網(wǎng)絡安全技術習題及答案第章網(wǎng)絡攻擊與防范最新文檔(可以直接使用，可編輯最新文檔，歡迎下載）

第2章網(wǎng)絡攻擊與防范網(wǎng)絡安全技術習題及答案第章網(wǎng)絡攻擊與防范最新文檔(可以直接使用，可編輯最新文檔，歡迎下載）練習題1.單項選擇題（1）在短時間內(nèi)向網(wǎng)絡中的某臺服務器發(fā)送大量無效連接請求，導致合法用戶暫時無法訪問服務器的攻擊行為是破壞了（C）。A．機密性 B．完整性C．可用性 D．可控性（2）有意避開系統(tǒng)訪問控制機制，對網(wǎng)絡設備及資源進行非正常使用屬于（B）。A．破環(huán)數(shù)據(jù)完整性 B．非授權訪問C．信息泄漏 D．拒絕服務攻擊（3）(A)利用以太網(wǎng)的特點，將設備網(wǎng)卡設置為“混雜模式”，從而能夠接受到整個以太網(wǎng)內(nèi)的網(wǎng)絡數(shù)據(jù)信息。A．嗅探程序 B．木馬程序C．拒絕服務攻擊 D．緩沖區(qū)溢出攻擊（4）字典攻擊被用于(D)。A．用戶欺騙 B．遠程登錄C．網(wǎng)絡嗅探 D．破解密碼（5）ARP屬于(A)協(xié)議。A．網(wǎng)絡層 B．數(shù)據(jù)鏈路層C．傳輸層 D．以上都不是（6）使用FTP協(xié)議進行文件下載時（A）。A．包括用戶名和口令在內(nèi)，所有傳輸?shù)臄?shù)據(jù)都不會被自動加密B．包括用戶名和口令在內(nèi)，所有傳輸?shù)臄?shù)據(jù)都會被自動加密C．用戶名和口令是加密傳輸?shù)?，而其它?shù)據(jù)則以文明方式傳輸D．用戶名和口令是不加密傳輸?shù)模渌鼣?shù)據(jù)則以加密傳輸?shù)模?）在下面4種病毒中，(C)可以遠程控制網(wǎng)絡中的計算機。A．worm.Sasser.f B．Win32.CIHC．Trojan.qq3344 D．Macro.Melissa2.填空題（1）在以太網(wǎng)中，所有的通信都是____廣播____________的。（2）網(wǎng)卡一般有4種接收模式：單播、_____組播___________、_______廣播_________、______混雜__________。（3）Sniffer的中文意思是_____嗅探器___________。（4）____DDoS____________攻擊是指故意攻擊網(wǎng)絡協(xié)議實現(xiàn)的缺陷，或直接通過野蠻手段耗盡被攻擊對象的資源，目的是讓目標計算機或網(wǎng)絡無法提供正常的服務或資源訪問，使目標系統(tǒng)服務系統(tǒng)停止響應甚至崩潰，（5）完整的木馬程序一般由兩個部分組成：一個是服務器程序，一個是控制器程序。中了木馬就是指安裝了木馬的_______服務器端_________程序。3.綜合應用題木馬發(fā)作時，計算機網(wǎng)絡連接正常卻無法打開網(wǎng)頁。由于ARP木馬發(fā)出大量欺騙數(shù)據(jù)包，導致網(wǎng)絡用戶上網(wǎng)不穩(wěn)定，甚至網(wǎng)絡短時癱瘓。根據(jù)要求，回答問題1至問題4，并把答案填入下表對應的位置。（1）（2）（3）（4）（5）（6）（7）（8）（9）（10）（11）CCABCADDBAC【問題1】ARP木馬利用（1）協(xié)議設計之初沒有任何驗證功能這一漏洞而實施破壞。（1）A．ICMP B．RARP C．ARP D．以上都是【問題2】在以太網(wǎng)中，源主機以（2）方式向網(wǎng)絡發(fā)送含有目的主機IP地址的ARP請求包；目的主機或另一個代表該主機的系統(tǒng)，以（3）方式返回一個含有目的主機IP地址及其MAC地址對的應答包。源主機將這個地址對緩存起來，以節(jié)約不必要的ARP通信開銷。ARP協(xié)議（4）必須在接收到ARP請求后才可以發(fā)送應答包。備選答案：（2）A．單播B．多播C．廣播D．任意播（3）A．單播B．多播C．廣播D．任意播（4）A．規(guī)定B．沒有規(guī)定【問題3】ARP木馬利用感染主機向網(wǎng)絡發(fā)送大量虛假ARP報文，主機（5）導致網(wǎng)絡訪問不穩(wěn)定。例如：向被攻擊主機發(fā)送的虛假ARP報文中，目的IP地址為（6）。目的MAC地址為（7）。這樣會將同網(wǎng)段內(nèi)其他主機發(fā)往網(wǎng)關的數(shù)據(jù)引向發(fā)送虛假ARP報文的機器，并抓包截取用戶口令信息。備選答案：（5）A．只有感染ARP木馬時才會B．沒有感染ARP木馬時也有可能C．感染ARP木馬時一定會D．感染ARP木馬時一定不會（6）A．網(wǎng)關IP地址B．感染木馬的主機IP地址C．網(wǎng)絡廣播IP地址D．被攻擊主機IP地址（7）A．網(wǎng)關MAC地址B．被攻擊主機MAC地址C．網(wǎng)絡廣播MAC地址D．感染木馬的主機MAC地址【問題4】網(wǎng)絡正常時，運行如下命令，可以查看主機ARP緩存中的IP地址及其對應的MAC地址。C:\>arp（8）備選答案：（8）A．-sB．-dC．-allD．-a假設在某主機運行上述命令后，顯示如圖2.51中所示信息：圖2.51查看主機ARP緩存00-10-db-92-aa-30是正確的MAC地址，在網(wǎng)絡感染ARP木馬時，運行上述命令可能顯示如圖2。52中所示信息：圖2.52查看感染木馬后的主機ARP緩存當發(fā)現(xiàn)主機ARP緩存中的MAC地址不正確時，可以執(zhí)行如下命令清除ARP緩存：C:\>arp（9）備選答案：（9）A．-sB．-dC．-allD．-a之后，重新綁定MAC地址，命令如下：C:\>arp-s（10）（11）（10）A．C．00-10-db-92-aa-30D．00-10-db-92-00-31C．00-10-db-92-aa-30D．