Cryptography (Please See Attached Rubric)
Review the following questions from Network security: Private communication in a public world and provide your responses in a Word document. In answering each prompt, be sure to defend your answers and explain how you have arrived at your solution.
Random J. Protocol-Designer has been told to design a scheme to prevent messages from being modified by an intruder. Random J. decides to append to each message a hash of that message. Why does this not solve the problem?
Hint: We know of a protocol that uses this technique in an attempt to gain security.
- Suppose Alice, Bob, and Carol want to use secret key technology to authenticate each other. If they all used the same secret key, K, then Bob could impersonate Carol to Alice (actually any of the three could impersonate the other to the third). Suppose instead that each had their own secret key; so Alice uses KA, Bob uses KB, and Carol uses KC. This means that each one, to prove his or her identity, responds to a challenge with a function of his or her secret key. Is this more secure than having them all use the same secret key?
Hint: What does Alice need to know in order to verify Carol’s answer to Alice’s challenge?
- Assume a cryptographic algorithm in which the performance for the good guys (the ones that know the key) grows linearly with the length of the key and for which the only way to break it is a brute-force attack of trying all possible keys. Then, suppose the performance for the good guys is adequate (e.g., it can encrypt and decrypt as fast as the bits can be transmitted over the wire) at a certain size key. Finally, suppose advances in computer technology make computers twice as fast. Given that both parties— the good guys and the bad guys— get faster computers, does this advancement in computer speeds work to the advantage of the good guys? The bad guys? Or does it not make any difference?
Kaufman, C., Perlman, R., & Speciner, M. (2011). Network security: Private communication in a public world. Upper Saddle River, NJ: Prentice Hall PTR. (note: this textbook is a reference for the assignment and not a required resource for learners)
In each of your responses to the above scenarios, please ensure that you provide a brief explanation of why you chose to take your mentioned actions.
For the Module One assignment, students will review a series of prompts with related questions. Once the prompt has been reviewed, students will critically
analyze each situation from the perspective of an IT professional. This allows students to begin to get into the mindset that is needed to critically analyze a set of
problems within a network and devise solutions. This skill is critical through each stage of designing an information assurance plan.
Prompt: Review the following questions and provide your responses in a Word document. In answering each prompt, be sure to defend your answers and explain
how you have come to your solution.
1. Random J. Protocol-Designer has been told to design a scheme to prevent messages from being modified by an intruder. Random J. decides to append to
each message a hash of that message. Why does this not solve the problem?
Hint: We know of a protocol that uses this technique in an attempt to gain security.
2. Suppose Alice, Bob, and Carol want to use secret key technology to authenticate each other. If they all used the same secret key, K, then Bob could
impersonate Carol to Alice (actually any of the three could impersonate the other to the third). Suppose instead that each had their own secret key; so
Alice uses KA, Bob uses KB, and Carol uses KC. This means that each one, to prove his or her identity, responds to a challenge with a function of his or her
secret key. Is this more secure than having them all use the same secret key?
Hint: What does Alice need to know in order to verify Carol’s answer to Alice’s challenge?
3. Assume a cryptographic algorithm in which the performance for the good guys (the ones that know the key) grows linearly with the length of the key and
for which the only way to break it is a brute-force attack of trying all possible keys. Then, suppose the performance for the good guys is adequate (e.g., it
can encrypt and decrypt as fast as the bits can be transmitted over the wire) at a certain size key. Finally, suppose advances in computer technology make
computers twice as fast. Given that both partiesthe good guys and the bad guysget faster computers, does this advancement in computer speeds
work to the advantage of the good guys? The bad guys? Or does it not make any difference?
Rubric
Guidelines for Submission: Your responses for each prompt must be submitted as two to three paragraphs and as a Microsoft Word document with double
spacing, 12-point Times New Roman font, one-inch margins, and at least three sources cited in APA format.
Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value
Solution Meets “Proficient” criteria and
explanation uses content based
vocabulary and research based
evidence to support the answer
Submission includes a solution
and explains why appending
each message as a hash of the
message does not work to solve
the issue of blocking intruders
Submission includes a solution
but does not explain why
appending each message as a
hash of the message does not
work to solve the issue of
blocking intruders
Submission neither includes a
solution nor explains why
appending each message as a
hash of the message does not
work to solve the issue of
blocking intruders
30
Authenticating
Users
Meets “Proficient” criteria and
the best practice suggested for
the most secure procedure is
substantiated with research
based evidence
Submission explains the best
practice to authenticate users
and to prevent intruders; in
other words, submission
suggests the most secure
procedure: having each user
use the same key or having
individual keys for each user
Submission suggests the most
secure procedure: having each
user use the same key or having
individual keys for each user;
however, submission does not
include an explanation for the
decision
Submission does not explain
the best practice to
authenticate users and to
prevent intruders
30
Rapid Expansions in
Technology
Meets “Proficient” criteria and
the explanation is supported by
research based evidence
Submission explains whether
rapid expansions in technology
are beneficial or detrimental to
information technology
professionals
Insufficiently explains whether
rapid expansions in technology
are beneficial or detrimental to
information technology
professionals
Submission does not explain
whether rapid expansions in
technology are beneficial nor
does it explain whether
expansions are detrimental to
information technology
professionals
30
Articulation of
Response
Submission is free of errors
related to citations, grammar,
spelling, syntax, and
organization and is presented in
a professional and easy-to-read
format
Submission has no major errors
related to citations, grammar,
spelling, syntax, or organization
Submission has major errors
related to citations, grammar,
spelling, syntax, or organization
that negatively impact
readability and articulation of
main ideas
Submission has critical errors
related to citations, grammar,
spelling, syntax, or organization
that prevent understanding of
ideas
10
Earned Total 100%
- IT 549 Scenario Assignment Module One Guidelines and Rubric
Rubric