信息安全答案

Whatisthebasiccomponentsofcomputersecurity?Trytogivetheconnotationofeachiteminyourlist.Answer:Confidentiality:Keepingdataandresourceshidden;Integrity:referstothetrustworthinessofdataorresources,anditisusuallyphrasedintermsofpreventingimproperorunauthorizedchange.Integrityincludesdataintegrityandoriginintegrity.Availability:Enablingaccesstodataandresources.Whataresecuritypolicyandsecuritymechanism?Answer:Policysayswhatis,andisnot,allowed.Thisdefines"security"forthesite/system/etc.policiesoftenrequiresomeproceduralmechanismsthattechnologycannotenforceMechanismsisamethod,tool,orprocedureforenforcingasecuritypolicy.Mechanismscanbenontechnical,suchasrequiringproofofidentitybeforechangingapasswordWhatarethedifferencesbetweenMACandDAC?Answer:答案在.txt文档中。Consideracomputersystemwiththreeusers:Alice,Bob,andCyndy.Aliceownsthefilealicerc,andBobandCyndycanreadit.CyndycanreadandwriterBob'sfilebobrc,butAlicecanonlyreadit.OnlyCyndycanreadandwriteherfileCyndyrc.Assumethattheownerofeachofthesefilescanexcuteit.Createthecorrespondingaccesscontrolmatrix.CyndygivesAlicepermissiontoreadCyndyrc,andAliceremovesBob'sabilitytoreadalicerc.Showthenewaccesscontrolmatrix.Answer:Thesimplestframeworkfordescribingaprotectionsystemistheaccesscontrolmatrixmodel,whichdescribestherightsofusersoverfilesinamatrix.alicercbobrccyndyrcAliceBobCyndyAliceoxrrwxoBobroxrwxoCyndyrrworwxrwxo⑵alicercbobrccyndyrcAliceBobCyndyAliceoxrrrwxoBoboxrwxoCyndyrrworwxrwxoC汜sarcipher&Vigen辻eCipher&DES.Answer:TheC缶sarcipheristhewidelyknowncipherinwhichlettersareshifted.Forexample,ifthekeyis3,theletterAbecomesD,BbecomesE,andsoforth,endingwithZbecomingC.Sotheword"HELLO"isencipheredas"KHOOR."Vigen^reCipher:Alongerkeymightobscurethestatistics.TheVigenerecipherchoosesasequenceofkeys,representedbyastring.Thekeylettersareappliedtosuccessiveplaintextcharacters,andwhentheendofthekeyisreached,thekeystartsover.Thelengthofthekeyiscalledtheperiodofthecipher.DES加密算法见文档。

Explainwhatareconfidentiality,integrityandavailabilityincomputersecurity.(10points)Answer:Confidentiality:confidentialityistheconcealmentofinformationorresources.Accesscontrolmechanismssupportconfidentiality.confidentialityalsoappliestotheexistenceofdata,whichissometimesmorerevealingthanthedataitself.Resourcehidingisanotherimportantaspectofconfidentiality.Allthemechanismsthatenforceconfidentialityrequiresupportingservicesfromthesystem.Integrity:Integrityreferstothetrustworthinessofdataorresources,anditisusuallyphrasedintermsofpreventingimproperorunauthorizedchange.Integrityincludesdataintegrityandoriginintegrity.Integritymechanismsfallintotwoclasses:preventionmechanismsanddetectionmechanisms.Availability:Availabilityreferstotheabilitytousetheinformationorresourcedesired.Availabilityisanimportantaspectofreliabilityaswellasofsystemdesignbecauseanunavailablesystemisatleastasbadasnosystematall.Whataredefinitionsofobjectandsubject?(lesson2)Answer:Thesetofallprotectedentities(thatis,entitiesthatarerelevanttotheprotectionstateofthesystem)iscalledthesetofobjectsO.ThesetofsubjectsSisthesetofactiveobjects,suchasprocessesandusers.信息系统中的所有实体都可以分为主体和客体。所谓主体，就是系统中具有主动性的实体，如用户、进程等，它们可以主动发起操作。所谓客体，则是被动的、作为操作对象的实体，如文件、存储设备等，我们可以把它们看做存储信息内容的容器。Answer:10.6数字签名必须与所签文件捆绑在一起。数字签名是通过验证算法来验证。好的数字签名算法应该使伪造签名十分困难。数字签名是一个二进制串，容易复制。所以必须防止数字签名重复使用。数字签名必须保证以下几点：接收者能够核实发送者对报文的签名；发送者事后不能抵赖对报文的签名；接收者不能伪造对报文的签名。First,supposethatAlicewantstotrickBobintosigningamessagem.Shecomputestwoothermessagesm1andm2suchthatm1m2modnBob=m.ShehasBobsignm1andm2.AlicethenmultipliesthetwosignaturestogetherandreducesmodnBob,andshehasBob'ssignatureonm.(SeeExercise8.)Thedefenseisnottosignrandomdocumentsand,whensigning,neversignthedocumentitself;signacryptographichashofthedocument.SupposeAliceissendingBobhersignatureonaconfidentialcontractm.Sheenciphersitfirst,thensignsit:抑EH粘耐andsendstheresulttoBob.However,BobwantstoclaimthatAlicesenthimthecontractM.BobcomputesanumberrsuchthatMrmodnBob=m.Hethenrepublisheshispublickeyas(reBob,nBob).Notethatthemodulusdoesnotchange.Now,heclaimsthatAlicesenthimM.Thejudgeverifiesthisusinghiscurrentpublickey.Thesimplestwaytofixthisistorequirealluserstousethesameexponentbutvarythemoduli.(先用哈希函数对明文进行压缩，再把明文用私钥加密，把加密的和之前的明文传给别人，然后别人再把加密的用公钥解密，把明文哈希压缩一下，最后比较这两者之间的hash值是否相等，若等，则为真实签名，否则是伪造的)ListthebasicrequirementsofCryptographicChecksumfunction.(9-4)Acryptographicchecksumfunction(alsocalledastronghashfunctionorastrongone-wayfunction)h:A一＞Bisafunctionthathasthefollowingproperties.ForanyxGA,h(x)iseasytocompute.ForanyyGB,itiscomputationallyinfeasibletofindxGAsuchthath(x)=y.Itiscomputationallyinfeasibletofindx,x'GA,suchthatxHx'andh(x)=h(x').(Suchapairiscalledacollision.)Thethirdrequirementisoftenstatedas:GivenanyxGA,itiscomputationallyinfeasibletofindanotherx'GAsuchthatxGx'andh(x')=h(x).lO.Whatarethedifferencesbetweentheclassicalkeycryptographyandthepublickeycryptography?Answer:Classicalcryptosystems(alsocalledsingle-keyorsymmetriccryptosystems)arecryptosystemsthatusethesamekeyforenciphermentanddecipherment.Inthesesystems,forallEkGCandkGK,thereisaDkGDsuchthatDkk k k=Ek-1・Thepublickeycryptography:Oneofthekeyswouldbepubliclyknown;theotherwouldbekeptprivatebyitsowner.Classicalcryptographyrequiresthesenderandrecipienttoshareacommonkey.Publickeycryptographydoesnot.Iftheenciphermentkeyispublic,tosendasecretmessagesimplyencipherthemessagewiththerecipient'spublickey.Thensendit.Therecipientcandecipheritusinghisprivatekey.Becauseonekeyispublic,anditscomplementarykeymustremainsecret,apublickeycryp