版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、文档供参考,可复制、编制,期待您的好评与关注! 网络安全技术英文习题集Chapter 1 IntroductionANSWERS NSWERS TO QUESTIONS1.1 What is the OSI security architecture?The OSI Security Architecture is a framework that provides a systematic way of defining the requirements for security and characterizing the approaches to satisfying those re
2、quirements. The document defines security attacks, mechanisms, and services, and the relationships among these categories.1.2 What is the difference between passive and active security threats?Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, file trans
3、fers, and client/server exchanges are examples of transmissions that can be monitored. Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems.1.3 Lists and briefly define categories of passive and active security attacks?Passive attac
4、ks: release of message contents and traffic analysis. Active attacks: masquerade, replay, modification of messages, and denial of service.1.4 Lists and briefly define categories of security service?Authentication: The assurance that the communicating entity is the one that it claims to be. Access co
5、ntrol: The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do).Data confidentiality: The protection of data from unauthorized disclosure.Data inte
6、grity: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the commu
7、nication.Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever use
8、rs request them).Chapter2 Symmetric Encryptionand Message ConfidentialityANSWERS NSWERS TO QUESTIONS2.1 What are the essential ingredients of a symmetric cipher?Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm.2.2 What are the two basic functions used in encryption algor
9、ithms?Permutation and substitution.2.3 How many keys are required for two people to communicate via a symmetric cipher?One secret key.2.4 What is the difference between a block cipher and a stream cipher?A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. A bloc
10、k cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length.2.5 What are the two general approaches to attacking a cipher?Cryptanalysis and brute force.2.6 Why do some block cipher modes of operation only use encryption while others use
11、both encryption and decryption?In some modes, the plaintext does not pass through the encryption function, but is XORed with the output of the encryption function. The math works out that for decryption in these cases, the encryption function must also be used.2.7 What is triple encryption?With trip
12、le encryption, a plaintext block is encrypted by passing it through an encryption algorithm; the result is then passed through the same encryption algorithm again; the result of the second encryption is passed through the same encryption algorithm a third time. Typically, the second stage uses the d
13、ecryption algorithm rather than the encryption algorithm.2.8 Why is the middle portion of 3DES a decryption rather than an encryption?There is no cryptographic significance to the use of decryption for the secondstage. Its only advantage is that it allows users of 3DES to decrypt data encrypted by u
14、sers of the older single DES by repeating the key.2.9 What is the difference between link and end-to-end encryption?With link encryption, each vulnerable communications link is equipped on both ends with an encryption device. With end-to-end encryption, the encryption process is carried out at the t
15、wo end systems. The source host or terminal encrypts the data; the data in encrypted form are then transmitted unaltered across the network to the destination terminal or host.2.10 List ways in which secret keys can be distributed to two communicating parties.For two parties A and B, key distributio
16、n can be achieved in a number of ways, as follows:(1)A can select a key and physically deliver it to B.(2)A third party can select the key and physically deliver it to A and B.(3)If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the
17、old key.(4)If A and B each has an encrypted connection to a third party C, C can deliver a key on the encrypted links to A and B.2.11 What is the difference between a session key and a master key?A session key is a temporary encryption key used between two principals. A master key is a long-lasting
18、key that is used between a key distribution center and a principal for the purpose of encoding the transmission of session keys. Typically, the master keys are distributed by noncryptographic means.2.12 What is a key distribution center?A key distribution center is a system that is authorized to tra
19、nsmit temporary session keys to principals. Each session key is transmitted in encrypted form, using a master key that the key distribution center shares with the target principal.ANSWERS NSWERS TO PROBLEMS2.1 What RC4 key value will leave S unchanged during initialization? That is, after the initia
20、l permutation of S, the entries of S will be equal to the values from 0 through 255 in ascending order.Use a key of length 255 bytes. The first two bytes are zero; that is K0 = K1 = 0. Thereafter, we have: K2 = 255; K3 = 254; K255= 2.2.2 If a bit error occurs in the transmission of a ciphertext char
21、acter in 8-bit CFB mode, how far does the error propagate? Nine plaintext characters are affected. The plaintext character corresponding to the ciphertext character is obviously altered. In addition, the altered ciphertext character enters the shift register and is not removed until the next eight c
22、haracters are processed.2.3 Key distribution schemes using an access control center and/or a key distribution center have central points vulnerable to attack. Discuss the security implications of such centralization.The central points should be highly fault-tolerant, should be physically secured, an
