Question 1 – 30 marks
Part 1 – 7 marks
The PGP Web of Trust - Activity 2.6
a. Ken has a score of 0 because he is not trusted by anyone in the web of trust. Nan has a score
of 2 because she is introduced by two trusted individuals (Liam and Sam). Each introduction adds
one point to the trust score.
b. If a new fully trusted individual, David, is introduced who introduces both Ken and Nan, their
scores would increase. Ken's score would become 1 (as he would be introduced by David), and
Nan's score would become 3 (as she would be introduced by David who has a score of 2). The
diagram would also change to reflect the new introductions and trust scores.
Part 2 – 13 marks
a.
i. A sends message R to B.
ii. B sends back an encrypted message {{M1}K, T1}K(B pr), where M1 is the plaintext message, T1
is a timestamp, K is a shared key, and B pr is B's private key.
iii. A sends an encrypted message {M2}K,{H(M2)}K(A pr), where M2 is the plaintext message, K is
the shared key, H is a cryptographic hash function, and A pr is A's private key.
b. The shared key may have been generated using a key exchange algorithm such as Diffie-
Hellman or RSA. These algorithms allow two parties to establish a shared secret key over an
insecure communication channel.
c. Alice realises the message is fraudulent because the timestamp T1 is three days old, indicating
that the message was intercepted and resent by Ian. This example demonstrates the concept of
message integrity, where the recipient can verify that the message has not been tampered with
by checking the integrity of its contents (using the hash function in this case) and any
accompanying metadata (such as the timestamp).
Part 3 – 10 marks
a. Insert Screenshot of completed Activity 2.15
b. There is no danger if the public key transfer is intercepted by an attacker because the public
key is only used for encryption and does not reveal any sensitive information. An attacker would
need access to the corresponding private key to decrypt any messages encrypted with the public
key.
c. It is no longer possible to log into the DVL machine from Kali using SSH and a password in
Step 23 because password authentication has been disabled in the SSH server configuration file.
d. It is still possible to log into the DVL machine from the Ubuntu machine in Step 24 because
public key authentication has been enabled and the Ubuntu machine has a copy of the
corresponding private key.
Page 2 of 10
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller straviaou. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £4.49. You're not tied to anything after your purchase.