Câu 1: Alice would like to send a message to Bob that authenticates her identity.

Which
of the keys would Alice best use – as shown in the box on the diagram in Figure
1.1 below.

Alice and Bob are depicted in the diagram with the following key details:

Alice possesses the Public key (PA), her individual Secret key (SA), and Bob's Public key (PB).

Bob holds the Public key (PB), his exclusive Secret key (SB), and Alice's Public key (PA).

(P… signifies keys shared among multiple entities, while S… indicates keys accessible only to the
individual.)

Alice's objective is to send a message {m} to Bob for identity authentication. To achieve this, she employs
her private Secret key (SA) to sign the message. By utilizing her Secret key (SA) for the signature, Alice
provides evidence of the message's origin and ensures its integrity during transmission.

-She then encrypts the signed message with Bob's public key (PB) before forwarding it to him. After
obtaining the message, Bob will use his secret key (SB) to decrypt it, and he will verify the signature
using Alice's public key (PA). Consequently, I think Alice ought to use Bob's public key (PB) to encrypt the
message before sending it to Bob.

-> Alice would encrypt the message using her secret key (SA), which she should keep a secret because
doing so requires using PB for decryption, which Bob can use as proof that the message came from an
entity in possession of A.

The step-by-step process is exemplified as follows:

• Alice takes her message {m} and signs it using her individual Secret key (SA) to generate a digital
signature (S).

• Alice sends both the message {m} and the digital signature (S) to Bob.

• Upon receiving the message and digital signature, Bob authenticates the message's legitimacy and
Alice's identity by utilizing her Public key (PA) to verify the digital signature.
Câu 2: Alice would like to send a message to Bob that avoids any external entity
on the Internet from reading and observing that message. Which of the keys
would Alice best use – as shown in the box on the diagram in Figure 2.1 below.

Depicted in the illustration are Alice and Bob, each equipped with specific cryptographic keys:

Alice possesses the Public key (PA), her individual Secret key (SA), and Bob's Public key (PB).

Bob holds the Public key (PB), his exclusive Secret key (SB), and Alice's Public key (PA).

(P… denotes keys shared among multiple entities, and S… signifies keys accessible only to the individual.)

To establish secure communication between Alice and Bob and to ensure that their messages remain
private from external entities on the Internet, Alice opts to use Bob's public key (PB). The rationale
behind this choice is as follows:

When Alice intends to securely transmit a message to Bob, she utilizes Bob's public key (PB) to encrypt
the message. Only Bob's secret key (SB) possesses the capability to decrypt messages encrypted with his
public key (PB).

In practice, Alice takes her message and encrypts it using Bob's public key (PB), resulting in the creation
of ciphertext. Subsequently, Bob, as the intended recipient, receives the ciphertext and deploys his
secret key (SB) to decrypt the message encrypted by Alice.

Since only Bob possesses the secret key (SB) corresponding to his public key (PB), he is the sole entity
capable of decrypting the message.

The step-by-step process unfolds as follows:

• Alice encrypts the message {m} using Bob's public key (PB), generating ciphertext (C).
• Alice sends the ciphertext (C) to Bob.

• Bob, as the recipient, decrypts the ciphertext (C) using his secret key (SB), thereby retrieving the
original message {m}.

Câu 3: Alice would like to use Diffie-Hellman Key Exchange to send a message to
Bob that includes authentication and secrecy. Which of the two keys would Alice
best use – as shown in the two boxes on the diagram in Figure 2.2 below?

Illustrated in the diagram are Alice and Bob, each equipped with specific cryptographic keys:

Alice possesses the Public key (PA), her individual Secret key (SA), and Bob's Public key (PB).

Bob holds the Public key (PB), his exclusive Secret key (SB), and Alice's Public key (PA).

(P… signifies keys shared among multiple entities, and S… denotes keys accessible only to the individual.)

To ensure both authentication and secrecy using the Diffie-Hellman Key Exchange for sending a message
to Bob, Alice employs a combination of her secret key (SA) and Bob's public key (PB) in conjunction with
digital signature and encryption.

Here's how Alice accomplishes both authentication and secrecy in the message exchange:

-Diffie-Hellman Key Exchange:Alice and Bob perform the Diffie-Hellman Key Exchange protocol to
establish a shared secret key known only to them. This shared secret key is used for encryption, ensuring
message secrecy between Alice and Bob.

-Authentication with Digital Signature:To authenticate her identity and ensure message integrity, Alice
signs the message {m} using her secret key (SA) to generate a digital signature (S). This signature serves
as proof that the message originates from Alice and has not been altered during transmission.

