Karl Lawrence
R8458372
TMA T209 05
Document Contents:
1. Question 1
a) Public Key to Conference
b) Encrypted Messages Sent
1. Peter Graham
2. Edward Munns
3. Kevin Arnold
c) Encrypted Message Received
1. Encrypted message1
2. Decrypted message2
2. Question 2
a) Table 2 – Validated Token
b) Table 3 – Answers to Questions
3. Question 3
Title: Electronic Wallet and Digital Cash Procedures
(Technical appendix-A2)
Section A2 – Hash Function
(Technical appendix-A3)
Section A3 – Use of Hash Function
4. Question 4
a) Reflective: Module Companion
b) Reflective: Original Study Plan
Question 1a
Exchange Public Keys
T209 spj3 PGP 2004
From:
Karl Lawrence
Subject:
Re: My public key
To:
T209 spj3 PGP 2004
21 July 2005 22:48:00
-----BEGIN PGP PUBLIC KEY BLOCK----Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
Comment: This encryption was prepared by: Karl Lawrence
mQGiBEK+klcRBAD3hTXVrVQ1gBy8yxtctYiSpVBoHB+V1vVIukniaH30O9rQXI
/T
aeNtXO6RTzTzr9xXNqixxbhfw4WYN/ejGEomP3sUq1KelSowAf84e/iD7tkfosBC
MMrx+0aO+X2bX8ZR/DdMup3VTeCagg5QQU/3ON/7bzsUx8wNxgxMtpD3bQCg/
+kM
jG0KfXt7ugno6na7ibslyOcEAIHIEP7VflW5QlUfZQuGVmQoJwPnH2x8E2wEnQT
J
f+t3Qd/B+OKaIfWI/dQ5BkX6791cX5WRFrZp5ovVl3Hz9cxhc3hjE0cUkeBuMO0u
t7eGVn8bi+jxBCHzUkFBRoJ5u5VmuUo/o9je62N7BZ62lHxIhm1PRZxzLRyY7gv+
59o6A/9dZgPlhuleZ2s6q10TELr3Rbhr9FHoI7x9GrvQ1h7rxU/2MahVskA/l6+G
aF2RBkriOSmNLhvwxTzs5kDq8PnrlaZoh/NQ9mj4b8ti67cMvnA5MQb9hUd5XPSj
GT+xCSImFrGq8cI9QnGoollE/CNH8SGWUKMRu+D5a8X+l2VvtbQoS2FybCBM
YXdy
Karl Lawrence
R8458372
TMA T209 05
ZW5jZSA8a2wyMjVAc3R1ZGVudC5vcGVuLmFjLnVrPokAWAQQEQIAGAUCQ
r6SVwgL
CQgHAwIBCgIZAQUbAwAAAAAKCRC0ytSY01ZFGBoAAKC5PEmAD74vVhG
+rWHaTEfn
faIGNgCg9j4YsaqhWzLjcIjO6qhbOcW2+Cy5Ag0EQr6SVxAIAPZCV7cIfwgXcqK
6
1qlC8wXo+VMROU+28W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+A
yDvWXp
F9Sh01D49Vlf3HZSTz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2R
XscBqtNbno2gpXI61Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMc
fFstjvbzySPAQ/ClWxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGN
fISnCnLWhsQDGcgHKXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7
D
VekyCzsAAgIIAKmAAWpHCoq5ADpnXeE+tB+PIvwoCuce0T5juv9fOzeGpWGTn
YO0
dIsnV2Ah+Dqu6lrFVHNediEi/LDe30iyv/32sIdV1Y+IfnS154OJmZltbU1y3Yoy
2KEwe+LP885ncL0SjR07dLFfGMMFuvPM/d4K05JNaJNF4tvivsrdKlK7HszCgJRi
