1.

Man-in-the-middle attack in the context of public key cryptosystems is a form of

active eavesdropping in which the attacker makes connections with the individuals he is
attacking and relays messages between them, making them believe that they are
communicating with each other over a private connection, when the truth is the entire
communication is controlled by the hacker.
key concepts: Man-in-the-middle is a type of attach that occurs when a malicious actor
inserts himselfs as a relay/proxy into a communication session between people or
systems. This kind of attack exploits the real time processing of transactions,
conversations, or transfer of other data.
Example:
Alice sends a message to Bob and is eavesdropped by Peter:
Alice -> Bob : {send me your key} [intercepted by Peter]
Peter relays the message to Bob; Bob cannot tell it is not from Alice:
Peter -> Bob : { send me your key}
Bob give Peter his encryption key:
Bob -> Peter : Bob's key
Peter replaces Bob's key with his and gives it to Alice
Peter -> Alice : Peter's key
Alice encrypts a message with what she believes to be Bob's key
Alice -> Bob : { "message"} Peter's key
The message was encrypted with Peter's key, he can decrypt it, read it, modify it, reencrypt with Bob's key and foward it to Bob:
Peter -> Bob : { "modified message"} Bob's key

2. Classical digital signatures require a trusted third party. The judge must trust the third

party. For example, let Cathy be the trusted third party. Alice shares a cryptographic key
with Cathy. Also, Bob shares his key with Cathy.
Alice wants to send Bob a message:

Bob sends the message to Cathy, whom deciphers it:

Cathy enciphers the message with Bob's key and send it back to Bob

To verify that Alice send the message, the judge takes the disputed messages and has
Cathy decipher them using Alice's and Bob's key. If everything matches, the sending is
verified.
3. Public key digital signature uses a combination of a private key and a public key. The
private key is known only to your computer while the public key is given by your
computer to any computer that wants to communicate securely with it. To decode an
encrypted message, a computer must use the public key provided by the originating
computer and it's own private key. The key is based on a hash value. This is a value that
is computed from a base input number using a hashing algorithm. The important thing
about a hash value is that it is nearly impossible to derive the original input number
without knowing the data used to create the hash value.
For example:
Alice wants to send Bob a message. Alice has two keys, a public key and a private key.
Alice's keys are dalice and ealice. Alice sends Bob m || {m} dalice. As before, Bob can
authenticate the origin and contents of m, but in case of dispute, judge computes
{{ m }dalice}ealice
and if it is m, Alice signed the message. Alice is the only one who knows dalice.
4. An encrypted virus is one that enciphers all of the virus code except for a small
decryption routine. One of the ways to evade signature detection is to use the method of
encryption to encipher the body of the virus, leaving only the encryption module and
cryptographic key in cleartext. In this case, the virus consists of a small decrypting
module and an encrypted copy of the virus code. If the virus is encrypted with a different
key for each infected file, the only part of the virus that remains constant is the
decrypting module, which would be appended to the end. In this case, a virus scanner
cannot directly detect the virus using signatures, but it can still detect the decrypting
module, which still makes indirect detection of the virus possible. Since these would be
symmetric keys, stored on the infected host, it is in fact entirely possible to decrypt the
final virus, but this is probably not requried, since self-modifying code is such a rarity

that it may be reason for virus scanners to at least flag the file as suspicious.
5. Rabbit programs are a type of malware that create many instances of themselves in
order to consume large amounts of system resources. Rabbits create a denial of service
effect as legitimate programs may no longer be able to run, or at least may not run
properly. They may also make copies of themselves to overwhelm a computer system's
resources, denying the user access to the resources. A rabbit is not required to use all
resources on the system. Resources of a specific class, such as file descriptors or process
table entry slots, may not affect currently running processes. There are actually two
kinds of rabbit. The first is a program which tries to consume all of some system
resource, like disk space. A "fork bomb," a program which creates new processes in an
infinite loop, is an example of this kind of rabbit. The second kind of rabbit is a special
case of a worm. This kind of rabbit is a standalone program which replicates ifself across
a network from machine to machine, but deletes the original copy of itself after
replication. In other words, there is only one copy of a give rabbit on a network; it just
hops from one computer to another.