-Encrypting the Message:After creating the digital signature, Alice encrypts both the original message
{m} and the digital signature (S) using Bob's public key (PB), resulting in the creation of ciphertext (C).

-Sending the Ciphertext:Alice transmits the ciphertext (C) to Bob.

-Decryption and Verification by Bob:Bob receives the ciphertext (C) and decrypts it using his secret key
(SB), retrieving the original message {m} and the digital signature (S). Subsequently, Bob verifies the
authenticity of the message using Alice's public key (PA) to confirm the validity of the digital signature
(S).

Câu 4: Amazon.com would like to work with its CA to set up its website for secure
eCommerce. The certificate issued by the CA to Amazon.com would be encrypted with the
secret key of the CA and would include which of the following information – as shown in the
box on the diagram in Figure 1.2 below:
Which key information is included in the certificate sent from the CA to Amazon.com?

Amazon.com will receive a certificate from the Certificate Authority (CA) containing Amazon.com's public
key (PM). Customers can subsequently request this certificate from Amazon.com and decrypt it using the
CA's public key (PCA). Once in possession of Amazon.com's public key, customers can employ it to
encrypt their credit card information using the SSL (Secure Sockets Layer) protocol.

The SSL protocol, a secure communication protocol employed to safeguard data transmitted over the
internet, plays a crucial role. When customers input their credit card details on Amazon.com's website,
the information undergoes encryption with Amazon.com's public key. The encrypted data is then
transmitted to Amazon.com's server, where it is decrypted using Amazon.com's private key. This robust
process ensures that the credit card information remains exclusively accessible to Amazon.com and is
immune to interception by third parties.

The certificate dispatched from the CA to Amazon.com is a digital file encompassing Amazon.com's
public key and additional information about the platform. The CA's signature on the certificate
guarantees its authenticity and integrity.

Upon visiting Amazon.com's website, a customer's browser performs a check to verify the validity of the
website's certificate. If the certificate is deemed valid, the browser utilizes the public key within the
certificate to encrypt the data transmitted between the customer's browser and Amazon.com's server.
This stringent security measure guarantees that the transmitted data remains shielded from
unauthorized access.
Câu 5: From a service perspective, what is an important difference between a symmetric-key
system and a public-key system?
Note: Explain your answer in detail
Symmetric-key systems utilize the same key for both encryption and decryption, necessitating
both the sender and receiver to possess the key for secure communication. While symmetric-
key systems are generally faster than public-key systems, their security is comparatively
lower. This vulnerability arises because if the key is compromised, all data encrypted with that
key becomes exposed.
Public-key systems employ a pair of keys – a public key accessible to everyone and a private
key held exclusively by the owner. The public key encrypts data, but only the private key can
decrypt it. Public-key systems offer enhanced security compared to symmetric-key systems, as
even if the public key is compromised, the private key remains secure.

The key distinction between symmetric-key and public-key systems lies in key exchange
methods. Symmetric-key systems require secure key exchange, often in person or through a
secure channel, which can be cumbersome, especially with numerous users. In contrast,
public-key systems allow the publication of public keys, eliminating the need for secure
exchanges. This characteristic renders public-key systems more scalable and user-friendly.

The following table provides a summary of the principal differences between symmetric-key
and public-key systems:

Feature Symmetric-key system Public-key system

Number of keys 1 2 (public and private)
Efficiency More efficient Less efficient
Security Less secure More secure
Speed Faster Slower
Scalability Less scalable More scalable
Key sharing Must be shared between Public key is made available,
parties private key is kept secret

Câu 6: Propose your own schema for the purpose of authentication and confidentiality.
Describe the operation of your own schema.
What are the advantages of your own schema?
What are the disadvantages of your own schema?
Schema:

• User Registration: Users register with the system by supplying their username, password, and email
address. The username and password are stored in the database as hashed values. The email address is
utilized for sending confirmation messages and facilitating password resets.

• Login: To get access to the system, users must provide their username and password. The username is
checked to see if it is in the database. If it does, the password is hashed and compared to the hashed
password in the database. If the passwords match, the user is logged in.

• Data confidentiality: Encrypting all data before it is saved in the database ensures data secrecy. The
encryption key is a symmetric key that the client and server share. The key is created at random and
saved in the database.

• Data integrity: Data integrity is accomplished by calculating a hash value for each item of data using a
hash function. Along with the data, the hash value is saved. The hash value is recalculated and compared
to the stored hash value when the data is retrieved. The data has not been changed with if the hash
values match.

Operation:

The schema works as follows:

1. When a user registers with the system, the database stores their username, password, and email
address. Before being saved, the password is hashed.

2. When a user signs in, their username and password are validated against the database. The user is
logged in if the passwords match.

