Network Integrity and Information Assurance Homework Assignments #1 Explain, in your own words, why the “one time pad” method of encryption is unbreakable (1 page or less). This need not be a mathematical proof, but your explanation should be a compelling argument as to why one cannot decrypt a message encoded with a one time pad, without having a copy of the one time pad (key). #2 Explain, in your own words, why sending a message “in the clear”, and also sending that exact same message using an encryption method (other than a one time pad) could significantly aid an eavesdropper in decrypting other encrypted messages sent using the same encryption method and the same encryption key (1 page or less). #3 In the example of using a basket of locks to provide a mechanical equivalent of public key cryptography for sending secure messages… what is the purpose of the guard who watches the basket…, and what function in electronic public key cryptography does this correspond to? #4 A company named “Chocolates.com” wishes to sell chocolates on-line to chocoholics. It wishes to implement the following business process a. Chocolate.com maintains a Web site that contaiins descriptions of various chocolates that are available for purchase b. Customers who have previously registered with Chocolates.com (and have provided a delivery address and a valid credit card number to be charged for new purchases) can purchase chocolates with “one click” c. Customers who have not previously registered with Chocolates.com must provide a valid credit card number (Visa and MasterCharge are accepted) if they wish to purchase chocolates d. Chocolates that are ordered using the Chocolates.com web site are delivered to the address provided by the customer by the nearest merchant who has the selected chocolate product in stock. Chocolates.com notifies the appropriate merchant of the order, and provides (only) the information needed to fill the order and to deliver the order to the customer. It does not disclose, to merchants, the customers’ credit card numbers e. Chocolates.com pays its merchants, once per month, for the chocolates that they have delivered, according to a pre-negotiated agreement as to delivery charges, etc. Chocolates.com has the following concerns: i. ii. Are the orders that are submitted, via the Web site, legitimate orders from real customers? How can Chocolates.com verify/prove that the chocolates were actually delivered by the merchants to the customers who ordered them, and accepted by those customers? iii. iv. How can Chocolates.com protect customers’ private information (e.g., credit card numbers) from disclosure to unauthorized persons? How can Chocolates.com automate the process of reimbursing merchants? Merchants have the following concerns: v. vi. How can they be sure that the delivery orders they receive from Chocolates.com are really coming from Chocolates.com? How can the prove, to Chocolates.com, that they delivered the chocolates to the customers who ordered them? Customers have the following concerns: vii. viii. ix. They want to be able to prove that they did not receive (or order) chocolates that appear on their credit card bills… if, in fact, those chocolates were not delivered (or ordered) They want to be notified immediately, by Email, of new orders that are placed against their credit cards by Chocolates.com They want to be sure that their credit card numbers, address information, etc., are appropriately protected by Chocolates.com from disclosure to unauthorized persons Using the methods and technologies that we have discussed in this course, design a Webbased, electronic commerce system that implements the Chocolates.com business model, and that addresses (to a reasonable extent) all of the concerns listed above.