Midterm 2 with Questions - Computer Security I | CS 461, Exams of Computer Science

Material Type: Exam; Professor: Hinrichs; Class: Computer Security I; Subject: Computer Science; University: University of Illinois - Urbana-Champaign; Term: Fall 2006;

Typology: Exams

Pre 2010

Uploaded on 03/16/2009

koofers-user-13a
koofers-user-13a 🇺🇸

10 documents

1 / 9

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Net ID:
University of Illinois at Urbana-Champaign
Department of Computer Science
Midterm 2
CS498SH – Information Assurance
Fall 2006
Wednesday, Oct. 27, 2006
Time Limit: 1 hour and 15 minutes
Instructions for the Student
Print your name and NetID in the space provided below; print your NetID in the
upper right hand corner of every page.
Name:
NetID:
1. A single page of supplementary notes is allowed
2. Closed book
3. A calculator is allowed.
4. Students should show work on the exam. They can use supplementary sheets of
paper if they run out of room.
5. Students can use scratch paper if desired.
Number of pages of the exam: 9
Number of questions on the exam: 15
Maximum grade on this exam is: 73 pts
Problem Points Score Grader
1 2
2 2
3 2
4 2
5 2
6 2
7 2
8 6
9 9
10 9
11 10
12 10
13 8
14 3
15 4
Information Assurance
Midterm 2 Page 1 10/27/2006
pf3
pf4
pf5
pf8
pf9

Partial preview of the text

Download Midterm 2 with Questions - Computer Security I | CS 461 and more Exams Computer Science in PDF only on Docsity!

University of Illinois at Urbana-Champaign

Department of Computer Science

Midterm 2 CS498SH – Information Assurance Fall 2006 Wednesday, Oct. 27, 2006 Time Limit: 1 hour and 15 minutes

Instructions for the Student

Print your name and NetID in the space provided below ; print your NetID in the upper right hand corner of every page. Name: NetID:

  1. A single page of supplementary notes is allowed
  2. Closed book
  3. A calculator is allowed.
  4. Students should show work on the exam. They can use supplementary sheets of paper if they run out of room.
  5. Students can use scratch paper if desired. Number of pages of the exam: 9 Number of questions on the exam: 15 Maximum grade on this exam is: 73 pts Problem Points Score Grader 1 2 2 2 3 2 4 2 5 2 6 2 7 2 8 6 9 9 10 9 11 10 12 10 13 8 14 3 15 4 Information Assurance

Information Assurance: Midterm 2

Multiple Choice – 2 points each

  1. Which of the following cryptographic algorithms is self healing? a. AES in Electronic Code Book (ECB) mode b. DES in Cipher Feedback (CFB) mode c. Vigenere Cipher d. AES in Counter mode
  2. What hard problem is the security of the Diffie-Hellman public key algorithm based on? a. Factoring large primes b. Computing discrete logarithms c. Traveling salesman optimization d. Bin packing
  3. The Enigma cipher is an example of which of the following types of ciphers? a. Substitution cipher b. Transposition cipher c. Proposition cipher d. Product cipher
  4. Which of the following encryption algorithms is an example of a Feistel network? a. AES b. DES c. RSA d. Enigma
  5. Which of the following statements must be true for a RSA system? Where e is the public exponent, d is the private exponent, and n is the modulus. a. e must be relatively prime to d b. n and d must be kept private c. ed mod n = 1 d. ed mod Φ( n ) = 1
  6. Which of the following is not traditionally an information source for proving an entity's identity? a. Something you know b. Something you have c. Something you like d. Something you are Information Assurance

Short answer

  1. (3 points each, 6 points total) Cryptographic hashes can be either keyed (require secret information to generate and verify) or keyless (require no secret information to generate and verify). a. Describe a scenario where a keyed cryptographic hash is appropriate. b. Describe a scenario where a keyless cryptographic hash is appropriate.
  2. (3 points each, 9 points total) You are given a piece of data. You need to provide confidentiality and integrity for the data. Storage is limited so you also need to compress the data. You are given RSA for encryption and signing and LZW for compression. a. Should you encrypt first or compress? Or does the order not matter? Why? b. Should you sign first or compress? Or does the order not matter? Why? c. Should you sign first or encrypt? Or does the order not matter? Why? Information Assurance
  1. (9 points total) A phoneme is a unit of sound which can be represented by a sequence of two or three characters. By using phonemes as the unit of password creation, you can create random but pronounceable passwords. According to the textbook there are 440 possible phonemes. Assume that an attacker can make 20,000 guesses per second. You are told that randomly chosen passwords must be secure with a probability of at least 75% at the end of a month. a. (4 points) Given a selection of 96 printable characters and assuming that all passwords are the same length, how long must randomly generated passwords be to meet the 75% unbroken requirement? b. (4 points) Given a selection of 440 phonemes and assuming that all passwords are the same length, how long must the random passwords be to meet the 75% unbroken requirement? Give the length in terms of phonemes. c. (1 point) Assume the average phoneme is 2.5 characters long. How long is the phoneme based password in terms of characters? Information Assurance
  1. (10 points total) Alice and Bob use Diffie-Hellman to compute a shared secret. They select p=67 and g=13. Alice picks a kAlice of 11 and Bob picks a kBob of 7. a. (4 points) Show the computations for KAlice and Kbob. b. (4 points) Show how Alice and Bob use KAlice and KBob to compute the shared secret c. (2 points) Which values of p, g, kAlice, kBob, KAlice, and KBob can be made public without affecting the security of the key exchange? Information Assurance
  1. (4 points each, 8 points total) Eve wants to replace Alice's public key certificate with her own to pose as Alice to Bob. Assume that neither Alice nor Bob has cached a copy of the other's certificate at the start of this attack. a. Consider X.509 strict hierarchy of Certificate Authorities. What aspects of the system would Eve need to thwart to present her certificate as Alice's? b. Consider a GPG web of trust. How would Eve have to carry out her attack in this system? Information Assurance