Introduction To Cryptography: Key Security Requirements And Algorithms

Key Security Requirements of Cryptography

(a)

(i). False.

Cryptography is a process that provides the technical means to replicate some of the key security requirements of the physical world in an electronic environment.

(ii). True.

Encrypted data can be accessed by authorized users, thus it provides data integrity.

(iii). True.

The key sizes used in asymmetric key are of generally 1024, 2048 and 4096 bits.

(iv). True.

Error cannot propagate through stream cipher due to the generation of pseudorandom key stream.

(v). True.

It is used in one-time pad for sending plain text because it is a type of substitution cipher where the original message is replaced by the corresponding letter after shifting in the alphabet. 

(vi). False

In RSA, d= modular multiplicative inverse of e (modulo λ(n))

(vii). True.

HMAC message authentication code generally makes use of cryptographic hasg function along with a secret cryptographic key.

(viii) False.

Entity authentication protocol generally involves the use of private key for signing a number that is generated in a random fashion.

(ix). True

Quantum computers have the capability to surpass the processing power of the computers, which can make the encryption algorithms insecure.

(x). False

Hybrid encryption is not used in WPA2.

1. b) The pros and cons of deploying a proprietary algorithm are discussed in the following sections-

Pros/Advantages

1. It provides options of custom encryption
2. The encryption algorithm can be kept private.

Cons/Disadvantages

1. The security provided by proprietary algorithm cannot be matched up to level of mathematical algorithms.
2. The encryption process largely depends on its design and therefore, may not provide complete security.

(a) For identifying a good cryptographic algorithm, it should be ensured that the algorithm supports the most essential functions such as integrity of a message, maintaining the secrecy of the message should provide an option of authentication and digital signature. Whether the use of a symmetric key or an asymmetric key is necessary in the chosen environment is needed to be analyzed as well.

(b) Yes, a good key management is important for supporting a good cryptographic algorithm as it involve the controls at many different layers such as technical, physical and human and therefore it requires careful governance. This is aligned with the operational phases of key management that includes creation, backup, deployment, monitoring, expiration and destruction of a cryptographic key.

(c). (i). One of the encryption algorithms, that is used in GSM is A5/1 along with other security algorithms such as A3 and A8. The use of these algorithms is justified as A5 algorithm is used to scramble the voice of a user for privacy while the other two algorithms are used in SIM for authenticating the customers’ details.

(ii). In GSM, the associated keys are managed with the help of challenge and handshake method. This key is normally shared between the user and base station without the involvement of any communicating parties for maintaining the privacy of the system. 

Encryption Algorithms and Key Sizes

(d). Along with a proper key management and good cryptographic algorithm, it is essential to provide extra layer of security such as access control which allows only the registered and authorized users in accessing a system.

Answer to question number 3

(a). The block size in AES is 128 bits and key size can be of 128 bits, 192 bits or 256 bits.

(b). In padding of block cipher, it is ensured that the length of the input that is needed to be encrypted should be an exact multiple of the block.

(c). Operation of Electronic Code book cipher and Counter block cipher are discussed in the following section-

Electronic Code book cipher

In electronic code book cipher, the input message is generally divided into a number of blocks that are encrypted separately. 

In CTR, each cipher block is converted in a stream cipher and the following key stream block is generated by successive values of the counter.

(d) The comparison among ECB and CTR are as follows –

Characteristics	ECB	CTR
Requirement for padding	ECB makes use of padding	CTR does not require padding
Impact of a 1-bit transmission error	Error if detected in one block, does not affect the blocks.	If one block in CTR is damaged, it damages all the subsequent blocks.
Impact of loss of a block in the communication channel	Loss of one block does not affect the other blocks.	Loss of one block affects the other blocks as well
impact of a 1-bit computation error in the encryption of a single block	Since all the blocks are encrypted independently, error in 1 block does not affect the other blocks.	All the subsequent blocks will be affected by the error.
Implementation Issues	Implementation of ECB is not semantically secure	CTR generally does not have any implementation issues.

(a). RSA can be described as a public key cryptosystem and is the first practical application of public key encryption. The process of key set up is RSA is represented below-

Step 1: Choosing random prime number p and q, where n=p*q

Step 2: choosing e such that 1<e< (p-1)(q-1).

