CO4510 Advanced Topics in IT Security

Alice want to send Bob a message “secretpassword” online and they want to achieve confidentiality, integrity and authenticity of the message.

i. Provide the definition of the confidentiality property and a cryptographic method to achieve

ii. Provide the definition of the integrity property and a cryptographic method to achieve that.

iii. Provide the definition of the authenticity property and a cryptographic method to achieve that.

(For the above 3 questions use the message format Func(Msg, Key) or Func(Msg) to explain, where any name of a crypto function can be in place of Func, any message in place of Msg, any key in place of Key).

b. Draw a diagram about the concepts of symmetric key encryption/decryption.

c. Draw a diagram about the concepts of asymmetric key encryption/decryption.

d. Draw a diagram about the concepts of the hash function and explain it.

e. Draw a diagram about the concepts of the digital signature and explain it.

2. A smart watch sends information about the health information of the owner to a smart phone to analyse.

a. Explain the main differences (at least two) between passive attacks and active attacks in general.

b. Provide one example for passive attack and one example for passive attack in this smart watch scenario.

c. How can a reflection attack happen against an authentication protocol between the smart watch and the smart phone?

d. How to protect against a reflection attack in this smart watch scenario?

e. Explain the replay attack against this smart watch scenario and provide a method to protect against it?

3. SocialEXAM is a social networking website that has users from the EU. After registering and signing in the users can add friends, posting and sharing messages, photos and videos with each other. During the registering phase, the users have to provide personal information such as name, email address, birthday and place of birth, phone number, etc.

a. SocialEXAM aims at implementing end-to-end accountability requirements.

i. Name the phases of end-to-end accountability based on the entire data lifecycle in general. Describe in one sentence the purpose of each accountability phase.

ii. How can each phase be applied to the case of SocialEXAM? You should provide and critically discuss at least three aspects for each phase of accountability.

iii. Provide at least two data protection regulations/laws or documents that SocialEXAM should follow.