Question 1  This question concerns the main security goals (confidentiality, integrity, availability). Describe a situation which provides the goal of confidentiality but does not provide integrity.

Question 2  In a particular form of two-factor authentication, a user shows their identity by providing a password and also by providing the current value displayed on a security token. Describe an attack that would be prevented by this two-factor approach, but which would succeed against a system where identification is based just on passwords.

Question 3  A typical password is about 8 characters long (and so can be stored in 8 bytes, or 64 bits). However, a typical key for encryption/decryption is much longer, and a key of 64 bits would not be considered secure. Explain this in terms of the difference between the way a secret is used as a password, and the way it is used as a key. Hint: what happens if an attacker takes a few months to discover the secret?

Question 4  Suppose that Fred Foolish, a colleague of yours, says "I have heard that the security of an operating system is built on the hardware mechanism that separates user mode from kernel mode. This means that an attack that succeeds against one operating system must have broken the hardware mechanism, and therefore the same attack will work against any other operating system on the same type of machine. Thus there can't be any reason to believe that one operating system is more secure than any other." Write a discussion that explains to Fred why his argument is invalid.

Question 5 What are the necessary properties of a digital signature? List the encryptions that would be applied to a block of plaintext to produce a digital signature of that plaintext. For each encryption state whether the encryption is symmetric or asymmetric and, if asymmetric under whose (sender's or receiver's) public or private key the encryption is performed.