Reference no: EM132693731

1. Alice and Bob have each generated a public and private key pair. However, they do not know each other's' keys yet. Now they are trying to exchange a message M over a network.

(a) What is the procedure to exchange the message confidentially, if only passive attacks need to be considered?

(b) What can be done to mitigate the risk if active attacks are possible?

2. Ahmed and arisha are having a discussion about Public Key Infrastructure (PKI). Ahmed asked that it is simply a way of authenticating users. However, Arisha argues that it is a type of encryption algorithm. They have said you to decide, who is correct, for each opinion, you should provide one reason for why it is either correct or incorrect?

3. Does a digital signature ensure the entire message is encrypted? You should provide the reason to support your statement

4. As an information systems security professional, what is the highest amount would you recommend to a corporation to invest annually on a countermeasure for protecting their assets valued at $ 2 million from a potential threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 10%

5. Every time typing complex and long password to logon into application server by Alice while using SSH protocol. To use asymmetric cryptography for "password-less" authentication suggested by Bob. Alice implemented Bob suggestion to using asymmetric cryptography for password-less authentication ,what are the steps Alice should perform? Apart from listing the steps, please provide us with a suitable asymmetric key that you have generated.

6. Bob enter a "passphrase" when he created the authentication key. how is the passphrase used by MD5, While Alice may not want to passphrase and what benefits does it provide?

7. How does an attack differ from threat to information security? How can the two overlap?

8. How can university protect itself from a Man-in-the-Middle attack?