To prevent approach of “Known-algorithm, unknown key” for use of symmetricencryption, there need a sufficient strong algorithm of encryption so that ciphertextsor key unable to discover by decipher the ciphertext even an adversary has a completeknowledge. Usually, the requirement should be state in strong from: theciphertext should not be decrypt or the key discover by opponent if a number ofciphertexts to process together with plaintext in each ciphertexts. 2.
This feature of symmetric encryption is what makes it good in business so that manufacturercan much easier to produce and develop low-cost chip implementations of dataencryption algorithms. However, maintaining the secrecy of the key is the mainsecurity problem that need to be concern due to these chips are widelyavailable into a quantity of product.1.The sender and receiver should keep the secret key as confidential to ensureprotection with effective as well as assumed the algorithm is to be known. Thesecurity need to keep only the key secret not algorithm secret. That means is,a message decrypt on the basic of ciphertext plus knowledge of encrypt ordecrypt algorithm. Question2 (b) This mechanism to assure properties of a data exchangefor the receiver involve a use of trusted third party to store the request ofsender and prevent the denying such a request later from sender. 8.
Notarization Routing controlallows between sender and the receiver to selection and continuously changingdifferent available routes when breach of security is suspected.7.Routing control Traffic padding mechanisms provide various levels ofprotection to frustrate traffic analysis attempts by insertion of bits intogaps in a data stream. 6.
Traffic paddingThis mechanism intended that means of informationexchange to ensure the identity of an entity. Use of authentication informationis one of the technique which applied to authentication exchange such as thereceiving entity checked the password provide by a sending entity.5. Authentication exchange Thismechanism is using to assure the integrity of message.
the aspects of dataintegrity divide to two, there are the integrity of a single data unit or fieldand the integrity of a stream of data units or field. For the integrity of asingle data unit involves two processes, one at sending entity and one at thereceiving entity. The manipulation detection may lead to recover action athigher layer due to mechanism alone unable protect against the replay of singledata unit.4.
Data integrity Thesemechanisms may determine and enforce the access right of the entity via usingthe authenticated identity of or capabilities of an entity. The access controlfunction will reject the entity attempts when use a resource of unauthorised orresource of authorised with improper access. In additional, the incident reportwill be generating an alarm for the purpose of recording as a part of asecurity audit trail. 3. Access control Thismechanism allows a recipient to verify the message as well as the integrity ofdata by apply hash function and encryption algorithms for purpose to againstforgery. The public key cryptography is a term of digital signature implement togetherfor verification.2.
Digital signature Convertingor subsequent recovery of the data into a not readable form are implement bymathematical algorithms depend on an algorithm and zero or more key ofencryption. The encipherment algorithms can be implement in either reversibleor irreversible. The reversible encipherment define in two generalclassification which is symmetric (secret key) and asymmetric (public key).1. EnciphermentAsecurity mechanism is a process that provide specific techniques defined inX.
800 to counter security attack by detect, prevent or recover. The functionsrequired not only support by single mechanism. However, the mechanisms may beimplement into the appropriate protocol layer to provide some of OSI securityservice. These specific security mechanisms include: encipherment, digitalsignatures, access controls, data integrity, authentication exchange, trafficpadding, routing control and notarization. Question2 (a) However,the wide variety of potential physical, software and network vulnerabilities,the active attack become quite difficult to prevent. The goal is to detectactive attack and to recover faster from any disruption instead of prevention. Installantivirus and update firewall for computer regularly to protect against theattack from attacker. The server configuration can help the networkadministrator to block out unauthenticated users by harden the firewallpolicies.
Theattacker attempt to disrupt or overload the network to prevent legitimate usersfrom accessing the service. It may generate heavy traffic of false interactionwhen the attacker sends excessive message asking the network to authenticaterequests that have invalid return address. 4. Denial of service Theimportant data able to protect by create a message authentication code combineswith hash function and secret key.
The attacker cannot modify data withoutchanging hash. Theattacker will attempt some portion of message from sender and altered it. Themessage will be re-ordered the message to suit his needs and re-send toreceiver.3. Modification of message Thereplay attack can prevent by time-checking. The server only accepts request ifthey are close enough to current via compare timestamps of requests withcurrent time. Anattacker captures the authenticated information (such as: sharing key) by spiesthe conversation between sender and receiver. After that, the attacker givesthe sharing key to proof of his identity and authenticity by contact thereceiver.
2. Replay Themasquerade can be prevented through create a message authentication to assuredoriginal message is from the alleged sender to receiver. Amasquerade may be attempted when one entity pretends to be a particular user ofa system to gain access to personal computer information. if an authorizationprocess is not fully protected, the masquerade attack can carry outtransactions/ interaction through perpetrated using stolen user ID and password,spot the gaps in program or bypassing the authentication mechanism.
1. MasqueradeActiveattacks are any attempt to modify of the data stream, create a false stream anddestroy system. There can be subdivided into four types of active attacks. Question1 (c) 3.On the other hand, Alice will need to use an authentication mechanism torequest information from potential buyer and verifies that information with theauthentication server and relays a response to the potential buyer to give thenaccess to check that authentic message.
2.In fact, Alice will do not mind others to know the information of laptop. In opposite,she more delighted if getting more people to know that to sold it faster. 1.Alice wants to broadcast a message concerning to sell she’s laptop in websiteand she must broadcast in plaintext with an authenticity tag. Since there haveonly one destination to check for authenticity which more cheap and reliable. Thescenario description:Themessage confidentiality is not provided and can be read at the destination ifthe message authentication that do not rely on encryption. Appended anauthentication tag to each message for transmission is one of approaches to messageauthentication without encryption.
However,some scenario is preferred with message authentication without confidentiality.We discuss one of scenario at below.Question1 (b) Degree of importance: Moderate.In Singapore, bankprovides automated teller machine (ATM) to customer to withdraw money inwherever of island wide and whenever they want.
Therefore, the system must beable to be available 99.9% of the time to provide easy access so that customerable to withdraw money from ATM with he/she ATM card and individual PIN. Otherwisethe unavailability of this service will cause embarrassment to the customer. 3.Availability Degree of importance: High.Thecustomer’s integrity of account record and of individual transaction mustprotect to ensure the record and transaction without altered by unauthorizedpersons in a way that is not detectable by authorized persons. The unauthorizedperson can alter data or amount of bank transaction over the internet,Therefore, customer account must be associated with the card if transactionperformed via the automated teller machine (ATM). 2.
Integrity Degree of importance: High.The customer toaccess their account using the automated teller machine (ATM) by insert ATMcard and enter personal identification number (PIN). Therefore, the personalidentification number (PIN) must be encrypted and treat it strictly as confidentialto prevent risk of compromise of account during transaction. Furthermore, Bank shouldencrypt the communication channel between ATM host system and bank server toprotect information of confidential. 1.