Part I Q1 10 5 Points Each Choose Best One Please Provide Re

Part I Q1 10 5 Points Each Choose Best One Please Provide Reason A

Part I Q1 10 5 Points Each Choose Best One Please Provide Reason A

Part I Q points each), choose best one. Please provide reason as asked of your choice in a few sentences , in your own words and/or reasons not choosing the other choices. Restating the problem in your own words does not constitute as the reason. Sometimes defining the terms may give you a clue to the reason. Reason: 1.

How one should not report computer crime? a. telephone b. e-mail c. tell management in person d. tell the IT department in person Reason: Why you did not select other options 2. The algorithm _____ is no longer considered computationally secure. a. DES b. RSA c. AES d. Diffie-Hellman? Reason: Why did you choose? 3. Which of the following are the reason for the difficulties in prosecutions of computer-related crimes? (a, b, c or d) 1. The area of litigation is extremely technical and difficult to understand. 2. Most of the crimes do not fall under any of the current laws 3. The laws themselves are relatively new and untested. 4. The technology is very dynamic, and the tactics of the perpetrators are constantly changing. a. 1 and 2 b. 1, 2 and 3 c. 1, 2 and 4 d. 1, 3 and 4 Reason: 4. What is authentication? a. the act of binding an entity to a representation of identity b. the act of ensuring that information is being sent securely c. the act of ensuring that the receiver of information actually received it d. the act of binding a computer system to a network Reason: Why it is important? 5. Which is not considered the misuse of information? a. the untimely release of secret information b. the deletion of information from a system c. the illegal sale of information to rival companies d. the misrepresentation of information Reason: 6. How does a client machine find the web address associated with a particular URL? a. It uses translation software in the interpreter. b. It sends a message to the nearest domain name server. c. It uses hashing to translate the address. d. It sends a message to the URL server. Reason: 7. What defines the strength of a cryptographic method? a. number of shifts b. need for a code book c. complexity of the algorithm d. length of time needed to crack it Reason: Why it defines the strength? 8. What is the most important benefit of asymmetrical encryption? a. It speeds up the encryption process. b. It makes e-mail easier to encode. c. Only the sender knows to whom the information is going. d. Encryption key can be transmitted openly and only the receiver can decrypt the information Reason: Contrast with symmetrical encryption 9. What piece of legislation allows computer records documenting criminal activity to be used in court? a. National Infrastructure Protection Act b. Federal Computer Documents Rule 703(a) c. Digital Signature Bill d. Federal Rules of Evidence 803(6) Reason: 10. Which part(s) of CAIN is realized through the use of message digest functions and hashes? a. confidentiality b. authenticity c. integrity d. non-repudiation How it is realized? Part II Q1-2(Each 15 points) QII.1 Suppose we use key pair K1, K2 (public key and private key) for encryption and key pair K3, K4 (public key and private key) for the digital signature What are the advantages and disadvantages in the following cases A. K1 and K2 are the same as K3 and K4 B. K1 and K2 are different than K3 and K4 QII.2 Suppose your spy colleague wanted to send you messages that you could be sure came from him (and not an enemy trying to pretend to be him). Your colleague personally tells you: “Whenever I send you a message, the last thing in the message will be a number. That number will be a count of the number of letter E’s in the message. If you get a message, and the number at the end is NOT an accurate count of the number of letter E’s, then that message is from an imposter.†a. [2 pts] This number, put at the end of each message, is an example of what cryptographic item? b. [2 pts] Does it have the characteristic of being one-way i.e. can you deduce the original message? c. [4 pts] Is it collision resistant? Why? d. [7 pts] Can you suggest some other way to indicate that message is from the sender without resorting to encryption? Part 3: Essay Question. Maximum length: 900 words, (weight 20 pts.) An enterprising group of entrepreneurs is starting a new data storage and retrieval business, SecureStore, Inc. For a fee, the new company will accept digitalized data (text and images, multimedia), and store it on hard drives until needed by the customer. Customer data will be transmitted to and from SecureStore over the Internet. SecureStore guarantees that the confidentiality and integrity of the data will be maintained. SecureStore also envisions certain information assurance requirements for their internal operations. Company employees will need to exchange confidential email and will need a mechanism for verifying the integrity and originator of some email messages. Also, SecureStore intends a daily backup of all customer data to a remote facility via a leased line . They wish to do so as economically as possible, while ensuring the data’s confidentiality and integrity. Describe briefly how they would satisfy Secure Store’s requirements as stated above. How would a successful candidate respond? First, list the requirements derived from the above statements (note the highlighted words); list them and address each requirement. Keep in mind that this business will be operating in the real world, which means please pay attention to economics.

