INFORMATION SECURITY

ASSIGNMENT # 03
/ BSSE-BSAI-BSDS
Faculty of Computer Science & Information Technology
Total Marks: 20

Name: ___________________ Instructions:

Roll No: _________________ 1. No cutting or overwriting is allowed.
2. No extra time will be given.
Date: ___________________

Q# CLO Domain TaxonomyLevel PLO

1-2 Discuss legal, ethical, and professional issues in information Cognitive C2 PLO4
security.

Q-1: A company wants to implement a digital signature system for their document signing
process to increase efficiency and security. As a digital signature expert, you have been asked to
advise the company on the best approach for implementing this system. Design a system where
sender and receiver send and receive message using digital signature and achieve confidentiality.
integrity and authenticity of the message:

(Use any programing language)

To implement the above scenario the following things should be kept in mind:

1- Generate key pairs: The sender and receiver should each generate a public and private
key pair using a secure key generation algorithm, such as RSA or ECDSA.
2- Share public keys: The sender and receiver should exchange their public keys through a
secure channel, such as in-person exchange, secure messaging, or a secure file transfer.
3- Hash the document: The sender creates a hash of the document using a secure hashing
algorithm, such as SHA-256 or SHA-3. This hash represents a unique digital fingerprint
of the document and can be used to verify its integrity.
4- Sign the hash: The sender signs the hash of the document with their private key using a
secure digital signature algorithm, such as RSA or DSA.
5- Verify the signature: The receiver verifies the signature by computing the hash of the
document using the same hashing algorithm used by the sender and then verifying the

Department of Computer Sciences & Information Technology, Superior University, Lahore 1-1
 signature using the sender's public key. If the signature is valid, the receiver can be
assured that the document was sent by the sender and has not been tampered with.
6- Ensure confidentiality: By sending the document through a secure channel, such as a
secure file transfer or email, the document is only accessible to the sender and receiver
and not by anyone else who may intercept the document during transmission.
7- Ensure integrity: By hashing the document and signing the hash with the sender's private
key, the receiver can verify that the document has not been modified during transmission
or by an unauthorized party.
8- Ensure authenticity: By verifying the signature using the sender's public key, the receiver
can be assured that the document was sent by the sender and has not been forged by an
unauthorized party.

Q-2: Answer the following questions.

1- What is a digital signature, and how does it differ from an electronic signature?
2- What are the benefits of using a digital signature system for document signing?
3- How can the company ensure the authenticity and integrity of digitally signed
documents?
4- What are the legal requirements for digital signatures, and how can the company comply
with them?
5- What are the technical requirements for implementing a digital signature system, and
how can the company ensure compatibility with existing systems?
6- What are the best practices for managing and storing digital signatures?
7- How can the company train its employees on using the digital signature system
effectively and securely?
8- How can the company monitor and audit the use of digital signatures to detect and
prevent fraud or misuse?
9- What are the potential risks and challenges associated with implementing a digital
signature system, and how can the company mitigate them?
10- How can the company evaluate the success and effectiveness of the digital signature
system once it is implemented?

☺☺☺☺ Go od Luck ☺☺☺☺

Department of Computer Sciences & Information Technology, Superior University, Lahore 2-1