Cryptography and Network Security Chapter 1 - Chapter 8., Exams of Advanced Education

Cryptography and Network Security Chapter 1 - Chapter 8.

Typology: Exams

2025/2026

Available from 05/22/2026

Allen_Nelson
Allen_Nelson 🇺🇸

5.6K documents

1 / 14

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1 | P a g e
Cryptography and Network Security Chapter 1 -
Chapter 8.
Save
1.1).What is the OSI security architecture? - ANSWERframework that provides
a systematic way of defining the requirements for security and characterizing
the approaches to satisfying those requirements. The document defines
security attacks, mechanisms, and services, and the relationships among
these categories.
1.2).What is the difference between passive and active security threats? -
ANSWERPassive attacks have to do with eavesdropping on, or monitoring,
transmissions. Electronic mail, file transfers, and client/server exchanges are
examples of transmissions that can be monitored.
Active attacks include the modification of transmitted data and attempts to
gain unauthorized access to computer systems.
1.3).List and briefly define categories of passive and active security attacks. -
ANSWERPassive attacks: release of message contents and traffic analysis.
Active attacks: masquerade, replay, modification of messages, and denial of
service.
1.4).List and briefly define categories of security services. -
ANSWERAuthentication: The assurance that the communicating entity is the
one that it claims to be.
Access control: The prevention of unauthorized use of a resource (i.e., this
service controls who can have access to a resource, under what conditions
access can occur, and what those accessing the resource are allowed to do).
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe

Partial preview of the text

Download Cryptography and Network Security Chapter 1 - Chapter 8. and more Exams Advanced Education in PDF only on Docsity!

Cryptography and Network Security Chapter 1 -

Chapter 8.

Save 1.1).What is the OSI security architecture? - ANSWERframework that provides a systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. The document defines security attacks, mechanisms, and services, and the relationships among these categories. 1.2).What is the difference between passive and active security threats? - ANSWERPassive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, file transfers, and client/server exchanges are examples of transmissions that can be monitored. Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems. 1.3).List and briefly define categories of passive and active security attacks. - ANSWERPassive attacks: release of message contents and traffic analysis. Active attacks: masquerade, replay, modification of messages, and denial of service. 1.4).List and briefly define categories of security services. - ANSWERAuthentication: The assurance that the communicating entity is the one that it claims to be. Access control: The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do).

Data confidentiality: The protection of data from unauthorized disclosure. Data integrity: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them). 1.5). List and briefly define categories of security mechanisms. - ANSWEREncipherment: The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys. Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery (e.g., by the recipient). Access Control: A variety of mechanisms that enforce access rights to Resources. Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units. Authentication Exchange: A mechanism intended to ensure the identity of an entity by means of information exchange. Traffic Padding: The insertion of bits into gaps in a data stream to Frustrate traffic analysis attempts. Routing Control: Enables selection of particular physically secure

Brute force. 2.6).List and briefly define types of cryptanalytic attacks based on what is known to the attacker. - ANSWERCipher text only: One possible attack under these circumstances is the brute-force approach of trying all possible keys. If the key space is very large, this becomes impractical. Thus, the opponent must rely on an analysis of the cipher text itself Known plaintext: The analyst may be able to capture one or more plaintext messages as well as their encryptions. With this knowledge, the analyst may be able to deduce the key on the basis of the way in which the known plaintext is transformed. Chosen plaintext: If the analyst is able to choose the messages to encrypt, the analyst may deliberately pick patterns that can be expected to reveal the structure of the key. 2.7).What is the difference between an unconditionally secure cipher and a computationally secure cipher? - ANSWERAn encryption scheme is unconditionally secure if the cipher text generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much cipher text is available. An encryption scheme is said to be computationally secure if: (1) the cost of breaking the cipher exceeds the value of the encrypted information, and (2) the time required to break the cipher exceeds the useful lifetime of the information. 2.8).Briefly defines the Caesar cipher. - ANSWERThe Caesar cipher involves replacing each letter of the alphabet with the letter standing k places further down the alphabet, for k in the range 1 through 25. 2.9).Briefly defines the monoalphabetic cipher. - ANSWERA monoalphabetic substitution cipher maps a plaintext alphabet to a cipher text alphabet, so

