Ibra bank, located in Muscat has multiple branches. It provides online banking service to its customers. Once the user enters their user name and password, it encrypts the password for safe transaction. The password entered by the customers are stored in the database of the bank for later verification. Whenever the customer makes transaction, OTP will be sent to their registered GSM number via SMS. Once the customer enters the received OTP, further transaction can be carried out by the customer. The bank also allows the users to open a new account digitally.
- The bank ensures the confidentiality of the user password using Data Encryption Standard (DES) algorithm.
- Implement DES algorithm and analyze any two possible attacks on it using any two modes of operation of a block cipher.
- Suggest an alternate algorithm that can be used by the bank and prove how does it prevent the attacks that are exposed by DES.
- The bank uses SHA 1 cryptographic hash function to create and store the user passwords in its database to ensure the integrity and user authentication.
- Create a password using SHA 1 or MD5 hashing algorithm and demonstrate any two attacks that are possible.
- Suggest a strong hash function that can be used by the bank and analyse how does it prevent the attacks that are exposed by SHA 1 or MD5.
- The bank uses digital signature to ensure the message authentication, message integrity, and nonrepudiation services while the new user applies to create a new account.
- Demonstrate how does authentication can be ensured by digital signature and analyse any one possible attack on it.
- Assume Diffie-Hellman key exchange protocol is used by the bank to share the session keys to its customers.
- Demonstrate Diffie-Hellman key exchange protocol and analyse any one possible security attack on it.
Sample Solution