Step 3: then calculating d = e −1 mod φ(n).

Therefore, public key is e and private key is d.

(b). Public key encryption is mainly restricted to the encryption of symmetric keys because the maximum size of the data that RSA can encrypt is mainly restricted to the size of its modulus minus padding.  One of the examples of public key encryption is RSA, where the public and private keys are generated through a series of mathematical processes.

(c). It is an approach of public key cryptography, which is based on algebraic structure of the elliptical curves over the finite fields. It is gaining popularity because it involves smaller key size, which in turn reduces the storage and transmission requirements. Furthermore, it provides the same level of security like other popular algorithms such as RSA.

(d). Probabilistic encryption is generally referred to the use of randomness in encryption algorithm so that while encrypting same message for a number of times, different cipher texts are generated each time. This is the main reason it is desirable for public key encryption.

Advantages and Disadvantages of Cryptography

(e). In 1970, James H Ellis identified the possibility of having a non secret or public key cryptography and in the year 1973, his colleague Clifford Cocks implemented the first public key cryptography.

(a). The main difference between entity authentication and data origin authentication is that the message authentication protocol provides timeless guarantee while entity authentication implies the an actual communication with the verifier for the execution of current run of protocol.

(b). Cryptography can be used to implement a dynamic password scheme as cryptography is made used in password authentication. Password authentication is a major component of dynamic password scheme.

(c). Public key certificate is not used to provide entity authentication as it makes use of public key in encryption.

(d). AKE protocol is a cryptographic protocol that provides mutual entity authentication that is based on Diffie-Hellman key agreement. It establishes a common symmetric key and as maintaining the key confidentiality is one security requirement of this algorithm.

(e). The main difficulties in managing public key certificates are as follows-

1. The link between the public key and the individual will remain valid only if the user maintains the secrecy of the private key.
2. Public key may need to be revoked if the user’s secret key for a digital signature scheme is public certificate is compromised.

(i) This statement is true as when Bob would need to open the message, she would need to have the proper key in order to decrypt the message.

(ii) This statement is true as this is a kind of technique that could be used to validate the integrity and authenticity of a certain message, digital document or a software.

(iii) This statement is false as a side-channel attack would be based on the information, which would be gained from the execution of a computer system.

(iv) The statement is true as the size of the keyspace for the 128-bit AES could also be expressed as a hexadecimal string with 64 characters. It would require 44 characters in base 64. The encryption keys for AES cannot be expressed in letters or characters. The keys of encryption are a series of 128 (or 256) bits.

(v) This statement is false. The Cipher Block Chaining (CBC) is one mode of operation of in which the plaintext is mainly XORed with the previous block of cipher text before it is encrypted. The Counter (CTR) would turn a block of cipher into a stream of cipher. The CCB is not a method of encryption.

(vi) This statement is true. The cryptographic hash function is a specially designed class of the hash function that possesses certain properties that help in cryptography.

(vii) This statement is true as in cryptography, a message authentication code (MAC) is a short information piece that is mainly used in order to validate the authenticity of a particular message.

Authentication Protocols

(viii) The statement is true as one-time pads is a much more secure way to provide the authentication of an entity as compared to the static passwords. It is a kind of cryptographic algorithm in which the plaintext would be combined with a random key.

(ix) This statement is true as the public key cryptography would involve no issues of security as the keys are public. These keys are also known as asymmetric encryption, which involves a pair of private and public key. They are used to encrypt and decrypt data.  

(x) This statement is true as the GSM protocol would provide an authentication of mutual entity with the help of a challenge-response protocol. In this system, the subscriber would be needed to prove their identity by providing a response to the challenges.

(b) The hash function would is a kind of function that would be used to the map the data of any arbitrary size to the data of fixed size. The values that would be returned by a hash function are generally known as the hash values.

They are mainly used in checksums, fingerprint verification, randomization functions, cipher codes and many other areas. 

(a)  The two reasons for which ECB mode would not be normally recommended for the encryption of long messages are:

(i) The cipher text could leak information that would be beyond the length of the plaintext.