z2swSlvPIXcXbQyMQjkx9FRYLM842FI+Fhqkbishp7NIRp3axKVpw4eAmH/czKS
Q
n4JF49Y4YxU3Nhhw3TpuVYyymkQihp4f9lYhLGadvVODqaQO8/CWgHmtD0GR
Yoc/
7PxIajVS6ridCPbXpTH63WzwrkGFrVfcN8iJAEwEGBECAAwFAkK+klcFGwwA
AAAA
CgkQtMrUmNNWRRgaIgCgjYhVp8NvvZXUFhuAHL/peKqwWaUAoOgXo5ms8iP
0GEtn
79di/2T+G4LA
=MXfv
-----END PGP PUBLIC KEY BLOCK----- D
Back to Top
-------------------
Question 1b – 1
Encrypted Messages Sent
Peter Graham
Message
From:
Karl Lawrence
Subject:
Re: Message from Pete
To:
Peter Graham
24 July 2005 09:55:29
-----BEGIN PGP MESSAGE----Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
Comment: This encryption was prepared by: Karl Lawrence
qANQR1DBwU4D5WUq3u5jcp8QCACu84ezo+0UEum7wv0eyY/BxI26g4QNxHZo
wjmH
2atjJxcmzvzTX/bF9XkR7EDi1ICNE9p8zQAlrkNyS0cPf1ohlLZXd6cB6QvjUyV3
mYk6sx+dhFzNluR6MxYF2lLcpg1ihuEdzK8Rq4L71tSvPjpyKiBCFud+Q7EbzVcD
BviOPCyX4w63Gpxb4Omza44rJEXwgEHCrwvsRPitJirmQrDtUYn8inAvrZKPaFm
P
Karl Lawrence
R8458372
TMA T209 05
iod+QY6tCNkSdXKm4iH/fNBsCtsH9S7GaTb/Kv2KPtVOquKri/OPYFdJ+9RkRRA
z
5rBmPcV9Lb1+XdIoCW8MlwC83eF7oenJm+jcRrrpmAKk647DCADHVBiMkxZkx
IrJ
EZ4/VlLLBoPmkAOPbUDac4rFm+4/M2xLLOlaGJ46bRcKxA16Y7vhSgj6xr1aXL
Oe
CelNhDYeMLwqqRkNxBR83wnERRJVK4zB8ZbeoCZ39KEOBW+G/dmbihYwD+
kjKpyv
uj9lBz6v+IA5TEAlEgZZ64o5kjFfw76wCawtJumsWSUkUR8FITO+YIkKxm4tdZTz
qGoKqJIfPGmTiWK9KCs5alHo2kq4lLpTQ8l7mrbBBDCVvVFNabN4sZfPFxP6EN
jX
EbidB1H2jiFj5gf4dXcQMbEKKIdNeJhytmQPoxEc+99VxvfhJgvx2HZaHw+iuRel
iprIcLJHycC0HhysAUJpk0IHsNtJf2538zKdnOTIIAWsCyvDxaAkcosyL2vPMEc5
Ehf137j0XEcYzTUMajE1v2JthXtX+HnJ2i87GbecxbxnU8OdIs/UPCzB8ujrA5Gl
6WvevfGBrk/7ondXTZ90V+Oz06IlhMi+jhUsOTLsfPc3e63GjLrErz6vnvMeu628
iTKhqdkdUZMewR4skXdVIbSjmBsPJYQzJz1mJq/9JodgJgqH/+T0OkfREBAjzCf3
mZFYodEXqjK4K8O3yp7hMzBgIUgrU7dtKrQTYRXIcCfZk/vwGnFg/tM27jyiqq/y
9ZMffxUmdDSSocUx87WHi5IGr0mifNzszUpX4qMF39h++vwcUuddL6RD9RzfPZ
ys
8oKI+22MzcGXQUnAycuyM5ptn4okh8yNTEESyE/bDMMsbJDIQqQ04q1+e80cL0
Xj
Ai13yge9V1LCQteGagJGci8Bo+Mc+3Av9XX4zgvw5kWAkGVe97pR9KjtW/f+
=Ids0
-----END PGP MESSAGE----Back to Top
- --------------
Question 1b – 2
Edward Munns
Message
From:
Karl Lawrence
Subject:
Re: Message from Ted
To:
Edward Munns
24 July 2005 09:53:00
-----BEGIN PGP MESSAGE----Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
Comment: This encryption was prepared by: Karl Lawrence
