网络安全技术英文习题集网络安全技术培训课件.docx
《网络安全技术英文习题集网络安全技术培训课件.docx》由会员分享,可在线阅读,更多相关《网络安全技术英文习题集网络安全技术培训课件.docx(36页珍藏版)》请在冰点文库上搜索。
网络安全技术英文习题集网络安全技术培训课件
《网络安全技术》英文习题集
Chapter1Introduction
ANSWERSNSWERSTOQUESTIONS
1.1WhatistheOSIsecurityarchitecture?
TheOSISecurityArchitectureisaframeworkthatprovidesasystematicwayofdefiningtherequirementsforsecurityandcharacterizingtheapproachestosatisfyingthoserequirements.Thedocumentdefinessecurityattacks,mechanisms,andservices,andtherelationshipsamongthesecategories.
1.2Whatisthedifferencebetweenpassiveandactivesecuritythreats?
Passiveattackshavetodowitheavesdroppingon,ormonitoring,transmissions.Electronicmail,filetransfers,andclient/serverexchangesareexamplesoftransmissionsthatcanbemonitored.Activeattacksincludethemodificationoftransmitteddataandattemptstogainunauthorizedaccesstocomputersystems.
1.3Listsandbrieflydefinecategoriesofpassiveandactivesecurityattacks?
Passiveattacks:
releaseofmessagecontentsandtrafficanalysis.Activeattacks:
masquerade,replay,modificationofmessages,anddenialofservice.
1.4Listsandbrieflydefinecategoriesofsecurityservice?
Authentication:
Theassurancethatthecommunicatingentityistheonethatitclaimstobe.
Accesscontrol:
Thepreventionofunauthorizeduseofaresource(i.e.,thisservicecontrolswhocanhaveaccesstoaresource,underwhatconditionsaccesscanoccur,andwhatthoseaccessingtheresourceareallowedtodo).
Dataconfidentiality:
Theprotectionofdatafromunauthorizeddisclosure.
Dataintegrity:
Theassurancethatdatareceivedareexactlyassentbyanauthorizedentity(i.e.,containnomodification,insertion,deletion,orreplay).
Nonrepudiation:
Providesprotectionagainstdenialbyoneoftheentitiesinvolvedinacommunicationofhavingparticipatedinallorpartofthecommunication.
Availabilityservice:
Thepropertyofasystemorasystemresourcebeingaccessibleandusableupondemandbyanauthorizedsystementity,accordingtoperformancespecificationsforthesystem(i.e.,asystemisavailableifitprovidesservicesaccordingtothesystemdesignwheneverusersrequestthem).
Chapter2SymmetricEncryptionandMessageConfidentiality
ANSWERSNSWERSTOQUESTIONS
2.1Whataretheessentialingredientsofasymmetriccipher?
Plaintext,encryptionalgorithm,secretkey,ciphertext,decryptionalgorithm.
2.2Whatarethetwobasicfunctionsusedinencryptionalgorithms?
Permutationandsubstitution.
2.3Howmanykeysarerequiredfortwopeopletocommunicateviaasymmetriccipher?
Onesecretkey.
2.4Whatisthedifferencebetweenablockcipherandastreamcipher?
Astreamcipherisonethatencryptsadigitaldatastreamonebitoronebyteatatime.Ablockcipherisoneinwhichablockofplaintextistreatedasawholeandusedtoproduceaciphertextblockofequallength.
2.5Whatarethetwogeneralapproachestoattackingacipher?
Cryptanalysisandbruteforce.
2.6Whydosomeblockciphermodesofoperationonlyuseencryptionwhileothersusebothencryptionanddecryption?
Insomemodes,theplaintextdoesnotpassthroughtheencryptionfunction,butisXORedwiththeoutputoftheencryptionfunction.Themathworksoutthatfordecryptioninthesecases,theencryptionfunctionmustalsobeused.
2.7Whatistripleencryption?
Withtripleencryption,aplaintextblockisencryptedbypassingitthroughanencryptionalgorithm;theresultisthenpassedthroughthesameencryptionalgorithmagain;theresultofthesecondencryptionispassedthroughthesameencryptionalgorithmathirdtime.Typically,thesecondstageusesthedecryptionalgorithmratherthantheencryptionalgorithm.
2.8Whyisthemiddleportionof3DESadecryptionratherthananencryption?
Thereisnocryptographicsignificancetotheuseofdecryptionforthesecond
stage.Itsonlyadvantageisthatitallowsusersof3DEStodecryptdataencryptedbyusersoftheoldersingleDESbyrepeatingthekey.
2.9Whatisthedifferencebetweenlinkandend-to-endencryption?
Withlinkencryption,eachvulnerablecommunicationslinkisequippedonbothendswithanencryptiondevice.Withend-to-endencryption,theencryptionprocessiscarriedoutatthetwoendsystems.Thesourcehostorterminalencryptsthedata;thedatainencryptedformarethentransmittedunalteredacrossthenetworktothedestinationterminalorhost.
2.10Listwaysinwhichsecretkeyscanbedistributedtotwocommunicatingparties.
FortwopartiesAandB,keydistributioncanbeachievedinanumberofways,asfollows:
(1)AcanselectakeyandphysicallydeliverittoB.
(2)AthirdpartycanselectthekeyandphysicallydeliverittoAandB.
(3)IfAandBhavepreviouslyandrecentlyusedakey,onepartycantransmitthenewkeytotheother,encryptedusingtheoldkey.
