COMP3911代写、代写Java语言程序

日期：2022-02-28 10:22

COMP3911 Secure Computing

Coursework 1

This assignment is concerned with the message authentication techniques explored in Lectures 3 & 5, and

Exercises 4, 8 & 9. The assignment contributes 15% to your module grade.

You will need to have done Exercise 9 already in order to fully answer all the questions. It is not necessary

to have done Exercises 4 and 8 in order to give good answers to the questions, but you may find that

these exercises give you additional insight or a better feel for the techniques explored in the assignment.

You will submit your answers to the questions using Gradescope.

Question 1

Alice and Bob are two Computer Science students currently studying the Secure Computing module. Alice

wants to send a message to Bob, in such a way that Bob will be able to verify that the message came from

Alice and that it hasn’t been altered by an attacker. There is no requirement for confidentiality, so Alice and

Bob agree to use message authentication alone, without encryption. They further agree to use HMAC, and

they decide to use the three Java programs developed in Exercise 4 to generate the HMAC key, compute an

authentication tag for the message, and verify the tag.

Consider the threat that an attacker might be able to fake a message from Alice, without Bob realising this

has happened. Think about the most likely ways in which this threat might play out. Identify and describe

two different ways in which the attacker might succeed. [8 marks]

Question 2

Bob suggests to Alice that using an Ed25519 digital signature would be more secure for their message

authentication task. They decide to use the three Java programs from Exercise 8 to compute private & public

keys, sign the message, and verify the signature on the message.

What is the primary reason for Bob deciding that using the programs from Exercise 8 will be more secure

than using the programs from Exercise 4? Explain your reasoning. [4 marks]

Question 3

These sub-questions concern the Minisign tool used in Exercise 9.

1. What would be the potential issue with using Minisign to authenticate a video file (e.g., the video for

one of the COMP3911 lectures)? What does Minisign do to cater for this scenario? [3 marks]

2. After doing Exercise 9, Alice realises that using the Minisign tool would be more secure than using

the programs developed in Exercise 8. Why is this the case? Explain your reasoning. [3 marks]

3. Even though Minisign improves on the message authentication process demonstrated by the programs

in Exercises 4 and 8, it could still be possible for an attacker to fake a message from Alice and make

Bob believe that it is genuine. Discuss how this attack might work, and how we could defend against

it. [7 marks]

Submission

Submit your answers to the preceding questions using Gradescope, via the link provided for this purpose on

the Submit My Work page in Minerva. The deadline for submission is 10.00 on 24 February 2022.

1