Part II Q1-3 (Each 10 points)

QII.1 For a public-key encryption system, list reasons,

1) in favor of

2) and against

for using the same key pair for 1) the encryption and for 2) the digital signature

QII.2 Describe “inference controls”

Give reasons why they are needed.

And give specific examples (at least 3), and

Describe how the inference controls are implemented; how they serve the purpose (effective) in a database.

QII.3  Suppose your spy colleague wanted to send you messages that you could be sure came from him (and not an enemy trying to pretend to be him). What CAIN property is that? Your colleague tells you: “Whenever I send you a message, the last thing in the message will be a number. That number will be a count of the number of letter E’s in the message. If you get a message, and the number at the end is NOT an accurate count of the number of letter E’s, that message is from an imposter.” [a, b, c: 2 points, d: 4 points]

a) This number, put at the end of each message, is an example of what cryptographic item?

b) Does it have the characteristic of being one way i.e can you deduce the original message?

c) Is it collision resistant?

d) Can you suggest some other way to indicate that message is from the sender without encryption?

Part 3: Essay Question. Maximum length: 900 words, (weight 20 pts.) 

An enterprising group of entrepreneurs is starting a new data storage and retrieval business, SecureStore, Inc. For a fee, the new company will accept digitalized data (text and images, multimedia), and store it on hard drives until needed by the customer. Customer data will be transmitted to and from SecureStore over the Internet. SecureStore guarantees that the confidentiality and integrity of the data will be maintained.

SecureStore also envisions certain information assurance requirements for their internal operations. Company employees will need to exchange confidential email and will need a mechanism for verifying the integrity and originator of some email messages. Also, SecureStore intends a daily backup of all customer data to a remote facility via a leased line. They wish to do so as economically as possible, while ensuring the data’s confidentiality and integrity.

SecureStore is interviewing candidates for the position of Chief Information Officer (CIO). They are asking candidates to describe briefly how they would satisfy Secure Store’s requirements as stated above. How would a successful candidate respond?

First, list the requirements gleaned from the above statements; once you have them then please address each requirement in a separate paragraph. Keep in mind that this business will be operating in the real world, which means please pay attention to economics.