网络安全技术英文习题集-网络安全技术

《网络安全技术》英文习题集Chapter1IntroductionANSWERSNSWERSTOQUESTIONS1.1WhatistheOSIsecurityarchitecture?TheOSISecurityArchitectureisaframeworkthatprovidesasystematicwayofdefiningtherequirementsforsecurityandcharacterizingtheapproachestosatisfyingthoserequirements.Thedocumentdefinessecurityattacks,mechanisms,andservices,andtherelationshipsamongthesecategories.1.2Whatisthedifferencebetweenpassiveandactivesecuritythreats?Passiveattackshavetodowitheavesdroppingon,ormonitoring,transmissions.Electronicmail,filetransfers,andclient/serverexchangesareexamplesoftransmissionsthatcanbemonitored.Activeattacksincludethemodificationoftransmitteddataandattemptstogainunauthorizedaccesstocomputersystems.1.3Listsandbrieflydefinecategoriesofpassiveandactivesecurityattacks?Passiveattacks:releaseofmessagecontentsandtrafficanalysis.Activeattacks:masquerade,replay,modificationofmessages,anddenialofservice.1.4Listsandbrieflydefinecategoriesofsecurityservice?Authentication:Theassurancethatthecommunicatingentityistheonethatitclaimstobe.Accesscontrol:Thepreventionofunauthorizeduseofaresource(i.e.,thisservicecontrolswhocanhaveaccesstoaresource,underwhatconditionsaccesscanoccur,andwhatthoseaccessingtheresourceareallowedtodo).Dataconfidentiality:Theprotectionofdatafromunauthorizeddisclosure.Dataintegrity:Theassurancethatdatareceivedareexactlyassentbyanauthorizedentity(i.e.,containnomodification,insertion,deletion,orreplay).Nonrepudiation:Providesprotectionagainstdenialbyoneoftheentitiesinvolvedinacommunicationofhavingparticipatedinallorpartofthecommunication.Availabilityservice:Thepropertyofasystemorasystemresourcebeingaccessibleandusableupondemandbyanauthorizedsystementity,accordingtoperformancespecificationsforthesystem(i.e.,asystemisavailableifitprovidesservicesaccordingtothesystemdesignwheneverusersrequestthem).Chapter2SymmetricEncryptionandMessageConfidentialityANSWERSNSWERSTOQUESTIONS2.1Whataretheessentialingredientsofasymmetriccipher?Plaintext,encryptionalgorithm,secretkey,ciphertext,decryptionalgorithm.2.2Whatarethetwobasicfunctionsusedinencryptionalgorithms?Permutationandsubstitution.2.3Howmanykeysarerequiredfortwopeopletocommunicateviaasymmetriccipher?Onesecretkey.2.4Whatisthedifferencebetweenablockcipherandastreamcipher?Astreamcipherisonethatencryptsadigitaldatastreamonebitoronebyteatatime.Ablockcipherisoneinwhichablockofplaintextistreatedasawholeandusedtoproduceaciphertextblockofequallength.2.5Whatarethetwogeneralapproachestoattackingacipher?Cryptanalysisandbruteforce.2.6Whydosomeblockciphermodesofoperationonlyuseencryptionwhileothersusebothencryptionanddecryption?Insomemodes,theplaintextdoesnotpassthroughtheencryptionfunction,butisXORedwiththeoutputoftheencryptionfunction.Themathworksoutthatfordecryptioninthesecases,theencryptionfunctionmustalsobeused.2.7Whatistripleencryption?Withtripleencryption,aplaintextblockisencryptedbypassingitthroughanencryptionalgorithm;theresultisthenpassedthroughthesameencryptionalgorithmagain;theresultofthesecondencryptionispassedthroughthesameencryptionalgorithmathirdtime.Typically,thesecondstageusesthedecryptionalgorithmratherthantheencryptionalgorithm.2.8Whyisthemiddleportionof3DESadecryptionratherthananencryption?Thereisnocryptographicsignificancetotheuseofdecryptionforthesecondstage.Itsonlyadvantageisthatitallowsusersof3DEStodecryptdataencryptedbyusersoftheoldersingleDESbyrepeatingthekey.2.9Whatisthedifferencebetweenlinkandend-to-endencryption?Withlinkencryption,eachvulnerablecommunicationslinkisequippedonbothendswithanencryptiondevice.Withend-to-endencryption,theencryptionprocessiscarriedoutatthetwoendsystems.Thesourcehostorterminalencryptsthedata;thedatainencryptedformarethentransmittedunalteredacrossthenetworktothedestinationterminalorhost.2.10Listwaysinwhichsecretkeyscanbedistributedtotwocommunicatingparties.FortwopartiesAandB,keydistributioncanbeachievedinanumberofways,asfollows:(1)AcanselectakeyandphysicallydeliverittoB.(2)AthirdpartycanselectthekeyandphysicallydeliverittoAandB.(3)IfAandBhavepreviouslyandrecentlyusedakey,onepartycantransmitthenewkeytotheother,encryptedusingtheoldkey.(4)IfAandBeachhasanencryptedconnectiontoathirdpartyC,CcandeliverakeyontheencryptedlinkstoAandB.2.11Whatisthedifferencebetweenasessionkeyandamasterkey?Asessionkeyisatemporaryencryptionkeyusedbetweentwoprincipals.Amasterkeyisalong-lastingkeythatisusedbetweenakeydistributioncenterandaprincipalforthepurposeofencodingthetransmissionofsessionkeys.Typically,themasterkeysaredistributedbynoncryptographicmeans.2.12Whatisakeydistributioncenter?Akeydistributioncenterisasystemthatisauthorizedtotransmittemporarysessionkeystoprincipals.Eachsessionkeyistransmittedinencryptedform,usingamasterkeythatthekeydistributioncentershareswiththetargetprincipal.ANSWERSNSWERSTOPROBLEMS2.1WhatRC4keyvaluewillleaveSunchangedduringinitialization?Thatis,aftertheinitialpermutationofS,theentriesofSwillbeequaltothevaluesfrom0through255inascendingorder.Useakeyoflength255bytes.Thefirsttwobytesarezero;thatisK[0]=K[1]=0.Thereafter,wehave:K[2]=255;K[3]=254;…K