信息安全期末考试试卷.pdf

《信息安全期末考试试卷.pdf》由会员分享，可在线阅读，更多相关《信息安全期末考试试卷.pdf（15页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、1 What are basic components of computer security?try to give the connotation ofeach item in your list.Ans:Confidentiality:Keeping data and resources hidden.Integrity:refers to the trustworthiness of data or resources,and it is usually phrased in terms ofpreventing improper or unauthorized change.Int

2、egrity includes data integrity and origin integrity.Availability:refers to the ability to use the information or resource desired,enabling access to dataand resources.2、Whal are security policy and securily mechanism?Ans:A security policy is a statement of what is,and what is not,allowed.A security

3、mechanism is a method,tool,or procedure for enforcing a security policy.3、What are differences between MAC and DAC?Ppi|What are MAC and DACAns:MAC:identity is irrelevant,system mechanism controls access to object,and individualcannot alter that accessDAC:is based on user identity,individual user set

4、s access control mechanism to allow or denyaccess to an object,Discretionary Access Control(DAC,IBAC)-individual user sets access control mechanism to allowor deny access to an object,Mandatory Access Control(MAC)-system mechanism controls access to object,andindividual cannot alter that access4 Con

5、sider a computer system with three users:Alice,Bob and Cyndy.Alice owns the file alicerc,and Bob and Cyndy can read it.Cyndy can read and write Bobs file bobre,but Alice can onlyread it.Only Cyndy can read and write her file cyndyrc.Assume that the owner of each of thesefiles can execute it.create t

6、he corresponding access control matrix.Cyndy gives Alice permission to read cyndyrc.And Alice removes Bobs ability to readalicerc.Show the new access control matrix.(必考)Ans:(Read writeOwns execute)a l i c e i cc y n d y尸 c/I /i c eo xrR e bro xC T xzyrZ vrr wo r w xa l i c e丁 cC n c J y p-u4 l i c e

7、o xrrB o bo xU y n d yrr wo r w xAns：the Caesar cipher is a classical cipher.Sender,receiver share common keyKeys may be the same,or trivial to derive from one anotherTwo basic types：Transposition ciphers and Substitution ciphers。problem：Key is too short(Transposition ciphers：Plaintext is HELLO WORL

8、DRearrange asHLOOLELWRDCiphertext is HLOOL ELWRDSubstitution ciphers：Plaintext is HELLO WORLDChange each letter to the third letter following it(X goes to A,Y to B,Z to C)Key is 3,usually written as letterCiphertext is KHOOR ZRUOG)Vigenere Cipher Like Caesar cipher,but use a phraseExampleMessage THE

9、 BOY HAS THE BALLKey VIGEncipher using Caesar cipher for each letter:key VIGVIGVIGVIGVIGVplain THEBOYHASTHEBALLcipher OPKWWECIYOPKWIRG6、What are definitions of object and subject?(很有可能会考)Ans:The set of all protected entities(that is,entities that are relevant to the protection state of thesystem)is

10、called the set of objects O.The set of subjects S is the set of active objects,such as processes and users.Subject can be object,And not vice versa7、Specify the algorithm of public key digital signatures(数 MAns:Sender uses hash function to compress the plaintext to generate the hash value,and thense

11、nder uses the private key to encrypt the hash value,the hash value after encryption andplaintext passed to the receiver,then the receiver uses the public key of the sender todecrypt,and the receiver uses hash function to compress the plaintext,and generate anotherhash value,finally compare two hash

12、values,if they equal,so it is the real signature,otherwise not.8、List the basic requirements of cryptographic checksum function.Ans:Cryptographic checksum h:A fB:For any x e A,h(x)is easy to computeFor any y G B,it is computationally infeasible to find x e A such that h(x)=yIt is computationally inf

13、easible to find two inputs x,xz G A such that x#x and h(x)=h(x)Alternate form(stronger):Given any x e A,it is computationally infeasible to find a different x eA such that h(x)=h(x).9、What are differences between the classical key cryptography and public key cryptography?(必号)Ans:the classical key cr

14、yptography has one key,Sender,receiver share common key,Keys may be thesame,or trivial to derive from one another.public key cryptography has Two keys,Private key known only to individual,Public key availableto anyone.I I i b i I c prime number:.点：答案可能不唯一)Ans:n=pq=91 7(|)(H)=(p-1)(-1)=72,e*d mod(|)(

15、n)=l,e=5,d=29.Public key(e,n)=(5,91)private key:d=2911、Classes of ThreatsAns:Disclosure-Snooping Deception-Modification,spoofing,repudiation of origin,denial of receipt Disruption-Modification Usurpation-Modification,spoofing,delay,denial of service12、Goals of SecurityAns:Prevention-Prevent attacker

16、s from violating security policy Detection-Detect attackers*violation of security policy Recovery-Stop attack,assess and repair damage-Continue to function correctly even if attack succeeds13、Access Control Matrix ModelAns:14、Types of Security PoliciesSubjects S=Si,sObjects O=Oi，.,OmRightsEntries As

17、h o.c RA回 oy=rx，,rymeans subject s;hasrights q,&overobject a.Ans:Military(governmental)security policy-Policy primarily protecting confidentiality Commercial security policy-Policy primarily protecting integrity Confidentiality policy-Policy protecting only confidentiality Integrity policy-Policy pr

18、otecting only integrity15、Integrity and TransactionsAns:Begin in consistent state-Consistent“defined by specification Perform series of actions(transaction)-Actions cannot be interrupted-If actions complete,system in consistent state-If actions do not complete,system reverts tobeginning(consistent)s