(ii) The attacker would be able to detect whether the encrypted ECM messages are identical or whether they would are sharing a common prefix.

(b) An attacker would establish equations that would involve the parameters of the cipher. The equation could be in the form c = enc(p,k). If the attacker would run his program in the ECB mode, then he would simply solve k for one block.

(c) The CTR mode would make use of the block cipher. This is considered as one of the mostly popular operation modes of block ciphers. The encryption and decryption could be helpful in performing by making use of many threads within the same time. If a single bit of the plaintext or the message of the cipher text gets damaged, then the corresponding bit of the output would get damaged.

(d) The ECB is the method in which a single block of message would be encrypted independently of the encryptions of other blocks. The data would be divided into blocks of plaintext where the size of the block would be depending on the encryption algorithm.

(e) The one-time pad is immune to an exhaustive key search. In the OTP method, the key is as long as the encoded text. In this method, the password cannot be cracked as it would require the use of a one-time key that would be valid up to a certain limit of time.

(a) In the EIGamal system of encryption, the key pair is generated as follows:

• A cyclic group G of orderq having a generator g would be generated.
• A variable xwould be chosen randomly.
• It would be computed h := g^x
• The value of hwould be published. Hence, the value of x would be retained as the private key.

(b) When the pair of key is generated, the process of encryption and decryption is a straight process and is easy in computational process.

The RSA does not operate on the string of bits as with the case of symmetric encryption key. It would operate on the n numbers modulo. Hence, the plain text would be represented as the plaintext.

(c) The hybrid mode of encryption is a technique of encryption, which can merge with more than one of the systems of encryption. It implements a combination of the symmetric and asymmetric method of encryption in order to benefit from the encryption technology.

 The hybrid mode of encryption is the most common mode of encryption because these kind of public key cryptosystems would depend on mathematical computations.

(d) The major challenges of key management that would be involved in supporting public-key cryptography are:

• User acceptance and Training
• Administration of the system, maintenance and recovery of the key
• Complexity for the users

The public-key cryptography makes use of a pair of keys in order to encrypt and decrypt the data in order to protect from unauthorized access.

(e) In the identity based cryptography, the user would choose an arbitrary string as the public key. Accordingly, a standardized format of public-key string would remove the need for the certificates of the public-key.

(a) This protocol is meant to achieve a secure exchange of messages. The message that would be sent would receive only to the designated receiver of the message. No third party would be able to access the information.

(b) The assumptions that needs to be taken are that the receiver of the message would have the proper key for decrypting the message using the symmetric key K. It could also be assumed that the receiver of the message also receives the public key.

(c) The application in which this kind of protocol would be achieved is One-Time Passwords. They are the most secure way of sending a message and the message would be received by the recipient only.  

(d) The MAC is a cryptographic checksum on the data, which makes use of a session key in order to detect the modifications on the data.

(e) The stream cipher is a form of symmetric cipher key in which the plaintext would be combined with a random cipher digit stream. Hence it would not be the best choice for the encryption algorithm.

(f) The mutual authentication of the two entities would be required in order to establish a secure form of link over insecure networks.

(a) The pros of this discussion is that it would be beneficial for the department as the method of encryption is extremely vital in order to protect the communication from being hacked from unauthorized users. The cons of the discussion to implement encryption technology is that the encryption technology is very much expensive and the devices have to be compatible in order to implement the encryption technology.

(b) The DES is a 64 bit block asymmetric cipher, which is used for encryption and decryption. The main components of the DES system includes the key and the algorithm. The AES has 128-bit data. It also provides a strong and fast processing than the DES systems. The requirement specifications of the AES system is a Federal Information Processing Standard (FIPS) 197 and Advanced Encryption Standard (AES).  

(c) The different ways in which a government would access data are that would be protected with the help of cryptography are: Full Disk Encryption (FDE), End-to-end (E2E) encryption, Encryption of files, Encrypted email servers, Encrypted web connections and Pre-encrypting data that would be synced with the cloud.  

2. True, Alice can use the private key to encrypt the message and the receiver should possess both the public key and private key to decrypt the message.
3. False, MAC provides only authentication but no confidentiality of data.