qANQR1DBwU4DpSBXfhjZkBEQCACxe9gewGEPvtPb9X1UPADMfGkmRiamfoe
rTlMH
b0Cq59e8MNvNx7oC2UoUyu8EErB+aFPFbEbV+5BSnmOiZTGisLgpUPZeEwSxE
eQp
h11+EBHz43dbaRFQQ3KsUXd9JBv5p4I6ruI6Hi9Nfd8nBrj9vcxn97kgBz/egIQm
WDzNSXgjVGj/dNYlFKQAZ0Yv+aTC2sV6esjeHYzjQrAWF3yrRWPyaw/ywbSfix
5V
q2/Z8rUbYWzjS4WnXb8EFs/cKj+/2QflKuBjH+V+GW5W0t8MQPgUV/Cd1SVkcd
Kk
SwQJVjZlH86pxzy7Ka2RLghc8H1YSoLtR0U30YFWDoaBH0YAB/9M5YXOBRH
3qnWY
jlbuFJ5UoH64yI4c60ALdA6IpwYLSr622qXDtJYjireBufEONQyhhhZYH8IGFmhu
xqPqXSi3YeuRIZhJxBwIrVKcfCGlHQ0Im0fQqdNtd9I9a6BXfe4g0V477qbEBSaR
Karl Lawrence
R8458372
TMA T209 05
s4SlJ/uCOy9ilb1PJP94k9VMReRwRSoj6M7mhon80GJTRM6L+6BHw2GFByg/9X
mi
1tJgcpD1Wu9x4yReEUCCeGkFBRp9ChfXMivo0ezoIwdgiCdemrZQrNiNWE3Y3Q
vW
HUCZjop/qnmepWxn4Xu4JRc/Gd9P3ICEpTrxSY+h+oA6SrJHDzhqs2BiyaC+W/3K
jhCjzQyHycC0tDwiWhXgLXvUiO6RjBn3AgPSUlAOGoCvJUOg70jTx63hdRfYrXf
3
ajkLR2c8fkZogIbxkYA0rc7l3SKM7TNSb04zFZyOFfPhrxx5u9oXBPK1sdnTyZum
/qFfwS9cKEZWPGtXZe9ouhyMnXhiq4riKmAsVzUIVlmkvgEhTv+5IPJHRSPSuHo
B
zY1+oBtOJVpV3zcF9ZtkgwA213Rl+zCWObMXxpdLF/bm/5JJO/HgPSBMXzpGjh
zr
zjSuDt2vtCl1iquFx7L8qYjqTqHTi0CXtGejqEngQ7BrmNqnWiD5KDmoM3s1K3WI
1bliKD7SrHmdlk/cUyNwVfMsjQtt/mcyq0jc8AQzqgxGy1mzcH6FxokB4YIT5ai2
gkIWQYQ6E018J5/ChMNyvnFW+9oyrYvc0KTBr6TSjYaHthPlpvTEi93SEY/8gNR
e
ZBzteVVPmHe4Zl7nlgmhcJXdBqU51fDMtW+4Cod5UShlI55CdRdqBq6Kw2Uf
=lw60
-----END PGP MESSAGE----Back to Top
---------------
Question 1b – 3
Kevin Arnold
Message
From:
Karl Lawrence
Subject:
Re: Message from Kevin
To:
Kevin Arnold
24 July 2005 09:50:07
-----BEGIN PGP MESSAGE----Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
Comment: This encryption was prepared by: Karl Lawrence
qANQR1DBwU4D/IXfU7SpsVAQCACf2Eerb2j41RW3n+I2koOzEpF3rdzwju9VF3
aM
IRfyVyYg0OsiBH1wbBRdabnE9ESgqwcVFHu3WdH+62+ccutjiKa0CleAjroelZ8O
ICJ+a0rh7wNlh0Sb9FujTzeGfSmfxpJ8tik3gg1gbDoMtsL0yJLzkS82wNRRtY5H
t4PHClRTwPcRVBUKyNbcDi7nzncACqck7LMHl0gwcmQWNDyD0PC3pDdr47m
XXusV
kBGBgT3Xu7+L6fk0jTnA3uG2o2OV2jZzPC8jyMkZeHSskhSvee/VXQ28s30e2Em
U
u8EBqmpZK/P7xCo95fn+9YUkeur+qfgpGZeMx4xTJvmyb3MrCADNdNMhRAKt3
rfn
v4J5rsT7pdoW4xL5OrA/ZDRJlwJK2EI+Kp6t3Gg/1tUMynuVYBWqgq8wWUlOrY
Gd
u2jqJDnxQ7kqL5t6UqqzvjdfaTQbccxwSDjjprD500O/C2PLdkFkkjzBfYhZ3RBi
qRYbGigjtSO3uJH/QZ1lpz+ooUYDql8fPbhCWhiT3hItJ94k1lTGxJg3/85gkaSY
sv19+yw5KBVB9fgjUJte8TlFv5q08yCJiL1JgfORamaA1qp7bkeG8W56CdowC9qZ
