Cryptography

Short Answer Question with Hint.

  1. What is Cryptography?*
    • Answer: Cryptography is the science of encrypting and decrypting information to prevent unauthorized access. It ensures that the decryption method is known only to the intended sender and receiver.
  2. Explain the process of encryption and decryption using an example. (20 Marks)*
    • Answer: Encryption is the process of converting plaintext into ciphertext using an encryption key, making it unreadable to unauthorized users. Decryption is the reverse process, converting ciphertext back into plaintext using a decryption key. For example, “Afzalur Rahman” (plaintext) could be encrypted to “Faazulr Armhna” (ciphertext) and then decrypted back to “Afzalur Rahman.”
  3. List four applications of cryptography.*
    • Answer: Four applications of cryptography are SSL/TLS for secure browsing, digital signatures, secure banking, and encrypted chatting or emailing.
  4. What is symmetric cryptography and what are its advantages and disadvantages? (10 marks)
    • Answer: Symmetric cryptography uses a single key for both encryption and decryption of information. Advantages include faster processing, better performance for bulk data, and ease of setup. Disadvantages include the risk of a single point of failure, the necessity to keep the key secret, and the risk associated with transferring the key.
  5. What is asymmetric cryptography? Mention two uses.*
    • Answer: Asymmetric cryptography uses two different keys for encrypting and decrypting messages: a public key for encryption and a private key for decryption. Two uses are digital signatures and encrypted browsing.
  6. Describe the advantages of asymmetric cryptography.*
    • Answer: The advantages of asymmetric cryptography include no need for sharing the secret key, proof of owner authenticity, stronger encryption due to longer key lengths, and protection against data modification in transit.
  7. What is a hash function, and why is it important?*
    • Answer: A hash function scrambles information or data beyond recognition, producing a hash value. It is important for verifying data integrity, secure password storage, and supporting various cryptographic applications.
  8. How does a hash function contribute to blockchain technology?*
    • Answer: In blockchain technology, hash functions create a secure and immutable ledger of transactions. They are crucial in the mining process, helping validate new blocks of transactions and ensuring the ledger’s integrity.
  9. What is the significance of hash functions in password storage?*
    • Answer: Hash functions enhance security in password storage by storing hashed values instead of actual passwords. This approach protects passwords even if the storage system is compromised, with salting further securing against attacks.
  10. Discuss the role of hash functions in data integrity verification.
    • Answer: Hash functions ensure data integrity by generating a unique hash value for data. Any alteration to the data results in a different hash value upon rehashing, allowing for the verification of data authenticity and integrity during transfers or storage.

Long Answer Questions with hint

1. Design a Secure Communication Protocol (Creation Level)

Question: Consider yourself in the position of developing a secure communication protocol for an emerging instant messaging application. Delineate the manner in which you would integrate symmetric and asymmetric cryptography, drawing upon your expertise in the field, to guarantee the confidentiality, integrity, and authentication of transmitted messages. Define the functions that each cryptographic type would fulfill within your protocol.*

Answer: The secure communication protocol would start with asymmetric cryptography to exchange symmetric keys securely. The public key of asymmetric cryptography would encrypt the symmetric key, ensuring that only the recipient, who possesses the corresponding private key, can decrypt and retrieve the symmetric key. This process, known as key exchange, leverages the security of asymmetric cryptography for the secure transmission of symmetric keys. Once both parties have the symmetric key, all subsequent communications would be encrypted using symmetric cryptography, which offers faster processing and is more efficient for encrypting the bulk data of ongoing messages. This dual approach ensures confidentiality (through encryption), integrity (via cryptographic hashes alongside each message, ensuring that any alteration is detectable), and authentication (as the initial exchange of keys via asymmetric cryptography verifies the identities of the participants).

2. Evaluate the Security Implications of Key Management in Cryptographic Systems (Evaluation Level)

Question: The management of keys, encompassing their creation, exchange, storage, and destruction, is an essential component of cryptographic systems. This essay will assess the influence of key management on the security of a cryptographic system, taking into account symmetric and asymmetric key cryptography. Address potential vulnerabilities and suggest key management best practices.*

Answer: Key management is foundational to the security of cryptographic systems. In symmetric cryptography, the primary concern is the secure exchange and storage of the key since it must remain secret and is used for both encryption and decryption. Poor management can lead to unauthorized access and compromises the entire system. Asymmetric cryptography mitigates some of these risks by separating the encryption and decryption keys, but it introduces complexity in managing public and private keys, especially ensuring the security of the private key. Vulnerabilities in key management, such as insufficiently secure key generation algorithms, improper storage practices, or lack of procedures for key revocation and rotation, can lead to system compromises. Best practices include using strong, randomly generated keys, secure key exchange protocols like Diffie-Hellman for symmetric keys, hardware security modules (HSMs) for storing sensitive keys, regular key rotation, and clear policies for key revocation and destruction.

3. Analyze the Role of Hash Functions in Cryptographic Security (Analysis Level)*

Question: Hash functions are highly adaptable in the realm of cryptographic security. This essay will examine the ways in which hash functions contribute to the improvement of security in a variety of applications, such as digital signatures, password storage, and data integrity verification. Analyze the characteristics that render hash functions appropriate for these functions.*

Answer: Hash functions contribute to cryptographic security by providing a way to verify the integrity of data without revealing the data itself. In password storage, hash functions allow systems to store and compare hashed versions of passwords, ensuring that actual passwords are not exposed, even if the data storage is compromised. The use of salting enhances this process by making it infeasible to use precomputed tables (rainbow tables) to reverse the hash. For data integrity verification, the immutability property of hash functions—where even minor changes in the data produce a completely different hash—enables the detection of any alteration to the data. In the context of digital signatures, hash functions are used to create a digest of the message being signed, which is then encrypted with a private key. This ensures the authenticity and integrity of the message, as any change in the message after signing will result in a different hash, making the signature invalid. The key properties that make hash functions suitable for these roles include their deterministic nature, pre-image resistance, collision resistance, and fast computation.

4. Design a Scenario Demonstrating the Use of Asymmetric Cryptography in Digital Signatures (Application Level)

Question: Envision a situation in which a legally binding document must be electronically transmitted after being signed. Construct an elaborate illustration showcasing the application of asymmetric cryptography for cryptographic signature attestation on a document, thereby securing its veracity and integrity throughout the transmission and reception processes. Describe how the recipient verifies the signature in your scenario.

Answer: In this scenario, the sender first generates a hash of the legal document using a hash function. This hash acts as a digital fingerprint of the document. Using the sender’s private key, the hash is then encrypted, creating the digital signature. The original document, along with its digital signature, is then sent to the receiver. Upon receiving both, the receiver uses the sender’s public key to decrypt the signature, revealing the hash value that the sender generated. Separately, the receiver also generates a new hash of

Lesson Content
0% Complete 0/1 Steps