网络安全技术英文习题集-网络安全技术

《网络安全技术》英文习题集Chapter1IntroductionANSWERS NSWERS TO QUEST IONS

1.1What is the OS I securityarchitectureThe OS I Secur i tyArchitecture i s a framework that provides a systemat i c way of defining the requirements for secur ity andcharacterizing theapproaches tosatisfying thoserequ i rements.The documentdefines secur ityattacks,mechanisms,and services,and there I at i onsh i ps among these categori es.1o2What is the difference between passive and active security threatsPassive attacks have to dowith eavesdropping on,or monitor ing,transmissions.Electronic mail,filetransfers,and client/server exchanges are examp Ies oftransmissions that can bemonitored.Activeattacks incIudethe modification of transmitteddata and attempts to gain unauthor ized access tocomputer systemso

1.3Lists andbriefly definecategories of passiveand activesecurityattacksPass i ve attacks:re I ease ofmessage contents and trafficana Iys i sAct i veattacks:masquerade,orep I ay,modification ofmessages,and den i a I of serviceo

1.4Lists andbriefly definecategories ofsecurity serviceAuthentication:The assurance that the communicating entity is the one that it claims to beoAccess controI:The prevention of unauthorizeduse of a resource ie,this servicecontroIs whoo ocan have access to a resource,under whatconditions access can occur,and whatthose access i ngtheresource are a I I owed to do.Data confidentiality:The protection of data from unauthor i zeddisciosureoData integr ity:The assurancethat data rece i ved areexact I y assent by an author i zed entityi e.,conta i n nomodification,i nsert i on,de Ieti on,or rep I ay.Nonrepudiation:Provides protection aga i nst deni a Iby one of the entities i nvoIved i n acommunication of hav i ngparticipated i n a I I or partof the commun i cat i on.AvailabiIity serviceThe propertyof a system or asystemresource being accessibIe andusabIe upondemandby an author izedsystem entity,according toperformance specifications for the system ioe.,asystem i s ava i IabIe i f itprov i des services according to the systemdesign wheneverusersrequest them.41Show that a randomerror inblock of cipher textis propagated to al I subsequentbIocks ofpIOa i ntext inPCBC modeFigure

49.OAn error in Claffects Plbecause the encryption ofCl is XORed withIV to produce P

1.Both Cland Plaffect P2,which is the XOR of theencryption ofC2with the XORofCland Plo Beyondthat,P-1i s one of the XORed inputs to forming P.N N42The1988version ofX.509I ists properties thatPSA keys must satisfyto besecure,given currentOknowI edgeabout the d i f f i cuI tyof factoringlarge numbersThe discussioncone Iudes with0a constrainton the pub I ic exponentand themodu Ius n:It must be ensuredthat e Iog2n topreventattack by taking the eth root mod nto disciosethe plaintext.Although the constraint iscorrect,the reasongiven forrequiring it is incorrect.What iswrong with the reasongiven andwhatis the correct reasonTaki ngthe ethroot modn of a ciphertext b I ock wi I I a I ways revea I the p I a i ntext,no matterwhat the vaIuesof eand n are Ingenera I this is a verydifficult problem,and indeed is thereasonowhy RSAis secure.The pointis that,if e is toosmall,then taki ngthe norma I i nteger ethrootwi I I be the sameas taki ngtheethrootmodn,and taking integer ethroots is relatively easyoChapter5Electronic Mai I SecurityANSWERS NSWERS TO QUEST IONS5o1What arethe fiveprincipal services provided byPGPAuthentication,confidentiality,compression,e—mai Icompatibi Iity,and segmentation

5.2What is the utilityof a detached signatureA detached signature is usefuI in severaIcontexts A user maywish tomaintain aseparate s i gnatureoIogof a I Imessages sentor rece i vedAdetacheds i gnature of an executab Ie programcan detectosubsequentvi rus infect ion.Final Iy,detached signaturescan be used whenmore than one partymustsign adocument,such as a IegaIcontracto Eachperson1ss i gnaturei s i ndependentand thereforei s appI i edon Iyto thedocument Otherwise,signatures wouldhave to be nested,with the secondosigner signingboth thedocument and the fi rst s i gnature,and soon5o3Why doesPGP generateoa signature beforeapplying compressiona It is preferabIe tos ign anuncompressed messageso thatone canstore on Iy theuncompressed messageotogetherwith the signature forfuture verif icat ion If one signeda compresseddocument,then itowould be necessaryeither tostore a compressed version of the message forIater veri f i cat i onor to recompress the messagewhen veri f i cat i on i srequ i redo bEven i f onewere willi ngoto generate dynamica Ilya recompressedmessage forver ification,PGP scompress i on algor ithmpresents adifficulty.The a Igor ithmi s not deterministic;var ious implementations of the algorithmachieved i fferent tradeoffs in runningspeed versuscompression ratioand,as aresult,producedifferent compressedforms.However,these differentcompress i on a Igor ithms are i nteroperabIebecause anyvers ion of thea Igor ithm cancorrect Iy decompress theoutput of any otherversion Applyingothe hash function and signatureafter compressionwouId constrain a I I PGP imp Iementat i onsto thesamevers i onof the compression a Igor ithmo

5.4What isR64conversionR64converts araw8-bit binarystream to a stream of pr intabIe ASCI I characters.Each groupof threeoctetsof binarydata ismapped into four ASCI I characters

5.5Why isR64conversion usefuI for ane-maiI applicationWhenPGPi s used,at I east partof theb I ock to be transmitted i s encryptedo I fon I ythe signatureservice i s used,then the message digest i sencrypted with the senders pr i vate key.If theconf ident ia Iity serv icei s used,the message pI uss i gnaturei f presentare encrypted witha one-time symmetr i c key Thus,part ora I I of the resultingbIock consists of astreamof arbitraryo8—bit octetsHowever,many electronicma iI systems on Iy permitthe use of bIockscons i st i ngoof ASCI I text.5o6Why isthe segmentation and reassemblyfunction inPGP neededE-mai I faci I ities often are restr icted to a maximummessage Iength.

5.7How doesPGP use the conceptof trustPGPi ncIudes a faci Iity for ass igni ng a I eve I of trust to i nd i viduaIs igners and tokeyso8What isRFC8225oRFC822defines a format fortext messages that aresent using electronic mail.9What isMIME5oMIME is an extension to theRFC822framework that is intended to addresssome of the prob Iems andI imitations of the use of SMTPSimple Ma i ITransfer ProtocoI or some other mai I transferprotocoland RFC822for electronicmai I

5.10What isS/MI MEoS/MIME Secure/Mu11i purpose Internet Ma iIExtens i on i s a secur ityenhancement to the MIMEInternete-ma iI formatstandard,based ontechno Iogyfrom RSAData Security.ANSWERS NSWERS TO PROBLEMS1In thePGP scheme,what isthe expectednumber of session keysgenerated beforea previouslycreated5okey is producedTh i s i s justanother form of theb irthday paradoxd i scussed i n Append i x11A Letus stateothe prob Iemas one of determiningwhat number ofsession keysmust be generatedso that the probabiIityof a dupI i catei sgreater than05From Equati on116in Appendix11A,we have the approximation:o Ook

1.18nFor a128一bit key,there are2128possibIe keysTherefore k

1.

