(a) For each of the followings, state whether confidentiality, integrity of a message are protected.

(i) Bob sends a message to Mary via email. [2]

(ii) Bob generates a message digest from a message. Then the message and the message digest are sent to Mary via email. [2]

(iii) Bob generates a message digest from a message. He then encrypts the message digest using the secret key method. Then the message and the encrypted message digest are sent to Mary via email. Mary knows the key used by Bob. [2]

(iv) Bob generates a message digest from a message. He then encrypts the message using the secret key method. Then the encrypted message and the message digest are sent to Mary via email. Mary knows the key used by Bob. [2]

(v) Bob encrypts a message using the secret key method. He then generate a message digest from the encrypted message. The encrypted message and the message digest are sent to Mary via email. Mary knows the key used by Bob. [2]

(vi) Bob encrypts a message and send the encrypted message to Mary. Mary knows the key used by Bob. [2]

(b) (i) Consider the following multithreaded echo server:

public class Server {

public static void main(String st[]) {

try {

ServerSocket ss = new ServerSocket(12345);

while (true) {

final Socket s = ss.accept();

new Thread() {

public void run() {

try {

DataInputStream input = new DataInputStream(s.getInputStream());

DataOutputStream output = new DataOutputStream(s.getOutputStream());

while (true) {

String st = input.readUTF();

output.writeUTF(st);

if (st.equals("bye")) {

break;

}

}

input.close();

output.close();

s.close();

} catch (Exception e) {

}

}

}.start();

}

} catch (Exception e) {

}

}

}

The server accepts requests at port 12345. A connected client will continuously send in strings using the writeUTF() method of DataOutputStream method. The server will return the same strings to the client in the same order. Until the string "bye" is received, the connection will be closed.

Now, you need to change the above program so that the secret key method is used in the communication between the server and the clients. A connected client will first send in a secret key that uses the AES algorithm. The client uses the writeObject() method of ObjectOutputStream to send the key to the server. The key will be used in all subsequence communication between the server and the client. Then, the client sends in encrypted messages as arrays of bytes using the writeObject method of ObjectOutputStream. The server will echo back the encrypted message, i.e, the arrays of bytes, back to the client. The communication will be closed when the decrypted message is "bye". Modify the above program according to the new requirements.

[10]

(ii) Identify one problem in the modified server regarding the protection of confidentiality of the communication between the server and a client. [6]