This computer science problem involves algorithmic thinking and programming concepts. The solution below explains the approach, logic, and implementation step by step.
ScanSolve AI Answer
Here are the answers to your questions based on the case study: 1. a) Sensitive donor and payment information: Confidentiality is required here because the case study explicitly states, "The church wants the system to protect sensitive donor and payment information." This data is private and must only be accessible to authorized personnel to maintain trust and privacy. b) Mobile Money payment details: Confidentiality is crucial for these details because the case study mentions members receiving messages asking to confirm them via a link, indicating a phishing attempt. Protecting this information prevents fraud and unauthorized access to funds. 2. The cryptographic objective that ensures receipts and financial records cannot be altered after approval is integrity. Explanation: Integrity ensures that data has not been tampered with or modified by unauthorized parties. If any alteration occurs to the receipts or financial reports after approval, cryptographic integrity mechanisms (like digital signatures or hash functions) would detect the change, making it evident that the records are no longer original. 3. a) Symmetric Encryption: Where: Encrypting sensitive donor and payment information* stored in the FMS database or during transmission between the FMS server and authorized internal users (e.g., Treasurer, Finance Committee Chair) within a secure, controlled network. Reason: Symmetric encryption is faster and more efficient* for encrypting large volumes of data. For internal, trusted communications, managing a shared secret key is more feasible. b) Asymmetric Encryption: Where: For digital signatures on major payment approvals and financial reports, and for secure remote access* by the Pastor/Administrator. Reason: Asymmetric encryption provides non-repudiation (ensuring an approver cannot deny their action) and secure key exchange* for remote access without needing to pre-share a secret key over an insecure channel. 4. Public/private keys help the finance team secure remote access and reduce the key-sharing problem in the following ways: Secure Remote Access: When a finance team member accesses the FMS remotely, their private key can be used to digitally sign their login request, authenticating their identity to the server. The server can then encrypt data using the team member's public key*, ensuring that only the legitimate user (who holds the corresponding private key) can decrypt and view the information. Reduce Key-Sharing Problem: With public/private key pairs, users only need to share their public keys, which are not secret. The private key* remains confidential to its owner. This eliminates the complex and risky process of securely distributing a shared secret key to multiple users, which is a major challenge in symmetric encryption, especially in a remote access scenario. 5. The cryptographic objective that prevents denial of approvals for major payments is non-repudiation. The practical mechanism that supports this is digital signatures*. Explanation: When an authorized officer approves a major payment, they use their unique private key to create a digital signature for that specific approval. This signature is cryptographically linked to the officer and the transaction. Anyone can verify this signature using the officer's public key*. Since only the officer possesses their private key, they cannot later deny having made the approval, thus ensuring non-repudiation. Send me the next one 📸