hash values: the MD5 and SHA1 algorithms”. Microsoft explains that a hash value is a “numeric value of a fixed length that uniquely identifies data. It represents large amounts of data as much smaller numeric values; they are used with digital signatures. They are useful for verifying the integrity of data sent through insecure channels”.

Random J.’s decision to append each message with a hash of that message doesn’t solve the problem because with anyone having the ability to append a hash to any of the messages, then this means a person with malicious intent can just as easily modify the message. They can then append that recomputed hash value, thus the modification can the go undetected.

Scenario 2

Suppose Alice,Bob, and Carol want to use a secret key technology to authenticate each other. If they all used the same secret technology to authenticate each other. If they all used the same secret key, K, then Bob could impersonate Carol to Alice (actually any of the three could impersonate the other to the third). Suppose instead that each had their own secret key; so Alice uses KA, Bob uses KB, and Carol uses KC. This means that each one, to prove his or her identity, responds to a challenge with a function of his or her secret key. Is this more secure than having them all use the same secret key?

If Bob, Carol, and Alice shared the same key, then they would be using symmetric encryption that involves only one secret key to cipher and decipher information. It is an old and best-known technique”. A disadvantage of using this method is that everyone involved has got to exchange the key that is used to encrypt the data before it can even be decrypted. The advantages of using symmetric encryption include: “provides authentication, as long as the key stays secret. Data is encrypted very quickly. Symmetry of key allows encryption and decryption with same key”. A disadvantage is if the key becomes lost or stolen, the person who intercepts it can decrypt it immediately that was encrypted using the key. “An imposter using an intercepted key can produce bogus messages by impersonating the legitimate sender”. Other disadvantages include: if the keys change frequently, then the distribution of the keys can become a problem. The number of keys will increase with the number of people that are exchanging secret information. “Symmetric keys are subject to a brute force attack where all keys in the encryption”.

If they were to use their own separate keys, this would asymmetric encryption. This is where two keys, public, and corresponding private key are used. Before the data is even transmitted, the data has to be encrypted with receiver’s public key. The data that is encrypted can only be decrypted with the private key. The private key or secret is mathematically related and “should be kept secret from the world. Only the owner should have access to the private key or any back-up copies of it”. Advantages include: each user has only 1 key pair, only a person’s public key is exchanged, while other members do not need separate keys. Distribution of keys gets resolved because a user’s public key can be shared by anyone. Disadvantages include: “only a few public key algorithms are secure and practical. Only three algorithms are only suitable for key distribution and encryption: RSA, ElGamal, and Rabin”.

If Alice, Carol, and Bob decide to go way of asymmetric encryption, they would require their own keys along with a way to prove their identities. Here the public key is K while the private key is the first initial of their names. To prove their identities they can use digital signatures. “Digital signatures are based on asymmetric cryptography and can provide assurances of evidence to origin, identity, and status of an electronic document, transaction or messages as well as acknowledging informed consent by the signer”.

Asymmetrical is more secure than symmetrical, however it is also slower computationally due to the process it takes to encrypt and decrypt.

Scenario 3

Assume a cryptographic algorithm in which the performance for the good guys (the ones that know the key) grows linearly with the length of the key and for which the only way to break it is a brute-force attack of trying all possible keys. Then, suppose the performance for the good guys is adequate (e.g., it can encrypt and decrypt as fast as the bits can be transmitted over the wire) at a certain size key. Finally, suppose advances in computer technology make computers twice as fast. Given that both parties— the good guys and the bad guys— get faster computers, does this advancement in computer speeds work to the advantage of the good guys? The bad guys? Or does it not make any difference?

With advancements in technology, it is making computers faster and it will only make a difference if the size of the key changes. The good guys will need to expand their key size or else the bad guys will have the advantage. If the key size remains the same then the bad guys will have a better advantage of cracking it with an increase in computer power. However, it is my opinion that it won’t really make much of a difference either way because with computer security, the good guys will always be scrambling to stay one-step ahead of the bad guys.