信息安全技术复习题目最终版Word文件下载.docx
《信息安全技术复习题目最终版Word文件下载.docx》由会员分享,可在线阅读,更多相关《信息安全技术复习题目最终版Word文件下载.docx(18页珍藏版)》请在冰豆网上搜索。
(2)自动取款机使用了DES数据加密,相当于一个加密系统,有时候密码未泄露,但犯罪份子知道了身份信息和银行卡号后能够盗取卡里的钱。
这个案例中的安全问题有:
个人信息泄露,财产的损失。
ATMusingDESdataencryption,isancryptographysystem,sometimesthepassworddoesnotleak,butcriminalsstealthemoneyafterknowtheidentityinformationandbankcardnumber.Thesecurityprobleminthiscaseare:
personalinformationleakage,thelossoftheproperty.
3.Amongthefundamentalchallengesininformationsecurityareconfidentiality,integrity,andavailability,orCIA.
A.Defineeachoftheseterms:
confidentiality,integrity,availability.
B.Giveaconcreteexamplewhereconfidentialityismoreimportantthanintegrity.
C.Giveaconcreteexamplewhereintegrityismoreimportantthanconfidentiality.
D.Giveaconcreteexamplewhereavailabilityistheoverridingconcern.
Answer:
A.Confidentialityisoftheinformationwithacertaindegreeofsecrecyonlyforauthorizedpersontoreadandchangeit;
Integrityistopreventoratleasttodetectunauthorizedchangestoinformation;
Availabilityisthatthelegallyownesandusersforinformation,theyhaveaccesstotheinformationatanytimeiftheyneed.
B.ThedocumentaboutStatesecrets.
C.Testscores.
D.E-commercesite.Toavoidserviceinterruption,leadtousersandtheirowninterestsisdamaged,itsavailabilityisthemostimportant。
翻译:
信息安全领域的基本挑战包括机密性、完整性和可用性,或者简称CIA。
A.请给出机密性、完整性、可用性的术语定义。
答:
机密性具有一定保密程度的信息只能让有授权的人读取和更改;
完整性是防止或至少检测出对信息进行未授权的修改;
可用性是对于信息的合法拥有和使用者,在他们需要这些信息的任何时候,都应该保障他们能够及时得到所需要的信息。
4.Supposethatwehaveacomputerthatcantest240keyseachsecond.
*Whatistheexpectedtime(inyears)tofindakeybyexhaustivesearchifthekeyspaceisofsize288?
*Whatistheexpectedtime(inyears)tofindakeybyexhaustivesearchifthekeyspaceisofsize2112?
*Whatistheexpectedtime(inyears)tofindakeybyexhaustivesearchifthekeyspaceisofsize2256?
Anwser:
(1)288/240=248second248/(60*60*24*365)=8.923*106
(2)2112/240=272second272/(60*60*24*365)=1.497*106
(3)2256/240=2216second2216/(60*60*24*365)=3.339*1057
5.Givefourstrongpasswordsderivedfromthepassphrase“Gentlemendonotreadothergentlemen’smail.”Anddescribehowtoderiveyouranswerfromthepassphrase.
6.Givefourstrongpasswordsderivedfromthepassphrase“Areyouwhoyousayyouare?
”.Anddescribehowtoderiveyouranswerfromthepassphrase.
根据Areyouwhoyousayyouare随便构造4个强密码并解释构造方法。
例如1Re@NwNs1yNA此题要求独创性
强密码长度至少有8个字符,不包含全部或部分用户帐户名,不包含完整的单词,至少包含以下四类字符中的三类:
大写字母、小写字母、数字,以及键盘上的符号(如!
、@、#)。
7.Foreachofthefollowingpasswords,givetwopassphrasethatthepasswordcouldhavebeenderivedfrom.
A:
PokeGCTallB:
4s&
7vrsa
C:
gimmeliborDD:
IcntgetNOsat
例如:
A.PokeGCTall
PersonorkidsendGoodCatTall
PlayonkidGreatCoolToparelikelike
8.ConsidertheciphertextFALSZZTYSYJZYJKYWJRZTYJZTYYNARYJKYSWARZTYEGYYJ,whichwasgeneratedusinganaffinecipherwithparametera=7andb=22.Decipherthemessageplease.
加密过程为:
E(m)=(am+b)mod26
解密过程为:
c(m)=a^-1(c-b)mod26=7^-1(c-22)mod26=15(c-22)mod26
所以仿射码解密相对应的字母为
1
2
3
4
5
6
7
8
9
10
11
12
明文
A
B
C
D
E
F
G
H
I
J
K
L
M
密文
W
R
Y
T
O
V
13
14
15
16
17
18
19
20
21
22
23
24
25
N
P
Q
S
U
X
Z
密文:
FALSZZTYSYJZYJKYWJRZTYJZTYYNARYJKYSWARZTYEGYYJ
明文:
firstthesentenceandthentheevidencesaidthequeen.
9.ConsidertheciphertextQJKESREOGHGXXREOXEO,whichwasgeneratedusinganaffinecipher.Determinetheconstantsa&
banddecipherthemessage.Hint:
Plaintext“t”encryptstociphertext“H”andplaintext“o”encryptstociphertext“E”.