tCVhaynmSYot7TxpgqrIY+fbCh/mksWp3rA4R6ePb9LmyDqtka0NS2379ugTA3kg
eUQkAL4lycC0iVTJvaurgzwISCbYBcs1sEnxScxmb3+rmup+3uPCDhzP3UhcM0Oj
jMkl/fyg4mJ+6QlUGXpEJiUcKkVUI038cDi3J27FukhZO4R3Ls3I0aWpgFsx2PZc
Karl Lawrence
R8458372
TMA T209 05
m/+L2cJ8Y3eK22/PWbJL8Ot1v7wM8Sk5Lltv9ycmyCxGkmLx17P0YywWqy8+9ep
B
TujOypt2GmD5McylAaKACwmUkU29tQIrDa5cDLUDpbK0DmhNv181WrrBR0O
KBsNO
cWhZ9NYydDqIzelvf1QjBVZX9G7WlWQ5QGyyh5YKEjxuHYigJHtWLDGBG5lE
VeUZ
G94KvG83kspEePHn2qPoyO8kh/gu5cVoIGjJazJIVBwCuAV4IAijY5mzzrkFT/HT
NPVxQrYGDSf1h3gbtKbXgyqwbHy9W3vB/tpdFCVeQKDLhdC8VRWbk37iwr/Hn
vAR
RJZfUT85Y1wcDNGcm+bNQTKg5mbtz2bFgWUZfV+esmfXhJ1A3GejMGB0+aD
M
=fgQD
-----END PGP MESSAGE----Back to Top
---------------
Question 1c – 1
Encrypted Message Received
Encrypted Message1
Message
From:
Peter Graham
Subject:
Message from Pete
To:
Karl Lawrence
22 July 2005 10:36:41
-----BEGIN PGP MESSAGE----Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
qANQR1DBwU4DssxDKewykOIQCACBqxIIeVnbm05Pg2JZyDez9T7ekkeIGGs9+q2K
uXkWBA0HWG4ayvbaI64krxdVEzz1+pEEwvGVBCXGlyFVheyW87XgsFbp+Lg7Gqrm
Zbn3558e5t8CWFKJKH09Xc8CTWLxPzI+iNTqvbz2rG0TdAJwPgtIpAgvdDU0Fy/N
K2816aGphootJb38blufGS3Fi6vcJ1OK+gCtRa8maoaYu6/7YTNME/BieQYB5C45
1OJyFBr2JEXJEFIpuXTC+owar84W5dfW6UqHMe9BCnCVZ09alF9gJ7/OX3L/rOXK
+DsAZyGT1UiOX1EJ79irz8T23Ab9MS5STlF4ewCJSi+DlhbDCACK6722WsoKIcY9
qpQHrdvjrojg7WmPkcm661DUQ+dkAEYxeWhs5zvRQU+BM4xbxNCaF3gO9RsaEudU
KbrnYZ/7Oybn1Nb/gQBM/p2pZ9UQbSq1K711TY8LCXBDiFCwow5wGz5PQD41lO4b
n9MKlZ/HAAgpDlgAZU24r2ETWPT1KVAp/nFI9yMHF8CsVF8DTncOeeYynWf0g0MX
7dEyCvV11uphqwR2SrjqMLK1ia9XzzlsH4bwZuSzqvNU/afooQ9S0412V9VcX+3S
4Ob17PmybwIM5CkBVuBSV1hy9yY1OLsVA8vdllFTBKY88CwqdpQfVD/j3ivzTSsJ
xJaK/MRhycAnVAaH7mK+N0xnKNJ+DSRZLwDFGGB8qSQXA3QPy/OYjSobShWhOhz1
Aju9Np9gHBebxrTOblWefVwNJkgK/6v81yoJBJWMjNLAxzsex5akCs1HkBzcSbXq
qMsp4/j9qeCRa/rfsFFeQNMtok7nkN0KEtvo8ql1j6fbjnKJtvrASs083EYrla5C
YAaLOraeID0KFKqS197DDILJ0uTe805tWUycN/AnHTX7VeV2KQxWNvotUcYShB+x
JXWtFWtu299F8ZVbt0Q2NwhVRxCs/iX0wkpiM3R/TTThT6rXtJMvk68nSUyTXZen
=7iQ9
-----END PGP MESSAGE-------------------
Question 1c – 2
Decrypted Message2
hi karl
My advice is don't spend too much time at module 5 and tma05(15% OCAs)
Karl Lawrence
R8458372
TMA T209 05
as the ECA is more important.
I scored 80%in the ocas for a previous course but my ECA was 47% and so I ended
up withonly a grade 4 pass!
