Questions and Answers of Cryptography And Network Security

What are the differences among the firewalls of Figure 22.1? program V := {goto main; 1234567; subroutine infect-executable := {loop: file := get-random-executable-file; if (first-line-of-file =
What are the common characteristics of a bastion host?
Why is it useful to have host-based firewalls?
What is a DMZ network and what types of systems would you expect to find on such networks?
What is the difference between an internal and an external firewall?
As was mentioned in Section 22.3, one approach to defeating the tiny fragment attack is to enforce a minimum length of the transport header that must be contained in the first fragment of an IP
RFC 791, the IPv4 protocol specification, describes a reassembly algorithm that results in new fragments overwriting any overlapped portions of previously received fragments. Given such a reassembly
Table 22.3 shows a sample of a packet filter firewall ruleset for an imaginary network of IP address that range from 192.168.1.0 to 192.168.1.254. Describe the effect of each rule. Table 22.3 Sample
SMTP (Simple Mail Transfer Protocol) is the standard protocol for transferring mail between hosts over TCP. A TCP connection is set up between a user agent and a server program.The server listens on
To provide more protection, the ruleset from the preceding problem is modified as follows:a. Describe the change.b. Apply this new ruleset to the same six packets of the preceding problem. Indicate
A hacker uses port 25 as the client port on his or her end to attempt to open a connection to your Web proxy server.a. The following packets might be generated:Explain why this attack will succeed,
A common management requirement is that “all external Web traffic must flow via the organization’s Web proxy.” However, that requirement is easier stated than implemented.Discuss the various
Consider the threat of “theft/breach of proprietary or confidential information held in key data files on the system.” One method by which such a breach might occur is the accidental/deliberate
You are given the following “informal firewall policy” details to be implemented using a firewall like that in Figure 22.3:1. E-mail may be sent using SMTP in both directions through the
Describe a classification of computer crime based on the role that the computer plays in the criminal activity.
Define three types of property.
Define three types of intellectual property.
What are the basic conditions that must be fulfilled to claim a copyright?
What rights does a copyright confer?
Briefly describe the Digital Millennium Copyright Act.
Describe the principal categories of users of digital rights management systems.
What are the key principles embodied in the EU Directive on Data Protection?
What functions can a professional code of conduct serve to fulfill?
For each of the cybercrimes cited in Table 23.1, indicate whether it falls into the category of computer as target, computer as storage device, or computer as communications tool. In the first case,
Repeat Problem 23.1 for Table 23.2. Table 23.2 CERT 2006 E-Crime Watch Survey Results Theft of intellectual property Theft of other (proprietary) info including customer records, financial records,
Review the results of a recent Computer Crime Survey such as the CSI/FBI or AusCERT surveys.What changes do they note in the types of crime reported? What differences are there between their results
An early controversial use of the DCMA was its use in a case in the United States brought by the Motion Picture Association of America (MPAA) in 2000 to attempt to suppress distribution of the DeCSS
Consider a popular DRM system like Apple’s FairPlay, used to protect audio tracks purchased from the iTunes music store. If a person purchases a track from the iTunes store by an artist managed by
Table 23.4 lists the privacy guidelines issued by the Organization for Economic Cooperation and Development (OECD). Compare these guidelines to the categories the EU adopted in the Directive on Data
Many countries now require organizations that collect personal information to publish a privacy policy detailing how they will handle and use such information. Obtain a copy of the privacy policy for
Assume you are a midlevel systems administrator for one section of a larger organization.You try to encourage your users to have good password policies and you regularly run password-cracking tools
Section 23.4 stated that the three ethical codes illustrated in this chapter (ACM, IEEE, AITP) share the common themes of dignity and worth of people; personal integrity; responsibility for work;
This book’s Web site includes a copy of the ACM Code of Professional Conduct from 1982. Compare this Code with the 1997 ACM Code of Ethics and Professional Conduct (Figure 23.7).a. Are there any
This book’s Web site includes a copy of the IEEE Code of Ethics from 1979. Compare this Code with the 2006 IEEE Code of Ethics (Figure 23.8).a. Are there any elements in the 1979 Code not found in
This book’s Web site includes a copy of the 1999 Software Engineering Code of Ethics and Professional Practice (Version 5.2) as recommended by an ACM/IEEE-CS Joint Task Force. Compare this Code
What is the OSI security architecture?