加密过程:
a,bareconstants(常数),pisplaintext(明文),Cisciphertext(密文)
Soa=11,b=6
解密过程:
c(m)=a^-1(c-b)mod26=11^-1(c-6)mod26
序号
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Ciphertext(密文):
QJKESREOGHGXXREOXEO
Plaintext(明文):
Ifyoubowatallbowlow.
10.Pleasegivethreeexamplesofauthenticationbasedon“somethingyouknow”,“somethingyouhave”and“somethingyouare”;
a.Passwordauthentication(somethingyouknow)
b.Securitytokenandasmartcard(somethingyouhave)
c.Biometricauthenticationistheuseoffingerprintsorfacescanningandiris(虹膜)orvoicerecognition,iristypeorfingerprintsscanned(somethingyouare)
a.密码验证
b.安全令牌和智能卡
c.生物特征识别
11.Two-factorauthenticationrequiresthattwoofthethreeauthenticationmethods(somethingyouknow,somethingyouhave,somethingyouare)beused.Givetwoexamplesfromeverydaylifewheretwo-factorauthenticationisused.Whichtwoofthethreeareused?
1.UsethebankcardtowithdrawmoneyinATM.Bankcardissomethingyouhaveandpasswordissomethingyouknow.
2.UsetheIDcardandtheadmissionnoticetoverifyidentity,when
enteringtheuniversity.IDcardandtheadmissionnoticearesomethingyouhave,oneselfissomethingyouare.
双重认证要求的两三个身份验证方法(你知道的东西,你拥有的东西,你是什么)被使用。
给两个例子从日常生活使用双重认证。
使用了其中的哪两个因素?
Firstexample,ATMcard,ofwhichtheusermustholdacardandPINnumber.”somethingyouhave”and“somethingyouknow”areusedonATMcards.Otherexamplesoftwo-factorauthenticationincludecreditcardwithhandwrittensignature.“somethingyouhave”and“somethingyouare”areusedonthismethod.
12.RFIDtagsareextremelysmalldevicescapableofbroadcastinganumberovertheairthatcanbereadbyanearbysensor.RFIDtagsareusedfortrackinginventory,andtheyhavemanyotherpotentialuses.Forexample,RFIDtagsareusedinpassportsandithasbeensuggestedthattheyshouldbeputintopapermoneytopreventcounterfeiting.Inthefuture,apersonmightbesurroundedbyacloudofRFIDnumberthatwouldprovideagreatdealofinformationabouttheperson.
*DiscusssomeprivacyconcernsrelatedtothewidespreaduseofRFIDtags.
*Discusssecurityissues,otherthanprivacy,thatmightariseduetothewidespreaduseofRFIDtags.
(1)Illegaltoreadtheinformation(非法读取信息)、Positionlocationtracking(位置定位跟踪)
(2)Interferewiththecorrectreceivinginformation(干扰正确信息接收)、counterfeiting(伪造假币)
1.非法读取信息;
RFIDtagsofferwaytoillegalreadoftheinformationaboutcustomers.
位置定位跟踪.
RFIDtagscouldbeusedtotrackpeople'
smovements,determinetheiridentitiesormakeinferencesabouttheirhabits(用来追踪人们的动作,确定他们的身份或推断他们的习惯)
2.拒绝服务:
人为的信号干扰使合法的阅读器不能正常读取标签数据;
Denialofservice:
Artificialinterferencemakethelegalreadercan’treadthelabeldataproperly.
重放:
根据窃听到的阅读器和标签之间的数据通信,重复之前的通信行为从而获得信息数据。
Thereplay:
Accordingtohackingintothedatacommunicationbetweenthereaderandthetag,repeatpreviousdatacommunicationbehaviorinordertogaininformation.
13.Decryptthefollowingmessagethatwasencryptedusingasimplesubstitutioncipher:
WBWIKJBMKRMITBMIQBJRASHMWKRMVPYJERYRKB
MKDWBIIWOKWXWVMKVRMKDIJYRYNIBURYMWK
NKRASHMWKRDBJOWERMVJYSHRBRRASHMKMBWJKJKR
CJNHDPMERBJLRFNMHWXWRDMKDWKISWURDBJINVP
MKRABRKBBPMBPRVJNHDURMVPBPRIBMBRJX
RKHWOPBRKRDYWKDVMSMLHRJXURVJOKWGWKO
IJNKDHRIIIJNKDMKDIPMSRHRIIIPMSRWDJKJBDRRY
YRIRHXBPRXWKMHMNBPJLWBTLNBYTRASRLWRKVR
CWBPQMBMPMIHRXBKJDJNLBBPMBBPRXJHHJCWKOWI
BPRSUJSRUMSSHWVMBWJKMKDWKBRUSURBMBWJKW
JXXRUYTBPRJUWRIWKBPRPJSRBPMBBPRRIIRKVRJX
JQWKMCMKQMUMBRCWHHURYMWKWKBMVB
14.Thisproblemdealswithdigitalsignat