So be careful
regards
Pete
Back to Top
---------------
Question 2a
Validated Token
Table A2 Calculating a hash
Row
Description
number
1
Modulus nD for addition when creating the digest
Value
999983
2
Visit number V
743625
3
Modulus nH for encrypting the digest
11881379
4
Key KH for encrypting the digest
5452805
5
The value stored in Step 8 of Table A1
6454892
6
Value for (n1, B)Kb extracted from message
received in Step 12 of Table A1
7
Value for
8
extracted from message received in Step 12 of
Table A1
Message digest of
V ,{n1 , B}Kb , H (V ,{n2 , B}Kb , H (V ,{n3 , B}Kb ))

H V ,{n2 , B}Kb , H V ,{n3, B}Kb 

274689
9917059
935543
by substitution: 743625, 274689, 9917059 and
by Modular addition: 935543 mod 999983
Karl Lawrence
R8458372
TMA T209 05
9
Value for
H (V ,{n1 , B}Kb , H (V , {n2 , B}K b , H (V ,{n3 , B}Kb )))
With the calculated Message Digest, substitution
gives,
H (935543)
And therefore digest encryption – to obtain hash
– is, 9355435452805 mod 11881379
6454892
Hence, the calculated result is obtained by using
the modular calculator: 6454892 mod 11881379.
This result is identical to 5 above, which shows
that the token (n1, B) – 274689 – is valid.
Back to Top
---------------
Question 2b
Answers to Questions
Table A3 Answers to CEO’s questions
Step
1
2
3
Questions
How is Alice’s
request kept secret
from
eavesdroppers?
Answers
Alice encrypts her message using the bank’s public
key. The message can only be decrypted with the
bank’s private key which only the bank should have.
Eavesdroppers cannot therefore decrypt the message
and determine its contents.
What is the
To provide assurance of the association between a
primary purpose of public key and the keyholders’ identity and any
a certificate?
restrictions on the use of the key i.e. start-/end date etc.
–and, in the case of the bank, how much token is
available to the keyholder.
Is the data in the
Because the certificate was encrypted with the bank’s
certificate private? private key it could be decrypted by anyone with the
bank’s public key. This means that none of the data in
the certificate is private.
What is the
The signature appends the message. It is created by
signature?
obtaining a message digest from the message and then
encrypted with the sender’s private key. The encrypted
appended-digest is called the signature.
Karl Lawrence
R8458372
TMA T209 05
What is the
purpose of the
signature?
What procedure
would Alice’s card
follow to use the
signature?
Could an
eavesdropper get
hold of the tokens?
4
5
No questions
What is a hash?
6
7
No questions
Can the fitness
centre decrypt the
message to get the
hash?
Can the fitness
centre work out
what the tokens
are from the hash
it received?
What assurance
does the
encryption by
Alice’s private key
offer?
No questions
8
9
10
11
Looking ahead in
the protocol, how is
the certificate of
help to the fitness
centre?
How can the
certificate be
checked?
How are other
client’s smart cards
prevented from
making sense of
The purpose of the signature is to identify the sender
(and to enable crosschecking, for integrity, with the
message proper that preface the signature).
To use the signature, Alice’s card uses the bank’s
public key to decrypt the signature to obtain the
message digest. Alice’s card calculates the message
digest of the message prefacing the signature and
compares the two digests. If they are the same the
signature is valid.
Yes, an eavesdropper could intercept the token – using
the bank public key.
A hash is an encrypted compact representation of a
message produced by a hash function.
The fitness centre can decrypt the message using
Alice’s public key.
If the hash was produced by a one-way hash function
then the fitness centre cannot find out what the tokens
are since, with a one-way hash function, it is
computationally infeasible to work out what messages
would generate the hash.
Encryption of the hash with Alice’s private key gives
the assurance that Alice sent it.
The certificate provides the fitness centre with Alice’s
public key and her bank’s identity.
Given the certificate was issued by the Bank, and
certificates are sign by the issuer’s private key, the
fitness centre can use the Bank’s public key to access
the certificate and / or contact the Bank directly for
further clarification.
The message is encrypted with Alice’s public key, so
it can only be decrypted with Alice’s private key.
Karl Lawrence
R8458372
TMA T209 05
this message?
12
Why cannot the
fitness centre
extract the second
and third tokens
from Alice’s
message?
13
How can the first
token be extracted
by the fitness
centre from the
message?
Could an
eavesdropper get
hold of the token?
14
How does this step
assure the fitness
centre that the
token came from
Alice?
15
Same question as
Step 11
16
17
18
Similar question to
Step 12.
No questions.
How is the bank
assured that the
tokens came from
the fitness centre?
Can an
eavesdropper
extract tokens from
the message?
The fitness centre cannot extract the second and third
tokens if the hash was produced from a one-way hash
function because it would be computationally
infeasible to do so.
The token is part of the message and can simply be
copied.
An eavesdropper could also copy the token.