• True, this is because If the size of the key space the algorithm is 2^k then the key can be found in 2^k-1 attempts. But if the value to k is too high it becomes very difficult for the hacker.

1. False, The elliptic-curve cryptography is not very popular
2. True, several modes of block cipher can be used for the conversion of block cipher into hash functions.
3. False, Keccak is not a standardized message authentication code. It is a SHA-3 standard.

• False, entity authentication scheme is designed based on the physical characteristic of a human entity.
• True, the challenge response protocol should be random.

1. False, the HSM can be used for both storing and generating cryptographic keys
2. True SSL (TLS) supports the use of Diffie-Hellman key exchange.
3. In hybrid encryption both the public key and the private keys are used. For the encryption of the message the public of the receiver is to be obtained by the sender. The sender generates a fresh symmetric key for the data encapsulation scheme. After the key is generated the user encrypts the message under the data encapsulation scheme, using the symmetric key just generated. This is done using the public key of the receiver. Then both the encryptions are sent to the receiver. For the decryption process the receiver uses the private to decrypt the symmetric key and then decrypt the message using the symmetric key.

1. The main reason that the ECB mode of encryption is not used for encryption is that it is not secure semantically and it provides the same length of cipher text as that of the plaintext. This allows the attacker to check whether the two text are identical.
2. CBC is process of connecting two blocks together. In this process every block is XOR with the previously encrypted block. The output of the previous block is encrypted and added to the next block.
3. The initialization vector is used as the input to the initial block in the CBC mode of encryption. The IV is required both in the time of encryption and decryption and both the IV have to be same.
5. Two plaintext block would be corrupted and n+2 bits will be corrupted considering that n is the length of each block.
6. 3 plaintext blocks will be corrupted, 2n+1 bits affected considering that n is the length of each block.

• 4 plaintext blocks will be corrupted, 2n+2 bits affected considering that n is the length of each block.

1. The main differences between the CBC and CBC-MAC mode of encryption are:

The CBC modes makes use of random IV whereas the CBC-MAC doesn’t make any use of IV. This is because if the random IV is used for the CBC-MAC encryption then it would not be secure.

The CBC mode all the output are provided by the encryption algorithm is considered as the tag whereas in CBC-MAC only the final output is considered as the tag.  

1. If a block of cipher text is deleted then the plaintext delivered to the receiver would be incorrect as the key for the next block would be a mismatch and hence provide a wrong message.

1. Compared to symmetric key encryption, public key encryption is better in the aspect that additional data can be added to the encrypted data and the public key encryption provides more amount of confidentiality.
2. Compared with symmetric-key encryption, public-key encryption requires more processing and may not be feasible for encrypting and decrypting large amounts of data.
3. The main reason of not using different mode of encryption in RSA encryption is to avoid weaknesses such as encryption of the same message using different RSA keys.
4. For setting up of a RSA algorithm let n be product of p and q. special number e is selected. Publish the pair of numbers (n, e). Compute the private key d from p, q and e.

ed = 1 mod (p-1)(q-1).

1. Let’s consider p=3 and q=7.

(p-1)(q-1) = 2×6 = 12

e = 2 can not be taken since, 2 divides both e and 12.

e = 3 can not be taken since, 3 divides both e and 12.

e = 5,7,11 can taken since, none of them divide both e and 12.

1. MEMO

Date:

Subject: To select RSA encryption over elliptic-curve variant of El-gamal

From: security manager

Company

To: boss

Company: 

To select RSA encryption. This the best method of encryption as RSA is more popular and the elliptic-curve variant of El-gamal is very easy to crack by the hackers. 

1. Other than the selection of a goof cryptographic algorithm the organization should maintain an efficient but secure public key.
2. The main stages of key management lifecycle are Key generation, key establishment, key storage, key usage, key archival, key destruction
3. AES > RSA > SHA-1> 3TDES
4. The counter mode is used as counter mode solves the OFB mode problem of n-bit output where n is less than the block length.
5. This application is used so that the attacker has to use much more time for decoding the text.
6. The failure for implementation can lead to the cryptography not performing the job it was intended to such as missing out in the details of messages or the receiver not receiving any message at all.

