April 1999
SC223: COMPUTER SECURITY

QUESTION 5

Total Marks: 20 Marks

 Click here to access other questions

GRADE B
Sample student's solutions are indicated in green.
Return to Question 5

 
(a) Describe the application of digital signatures as a means for authentication. [4]
Digital signatures is useful in direct communication between remote system as well as network envionrmnet that employs a third party as a means of authentication. A document can be signed digitally by a system by including a header, a body and signature as part of the message. The header describe the identity of the sender. The body contains the message to be sent itself. The signature is a computed checksum of the message contents which encrypted using the sender's private key. The receiver can decrypt the checksum by verifying the signature using the sender public key. The receiver then compares the checksum with the compute checksum of the transmitted message. If they matches, the signature is valid.

 
(b) Describe two characteristics which are common to digital and written signatures. [4]
The two characteristics are :
  • Signature is not reusable. Signature is a function and it cannot be transferred to another document.
  • Signed document is unalterable. If there's any alternation to the document, it cannot be verified using the sender's public key.

 
(c) Describe two benefits of using one-way hash functions in signing documents with public key cryptography. [4]
The storage requirements for the signature and document are much smaller. The central databases can just store hases of files and timestamp. With one-way hash function, less chances of 2 documents having the same hash and signature are kept separate from the document. Speed increase drastically.

 
(d) Distinguish between symmetric and asymmetric key protocols. [4]
Symmetric key protocols is also known a private key protocols. It uses one key, i.e the public key. Public key is used to encrypt and decrypt in symmetric key protocols.

E.g [M]EP -> [ [M]EP]DP] -> Message

M = message, EP = encrypt using public key P 
DP = decrypt using public key P

Asymmetric key protocols is also known as key protocols. It uses two encryption keys i.e.public key and private key. Both public key and private key are used for encryption and decryption.

E.g.
M = Message
SA = A's private key
SB = B's private key
PA = A's public key
PB = B's public key

[M]SA : Message encrypted using A's private key
[[M]SA]PB : Message encrypted using B's public key
[[[M]SA]PB]SB]: Message decrypted using B's private key
[[M]SA]PA : Message decrypted using A's public key

 
(e) Explain how authentication and secret transmission using the same algorithm could cause a security problem. [4]
Both verification and encryption uses a similar key i.e. public key. And both signature and decryption uses private key.