1821281.18264o

5.2The first16bits of the message d i gest in a PGPsignature aretranslated in the clear.a Towhat extent does thiscompromise the security of the hash algorithmoTo whatextentdoes it in fact performits i ntended funct i on,name Iyto helpdetermine ifbo9thecorrectRSA keywas used to decrypt the digestaNot at a I I oThe messaged igest i sencryptedwith the senderspr i vate key Therefore,anyoneo oi n possession of the pub I ic key can decrypt it and recover the ent i re messaged igestob Theprobabi I ity that a messagedigest decryptedwith thewrong keywouId have an exactmatch ion the f irst16bits with the originalmessaged igest i s2-

1606.3In Figure

5.4,each entryin the pub I ic-key ringcontains anowner trustfield that indicatesthe degreeoftrustassociated withthis pub I i c-key owner.Why is that notenough That is,if thisowneris trustedand this is supposed to bethe owners pub Ii c key,why is not thattrust enoughtopermit PGPto usethis pub Iic keyWetrust th i sowner,but that does notnecessar iI ymean thatwe cantrust thatwe are i npossessi onof thatowner1s pub Ii ckey.

7.4Consider radix-64conversion as aform of encryption.In this case,there isno key.But supposethat an opponentknew onlythat some form ofsubstitution algorithmwas being used toencrypt Englishtext anddid notguess it was R

64.How effectivewould this algorithm be against cryptanalysisItcerta inlyprovides moresecur itythan amonoaIphabet i c substitution.Because we are treating the pI a i ntextas astr i ng ofbits and encrypt i ng6bits at a time,weare not encryptingindividualcharacters Therefore,the frequencyi nformat i on i s I ost,or at I eastsignificantlyobscured.

8.5Phi IZimmermann choseIDEA,three-key tripleDES,and CAST-128as symmetric encryption algorithmsfor PGPo Givereasons whyeach of the fol lowing symmetricencryption algorithmsfor described in thisbookis suitableor unsuitableforPGP:DES,two-key tripleDES,and AESODESis unsuitablebecause of its shortkey sizeTwo—key tripleDES,which has a key I ength of112obits,i ssuitable.AES i s a I sosuitable.Chapter6IP SecurityANSWERS NSWERS TO QUEST IONS

6.1Give examp Ies of appIications of IPSecSecure branchoffice connectivityover the Internet:A companycan builda securev irtua I pr i vatenetwork over the I nternet orover a pub I i cWAN.Th i s enab I es a bus i nessto re I yheavi lyon the I nternet and reduce itsneed for pr i vate networks,saving costs and network management overhead.Secure remoteaccess overthe Internet:An end user whosesystemi s equ i ppedwith IPsecur i typrotoco Iscanmake a I oca I ca I I to anI nternetservice providerISP andgain secureaccessto acompany networkoThis reduces the cost of to I Icharges fortraveIi ngempIoyees andteI ecommutersoEstab Ii shi ngextranet and intranet connectivitywith partners:IPSec can be used to securecommunicationwith otherorgan i zat i ons,ensur i ng authentication and confidentiality and provi d i ng a key exchange mechan i smEnhanc i ngeI ectron i ccommerce securi ty:Even thoughsomeoWeb andelectronic commerceapp I i cat ions havebuilt-in secur ity protocols,the useof IPSecenhancesthat secur ity.

6.2What serviceare providedby IPSecAccesscontroI;connectionless integr ity;data originauthentication;rejection ofrep I ayed packetsaformofpart i a Isequence i ntegrity;conf i dent i a I ity encrypt i on;and IimitedtrafficfIow confidentiality6o3What parameters identify an SA andwhat parameterscharacterize the natureof a particular SAA secur ityassociation i s uniquelyidentified bythree parameters:Secur ityParameters I ndex SPI:A bitstring ass i gned toth i sSA andhav i ng I oca Isignificance on I y.The SPI i s carr i edi nAH andESP headersto enab Ie the receiving systemto seIect the SAunder wh i cha receivedpacketwi I I beprocessedo IPDest i nat i on Address:Current Iy,on Iyun icast addresses are a I I owed;th i s i stheaddress of the destinationendpoint of the SA,wh i ch may be anenduser system ora network systemsuch as af i rewal Iorroutero Secur ity ProtocoI Identifier:This indicates whetherthe association i s an AHor ESPsecur ityassociation Asecur ityassociation i s norma I Iydefinedoby the fol lowingparameters:Sequence NumberCounter:A32-bit vaIueused to generate the SequenceNumber field in AHor ESPheaders,descr ibed in Sect ion

6.3requi red for a I I implementationsSequence CounterOverf I ow:A fI agindicating whetheroverf I ow of theSequenceNumber CounteroshouIdgenerate anauditable eventand preventfurther transmissi onof packetson th i sSA required for a I I implementations Anti-Rep I ay Window:Used to determine whetheran i nbound AHoroESP packet i s a rep I ay,descr i bed i n Secti on

6.3requ ired for a I I implementationsAHoInformation:Authentication algorithm,keys,key I i fetimes,and re Iated parametersbeing usedwithAH required for AH implementations.ESP Information:Encryption and authent i cat i on a Igor ithm,keys,initial izationvaIues,key I ifetimes,andre Iated parametersbe i ngusedwith ESPrequ ired for ESPimp I ementat ionsLifet imeof thi s Securi tyAssociat ion:A time i nterva Iorobyte countafter which anSAmust berep Iacedwith a new SA and newSPI or terminated,pI us anindication ofwhich of these actionsshouId occurrequ ired for a I I implementations.I PSecProtocoIMode:TunneI,transport,or wiIdcardrequ iredfor a I I implementations.These modes are di scussedIater i nth i s sect i onPath MTU:Any observedpath maximumtransmission unitmaximum size of aopacketthat can be transmittedwithout fragmentation and aging var iabIes requiredfor a I I impIementations.

6.4What isthe difference between transportmode andtunnel modeTransportmode prov i desprotection pr imar iIy forupper-layer protocoIs.Thati s,transport modeprotectionextends to the pay I oadof anIP packetTunne Imode prov i desprotection to the entireoIP packeto65What is a replay attackOA repI ayattack i sonei nwh ichanattacker obtains a copyof an authent i cated packetand Iatertransmitsit to the intendeddestination Thereceipt ofdupIicate,authent i cated IP packets maydoi sruptserv icei n someway or may havesomeotherundes ired consequenceo6o6Why doesESP incIudea paddingfieldIf an encrypt i on a Igor ithmrequ ires the pI a i ntextto be a multip Ie of somenumber ofbytese.g.,the multiple of a single bIockfor abIock cipher,the Padd i ngfieldi s used to expandthepI a i ntext cons i sti ngof thePay Ioad Data,Paddi ng,Pad Length,and Next Header fieldsto the required Iength.

2.The ESPformat requires that the PadLength andNext Headerfields beright a Iigned withina32-bi tword Equivalently,the ciphertextmust bean integermultipleof32bits.The Paddingfield is used to assure th i s a Iignment.

3.Additional paddi ngmay beaddedto providepart i a I traffic fIowconfidentiality byconceaIi ngthe actuaI Iength of the pay Ioad.6o7What arethe basicapproaches tobund IingSAsTransport adjacency:Refers to applying more thanonesecur ityprotocol to the sameIPpacket,withoutinvoking tunneIing.This approachto combiningAH andESP a I Iowsfor on Iy oneI eve I ofcombination;further nesti ngyields noadded benefitsi nee the processing isperformed atone IPSec instance:the ultimatedestination.Iterated tunneIi ng:Refers to the appI icat ionof multipleIayers ofsecur ity protocoIseffected throughIP tunneIi ng Th i sapproach a I Iowsfor multipleI eve Is ofonesting,si nee eachtunneI canor iginateorterminateatadifferent IPSecsite a Iong thepath

6.8What arethe rolesof theOak Ieykey determinationprotocol andISAKMP in IPSec ISAKMPby itseIfdoes not di ctatea specifickey exchange algor ithm;rather,ISAKMP cons i sts of a set ofmessagetypes thatenab Iethe useof avar iety ofkeyexchangea Igor ithms.Oak Ieyi sthe specifickeyexchange algorithmmandated for use with the initialversionofISAKMP.ANSWERS NSWERS TO PROBLEMS