1. Kleptography, cryto-anarchism, financial cryptography, secret broadcasting
2. Cryptography can be used both for the encryption and decryption. Hence, an encrypted message can be decrypted both by an attacker and also by a receiver. Hence, this can be used as dual-use technology.
3. In 1980 the Federal Register announcement of a revision to ITAR. NSA had built a massively parallel DES-cracking machine as early as the mid-1980. These are some of the events that came up after the year 1980.
4. Quantum are going to disrupt every industry and the type of business they conduct. The online security would be changed to a great extent, artificial intelligence would be at its peak and the field of drug development would be benefitted to a great extent.  

a)

1. This statement is true as key establishment is one of the hardest management process for symmetric cryptography when key need to be shared and secret.
2. Digital Signature can be used to provide data integrity through bind the identity of a message.

• This statement is true. Frequency analysis attackers used mixed alphabet cipher. This cyphers replace letter and plaintext to produce cypher text.

1. This statement is false. Diffie- Hellman does not provide any public key encryption schema. There are various other public schema as RSA encryption.
2. This statement is true as error propagation involves in decryption process where cipher text input has one incorrect bit procedures a plaintext output that has more than one incorrect it.
3. SHA-3 is a message authentication code standardized by NIST. This statement is true as SHA-3 detects any small difference from original message.

• Digital signature provide confidentiality of the message. This statement is also true because digital signature schema provides data origin authentication of the signer with non -repudiation.
• A challenge-response protocol requires a good source of randomness to be available to both parties. Where upon the other end must return as its responsea similarly encrypted value which is some predetermined function of the originally offered information, thus proving that it was able to decrypt the challenge.

1. This statement is also true as the public key certificate is binds an identity to a particular public-key value.
2. This statement is false because the mobile telephone communication does ot have the ability to provide end to end encryption. 

(b)

In real applications one should avoid the use same key pair for both digital signature and encryption.  Implemented versions of RSA are used for both digital signatures and encryption that should issue each user with two different key pairs: 

• A signature/ verification key pair for digital signatures.

• A private/ public key pair for encryption. 

1. RSA is useful to generate and verify digital signature using hash functions. To create signature keys, RSA key pair containing a modulus,N, that is the product of two random secret distinct large primes, along with integers, e and d, such that e d ≡ 1 (mod φ(N)).

To verify the digital signature the message must go through the hash function and the signature through verification algorithm. Then similarity ob both results must check to verify the the digital signature.

For message recovery, the current message of signer must add padding/ redundancy and then run through the signature algorithm with a set signature key than proceed to verifier through verification algorithm with set verification key. Then the passing must be removed to recover the proper message.

1. Hash function is a function that can be used to map data of arbitrary size to data of fixed size. Hash function return values as hash codes, digests or simply hashes for rapid data lookup. It is used to store highly confidential password. It is a critical component to build other cryptographic primitives in appendix.
2. Security can be breached for differences as consistency over messages, uniqueness to individuals, ease of forgery and binding to individuals. Attacker can compromise the digital signature through signature and verification key that does not provide data encryption.
3. There are mainly three aspects to compare between hand written and digital signatures.
4. Practical differences: practical differences are such as longevity, legal recognition acceptability and cost.
5. Security differences: security differences are consistency over messages, uniqueness to individuals, ease of forgery and binding to individuals
6. Flexibility: flexibility can be define as binding to underlying data, availability issues and support multiple signatures.
7. There are certain problems which are faced with digital signature. One f them is generic attacks. It is often possible to obtain others signature key. The hash function can collide though there is a little chance of such attacks. Another issue is persuade others that someone else’s public verification key belongs to you. 

1. True: the number of possible keys is equal to the number of possible plaintexts.
2. False: The key must be generated using a well-regarded pseudorandom number generator.
3. True: It is insecure if used for very long plaintexts.
4. False: The technique encrypts pairs of letters (digraphs), instead of single letters as in the simple substitution cipher.
5. False: The key should be used one.
6. True: The key should be used one 

1	2	3	4	5
2	3	4	5	1
3	4	5	1	2
4	5	1	2	3
5	1	2	3	4

One-time pad is not very popular for commercial system however it has been used in past to provide voice communication between allies in World War 2. The key is random and the method implemented with XOR the plaintext. In general, the required length of the key is a problem. However, a hard disk having 1000 GB capacity is enough to encrypt 1 KB message over 2500 years that just cost less than 100 USD.

