New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
computer science
cryptography and network security
Cryptography And Network Security 5th Edition William Stallings - Solutions
What are the differences among the firewalls of Figure 22.1? program V := {goto main; 1234567; subroutine infect-executable := {loop: file := get-random-executable-file; if (first-line-of-file = 1234567) then goto loop else prepend V to file; } } subroutine do-damage := {whatever damage is to be
What are the common characteristics of a bastion host?
Why is it useful to have host-based firewalls?
What is a DMZ network and what types of systems would you expect to find on such networks?
What is the difference between an internal and an external firewall?
As was mentioned in Section 22.3, one approach to defeating the tiny fragment attack is to enforce a minimum length of the transport header that must be contained in the first fragment of an IP packet. If the first fragment is rejected, all subsequent fragments can be rejected. However, the nature
RFC 791, the IPv4 protocol specification, describes a reassembly algorithm that results in new fragments overwriting any overlapped portions of previously received fragments. Given such a reassembly implementation, an attacker could construct a series of packets in which the lowest (zero-offset)
Table 22.3 shows a sample of a packet filter firewall ruleset for an imaginary network of IP address that range from 192.168.1.0 to 192.168.1.254. Describe the effect of each rule. Table 22.3 Sample Packet Filter Firewall Ruleset Source Address Source Port 1 2 4 5 69 7 Any 192.168.1.1 Any
SMTP (Simple Mail Transfer Protocol) is the standard protocol for transferring mail between hosts over TCP. A TCP connection is set up between a user agent and a server program.The server listens on TCP port 25 for incoming connection requests.The user end of the connection is on a TCP port number
To provide more protection, the ruleset from the preceding problem is modified as follows:a. Describe the change.b. Apply this new ruleset to the same six packets of the preceding problem. Indicate which packets are permitted or denied and which rule is used in each case. Rule Direction A In B Out
A hacker uses port 25 as the client port on his or her end to attempt to open a connection to your Web proxy server.a. The following packets might be generated:Explain why this attack will succeed, using the ruleset of the preceding problem.b. When a TCP connection is initiated, the ACK bit in the
A common management requirement is that “all external Web traffic must flow via the organization’s Web proxy.” However, that requirement is easier stated than implemented.Discuss the various problems and issues, possible solutions, and limitations with supporting this requirement. In
Consider the threat of “theft/breach of proprietary or confidential information held in key data files on the system.” One method by which such a breach might occur is the accidental/deliberate e-mailing of information to a user outside to the organization.A possible countermeasure to this is
You are given the following “informal firewall policy” details to be implemented using a firewall like that in Figure 22.3:1. E-mail may be sent using SMTP in both directions through the firewall, but it must be relayed via the DMZ mail gateway that provides header sanitization and content
Describe a classification of computer crime based on the role that the computer plays in the criminal activity.
Define three types of property.
Define three types of intellectual property.
What are the basic conditions that must be fulfilled to claim a copyright?
What rights does a copyright confer?
Briefly describe the Digital Millennium Copyright Act.
Describe the principal categories of users of digital rights management systems.
What are the key principles embodied in the EU Directive on Data Protection?
What functions can a professional code of conduct serve to fulfill?
For each of the cybercrimes cited in Table 23.1, indicate whether it falls into the category of computer as target, computer as storage device, or computer as communications tool. In the first case, indicate whether the crime is primarily an attack on data integrity, system integrity, data
Repeat Problem 23.1 for Table 23.2. Table 23.2 CERT 2006 E-Crime Watch Survey Results Theft of intellectual property Theft of other (proprietary) info including customer records, financial records, etc. Denial of service attacks Virus, worms or other malicious code Fraud (credit card fraud, etc.)
Review the results of a recent Computer Crime Survey such as the CSI/FBI or AusCERT surveys.What changes do they note in the types of crime reported? What differences are there between their results and those shown in Table 23.2? Table 23.2 CERT 2006 E-Crime Watch Survey Results Theft of
An early controversial use of the DCMA was its use in a case in the United States brought by the Motion Picture Association of America (MPAA) in 2000 to attempt to suppress distribution of the DeCSS program and derivatives.These could be used circumvent the copy protection on commercial DVDs.