(4)IfAandBeachhasanencryptedconnectiontoathirdpartyC,CcandeliverakeyontheencryptedlinkstoAandB.
2.11Whatisthedifferencebetweenasessionkeyandamasterkey?
Asessionkeyisatemporaryencryptionkeyusedbetweentwoprincipals.Amasterkeyisalong-lastingkeythatisusedbetweenakeydistributioncenterandaprincipalforthepurposeofencodingthetransmissionofsessionkeys.Typically,themasterkeysaredistributedbynoncryptographicmeans.
2.12Whatisakeydistributioncenter?
Akeydistributioncenterisasystemthatisauthorizedtotransmittemporarysessionkeystoprincipals.Eachsessionkeyistransmittedinencryptedform,usingamasterkeythatthekeydistributioncentershareswiththetargetprincipal.
ANSWERSNSWERSTOPROBLEMS
2.1WhatRC4keyvaluewillleaveSunchangedduringinitialization?
Thatis,aftertheinitialpermutationofS,theentriesofSwillbeequaltothevaluesfrom0through255inascendingorder.
Useakeyoflength255bytes.Thefirsttwobytesarezero;thatisK[0]=K[1]=0.Thereafter,wehave:
K[2]=255;K[3]=254;…K[255]=2.
2.2Ifabiterroroccursinthetransmissionofaciphertextcharacterin8-bitCFBmode,howfardoestheerrorpropagate?
Nineplaintextcharactersareaffected.Theplaintextcharactercorrespondingtotheciphertextcharacterisobviouslyaltered.Inaddition,thealteredciphertextcharacterenterstheshiftregisterandisnotremoveduntilthenexteightcharactersareprocessed.
2.3Keydistributionschemesusinganaccesscontrolcenterand/orakeydistributioncenterhavecentralpointsvulnerabletoattack.Discussthesecurityimplicationsofsuchcentralization.
Thecentralpointsshouldbehighlyfault-tolerant,shouldbephysicallysecured,andshouldusetrustedhardware/software.
Chapter3Public-KeyCryptographyandMessageAuthentication
ANSWERSNSWERSTOQUESTIONS
3.1Listthreeapproachestomessageauthentication.
Messageencryption,messageauthenticationcode,hashfunction.
3.2Whatismessageauthenticationcode?
Anauthenticatorthatisacryptographicfunctionofboththedatatobeauthenticatedandasecretkey.
3.3BrieflydescribethethreeschemesillustratedinFigture3.2.
(a)Ahashcodeiscomputedfromthesourcemessage,encryptedusingsymmetricencryptionandasecretkey,andappendedtothemessage.Atthereceiver,thesamehashcodeiscomputed.Theincomingcodeisdecryptedusingthesamekeyandcomparedwiththecomputedhashcode.(b)Thisisthesameprocedureasin(a)exceptthatpublic-keyencryptionisused;thesenderencryptsthehashcodewiththesender'sprivatekey,andthereceiverdecryptsthehashcodewiththesender'spublickey.(c)Asecretvalueisappendedtoamessageandthenahashcodeiscalculatedusingthemessageplussecretvalueasinput.Thenthemessage(withoutthesecretvalue)andthehashcodearetransmitted.Thereceiverappendsthesamesecretvaluetothemessageandcomputesthehashvalueoverthemessageplussecretvalue.Thisisthencomparedtothereceivedhashcode.
3.4Whatpropertiesmustahashfunctionhavetobeusefulformessageauthentication?
(1)Hcanbeappliedtoablockofdataofanysize.
(2)Hproducesafixed-lengthoutput.
(3)H(x)isrelativelyeasytocomputeforanygivenx,makingbothhardwareandsoftwareimplementationspractical.
(4)Foranygivenvalueh,itiscomputationallyinfeasibletofindxsuchthatH(x)=h.Thisissometimesreferredtointheliteratureastheone-wayproperty.
(5)Foranygivenblockx,itiscomputationallyinfeasibletofindy≠xwithH(y)=H(x).
(6)Itiscomputationallyinfeasibletofindanypair(x,y)suchthatH(x)=H(y).
3.5Inthecontextofahashfunction,whatisacompressionfunction?
Thecompressionfunctionisthefundamentalmodule,orbasicbuildingblock,ofahashfunction.Thehashfunctionconsistsofiteratedapplicationofthecompressionfunction.
3.6Whataretheprincipalingredientsofapublic-keycryptosystem?
Plaintext:
Thisisthereadablemessageordatathatisfedintothealgorithmasinput.Encryptionalgorithm:
Theencryptionalgorithmperformsvarioustransformationsontheplaintext.Publicandprivatekeys:
Thisisapairofkeysthathavebeenselectedsothatifoneisusedforencryption,theotherisusedfordecryption.Theexacttransformationsperformedbytheencryptionalgorithmdependonthepublicorprivatekeythatisprovidedasinput.Ciphertext:
Thisisthescrambledmessageproducedasoutput.Itdependsontheplaintextandthekey.Foragivenmessage,twodifferentkeyswillproducetwodifferentciphertexts.Decryptionalgorithm:
Thisalgorithmacceptstheciphertextandthematchingkeyandproducestheoriginalplaintext.
3.7Listandbrieflydefinethreeusesofapublic-keycryptosystem.
Encryption/decryption:
Thesenderencryptsamessagewiththerecipient'spublickey.Digitalsignature:
Thesender"signs"amessagewithitsprivate
升级会员 