that each letter of the plaintext alphabet maps to a single unique letter of the cipher text alphabet. 2.10).Briefly defines the Play fair cipher. - ANSWERThe Play fair algorithm is based on the use of a 5 * 5 matrix of letters constructed using a keyword. Plaintext is encrypted two letters at a time using this matrix. 2.11).What is the difference between a monoalphabetic cipher and a polyalphabetic cipher? - ANSWERA polyalphabetic substitution cipher uses a separate monoalphabetic substitution cipher for each successive letter of plaintext, depending on a key. 2.12).What are two problems with the one-time pad? - ANSWER1. There is the practical problem of making large quantities of random keys. Any heavily used system might require millions of random characters on a regular basis. Supplying truly random characters in this volume is a significant task.

  1. Even more daunting is the problem of key distribution and protection. For every message to be sent, a key of equal length is needed by both sender and receiver. Thus, a mammoth key distribution problem exists. 2.13).What is a transposition cipher? - ANSWERA transposition cipher involves a permutation of the plaintext letters. 2.14).What is steganography? - ANSWERSteganography involves concealing the existence of a message. 3.1). Why is it important to study the Feistel cipher? - ANSWERMost symmetric block encryption algorithms in current use are based on the Feistel block cipher structure. A study of the Feistel structure reveals the principles behind these recent ciphers.

3.6).Which parameters and design choices determine the actual algorithm of a Feistel cipher? - ANSWERBlock size: Larger block sizes mean greater security (all other things being equal) but reduced encryption/decryption speed. Key size: Larger key size means greater security but may decrease encryption/decryption speed. Number of rounds: The essence of the Feistel cipher is that a single round offers inadequate security but that multiple rounds offer increasing security. Sub key generation algorithm: Greater complexity in this algorithm should lead to greater difficulty of cryptanalysis. Round function: Again, greater complexity generally means greater resistance to cryptanalysis. Fast software encryption/decryption: In many cases, encryption is embedded in applications or utility functions in such a way as to preclude a hardware implementation. Accordingly, the speed of execution of the algorithm becomes a concern. Ease of analysis: Although we would like to make our algorithm as difficult as possible to cryptanalyze, there is great benefit in making the algorithm easy to analyze. That is, if the algorithm can be concisely and clearly explained, it is easier to analyze that algorithm for cryptanalytic vulnerabilities and therefore develop a higher level of assurance as to its strength. 3.7).What is the purpose of the S-boxes in DES? - ANSWERThe S-box is a substitution function that introduces nonlinearity and adds to the complexity of the transformation. 3.8).Explain the avalanche effect. - ANSWERThe avalanche effect is a property of any encryption algorithm such that a small change in either the plaintext or the key produces a significant change in the cipher text.

3.9).What is the difference between differential and linear cryptanalysis? - ANSWERDifferential cryptanalysis is a technique in which chosen plaintexts with particular XOR difference patterns are encrypted. The difference patterns of the resulting cipher text provide information that can be used to determine the encryption key. Linear cryptanalysis is based on finding linear approximations to describe the transformations performed in a block cipher. 4.1).Briefly defines a group. - ANSWERA group is a set of elements that is closed under a binary operation and that is associative and that includes an identity element and an inverse element. 4.2).Briefly defines a ring. - ANSWERA ring is a set of elements that is closed under two binary operations, addition and subtraction, with the following: the addition operation is a group that is commutative; the multiplication operation is associative and is distributive over the addition operation. 4.3).Briefly defines a field. - ANSWERA field is a ring in which the multiplication operation is commutative, has no zero divisors, and includes an identity element and an inverse element. 4.4).What does it mean to say that is a divisor of? - ANSWERA nonzero b is a divisor of "a" if a = mb for some m, where a, b, and m are integers. That is, b is a divisor of "a" if there is no remainder on division. 4.5).What is the difference between modular arithmetic and ordinary arithmetic? - ANSWERIn modular arithmetic, all arithmetic operations are performed modulo some integer.