6.9In discussingAH processing,itwasmentioned thatnot alI of the fields in anIP header areincIuded in MAC calculation.a.For eachof the fieldsin the IPv4header,indicate whetherthe fieldis immutable,mutabIe butpredictable,or mutabIezeroed prior to ICV calculation.b.Do the same for theIPv6headeroc.Do the same for theIPv6extension headers.In eachcase,justify yourdecisionfor eachfield.a Immutable:Version,Internet HeaderLength,TotaI Length,Identification,ProtocoIoThi sshouId bethe vaIuefor AH,Source Address,Dest inat ion AddresswithoutOIoose orstr ictsource rout ing.None of these arechanged byrouters intransito MutabIebutpredictable:Destination Addresswith Iooseor strictsource routingAt each i ntermedi aterouterodes ignated i n the source routi ng Ii st,the Desti nati onAddress fieldis changedto indicatethenext designatedaddress.However,the sourcerouting fieldconta i ns the i nformat i onneededfor doing the MACcaIcuI ati on.Mutable zeroedpr i or to ICV calculation:Type of Service TOS,Flags,Fragment Offset,Time toLi veTTL,Header Checksum.TOS may be alteredby arouter toref Iecta reducedservice.FIags andFragment offsetarealtered ifan routerperforms fragmentation.TTL is decreased ateach router.The HeaderChecksumchanges ifany of these otherfields change.b Immutab Ie:Version,Pay IoadLength,NextHeaderThios shou Id bethe va I ueforAH.,Source Address,Destination Addresswithout RoutingExtension HeaderMutabIebut predictable:Destination Addresswith RoutingExtension HeaderMutabIe zeroedpr iortoICVcalculation:Class,FI owLabe I,Hop Limitc.IPv6options i n theHop一by一Hop andDestinationExtension Headerscontain abit that indicateswhetherthe optionmight changeunpredictably duringtransito MutabIebut predictable:Rout ingNot AppI icable:Fragmentat ionoccurs afteroutboundIPSec processingand reassembIyoccur beforeinbound IPSecprocessing,so theFragmentation ExtensionHeader,if itexists,i s not seenby IPSec.602When tunnelmode is used,a newouter IPheader isconstructed.For bothIPv4and IPv6,indicatethe relationshipof eachother IPheader fieldand eachextension headerin theouter packetto thecorrespondingfield orextension header of the inner IPpacket.That is,indicate whichouter valuesarederived frominner vaIues and which are constructedindependently of the innervalues.1The IPvers i on i nthe encapsu I ati ng headercan be di fferent from the va I uei nthe innerheader.2The TTLi nthe i nner headeri sdecremented by theencapsuI atorpr ior toforwardi ngandby thedecapsuIator if it forwardsthe packet.3src and dest addressesdepend on the SA,which is used to determine thedest address,which inturndetermines whichsrc addressnet iinterfaceis used to forwardthe packet.4configuration determineswhether tocopy from the innerheader IPv4only,cI earor set theDF.5If InnerHdr i s IPv4,copy theTOS.If InnerHdr i s IPv6,map theClass toT0SO o5I fI nnerHdr i s IPv6,copy theCI ass.I fI nnerHdr IPv4,map theTOS toCI ass.Chapter7Web SecurityANSWERS NSWERS TO QUEST IONS

7.1What arethe advantagesof eachof the three approachesshown inFigure

7.1The advantage of usingIPSec Figure

7.1a is that it is transparentto endusers and appIicat ionsand provides a general-purpose soIut i on.Further,IPSec i ncIudesafi Iter ing capabiIityso thaton Iy seIectedtraff ic needi ncurthe overheadof IPSecprocessing The advantageof using SSLisothat itmakes useof therel iabiI ityand fIowcontroI mechan i smsof TCPTheadvantageappIOication-specific security servi cesFigure71c i sthat the servicecan beta iI oredto thespecific needsof a given appIicat ion.O

1.2What protocolscomprise SSLSSLhandshake protoco I;SSL changec i pher specprotoco I;SSL aI ertprotoco I;SSL recordprotocolo73What isthe differencebetween an SSL connection and an SSL sessionOConnecti on:A connectioni sa transportin theOSI Iayer i ng mode I definitionthat providesasuitable typeof service.For SSL,such connectionsare peer—to-peer relationships.The connectionsaretransiento Everyconnection isassociated with one session.Session:An SSLsession is anassociation between a cIient and a server Sessionsare createdby theHandshake ProtocoI.Sessionsodefine aset ofcryptographic security parameters,which can be sharedamong multipleconnect ionsoSessionsare used to avoidthe expensi ve negotiationof newsecurityparameters for each connection.74List andbriefly definethe parametersthat define anSSLsession state.OSess ionident if i er:An arbitrarybyte sequencechosen by the serverto ident i fyan act i veorresumabIe sessionstate.Peer certificate:An X509v3certificate of the peer.Compression method:The algor ithm usedto compressdata prior toencrypt ion.Cipher spec:Specifies thebuIk dataencryption algorithm such as null,DES,etcand a hash algor ithm such as MD5or SHA-1used foroMACcalculation ItaI so def i nescryptographic attributes such as the hash_size Mastersecret:oo48一byte secretshared betweenthe cI ientandserver.Is resumable:A flagindicating whetherthesession can be usedto initiatenew connectionso

7.5List andbriefly definethe parametersthat defineanSSLsession connection Server and cIientorandom:Byte sequences that arechosen by the server andcIientfor eachconnect i onServerwr ioteMAC secret:The secret key used i nMAC operat ions ondata sentby theserver.Cl ientwrite MACsecret:The secret key used inMACoperations ondata sentby thec Ii ent.Server writekey:Theconvent iona I encrypt i on key fordata encryptedby theserveranddecrypted by thec Ii ent.Cli entwr i tekey:The convent i onaI encryptionkey fordata encryptedby theclient anddecryptedby theserver Initialization vectors:When abIock c i pherinCBC modei s used,an initializationovector IVi sma inta i ned for each key.Th i s fieldi sfi rstinitial izedby theSSL HandshakeProtoco I Thereafterthe finalc i phertextb I ockfrom eachrecord i s preservedforuse as theoIVwith the fol lowingrecordo Sequence numbers:Each partymaintains separatesequence numbersfortransmitted andreceived messagesfor eachconnection.When a party sendsor receivesa change cipherspec message,the appropriate sequencenumber i s setto zeroSequencenumbersmay notexceed264-

1.

7.6What services are providedby theSSL RecordProtocolConfidentiality:The HandshakeProtocoI defines a sharedsecret key that is used for convent i onaIencryption ofSSL payIoads Message Integr ity:The HandshakeProtocoI aI sodef i nesa shared secretokey that i susedto forma message authentication codeMACo

7.7What stepsare invoIvedin theSSL RecordProtocol transmissionConfidentiality:The HandshakeProtocoI def i nesasharedsecret keythat i susedforconventi onaI encryption ofSSL payloads.MessageIntegrity:The HandshakeProtocol aI sodefines asharedsecret keythat i susedtoforma message authentication codeMAC.

