Documente Academic
Documente Profesional
Documente Cultură
2. Classical digital signatures require a trusted third party. The judge must trust the third
party. For example, let Cathy be the trusted third party. Alice shares a cryptographic key
with Cathy. Also, Bob shares his key with Cathy.
Alice wants to send Bob a message:
Cathy enciphers the message with Bob's key and send it back to Bob
To verify that Alice send the message, the judge takes the disputed messages and has
Cathy decipher them using Alice's and Bob's key. If everything matches, the sending is
verified.
3. Public key digital signature uses a combination of a private key and a public key. The
private key is known only to your computer while the public key is given by your
computer to any computer that wants to communicate securely with it. To decode an
encrypted message, a computer must use the public key provided by the originating
computer and it's own private key. The key is based on a hash value. This is a value that
is computed from a base input number using a hashing algorithm. The important thing
about a hash value is that it is nearly impossible to derive the original input number
without knowing the data used to create the hash value.
For example:
Alice wants to send Bob a message. Alice has two keys, a public key and a private key.
Alice's keys are dalice and ealice. Alice sends Bob m || {m} dalice. As before, Bob can
authenticate the origin and contents of m, but in case of dispute, judge computes
{{ m }dalice}ealice
and if it is m, Alice signed the message. Alice is the only one who knows dalice.
4. An encrypted virus is one that enciphers all of the virus code except for a small
decryption routine. One of the ways to evade signature detection is to use the method of
encryption to encipher the body of the virus, leaving only the encryption module and
cryptographic key in cleartext. In this case, the virus consists of a small decrypting
module and an encrypted copy of the virus code. If the virus is encrypted with a different
key for each infected file, the only part of the virus that remains constant is the
decrypting module, which would be appended to the end. In this case, a virus scanner
cannot directly detect the virus using signatures, but it can still detect the decrypting
module, which still makes indirect detection of the virus possible. Since these would be
symmetric keys, stored on the infected host, it is in fact entirely possible to decrypt the
final virus, but this is probably not requried, since self-modifying code is such a rarity
that it may be reason for virus scanners to at least flag the file as suspicious.
5. Rabbit programs are a type of malware that create many instances of themselves in
order to consume large amounts of system resources. Rabbits create a denial of service
effect as legitimate programs may no longer be able to run, or at least may not run
properly. They may also make copies of themselves to overwhelm a computer system's
resources, denying the user access to the resources. A rabbit is not required to use all
resources on the system. Resources of a specific class, such as file descriptors or process
table entry slots, may not affect currently running processes. There are actually two
kinds of rabbit. The first is a program which tries to consume all of some system
resource, like disk space. A "fork bomb," a program which creates new processes in an
infinite loop, is an example of this kind of rabbit. The second kind of rabbit is a special
case of a worm. This kind of rabbit is a standalone program which replicates ifself across
a network from machine to machine, but deletes the original copy of itself after
replication. In other words, there is only one copy of a give rabbit on a network; it just
hops from one computer to another.