Paper For Above instruction

The given assignment encompasses multiple questions focusing on cybersecurity principles, cryptographic techniques, legal considerations, and practical implementation of security protocols within a business context. It requires critical understanding and application of security concepts, as well as a pragmatic approach to designing secure data storage and communication systems for a hypothetical company, SecureStore, Inc.

Question Analysis and Reasoning

The first part primarily involves selecting the best options for multiple-choice questions, providing logical reasoning for each choice. Questions cover topics such as reporting computer crimes, the security of cryptographic algorithms, challenges in prosecuting cybercrimes, understanding authentication, identifying information misuse, DNS querying mechanisms, cryptographic strength determinants, benefits of asymmetric encryption, relevant legislation, and the role of message digest functions. Each question necessitates an explanation that clarifies why the selected answer is preferable over others, based on technical, legal, or security principles.

For example, when asked about how to report computer crimes, the safest or most appropriate method—such as directly informing management or IT—must be justified in relation to security policies or practicality. Similarly, in cryptography, the choice of an algorithm no longer considered secure, like DES, must be supported by its vulnerability to modern attacks or computational weaknesses. Understanding why certain laws are pertinent in digital evidence handling or how cryptographic strength is influenced by key length are essential for comprehensive answers.

The second part involves scenario-based questions about cryptographic key management and message authenticity verification. Comparing scenarios where key pairs are identical or different, analyzing the advantages/disadvantages, and explaining the cryptographic properties of a simple E-counting scheme at message end demonstrate applied understanding of encryption, digital signatures, and message integrity.

The third, essay-based question demands a holistic security architecture design for SecureStore. It involves listing the security and operational requirements—such as data confidentiality, integrity, authentication, and cost-effectiveness—and proposing suitable technical solutions, including encryption, digital signatures, secure backups, and cost-efficient security measures. This tests the candidate’s ability to synthesize theoretical security principles into a practical, economically viable framework.

Addressing Security Requirements in Practice

To meet the confidentiality and integrity requirements, SecureStore could implement end-to-end encryption during data transmission, utilizing protocols like TLS to secure customer data as it travels over the internet. For data at rest, encryption using robust algorithms such as AES would protect stored data from unauthorized access.

For internal email exchanges, digital signatures based on public key infrastructure (PKI) would verify sender identity and ensure message integrity. The company may deploy PGP or S/MIME protocols for email security, providing non-repudiation and authenticity.

Daily remote backups could leverage encrypted transfer channels and secure storage solutions, complying with best practices and economic efficiency by using scalable cloud storage or dedicated secure data centers. Hash functions like SHA-256 could ensure data integrity, detecting any unauthorized modifications during transfer or storage.

Cost considerations are vital; thus, adopting open-source cryptographic libraries and cloud-based solutions can optimize expenses while maintaining security standards. Regular audits, access controls, and employee security training further reinforce security and operational integrity.

In conclusion, a layered security approach combining encryption, digital signatures, secure communication protocols, and cost-efficient infrastructure investments ensures that SecureStore meets its confidentiality, integrity, and operational requirements in a realistic, economically sustainable manner.

References

• Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644-654.
• Katz, J., & Lindell, Y. (2020). Introduction to Modern Cryptography. CRC Press.
• Stallings, W. (2020). Cryptography and Network Security: Principles and Practice. Pearson.
• Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120-126.
• NIST. (2015). Digital Signature Standard (DSS). Federal Information Processing Standards Publication.
• Schneier, B. (2015). Applied Cryptography: Protocols, Algorithms, and Source Code in C. Wiley.
• Li, J., & Han, Z. (2018). Secure Data Storage and Retrieval in Cloud Computing. IEEE Transactions on Cloud Computing, 6(3), 616-627.
• Rescorla, E. (2000). HTTP Over TLS. RFC 2818.
• Federal Rules of Evidence (1975). U.S. Courts.
• ISO/IEC 27001:2013. Information Security Management Systems — Requirements.