7.88List andbriefly definethe principalcategories ofSET participants.Cardho I der:IntheeI ectronicenv ironment,consumers andcorporate purchasersi nteract withmerchants frompersona Icomputers overthe Internet.A cardhoI deri san author i zedholder ofapayment carde g,MasterCard,Visa that has beenissued by an issuer.Merchant:A merchantisoa personor organizationthathasgoods orservices toseI I to the cardholder.Typical ly,these goodsandservices areoffered via a Website orby electronicmail.A merchantthat acceptspayment cardsmusthave a relationship with an acqu i rer.I ssuer:Thi si sa financialinstitution,such as abank,thatprovi desthe cardhoIderwiththe payment card.Typically,accounts areappI iedfor andopenedby ma iIorin personUltimately,it i sthe i ssuerthat i s responsiblefor the paymentoof thedebt of thecardhoI der.Acqu irer:Th i si saf i nanc iaIi nsti tuti onthat estabIi shesan accountwith amerchant andprocesses paymentcard authorizat ions and payments.Merchantswi I I usuaI Iy acceptmorethanone creditcard brandbut do not wantto deaIwith multiplebankcardassociations orwith multiplei nd ivi dua Ii ssuers Theacquirer provides author ization toothe merchantthata given cardaccount isactive and that theproposed purchasedoes notexceed thecreditIimit.The acquirer aI soprovides electronictransfer ofpayments to the merchants account.Subsequent Iy,the acquirer i s reimbursedby thei ssuerover somesort ofpayment networkfor eIectronicfunds transfer.Payment gateway:This isa functionoperated by the acquirer ora designatedthi rd party thatprocesses merchantpayment messagesThe payment gateway i interfaces betweenSET andotheex i sti ng bankcardpayment networksfor authori zat i on and paymentfunctionso The merchantexchanges SETmessages withthepaymentgateway overthe Internet,while thepaymentgateway has somedi rector networkconnect i on to the acquirersf inanciaI process i ngsystem Certificationoauthority CA:This i sanentity thati s trusted toi ssueX509v3pub Ii c-key certificatesoforcardhoIders,merchants,and paymentgateways Thesuccess ofSET wi I I depend on the existenceoof a CAi nfrastructure avaiI ablefor thispurpose As was di scussedinprevious chapters,aoh ierarchy ofCAs i sused,so thatparticipants neednot bedi rectIy certifiedby aroot authority9What isa dualsignature andwhat is its purpose7oA duaIsignature is usedtosign twoconcatenated documentseach with its ownhash codeThe purposeoof the duaIs ignaturei stoIink twomessages that areintended for two differentrecipients Inothiscase,the customerwants tosend theorder information01to themerchant and thepayment information PIto thebank.Themerchantdoes notneed to know the customers creditcard number,and thebankdoes notneed toknow thedeta iIs of thecustomersorderoANSWERS NSWERS TO PROBLEMS1In SSLand TSL,why isthere aseparate ChangeCipher SpecProtocol,rather thanincluding a7ochange-cipher-spec message in theHandshake ProtocolThechangecipherspec protocoI exists tosignaI transitionsin ciphering strategies,and can be senti ndependent of the comp Iete handshakeprotocoI exchange.

7.2Based onwhat you have I earned inthis chapter,isitposs iblein SSLfor therece iver toreorderSSL recordb I ocks thatarrive out of orderIf so,exp lainhow it can bedone.If not,why notSSLre Ii es onan under lying re Ii abIeprotocol to assure thatbytes arenot Iostor insertedoTherewas somedi scuss ionof reengineeringthe future TLSprotocoI towork overdatagram protocoIs suchasUDP,however,most peopIeatarecent TLSmeet ingfelt thatth i swas i nappropri ateIayer ingfrom theSSL FAQ.Chapter8Network ManagementSecurityANSWERS NSWERS TOQUEST IONS81In whatsense isanetwork management architectureconsidered integratedOAsingle operatoriinterfacewith apowerfuI butuser—fr iend Iyset ofcommands forperformingmost oraI I networkmanagement tasks.2A minimalamount ofseparate equipmentoThat is,most ofOthehardware and software requiredfornetworkmanagement i sincorporated into the exi st inguserequipment.

8.2What arethe keyelements of the SNMPmode IManagementstation,management agent,management information base,networkmanagementprotocolo8o3What isa MIBChapterSymmetr ic EncryptionandMessage Conf i dentiaIi tyANSWERS NSWERS TOQUEST IONS21What arethe essentialingredients of a symmetriccipherOPI a i ntext,encrypt i onalgorithm,secret key,ciphertext,decrypt i ona Igorithm.2What arethe twobasic functionsused inencryption algorithms2oPermutation andsubstitution.

2.3How manykeys are required fortwo peopIeto communicateviaasymmetric cipherOnesecret key.24What isthe differencebetween ablock cipherand astream cipherOAstream cipheris onethat encrypts a digitaldata streamone bitor onebyte ata timeA bIockoci pheri sone in which abIock ofpI a i ntexti streated asa wholeand usedtoproducea ciphertextbIock of equaIlength.

2.5What arethe twogeneral approaches to attackinga cipherCryptanalysisand bruteforce.

2.6Why dosome blockcipher modesof operationonly useencryption whileothers useboth encryptionand decryptionIn somemodes,thepI aintext does not passthrough theencrypt i on funct i on,but i sXORedwiththe outputoftheencryption functionThe mathworks outthat for decryption in thesecases,theoencryption functionmust aI sobe usedo

2.7What istriple encryptionWithtriple encrypt ion,a plaintext bIock i sencryptedby passingit throughanencrypt i onaIgori thm;the resulti sthen passedthrough the same encryption aIgori thm again;the resultofthe secondencrypti oni s passedthrough the same encrypti onalgorithm ath i rd timeTyp i caIIy,thesecondstage usesthe decrypti onaIgorithm rather than theencryptionaIgori thm.8Why isthe middleportion of3DES adecryption ratherthan anencryption cryptographic2oThere i snosignificance to the useof decryption for thesecond onlyadvantage isthat itaI Iowsstage Itsby usersof3DES todecrypt dataencrypted theolder singleDES byrepeating thekey

2.o ousersof9What isthe differencebetween Iink andend-to-end encryptionTomanage resourcesin the network,each resourceis representedas an object An object i s,essenti aI I y,a datavariab I ethatrepresents oneaspect ofthe managedagent ThecoI Iect i on ofoobjectsi sreferred to asamanagementi nformati onbaseMIBo804What basiccapabiI itiesor commandsare providedin SNMPvlGet:enab Iesthe management station toretr i eve thevaIue of objects atthe agent.Set:enab I esthe managementstat i ontosettheva I ue ofobjects atthe agentNot i fy:enab Iesan agenttoonot i fy themanagementstati onof significantevents.

8.5What isthe function of anSNMP proxyToaccommodate devicesthatdo not imp Iement SNMP,the conceptof proxywas deve Iopedo In this schemeanSNMP agent acts asa proxy for one or moreother devices;thati s,the SNMP agentactson behaIfofthe proxieddeviceso8o6Briefly explain theSNMPvl0An SNMPcommunity isarelationshipbetween anSNMPagent and aset of SNMP managersthat definesauthentication,access contro I,and proxycharacter isticsThe community concept i saI oca I one,odefined atthe agent.The agentestab Ii shesone commun i tyfor eachdes ired combinat ionofauthent icat ion,access controI,and proxycharacter isticsEach communityi sgiven aunique withinoth i sagent communityname,and themanagers within that communityare providedwith andmust empIoythe communityname inaI I getand setoperat i ons.The agent may estab Ii sha number ofcommunities,with overI appi ngmanager membership.8o7What isthe relationshipamong SNMPvl,SNMPv2and SNMPv3SNMPvl isthe originalstandard versionofSNMP.SNMPv2added functionaIcapabiI ities to thoseofSNMPvl andchanged someformats.SNMPv3isa security faciIitythat canwork witheither SNMPvlorSNMPv2o

8.8What threatsis USMdesigned tocounterMod if icati onof information:An entity couId aI teranin-trans itmessage generatedby anauthori zedentityin sucha wayas to cause unauthor i zed management operations,including thesettingofobjectvaIues.The essenceof thi s threat isthatanunauthori zedentitycould changeanymanagement parameter,including thosereIatedto configuration,operations,and accounting.Masquerade:Management operationsthat arenot author ized forsome entitymay be attempted bythatentity by assuming theidentity of anauthori zedentity.Message streammodification:SNMP is designed tooperate over a connectionlesstransport protocol.There isa threatthat SNMP messages couId bereordered,deIayed,or replayeddupl icatedtocauseunauthori zedmanagementoperations.Disclosure:An entitycould observeexchanges between a managerand anagentand thereby I earn thevaIuesof managed objects andI earnof notifiableevents.