5.3).What is the difference between Rijndael and AES? - ANSWERRijndael allows for block lengths of 128, 192, or 256 bits. AES allows only a block length of 128 bits. 5.4).What is the purpose of the State array? - ANSWERThe State array holds the intermediate results on the 128-bit block at each stage in the processing. 5.5). How is the S-box constructed? - ANSWER1. Initialize the S-box with the byte values in ascending sequence row by row. The first row contains {00}, {01}, {02}, etc., the second row contains {10}, {11}, etc., and so on. Thus, the value of the byte at row x, column y is {xy}.

  1. Map each byte in the S-box to its multiplicative inverse in the finite field GF (28); the value {00} is mapped to itself.
  2. Consider that each byte in the S-box consists of 8 bits labeled (b7, b6, b5, b4, b3, b2, b1, b0). Apply the following transformation to each bit of each byte in the S-box: bi ' bi bi4mod8 bi5mod8 bi6mod8 bi7mod8 ci Where ci is the i-th bit of byte c with the value {63}; that is, (c7c6c5c4c3c2c1c0) = (01100011). The prime (') indicates that the variable is to be updated by the value on the right.

5.6).Briefly describe Sub Bytes. - ANSWEREach individual byte of State is mapped into a new byte in the following way: The leftmost 4 bits of the byte are used as a row value and the rightmost 4 bits are used as a column value. These row and column values serve as indexes into the S-box to select a unique 8-bit output value. 5.7).Briefly describe Shift Rows. - ANSWERThe first row of State is not altered. For the second row, a 1-byte circular left shift is performed. For the third row, a 2-byte circular left shift is performed. For the third row, a 3- byte circular left shift is performed. 5.8).How many bytes in State are affected by Shift Rows? - ANSWER12 bytes. 5.9).Briefly describe Mix Columns. - ANSWERMix Columns operates on each column individually. Each byte of a column is mapped into a new value that is a function of all four bytes in that column. 5.10).Briefly describe AddRoundKey. - ANSWERThe 128 bits of State are bitwise XORed with the 128 bits of the round key. 5.11).Briefly describe the key expansion algorithm. - ANSWERThe AES key expansion algorithm takes as input a 4-word (16-byte) key and produces a linear array of 44 words (156 bytes). The expansion is defined by the pseudo code in AES Cipher.

cipher text) pair. In essence, the plaintext is encrypted to produce an intermediate value in the double encryption, and the cipher text is decrypted to produce an intermediation value in the double encryption. Table lookup techniques can be used in such a way to dramatically improve on a brute- force try of all pairs of keys. 6.3). How many keys are used in triple encryption? - ANSWERTriple encryption can be used with three distinct keys for the three stages; alternatively, the same key can be used for the first and third stage. 6.4).Why is the middle portion of 3DES a decryption rather than an encryption? - ANSWERThere is no cryptographic significance to the use of decryption for the second stage. Its only advantage is that it allows users of 3DES to decrypt data encrypted by users of the older single DES by repeating the key. 6.5).Why do some block cipher modes of operation only use encryption while others use both encryption and decryption? - ANSWERIn some modes, the plaintext does not pass through the encryption function, but is XORed with the output of the encryption function. The math works out that for decryption in these cases, the encryption function must also be used. 8.1).What is a prime number? - ANSWERAn integer p > 1 is a prime number if and only if its only divisors are 1 and p. 8.2).What is the meaning of the expression divides? - ANSWERWe say that a nonzero b divides a if a = mb for some m, where a, b, and m are integers.

8.3).What is Euler's totient function? - ANSWEREuler's totient function, written n), is the number of positive integers less than n and relatively prime to n. 8.4).The Miller-Rabin test can determine if a number is not prime but cannot determine if a number is prime. How can such an algorithm be used to test for primality? - ANSWERThe algorithm takes a candidate integer n as input and returns the result "composite" if n is definitely not a prime, and the result "inconclusive" if n may or may not be a prime. If the algorithm is repeatedly applied to a number and repeatedly returns inconclusive, then the probability that the number is actually prime increases with each inconclusive test. The probability required to accept a number as prime can be set as close to 1.0 as desired by increasing the number of tests made. 8.5).What is a primitive root of a number? - ANSWERsuch that am 8.6).What is the difference between an index and a discrete logarithm? - ANSWERThe two terms are synonymous.