Network Integrity and Information Assurance
Homework Assignments
#1 Explain, in your own words, why the “one time pad” method of encryption is
unbreakable (1 page or less). This need not be a mathematical proof, but your explanation
should be a compelling argument as to why one cannot decrypt a message encoded with a
one time pad, without having a copy of the one time pad (key).
#2 Explain, in your own words, why sending a message “in the clear”, and also sending
that exact same message using an encryption method (other than a one time pad) could
significantly aid an eavesdropper in decrypting other encrypted messages sent using the
same encryption method and the same encryption key (1 page or less).
#3 In the example of using a basket of locks to provide a mechanical equivalent of
public key cryptography for sending secure messages… what is the purpose of the guard
who watches the basket…, and what function in electronic public key cryptography does
this correspond to?
#4 A company named “Chocolates.com” wishes to sell chocolates on-line to
chocoholics. It wishes to implement the following business process
a. Chocolate.com maintains a Web site that contaiins descriptions of various chocolates
that are available for purchase
b. Customers who have previously registered with Chocolates.com (and have provided a
delivery address and a valid credit card number to be charged for new purchases) can
purchase chocolates with “one click”
c. Customers who have not previously registered with Chocolates.com must provide a
valid credit card number (Visa and MasterCharge are accepted) if they wish to
purchase chocolates
d. Chocolates that are ordered using the Chocolates.com web site are delivered to the
address provided by the customer by the nearest merchant who has the selected
chocolate product in stock. Chocolates.com notifies the appropriate merchant of the
order, and provides (only) the information needed to fill the order and to deliver the
order to the customer. It does not disclose, to merchants, the customers’ credit card
numbers
e. Chocolates.com pays its merchants, once per month, for the chocolates that they have
delivered, according to a pre-negotiated agreement as to delivery charges, etc.
Chocolates.com has the following concerns:
i.
ii.
Are the orders that are submitted, via the Web site, legitimate orders from real
customers?
How can Chocolates.com verify/prove that the chocolates were actually delivered
by the merchants to the customers who ordered them, and accepted by those
customers?
iii.
iv.
How can Chocolates.com protect customers’ private information (e.g., credit card
numbers) from disclosure to unauthorized persons?
How can Chocolates.com automate the process of reimbursing merchants?
Merchants have the following concerns:
v.
vi.
How can they be sure that the delivery orders they receive from Chocolates.com
are really coming from Chocolates.com?
How can the prove, to Chocolates.com, that they delivered the chocolates to the
customers who ordered them?
Customers have the following concerns:
vii.
viii.
ix.
They want to be able to prove that they did not receive (or order) chocolates that
appear on their credit card bills… if, in fact, those chocolates were not delivered
(or ordered)
They want to be notified immediately, by Email, of new orders that are placed
against their credit cards by Chocolates.com
They want to be sure that their credit card numbers, address information, etc., are
appropriately protected by Chocolates.com from disclosure to unauthorized
persons
Using the methods and technologies that we have discussed in this course, design a Webbased, electronic commerce system that implements the Chocolates.com business model,
and that addresses (to a reasonable extent) all of the concerns listed above.