Consider a popular DRM system like Apple’s FairPlay, used to protect audio tracks purchased from the iTunes music store. If a person purchases a track from the iTunes store by an artist managed by a record company such as EMI, identify which company or person fulfils each of the DRM component
Table 23.4 lists the privacy guidelines issued by the Organization for Economic Cooperation and Development (OECD). Compare these guidelines to the categories the EU adopted in the Directive on Data Protection. Table 23.4 OECD Guidelines on the Protection of Privacy and Transborder Flows of
Many countries now require organizations that collect personal information to publish a privacy policy detailing how they will handle and use such information. Obtain a copy of the privacy policy for an organization to which you have provided your personal details. Compare this policy with the
Assume you are a midlevel systems administrator for one section of a larger organization.You try to encourage your users to have good password policies and you regularly run password-cracking tools to check that those in use are not guessable. You have become aware of a burst of hacker
Section 23.4 stated that the three ethical codes illustrated in this chapter (ACM, IEEE, AITP) share the common themes of dignity and worth of people; personal integrity; responsibility for work; confidentiality of information; public safety, health, and welfare; participation in professional
This book’s Web site includes a copy of the ACM Code of Professional Conduct from 1982. Compare this Code with the 1997 ACM Code of Ethics and Professional Conduct (Figure 23.7).a. Are there any elements in the 1982 Code not found in the 1997 Code? Propose a rationale for excluding these.b. Are
This book’s Web site includes a copy of the IEEE Code of Ethics from 1979. Compare this Code with the 2006 IEEE Code of Ethics (Figure 23.8).a. Are there any elements in the 1979 Code not found in the 2006 Code? Propose a rationale for excluding these.b. Are there any elements in the 2006 Code
This book’s Web site includes a copy of the 1999 Software Engineering Code of Ethics and Professional Practice (Version 5.2) as recommended by an ACM/IEEE-CS Joint Task Force. Compare this Code with each of the three codes reproduced in this chapter (Figure 23.7 through 23.9). Comment in each
What is the OSI security architecture?
List and briefly define categories of passive and active security attacks.
List and briefly define categories of security services.
List and briefly define categories of security mechanisms.
Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the
Repeat Problem 1.1 for a telephone switching system that routes calls through a switching network based on the telephone number requested by the caller.Problem 1.1Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access.
Draw a matrix similar to Table 1.4 that shows the relationship between security services and attacks. Table 1.4 Relationship Between Security Services and Mechanisms Service Peer Entity Authentication Data Origin Authentication Access Control Confidentiality Traffic Flow Confidentiality Data
Draw a matrix similar to Table 1.4 that shows the relationship between security mechanisms and attacks. Table 1.4 Relationship Between Security Services and Mechanisms Service Peer Entity Authentication Data Origin Authentication Access Control Confidentiality Traffic Flow Confidentiality Data
What are the essential ingredients of a symmetric cipher?
What are the two basic functions used in encryption algorithms?
How many keys are required for two people to communicate via a cipher?
What is the difference between a block cipher and a stream cipher?
What are the two general approaches to attacking a cipher?
List and briefly define types of cryptanalytic attacks based on what is known to the attacker.
What is the difference between an unconditionally secure cipher and a computationally secure cipher?
Briefly define the Caesar cipher.
Briefly define the monoalphabetic cipher.
Briefly define the Playfair cipher.
What is the difference between a monoalphabetic cipher and a polyalphabetic cipher?
What are two problems with the one-time pad?
What is a transposition cipher?
What is steganography?
A generalization of the Caesar cipher, known as the affine Caesar cipher, has the following form: For each plaintext letter \(p\), substitute the ciphertext letter \(C\) :\[C=E([a, b], p)=(a p+b) \bmod 26\]A basic requirement of any encryption algorithm is that it be one-to-one. That is, if \(p eq
How many one-to-one affine Caesar ciphers are there?
