1) Alice and Bob are attempting to communicate using a substitution cipher. Decode the following intercepted message:
VYNOH HMYPH UHPHP OYFHH GTGPO TMDYN KDYKG DDHPO YHPOY LPOTG UMGHP EYNKR MYPOY XKLYY KMXER PEYNK RMYPO YXKLY OKLDE YNKRM YPOKP UHKCV TCCMY LSYPH HLUKG TZYKG DFYKM RLYPO YEYMP HQHRL YGYLU TYMKG DMBTC CMEYN KRMYP OKPNO KCCYG UYTMH GYPOK PVYKL YVTCC TGUPH KNNYI PHGYV YKLYR GVTCC TGUPH IHMPI HGYKG DHGYV OTNOV YTGPY GDPHV TGKGD POYHP OYLMP HH
Discuss your cryptanalysis process as you attempt to decipher the message. Note - it is more important that you demonstrate a good cryptanalysis process than that you are able to decrypt the message.
2) Classify each of the following as a violation of confidentiality, of integrity, of availability, or of some combination thereof. You should briefly state your reason for each answer.
a. John copies Mary's homework.
b. Carol changes the amount of Angelo's check from $100 to $1000
c. Gina forges Roger's signature on a deed.
d. Bill calls Steve's credit card company, claims to be Steve, and has the credit card company cancel the card and replace it with another card bearing a different account number.
e. Rhonda registers the domain name "addisonwesley.com" and refuses to let the publishing house buy or use that domain name.
3)
a. If one-time pads are provable secure, why are they so rarely used in practice?
b. What, if any, are the consequences of reusing a one-time pad key?
4) Acme Inc. is developing the next generation financial tracking program, and Alice has been given the task of writing the encryption component, which will encrypt each user's data in a file on the hard drive.
a. Alice has decided to use AES as her encryption algorithm. As the cryptographic consultant for the project, do you think this is a good choice or not? You should state the reasons for your answer, and suggest an alternative if you do not think she made a good choice.
b. Alice does not believe that users will choose good encryption keys, so she has decided to generate the secret encryption key by taking the SHA-256 hash of the user name and the time at which they first use the program, resulting in a 256-bit secret key. Do you believe that this is a good choice or not? You should state the reasons for your answer, and suggest an alternative if you do not think she made a good choice.
5) Suppose that Alice and Bob need to communicate, and have decided to use asymmetric (public key) encryption.
a. Using only asymmetric encryption algorithms, describe a process that would allow Alice to send a message that can only be read by Bob. You should include any steps taken by Bob that allow him to read the message.
b. Using only asymmetric encryption algorithms, describe a process that would allow Alice to send a message that Bob could be confident was sent by Alice. You should include any steps taken by Bob to determine whether or not Alice actually sent the message.
c. Using only asymmetric encryption algorithms, describe a process that would allow Alice to send a message that can only be read by Bob, and that Bob could be confident was sent by Alice. You should include any steps taken by Bob to read the message, or to determine whether Alice actually sent the message.