Answer-first summary for fast verification
Answer: Use public key infrastructure (PKI) to encrypt the message client side using the originating user's private key.
The question focuses on preventing message spoofing, ensuring that a message can be verified as originating from a specific user. Option C (using PKI with the originating user's private key) is correct because it provides non-repudiation and authenticity through digital signatures. When a message is encrypted with the sender's private key, the recipient can decrypt it using the sender's public key, verifying the sender's identity and ensuring the message wasn't altered. This directly addresses spoofing by tying the message to the sender's unique private key. Option A (tagging messages) is insecure as tags can be forged. Option B (shared key encryption) lacks sender authentication and is vulnerable if the key is compromised. Option D (SSL with a trusted CA) secures the client-server channel but does not inherently prevent spoofing at the application level, as it primarily authenticates the server, not the client user. The community discussion, with 78% favoring C and high upvotes for detailed reasoning supporting C, reinforces that PKI is the optimal solution for non-repudiation and spoofing prevention.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are designing a mobile chat application and need to ensure that users cannot spoof chat messages by falsely claiming a message was sent by a specific user. What should you do?
A
Tag messages client side with the originating user identifier and the destination user.
B
Encrypt the message client side using block-based encryption with a shared key.
C
Use public key infrastructure (PKI) to encrypt the message client side using the originating user's private key.
D
Use a trusted certificate authority to enable SSL connectivity between the client application and the server.
No comments yet.