List and briefly define categories of passive and active security attacks.
List and briefly define categories of security services.
List and briefly define categories of security mechanisms.
Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability
Repeat Problem 1.1 for a telephone switching system that routes calls through a switching network based on the telephone number requested by the caller.Problem 1.1Consider an automated teller machine
Draw a matrix similar to Table 1.4 that shows the relationship between security services and attacks. Table 1.4 Relationship Between Security Services and Mechanisms Service Peer Entity
Draw a matrix similar to Table 1.4 that shows the relationship between security mechanisms and attacks. Table 1.4 Relationship Between Security Services and Mechanisms Service Peer Entity
What are the essential ingredients of a symmetric cipher?
What are the two basic functions used in encryption algorithms?
How many keys are required for two people to communicate via a cipher?
What is the difference between a block cipher and a stream cipher?
What are the two general approaches to attacking a cipher?
List and briefly define types of cryptanalytic attacks based on what is known to the attacker.
What is the difference between an unconditionally secure cipher and a computationally secure cipher?
Briefly define the Caesar cipher.
Briefly define the monoalphabetic cipher.
Briefly define the Playfair cipher.
What is the difference between a monoalphabetic cipher and a polyalphabetic cipher?
What are two problems with the one-time pad?
What is a transposition cipher?
What is steganography?
A generalization of the Caesar cipher, known as the affine Caesar cipher, has the following form: For each plaintext letter \(p\), substitute the ciphertext letter \(C\) :\[C=E([a, b], p)=(a p+b)
How many one-to-one affine Caesar ciphers are there?
A ciphertext has been generated with an affine cipher. The most frequent letter of the ciphertext is 'B', and the second most frequent letter of the ciphertext is ' \(\mathrm{U}\) '. Break this code.
The following ciphertext was generated using a simple substitution algorithm.Decrypt this message.1. As you know, the most frequently occurring letter in English is e. Therefore, the first or second
One way to solve the key distribution problem is to use a line from a book that both the sender and the receiver possess. Typically, at least in spy novels, the first sentence of a book serves as the
In one of his cases, Sherlock Holmes was confronted with the following message.Although Watson was puzzled, Holmes was able immediately to deduce the type of cipher. Can you? 534 C2 13 127 36 31 4 17
This problem uses a real-world example, from an old U.S. Special Forces manual (public domain). A copy is available at this book's Web site.a. Using the two keys (memory words) cryptographic and
A disadvantage of the general monoalphabetic cipher is that both sender and receiver must commit the permuted cipher sequence to memory. A common technique for avoiding this is to use a keyword from
When the PT-109 American patrol boat, under the command of Lieutenant John F. Kennedy, was sunk by a Japanese destroyer, a message was received at an Australian wireless station in Playfair code:The
a. Construct a Playfair matrix with the key largest.b. Construct a Playfair matrix with the key occurrence. Make a reasonable assumption about how to treat redundant letters in the key.
a. Using this Playfair matrix:Encrypt this message:Must see you over Cadogan West. Coming at once.The message is from the Sherlock Holmes story, The Adventure of the Bruce- Partington Plans.b. Repeat
a. How many possible keys does the Playfair cipher have? Ignore the fact that some keys might produce identical encryption results. Express your answer as an approximate power of 2 .b. Now take into
What substitution system results when we use a \(25 \times 1\) Playfair matrix?
a. Encrypt the message "meet me at the usual place at ten rather than eight oclock" using the Hill cipher with the key \(\left(\begin{array}{ll}9 & 4 \\ 5 & 7\end{array}ight)\). Show your
We have shown that the Hill cipher succumbs to a known plaintext attack if sufficient plaintext-ciphertext pairs are provided. It is even easier to solve the Hill cipher if a chosen plaintext attack
2.16 It can be shown that the Hill cipher with the matrix \(\left(\begin{array}{ll}a & b \\ c & d\end{array}ight)\) requires that \((a d-b c)\) is relatively prime to 26 ; that is, the only common
Using the Vigenère cipher, encrypt the word "explanation" using the key leg.