8.9What isthe differencebetween anauthoritative and a noauthoritative engineIn anymessage transmission,one ofthe twoentities,transmitter orreceiver,is designatedas theauthor itative SNMPengine,according to the fol lowing rules:1When anSNMP messageconta ins aopayIoad thatexpects a response for examp Ie,a Get,GetNext,GetBuIk,Set,or InformPDU,thenthe receiverof suchmessages isauthori tative.

2.When anSNMPmessageconta insapayIoadthat doesnot expectaresponsefor exampI e,an SNMPv2Trap,Response,or ReportPDU,then thesenderof sucha messageisauthor itati veo810What iskeyI oca Iizat i onOA Ioca Ii zedkey is definedinRFC2574asa secret key shared between a user and oneauthor itativeSNMPengi neThe objectiveisthat the user need on Iy ma inta inasingle keyortwokeys iof both authent icati onandpri vacyarerequ iredand thereforeneedonIy rememberone passwordortwo TheactuaI secretsshared betweena part i cuI ar userand eachauthor itativeSNMP engineoaredifferento Theprocess bywhichasingle userkey isconverted intomultiple uniquekeys,one foreachremote SNMPengine,is referred to askey localization.8o11List andbriefly definethe eIementsthat compriseVACM.Group:aset of zeroor moresecur ityModel,secur ityNametup Ieson whosebehaIf SNMPmanagementobjects canbe accessedoSecurity I eve I:Determines accessrights for a group.For exampIe,anagent may allow read-onIyaccess fora requestcommunicated in an unauthenticatedmessage but mayrequi reauthent icationforwr iteaccess Context:a namedsubset ofthe objecti nstancesintheoI oca I MIB.Contexts providea usefuIwayof aggregating objectsinto collections withdifferentaccess policies.MIB view:a specificset ofmanagedobjectsand optionallyspecific objectinstances.Access policy:a particularset of access rightsANSWERSNSWERS TO PROBLEMS8o1SNMPvl defines a datatype referredto asgauge and the following expI anati onofthesemanticsof thistype:This application-wide typerepresents anon-negative integer,which mayincrease ordecrease,butwhich Iatchesatamaximum valueThis standardspecifies amaximum valueof232—14294967295decoi maI forgaugesoUnfortunate I y,the wordlatch isnotdef i ned,andthishas resuI tedintwo di fferentinterpretations.The SNMPv2standard clearedup theambiguity withthe following definition:Thevalue of a Gauge has its maximum value whenever the information being mode ledis greaterthan orequaItothat max i mumvalue;if thei nformati on be i ng modeI edsubsequently decreasesbelowthe maximum value,the Gaugealso decreases.a.What isthe alternativeinterpretationbo Discuss the prosand consofthe two interpretationsoa.The va I ueof aGaugehas its maximumva Iuewhenevertheinformation be i ngmodeI edi sgreaterthan or equaI tothat maximumvalue;ifthei nformati onbeingmode Iedsubsequent I ydecreases beIowthe maximumvalue,the Gaugeremains atthe maximumvaIue Thegauge can onI yobe reI easedfrom thismaximumvaIue bysubsequent managementacti onobo TheSNMPv2interpretation provi desa reaIi stic representationoftheunderlyingvaIue ataI Itimes,subject tothe Iimitation ofthe gauge.However,a managermay wanttoknowthat somemaximumvaIue has been reachedor exceeded.Bysticking”the gaugeatits maximumvaIueunti Iitisnot icedandreI easedby amanager,thisi nformati onispreserved.802In SNMPvl,any objectinaMIB isdefined hashaving aMIB Access Category,which canbe assignedtheone ofthefollowing values:read-only,read-write,write-only,and not-accessibIe.A readisaccompI ishedwith aget ortrap operation,and awrite isaccompI ishedwith aset operationForowrite-only,the objectmay beavai IabIefor getand trapoperation butthisisimpIantation dependent.The MIBAccessCategoryspecifies themaximum accessthat maybea11owed foranobject,but intheSNMPvl community,the AccessMode may further restrictthis accessforagiven communityprofileoIn thefollowingtable,fill ineach entryto showthe accessaII owed.MIB AccessSNMPAccess ModeCategoryREAD-ONLY READ—WR ITEread-onlyread-writewr ite-on1yNot——accessible

8.3a RFC2574states thatforano authoritativeengine,the vaIuesof msgAuthoritativeEngineBootsoand msgAuthoritativeEngineTime inanoutgoing message headerareset onlyif the message is to beauthenticatedby the authoritative receiverWhy doesthis restrictionmake senseb However,fora0oResponse messagefrom anauthoritativeengine,the vaIuesof msgAuthoritativeEngineBoots and msgAuthoritativeEng ineT imein the outgoingmessageheaderareaIwaysseto Whymight thisbe soa.Th is restr ict ionmakes sensebecause theauthoritativerece iver wi IIonI y checkthosefields ifthe messageisto be authenticatedob.Keep inmind thatin thecase oftheauthoritative sender,these vaIuesrepresent the“officialI oca I vaIuesof snmpEngineBootsandsnmpEngi neTime.When theResponse messageisreceived bythenon—author ititaveengine,it may onIyuse thesevaIues forsynchronization ifthemessagei sauthenticated.However,an implementationmight perhapsuse thesevaIues fora reality checkvevenon non一authenti cated Responsemessages.Chapter9IntrudersANSWERS NSWERSTOQUEST IONS

9.1List andbriefly definethree classesof intruders.Masquerader:An individualwho isnot authori zed tousethecomputer andwho penetratesa systemsaccess controIsto exploita legitimate usersaccount.Misfeasor:A legitimateuser whoaccessesdata,programs,or resourcesfor whichsuch accessisnotauthorized,or whois authorized forsuchaccess butmisuses hisor herpr ivileges.Clandestine user:An individuaIwho seizessupervisorycontroI ofthe systemand usesthiscontroIto evadeauditing and access controlsortosuppressaudit collection.2What aretwo commontechniques usedto protecta passwordfile9oOne一way encryption:The systemstores onI yan encrypted formofthe users passwordoWhen the userpresents a password,the systemencrypts that password andcompares itwiththe storedvaIue.In practice,the systemusua II yperforms aone-way transformat i onnot reversibIe in which thepasswordis usedtogeneratea keyfor theencryptionfunction andin whicha fixed一Iength outputisproducedo AccesscontroI:Access tothe passwordfile is Iimitedto one ora veryfew accountso3What arethree benefitsthat canbe providedby anintrusion detectionsystem I fani ntrusi9oon is detectedquickly enough,theintruder canbe identifiedand ejectedfromthe system beforeanydamage is doneor anydata arecompromi sedEven ifthe detectionisnot sufficientlytimelyoto preempttheintruder,the soonerthat theintrusion is detected,the I esstheamount ofdamageand themore quicklythat recoverycanbeachievedo2An effectiveintrusion detectionsystem canOserve asadeterrent,so acting to preventintrusions

3.Intrus i on detectionenab Iesthe coIIect ionof information aboutintrusion techniquesthat canbe usedto strengthen the intrusionpreventionfaciIity.

9.4What isthe differencebetween statisticaIanomaIy detection and rule-based intrusiondetectionStat isticaIanoma I y detectioni nvoI vesthecoII ectionof data relating tothe behaviorof legitimate users over a period of time.Then statisticaltests areappI iedto observedbehaviorto determinewith ahigh I eve Iof confidencewhether thatbehavior isnotlegitimateuserbehavior.RuIe—Based Detectioninvolves an attempt todefineaset of ruIes that canbe usedtodec ide thatagiven behavioristhat of an intrudero9o5What metricsare usefulfor profiled-based intrusiondetectionCounter:A nonnegative integer that maybe incremented butnot decrementedunti Iit isreset bymanagementaction.Typically,a countof certainevent typesis keptoveraparticular period oftimeoGauge:A nonnegativeintegerthatmaybeincrementedor decrementedoTypicaI Iy,a gaugeis usedtomeasure thecurrent vaIueof someentity IntervaItimer:The Iength oftimebetween tworeIatedevents.oResource utiIization:Quantity ofresources consumeddur ingaspecified periodo

9.6What isthe differencebetween rule-based anomaIydetectionandrule-based penetrationidentificationWithruIe一based anomalydetection,historical auditrecords areana Iyzedto identifyusage patternsandtogenerateautomat icaII yru Iesthatdescr ibethose patterns.Ru Ies mayrepresent pastbehaviorpatterns ofusers,programs,pr iviIeges,time sIots,terminaIs,andsoon Currentbehaviorois thenobserved,and eachtransaction ismatched againstthe setofruIestodetermineif itconformsto anyhistor ically observedpattern ofbehavior RuIe-based penetrationidentification usesruIesofor identifyingknown penetrat ions orpenetrationsthat wouId exploitknown weaknessesRuIes canoaI sobe definedthatidentif ysusp icious behavior,even whenthebehavioris within thebounds ofestab Ii shed patternsof usageTypically,the ruIesusedin thesesystems arespecificto themachine and operating systemAlso,such rulesare generatedby expertsratherthanby meansoofan automatedana lysisof auditrecords.9o7What isahoneypotHoneypots aredecoy systemsthat aredes ignedtoIure a potent iaIattacker awayfrom criticalsystems.9o8What isa salt in thecontext ofUNIX passwordmanagementThe saltiscomb ined withthe passwordatthei nputtotheone—way encryptionroutine.9o9List andbriefly definefour techniques usedtoavoid guessablepasswordsoUser education:Users canbe toIdthe importanceofusinghard-to-guess passwordsand canbe providedwithguide Iinesfor selectingstrong passwords.Computer一generated passwords:Users areprovidedpasswords generatedby a computer algorithm.React ive passwordcheck ing:the systemper iodicalIyruns itsown passwordcracker to find guessabIepasswords.The systemcanceIs anypasswords thatareguessed andnotifies the user.Proact ive passwordcheck ing:a user isaII owedto seIecthisor herown password.However,atthetime ofseIection,the systemchecks tosee ifthe passwordisaI IowabIeand,ifnot,rejects it.ANSWERSNSWERSTO PROBLEMS

1.1The encryptionscheme usedfor UNIXpasswords isone way;it is not possible to reverseit.Therefore,would itbe accurateto saythat thisis,infact,a hash code ratherthan anencryptionof thepasswordYes2It wasstated that the inclusionofthe saltin the UNIXpassword schemeincreases thedifficulty9oof guessingbyafactor of4096But the salt is stored inpIaintextin the same entryas theocorrespondingcipher textpassword.Therefore,those twocharacters areknown tothe attackerandneed not be guessed.Why isit assertedthatthe salt increasessecurityWithout the salt,the attacker can guessapasswordandencrypt it.If ANYoftheusers ona systemusethatpassword,then therewi II bea matchWith thesalt,the attackermust guessa passwordoand then encryptit onceforeach user,usingtheparti cuI arsalt foreachuser.3Assuming thatyouhavesuccessful lyanswered thepreceding problemand understand thesigni9oficance ofthesalt,here isanother question Wouldn,titbe possibleto thwartcomp IeteIyaloI passwordcrackers bydramatically increasingthesaltsize to,say,24or48bits11depends onthesizeoftheuser popuIation,not thesizeofthesalt,sinee theattackerpresumab I yhas access tothesaltforeachuser Thebenefit ofI argersalts isthatthe Iargerothe salt,the Iess Ii keIyit isthattwo userswi II havethe samesalt.Ifmu11ipIeusers havethesamesa11,thentheattackercando oneencryption perpasswordguess totest aIIof thoseusers.Chapter10Malicious SoftwareANSWERSNSWERSTOQUESTIONS

10.1What isthe roleof compressionin theoperation ofa virusAvi rusmay usecompress ionso thatthei nfected programisexactly thesame Iengthas anuninfectedversiono

10.2What isthe roleof encryptionintheoperation ofa vi rusA portionofthe vi rus,genera IIycaII eda mutationengine,creates arandom encryptionkeyto encryptthe remainderofthevi rusThe key isstoredwiththevi rus,and themutation engineoitself isaI teredo When aninfected programisi nvoked,thevi rus usesthe storedrandom keytodecryptthevirus.When thevirus repIi cates,adi fferentrandom keyisseIectedo103oWhat aretypicaI phasesof operationofa vi rusor worm10o4In generalterms,how doesa wormpropagate1Search forother systemsto infectby examininghost tabIes orsimi Iar repositories ofremotesystem addresses2EstabIisha connectionwith aremote system3Copy itselftotheremoteo osystemand cause the copyto berun.

10.5What isa digitalimmune systemTh issystem providesa genera I—purpose emuIationandvi rus—detect ionsystem.The objectiveisto providerapid responsetime so that vi ruses canbe stampedout almostas soonas theyareintroducedo Whenanewvirusenters anorganizat ion,the immunesystem automaticallycaptures it,ana Iyzesit,adds detectionand shieldingfor it,removes it,and passesi nformation aboutthatv irus tosystems runningagenera I antivirus programso thatitcanbe detectedbefore it isaII owedtorun eIsewhere.10o6How doesbehavior-bIocking softwareworkBehavior-blocking softwareiintegrates withthe operatingsystem ofa hostcomputer andmonitorsprogram behaviorinreal-time for ma Iiciousactions.The behaviorblocking softwarethen bIockspotentia IIymaI iciousact ionsbefore theyhave achance toaffect thesystem.10o7What isa DDoSAdeniaIofserviceDoS attackisanattemptto preventlegitimateusersofaservice fromusi ngthat service.When this attackcomes fromasinglehost ornetwork node,then it issimply referredtoasaDoS attack.A moreser iousthreatis posedbyaDDoS attack.In aDDoS attack,an attackerisabIe torecruit a number ofhosts throughoutthe Internetto simultaneouslyorina coordinatedfashionIaunch anattack uponthe targetoANSWERSNSWERSTO PROBLEMS

10.1There isa flawinthevirus programof Figure

10.

1.What isitThe programwi IIIoop indefinitely once aIIoftheexecutab IefiIesinthesystem areinfectedo10o2The questionarises asto whetherit ispossibletodeveIop a program thatcan anaIyze apieceof softwaretodetermineifitisavirusConsider thatwe havea programD that is supposedto beoableto dothat.That is,for anyproblem P,if werun DP,the resu11returned isTRUEP isa virusNow considerthefollowing program:Program CV:=oMain-program:={if DCV thengoto next:Else infect-executabIe;}next;In thepreceding program,infect-executabIe isa moduIethat scansmemory forexecutabIe programsandreplicates itselfin thoseprograms Determineif Dcan correctlydecide whetherCV isa virus.oD issupposedtoexamine aprogram Pand returnTRUE ifP isacomputervirusand FALSEifitisnoto ButCV callsD If Dsays that CV isavirus,then CVwill notinfectan executabIeBut ifDo osaysthatCVis notavirus,it infectsan executabIe.D alwaysreturns thewrong answer.Chapter11Fi rewalIsANSWERSNSWERSTOQUESTIONS11o1List threedesign goalsforafirewalIo

1.1o Al Itraffic from insideto outside,and viceversa,must passthrough thefi rewa II Thoisis ach i evedby phys i caI Iy blockingaII accesstothe IocaI networkexcept viathefirewaI IVar ious configurationsare possi bIe,as expIainedIaterinthis section