23、d should use trusted hardware/software.Chapter 3 Public-Key Cryptography and Message AuthenticationANSWERS NSWERS TO QUESTIONS3.1 List three approaches to message authentication.Message encryption, message authentication code, hash function.3.2 What is message authentication code?An authenticator th
24、at is a cryptographic function of both the data to be authenticated and a secret key.3.3 Briefly describe the three schemes illustrated in Figture3.2.(a) A hash code is computed from the source message, encrypted using symmetric encryption and a secret key, and appended to the message. At the receiv
25、er, the same hash code is computed. The incoming code is decrypted using the same key and compared with the computed hash code. (b) This is the same procedure as in (a) except that public-key encryption is used; the sender encrypts the hash code with the sender's private key, and the receiver de
26、crypts the hash code with the sender's public key. (c) A secret value is appended to a message and then a hash code is calculated using the message plus secret value as input. Then the message (without the secret value) and the hash code are transmitted. The receiver appends the same secret valu
27、e to the message and computes the hash value over the message plus secret value. This is then compared to the received hash code.3.4 What properties must a hash function have to be useful for message authentication?(1)H can be applied to a block of data of any size.(2)H produces a fixed-length outpu
28、t.(3)H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical.(4)For any given value h, it is computationally infeasible to find x such that H(x) = h. This is sometimes referred to in the literature as the one-way property.(5)For any given block
29、 x, it is computationally infeasible to find y x with H(y) =H(x).(6)It is computationally infeasible to find any pair (x, y) such that H(x) = H(y).3.5 In the context of a hash function, what is a compression function?The compression function is the fundamental module, or basic building block, of a h
30、ash function. The hash function consists of iterated application of the compression function.3.6 What are the principal ingredients of a public-key cryptosystem?Plaintext: This is the readable message or data that is fed into the algorithm as input. Encryption algorithm: The encryption algorithm per
31、forms various transformations on the plaintext. Public and private keys: This is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption. The exact transformations performed by the encryption algorithm depend on the public or private key that is
32、 provided as input. Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the key. For a given message, two different keys will produce two different ciphertexts. Decryption algorithm: This algorithm accepts the ciphertext and the matching key and produces the
33、 original plaintext.3.7 List and briefly define three uses of a public-key cryptosystem.Encryption/decryption: The sender encrypts a message with the recipient's public key. Digital signature: The sender "signs" a message with its private key. Signing is achieved by a cryptographic alg
34、orithm applied to the message or to a small block of data that is a function of the message. Key exchange: Two sides cooperate to exchange a session key. Several different approaches are possible, involving the private key(s) of one or both parties.3.8 What is the difference between a private key an
35、d a secret key?The key used in conventional encryption is typically referred to as a secret key. The two keys used for public-key encryption are referred to as the public key and the private key.3.9 What is digital signature?A digital signature is an authentication mechanism that enables the creator
36、 of a message to attach a code that acts as a signature. The signature is formed by taking the hash of the message and encrypting the message with the creator's private key. The signature guarantees the source and integrity of the message.3.10 What is a public-key certificate?A pubic-key certifi
37、cate consists of a public key plus a User ID of the key owner, with the whole block signed by a trusted third party. Typically, the third party is a certificate authority (CA) that is trusted by the user community, such as a government agency or a financial institution.3.11 How can public-key encryp
38、tion be used to distribute a secret key?Several different approaches are possible, involving the private key(s) of one or both parties. One approach is Diffie-Hellman key exchange. Another approach is for the sender to encrypt a secret key with the recipient's public key.ANSWERS NSWERS TO PROBLE
39、MS3.1 Consider a 32-bit hash function defined as the concatenation of two 16-bit functions: XOR and RXOR, defined in Section 3.2 as “two simple hash function.”a. Will this checksum detect all errors caused by an odd number of error bits? Explain.b. Will this checksum detect all errors caused by an e
40、ven number of error bits? If not, characterize the error patterns that will cause the checksum to fail.c. Comments on the effectiveness of this function for use a hash functions for authentication.a. Yes. The XOR function is simply a vertical parity check. If there is an odd number of errors, then t
41、here must be at least one column that contains an odd number of errors, and the parity bit for that column will detect the error. Note that the RXOR function also catches all errors caused by an odd number of error bits. Each RXOR bit is a function of a unique "spiral" of bits in the block