3.Before any data is stored in the database,the symmetric key is used to encrypt data before it is placed
in the database. The client and server both have access to the key.

4. When data is retrieved from the database,data is decrypted using the symmetric key.

5.A hash function is used to calculate a hash value for each piece of data. The hash value is stored along
with the data.

6. After retrieving the data, the hash value is computed and compared to the previously stored hash
value. The data has not been changed with if the hash values match.

Advantages:

• Robust Authentication: Users undergo authentication using a combination of username, password, and
email address, bolstering system security.

• Enhanced Confidentiality: Pre-storage encryption guarantees data remains inaccessible to

unauthorized users.
• Stringent Integrity Measures: Hash functions verify data integrity, ensuring protection against
tampering.

Disadvantages:

• Increased Complexity: The schema's complexity may pose challenges during implementation and
maintenance.

• Key Security Requirement: The use of a symmetric key demands stringent security measures to prevent
unauthorized access.

In summary, this schema delivers robust authentication, confidentiality, and integrity for stored data.
However, its complexity and reliance on a symmetric key introduce implementation and security
challenges.

Câu 7: The Caesar cipher is a classic example of ancient cryptography and is said to have been
used by Julius Caesar, also known as shift cipher.
Decipher this cryptogram below to discover the secrets.
Cipher text: MWA-PH: Kv fvb ilsplcl pu yhukvtulzz?
Plaint text: F**-**: ** *** ******* ** **********?
Answer:
We have the order of the alphabet as follows:
00 01 02 03 04 05 06 07 08 09 10 11 12
A B C D E F G H I J K L M

13 14 15 16 17 18 19 20 21 22 23 24 25
N O P Q R S T U V W X Y Z

 We have M = 12 and F = 5
 So we can Decrypt cipher text with a shift of 12 – 5 = 7
1. M: D(M) = 12 – 7 Mod 26 = 5 -> F
2. W: D(W) = 22 – 7 Mod 26 = 15 -> P
3. A: D(A) = 0 – 7 Mod 26 = 19 -> T
4. P: D(P) = 15 – 7 Mod 26 = 8 -> I
 5. H: D(H) = 7 – 7 Mod 26 = 0 -> A
6. K: D(K) = 10 – 7 Mod 26 = 3 -> D
7. v: D(v) = 21 – 7 Mod 26 = 14 -> o
8. f: D(f) = 5 – 7 Mod 26 = 24 -> y
9. v: D(v) = 21 – 7 Mod 26 = 14 -> o
10. b: D(b) = 1 – 7 Mod 26 = 20 -> u
11. i: D(i) = 8 – 7 Mod 26 = 1 -> b
12. l: D(l) = 11 – 7 Mod 26 = 4 -> e
13. s: D(s) = 18 – 7 Mod 26 = 11 -> l
14. p: D(p) = 15 – 7 Mod 26 = 8 -> i
15. l: D(l) = 11 – 7 Mod 26 = 4 -> e
16. c: D(c) = 2 – 7 Mod 26 = 21 -> v
17. l: D(l) = 11 – 7 Mod 26 = 4 -> e
18. p: D(p) = 15 – 7 Mod 26 = 8 -> i
19. u: D(u) = 20 – 7 Mod 26 = 13 -> n
20. y: D(y) = 24 – 7 Mod 26 = 17 -> r
21. h: D(h) = 7 – 7 Mod 26 = 0 -> a
22. u: D(u) = 20 – 7 Mod 26 = 13 -> n
23. k: D(k) = 10 – 7 Mod 26 = 3 - > d
24. v: D(v) = 21 – 7 Mod 26 = 14 -> o
25. t: D(t) = 19 – 7 Mod 26 = 12 -> m
26. u: D(u) = 20 – 7 Mod 26 = 13 -> n
27. l: D(l) = 11 – 7 Mod 26 = 4 -> e
28. z: D(z) = 25 – 7 Mod 26 = 18 -> s
29. z: D(z) = 25 – 7 Mod 26 = 18 -> s
 Cipher text after decrypted is: FPT-IA: Do you believe in randomness?

Câu 8: The following schemas illustrate a variety of ways in which a hash code can be used to
provide message authentication.
For each schema above:
Describe the operation of this schema.
What are the advantages of this schema?
What are the disadvantages of this schema?

1.Schema a:
Operation:

-In this scenario, the sender (A) and receiver (B) aim to verify the final message and ensure data
security during transmission.
 -The message (M) plus the concatenated hash code is hashed from the message (M) by using the
hash function (H) and then both are encrypted (E) using symmetric encryption.Only A and B
share a secret key (K), ensuring that the message originated from A and remains unaltered. The
hash code adds the necessary structure for message authentication, and encrypting the entire
message along with the hash code ensures confidentiality.