This problem explores the use of a one-time pad version of the Vigenère cipher. In this scheme, the key is a stream of random numbers between 0 and 26. For example, if the key is \(3195 \ldots\),
What is the message embedded in Figure 2.9? Dear George, Greetings to all at Oxford. Many thanks for your letter and for the Summer examination package. All Entry Forms and Fees Forms should be ready
In one of Dorothy Sayers's mysteries, Lord Peter is confronted with the message shown in Figure 2.10. He also discovers the key to the message, which is a sequence of
Write a program that can encrypt and decrypt using the general Caesar cipher, also known as an additive cipher.
Write a program that can encrypt and decrypt using the affine cipher described in Problem 2.1. I thought to see the fairies in the fields, but I saw only the evil elephants with their black backs.
Write a program that can perform a letter frequency attack on an additive cipher without human intervention. Your software should produce possible plaintexts in rough order of likelihood. It would be
Write a program that can perform a letter frequency attack on any monoalphabetic substitution cipher without human intervention. Your software should produce possible plaintexts in rough order of
Create software that can encrypt and decrypt using a 2×22×2 Hill cipher.
Create software that can perform a fast known plaintext attack on a Hill cipher, given the dimension \(m\). How fast are your algorithms, as a function of \(m\) ?
Why is it important to study the Feistel cipher?
What is the difference between a block cipher and a stream cipher?
Why is it not practical to use an arbitrary reversible substitution cipher of the kindshown in Table 3.1? Table 3.1 Encryption and Decryption Tables for Substitution Cipher of Figure 3.2 Plaintext
What is a product cipher?
What is the difference between diffusion and confusion?
Which parameters and design choices determine the actual algorithm of a Feistel cipher?
What is the purpose of the S-boxes in DES?
Explain the avalanche effect.
What is the difference between differential and linear cryptanalysis?
a. In Section 3.1, under the subsection on the motivation for the Feistel cipher structure, it was stated that, for a block of \(n\) bits, the number of different reversible mappings for the ideal
Consider a Feistel cipher composed of sixteen rounds with a block length of 128 bits and a key length of 128 bits. Suppose that, for a given \(k\), the key scheduling algorithm determines values for
Consider a block encryption algorithm that encrypts blocks of length \(n\), and let \(N=2^{n}\). Say we have \(t\) plaintext-ciphertext pairs \(P_{i}, C_{i}=\mathrm{E}\left(K, P_{i}ight)\), where we
Let \(\pi\) be a permutation of the integers \(0,1,2, \ldots,\left(2^{n}-1ight)\), such that \(\pi(m)\) gives the permuted value of \(m, 0 \leq m
Consider the substitution defined by row 1 of \(S\)-box \(S_{1}\) in Table 3.3. Show a block diagram similar to Figure 3.2 that corresponds to this substitution. 0 1 2 3 4 0 1 2 3 4 5 5 4-bit input
Compute the bits number 1,16,33, and 48 at the output of the first round of the DES decryption, assuming that the ciphertext block is composed of all ones and the external key is composed of all ones.
Suppose the DES F function mapped every 32-bit input R, regardless of the value of the input \(\mathrm{K}\), toa. 32-bit string of onesb. bitwise complement of \(\mathrm{R}\)Hint: Use the following
This problem provides a numerical example of encryption using a one-round version of DES. We start with the same bit pattern for the key KK and the plaintext, namely:a. Derive K1K1, the first-round

Showing 300 - 400 of 498