A ciphertext has been generated with an affine cipher. The most frequent letter of the ciphertext is 'B', and the second most frequent letter of the ciphertext is ' \(\mathrm{U}\) '. Break this code.
The following ciphertext was generated using a simple substitution algorithm.Decrypt this message.1. As you know, the most frequently occurring letter in English is e. Therefore, the first or second (or perhaps third?) most common character in the message is likely to stand for e. Also, e is often
One way to solve the key distribution problem is to use a line from a book that both the sender and the receiver possess. Typically, at least in spy novels, the first sentence of a book serves as the key. The particular scheme discussed in this problem is from one of the best suspense novels
In one of his cases, Sherlock Holmes was confronted with the following message.Although Watson was puzzled, Holmes was able immediately to deduce the type of cipher. Can you? 534 C2 13 127 36 31 4 17 21 41 109 293 5 37 26 BIRLSTONE 9 127 171 DOUGLAS BIRLSTONE
This problem uses a real-world example, from an old U.S. Special Forces manual (public domain). A copy is available at this book's Web site.a. Using the two keys (memory words) cryptographic and network security, encrypt the following message:Be at the third pillar from the left outside the lyceum
A disadvantage of the general monoalphabetic cipher is that both sender and receiver must commit the permuted cipher sequence to memory. A common technique for avoiding this is to use a keyword from which the cipher sequence can be generated. For example, using the keyword CIPHER, write out the
When the PT-109 American patrol boat, under the command of Lieutenant John F. Kennedy, was sunk by a Japanese destroyer, a message was received at an Australian wireless station in Playfair code:The key used was royal new zealand navy. Decrypt the message. Translate TT into tt. KXJEY UREBE ZWEHE
a. Construct a Playfair matrix with the key largest.b. Construct a Playfair matrix with the key occurrence. Make a reasonable assumption about how to treat redundant letters in the key.
a. Using this Playfair matrix:Encrypt this message:Must see you over Cadogan West. Coming at once.The message is from the Sherlock Holmes story, The Adventure of the Bruce- Partington Plans.b. Repeat part (a) using the Playfair matrix from Problem 2.10a.c. How do you account for the results of this
a. How many possible keys does the Playfair cipher have? Ignore the fact that some keys might produce identical encryption results. Express your answer as an approximate power of 2 .b. Now take into account the fact that some Playfair keys produce the same encryption results. How many effectively
What substitution system results when we use a \(25 \times 1\) Playfair matrix?
a. Encrypt the message "meet me at the usual place at ten rather than eight oclock" using the Hill cipher with the key \(\left(\begin{array}{ll}9 & 4 \\ 5 & 7\end{array}ight)\). Show your calculations and the result.b. Show the calculations for the corresponding decryption of the ciphertext to
We have shown that the Hill cipher succumbs to a known plaintext attack if sufficient plaintext-ciphertext pairs are provided. It is even easier to solve the Hill cipher if a chosen plaintext attack can be mounted. Describe such an attack.
2.16 It can be shown that the Hill cipher with the matrix \(\left(\begin{array}{ll}a & b \\ c & d\end{array}ight)\) requires that \((a d-b c)\) is relatively prime to 26 ; that is, the only common positive integer factor of \((a d-b c)\) and 26 is 1 . Thus, if \((a d-b c)=13\) or is even, the
Using the Vigenère cipher, encrypt the word "explanation" using the key leg.
This problem explores the use of a one-time pad version of the Vigenère cipher. In this scheme, the key is a stream of random numbers between 0 and 26. For example, if the key is \(3195 \ldots\), then the first letter of plaintext is encrypted with a shift of 3 letters, the second with a shift of
What is the message embedded in Figure 2.9? Dear George, Greetings to all at Oxford. Many thanks for your letter and for the Summer examination package. All Entry Forms and Fees Forms should be ready for final despatch to the Syndicate by Friday 20th or at the very latest, I'm told. by the 21st.
In one of Dorothy Sayers's mysteries, Lord Peter is confronted with the message shown in Figure 2.10. He also discovers the key to the message, which is a sequence of integers:7876565434321123434565678788787656543432112343456567878878765654433211234a. Decrypt the message. Hint: What is the largest
Write a program that can encrypt and decrypt using the general Caesar cipher, also known as an additive cipher.