19、tate16 Security levelsAns:-Top Secret:highest-Secret-Confidential-Unclassified:lowestReading Information Information flows up,not down-Reads up disallowed,“reads down allowed Simple Security Condition(Step 1)-Subject s can read object o ifTL(o)Human IssuesAns:Organizational Problems-Power and respon

20、sibility-Financial benefits People problems-Outsiders and insiders-Social engineering21 MappingAns:SiS2*S4SiAownS2Bown$3CkownS4D endA B X Y力$2S3S4S5力AownheadAfter 3（自，D）=（k2,Y,R）where is the currentstate and k2 the next stateS2BownS3XownS4YownS5b k-,endAfter S(k,C)=(4 X,R)where k is the currentstate

21、 and k、the next stateS1S2S3S4力AownS2BownS3XownS4D end22、ALLThe Vigenere tableauABCDE F GHf J K L M N O P Q P S r U V W XABCDY ZABCDE F GHI J K L MN OP OR S T U V WXB C D E F G H I J K L MN O P O R S T U V WX YC D E F G H I J K L MN OP OR S T U V WX Y ZD E F G H I J K L MN OP OR S T U V WX Y Z AYZzAA

22、BBFGHF G H I J K L M N O P Q RT U V W X Y ZA B CKMNPRUVXG H I J K L M N O P O RH I J K L MN O P O R SI J K L M N O P O RJ K L M N O P O RK L M N O P O RL M N O P O R SM N O P O R SN O P O R S TO P Q RP O R SS T UT U VTUUVU V WX YV W X Y ZW XTUO RRSTTUSTUVuSTUVSTUuVUVW X YY Z AZ A BZ AA 6B CC DB CVW

23、XW XW XW XW XW XYYzAYYZABzA8U V W XV W X YW X YW XW XW XW X YZZAZAZAY ZZ AA BABBCC DY ZZ AA BA B O D EB C D E FCDEFDEFOEFD EE FF GG HG K IG H I J KC D E F G H I J K LB C D E F G H I J K L MC D E F G H I J K L M NC D E F G H I J K L M N OX Y ZY Z AZ A BA8B C D EC D E FBCOEFABCB C D E F G H I J K L M

24、N O PC D E F G H I J K L M N O P OD E F G H I J K L M N O P O RD E F G H I J K L M N O P O R SE F G H I J K L M N O P O RF G H I J K L M N O P O R SG H I J K L MN OP QRB C D E F GG H I J K L M N O P O R SH I J K L MN O P O R S TC D E F G H I J K L MN OP O R S T US TT US TT UU VU VV队W XV W X YAttacki

25、ng the Cipher Exliaustive searchIf the key space is small enough,try all possiblekeys until you find the right oneCaesar cipher has 26 possible keys Statistical analysisCompare to 1 -gram model of EnglishClassical Cryptography Sender,receiver share common key-Keys may be the same,or trivial to deriv

26、e fromone another-Sometimes called symmetric cryptography Two basic types-Transposition ciphers-Substitution ciphersCombinations are called product ciphersAttacks Opponent whose goal is to break cryptosystem isthe adversary-Kerckhoffs Assumption:adversary knows algorithmused,but not key.Three types

27、of attacks:ciphertext only:adversary has only ciphertext;goal is tofind plaintext,possibly key-known plaintext,adversary has ciphertext,corresponding plaintext;goal is to find key-chosen plaintext,adversary may supply plaintexts andobtain corresponding ciphertext;goal is to find keyAlgorithm Choose

28、two large prime numbers p,q-Let n=pq then=(p-1)(-1)-Choose e n such that e is relatively prime to帕2).-Compute d such that ed mod 弧)=1 Public key:(e,/7);private key:d Encipher:c=me mod n Decipher:m=cd mod nAssurance（背背）Specification-Requirements analysis-Statement of desired functionality Design-How

29、system will meet specification Implementation-Programs/systems that carry out design*1 2 4.必8勺Tying Together（背背）Security Policy Policy partitions system states into:-Authorized(secure)These are states the system can enterUnauthorized(nonsgauw),If the system enters any of these states,its asecurity v

30、iolation Secure system-Starts in authorized state-Never enters unauthorized stateProblems How does Bob know he is talking to Alice?Replay attack:Eve records message from Aliceto Bob,later replays it;Bob may think hestalking to Alice,but he isntSession key reuse:Eve replays message fromAlice to Bob,s

31、o Bob re-uses session key Protocols must provide authentication anddefense against replay A s d；M：f h g s,d&圻 然L T6S二鱼 邺，（J4,小小Mg p,咋,及4虻二1标阳b再e ,生,空1匕凡Sa上:c,支队贪物p 宙s d；以：f K。，,kc,用，匕.、cl网）%心：皿&s /G s lKsProblem and Solution Vulnerable to forgery or replayBecause eB known to anyone,Bob has no assura

32、nce thatAlice sent message Simple fix uses Alices private key一%,is desired session keyAliceksdAeBBobProblems Relies on synchronized clocks-If not synchronized and old tickets,authenticators not cached,replay is possible Tickets have some fixed fields-Dictionary attacks possible-Kerberos 4 session ke

33、ys weak(had much lessthan 56 bits of randomness);researchers atPurdue found them from tickets in minutesAnalysis First two steps get user ticket to use TGSUser u can obtain session key only if u knowskey shared with Cathy Next four steps show how u gets and usesticket fbr service s-Service s validat

34、es request by checking sender(using is same as entity ticket issued to-Step 6 optional;used when u requestsconfirmationOtway-Rees Protocol Corrects problem-That is,Eve replaying the third message in theprotocol Does not use timestamps-Not vulnerable to the problems that Denning-SaccQ modification has Uses integer n to associate all messageswith particular exchange以上内容基本包括考试范围的60%