Questions and Answers of Cryptography And Network Security

List and briefly define the SSH protocols.
In SSL and TLS, why is there a separate Change Cipher Spec Protocol rather than including a change_cipher_spec message in the Handshake Protocol?
What purpose does the MAC serve during the change cipher spec SSL exchange?
Consider the following threats to Web security and describe how each is countered by a particular feature of SSL.a. Brute-Force Cryptanalytic Attack: An exhaustive search of the key space for a
Based on what you have learned in this chapter, is it possible in SSL for the receiver to reorder SSL record blocks that arrive out of order? If so, explain how it can be done. If not, why not?
For SSH packets, what is the advantage, if any, of not including the MAC in the scope of the packet encryption?
What is the basic building block of an 802.11 WLAN?
Define an extended service set.
Is a distribution system a wireless network?
What security areas are addressed by IEEE 802.11i?
Briefly describe the four IEEE 802.11i phases of operation.
What is the difference between TKIP and CCMP?
What is the difference between an HTML filter and a WAP proxy?
What services are provided by WSP?
When would each of the three WTP transaction classes be used?
List and briefly define the security services provided by WTLS.
Briefly describe the four protocol elements of WTLS.
List and briefly define all of the keys used in WTLS.
Describe three alternative approaches to providing WAP end-to-end security.
In IEEE 802.11, open system authentication simply consists of two communications.An authentication is requested by the client, which contains the station ID (typically the MAC address). This is
Prior to the introduction of IEEE 802.11i, the security scheme for IEEE 802.11 was Wired Equivalent Privacy (WEP). WEP assumed all devices in the network share a secret key.The purpose of the
For WEP, data integrity and data confidentiality are achieved using the RC4 stream encryption algorithm. The transmitter of an MPDU performs the following steps, referred to as encapsulation:1. The
A potential weakness of the CRC as an integrity check is that it is a linear function.This means that you can predict which bits of the CRC are changed if a single bit of the message is changed.
One potential weakness in WTLS is the use of CBC mode cipher encryption. The standard states that for CBC mode block ciphers, the IV (initialization vector) for each record is calculated in the
An earlier version of WTLS supported a 40-bit XOR MAC and also supported RC4 stream encryption. The XOR MAC works by padding the message with zeros, dividing it into 5-byte blocks and XORing these
What are the five principal services provided by PGP?
What is the utility of a detached signature?
Why does PGP generate a signature before applying compression?
What is R64 conversion?
Why is R64 conversion useful for an e-mail application?
How does PGP use the concept of trust?
What is RFC 5322?
What is MIME?
What is S/MIME?
What is DKIM?
PGP makes use of the cipher feedback (CFB) mode of CAST-128, whereas most symmetric encryption applications (other than key encryption) use the cipher block chaining (CBC) mode.We haveThese two
In the PGP scheme, what is the expected number of session keys generated before a previously created key is produced?
In PGP, what is the probability that a user with N public keys will have at least one duplicate key ID?
The first 16 bits of the message digest in a PGP signature are translated in the clear.a. To what extent does this compromise the security of the hash algorithm?b. To what extent does it in fact
In Figure 18.4, each entry in the public-key ring contains an Owner Trust field that indicates the degree of trust associated with this public-key owner.Why is that not enough? That is, if this owner
What is the basic difference between X.509 and PGP in terms of key hierarchies and key trust?
Phil Zimmermann chose IDEA, three-key triple DES, and CAST-128 as symmetric encryption algorithms for PGP. Give reasons why each of the following symmetric encryption algorithms described in this
Consider radix-64 conversion as a form of encryption. In this case, there is no key. But suppose that an opponent knew only that some form of substitution algorithm was being used to encrypt English
Encode the text “plaintext” using the following techniques. Assume characters are stored in 8-bit ASCII with zero parity.a. Radix-64b. Quoted-printable
Give examples of applications of IPsec.
What services are provided by IPsec?
What parameters identify an SA and what parameters characterize the nature of a particular SA?
What is the difference between transport mode and tunnel mode?
What is a replay attack?
Why does ESP include a padding field?
What are the basic approaches to bundling SAs?
What are the roles of the Oakley key determination protocol and ISAKMP in IPsec?
Describe and explain each of the entries in Table 19.2. Table 19.2 Host SPD Example Protocol Local IP Port Remote IP 1.2.3.101 500 1.2.3.101 * UDP ICMP TCP TCP * 1.2.3.101 * 1.2.3.101 * 1.2.3.101 *
Draw a figure similar to Figure 19.8 for AH. IPv6 IPv6 Orig IP hdr Orig IP hdr IPv4 IPv4 IPv4 Orig IP hdr Extension headers (if present) Orig IP ESP hdr hdr TCP (a) Before Applying ESP TCP New IP ESP
List the major security services provided by AH and ESP, respectively.
