edited by
12,404 views
39 votes
39 votes

A sender $S$ sends a message $m$ to receiver $R$, which is digitally signed by $S$ with its private key. In this scenario, one or more of the following security violations can take place.

  1. $S$ can launch a birthday attack to replace $m$ with a fraudulent message
  2. $A$ third party attacker can launch a birthday attack to replace $m$ with a fraudulent message
  3. $R$ can launch a birthday attack to replace $m$ with a fraudulent message

Which of the following are possible security violations?

  1. I and II only
  2. I only
  3. II only
  4. II and III only
edited by

3 Answers

Best answer
52 votes
52 votes

As per definition it is as

Birthday attack : Sending fraudulent message with the same hash value as of the original message, along with the digital signature of the original message.

Important: Tanenbaum has given $2$ ways of using digital signatures:

  1. For Authentication and Secrecy (in this whole message is encrypted first with senders private key then receivers public key)
  2. For Authentication only (in this only Message Digest is encrypted with senders private key)

In question it is given that whole message is encrypted so first case applies. Options:

  1. $S$ can launch a birthday attack to replace $m$ with a fraudulent message. 
    $S$ can use some other message, encrypt it with its private key then receivers public key, then send. TRUE 
     
  2. $A$ third party attacker can launch a birthday attack to replace $m$ with a fraudulent message. 
    third party can not encrypt new message again, as it requires sender's private key. FALSE 
     
  3. $R$ can launch a birthday attack to replace $m$ with a fraudulent message.
    Similarly, $R$ will need sender's private key to encrypt. FALSE

Correct Answer: $B$

edited by
18 votes
18 votes
Digitally signed by S means....By using S private key .

that means any one can open it .

Birthday attack.......imagined like birthday gift inside wich is a BOMB ;D

SO , I thought....only S can send this Birthday gift others are only able to open the gift ....but only S can pack & wrap it .

SO Option  B is answer (according to me.....I had never heard of B'Day Attack Before)
16 votes
16 votes
How the process of encryption and decryption works,

In general if message is encrypted by X's private key then it can be decrypted only be X public key. Similarly

If it is encrypted by X's public key then it can be encrypted by X's private key.

 

Here in question sender sends message signed by S private key so any one can decrypt message using S public key.

If any 3rd party person want to send fraudulent message he has first decrypt message with S public key, do changes in message but once changes have been done it has to encrypt it with his own private key( because only S have its private key no one else)

Now even if the fraudulent message is received by R, S will be not accountable as fraudulent message does not have any signature of S on it.

Thus option II and III is not possible.

Only S himself can launch birthday attack changing content of message and later claming it was not him popular know as repudiation, which is a security violation
edited by
Answer:

Related questions

39 votes
39 votes
12 answers
1
27 votes
27 votes
5 answers
2
Akash Kanase asked Feb 12, 2016
9,334 views
Anarkali digitally signs a message and sends it to Salim. Verification of the signature by Salim requires.Anarkali's public key.Salim's public key.Salim's private key.Ana...