密码编码学与网络安全第五版答案.docx
《密码编码学与网络安全第五版答案.docx》由会员分享,可在线阅读,更多相关《密码编码学与网络安全第五版答案.docx(86页珍藏版)》请在冰豆网上搜索。
密码编码学与网络安全第五版答案
Chapter1:
Introduction5
Chapter2:
ClassicalEncryptionTechniques7
Chapter3:
BlockCiphersandtheDateEncryptionStandard13
Chapter4:
FiniteFields21
Chapter5:
AdvancedEncryptionStandard28
Chapter6:
MoreonSymmetricCiphers33
Chapter7:
ConfidentialityUsingSymmetricEncryption38
Chapter8:
IntroductiontoNumberTheory42
Chapter9:
Public-KeyCryptographyandRSA46
Chapter10:
KeyManagement;OtherPublic-KeyCryptosystems55
Chapter11:
MessageAuthenticationandHashFunctions59
Chapter12:
HashandMACAlgorithms62
Chapter13:
DigitalSignaturesandAuthenticationProtocols66
Chapter14:
AuthenticationApplications71
Chapter15:
ElectronicMailSecurity73
Chapter16:
IPSecurity76
Chapter17:
WebSecurity80
Chapter18:
Intruders83
Chapter19:
MaliciousSoftware87
Chapter20:
Firewalls89
AnswerstoQuestions
1.1TheOSISecurityArchitectureisaframeworkthatprovidesasystematicwayofdefiningtherequirementsforsecurityandcharacterizingtheapproachestosatisfyingthoserequirements.Thedocumentdefinessecurityattacks,mechanisms,andservices,andtherelationshipsamongthesecategories.
1.2Passiveattackshavetodowitheavesdroppingon,ormonitoring,transmissions.Electronicmail,filetransfers,andclient/serverexchangesareexamplesoftransmissionsthatcanbemonitored.Activeattacksincludethemodificationoftransmitteddataandattemptstogainunauthorizedaccesstocomputersystems.
1.3Passiveattacks:
releaseofmessagecontentsandtrafficanalysis.Activeattacks:
masquerade,replay,modificationofmessages,anddenialofservice.
1.4Authentication:
Theassurancethatthecommunicatingentityistheonethatitclaimstobe.
Accesscontrol:
Thepreventionofunauthorizeduseofaresource(i.e.,thisservicecontrolswhocanhaveaccesstoaresource,underwhatconditionsaccesscanoccur,andwhatthoseaccessingtheresourceareallowedtodo).
Dataconfidentiality:
Theprotectionofdatafromunauthorizeddisclosure.
Dataintegrity:
Theassurancethatdatareceivedareexactlyassentbyanauthorizedentity(i.e.,containnomodification,insertion,deletion,orreplay).
Nonrepudiation:
Providesprotectionagainstdenialbyoneoftheentitiesinvolvedinacommunicationofhavingparticipatedinallorpartofthecommunication.
Availabilityservice:
Thepropertyofasystemorasystemresourcebeingaccessibleandusableupondemandbyanauthorizedsystementity,accordingtoperformancespecificationsforthesystem(i.e.,asystemisavailableifitprovidesservicesaccordingtothesystemdesignwheneverusersrequestthem).
1.5SeeTable1.3.
AnswerstoProblems
1.1
Releaseofmessagecontents
Trafficanalysis
Masquerade
Replay
Modificationofmessages
Denialofservice
Peerentityauthentication
Y
Dataoriginauthentication
Y
Accesscontrol
Y
Confidentiality
Y
Trafficflowconfidentiality
Y
Dataintegrity
Y
Y
Non-repudiation
Y
Availability
Y
1.2
Releaseofmessagecontents
Trafficanalysis
Masquerade
Replay
Modificationofmessages
Denialofservice
Encipherment
Y
Digitalsignature
Y
Y
Y
Accesscontrol
Y
Y
Y
Y
Y
Dataintegrity
Y
Y
Authenticationexchange
Y
Y
Y
Y
Trafficpadding
Y
Routingcontrol
Y
Y
Y
Notarization
Y
Y
Y
Chapter2
ClassicalEncryptionTechniquesr
AnswerstoQuestions
2.1Plaintext,encryptionalgorithm,secretkey,ciphertext,decryptionalgorithm.
2.2Permutationandsubstitution.
2.3Onekeyforsymmetricciphers,twokeysforasymmetricciphers.
2.4Astreamcipherisonethatencryptsadigitaldatastreamonebitoronebyteatatime.Ablockcipherisoneinwhichablockofplaintextistreatedasawholeandusedtoproduceaciphertextblockofequallength.
2.5Cryptanalysisandbruteforce.
2.6Ciphertextonly.Onepossibleattackunderthesecircumstancesisthebrute-forceapproachoftryingallpossiblekeys.Ifthekeyspaceisverylarge,thisbecomesimpractical.Thus,theopponentmustrelyonananalysisoftheciphertextitself,generallyapplyingvariousstatisticalteststoit.Knownplaintext.Theanalystmaybeabletocaptureoneormoreplaintextmessagesaswellastheirencryptions.Withthisknowledge,theanalystmaybeabletodeducethekeyonthebasisofthewayinwhichtheknownplaintextistransformed.Chosenplaintext.Iftheanalystisabletochoosethemessagestoencrypt,theanalystmaydeliberatelypickpatternsthatcanbeexpectedtorevealthestructureofthekey.
2.7Anencryptionschemeisunconditionallysecureiftheciphertextgeneratedbytheschemedoesnotcontainenoughinformationtodetermineuniquelythecorrespondingplaintext,nomatterhowmuchciphertextisavailable.An