2.Ono oIyauthorized traffic,as definedbythelocal security policy,wi II beaII owedto passoVarious types of千i rewa IIsareused,which impIementvar ioustypes ofsecuri ty polici es,as expIainedI aterinthissection

3.The fi rewa IIitselfis immuneto penetrationo oThisimpIi esthat useofa trusted systemwith a secure operat ingsystemo

1.2List fourtechniquesusedby firewalIsto controlaccess andenforce asecurity policyoServicecontrol:Determines thetypesofInternet services thatcanbe accessed,inboundor outboundThefi rewaI I mayfi Iter traffic onthe basisof IP address andTCP portnumber;may provideproxysoftware thatreceives andinterprets each service requestbefore passingit on;ormayhost theserversoftware itself,such asa WebormaiI serviceDi rectioncontroI:Determines thedirect ion ionwhich particularservice requestsmaybeinit iated andaII owedtofIowthrough thefi rewaI IUser controI:ControIs accesstoaserv iceaccord ingtowh ichuseris attemptingto accessoit.Th is featureis typically appIi edtousers insidethe fi rewaI Iper imeterlocal users.Itmay aI sobe appIi edtoincomi ngtrafficfromexterna Iusers;the Iatterrequ ires someformof secureauthentication technology,suchasis providedinIPSecBehavior controI:Contro Is howoparticuIarservicesareusedo For exampIe,thefi rewaIImayfi Itere-maiItoeIimi natespam,oritmayenab Ie externaI accesstoonIya portionofthei nformationonaIocaIWeb server.

1.3What informationisusedbyatypicaI packet——fiItering routerSourceIPaddress:The IPaddress ofthesystem that originated the IP packetoDestination IPaddress:The IPaddress ofthesystemtheIPpacket istrying toreach.Source anddestination transport-leveladdress:The transportI eveIeg.,TCP orUDP portnumber,wh ich definesapp Iicationsosuch asSNMP orTELNETo IPprotoco Ifield:Defines the transport protocoII interface:For arouterowith threeor moreports,wh ichinterface ofthe routerthe packetcame fromor wh ichi interfaceofthe routerthe packetisdest ined foro

1.4What aresome weaknessesofa packet-fiItering routerpreventattacks thatempIoy appIication—specific vulnerabiI itiesor functionsForexampIe,a packetofi Iter firewaII cannotbIock specificappIi cationcommands;ifa packet fiIter firewaII aIIows agiven appIication,aII functi onsava iI abIewithinthatappIicat ionwiII bepermitted2Because ofthe Iimitedi nformationava iIabIe tothe fi rewaII,the IoggingfunctOionaI itypresent inpacket fi Iter fi rewaIlsis Iimited Packetfi IterIogs normaIIyconta inothe sameinformationusedtomake access controI decisionssource address,destination address,and traffictype

3.Most packetfi Iter firewaI Isdo notsupport advanceduser authenticationschemes.oOnce aga in,thisIimitation is most Iy due totheI ack of upper—Iayer functionalitybythefirewaI I.4They aregeneraIly vulnerab Ieto attacksand exploits thattake advantageof probI emswithinOthe TCP/IP specificationand protocoIstack,suchasnetwork Iayeraddress spoofingo Manypacket fiIterfi rewaIIs cannotdetect anetwork packetinwh ich theOSILayer3address inginformati onhasbeenaI teredo Spoofingattacks aregeneraIIy empI oyedby intruders tobypass thesecurity controIsimplemented inafirewaIIpI atform.

5.Finally,duetothe smaI I number of variabIesusedinaccesscontroIdecisions,packetfiI terfi rewaIIs aresusceptible tosecurity breachescaused byimproper configurat ionsoInother words,itiseasy toaccidental lyconfigure a packetf iIterfirewaIItoaI lowtraff ictypes,sources,anddest inat ionsthat shouId bedeniedbased onan organization1s informationsecurity policyo

1.5What isthedifferencebetweenapacket—fiIteringrouter anda statefuIinspect ionfi rewalIAtraditional packetfiItermakes fiItering decisi onsonanindivi duaIpacket basisanddoes nottake intoconsideration anyhigher Iayercontext.A statefuIinspection packetfiItertightens upthe ruIesfor TCPtraffic bycreat ingadi rectory ofoutbound TCP connections,as shownin TabIe

112.There isanentry foreach currentIyestabIishedconnection Thepacket fiooIter wi IInow allowincoming trafficto high—numbered portsonIyforthose packetsthat fittheprof iIeof oneofthe entri esinthisdirectory.11o6What isan appIication-I eveI gatewayAnappIicat ion-1eveIgateway,aI so called aproxy server,acts asareIayof appIi cation-1eveItraff ic.11o7What isa circuit-level gatewayAci rcuit-level gatewaydoesnotpermit anend—to-end TCPconnection;rather,the gatewaysets uptwoTCPconnections,one between itself anda TCPuser onan innerhost andone betweenitself andaTCP useronanoutside hostOnce thetwo connectionsare estabIi shed,the gatewaytypicaIly reIays TCPsegments fromone connection tothe other withoutexamining thecontents.The security functionconsistsof determiningwh ich connectionswi II beaIIowed.11o8What arethe differencesamong the three configurationof Figure

11.2The screened host firewalI,single—homed bast ionconfiguration Figure112a,thefi rewaIIconsistsoof twosystems:apacket—fiItering routerandabastion host;the Iatterperforms authenticationandproxy functions.In thesingle-homed configurationjust descr ibed,ifthe packet-fi Iteringrouteri scomp IeteIycompromi sed,traffic couIdfIow directIythrough therouter betweenthe Internetandother hostsonthepr ivatenetworko ThescreenedhostfirewaII,duaI—homed bastionconfigurationphys icaI Iyprevents suchasecuritybreach.In thescreened subnetfirewaII configuration,twopacket-fiIteringrouters areused,one betweenthe bastion host and theInternet andone betweenthebast ion host andthei nternaI networkoThis configurationcreates ani soIated subnetwork,which maycons istofsimply thebastionhostbutmayaIso incIude oneor moreinformati onserversand modemsfor dial—incapabiIityo

11.9In thecontext ofaccess control,what isthe differencebetweenasubject and an objectA subject isanentity capab Ieofaccessingob jectsGenera IIy,the conceptof subjectequatesowith thatof processAny user or appIicationactua IIygains accessto anobject bymeans ofoaprocess thatrepresents thatuserorappIication.Anobjectisanything towhich accessis controIIedExamples incIudefiles,portions offiles,programs,and segmentsof memory.o11o10What isthe differencebetween an access controlI istandacapabi Iity ticketWithIi nk encryption,each vuI nerabIecommunications Ii nkisequipped onboth endswithan encryptiondevice Withend-to—end encryption,theencryptionprocessiscarriedout atothetwo endsystems.The sourcehost orterminaI encryptsthe data;the datainencrypted formarethen transmitteduna Itered acrossthe networktothedestinationterminaI orhosto2o10List waysinwhichsecret keyscanbedistributed totwo communicatingparties Fortwo partoi es Aand B,key di stri but ioncanbeachieved inanumber ofways,as foIIows:1A canseIect a key andphys icaI Iyde Ii ver it toB.2A thi rd party canseIectthekey andphys icaI IydeIiverit to Aand B.3If Aand Bhave previouslyand recentIyused a key,one partycan transmitthe newkeytothe other,encrypted using the oIdkeyo4If Aand Beach hasan encryptedconnectiontoa thirdpartyC,C candeliver a key onthe encryptedIinks toAandBo