42、 of data. If there is an odd number of errors, then there must be at least one spiral that contains an odd number of errors, and the parity bit for that spiral will detect the error.b. No. The checksum will fail to detect an even number of errors when both the XOR and RXOR functions fail. In order f
43、or both to fail, the pattern of error bits must be at intersection points between parity spirals and parity columns such that there is an even number of error bits in each parity column and an even number of error bits in each spiral.c. It is too simple to be used as a secure hash function; finding
44、multiple messages with the same hash function would be too easy.3.2 Suppose H (m) is a collision resistant hash function that maps a message of arbitrary bit length into an n-bit hash value. Is it true that, for all messages x, x with xx,we have H(x)H(x)?Explain your answer.The statement is false. S
45、uch a function cannot be one-to-one because the number of inputs to the function is of arbitrary, but the number of unique outputs is 2n. Thus, there are multiple inputs that map into the same output.3.3 Perform encryption and decryption using the RSA algorithm, as in Figture3.9, for the following:a
46、. p=3;q=11;e=7;M=5b. p=5;q=11;e=3;M=9c. p=7;q=11;e=17;M=8d. p=11;q=13;e=11;M=7e. p=17;q=31;e=7;M=2.Hint: Decryption is not as hard as you think; use some finesse.a. n = 33; ö(n) = 20; d = 3; C = 26.b. n = 55; ö(n) = 40; d = 27; C = 14.c. n = 77; ö(n) = 60; d = 53; C = 57.d. n = 143; &
47、#246;(n) = 120; d = 11; C = 106.e. n = 527; ö(n) = 480; d = 343; C = 128. For decryption, we have128343 mod 527 = 128256 × 12864 × 12816 × 1284 × 1282 × 1281 mod 527= 35 × 256 × 35 × 101 × 47 × 128 = 2 mod 527= 2 mod 2573.4 In a public-key syste
48、m using RSA, you intercept the cipher text C=10 sent to a user whose public key is e=5, n=35.What is the plaintext M?M = 53.5 In an RSA system, the public key of a given user is e=31, n=3599.What is the private key of this user?d = 30313.6 Suppose we have a set of blocks encoded with the RSA algorit
49、hm and we dont have the private key, Assume n=pq, e is the public key. Suppose also someone tells us they know one of the plaintext blocks has a common factor with n. Does this help us in any way?Yes. If a plaintext block has a common factor with n modulo n then the encoded block will also have a co
50、mmon factor with n modulo n. Because we encode blocks that are smaller than pq, the factor must be p or q and the plaintext block must be a multiple of p or q. We can test each block for primality. If prime, it is p or q. In this case we divide into n to find the other factor. If not prime, we facto
51、r it and try the factors as divisors of n.3.7 Consider a Diffie-Hellman scheme with a common prime q=11 and a primitive root a=2.a. If user A has public key YA=9, what is As private key XA?b. If user B has public key YB=3, what is the shared secret key K?a. XA = 6b. K = 3Chapter 4 Authentication App
52、licationsANSWERS NSWERS TO QUESTIONS4.1 What problem was Kerberos designed to address?The problem that Kerberos addresses is this: Assume an open distributed environment in which users at workstations wish to access services on servers distributed throughout the network. We would like for servers to
53、 be able to restrict access to authorized users and to be able to authenticate requests for service. In this environment, a workstation cannot be trusted to identify its users correctly to network services.4.2 What are three threats associated with user authentication over a network or Internet?A us
54、er may gain access to a particular workstation and pretend to be another user operating from that workstation. 2. A user may alter the network address of a workstation so that the requests sent from the altered workstation appear to come from the impersonated workstation. 3. A user may eavesdrop on
55、exchanges and use a replay attack to gain entrance to a server or to disrupt operations.4.3 List three approaches to secure user authentication in a distributed environment.Rely on each individual client workstation to assure the identity of its user or users and rely on each server to enforce a sec
56、urity policy based on user identification (ID). 2. Require that client systems authenticate themselves to servers, but trust the client system concerning the identity of its user. 3. Require the user to prove identity for each service invoked. Also require that servers prove their identity to client
57、s.4.4 What four requirements are defined for Kerberos?Secure: A network eavesdropper should not be able to obtain the necessary information to impersonate a user. More generally, Kerberos should be strong enough that a potential opponent does not find it to be the weak link. Reliable: For all servic
58、es that rely on Kerberos for access control, lack of availability of the Kerberos service means lack of availability of the supported services. Hence, Kerberos should be highly reliable and should employ a distributed server architecture, with one system able to back up another. Transparent: Ideally
59、, the user should not be aware that authentication is taking place, beyond the requirement to enter a password. Scalable: The system should be capable of supporting large numbers of clients and servers. This suggests a modular, distributed architecture.4.5 What entities constitute a full-service Kerberos enviro
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 合作餐馆协议合同范例
- 工厂车间天棚涂料选择方案
- 幼儿园体能锻炼培训
- 高三数学上学期期中联考试题文
- 康复中心患者安全实施方案
- 2024年信息系统升级与改造协议
- 2024年再生资源回收利用系统建设合同
- 城市规划标志牌方案
- 2024年企业合规管理与咨询服务合同
- 2024年OLED电视购销合同
- 《重症肺炎诊治进展》课件
- 《电话通信网》课件
- 公司管理制度的责任追究与问责机制
- 皮肤科护士的皮肤病的皮肤疗法(药物)的剂量计算和监测技巧
- 铁路路基施工与维护习题集
- 翻车机系统工作原理及运行常见故障及处理
- 班主任培训专题讲座
- 曼丁之狮-松迪亚塔
- 金属挤压共(有色挤压工)中级复习资料练习卷含答案
- 护患沟通情景实例
- 往复式压缩机常见故障与排除
评论
0/150
提交评论