ELEC8900_14_HW4-Solution_Oct19_2023 (1)

docx

School

University of Windsor *

*We aren’t endorsed by this school

Course

8900

Subject

Electrical Engineering

Date

Dec 6, 2023

Type

docx

Pages

Uploaded by BrigadierRose8433

1 ELEC 8900-14 E -C OMMERCE F ALL 2023 A SSIGNMENT 4 ( DUE S UNDAY O CT 29) Problem 1. Suppose you know that 3 6 ≡ 44 ( mod 137 ) , 3 10 ≡ 2 ( mod 137 ) . Find a value x with 0 ≤x ≤ 136 such that 3 x ≡ 11 ( mod 137 ) . Taking the discrete log base 3: 6 Ind 3 3 ≡ 6 ≡Ind 3 44 ≡Ind 3 4 + Ind 3 11 ( mod 136 ) 20 ≡Ind 3 4 →x = Ind 3 11 ≡ ( 6 − 20 ) mod 136 =− 14 mod 136 = 122 Problem 2. Indicate false (F) or true (T) for each of the following statements. No justification is required, but if you think the statement is ambiguous, state your clarifying assumptions and/or justification . 1. One difference between the fiduciary and scriptural money is that the latter can be refused. (T) 2. If some bits of a “message” or “signature” is altered, the corresponding hash may not change. (F) 3. A symmetric encryption algorithm needs a pair of keys. (F) 4. A “digital certificate” may not prove that the public-private key pair belonged to the claimed individual. (T) 5. A hash function can be used to prevent replay attack. (T) 6. Nonrepudiation means to prove the identity of the entity that tries to access the destination’s resources. (F) 7. In the Key-Hashed Message Authentication Code (HMAC) a shared- key is hashed with SHA and appended to plaintext before transmission. (T) 8. ASN.1 is a programming language. (F) 9. The symmetric DES is a block cipher of 56-bit blocks which used a 64- bit key for encryption/decryption. (F) 10. The congruence x 2 ≡ 1 ( mod p ) has only two solutions if p is prime. (T) ELEC8900-F2023 S. Erfani – ECE Dept. University of Windsor

2 11.To support other MIBs in use in a network, the security MIB should work in a manager/agent relationship. (T) 12. Access control mechanisms can be managed through certificates defined by IETF Recommendation X.509. (F) 13. The elliptic curve cryptography provides strong security with small key sizes. (T) 14.The main idea behind asymmetric-key cryptography is the concept of the trapdoor one-way function. (T) 15.The number of points on the elliptic curve y 2 ≡ x 3 + ax + b ( mod p ) along with the point at infinity is called the order of the curve. (T) 16.ElGamal cryptosystem is based on the discrete factorization problem. (F) 17. In ATM or Debit Card cryptography, the Pin Verification Value is several digits selected from the encrypted data. (T) 18.Verifying a digital signature does not prove that the public-private key pair belonged to the claimed individual. (T) 19. A certificate path is a sequence of certificates from one authority to another. (T) 20. Many e-commerce applications do not require verification of identity, but only verification of authorization. (T) 21.Double spending is easy to stop in online systems because a system maintains record of serial numbers of spent coins. (T) 22.In SET there is no need for the cardholder to authenticate merchants with whom they can securely conduct transactions. (F) 23.In SET, the payment gateway plays the role of a trusted third party, without knowing the details of the transaction. (T 24. − 7 ≡ 18 ( mod 25 ) . (T) 25. Deffie-Hellman scheme is mostly used for signing digital contracts. (F) 26. A digital signature requires hashing and symmetric encryption. (F) 27. AES is a symmetrical encryption algorithm. (T) 28. Many e-commerce applications do not require verification of identity, but only verification of authorization. (T) 29.The primary models for mobile payment are mobile money, mobile wallet, and mobile money transfer. (T) 30. The OCF implements the integration of smart cards with computer systems. (T) Problem 3. Let us assume that Alice wants Bob to sign message M without disclosing the content of M . Describe the involved steps in this method mathematically (using the concept of RSA algorithm and modular arithmetic). ELEC8900-F2023 S. Erfani – ECE Dept. University of Windsor

3 Alice can send a hash of message M, i.e., h(M) to bob for his signing using his RSA private key. Now, Alice can send the concatenated message M||h(M) to any third party encrypted by the recipient’s public key. Problem 4. Choose the correct answer. Justify your choice, if needed. [4.1] The quantity n 11 − n ( mod 11 ) , where n is an arbitrary integer, a. Could be divisible by 11. b. Is not always divisible by 11. c. Is always divisible by 11. d. May or may not be divisible by 11. [4.2] The most important services of a PKI are: a. Providing services to other protocols b. Certificates c. Storage and updates of keys d. Issuing, renewal, and revocation of keys e. Items a, b , and c f. All of the above [4.3] A digital certificate contains a. A locally generated pseudorandom number b. Serial Number and Name of the certificate authority c. Public key of the holder and data on which hash and public-key algorithms have been used d. Items b and c only e. Items a, b and c above [4.4] Alice received a digitally signed message from Bob. What cryptographic key should he use to verify the digital signature? a. Alice’s public key b. Bob’s private key c. Bob’s public key d. Alice’s private key e. None of the above [4.5] What is the meaning of the following collection of cryptographic entities? TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA a. Means the corresponding security system supports many different ciphers. b. This is used in SET environment to provide security. c. This is an example of Handshake protocol. d. This defines a cipher suite for an SSL session. e. Record Protocol in SSL. ELEC8900-F2023 S. Erfani – ECE Dept. University of Windsor

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

4 [4.6] The ASN.1 used to format X.509 certificates is: a. A programming language. b. Used as input to a compiler to use code. c. Used to describe only data structures. d. Items b and c only e. None of the above [4.7] What is the main difference(s) between SET and SSL? a. SSL is not secure against breaking of any one form of encryption. b. SET is a payment protocol. c. SET requires all parties to have certificates. d. SSL is a secure message protocol, not a payment protocol. e. All a, b and c above f. Items b, c and d above [4.8] The 3-D Secure is a protocol used for online transactions that is: a. XML-Based and authenticate the user by requiring a certificate. b. XML-Based and authenticate the user by requiring to answer a challenge in real-time. c. The protocol uses XML messages sent over SSL connections. d. All of the above e. Items b and c [4.9] Some script properties are: a. Make no use of public-key cryptography. b. Represent a prepaid value c. Can be spent only once d. Can provide full anonymity e. All of the above f. Items a , b and c above g. Items b, c , and d above [4.10] The Components of an RFID tag system are tag, antenna, RFID reader, and a computer. The computer does: a. Powers the corresponding tag b. Sends the corresponding data to the tag c. Determines the required action d. Instructs the tag reader for the appropriate action e. Only Items c and d above f. All of the above [4.11] The ATM and debit cards cryptography use a PIN because: a. The PIN cannot be reverse-engineered ELEC8900-F2023 S. Erfani – ECE Dept. University of Windsor

5 b. The PIN can be combine with other data to form a data block c. The PIN cannot be stored in plaintext d. The PIN can be used to generate the PIN verification value (PVV) e. Only Items a, b and c f. Only Items a, c , and d g. All of the above [4.12] An smart card has the following structure: a. The I/O contacts, ROM, and CPU b. The I/O contacts, ROM, CPU, Processors c. The ROM, Processors, RAM, PROM, and EEPROM d. The I/O contacts, ROM, Processors, RAM, PROM [4.13] Which of the following attacks is not an active attack? a. Replay b. Masquerade c. Eavesdropping d. Denial of service [4.14] The 3-D Secure protocol uses ____ messages sent over _____ connections. a. Uses SET messages sent over SSL. b. Uses XML messages sent over SSL. c. Uses its own messages sent over SSL. d. Uses X.509 messages sent over TCP/IP. e. Uses various messages sent over TLS. [4.15] The main electronic purse issue(s) is (are): a. Removing money from the purse b. Getting money into the seller’s purse c. Charging the purse with money d. All of the above e. None of the above [4.16] The main objective of electronic commerce is a. To sale new products b. To improve on security of online shopping c. To expand the market for new services and virtual goods d. To analyze the customer behavior [4.17] The dematerialized money is a form of a. Only digital purse ELEC8900-F2023 S. Erfani – ECE Dept. University of Windsor

6 b. Virtual money, electronic money, digital money, and digital purse c. Electronic money in digital purse d. Only virtual money in a digital purse [4.18] What is the OCF? a. It is a java-oriented integration of integrated-circuit cards with computers. b. It is the open card framework implementation. c. It can handle several simultaneous requests for payment. d. It was introduced by a consortium, which included IBM and Sun Microsystems. [4.19] Typical actors in a certified acquisition transaction are: a. Client, Merchant, Issuer, Acquirer b. Client, Merchant, Acquirer c. Client, Merchant, Issuer, Acquirer, Certificate Authority d. Client, Merchant, Issuer, Acquirer, Certificate Authority, Payment Gateway e. None of the above is correct. [4.20] A SMIB is a data base a. For normal functioning of security management. b. That works in a manager/agent relationship. c. Has extended X.500 information base. d. “a” and “b” above e. “a” and “c” only f. “a” and “b” and “c” above ELEC8900-F2023 S. Erfani – ECE Dept. University of Windsor

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version