00-10-db-92-00-31《網(wǎng)絡安全技術》英文習題集Chapter1IntroductionANSWERSNSWERSTOQUESTIONS1.1WhatistheOSIsecurityarchitecture?TheOSISecurityArchitectureisaframeworkthatprovidesasystematicwayofdefiningtherequirementsforsecurityandcharacterizingtheapproachestosatisfyingthoserequirements.Thedocumentdefinessecurityattacks,mechanisms,andservices,andtherelationshipsamongthesecategories.1.2Whatisthedifferencebetweenpassiveandactivesecuritythreats?Passiveattackshavetodowitheavesdroppingon,ormonitoring,transmissions.Electronicmail,filetransfers,andclient/serverexchangesareexamplesoftransmissionsthatcanbemonitored.Activeattacksincludethemodificationoftransmitteddataandattemptstogainunauthorizedaccesstocomputersystems.1.3Listsandbrieflydefinecategoriesofpassiveandactivesecurityattacks?Passiveattacks:releaseofmessagecontentsandtrafficanalysis.Activeattacks:masquerade,replay,modificationofmessages,anddenialofservice.1.4Listsandbrieflydefinecategoriesofsecurityservice?Authentication:Theassurancethatthecommunicatingentityistheonethatitclaimstobe.Accesscontrol:Thepreventionofunauthorizeduseofaresource(i.e.,thisservicecontrolswhocanhaveaccesstoaresource,underwhatconditionsaccesscanoccur,andwhatthoseaccessingtheresourceareallowedtodo).Dataconfidentiality:Theprotectionofdatafromunauthorizeddisclosure.Dataintegrity:Theassurancethatdatareceivedareexactlyassentbyanauthorizedentity(i.e.,containnomodification,insertion,deletion,orreplay).Nonrepudiation:Providesprotectionagainstdenialbyoneoftheentitiesinvolvedinacommunicationofhavingparticipatedinallorpartofthecommunication.Availabilityservice:Thepropertyofasystemorasystemresourcebeingaccessibleandusableupondemandbyanauthorizedsystementity,accordingtoperformancespecificationsforthesystem(i.e.,asystemisavailableifitprovidesservicesaccordingtothesystemdesignwheneverusersrequestthem).Chapter2SymmetricEncryptionandMessageConfidentialityANSWERSNSWERSTOQUESTIONS2.1Whataretheessentialingredientsofasymmetriccipher?Plaintext,encryptionalgorithm,secretkey,ciphertext,decryptionalgorithm.2.2Whatarethetwobasicfunctionsusedinencryptionalgorithms?Permutationandsubstitution.2.3Howmanykeysarerequiredfortwopeopletocommunicateviaasymmetriccipher?Onesecretkey.2.4Whatisthedifferencebetweenablockcipherandastreamcipher?Astreamcipherisonethatencryptsadigitaldatastreamonebitoronebyteatatime.Ablockcipherisoneinwhichablockofplaintextistreatedasawholeandusedtoproduceaciphertextblockofequallength.2.5Whatarethetwogeneralapproachestoattackingacipher?Cryptanalysisandbruteforce.2.6Whydosomeblockciphermodesofoperationonlyuseencryptionwhileothersusebothencryptionanddecryption?Insomemodes,theplaintextdoesnotpassthroughtheencryptionfunction,butisXORedwiththeoutputoftheencryptionfunction.Themathworksoutthatfordecryptioninthesecases,theencryptionfunctionmustalsobeused.2.7Whatistripleencryption?Withtripleencryption,aplaintextblockisencryptedbypassingitthroughanencryptionalgorithm;theresultisthenpassedthroughthesameencryptionalgorithmagain;theresultofthesecondencryptionispassedthroughthesameencryptionalgorithmathirdtime.Typically,thesecondstageusesthedecryptionalgorithmratherthantheencryptionalgorithm.2.8Whyisthemiddleportionof3DESadecryptionratherthananencryption?Thereisnocryptographicsignificancetotheuseofdecryptionforthesecondstage.Itsonlyadvantageisthatitallowsusersof3DEStodecryptdataencryptedbyusersoftheoldersingleDESbyrepeatingthekey.2.9Whatisthedifferencebetweenlinkandend-to-endencryption?Withlinkencryption,eachvulnerablecommunicationslinkisequippedonbothendswithanencryptiondevice.Withend-to-endencryption,theencryptionprocessiscarriedoutatthetwoendsystems.Thesourcehostorterminalencryptsthedata;thedatainencryptedformarethentransmittedunalteredacrossthenetworktothedestinationterminalorhost.2.10Listwaysinwhichsecretkeyscanbedistributedtotwocommunicatingparties.FortwopartiesAandB,keydistributioncanbeachievedinanumberofways,asfollows:(1)AcanselectakeyandphysicallydeliverittoB.(2)AthirdpartycanselectthekeyandphysicallydeliverittoAandB.(3)IfAandBhavepreviouslyandrecentlyusedakey,onepartycantransmitthenewkeytotheother,encryptedusingtheoldkey.(4)IfAandBeachhasanencryptedconnectiontoathirdpartyC,CcandeliverakeyontheencryptedlinkstoAandB.2.11Whatisthedifferencebetweenasessionkeyandamasterkey?Asessionkeyisatemporaryencryptionkeyusedbetweentwoprincipals.Amasterkeyisalong-lastingkeythatisusedbetweenakeydistributioncenterandaprincipalforthepurposeofencodingthetransmissionofsessionkeys.Typically,themasterkeysaredistributedbynoncryptographicmeans.2.12Whatisakeydistributioncenter?Akeydistributioncenterisasystemthatisauthorizedtotransmittemporarysessionkeystoprincipals.Eachsessionkeyistransmittedinencryptedform,usingamasterkeythatthekeydistributioncentershareswiththetargetprincipal.ANSWERSNSWERSTOPROBLEMS2.1WhatRC4keyvaluewillleaveSunchangedduringinitialization?Thatis,aftertheinitialpermutationofS,theentriesofSwillbeequaltothevaluesfrom0through255inascendingorder.Useakeyoflength255bytes.Thefirsttwobytesarezero;thatisK[0]=K[1]=0.Thereafter,wehave:K[2]=255;K[3]=254;…K[255]=2.2.2Ifabiterroroccursinthetransmissionofaciphertextcharacterin8-bitCFBmode,howfardoestheerrorpropagate?Nineplaintextcharactersareaffected.Theplaintextcharactercorrespondingtotheciphertextcharacterisobviouslyaltered.Inaddition,thealteredciphertextcharacterenterstheshiftregisterandisnotremoveduntilthenexteightcharactersareprocessed.2.3Keydistributionschemesusinganaccesscontrolcenterand/orakeydistributioncenterhavecentralpointsvulnerabletoattack.Discussthesecurityimplicationsofsuchcentralization.Thecentralpointsshouldbehighlyfault-tolerant,shouldbephysicallysecured,andshouldusetrustedhardware/software.Chapter3Public-KeyCryptographyandMessageAuthenticationANSWERSNSWERSTOQUESTIONS3.1Listthreeapproachestomessageauthentication.Messageencryption,messageauthenticationcode,hashfunction.3.2Whatismessageauthenticationcode?Anauthenticatorthatisacryptographicfunctionofboththedatatobeauthenticatedandasecretkey.3.3BrieflydescribethethreeschemesillustratedinFigture3.2.(a)Ahashcodeiscomputedfromthesourcemessage,encryptedusingsymmetricencryptionandasecretkey,andappendedtothemessage.Atthereceiver,thesamehashcodeiscomputed.Theincomingcodeisdecryptedusingthesamekeyandcomparedwiththecomputedhashcode.