








Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Cryptography and Network Security Chapter 1 - Chapter 8.
Typology: Exams
1 / 14
This page cannot be seen from the preview
Don't miss anything!









Save 1.1).What is the OSI security architecture? - ANSWERframework that provides a systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. The document defines security attacks, mechanisms, and services, and the relationships among these categories. 1.2).What is the difference between passive and active security threats? - ANSWERPassive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, file transfers, and client/server exchanges are examples of transmissions that can be monitored. Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems. 1.3).List and briefly define categories of passive and active security attacks. - ANSWERPassive attacks: release of message contents and traffic analysis. Active attacks: masquerade, replay, modification of messages, and denial of service. 1.4).List and briefly define categories of security services. - ANSWERAuthentication: The assurance that the communicating entity is the one that it claims to be. Access control: The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do).
Data confidentiality: The protection of data from unauthorized disclosure. Data integrity: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them). 1.5). List and briefly define categories of security mechanisms. - ANSWEREncipherment: The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys. Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery (e.g., by the recipient). Access Control: A variety of mechanisms that enforce access rights to Resources. Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units. Authentication Exchange: A mechanism intended to ensure the identity of an entity by means of information exchange. Traffic Padding: The insertion of bits into gaps in a data stream to Frustrate traffic analysis attempts. Routing Control: Enables selection of particular physically secure
Brute force. 2.6).List and briefly define types of cryptanalytic attacks based on what is known to the attacker. - ANSWERCipher text only: One possible attack under these circumstances is the brute-force approach of trying all possible keys. If the key space is very large, this becomes impractical. Thus, the opponent must rely on an analysis of the cipher text itself Known plaintext: The analyst may be able to capture one or more plaintext messages as well as their encryptions. With this knowledge, the analyst may be able to deduce the key on the basis of the way in which the known plaintext is transformed. Chosen plaintext: If the analyst is able to choose the messages to encrypt, the analyst may deliberately pick patterns that can be expected to reveal the structure of the key. 2.7).What is the difference between an unconditionally secure cipher and a computationally secure cipher? - ANSWERAn encryption scheme is unconditionally secure if the cipher text generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much cipher text is available. An encryption scheme is said to be computationally secure if: (1) the cost of breaking the cipher exceeds the value of the encrypted information, and (2) the time required to break the cipher exceeds the useful lifetime of the information. 2.8).Briefly defines the Caesar cipher. - ANSWERThe Caesar cipher involves replacing each letter of the alphabet with the letter standing k places further down the alphabet, for k in the range 1 through 25. 2.9).Briefly defines the monoalphabetic cipher. - ANSWERA monoalphabetic substitution cipher maps a plaintext alphabet to a cipher text alphabet, so
that each letter of the plaintext alphabet maps to a single unique letter of the cipher text alphabet. 2.10).Briefly defines the Play fair cipher. - ANSWERThe Play fair algorithm is based on the use of a 5 * 5 matrix of letters constructed using a keyword. Plaintext is encrypted two letters at a time using this matrix. 2.11).What is the difference between a monoalphabetic cipher and a polyalphabetic cipher? - ANSWERA polyalphabetic substitution cipher uses a separate monoalphabetic substitution cipher for each successive letter of plaintext, depending on a key. 2.12).What are two problems with the one-time pad? - ANSWER1. There is the practical problem of making large quantities of random keys. Any heavily used system might require millions of random characters on a regular basis. Supplying truly random characters in this volume is a significant task.
3.6).Which parameters and design choices determine the actual algorithm of a Feistel cipher? - ANSWERBlock size: Larger block sizes mean greater security (all other things being equal) but reduced encryption/decryption speed. Key size: Larger key size means greater security but may decrease encryption/decryption speed. Number of rounds: The essence of the Feistel cipher is that a single round offers inadequate security but that multiple rounds offer increasing security. Sub key generation algorithm: Greater complexity in this algorithm should lead to greater difficulty of cryptanalysis. Round function: Again, greater complexity generally means greater resistance to cryptanalysis. Fast software encryption/decryption: In many cases, encryption is embedded in applications or utility functions in such a way as to preclude a hardware implementation. Accordingly, the speed of execution of the algorithm becomes a concern. Ease of analysis: Although we would like to make our algorithm as difficult as possible to cryptanalyze, there is great benefit in making the algorithm easy to analyze. That is, if the algorithm can be concisely and clearly explained, it is easier to analyze that algorithm for cryptanalytic vulnerabilities and therefore develop a higher level of assurance as to its strength. 3.7).What is the purpose of the S-boxes in DES? - ANSWERThe S-box is a substitution function that introduces nonlinearity and adds to the complexity of the transformation. 3.8).Explain the avalanche effect. - ANSWERThe avalanche effect is a property of any encryption algorithm such that a small change in either the plaintext or the key produces a significant change in the cipher text.
