0% found this document useful (0 votes)
259 views20 pages

BAIT2023 Introduction To Internet Security: Tutorial 3

This document contains a tutorial on internet security that discusses properties of hash functions for message authentication, the difference between private and secret keys, digital signatures, using public-key encryption to distribute secret keys, and examples of incorporating hash functions and message authentication into encryption processes. The document also contains questions and answers about these topics.

Uploaded by

fhanis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
259 views20 pages

BAIT2023 Introduction To Internet Security: Tutorial 3

This document contains a tutorial on internet security that discusses properties of hash functions for message authentication, the difference between private and secret keys, digital signatures, using public-key encryption to distribute secret keys, and examples of incorporating hash functions and message authentication into encryption processes. The document also contains questions and answers about these topics.

Uploaded by

fhanis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 20

BAIT2023 Introduction

to Internet Security
Tutorial 3
1. What properties must a hash function have to be useful for
message authentication?

1. Given M, easy to compute h=H(M)


2. Given h, hard to compute M such that h=H(M)
→ "one-way", or "pre-image resistant"
3. Given M, hard to find M' (different from M) such that H(M)=H(M')
→ "second-pre image resistant"
4. (Not always satisfied) Hard to find M,M' such that H(M)=H(M')
→ "collision resistant“
2. What is the difference between a private key & a secret
key?

• The key used in symmetric encryption is typically referred to


as a secret key.
• The 2 keys used for public-key encryption are referred to as
the public key and private key.
3. Explain what you understand with digital signature.

• Digital signature is an authentication mechanism that


enables the creator of a message to attach a code that acts
as a signature. The signature is formed by taking the hash of
the message and encrypting the message with the creator’s
private key. The signature guarantees the source and
integrity of the message.
4. How can public-key encryption be used to distribute a
secret key?

• Several different approaches are possible, involving the


private key(s) of one or both parties. One approach is Diffie-
Hellman key exchange. Another approach is for the sender to
encrypt a secret key with the recipient’s public key.
5. Jeremy is a business manager and he is running an e-
commerce website. He has very little knowledge in Internet
security. Recently, his e-commerce website was hacked and data
being transmitted from clients were corrupted. The website was
unable to prove the data was genuine or fake.
i. As an IT security consultant, you know that there are three types of one-way hash functions that can be
used with other encryption methods and able to determine whether the date received from the clients were
genuine. List THREE (3) types of one-way hash functions with its combination of other encryption methods.

• One-way hash function with Symmetric encryption


• One-way hash functions with Public key encryption
• One-way hash functions with Secret value
ii. Provide ONE (1) difference for each of the three types of one-
way hash functions

• One-way hash function with Symmetric encryption


• Using Hash functions and encrypt/decrypt with secret key.

• One-way hash functions with Public key encryption


• Using Hash Functions and encrypt with private key & decrypt
with public key.

• One-way hash functions with Secret value


• Using Hash Functions and secret value. No key involved.
iii. Among these three types of one-way hash functions, which is the most suitable to be
recommended for Jeremy’s e-commerce website? State ONE (1) reason and illustrate with a
diagram on how the hash function can be embedded in the message from a sender to a receiver.

• Recommendation: One-way hash with Public Key encryption.

• Reason: Using 2 keys rather than 1 key (symmetric) or 1


secret value, which incomparable with the security factor
that provided by Public key encryption.
6. State ONE (1) purpose of secure hash functions and provide TWO
(2) examples of how the secure hash functions are being applied.

Purposes:
• Intended to provide proof of data integrity, by providing a
verifiable fingerprint of the data.

Example:
• Unix password: Hash user password and store into database.
• Integrity of downloaded file: Use hash value to determine
the integrity of downloaded file.
7. Figure 1 below shows the process of a message transmitting from
a sender to a receiver by using the security of Message Authentication.
i. Name the component A, B, K as stated in Figure 1

A: MAC (Message Authentication Code) algorithm


B: MAC (Message Authentication Code)
K: Secret key
ii. Component C is a process. Name the process and briefly
explain the purpose of this component in Figure 1.

C: Comparing process
Receiver will compare both original MAC (Message
Authentication Code) with the MAC (Message Authentication
Code) embedded in the message. If both MAC are same, the
message is valid and not edited by intruders, whereas if the
MAC is not same, the message is invalid and edited by
intruders.
iii. With the aid of Figure 1, briefly describe the steps of the Message
Authentication process from the sender to the receiver.

• Step 1: Sender shares the secret key with the receiver in


advanced before the message transmit via Internet.
• Step 2: Sender use MAC algorithm & secret key to generate
MAC.
• Step 3: The MAC will embedded into the message.
• Step 4: Send the message via Internet.
• Step 5: Receiver received the message.
• Step 6: Receiver use the shared secret key and MAC algorithm
to generate MAC.
• Step 7: Receiver will compare the generated MAC with the
embedded MAC in the message.
8. Figure 1 below shows a process of encryption that Bob used to send a
message to Alice. The encryption process is using Public-key cryptography.
i. State who is the owner for Key 1 and the owner for Key 2.

Key 1’s owner: Bob


Key 2’s owner: Alice
ii. What type of key that is used in Key 1 and Key 2?

Key 1’s type: Public key


Key 2’s type: Private key
iii. By referring to X, state ONE (1) suitable example of encryption algorithm that can be
used in the encryption of public-key cryptography.

• X: RSA algorithm
iv. Briefly describe FIVE (5) examples that use public-key cryptography in the Internet
environment.

• Examples:
• Digital Cheque
• Contract document
• Credit card payment
• Any confidential email or document. (e.g Government
• documents/Court documents/ Police investigation
documents,etc)
• Digital signature

You might also like