Write a program that can encrypt and decrypt using the affine cipher described in Problem 2.1. I thought to see the fairies in the fields, but I saw only the evil elephants with their black backs. Woe! how that sight awed me! The elves danced all around and about while I heard voices calling
Write a program that can perform a letter frequency attack on an additive cipher without human intervention. Your software should produce possible plaintexts in rough order of likelihood. It would be good if your user interface allowed the user to specify "give me the top 10 possible plaintexts."
Write a program that can perform a letter frequency attack on any monoalphabetic substitution cipher without human intervention. Your software should produce possible plaintexts in rough order of likelihood. It would be good if your user interface allowed the user to specify "give me the top 10
Create software that can encrypt and decrypt using a 2×22×2 Hill cipher.
Create software that can perform a fast known plaintext attack on a Hill cipher, given the dimension \(m\). How fast are your algorithms, as a function of \(m\) ?
Why is it important to study the Feistel cipher?
What is the difference between a block cipher and a stream cipher?
Why is it not practical to use an arbitrary reversible substitution cipher of the kindshown in Table 3.1? Table 3.1 Encryption and Decryption Tables for Substitution Cipher of Figure 3.2 Plaintext 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111 Ciphertext 1110 0100
What is a product cipher?
What is the difference between diffusion and confusion?
Which parameters and design choices determine the actual algorithm of a Feistel cipher?
What is the purpose of the S-boxes in DES?
Explain the avalanche effect.
What is the difference between differential and linear cryptanalysis?
a. In Section 3.1, under the subsection on the motivation for the Feistel cipher structure, it was stated that, for a block of \(n\) bits, the number of different reversible mappings for the ideal block cipher is \(2^{n}\) !. Justify.b. In that same discussion, it was stated that for the ideal
Consider a Feistel cipher composed of sixteen rounds with a block length of 128 bits and a key length of 128 bits. Suppose that, for a given \(k\), the key scheduling algorithm determines values for the first eight round keys, \(k_{1}, k_{2}, \ldots k_{8}\), and then sets\[k_{9}=k_{8},
Consider a block encryption algorithm that encrypts blocks of length \(n\), and let \(N=2^{n}\). Say we have \(t\) plaintext-ciphertext pairs \(P_{i}, C_{i}=\mathrm{E}\left(K, P_{i}ight)\), where we assume that the key \(K\) selects one of the \(N\) ! possible mappings. Imagine that we wish to find
Let \(\pi\) be a permutation of the integers \(0,1,2, \ldots,\left(2^{n}-1ight)\), such that \(\pi(m)\) gives the permuted value of \(m, 0 \leq m
Consider the substitution defined by row 1 of \(S\)-box \(S_{1}\) in Table 3.3. Show a block diagram similar to Figure 3.2 that corresponds to this substitution. 0 1 2 3 4 0 1 2 3 4 5 5 4-bit input 4 to 16 decoder 6 7 8 9 10 11 12 13 14 15 6 7 8 9 10 11 12 13 14 15 16 to 4 encoder 4-bit output
Compute the bits number 1,16,33, and 48 at the output of the first round of the DES decryption, assuming that the ciphertext block is composed of all ones and the external key is composed of all ones.
Suppose the DES F function mapped every 32-bit input R, regardless of the value of the input \(\mathrm{K}\), toa. 32-bit string of onesb. bitwise complement of \(\mathrm{R}\)Hint: Use the following properties of the XOR operation:1. What function would DES then compute?2. What would the decryption
This problem provides a numerical example of encryption using a one-round version of DES. We start with the same bit pattern for the key KK and the plaintext, namely:a. Derive K1K1, the first-round subkey.b. Derive L0,R0L0,R0.c. Expand R0R0 to get E[R0]E[R0], where E[⋅]E[⋅] is the expansion
Showing 300 - 400
of 498
1
2
3
4
5
Step by Step Answers
Get 50% OFF
Claim Now
