Reference no: EM131427679 , Length: 2
Case Study
While man-in-the-middle attacks are nothing new, several cryptography experts have recently demonstrated a weakness in the popular e-mail encryption program PGP. The experts worked with a graduate student to demonstrate an attack which enables an attacker to decode an encrypted mail message if the victim falls for a simple social-engineering ploy.
The attack would begin with an encrypted message sent by person A intended for person B, but instead the message is intercepted by person C. Person C then launches a chosen cipher text attack by sending a known encrypted message to person B.
If person B has his e-mail program set to automatically decrypt the message or decides to decrypt it anyway, he will see only a garbled message. If that person then adds a reply, and includes part of the garbled message, the attacker can then decipher the required key to decrypt the original message from person A.
The attack was tested against two of the more popular PGP implementations, PGP 2.6.2 and GnuPG, and was found to be 100% effective if file compression was not enabled. Both programs have the ability to compress data by default before encrypting it, which can thwart the attack.
A paper was published by Bruce Schneier, chief technology officer of Counterpane Internet Security Inc.; Johnathan Katz, an assistant professor of computer science at the University of Maryland; and Kahil Jallad, a graduate student working with Katz at the University of Maryland. It was hoped that the disclosure would prompt changes in the open-source software and commercial versions to enhance its ability to thwart attacks, and to educate users to look for chosen cipher text attacks in general.
PGP is the world's best known e-mail encryption software and has been afavorite since Phil Zimmermann first invented it in 1991; it has become the most widely used e-mail encryption software. While numerous attacks have rithm. With the power of computers growing exponentially, cracking this or even more modern algorithms is only a matter of time.
Group Project: PGP Case Study
Read the Case Study at the end of Chapter 4 of the textbook. With your group, determine at least four modifications to the Caesar Cipher encryption algorithm that could increase the time required to break it.
With PGP, Phil Zimmermann experienced resistance from the U.S. government before being allowed to distribute it. Do an Internet search to find additional information about Zimmermann's case. Then, in a 1- to 2-page group report, perform the following:
· Provide at least three reasons for this resistance.
· Provide references for each of the three reasons that justify the concerns of the government as legitimate.
· Identify the individual contributions of each member of the group.
Your report should be written in APA style.
Attachment:- case_study.rar
Discuss about the critical fundamental skills from the it
: Create a presentation containing eight to ten presentation slides including Introduction, Conclusion, and Reference slides.Include speaker notes with each slide.Note. Be sure to include supportive graphics and appropriate backgrounds and styles. Al..
|
What are the three general categories of unethical behavior
: ISIT437/ ISIT937 Information Technology Security and Risk Management Individual Research Report. Ethics and information security - What are the three general categories of unethical and illegal behavior? What is the best method for preventing an ille..
|
Why marketing is important for career
: The latest trends in Marketing (short background, current situation, best practices and the future). Why Marketing is important for your career
|
Which of the two articles was more persuasive
: Reflect on your original opinion of your topic in 50 to 75 words. Consider the following questions for your response: Which of the two articles was more persuasive? Why?
|
Identify the individual contributions of member of group
: While man-in-the-middle attacks are nothing new, several cryptography experts have recently demonstrated a weakness in the popular e-mail encryption program PGP. The experts worked with a graduate student to demonstrate an attack which enables an ..
|
Determining the performance-problems
: Along with his performance-problems, you have also noticed that Bob is starting to sometimes "badmouth" the firm. As Bob's manager, what options would you consider in terms of dealing with the issue of his retention in the job and in the company? ..
|
What was the most important lesson you learned
: What was the most important lesson you learned from this course about the innovative process and what lessons could be learned through the process of learning and failing at an innovative venture?
|
Inventions mentioned during last week discussions
: What impact has Thomas Newcomen had on the inventions mentioned during last week's discussions, when we made our list?
|
Examples of project exclusions and project boundaries
: Please use your own words to define and provide examples of project exclusions and project boundaries. Also, why are these important?
|