August
1999 QUESTION 3 Total Marks: 20 Marks |
Click here to access other
questions
SUGGESTED SOLUTIONS |
| (a) | Identify and explain any three characteristics of digital signatures. | [6] |
|
||
| (b) | (i) Explain the different options available
for multiple users to sign same digital document. (ii) Identify the disadvantages associated with these options. |
[2] [2] |
| (i) Option one: both users sign separate copies of the same document; option two: user A would sign the document and then user B would sign the user A signature.
|
||
| (ii) The disadvantage of the former is that the resultant message would be twice the size of the original document; the disadvantage of the latter is that it is impossible to verify user A's signature without verifying user B's signature.
|
||
| (c) | Under what circumstance is the encryption process considered to be equivalent to the signature verification process? Why is this? Does it cause any possible attack? Explain. | [6] |
| When both
encrytosystem and digital signature use same algorithm. Both encryption/decryption and
signature/verification are inverse in operation.Encryption and verification operations are
similar and make use public key, i.e., Vx = Ex. Decryption and signature operations are
similar and make use of secret key, i.e., Sx = Dx. This does cause a problem as third
party can get access to message by using public keys of first and second party, and his
own secret key.
|
||
| (d) | Discuss the reasons for limited scope of internal auditing in computer security. | [4] |
| Few auditors have deep
technical knowledge about computing, while only a few computer personnel have any deep
audit exposure. This results in auditors being actively discouraged from auditing complex
computer systems. Hence the contribution that internal audit function can make to computer
security is diminished.
|