2023年11月25日

安全计算代写|Secure Computing Coursework 1

这是英国的一个安全计算Coursework代写

Question 1

Alice and Bob are two Computer Science students currently studying the Secure Computing module. Alice
wants to send a message to Bob, in such a way that Bob will be able to verify that the message came from
Alice and that it hasn’t been altered by an attacker. There is no requirement for confidentiality, so Alice and
Bob agree to use message authentication alone, without encryption. They further agree to use HMAC, and
they decide to use the three Java programs developed in Exercise 4 to generate the HMAC key, compute an
authentication tag for the message, and verify the tag.

Consider the threat that an attacker might be able to fake a message from Alice, without Bob realising this
has happened. Think about the most likely ways in which this threat might play out. Identify and describe
two different ways in which the attacker might succeed. [8 marks]

Question 2

Bob suggests to Alice that using an Ed25519 digital signature would be more secure for their message
authentication task. They decide to use the three Java programs from Exercise 8 to compute private & public
keys, sign the message, and verify the signature on the message.

What is the primary reason for Bob deciding that using the programs from Exercise 8 will be more secure
than using the programs from Exercise 4? Explain your reasoning. [4 marks]

Question 3

These sub-questions concern the Minisign tool used in Exercise 9.

1. What would be the potential issue with using Minisign to authenticate a video file (e.g., the video for
one of the COMP3911 lectures)? What does Minisign do to cater for this scenario? [3 marks]

2. After doing Exercise 9, Alice realises that using the Minisign tool would be more secure than using
the programs developed in Exercise 8. Why is this the case? Explain your reasoning. [3 marks]

3. Even though Minisign improves on the message authentication process demonstrated by the programs
in Exercises 4 and 8, it could still be possible for an attacker to fake a message from Alice and make
Bob believe that it is genuine. Discuss how this attack might work, and how we could defend against
it. [7 marks]