Part 1: In each of the following scenarios, tell whether there is a violation of confidentiality, integrity, or availability, or some combination of the three. In addition, for each item, write a two- or three-sentence paragraph explaining why your answer is correct.
Alex disables Barbara's router by logging in remotely with the manufacturer's default password.
Mallory builds a WiFi jammer using plans she found on the Internet and jams wireless signals over a large part of her apartment building.
Charlene uses a key logger to capture Darla's banking password.
Eve rewrites the magetic stripe on a gift card to change the amount from $10 to $100.
(Adapted from an exercise in Bishop, Matt, Introduction to Computer Security.)
Part 2: Distinguish among vulnerability, exploit, threat, risk, and control mechanism (called "countermeasure" in chapter one of the text) in five brief paragraphs. If you do any research outside the textbook, which you are encouraged to do, be sure to cite your sources. You can see how to do that in An Example of Proper Writing in the "Required Reading" section.
Part 3: Using the tool, compute the SHA-256 checksum of the MS-Word file that is your work on this assignment so far, or some similar file if you don't have that one available.
Copy the calculated cryptographic hash into Windows Notepad or word processing document to save it temporarily. Now change one character from a capital to a lowercase letter or vice-versa in the original document, re-save, and recompute the the cryptographic hash. Paste the old and new cryptographic hashes into your homework document. Be sure to identify which one is before and which is after.
Using the information from the textbook, explain at least two uses for a cryptographic hash, and explain how the experiment you just performed confirms those uses.
Do some research and explain in a paragraph or so what a "hash collision" is. Be sure to cite your research.
Part 4: Explain in a couple of paragraphs how public key encryption can be used to implement a digital signature. Be sure you are very clear on when a private key is used and when a public key is used.
Part 5: Generally, a digital signature involves encrypting a cryptographic hash, or digest, generated from the message. Explain why we do we not encrypt the message itself. You can answer this question in one sentence.
Part 6: For each of the following scenarios below, tell what type of encryption is most appropriate and in a sentence or two explain the reasoning for your choice.
Alice wants to send a confidential message to Bill, whom she has never met and who lives in a distant country.
Charlie wants to be sure that no one but he can see the financial and medical records he has stored on his computer.
David needs a way to check that large computer files stored on corporate servers have not been modified.
Eddard uses a "cloud" backup service; he wants to be sure the operators of the service cannot read his files.
Frank needs to send a message to George. The message need not be confidential, but George must be assured that it actually came from Frank.