Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Tutorial Sheet 07

advertisement 
CSE 2500 Computer Security and Privacy
Tutorial Sheet 07
Q1) A McDonalds look like company which is conceived by a Monash MBA has
developed with the help of 5 chefs a number of recipes which he thinks will take the
market by storm. However, he received recently an anonymous tip stating that that three
of the five chefs are considering job offers from their competitor (of course it has to be
McDonalds, however, the tip off does not say who they are). Assuming that only those 5
chefs can use the company’s computer, which has the recipes in files and unfortunately,
the Monash MBA hasn’t done any subjects from Information Technology Faculty, he
does not know how to use the computer (or its related programs). However, he wants
the chefs to store the recipes so that no subset of three can steal the complete recipes.
Describe a method of storing the information so that the above objective can be met.
Q2) Consider the following protocol for accessing data from a remote database server.
1. Users obtain the database server’s public key from the system arbitrator.
2. Users generate their own public/private key pairs and send the public portion to
the arbitrator.
3. Users encode their identity and the query using their own personal private key to
generate the message and are sent to the database server.
4. Database server requests the user’s public key from the system arbitrator.
5. Database server decodes the user’s message using the user’s public key, and
checks a local access list to see whether the user is allowed to access the data
requested in the query.
6. If the user is allowed to have the requested information, the database server
executes the query and then encodes the results of the query using the databases
server’s private key, then encrypts the result with the requesting user’s public
key. However if the user is not allowed to access the requested information, the
database generates the message permission denied and encrypts this message as
described above.
7. When the encrypted result of the query is received by user, it is first decoded
using the user’s private key and then the public key of the database server.
Comment on the following statements:
 Is it allowed to have double encryption as in step 6? If yes, how you will
decrypt the double encrypted message?
 Why we need double encryption in step 6?
 Why cannot we use single encryption using one of the following key
(public key of the user, public key of the database, private key of the user
or the private key of the database)?
 Will the protocol be better if we change the order of encryption in step
6?
1 of 2
2 of 2
Related documents
tutorial sheet 07_an..
tutorial sheet 07_an..
Slides - Spatial Database Group
Slides - Spatial Database Group
I wrote this article for the upcoming Highlands Voice
I wrote this article for the upcoming Highlands Voice
here
here
assessmentfordatabasestestkey
assessmentfordatabasestestkey
Access Requests and Infrastructure Isolations / De
Access Requests and Infrastructure Isolations / De
Basic Search Lab - Villanova University
Basic Search Lab - Villanova University
Download
advertisement