-After encrypting (E) the data with the secret key (K), we have E(K, [M || H(M)]) on the
transmission from A to B, this is the message (M) and the hash code H(M) after both are
encrypted (E).

-Upon reaching B, the data is decrypted (D) with the secret key (K), resulting in the message (M)
with a hash code known as H(M). Next, B hashes the received message (M) using the same hash
function (H) as A.

Finally, B compares the hashed-out hash code with the hash code sent by A. If the calculated
hash code is the same as the received hash code, the data is considered safe and correct.

Advantages:

Speed: Symmetric encryption, being generally faster than asymmetric encryption, enhances
performance.

Security: Keeping the secret key secure ensures the encrypted data and hash value's security,
verifying data accuracy and security.

Efficiency: Using the same key for both encryption and hashing eliminates the need for
generating and managing two separate keys.

Disadvantages:

Key Management: The secret key must be securely kept; compromise puts both encrypted and
hashed data at risk.

Brute-force Attacks: Compromised secret key allows the decryption of all encrypted data and
hash values.

Hash Collision Attacks: Lack of collision resistance in the hash function may enable the creation
of two different messages with the same hash value, leading to forged signatures or tampered
data.

2.Schema b:

Operation:
 For this schema, we can see the hash code is hashed from the message (M) by using the hash
function (H), and here only the hash code is encrypted (E) by using symmetric encryption and
the key secret (K). The sender aims to confirm whether the data has changed during
transmission without concern for data security. This approach reduces the processing burden for
applications not requiring confidentiality.

-After encrypting (E) the data with the secret key (K), we have E(K, H(M)) on the transmission to
the receiver, this is the hash code H(M) after being encrypted (E).

Upon reaching the receiver, the data is decrypted (D) with the secret key (K), resulting in the
hash code from the sender. As the message is not encrypted, no decryption is needed. The
receiver then hashes the received message (M) using the same hash function (H) employed by
the sender.

Finally, the hashed-out hash code is compared with the hash code received from the sender. If
the calculated hash code is the same as the received hash code, the data is considered safe and
correct.

Advantages:

Speed: Similar to schema 1, symmetric encryption's speed contributes to faster processing.

Minimize Storage: Reduced processing for applications not requiring confidentiality.

Simplified Key Distribution: Only one secret key needs sharing, simplifying key management.

Verifiable Integrity: The hash function can be used to verify message integrity even without
encryption.

Disadvantages:

Key Management: Secure sharing of the secret key is crucial; compromise risks both encrypted
and hashed data.

Message Confidentiality: The message itself is not encrypted, allowing anyone with the hash
function and secret key to read it.

Message Authentication: If the hash function is not collision-resistant, an attacker could create a
message with the same hash as the original message, even if the message content is different.

3.Schema c:

Operation:
In this schema, neither the message (M) nor the hash code is encrypted. The hash function (H) is used
without encryption (E) for message (M) authentication. This technique assumes that both the sender
and the receiver must share a common seed value (S)The sender computes the hash code, which is
hashed from the message (M) along with the seed value (S) using the hash function (H) to perturb the
hash code's value. The receiver, possessing the seed value (S), can recompute the hash value for
verification. Because the seed value (S) itself is not sent, third parties cannot modify an intercepted
message and cannot generate a false message.

-After hashing the message (M) along with the seed value (S), we have H(M || S) on the way to the
receiver, which is the value of the perturbed hash.

Upon reaching the receiver, no decryption is needed as the sender does not encrypt the data. The
receiver hashes the message (M) with the seed value (S) using the same hash function (H) as the sender
to get the hash code.

Finally, the recalculated hash value is compared with the value of the hash code received from the
sender. If the calculated hash value is the same as the received hash value, the data is determined to be
safe and accurate.

Advantages:

Data Integrity: The hash code can be used to verify that the message has not been tampered with. The
hash code is accompanied by a seed value, making it difficult for third parties to change or forge.

Authenticity: The hash code can be used to verify that the message was sent by the intended sender.

Performance: Omitting encryption can improve performance by reducing processing overhead.

Complexity: Encryption complexity is reduced as data is not encrypted.

Disadvantages:

Secret Key Security: The seed value (S) must remain secret; compromise allows adversaries to generate
false messages with the same hash code.

Unencrypted Message: The message is not encrypted, allowing adversaries to read it even if they cannot
solve the hash code.

Increased Complexity: Exchanging seed values can add complexity to the security infrastructure,
requiring management and tracking of seed values, methods of exchange, and storage devices.