密码编码学与网络安全(第五版)答案

ANSWERSTOQUESTIONS1.1TheOSISecurityArchitectureisaframeworkthatprovidesasystematicwayofdefiningtherequirementsforsecurityandcharacterizingtheapproachestosatisfyingthoserequirements.Thedocumentdefinessecurityattacks,mechanisms,andservices,andtherelationshipsamongthesecategories.1.2Passiveattackshavetodowitheavesdroppingon,ormonitoring,transmissions.Electronicmail,filetransfers,andclient/serverexchangesareexamplesoftransmissionsthatcanbemonitored.Activeattacksincludethemodificationoftransmitteddataandattemptstogainunauthorizedaccesstocomputersystems.1.3Passiveattacks:releaseofmessagecontentsandtrafficanalysis.Activeattacks:masquerade,replay,modificationofmessages,anddenialofservice.1.4Authentication:Theassurancethatthecommunicatingentityistheonethatitclaimstobe.Accesscontrol:Thepreventionofunauthorizeduseofaresource(i.e.,thisservicecontrolswhocanhaveaccesstoaresource,underwhatconditionsaccesscanoccur,andwhatthoseaccessingtheresourceareallowedtodo).Dataconfidentiality:Theprotectionofdatafromunauthorizeddisclosure.Dataintegrity:Theassurancethatdatareceivedareexactlyassentbyanauthorizedentity(i.e.,containnomodification,insertion,deletion,orreplay).Chapter1:Introduction..................................................................................................5Chapter2:ClassicalEncryptionTechniques...............................................................7Chapter3:BlockCiphersandtheDateEncryptionStandard................................13Chapter4:FiniteFields.................................................................................................21Chapter5:AdvancedEncryptionStandard..............................................................28Chapter6:MoreonSymmetricCiphers....................................................................33Chapter7:ConfidentialityUsingSymmetricEncryption.......................................38Chapter8:IntroductiontoNumberTheory..............................................................42Chapter9:Public-KeyCryptographyandRSA........................................................46Chapter10:KeyManagement;OtherPublic-KeyCryptosystems...........................55Chapter11:MessageAuthenticationandHashFunctions.......................................59Chapter12:HashandMACAlgorithms.....................................................................62Chapter13:DigitalSignaturesandAuthenticationProtocols..................................66Chapter14:AuthenticationApplications....................................................................71Chapter15:ElectronicMailSecurity............................................................................73Chapter16:IPSecurity...................................................................................................76Chapter17:WebSecurity...............................................................................................80Chapter18:Intruders......................................................................................................83Chapter19:MaliciousSoftware....................................................................................87Chapter20:Firewalls......................................................................................................89-2-Nonrepudiation:Providesprotectionagainstdenialbyoneoftheentitiesinvolvedinacommunicationofhavingparticipatedinallorpartofthecommunication.Availabilityservice:Thepropertyofasystemorasystemresourcebeingaccessibleandusableupondemandbyanauthorizedsystementity,accordingtoperformancespecificationsforthesystem(i.e.,asystemisavailableifitprovidesservicesaccordingtothesystemdesignwheneverusersrequestthem).1.5SeeTable1.3.-3-ANSWERSTOPROBLEMS1.1ReleaseofmessagecontentsTrafficanalysisMasqueradeReplayModificationofmessagesDenialofservicePeerentityauthenticationYDataoriginauthenticationYAccesscontrolYConfidentialityYTrafficflowconfidentialityYDataintegrityYYNon-repudiationYAvailabilityY1.2ReleaseofmessagecontentsTrafficanalysisMasqueradeReplayModificationofmessagesDenialofserviceEnciphermentYDigitalsignatureYYYAccesscontrolYYYYYDataintegrityYYAuthenticationexchangeYYYYTrafficpaddingYRoutingcontrolYYYNotarizationYYYCHAPTER2CLASSICALENCRYPTIONTECHNIQUESR-4-ANSWERSTOQUESTIONS2.1Plaintext,encryptionalgorithm,secretkey,ciphertext,decryptionalgorithm.2.2Permutationandsubstitution.2.3Onekeyforsymmetricciphers,twokeysforasymmetricciphers.2.4Astreamcipherisonethatencryptsadigitaldatastreamonebitoronebyteatatime.Ablockcipherisoneinwhichablockofplaintextistreatedasawholeandusedtoproduceaciphertextblockofequallength.2.5Cryptanalysisandbruteforce.2.6Ciphertextonly.Onepossibleattackunderthesecircumstancesisthebrute-forceapproachoftryingallpossiblekeys.Ifthekeyspaceisverylarge,thisbecomesimpractical.Thus,theopponentmustrelyonananalysisoftheciphertextitself,generallyapplyingvariousstatisticalteststoit.Knownplaintext.Theanalystmaybeabletocaptureoneormoreplaintextmessagesaswellastheirencryptions.Withthisknowledge,theanalystmaybeabletodeducethekeyonthebasiso