3.9).What is the difference between differential and linear cryptanalysis? - ANSWERDifferential cryptanalysis is a technique in which chosen plaintexts with particular XOR difference patterns are encrypted. The difference patterns of the resulting cipher text provide information that can be used to determine the encryption key. Linear cryptanalysis is based on finding linear approximations to describe the transformations performed in a block cipher. 4.1).Briefly defines a group. - ANSWERA group is a set of elements that is closed under a binary operation and that is associative and that includes an identity element and an inverse element. 4.2).Briefly defines a ring. - ANSWERA ring is a set of elements that is closed under two binary operations, addition and subtraction, with the following: the addition operation is a group that is commutative; the multiplication operation is associative and is distributive over the addition operation. 4.3).Briefly defines a field. - ANSWERA field is a ring in which the multiplication operation is commutative, has no zero divisors, and includes an identity element and an inverse element. 4.4).What does it mean to say that is a divisor of? - ANSWERA nonzero b is a divisor of "a" if a = mb for some m, where a, b, and m are integers. That is, b is a divisor of "a" if there is no remainder on division. 4.5).What is the difference between modular arithmetic and ordinary arithmetic? - ANSWERIn modular arithmetic, all arithmetic operations are performed modulo some integer.
5.3).What is the difference between Rijndael and AES? - ANSWERRijndael allows for block lengths of 128, 192, or 256 bits. AES allows only a block length of 128 bits. 5.4).What is the purpose of the State array? - ANSWERThe State array holds the intermediate results on the 128-bit block at each stage in the processing. 5.5). How is the S-box constructed? - ANSWER1. Initialize the S-box with the byte values in ascending sequence row by row. The first row contains {00}, {01}, {02}, etc., the second row contains {10}, {11}, etc., and so on. Thus, the value of the byte at row x, column y is {xy}.
5.6).Briefly describe Sub Bytes. - ANSWEREach individual byte of State is mapped into a new byte in the following way: The leftmost 4 bits of the byte are used as a row value and the rightmost 4 bits are used as a column value. These row and column values serve as indexes into the S-box to select a unique 8-bit output value. 5.7).Briefly describe Shift Rows. - ANSWERThe first row of State is not altered. For the second row, a 1-byte circular left shift is performed. For the third row, a 2-byte circular left shift is performed. For the third row, a 3- byte circular left shift is performed. 5.8).How many bytes in State are affected by Shift Rows? - ANSWER12 bytes. 5.9).Briefly describe Mix Columns. - ANSWERMix Columns operates on each column individually. Each byte of a column is mapped into a new value that is a function of all four bytes in that column. 5.10).Briefly describe AddRoundKey. - ANSWERThe 128 bits of State are bitwise XORed with the 128 bits of the round key. 5.11).Briefly describe the key expansion algorithm. - ANSWERThe AES key expansion algorithm takes as input a 4-word (16-byte) key and produces a linear array of 44 words (156 bytes). The expansion is defined by the pseudo code in AES Cipher.
cipher text) pair. In essence, the plaintext is encrypted to produce an intermediate value in the double encryption, and the cipher text is decrypted to produce an intermediation value in the double encryption. Table lookup techniques can be used in such a way to dramatically improve on a brute- force try of all pairs of keys. 6.3). How many keys are used in triple encryption? - ANSWERTriple encryption can be used with three distinct keys for the three stages; alternatively, the same key can be used for the first and third stage. 6.4).Why is the middle portion of 3DES a decryption rather than an encryption? - ANSWERThere is no cryptographic significance to the use of decryption for the second stage. Its only advantage is that it allows users of 3DES to decrypt data encrypted by users of the older single DES by repeating the key. 6.5).Why do some block cipher modes of operation only use encryption while others use both encryption and decryption? - ANSWERIn some modes, the plaintext does not pass through the encryption function, but is XORed with the output of the encryption function. The math works out that for decryption in these cases, the encryption function must also be used. 8.1).What is a prime number? - ANSWERAn integer p > 1 is a prime number if and only if its only divisors are 1 and p. 8.2).What is the meaning of the expression divides? - ANSWERWe say that a nonzero b divides a if a = mb for some m, where a, b, and m are integers.
8.3).What is Euler's totient function? - ANSWEREuler's totient function, written n), is the number of positive integers less than n and relatively prime to n. 8.4).The Miller-Rabin test can determine if a number is not prime but cannot determine if a number is prime. How can such an algorithm be used to test for primality? - ANSWERThe algorithm takes a candidate integer n as input and returns the result "composite" if n is definitely not a prime, and the result "inconclusive" if n may or may not be a prime. If the algorithm is repeatedly applied to a number and repeatedly returns inconclusive, then the probability that the number is actually prime increases with each inconclusive test. The probability required to accept a number as prime can be set as close to 1.0 as desired by increasing the number of tests made. 8.5).What is a primitive root of a number? - ANSWERsuch that am 8.6).What is the difference between an index and a discrete logarithm? - ANSWERThe two terms are synonymous.