Pick all the attack(s) that can be detected using a message authentication code.  Marks may be deducted for wrong choices.

Pick all the true statements on risk analysis.

Suppose we want to keep the data on our system confidential.  What might be the most effective security controls?  (Pick two answers.)

How does the station-to-station (STS) protocol defend against the intruder-in-the-middle attack in the Diffie-Hellman protocol?

Suppose Alice and Bob performs the Diffie-Hellman key exchange, using the public parameters with prime and primitive element .

Alice chooses her secret and Bob chooses his secret .

What does Alice send to Bob and why? (You may assume all the arithmetic is correct.)

In this key establishment protocol, 

• interacts with a trusted server and a party .  
• and share a symmetric key , and and share a symmetric key .  
• will choose a key to be shared by and .
• and are random numbers chosen by and respectively.
• We will write to mean encrypting a message using a symmetric key encryption algorithm with key .

The protocol runs as follows:

1. :  , , .
2. : .
3. : .
4. : .
5. : .

Which message, if any, provides confirmation to that the key is possessed by  ?  Pick only one answer.

Suppose Alice has an RSA signature scheme with hash function , with the following values:

and 

Suppose Alice has signing key .

Suppose Alice wants to send Bob a message which has hash value .  She sends and her RSA signature to Bob.

What does Bob do to decide whether to accept this as a valid signature?  

Suppose Alice has an RSA signature scheme, with the following values:

and 

Suppose Alice has signing key .

Pick all the values that must be kept private and known only to Alice. (Marks may be deducted for incorrect choices.)

Pick all the correct statements about a digital signature scheme. (Marks may be deducted for incorrect choices.)

When Alice wants to log into the music streaming service Tunes-R-Us, she signs in using her Security-R-Us credentials.

Who is the relying party?