The hash received in Step 7 was encrypted with
Alice’s private key so it must have come from Alice.
If the hash was created using a one-way hash function
only Alice and the bank could calculate the message in
Step 6 and carried in the message in Step 12.
Same answer as Step 11.
Similar answer to Step 12.
The message includes data about the tokens, encrypted
using the fitness centre’s private key.
An eavesdropper cannot gain access to the tokens
since the message is encrypted using the bank’s public
key.
Back to Top
---------------
Question 3
Title:
Electronic Wallet and Digital Cash Procedures
Briefing Document for Totally Toned Limited (TTL)
Introduction
This document sets out to provide TTL with information that will help the CEO and
her Board members to fully appreciate and understand the concept and application
behind the smart card and its use of (encrypted) tokens; and the parties that will be
involved in any transactions i.e. the client, the bank and TTL (the fitness centre).
Karl Lawrence
R8458372
TMA T209 05
The areas that will be covered, in order to address questions posed, and also to
breakdown the intricacies of the system, so that an overall picture and understanding
of its workings can best be appreciated and debated (in the boardroom), now follows.
General explanation of encryption
To encrypt a message, a document, or a file, is to make that information/data
unintelligible, to anyone, unless there is method to reverse the process to intelligible
data. Therefore, encryption is a method of obfuscation, rendering security to the
exchange of information, or to the data-files on one’s computer. The method of
encryption (in association with decryption) is the use of a cryptographic algorithm, a
mathematical process by which information/data, plaintext, is actually encrypted to
become ciphertext – encrypted data.
The actual encryption process using the appropriate cryptographic algorithm and key
(keys are large, the larger the more secure) takes the message and concatenates it,
places it into groups, encodes them numerically, and then encrypts. This is basically
the process of encryption.
There are two modes of encryption, encrypting using a secret key and securely
transmitting that key to enable decryption, the “symmetric-key mode” (the key that
encrypts also decrypts); the other, encrypting with one key and decrypting with
another, that is the “asymmetric-key mode” (public/private key). Well known
encryption method – cryptographic algorithm – for symmetric and asymmetric are:
AES (Advance Encryption Standard) and RSA (named after its creators: Ron Rivest,
Adi Shamir and Leonard Adelman) algorithm respectively.
Encryption on its own doesn’t provide all the security to combat eavesdroppers and
determined cryptanalyst (breakers’ of ciphers). Procedures call protocols helps in this
regard.
General explanation of public key encryption
The ability to encrypt messages without the worry of key distribution, act as an
indicator, that public key encryption (asymmetric as oppose to symmetric) is at work.
With public key encryption there are two keys, private and public. In public/private
key encryption, one has to ensure that those with whom secure communication is
desired have access to your public key; and visa versa, so that encrypted messages, by
you, can be decrypted; and, you, using your private key, decrypt messages that are
encrypted with your public key. Your private key should never be made public, but
kept private or secret. Should you lose your private key, encrypted messages with its
public key will never be accessible, because those messages will be inextricably link
to its (your) private key.
Public keys are readily accessible from public key servers or Certificate Authorities
(CA). You may choose to post your key(s) to these key-servers, if privacy is not
important/priority, or via email or floppy disk to the intended party. Keys from public
key servers should always be checked (or double checked with a trusted authority) to
ensure that an impostor does not hold the key and its identity.
CAs are trusted authorities, they store public certificates pertaining to public keys –
linking keys to keyholder’s identity. They, also, if notified, displays revoke keys on
Karl Lawrence
R8458372
TMA T209 05
their “revocation list” for expired and compromised keys; for public key servers, post
to server.
Using public key encryption to provide secrecy
By using a public key to encrypt a message, you are ensuring only the recipient can
decrypt it, and should it be intercepted by an eavesdropper, he or she would be unable
to decrypt because it can only be decrypted by the intended recipient’s private key.
Therefore, a private and secret communication can be carried on using public key
encryption, as long as the parties use each other’s public key to encrypt their secret
(and confidential) message; thus encrypting using public key(s) and decrypting using
one’s private key(s). Hence, as has been indicated elsewhere, making your public key
available does not stop a private communication between friends.
Public key encryption employs within its algorithm a mathematical scheme, which
makes it difficult to deduce key(s) from the sequence of messages (call the protocol);
plus, there is no need to distribute private key(s); and, hence, public/private keys
obfuscate messages except for their intended recipients. Within public key encryption
there are other means to secrecy:


The blinding technique, within protocol: enables part of a message to be kept
secret while allowing other parts to be revealed; and
The digital envelope: enables a message to be encrypted to one or more
recipients with an encryption key which has a complementary decryption key
which is encrypted with the recipients’ public key and appended to the
message. Thus each recipient has the encrypted-decryption key which only
they can decrypt with their private key.
