Univerisity of Texas at Dallas

MIS 6330: Cybersecurity Fundamentals

Prof. A. Lahiri

Individual Homework 2

1. In this problem, we will compare digital signatures (DS), which are essentially
message authentication codes generated by using private key, with message
authentication codes (MAC) generated through symmetric encryption.
We will assume that Oscar is able to observe all messages sent from Alice to
Bob and vice versa. Oscar has no knowledge of any of the keys except for Alice’s
public key, which is known to everyone. Both Alice and Bob know the key used in
symmetric encryption. And, only Alice knows Alice’s private key.
Explain, for each part, whether (i) DS and (ii) MAC are effective. The value
auth(x) refers to the authentication code computed with either (i) or (ii).

a) Alice sends a message x = “Transfer $1000 to Mark” and also sends auth(x) to
Bob. Oscar intercepts the message and replaces “Mark” with “Oscar.” Will
Bob detect this? Answer for (i) and (ii) separately.

b) Oscar claims that he sent a message x with a valid auth(x) to Bob but Alice
claims the same. Can Bob clear the question? Answer for (i) and (ii) separately.

2. With respect to secure hash functions, what is the difference between strong
collision-resistance and weak collision-resistance? Which of these two
properties is essential for a digital signature to function as intended?

3. What are the two properties that random numbers are required to satisfy? How
would you test whether the keystream genegerated by a PRNG indeed satisfies
those properties?

4. Dr. Lahiri suggests the following way to Bob to confirm that Alice indeed shares
the same secret key (with Bob). Bob will “XOR” a message with his key and send
to Alice. Alice will “XOR” Bob’s message with her key and send back. Then, by
comparing the outgoing and incoming messages, Bob will be able to confirm that
they indeed share the same key. Should Bob follow Dr. Lahiri’s advice? Assume
that hackers can passively eavesdrop both transmissions but not modify any
transmission. (Hint: Take a one-byte message and a one byte-key, and try yourself.)
MIS 6330 2
5. Visit www.amazon.com and click on the padlock icon on your Chrome browser’s
address bar (right next to the URL) to view Amazon’s certificate. Can you find
Amazon’s public key there? How long is the key? Copy/paste the key in your
write-up.

6. Consider Amazon’s digital certificate. It contains a signature created through RSA

encryption. What key is used in the encryption step? Choose the best answer and
explain your choice.
a. Public key of Amazon
b. Private key of Amazon
c. Private key of the CA
d. Public key of the CA

7. What is a digital envelope and why is it useful?

8. If your Windows computer is already password-protected (that is, you use a

password to log on), would there be any additional benefit to protecting your
hard drive using an encryption tool such as BitLocker? Explain your answer.