Quantum key establishment is used in practice to offer continuous key distribution for internet VPN. However the utilization is murky in other cases. When pad is utilized for numerous future messages until the sum of their sizes of the pad. Quantum key establishment can be used to solve such problems.

The main purpose of the cryptography is to secure the interests of parties communicating in the presence of adversaries. Quantum computers are built to utilize quantum mechanical effects in its computations. Some problem critical to cryptography can be solved using this computers. The large scale quantum computer may have very significant amplification for the field of cryptograph.

• The main stages of key management lifecycle are Key generation, key establishment, key storage, key usage, key archival

Key generation: If there is a failure to generate a key the encryption would not be possible and the data can be read by the hackers.

Key establishment: If the key is not added to the data the plaintext would not be encrypted and the cipher text would not be obtained.

Key storage: Without the storage of the key the symmetric key generation would not be possible.

Key Usage: The key usage is an important part as without the usage of the key the file would neither be encrypted nor be decrypted.

Key archival: The key is to be archived with the file so that it is easy for the decoder to decode or else the message would remain undelivered.

• The symmetric key involves key that are symmetric at both ends so that the key required for the encryption and decryption are same and key required for the encryption and decryption in asymmetric key management are same.
• In 1980 the Federal Register announcement of a revision to ITAR. NSA had built a massively parallel DES-cracking machine as early as the mid-1980.

• Eight different application of cryptography are:

Kleptography, cryto-anarchism, Anonymity networks, financial cryptography, secret broadcasting, Digital rights management‎ and authentication.

• The application of choice is LinOTP

1. The security services required are two-factor authentication and one time passwords.
2. It is a web service that provides REST like web API and the responses of the application are returned as JSON objects.

• The coding of the application is done by primitive languages such as PyPI via Python Package

1. The application supports SHA-1, SHA-256 and SHA-512 algorithms.
2. LinOTP can import OATH-compliant key files according to RFC 6030. Additionally it can import SafeNet eToken PASS XML files and Feitian XML files.  

1. a)
2. It is possible because symmetric encryption uses block cipher which uses a key of 64-bit length, block size of 64-bit, computation having 16 rounds and functions of S-box, for encrypting sensitive data.
3. It is because claims from RSA is that 1024-bit key lengths are most likely to be cracked in future.

• It is because encrypted data can be stored in escrow and exchange of keys are done securely under particular circumstances where a third party requires access to the keys in key escrow.

1. It is because sizes of blocks of elliptic-curve-based EIGamal cipher text are small whereas AES cipher text single block is finite.
2. It is because the output shall be 224 bits or larger than that as it is not described by the curve definition as per NIST.
3. It is because one time passwords are dynamic and machine generated which does not required to be remembered.

• It is because digital signatures uses hash function and it offer data origin authentication.
• It is because this protocol has no timestamps uses and thus provides perfect secrecy to the messages.

1. It is because public key certificate alone is not able to provide proof for someone’s identity as it provides proof just for the verification of digital signature.
2. It allows by giving key agreement data and temporary authentication which enables a VLR/SGSN to engage in GSM triplets.
3. b) The implications are as follows.

• Quantum computing is able to crack modern cryptography encryption from banking sector to confidential correspondence to Blockchain.
• The computational power of quantum computing will impact the changes in cyber defense technologies and AI technologies in future.
• The quantum computing will provide appreciable and high security capabilities for modern cryptography if implemented and used widely.
• The modern cryptography is AES and after the implementation of Quantum computing it will be secured by NIST. This will ensure millions of trial at a single time without any wait.
• The implementation of quantum computing will kick out the modern cryptography as quantum computing will be on a large-scale and complicated.