In discussing AH processing, it was mentioned that not all of the fields in an IP header are included in MAC calculation.a. For each of the fields in the IPv4 header, indicate whether the field is
Suppose that the current replay window spans from 120 to 530.a. If the next incoming authenticated packet has sequence number 105, what will the receiver do with the packet, and what will be the
When tunnel mode is used, a new outer IP header is constructed. For both IPv4 and IPv6, indicate the relationship of each outer IP header field and each extension header in the outer packet to the
End-to-end authentication and encryption are desired between two hosts. Draw figures similar to Figure 19.8 that show each of the following.a. Transport adjacency with encryption applied before
The IPsec architecture document states that when two transport mode SAs are bundled to allow both AH and ESP protocols on the same end-to-end flow, only one ordering of security protocols seems
For the IKE key exchange, indicate which parameters in each message go in which ISAKMP payload types.
Where does IPsec reside in a protocol stack?
What are two common techniques used to protect a password file?
What are three benefits that can be provided by an intrusion detection system?
What is the difference between statistical anomaly detection and rule-based intrusion detection?
What metrics are useful for profile-based intrusion detection?
What is the difference between rule-based anomaly detection and rule-based penetration identification?
What is a honeypot?
What is a salt in the context of UNIX password management?
List and briefly define four techniques used to avoid guessable passwords.
The overlapping area of the two probability density functions of Figure 20.1 represents the region in which there is the potential for false positives and false negatives.Further, Figure 20.1 is an
An example of a host-based intrusion detection tool is the tripwire program.This is a file integrity checking tool that scans files and directories on the system on a regular basis and notifies the
A taxicab was involved in a fatal hit-and-run accident at night. Two cab companies, the Green and the Blue, operate in the city.You are told that:• 85% of the cabs in the city are Green and 15% are
Explain the suitability or unsuitability of the following passwords:a. YK 334b. mfmitm (for “my favoritec. Natalie1d. Washington movie is tender mercies)e. Aristotlef. tv9stove g. 12345678 h.
An early attempt to force users to use less predictable passwords involved computersupplied passwords. The passwords were eight characters long and were taken from the character set consisting of
Assume that source elements of length are mapped in some uniform fashion into a target elements of length . If each digit can take on one of values, then the number of source elements is rk and the
A phonetic password generator picks two segments randomly for each six-letter password.The form of each segment is CVC (consonant, vowel, consonant), wherea. What is the total password population?b.
Assume that passwords are limited to the use of the 95 printable ASCII characters and that all passwords are 10 characters in length.Assume a password cracker with an encryption rate of 6.4 million
Because of the known risks of the UNIX password system, the SunOS-4.0 documentation recommends that the password file be removed and replaced with a publicly readable file called /etc/publickey. An
The encryption scheme used for UNIX passwords is one way; it is not possible to reverse it.Therefore, would it be accurate to say that this is, in fact, a hash code rather than an encryption of the
It was stated that the inclusion of the salt in the UNIX password scheme increases the difficulty of guessing by a factor of 4096. But the salt is stored in plaintext in the same entry as the
Assuming that you have successfully answered the preceding problem and understand the significance of the salt, here is another question.Wouldn’t it be possible to thwart completely all password
Consider the Bloom filter discussed in Section 20.3. Define k = number of hash functions;N = number of bits in hash table; and D = number of words in dictionary.a. Show that the expected number of
Design a file access system to allow certain users read and write access to a file, depending on authorization set up by the system. The instructions should be of the format:READ (F, User A): attempt
What is the role of compression in the operation of a virus?
What are typical phases of operation of a virus or worm?
What is a digital immune system?
Describe some worm countermeasures.
What is a DDoS?
There is a flaw in the virus program of Figure 21.1.What is it? program V := {goto main; 1234567; subroutine infect-executable := {loop: file := get-random-executable-file; } if (first-line-of-file =
Consider the following fragment:What type of malicious software is this? legitimate code if data is Friday the 13th; (); crash_computer legitimate code
Consider the following fragment in an authentication programWhat type of malicious software is this? username password = read_username (); read_password(); if username is "133t h4ckor" return
The following code fragments show a sequence of virus instructions and a metamorphic version of the virus. Describe the effect produced by the metamorphic code. Original Code mov eax, 5 add eax, ebx
The list of passwords used by the Morris worm is provided at this book’s Web site.a. The assumption has been expressed by many people that this list represents words commonly used as passwords.
Suggest some methods of attacking the PWC worm defense that could be used by worm creators and suggest countermeasures to these methods.
What information is used by a typical packet filtering firewall?
What are some weaknesses of a packet filtering firewall?
What is the difference between a packet filtering firewall and a stateful inspection firewall?
What is an application-level gateway?
What is a circuit-level gateway?

Showing 200 - 300 of 498