Using public key encryption to provide identity
Public key encryption provides proof of identity through the authentication protocol,
which identifies the source of data/information. A direct means of achieving this is
through trusted agencies – notaries, for example: time-stamping documents, and
Certification Authorities (CA) who – via their digital certificates – ensures public
keys are linked to the keyholders’ identities and any restrictions (start-/end-date etc.)
upon that key. Their trustworthiness comes in to play by encrypting the certificates
with their private key. Encrypting with one’s private key is a kin to signing, which
identifies the source. A signature can be provided for a message or message digest,
which is used to identify the signatory e.g. a message is encrypted and appended to its
plaintext. This approach serves two purposes: encryption identifies the
author/signatory and decryption, if corresponds to the plaintext, asserts integrity.
To obtain identity, protocol challenges can be posed: as in a “request and a response”
interchange. If the response is correct communication proceeds, else it ceases.
Conclusion
I do believe the report manages to highlight and provide the necessary details of the
various aspects of the digital (electronic) charging system, which I am sure will
enable the CEO and the Board to arrive at an informed decision with an overall
understanding of the system.
Karl Lawrence
R8458372
TMA T209 05
Nevertheless, with reference to Section A4 of the Appendix, I should like to draw to
their attention certain weaknesses in the system:
 The certificate issued by the bank, anyone with the bank’s public key will
have access to Alice’s: account no., bank’s ID no., and token amount;
 Anyone with the bank’s public key can ascertain the bank’s signature and then
get hold of Alice’s token;
 Anyone with Alice’s public key can decrypt her hash, if it isn’t a one-way
hash (Because of the security implications without a one-way hash the system
would pose serious cryptanalysis threat.);
 The fitness centre should make use of Alice’s guaranteed amount (tokens),
which is stated in her certificate from the bank, so as to combat any tampering
by Alice or anyone else who might come in possession of her smart card; and
 An eavesdropper could also get hold of Alice’s first and second token (unhash) submitted for payment to the TTL.
Word Count: 1200
Back to Top
---------------
Question 3(Technical appendix-A2)
Section A2 – Hash Function
Table A4 give a more in-depth explanation
Table A4 Hash Function
Steps
Hash Function Explained
1
A hash function H is said to have certain basic properties that
determine its strength and usefulness: variable-length input
with fix-length output, a one-way hash and collision free.
2
With these properties it is computationally infeasible to find
a solution for H(M), where M represent a plaintext message.
3
A plaintext that has been convert to a message digest-hash
cannot be reversed engineered, if the hash was produce by a
one-way hash function; this would also ensure it was
collision free.
A hash that is collision free is one that is computationally
infeasible to find two or more messages with the same
message digest and thus simple to derive the hash from
message.
An example of the derivation of a hash: given a message M
(of variable length) the message is concatenated and then
separated into groups of five (say) characters that are then
number-encoded.
By modular addition, using the appropriate modulus (and
preferably a prime number), these groups of numbers are
added to give a sum (equivalent length to the number-coded
group – “compact representation"). This sum is directly
related to the original message M.
4
5
8
Karl Lawrence
R8458372
TMA T209 05
9
An operation that function to produce a result in this way is
said to be a hash function; and its result is said to be the
message digest.
10
The message digest is then encrypted {H(M)}k (it is to be
assumed, for a one-way hash, there is no decrypted key and
hence the hash is computationally irreversible).
11
If, now, this encrypted message digest is appended to the
message proper, plaintext, and sent to a keyholder who has
the decryption key (Alice public key, say) the integrity of the
plaintext can be ascertained, by firstly:
1. obtaining, and encrypting, the message digest of the
plaintext, which accompanied the encrypted digest,
and secondly
2. comparing the original digest to the obtained
(calculated) digest to ensure no tampering of the data,
and/or communicated message, had occurred in
transit or otherwise.
Back to Top
---------------
Question 3(Technical appendix-A3)
Section A3 – Use of Hash Function
Table A5 gives an example of hash in the propose protocol
Table A5
Steps
1
2
3
4
5
6
Use of Hash Function in Proposed Protocol
The purpose of the hash function in this particular protocol step
is to test and so ensure for integrity, completeness and
authenticity, and that the token has not been tampered with.
Alice’s smart card on obtaining the fitness centre’s, F, visit
number V, (which is obtained by entry to the centre) sets about
using the hash function (refer to section A2) to create compact
representation, hashes, of her three tokens.
