Close Button
Signup/Login
Back All services Close Button

World's Leading Assignment Library

Continued assistance through writing and revision till final submission by the professional and experienced writers.

  • 10 subjects

  • 2,10,1000
    solved Questions

  • 500 Solved Questions
    Added Everyday

  • Download Solution
    in Seconds

In key distribution and management, two types of keys are generally used: master key and session key. In WhatsApp Secuirty white paper, a key distribution and management mechanism has been employed

Question Preview:

In key distribution and management, two types of keys are generally used: master key
and session key. In WhatsApp Secuirty white paper, a key distribution and management mechanism
has been employed for end-to-end encryption. Which of these keys will you categorize as a master
key and session key(s)? Explain your answer.
(b) 3 points For distribution of public keys, briefly describe why do we prefer public key certificates
over public key authority.
(c) 5 points For SSL, following protocols are used: SSL handshake protocol; SSL change cipher spec
View complete question »

Question Preview:

In key distribution and management, two types of keys are generally used: master key
and session key. In WhatsApp Secuirty white paper, a key distribution and management mechanism
has been employed for end-to-end encryption. Which of these keys will you categorize as a master
key and session key(s)? Explain your answer.
(b) 3 points For distribution of public keys, briefly describe why do we prefer public key certificates
over public key authority.
(c) 5 points For SSL, following protocols are used: SSL handshake protocol; SSL change cipher spec
protocol; SSL alert protocol; SSL record protocol. What is the function of SSL handshake protocol?
From your web browser, figure out different security parameters exchanged by SSL handshake
protocol with https://www.google.com.au/.
(d) 2 points What mechanisms can a virus use to conceal itself?
(e) 2 points What means can a worm use to access remote systems to propagate?
(f) 3 points What metrics are useful for profile-based intrusion detection?
Total for Question 1: 20
2. Problems
(a) 10 points In your internet browser (Firefox, Chrome, or any of your favourite browser), view the
Public Key certificate for www.google.com.au Provide a screenshot for the certificate you viewed.
Also, figure out the values for the following fields in the certificate. Please refer to Fig 14.15 in the
book for different fields in the certificate.
1. what is the version of the certificate (X.509 version)
2. what is the certificate signature algorithm used?
3. what is the value of the certificate signature?
4. what is the public key in the certificate
5. what is the validity period of the certificate
(b) 5 points Assume you have found a USB memory stick in your work parking area. What threats
might this pose to your work computer should you just plug the memory stick in and examine its
contents? In particular, consider whether each of the malware propagation mechanisms we discuss
could use such a memory stick for transport. What steps could you take to mitigate these threats
and safely determine the contents of the memory stick?
(c) 5 points Suppose you observe that your home PC is responding very slowly to information requests
from the net. And then you further observe that your network gateway shows high levels of network
activity, even though you have closed your e-mail client, Web browser, and other programs that
access the net. What types of malware could cause these symptoms? Discuss how the malware
might have gained access to your system. What steps can you take to check whether this has
occurred? If you do identify malware on your PC, how can you restore it to safe operation?
(d) 5 points Suppose you have a new smartphone and are excited about the range of apps available
for it. You read about a really interesting new game that is available for your phone. You do a
quick Web search for it and see that a version is available from one of the free marketplaces. When
you download and start to install this app, you are asked to approve the access permissions granted
to it. You see that it wants permission to Send SMS messages and to Access your address-book.
Should you be suspicious that a game wants these types of permissions? What threat might the
app pose to your smartphone? Should you grant these permissions and proceed to install it? What
types of malware might it be?

(e) 5 points A common management requirement is that ”all external Web traffic must flow via the
organization’s Web proxy.” However, that requirement is easier stated than implemented. Discuss
the various problems and issues, possible solutions, and limitations with supporting this requirement.
In particular consider issues such as identifying exactly what constitutes ”Web traffic” and
how it may be monitored, given the large range of ports and various protocols used by Web browsers
and servers.

View less »

Solution preview

For whatsApp end-to- end encryption, two main types of keys are generated like public keys and session keys. The public keys can be categorized as master key. The three types of master keys are, long-term identity key (created at installation time), medium-term key (signed by the identity key and rotated randomly) and one-time key that is created as and when needed.

Get solution

java assignment help

© Livewebtutors. All Rights Reserved 2018

Livewebtutors
Rated 4.9/5 based on 2480 reviews
Arrow up