(b)Thisisthesameprocedureasin(a)exceptthatpublic-keyencryptionisused;thesenderencryptsthehashcodewiththesender'sprivatekey,andthereceiverdecryptsthehashcodewiththesender'spublickey.(c)Asecretvalueisappendedtoamessageandthenahashcodeiscalculatedusingthemessageplussecretvalueasinput.Thenthemessage(withoutthesecretvalue)andthehashcodearetransmitted.Thereceiverappendsthesamesecretvaluetothemessageandcomputesthehashvalueoverthemessageplussecretvalue.Thisisthencomparedtothereceivedhashcode.3.4Whatpropertiesmustahashfunctionhavetobeusefulformessageauthentication?(1)Hcanbeappliedtoablockofdataofanysize.(2)Hproducesafixed-lengthoutput.(3)H(x)isrelativelyeasytocomputeforanygivenx,makingbothhardwareandsoftwareimplementationspractical.(4)Foranygivenvalueh,itiscomputationallyinfeasibletofindxsuchthatH(x)=h.Thisissometimesreferredtointheliteratureastheone-wayproperty.(5)Foranygivenblockx,itiscomputationallyinfeasibletofindy≠xwithH(y)=H(x).(6)Itiscomputationallyinfeasibletofindanypair(x,y)suchthatH(x)=H(y).3.5Inthecontextofahashfunction,whatisacompressionfunction?Thecompressionfunctionisthefundamentalmodule,orbasicbuildingblock,ofahashfunction.Thehashfunctionconsistsofiteratedapplicationofthecompressionfunction.3.6Whataretheprincipalingredientsofapublic-keycryptosystem?Plaintext:Thisisthereadablemessageordatathatisfedintothealgorithmasinput.Encryptionalgorithm:Theencryptionalgorithmperformsvarioustransformationsontheplaintext.Publicandprivatekeys:Thisisapairofkeysthathavebeenselectedsothatifoneisusedforencryption,theotherisusedfordecryption.Theexacttransformationsperformedbytheencryptionalgorithmdependonthepublicorprivatekeythatisprovidedasinput.Ciphertext:Thisisthescrambledmessageproducedasoutput.Itdependsontheplaintextandthekey.Foragivenmessage,twodifferentkeyswillproducetwodifferentciphertexts.Decryptionalgorithm:Thisalgorithmacceptstheciphertextandthematchingkeyandproducestheoriginalplaintext.3.7Listandbrieflydefinethreeusesofapublic-keycryptosystem.Encryption/decryption:Thesenderencryptsamessagewiththerecipient'spublickey.Digitalsignature:Thesender"signs"amessagewithitsprivatekey.Signingisachievedbyacryptographicalgorithmappliedtothemessageortoasmallblockofdatathatisafunctionofthemessage.Keyexchange:Twosidescooperatetoexchangeasessionkey.Severaldifferentapproachesarepossible,involvingtheprivatekey(s)ofoneorbothparties.3.8Whatisthedifferencebetweenaprivatekeyandasecretkey?Thekeyusedinconventionalencryptionistypicallyreferredtoasasecretkey.Thetwokeysusedforpublic-keyencryptionarereferredtoasthepublickeyandtheprivatekey.3.9Whatisdigitalsignature?Adigitalsignatureisanauthenticationmechanismthatenablesthecreatorofamessagetoattachacodethatactsasasignature.Thesignatureisformedbytakingthehashofthemessageandencryptingthemessagewiththecreator'sprivatekey.Thesignatureguaranteesthesourceandintegrityofthemessage.3.10Whatisapublic-keycertificate?Apubic-keycertificateconsistsofapublickeyplusaUserIDofthekeyowner,withthewholeblocksignedbyatrustedthirdparty.Typically,thethirdpartyisacertificateauthority(CA)thatistrustedbytheusercommunity,suchasagovernmentagencyorafinancialinstitution.3.11Howcanpublic-keyencryptionbeusedtodistributeasecretkey?Severaldifferentapproachesarepossible,involvingtheprivatekey(s)ofoneorbothparties.OneapproachisDiffie-Hellmankeyexchange.Anotherapproachisforthesendertoencryptasecretkeywiththerecipient'spublickey.ANSWERSNSWERSTOPROBLEMS3.1Considera32-bithashfunctiondefinedastheconcatenationoftwo16-bitfunctions:XORandRXOR,definedinSection3.2as“twosimplehashfunction.”a.Willthischecksumdetectallerrorscausedbyanoddnumberoferrorbits?Explain.b.Willthischecksumdetectallerrorscausedbyanevennumberoferrorbits?Ifnot,characterizetheerrorpatternsthatwillcausethechecksumtofail.c.Commentsontheeffectivenessofthisfunctionforuseahashfunctionsforauthentication.a.Yes.TheXORfunctionissimplyaverticalparitycheck.Ifthereisanoddnumberoferrors,thentheremustbeatleastonecolumnthatcontainsanoddnumberoferrors,andtheparitybitforthatcolumnwilldetecttheerror.NotethattheRXORfunctionalsocatchesallerrorscausedbyanoddnumberoferrorbits.EachRXORbitisafunctionofaunique"spiral"ofbitsintheblockofdata.Ifthereisanoddnumberoferrors,thentheremustbeatleastonespiralthatcontainsanoddnumberoferrors,andtheparitybitforthatspiralwilldetecttheerror.b.No.ThechecksumwillfailtodetectanevennumberoferrorswhenboththeXORandRXORfunctionsfail.Inorderforbothtofail,thepatternoferrorbitsmustbeatintersectionpointsbetweenparityspiralsandparitycolumnssuchthatthereisanevennumberoferrorbitsineachparitycolumnandanevennumberoferrorbitsineachspiral.c.Itistoosimpletobeusedasasecurehashfunction;findingmultiplemessageswiththesamehashfunctionwouldbetooeasy.3.2SupposeH(m)isacollisionresistanthashfunctionthatmapsamessageofarbitrarybitlengthintoann-bithashvalue.Isittruethat,forallmessagesx,x’withx≠x’,wehaveH(x)≠H(x’)?Explainyouranswer.Thestatementisfalse.Suchafunctioncannotbeone-to-onebecausethenumberofinputstothefunctionisofarbitrary,butthenumberofuniqueoutputsis2n.Thus,therearemultipleinputsthatmapintothesameoutput.3.3PerformencryptionanddecryptionusingtheRSAalgorithm,asinFigture3.9,forthefollowing:a.p=3;q=11;e=7;M=5b.p=5;q=11;e=3;M=9c.p=7;q=11;e=17;M=8d.p=11;q=13;e=11;M=7e.p=17;q=31;e=7;M=2.Hint:Decryptionisnotashardasyouthink;usesomefinesse.a.n=33;(n)=20;d=3;C=26.b.n=55;(n)=40;d=27;C=14.c.n=77;(n)=60;d=53;C=57.d.n=143;(n)=120;d=11;C=106.e.n=527;(n)=480;d=343;C=128.Fordecryption,wehave128343mod527=1282561286412816128412821281mod527=352563510147128=2mod527=2mod2573.4Inapublic-keysystemusingRSA,youintercepttheciphertextC=10senttoauserwhosepublickeyise=5,n=35.WhatistheplaintextM?M=53.5InanRSAsystem,thepublickeyofagivenuserise=31,n=3599.Whatistheprivatekeyofthisuser?d=30313.6SupposewehaveasetofblocksencodedwiththeRSAalgorithmandwedon’thavetheprivatekey,Assumen=pq,eisthepublickey.Supposealsosomeonetellsustheyknowoneoftheplaintextblockshasacommonfactorwithn.Doesthishelpusinanyway?Yes.Ifaplaintextblockhasacommonfactorwithnmodulonthentheencodedblockwillalsohaveacommonfactorwithnmodulon.Becauseweencodeblocksthataresmallerthanpq,thefactormustbeporqandtheplaintextblockmustbeamultipleofporq.Wecantesteachblockforprimality.Ifprime,itisporq.Inthiscasewedivideintontofindtheotherfactor.Ifnotprime,wefactoritandtrythefactorsasdivisorsofn.3.7ConsideraDiffie-Hellmanschemewithacommonprimeq=11andaprimitiveroota=2.a.IfuserAhaspublickeyYA=9,whatisA’sprivatekeyXA?b.IfuserBhaspublickeyYB=3,whatisthesharedsecretkeyK?a.XA=6b.K=3Chapter4AuthenticationApplicationsANSWERSNSWERSTOQUESTIONS4.1WhatproblemwasKerberosdesignedtoaddress?TheproblemthatKerberosaddressesisthis:Assumeanopendistributedenvironmentinwhichusersatworkstationswishtoaccessservicesonserversdistributedthroughoutthenetwork.Wewouldlikeforserverstobeabletorestrictaccesstoauthorizedusersandtobeabletoauthenticaterequestsforservice.Inthisenvironment,aworkstationcannotbetrustedtoidentifyitsuserscorrectlytonetworkservices.4.2WhatarethreethreatsassociatedwithuserauthenticationoveranetworkorInternet?Ausermaygainaccesstoaparticularworkstationandpretendtobeanotheruseroperatingfromthatworkstation.2.Ausermayalterthenetworkaddressofaworkstationsothattherequestssentfromthealteredworkstationappeartocomefromtheimpersonatedworkstation.3.Ausermayeavesdroponexchangesanduseareplayattacktogainentrancetoaserverortodisruptoperations.4.3Listthreeapproachestosecureuserauthenticationinadistributedenvironment.Relyoneachindividualclientworkstationtoassuretheidentityofitsuserorusersandrelyoneachservertoenforceasecuritypolicybasedonuseridentification(ID).2.Requirethatclientsystemsauthenticatethemselvestoservers,buttrusttheclientsystemconcerningtheidentityofitsuser.3.Requiretheusertoproveidentityforeachserviceinvoked.Alsorequirethatserversprovetheiridentitytoclients.4.4WhatfourrequirementsaredefinedforKerberos?Secure:Anetworkeavesdroppershouldnotbeabletoobtainthenecessaryinformationtoimpersonateauser.Moregenerally,Kerberosshouldbestrongenoughthatapotentialopponentdoesnotfindittobetheweaklink.Reliable:ForallservicesthatrelyonKerberosforaccesscontrol,lackofavailabilityoftheKerberosservicemeanslackofavailabilityofthesupportedservices.Hence,Kerberosshouldbehighlyreliableandshouldemployadistributedserverarchitecture,withonesystemabletobackupanother.Transparent:Ideally,theusershouldnotbeawarethatauthenticationistakingplace,beyondtherequirementtoenterapassword.Scalable:Thesystemshouldbecapableofsupportinglargenumbersofclientsandservers.Thissuggestsamodular,distributedarchitecture.4.5Whatentitiesconstituteafull-serviceKerberosenvironment?Afull-serviceKerberosenvironmentconsistsofaKerberosserver,anumberofclients,andanumberofapplicationservers.4.6InthecontextofKerberos,whatisarealm?Arealmisanenvironmentinwhich:1.TheKerberosservermusthavetheuserID(UID)andhashedpasswordofallparticipatingusersinitsdatabase.AllusersareregisteredwiththeKerberosserver.2.TheKerberosservermustshareasecretkeywitheachserver.AllserversareregisteredwiththeKerberosserver.4.7Whataretheprincipaldifferencebetweenversion4andversion5ofKerberos?Version5overcomessomeenvironmentalshortcomingsandsometechnicaldeficienciesinVersion4.4.8WhatisthepurposeoftheX.509standard?X.509definesaframeworkfortheprovisionofauthenticationservicesbytheX.500directorytoitsusers.Thedirectorymayserveasarepositoryofpublic-keycertificates.Eachcertificatecontainsthepublickeyofauserandissignedwiththeprivatekeyofatrustedcertificationauthority.Inaddition,X.509definesalternativeauthenticationprotocolsbasedontheuseofpublic-keycertificates.4.9Whatisachainofcertificates?Achainofcertificatesconsistsofasequenceofcertificatescreatedbydifferentcertificationauthorities(CAs)inwhicheachsuccessivecertificateisacertificatebyoneCAthatcertifiesthepublickeyofthenextCAinthechain.4.10HowisanX.509certificaterevoked?Theownerofapublic-keycanissueacertificaterevocationlistthatrevokesoneormorecertificates.ANSWERSNSWERSTOPROBLEMS4.1ShowthatarandomerrorinblockofciphertextispropagatedtoallsubsequentblocksofplaintextinPCBCmode(Figure4.9).AnerrorinC1affectsP1becausetheencryptionofC1isXORedwithIVtoproduceP1.BothC1andP1affectP2,whichistheXORoftheencryptionofC2withtheXORofC1andP1.Beyondthat,PN–1isoneoftheXORedinputstoformingPN.4.2The1988versionofX.509listspropertiesthatPSAkeysmustsatisfytobesecure,givencurrentknowledgeaboutthedifficultyoffactoringlargenumbers.Thediscussionconcludeswithaconstraintonthepublicexponentandthemodulusn:Itmustbeensuredthate>log2(n)topreventattackbytakingtheethrootmodntodisclosetheplaintext.Althoughtheconstraintiscorrect,thereasongivenforrequiringitisincorrect.Whatiswrongwiththereasongivenandwhatisthecorrectreason?Takingtheethrootmodnofaciphertextblockwillalwaysrevealtheplaintext,nomatterwhatthevaluesofeandnare.Ingeneralthisisaverydifficultproblem,andindeedisthereasonwhyRSAissecure.Thepointisthat,ifeistoosmall,thentakingthenormalintegerethrootwillbethesameastakingtheethrootmodn,andtakingintegerethrootsisrelativelyeasy.Chapter5ElectronicMailSecurityANSWERSNSWERSTOQUESTIONS5.1WhatarethefiveprincipalservicesprovidedbyPGP?Authentication,confidentiality,compression,e-mailcompatibility,andsegmentation5.2Whatistheutilityofadetachedsignature?Adetachedsignatureisusefulinseveralcontexts.Ausermaywishtomaintainaseparatesignaturelogofallmessagessentorreceived.Adetachedsignatureofanexecutableprogramcandetectsubsequentvirusinfection.Finally,detachedsignaturescanbeusedwhenmorethanonepartymustsignadocument,suchasalegalcontract.Eachperson'ssignatureisindependentandthereforeisappliedonlytothedocument.Otherwise,signatureswouldhavetobenested,withthesecondsignersigningboththedocumentandthefirstsignature,andsoon.5.3WhydoesPGPgenerateasignaturebeforeapplyingcompression?a.Itispreferabletosignanuncompressedmessagesothatonecanstoreonlytheuncompressedmessagetogetherwiththesignatureforfutureverification.Ifonesignedacompresseddocument,thenitwouldbenecessaryeithertostoreacompressedversionofthemessageforlaterverificationortorecompressthemessagewhenverificationisrequired.b.Evenifonewerewillingtogeneratedynamicallyarecompressedmessageforverification,PGP'scompressionalgorithmpresentsadifficulty.Thealgorithmisnotdeterministic;variousimplementationsofthealgorithmachievedifferenttradeoffsinrunningspeedversuscompressionratioand,asaresult,producedifferentcompressedforms.However,thesedifferentcompressionalgorithmsareinteroperablebecauseanyversionofthealgorithmcancorrectlydecompresstheoutputofanyotherversion.ApplyingthehashfunctionandsignatureaftercompressionwouldconstrainallPGPimplementationstothesameversionofthecompressionalgorithm.5.4WhatisR64conversion?R64convertsaraw8-bitbinarystreamtoastreamofprintableASCIIcharacters.EachgroupofthreeoctetsofbinarydataismappedintofourASCIIcharacters.5.5WhyisR64conversionusefulforane-mailapplication?WhenPGPisused,atleastpartoftheblocktobetransmittedisencrypted.Ifonlythesignatureserviceisused,thenthemessagedigestisencrypted(withthesender'sprivatekey).Iftheconfidentialityserviceisused,themessageplussignature(ifpresent)areencrypted(withaone-timesymmetrickey).Thus,partoralloftheresultingblockconsistsofastreamofarbitrary8-bitoctets.However,manyelectronicmailsystemsonlypermittheuseofblocksconsistingofASCIItext.5.6WhyisthesegmentationandreassemblyfunctioninPGPneeded?E-mailfacilitiesoftenarerestrictedtoamaximummessagelength.5.7HowdoesPGPusetheconceptoftrust?PGPincludesafacilityforassigningaleveloftrusttoindividualsignersandtokeys.5.8WhatisRFC822?RFC822definesaformatfortextmessagesthataresentusingelectronicmail.5.9WhatisMIME?MIMEisanextensiontotheRFC822frameworkthatisintendedtoaddresssomeoftheproblemsandlimitationsoftheuseofSMTP(SimpleMailTransferProtocol)orsomeothermailtransferprotocolandRFC822forelectronicmail.5.10WhatisS/MIME?S/MIME(Secure/MultipurposeInternetMailExtension)isasecurityenhancementtotheMIMEInternete-mailformatstandard,basedontechnologyfromRSADataSecurity.ANSWERSNSWERSTOPROBLEMS5.1InthePGPscheme,whatistheexpectednumberofsessionkeysgeneratedbeforeapreviouslycreatedkeyisproduced?ThisisjustanotherformofthebirthdayparadoxdiscussedinAppendix11A.Letusstatetheproblemasoneofdeterminingwhatnumberofsessionkeysmustbegeneratedsothattheprobabilityofaduplicateisgreaterthan0.5.FromEquation(11.6)inAppendix11A,wehavetheapproximation:k1.18nFora128-bitkey,thereare2128possiblekeys.Thereforek1.1821281.182645.2Thefirst16bitsofthemessagedigestinaPGPsignaturearetranslatedintheclear.a.Towhatextentdoesthiscompromisethesecurityofthehashalgorithm?b.Towhatextentdoesitinfactperformitsintendedfunction,namely,tohelpdetermineifthecorrectRSAkeywasusedtodecryptthedigest?a.Notatall.Themessagedigestisencryptedwiththesender'sprivatekey.Therefore,anyoneinpossessionofthepublickeycandecryptitandrecovertheentireme