1. Hash function is used for generating a message authentication code where a hash value of a message and secret key is generated for authentication. The length of the message is not fixed, however, there is fixed length of output for the hash function that is done on the message. The MAC generated, will confirm its authentication as the person having secret key can only open the value of MAC to verify the data. The message is then verified by the key holding the senders and receivers.
2. MAC forgery resistance is to prevent attacker from producing a whole new message with computation of accurate authentication tag under the given secret key. This will help to resist forgery where identification of secret key is resisted. This is the main security property as it will prevent attackers from forging messages pair.
3. i) The block cipher algorithm used for encrypting message in CBC mode is used to create a sequences of blocks where each block relies on the previous block having proper encryption. This will ensure changes in final block that is encrypted without predicting the original change.
4. ii) MAC construction based on hash function is that hash computation having two passes is used for MAC generation. The two keys, inner and outer is derived from secret key where first pass produces inner key and internal has, and second pass provides HMAC code finally that is derived from outer key and result from inner hash.
5. i) Block cipher operation modes and Counter mode of Operation.
6. ii) The first is easy programming interface to use. The second is confidentiality, integrity and authentication is improved. The third is high efficiency and parallelizability. The fourth is that each code has its own additional functionalities and hence with combination of this mechanism will improve the overall security.
7. Situation1- When A sends a message to B then A attaches a MAC to the given message. B, when receives the message, able to use the key which pre-shared for computing the MAC which is same and then confirms the message, whether it is tampered or not. This approach prevents external attacker.

Situation2- New York Stock Exchange publishes present stock prices and people will then require to determine whether the quotes are from NYSE and they required to be verifiable also. If the quotes are MACed then NYSE is required to share the secret key of MAC to verify quotes by the people. This can result in fake stock quote where someone has the MAC secret key and is able to share the keys thus dumping of all GM stock will occur.

1. a) It is faster and can be transferred via link even if the interception of data can happen. The data transmitted without any key and hence data cannot be decrypted.
2. b) Firstly, two keys are generated using two large prime numbers and the decryption key is distributed to receiver. Secondly, receiver publishes its encryption key and authenticity assurance is given. Thirdly, private key is used to decrypt the message.
3. c) i) It is defined as an encryption of specific type where element of chance is introduced and encryption of source text repeatedly using the same key will result in different cipher text.
4. ii) The security reason is that if message is encrypted by a third party or unauthenticated person then it will result in different cipher text and not the original.

iii) RSA cryptosystem.

1. d) The elliptic-curve cryptography involves a relatively smaller encryption key that is fed in the encryption algorithm for decoding of encrypted message. This small key is quick and low computing power is required. The signatures, encryption and decryption are fast. However, it is tricky and complicated to implement. Patent problems for the binary curves and the key can be compromised if signed from random number generator that is broken. Hence, elliptic-curve cryptography is best for some purposes where smaller keys can be used for high security levels but not for binary curves.
2. e)   i) The standardization is not done as because the encryption level is still not acceptable                by the Government and the operation modes are still in development phase.
3. ii) CBC is the modes of operation that could be used for public-key encryption because in CBC, same keys used for equal messages encryption to different cipher texts, decryption of message can be done from any part and properties of error multiplication.

1. a) The fundamental dilemma is that is it complicated to seek law enforcement, that is secured, access for data encryption. This is because levels of data encryption is based on a network having legal, economic, political and social factors is different in different countries.
2. b) i). Adding backdoor

ii). National and export regulations

iii). Escrow systems

1. c) i). A method to secure communication which prevents third-parties to access data during transfer of data from system to another.

ii). WhatsApp and Viber

iii). The end-to-end encryption is not completely safe as third party such as Government cannot be able to retrieve the message in case of any emergency or terrorism.

1. a) The applications are time stamping, electronic money, secure network communications, anonymous remailers, disk encryption, ATM, Pay TV and GSM enabled phone.

b)i) Authentication, Confidentiality, Integrity and Non-repudiation

1. ii) The constraints are card cloning, card expiring, card damaging and cast skimming.

iii) Signcryption is used for ATM. 

1. iv) Cryptographic algorithm supported is Advanced Encryption Standard algorithm and key lengths supported are 56-bits.
2. v) The generation of random numbers is done and printed on packages sent for global distribution to locations of ATM. The field technicians select a random package and then enter the generated random number in ATM. The ATM ID is reported and two packages are joint to create a new random number similar to ATM. Then the KEK is shared to established keys at both ends and after successful connection, a new PIN is sent to ATM that is encrypted by initial key.