Provide answers to the following exercises from the Goodrich and Tamassia textbook.
1) Question C-1.3 (p. 48)
Suppose an Internet service provider (ISP) has a voice over IP (VOIP) telephone system that is manages and sells. Suppose further that this ISP is deliberately dropping 25% of the packets used in its competitors VOIP system when those packets are going through this ISP’s routers. Describe how a user could discover that his ISP is doing this.
2) Question C-1.12 (p. 50)
Barrack often sends funny jokes to Hillary. He does not care about confidentiality of these messages but wants to get credit for the jokes and prevent Bill from claiming authorship of or modifying them. How can this be achieved using public key cryptography?
3)
…show more content…
6) Question C-2.11 (p.109)
A bank wants to store the account number of its customer (an 8 digit number) in encrypted form on magnetic stripe ATM cards. Discuss the security of the following methods for storing the account number against an attacker who can read the magnetic stripe: (1) store a cryptographic hash of the account number; (2) store the cipher text of the account number encrypted with the bank’s public key using a public key cryptosystem; (3) store the cipher text of the account number encrypted with the bank’s secret key using a symmetric cryptosystem.
7) Question C-3.3 (p.168)
Charlie likes Alice’s picture-password system of the previous exercise, but he has changed the login so that it just shows the user 40 different pictures in random order and they have to indicate which of 20 of these are from their set of favourites. Is this an improvement over Alice’s system? Why or why not?
8) Question C-3.7 (p.168)
Dr. Blahblah has implemented a system with an 8-bit random canary that is used to detect and prevent stacke-based buffer overflow attacks. Describe an effective attack against Dr. Blahblah’s system and analyse its likelihood of success.
Hints
1) Question C-1.3 (p. 48) - What if the user bought both VoIP solutions?
2) Question C-1.12 (p. 50) - What is a digital way to tie one's identity with the content of a message?
3) Question C-1.15 (p. 51) - Think of what could be stored in constant space and what
To address the problem, we need to compare and contrast the modern form of the postal service: electronic mail (e-mail). Although email is favorable because it makes communication remarkably fast and you can send things for “free”, in many ways the good old letter is better. We want to identify when and how the letter is better. Even though it is free to send an email, you still need access to internet and a computer, both in which cost hundreds of dollars, opposed to a letter where you can have everything you need to send a letter under a dollar. A letter is also hard evidence, it’s harder to forge than an email, since handwriting is unique, and typing is not. Computers can have many internal errors; the computer can crash, information can be lost or leaked to someone.
One form of hardware support that guarantees that a buffer overflow attack does not take place is to prevent the execution of code that is located in the stack segment of a process’s address space.
Setting up a new computer can be a very intimidating task. There are several steps to ensure that your computer has the necessary setup for the best protection. Some of which include, the operating system settings that are built-into the computer, properly setup of firewall, security settings on the web browser configured correctly, and strong anti-virus software installed to protect the computer. After the computer is setup with a reasonable standard of security, a strong policy for passwords should be implemented to ensure account security along with ensuring the sites you utilize are in fact secure and who they say they are.
You will learn to recognize security events and baseline anomalies that might indicate suspicious activity.
Computer security is the security applied to the computers and their networks including the internet. Physical security and information security are the two types of computer securities which prevent theft of equipment and data. (Man, 2015).
An effective information security program should include, periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the organization. Policies and procedures should be based on risk assessments, cost effective reduced information security risk, and it should ensure that the information security is addressed throughout the entire life cycle of each and every organizational information system. Subordinate plans for providing sufficient information security for groups of the information system, facilities, networks, or information systems.
Card bank account information is stored in a number of formats. Account numbers – formally the Primary Account Number (PAN) – are often stamped or imprinted on the card, and a magnetic streak on the back contains the data in machine readable format. Fields can vary, but the most common include:
For sending information over any computer or digital communications device, the initial step would be for the sender to generate their message. After generating the message, the sender should assign a hash value to it, this is a code of the message. The sender would want to protect his hash to prevent it being stolen or altered, therefore the sender would use a hashing algorithm to encrypt the message using their private key. The hash would then be attached to a message or whatever medium is being used to communicate. The sender would use their digital signature to sign the message, which would fulfill the non-repudiation requirement. The message would then be encrypted using the public key of the recipient. At this point the message is ready to be sent to the
Electronic mail is a phenomenon that has begun to pervade all aspects of our lives today. We use e-mail in our personal lives, at our schools, at our jobs, and everywhere in between. However, very few of us consider the fact that even though our e-mail is composed by the sender, and is intended to be read only by the recipient, it actually passes through many hands in between. Transmitted e-mail will often travel through up to 5 or 6 different servers on
The Target Retail Store goal is to make life better for their customers. Target wants to improve the “guest” retail experience. Their intent is to improve customer shopping, and make it more convenient. Target Corporation emphasizes critical thinking and exploration to improve customer experience; and creating a shopping environment to meet the needs o customers. Target wants to become the preferred shopping destination for all customer needs. To achieve this, they have to deliver value, continuous innovation, and an exceptional guest experience by consistently fulfilling their “expect more, pay less” promise.
Don’t leave sensitive information lying around unprotected, including on printers, fax machines, copiers, or in storage.
Cryptography has not been used solely for diplomacy and warfare. It has also played a major role in the economy. The banking and finance industry has been the leader in promoting the use of cryptography for protecting assets transferred via messages sent through large networks of computers and terminals. (2)
There are a lot of features on a computer system that people never stopped to look for. Many of the features could mean the destruction of your computer or be important to the upkeep of your computer. Also, some of these features could help in an investigation when a computer has to be taken in for evidence.
Answer: Information Security is the practice of defending (guiding) information by considering the CIA Triad Principles which are Confidentiality (Authorize access), Integrity (Accuracy and Completeness) and Availability.
We live in an era where telecommunications services hold a central role in every sphere of our lives (Came, 1984). Marketers argue with compact confidences that these emerging technologies have the ability to develop our lives and improve it in many ways (Risto, 2002). Moreover, it has facilitated the instantaneous cost reduction and quality improvement by offering different services by the companies (Douligeris and Pereira, 1984).