Once the 3rd and 2nd tokens are hashed, the final hash which
incorporate the1st token added to the 2nd and 3rd token-hash is
sent to the fitness centre’s computer (wirelessly) encrypted with
her private key.
Whenever Alice request use of service, via her smart card, a
demand (digital-payment!) is made for a token.
This token, un-hashed, is sent along with a hashed token (with
the exception of the last token, which is sent unaccompanied by a
hashed token).
Therefore the tokens – un-hashed and hashed – sent by Alice’s
smart card are combined and hashed and compared to the hash
stored by the fitness centre (as in the case when Alice sent the
Karl Lawrence
R8458372
TMA T209 05
initial hash to the fitness centre). If there is a match the fitness
centre stores the hash for future comparison and the token for
redemption from Alice’s bank.
7
This is basically the process that is taken by Alice and the fitness
centre in their transaction of business.
8
Here is a practical example of the hash process:
Alice’s smart card prepares the hashes and send the final hash to
the fitness centre:
9
The fitness center stores the hash so as to use it for integrity and
validity check against token submitted by Alice’s smart card for
services used.
10
When Alice request her first service and submits an un-hash and
11
hash token, i.e.
signed with her private key, the fitness centre decrypts by using
her public key and then extract the token and store the hash for
the next cross-check with the second token, for service.
In order to carry out the validity check on the first token, please
note the following assumptions:
1.
=
935543 (obtained via modular addition of V=743625, {n1,
B}kb = 274689, and
9917059 with a modulus 999983);
=
2.
=
6454892 (obtained via 935543
exponentiation)
5452805
mod 11881379 –
12
It is therefore quite apparent from 10 above that 1 is equal to 2
(by putting the number 935543 in the expression: 9355435452805
mod 11881379 = 6454892)
13
Hence,
or
, by 11 and 12 above, is valid.
Alice’s next service request will follow the same method of
cross-check/validation for the second token. The encrypted
tokens,
, can only be decrypted by the
bank and therefore their numeric value will not be apparent. The
above illustration using numerical equivalent is meant only as an
example of how a hash is used.
Back to Top
---------------
Karl Lawrence
R8458372
TMA T209 05
Question 4a
Reflective: Module Companion
The activity that I found most helpful in drawing up my study plan for this module
(module 5) was actually going step by step through the Module Companion. The
companion offers a structure, suggested structure (one that I subscribe to completely)
in terms of how the various books, the component parts, making up the module should
be approach – with respect to the structure. The companion also outlines what will be
expected from the assignment – the various questions. The companion also makes
clear any additional learning aid(s) the module will require e.g. an application
program etc.
Having gone through the companion and made fully aware of what was expected, I
was now enabled to draw up a study plan based on my strengths and weaknesses for
accomplishing those tasks, with respect to time, outlined for the assignment.
Back to Top
Word Count: 139
---------------
Question 4b
Reflective: Original Study Plan
My study plan drew upon the Module Companion, Book S, Security, and my
assessment of the Monograph in terms of the time I would need to give to it to be able
to feel comfortable with the concepts and principles it espouses.
How realistic was it?
Once I understood what was expected of me, I gave weight to those aspects of the
tasks for which I was not familiar: the Monograph, PGP freeware, certain questions in
the assessment, by being realistic with the time allocated to these areas, based on
previous experiences.
Organize time effectively?
Having painstakingly drew up a study plan and being realistic about all aspects of it, it
played an important role in determine the area of study I should be covering and what
should have been check as completed. Without the plan I would not have been able to
directly make an assessment of my progress – in terms of time and tasks completed –
and from that point-a-view I believe it helped tremendously in organising my study
time effectively.
What, if any, amendments?
Actually I made no amendments to my plan, the plan was drawn up, to some extent,
on the experiences I had gain with the previous modules. One reason I did not make
any amendments, as such, was that the only real difficulties I had with my studies was
to do with the Monograph, which had to be read a couple of times. It was important
that I did not shirk this task as it played such a central role in the assignment.
Karl Lawrence
R8458372
TMA T209 05
What lessons learnt?
It’s important that any advice and/or directions given is taken seriously as is the case
in the Module Companion and Book S, Security. However, this should not stop one
from taking an approach that works. I decided to tackle the Monograph first, given it
was the core of the module, ensuring I fully understood the concepts and principles it
espouses and then revert back to the Module Companion’s recommended route. Thus,
in future ensure the problem is fully appreciated from the outset.
Back to Top
---------------
Word Count: 344
---------------