Suppose you suspect that your session with a server has been intercepted in a man-in-the middle attack. You have a key, K, that you think you share with the server, but you might be only sharing it with an attacker. But the server also has a public key, KP , which is widely known, and a private secret key, KS, that goes with it. Describe how you can either confirm you share K with the server or
discover that you share it only with a man-in-the-middle. Also, be sure your solution will not be discovered by a packet sniffer.
What will be an ideal response?
Ask the server to digitally sign your shared key, K, using his private key, KS,
and encrypt the result with K, so no one with a packet sniffer can read this. Then ask the
server to send you the result. You can decrypt the package with K and verify the servers
signature using his public key, KP . If this was done correctly, you can verify everything. If
you have a man-in-the-middle, however, the message you get will either be garbled, or the
signed shared key will not be the same.
You might also like to view...
Match the following terms to their meanings:
I. Table Grid II. Insert Table III. Draw Table IV. Excel spreadsheet A. displays the Insert Table dialog box, which contains two spin boxes B. opens an Excel worksheet for data entry C. enables you to select the number of rows and columns for the table by pointing to the individual cells D. enables you to create a customized table by first drawing the outside boundaries of the table
In 1994, a company called __________ released the first mainstream Web browser thereby opening up the possibilities of the Internet for the general public.
A) Netscape B) Microsoft C) Oracle D) Google E) Mozilla
The default event-handler method for CheckBox objects is ____________.
Fill in the blank(s) with the appropriate word(s).
What are pseudocolumns ROWID, ROWNUM, NEXTVAL and CURRVAL used for?
What will be an ideal response?