Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Public-key algorithms: Your company makes many Internet of Things devices, all l

ID: 3662797 • Letter: P

Question

Public-key algorithms: Your company makes many Internet of Things devices, all low-powered and small (some devices are much smaller than others). You've been asked to make recommendations about including public-key algorithms in the devices for key establishment. There are several devices to consider: A soil sensor reports on the humidity of the soil. Soil humidity Can be used to predict crop quality and date of ripening, so it & competitive information (and thus it is important that the in-formation Only be reported to authorized parties). The sensor's lifetime is about ten years. What encryption, if any, should used to protect the humidity information as it is reported? A national gym with tens of thousands of users wants a fitness device that will measure heart-rate and other vital signs to ensure no one is over-exercising and in danger while on gym equipment. The data will be sent in real-time to the server at the gym, and will not be destroyed at the end of the user's gym session. The gym plans to use a sensor device that checks pulse and related data; this, of course, is private health information. The gym will give a device to each client on check in. The user is allowed to pair the device with her own Fibit (or the like) so that she retains a copy of her information but is only wearing one device at a time. What encryption, if any, should be used to protect the health information as it is reported? The new phone app GIZMO measures your driving safety by examining your accelerations, from which your lane switches can be determined, and your speed, and comparing them with recommended speeds for the roads on which you travel. It then makes recommendations to you on how to improve your driving safety. GIZMO collects accelerometer information and spe|ed from your phone. What encryption, if any, should be used to protect the driving information as it is reported? Explain in each case, what algorithm you recommend using I and at what key length. What's the reasoning behind your recommendations?

Explanation / Answer

a) This scenario involves authentication. Authentication is a service ensuring identification of communicating parties and information irself. Hence, this scenario will require identification of the user receiving the information and source from which information is being received. There are two aspects of authentication service: entity authentication and data origin authentication. Entity authentication is used to establisgh the identity of en entity. An entity can be a person, process, client or server. The techniques used for entity authentication are passwords (fixed, hashed, padding or salting, OTP etc.), challenge-response method (symmetric key cipher, asymmetric key cipher, digital signature etc.), zero knowledge method (Fiat-Shamir protocol, Feige-Fiat-Shamir protocol, Guillou-Quisquater protocol). For this scenarion, a padded password based or OTP based authentication will be ok.

Techniques used for data origin authentication are message authentication codes (MACs), digital signatures etc.For the current scenario hashed message authentication code (HMAC) protocol can be used. This protocol uses a shared secret alongwith a hashing algorith like MD5, SHA-1 etc.

b) For this kind of scenario, the information should remain confidential to all but authorized persons or devices. To achive confidentiality, symmetric as well as asymmetric cryptographic techniques can be used. Both the techniques involve the use of secret keys required for encryption and decryption processes. Under symmetric encryption, same secret key is shared among all authorized users. Popular symmetric techniques are Advanced Encryption Standard (AES) and Digital Encryption Standard (DES). While under asymmetric technique (also called public key cryptography) involves the use of public/private key pair. In this mechanism, private key is used for encryption, while public key is used for decryption. One of the most popular asymmetric algorithm is RSA.

For the described scenario, any of the technique can be used.

c) This scenario involves the perspective of data integrity. It means that there should be no unauthorized alterartion of data, while it is being reported. And, it any such thing happens, it should be detectable. For this purpose, any of symmetric or asymmetric methods as mentioned in above points can be employed.

However for the provided scenario, an asymmetric algorithm like RSA will be preferred. It is also required that data is reported over a secure channel like SSL.

Related Questions

Public Strategies recently conducted a statewide telephone poll in Texas to inve
Question #2929394
Public Strategies recently conducted a statewide telephone poll in Texas to inve
Question #3332986
Public Transit. You commute to arid from school. You have the option to either (
Question #3238633
Public Transit. You commute to arid from school. You have the option to either (
Question #3253361
Public awareness of a congressional candidate before and after a successful camp
Question #3003316
Public class BankAccount{private String name; private double balance; public Ban
Question #3781964
Public class Car {public static void main(String [] orgs) {Integer I 1 = 100; In
Question #3841902
Public class ClassicSingleton {private static ClassicSingleton instance = null;
Question #3830281
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Public water supplies are often \"fluoridated\" by the addition of compounds suc
Next
Publicity packaging When Pizza Hut announced it was add going to 25 percent more

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.