| (a) |
Explain with the use of an example, the terms encryption
and decryption. |
[4] |
|
Encryption is the
process of encoding a message so that its meaning is not obvious (1 mark). Decryption is
the process of changing an encrypted message to reveal its original meaning (1 mark). Other sensible answers should also
receive credit. In addition, one mark should be awarded for any suitable example
encryption and one mark should be awarded for any example which converts an encrypted
message into its original message.
|
|
| (b) |
Describe how the public key
protocol is used in authenticating communicating entities. |
[4] |
|
One mark
should be awarded for each of the following points:
- The public key protocol uses two types of keys: public
keys and private keys (1 mark).
- A private key is a secret key, which is known only to the
user (1 mark).
- A public key is known by all the receivers of the message
(1 mark).
- The message is encrypted by the sender using the private
key and can be decrypted by the recipient using the public key (1 mark).
|
|
| (c) |
Describe two possible attacks on remote
communications. |
[4] |
|
One mark should be
awarded for each valid point, a further mark should be awarded for each satisfactory
elaboration (up to a maximum of four marks). Examples include the following:
- Disclosure to an unauthorised listener (1 mark). When
messages are passed from sender to a receiver along a communications medium, there is the
possibility of a malicious intruder reading the messages simply by observing and
interpreting the data which is travelling along the medium (1 mark).
- Receipt of a message from a masquerading sender (1 mark).
This involves a sender—possibly claiming to be some authorised
entity—masquerading as a different sender (1 mark).
- Corruption or blocking of sent messages (1 mark). This
involves messages which have been sent being blocked or corrupted by an unauthorised
intruder: ‘good’ messages are corrupted and replaced by ‘bad’ messages
(1 mark).
Other sensible answers should also receive credit.
|
|
| (d) |
Describe two
characteristics which are common to digital and written signatures. |
[4] |
|
One mark
should be awarded for each valid point, a further mark should be awarded for each
satisfactory elaboration (up to a maximum of four marks). Examples include the following:
- They are not reusable (1 mark). The signature is a
function of the document and cannot be transferred to another document (1 mark).
- They are unforgeable (1 mark). Only the sender knows the
private key (1 mark).
- They are authentic (1 mark). The receiver verifies the
message using the sender’s public key (1 mark).
- They cannot be repudiated (1 mark). The receiver does not
require the sender’s help to verify the signature (1 mark).
- They are unalterable (1 mark). If there is any alteration
to the signature, then it can no longer be verified with the sender’s public key (1
mark).
Other sensible answers should also receive credit.
|
|
| (e) |
Explain how digital signatures can be useful
as a means for authentication on communication networks. |
[4] |
|
One mark should be
awarded for each of the following points:
- A separate third party is employed as a means for
authenticating systems that communicate on the network (1 mark).
- Messages can be digitally signed by a system including a
header, a body, and a signature as part of the message (1 mark).
- A signature contains a computed checksum of the message
contents, encrypted with the secret key of the sender (1 mark).
- The receiver can decrypt the checksum using the
sender’s public key (1 mark).
|
|