in Computer Networks edited by
10,692 views
38 votes
38 votes

A sender $S$ sends a message $m$ to receiver $R$, which is digitally signed by $S$ with its private key. In this scenario, one or more of the following security violations can take place.

  1. $S$ can launch a birthday attack to replace $m$ with a fraudulent message
  2. $A$ third party attacker can launch a birthday attack to replace $m$ with a fraudulent message
  3. $R$ can launch a birthday attack to replace $m$ with a fraudulent message

Which of the following are possible security violations?

  1. I and II only
  2. I only
  3. II only
  4. II and III only
in Computer Networks edited by
by
10.7k views

4 Comments

Why does S need to launch a birthday attack if they're the one encrypting the message? They could just encrypt a different message and attach the signature of the older message?

Technically they could perform a birthday attack, so I guess this is only to make the question sound misleading?
0
0
leave everything, birthday attack in the question.

In a digital signature, only a sender can forge the message but not a third party or receiver.
0
0
Is this topic in gate 2021 syllabus ???
0
0

3 Answers

52 votes
52 votes
Best answer

As per definition it is as

Birthday attack : Sending fraudulent message with the same hash value as of the original message, along with the digital signature of the original message.

Important: Tanenbaum has given $2$ ways of using digital signatures:

  1. For Authentication and Secrecy (in this whole message is encrypted first with senders private key then receivers public key)
  2. For Authentication only (in this only Message Digest is encrypted with senders private key)

In question it is given that whole message is encrypted so first case applies. Options:

  1. $S$ can launch a birthday attack to replace $m$ with a fraudulent message. 
    $S$ can use some other message, encrypt it with its private key then receivers public key, then send. TRUE 
     
  2. $A$ third party attacker can launch a birthday attack to replace $m$ with a fraudulent message. 
    third party can not encrypt new message again, as it requires sender's private key. FALSE 
     
  3. $R$ can launch a birthday attack to replace $m$ with a fraudulent message.
    Similarly, $R$ will need sender's private key to encrypt. FALSE

Correct Answer: $B$

edited by

4 Comments

edited by
I did n't get the purpose , it seems sender is sending a completely new data, is it apt to call it an attack ?
1
1
But wont the Reciever again convert msg into hash(H) at reciever side and then compare it with decrypted Hash(H')? Wont the fraud msg produce a different hash?
0
0
You are saying message digest can be extracted which is encrypted. If that is possible then an encrypted message can also be extracted. Which is clearly wrong
0
0
18 votes
18 votes
Digitally signed by S means....By using S private key .

that means any one can open it .

Birthday attack.......imagined like birthday gift inside wich is a BOMB ;D

SO , I thought....only S can send this Birthday gift others are only able to open the gift ....but only S can pack & wrap it .

SO Option  B is answer (according to me.....I had never heard of B'Day Attack Before)
16 votes
16 votes
How the process of encryption and decryption works,

In general if message is encrypted by X's private key then it can be decrypted only be X public key. Similarly

If it is encrypted by X's public key then it can be encrypted by X's private key.

 

Here in question sender sends message signed by S private key so any one can decrypt message using S public key.

If any 3rd party person want to send fraudulent message he has first decrypt message with S public key, do changes in message but once changes have been done it has to encrypt it with his own private key( because only S have its private key no one else)

Now even if the fraudulent message is received by R, S will be not accountable as fraudulent message does not have any signature of S on it.

Thus option II and III is not possible.

Only S himself can launch birthday attack changing content of message and later claming it was not him popular know as repudiation, which is a security violation
edited by
Answer:

Related questions