List the four problems dealt with by cryptography and give a real world example of each one.

What will be an ideal response?

---

The four problems dealt with by cryptography are privacy, integrity, authentication and non-repudiation.
Privacy ensures that the information you transmit over the Internet or the Web has not been viewed or captured by a
third party. By encrypting messages, you can ensure that your messages cannot be read by anyone other than the intended
receiver (assuming the decryption key has not been compromised). Therefore, even if a hacker manages to capture your
email, the message will be unreadable without the decryption key.
Integrity is important in security as it ensures the contents of a message have not been altered in transmission. For
example, imagine if you sent your stock broker a message that read "Buy 100 shares of Company A," and a third party
altered the message to read "Buy 100,000 shares of Company A." Message integrity is extremely important in e-commerce
and e-business. Using public-key cryptography and digital signatures, you can ensure the integrity of a message.
Authentication refers to proving the identities of the sender and receiver. For example, if a sender encrypts a message
using the receiver's public key, there is no way for the receiver to prove (legally) the identity of the sender. Therefore, using
the example of a stock market trade, a third party could pose as a legitimate customer and send the broker the message "Buy
100,000 shares of Company A," encrypted with the broker's public key. To authenticate the sender, the sender can digitally
sign the message (or message digest) using the sender's private key. The receiver can then decrypt the message using the
sender's public key. Since only the sender knows the sender's private key, this authenticates the sender's identity.
Non-repudiation provides legal proof that a message was sent. Timestamping, which binds a time an date to a digital
document, can help solve the problem of non-repudiation. The sender sends a digital signed message to the timestamping
agency. The timestamping agency affixes the time and date of receipt of the encrypted message, then digitally signs the
whole package with its private key and sends it to the intended receiver. This timestamping method can be used to validate
digital signatures of online contracts.