LECTURE NOTE 5

Question 1

the principle of digital signatures

Answer 1

1. verifying the sender’s identity (authentication)
2. ensuring the message’s integrity (integrity)
3. preventing the sender from denying their involvement (non-repudiation)
   These principles collectively contribute to secure and trustworthy
   communication in digital transactions and exchanges

Question 2

any action that compromises the security of information

Answer 2

security attack

Question 3

mechanism that is designed to detect, prevent, or recover from a security attack. might operate by itself, or with others

Answer 3

security mechanisms

Question 4

example of security mechanisms

Answer 4

Cryptography,
Message digests and digital signatures,
Digital certificates,
Public Key Infrastructure (PKI

Question 5

Refer to the different services available for maintaining the security and
safety of an organization

Answer 5

secuirty services

Question 6

name the four core security services

Answer 6

confidentiality
message/data integrity
message/data authentication
non-repudiation

Question 7

confidentiality is provided by using primarily _____________ and less frequently ______________________

Answer 7

1. symmetric siphers
2. aymmetric encryption

Question 8

integrity and message authentication are provided by ————— and _______________

Answer 8

1.digital signatures
2. message authentication codes

Question 9

Non-repudiation can be achieved with __________________

Answer 9

digital signatures

Question 10

what is identification/Peer entity authentication

Answer 10

it is a security service that establishes and verifies the identity of an entity, such as a person or a computer. asks the question “who are you”

Question 11

what is access control/authorization

Answer 11

it is a security service that restricts access to resources to privileged entities. it decides “who can do what”

Question 12

what is auditing

Answer 12

it ia security service that provdes evidence of security-relevant activities and keeps logs of certain events. it provides a proof of “ who did what”

Question 13

what is availability

Answer 13

it is a security service that ensures that the system is accessible and usable on demand by auhtrozed users according to atented goal.

Question 14

what is physical security

Answer 14

a security service that provides protection against physical tampering and responds to physical tampering attempts.

Question 15

what is anonymity/privacy

Answer 15

it is a security service that provides protection against the discovery and misuse of identity. it also addresses the questions of “ what happens whne we do not want to be identified”

Question 16

what is the goal of digital signatures

Answer 16

they function like a signature like function for the electronic world. so mimic conventional (paper) signature

Question 17

a technique that binds a person/entity to
the digital data.This binding can be independently verified by receiver as well as any third
party

Answer 17

digitial signatures

Question 18

cryptographic tools serve as the electronic equivalent
of handwritten signatures and provide the same level of authentication,
integrity, and non-repudiation in electronic transactions and
communications.
6 / 34

Answer 18

digital signatures

Question 19

what are the differences between conventional signatures and digital signatures; name the four

Answer 19

inclusion
verification method
relationship
duplicity

Question 20

explain the difference between conventional and digital signatures —> inclusion

Answer 20

a conventional signature –> on a document or message
digitals signature –> attached or added as digital code. embedded in the document or message; not apart of document

Question 21

explain the difference between conventional and digital signatures —> verfication emthod

Answer 21

conventional signature –> comparing signature to known sample
digital signatures —> verified by mathematical algortihms that chekc the signature agaisnt the orginal document

Question 22

explain the difference between conventional and digital signatures –> relationship

Answer 22

convetional signature –> one to many relationship; so all documents would ahve same signautre if signed by same entity
digital signatures –> one to one; modify one bit, we will have idfferent signature for the message

Question 23

explain the difference between conventional and digital signatures –> duplicity

Answer 23

convetional signatures –> easily dulciated or forged
digital sginatues —> hard to forge or tamer due to complex encrytpion technolgy

Question 24

what is the aim of a signature

Answer 24

it is to prove to anyone that a message originated at (or is approved by) a particular user

Question 25

symmetric key cryptogrphy

Answer 25

two suers can share a secret key k. the reciver fo the message between the two users can verfy the message came from othe ruser. but user c -- unkown cannot prpve message came from sending user, it could be from reciving user

Question 26

only one user has the private key

Answer 26

Public key cryptography can provide signature

Question 27

digitial signature process

Answer 27

1. the sender uses a signed algorithm to sign the message 2. the message and signature are sent to the reciver 3. the receiver receives the message and the signautre and applies the verfying algorithm to the combination 4. if result is true --- accepted; others rejected message

Question 28

A digital signature can directly provide message authentication, message integrity, and nonrepudiation but for ________________________ we still need encrytion/decryption

Answer 28

message confidentiality

Question 29

how is message authntication provded by digital signature

Answer 29

the verfifier has the corresponding public key fo the sender, which assures that the signature has been creater by the sener who has the correspondin secrret private key

Question 30

how is message integrity provided by digital signature

Answer 30

a digitial signature will change is any modfications ahve been made, there the verification process will flag it a false and reject it

Question 31

how is non repudiation provded by digital signature

Answer 31

the digital signature acts like a" signature" to authenticate. assumes only the singer has the knwolege of signaure key

Question 32

what can a digital singature not provuide

Answer 32

confidentiality

Question 33

name 5 digital signature schemes

Answer 33

RSA Digital Signature Scheme ElGamal Digital Signature Scheme Schnorr Digital Signature Scheme Digital Signature Standard (DSS) Elliptic Curve Digital Signature Scheme

Question 34

a type of attack that can occur with digital signatures --- an attacker creatin ga message that has the same digital signature as a legitimate message

Answer 34

existential forgery

Question 35

Technique used in digital signature algorithms to add additional bits to a message before it is signed.

Answer 35

padding

Question 36

what is an undesirable feature of an autimated verfication process

Answer 36

it does not reconginze forgery

Question 37

the modules of the rsa signature schemes should be at tleast _______________ bu=its long

Answer 37

2048