1、Chapter 5: Advanced Encryption Standard 28Chapter 6: More on Symmetric Ciphers 33Chapter 7: Confidentiality Using Symmetric Encryption 38Chapter 8: Introduction to Number Theory 42Chapter 9: Public-Key Cryptography and RSA 46Chapter 10: Key Management; Other Public-Key Cryptosystems 55Chapter 11: Me
2、ssage Authentication and Hash Functions 59Chapter 12: Hash and MAC Algorithms 62Chapter 13: Digital Signatures and Authentication Protocols 66Chapter 14: Authentication Applications 71Chapter 15: Electronic Mail Security 73Chapter 16: IP Security 76Chapter 17: Web Security 80Chapter 18: Intruders 83
3、Chapter 19: Malicious Software 87Chapter 20: Firewalls 89Answers to Questions1.1 The OSI Security Architecture is a framework that provides a systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. The document defines security att
4、acks, mechanisms, and services, and the relationships among these categories.1.2 Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, file transfers, and client/server exchanges are examples of transmissions that can be monitored. Active attacks include th
5、e modification of transmitted data and attempts to gain unauthorized access to computer systems.1.3 Passive attacks: release of message contents and traffic analysis. Active attacks: masquerade, replay, modification of messages, and denial of service.1.4 Authentication: The assurance that the commun
6、icating entity is the one that it claims to be. Access control: The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do). Data confidentiality: The
7、 protection of data from unauthorized disclosure. Data integrity: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). Nonrepudiation: Provides protection against denial by one of the entities involved in a comm
8、unication of having participated in all or part of the communication. Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it
9、provides services according to the system design whenever users request them). 1.5 See Table 1.3.Answers toProblems1.1Release of message contentsTraffic analysisMasqueradeReplayModification of messagesDenial of servicePeer entity authenticationYData origin authenticationAccess controlConfidentiality
10、Traffic flow confidentialityData integrityNon-repudiationAvailability1.2EnciphermentDigital signatureAuthentication exchangeTraffic paddingRouting controlNotarizationChapter 2Classical Encryption Techniquesr2.1 Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm.2.2 Permuta
11、tion and substitution.2.3 One key for symmetric ciphers, two keys for asymmetric ciphers.2.4 A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of e
12、qual length.2.5 Cryptanalysis and brute force.2.6 Ciphertext only. One possible attack under these circumstances is the brute-force approach of trying all possible keys. If the key space is very large, this becomes impractical. Thus, the opponent must rely on an analysis of the ciphertext itself, ge
13、nerally applying various statistical tests to it. Known plaintext. The analyst may be able to capture one or more plaintext messages as well as their encryptions. With this knowledge, the analyst may be able to deduce the key on the basis of the way in which the known plaintext is transformed. Chose
14、n plaintext. If the analyst is able to choose the messages to encrypt, the analyst may deliberately pick patterns that can be expected to reveal the structure of the key.2.7 An encryption scheme is unconditionally secure if the ciphertext generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much ciphertext is available. An
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1