2.11What isthe differencebetweenasession key andamaster keyAsessionkey isatemporary encryptionkey used between twopr incipals.A master keyisaI ong一I astingkeythatisusedbetweenakey distribution center andaprincipal forthe purposeofencoding the transmission ofsession keys.Typically,the masterkeys aredistributed bynoncryptographicmeanso2o12What isakey distribution centerAkey distributioncenter isasystemthatisauthorizedto transmittemporary sessionkeys toprincipals.Each sessionkey istransmitted inencryptedform,using amasterkeythatthekeydistr ibut ioncenter shareswiththetarget principa IoANSWERSNSWERSTO PROBLEMS21What RC4key valuewi IIIeave Sunchanged duringinitiaIizationThat is,afterOthe initialpermutation ofS,the entriesofSwiII beequaI tothe valuesfrom0through255inascending orderoUseakey of Iength255bytes.The firsttwo bytesare zero;thatisK

[0]=K

[1]Thereafter,we=0ohave:K

[2]=255;K

[3]=254;…K

[255]=

2.2o2If abit erroroccurs inthetransmissionofaciphertext characterin8-bit CFBmode,how fardoesthe errorpropagateN ine pIaintext characters are affectedThe pIaintext charactercorrespond ingtothe ciphertextocharacterisobv iousIy altered.In addition,the alteredciphertext characterenters theshiftregister andisnotremoved untiI thenext eightcharactersareprocessed.For eachobject,an accesscontroIIistIi stsusers andthei rpermitted accessrights.A capabiIityticket specifiesauthorized objectsandoperati onsfora user.

11.11What arethetworules thata referencesmonitor enforcesNoread up:A subjectcan onIyread anobject ofIessorequaI securi tyIeveI Nowr iteodown:AsubjectcanonIy write i nto anobject ofgreater orequaI securityIeveI.11o12What propertiesare requiredofareferences monitorCompIete mediation:The security ruIesare enforcedon everyaccess,not just,forexampIe,whena fileisopenedo Isolation:The reference monitor anddatabase areprotected fromunauthor izedmodificationVer ifiabiIity:The referencemonitors correctnessmust beprovab Ie Thatis,ito omust be possibIeto demonstratemathematical lythatthereferencemonitorenforces thesecur ityruIesandprovidescompIetemediat ionand isolationo11o13What arethe commoncriteriaThe CommonCr iter ia CCfor InformationTechno Iogyand Security EvaIuat ionisaninternationalinitiative bystandards bodiesinanumber of countriestodeveI opinternational standardsforspecifying security requirements anddef iningevaluation criteria.ANSWERSNSWERSTOPROBLEMS

11.1As wasmentioned in Section

11.1,one approachto defeatingtheti nyfragment attackisto enforcea minimum Iengthofthetransport header thatmust beconta ined inthe first fragmentof anIPpacket.If thefirstfragment is rejected,alIsubsequent fragmentscanberejected.However;thenatureofIPis such that fragmentsmay arriveout oforder.Thus,an intermediatefragment maypassthrough thefiIter beforethe initialfragment isre jectedHow can thissituat ionbehandIedIt willbe impossi bIeforthedestination hostto compIete reassembIyofthepacketifthef irstfragmentis missing,and thereforetheentirepacket wiIIbedi scardedbythedestinationafter atime-out

11.2In anIPv4packet,the sizeofthepayIoadinthefi rstfragment,in octets,is equalto TotalLength-4X IHL.If thisvalue isless thanthe requiredminimum8octets forTCP,then thisfragmentandtheentire packetare rejectedSuggest anaIternat ive methodof achievingtheosame resuIt usingonly theFragment Offsetfield.WhenaTCP packetis fragmentedso asto forceinterestingheader fieldsoutofthe zero-offset fragment,there mustexist afragment withFO equaIto

1.If apacket withFO=1is seen,conversely,it couldindicate thepresence,inthefragmentset,ofazero-offset fragmentwith atransportheaderIengthofeight octetsDiscarding thisone—offset fragmentwiII bIockreassembIy atthereceivinghostandbe aseffective as thedi rectmethoddescribed aboveo

11.3The necessityofthe“no readup ruleforamulti IeveIsecure systemis fairlyobvious.What isthe importanceofthe“no write down ruleThepurpose ofthe”no writedownrule,or*一property istoaddress theprobIemof Trojanhorsesoftware Withthe-property,information cannot be compromisedthrough theuseofa TrojanhorseoUnder thisproperty,aprogramoperatingonbeha If of one usercannot beusedtopass informationtoany userhaving aIower ordisjoint accesscI ass.23Key distributionschemes usinganaccesscontrol centerand/orakeydistributioncenter haveOcentralpoints vulnerableto attackDiscussthesecurity impIicat ionsof suchcentralizationo oThecentra Ipoints shouIdbe highlyfault一toI erant,should bephysicaIIysecured,and shouIdusetrusted hardware/software.Chapter3Pub Ii c-Key Cryptographyand MessageAuthenticationANSWERSNSWERSTOQUESTIONS1List threeapproaches tomessage authentication.3oMessage encryption,messageauthenticationcode,hash function.

3.2What ismessageauthenticationcodeAn authenticator thatisa cryptographicfunct ionofboth the datato beauthent icatedanda secretkeyo

3.3Briefly describethe threeschemes iIlustrated inFigture

3.2Oa A hash codeiscomputed fromthesourcemessage,encrypted usingsymmetricencryptionanda secretkey,and appendedtothemessage Atthe receiver,thesamehash codeiscomputed.The incoming codeisdecrypted usingthesamekeyandcompared withthe computedhash codeb Thios isthesame procedureasinaexcept thatpubI ic一key encryptionisused;the senderencryptsthe hashcode withthe sender,spri vate key,andtherece iver decryptsthehashcode withthesender1s pub Iic keyc Asecret vaIueis appendedtoa message andthen ahashcodeis caIcuIatedousingthemessagepI us secret vaIueasinput.Then themessage withoutthe secretvaIue andthehash codeare transmitted.The receiverappends thesame secretvaIue tothemessageand computesthehash vaIueoverthemessagepIussecretvaIue.Thi sisthen comparedtothereceived hashcodeo4What propertiesmust ahash functionhavetobe usefuIfor messageauthentication3o1H canbe appIiedtoabIockofdata ofany size.2H producesa fixed-length output.3H xisrelativelyeasy tocompute forany given x,making bothhardware andsoftwareimplementations practicaI.4For anygiven vaIueh,itis computationaI IyinfeasibIe tofind xsuchthatH x=ho Thi sis sometimesreferredtointheIiterature astheone-way property.5For anygiven bIockx,itiscomputati onaIIy infeasible tofindy手x withH y=H xo6It is computationallyinfeasibletofind anypa ir x,y suchthat Hx=H y.

3.5In thecontext ofahash function,what isa compressionfunctionThe compressionfunct ionisthe fundamentaI modu Ie,or basicbui Idingb Iock,ofahash functionoThehashfunctionconsi stsofiterated applicationofthe compressionfunctiono3o6What arethe principalingredients ofa pubIic-key cryptosystemPlaintext:This isthe readabIemessage ordata thatis fedinto thealgorithm as input.Encrypt ionaIgori thm:The encryptionalgorithmperforms various transformationsontheplai ntextoPubI ic andpri vate keys:Thisisapa irofkeys thathave beenseIected sothat ifone isusedfor encryption,theotherisusedfordecryptionThe exacttransformations performedbytheencryptoi onalgorithmdepend onthe pubIicorpri vatekeythatis providedas inputCiphertext:Thisis thescrambIed messageproduced asoutputo Itdepends onthe plaintextandthekey For agivenmessage,otwo differentkeys wiI I producetwo differentciphertexts.Decryption algorithm:This algorithmacceptsthe ciphertextandthematching keyand producesthe originalplaintext.

3.7List andbriefly definethree usesofa pubIic-key cryptosystemEncryption/decryption:The senderencryptsa message withthe recipients pub Iic key Digitalosignature:The sender“signs”amessage with itspri vatekeySigning isachieved bya cryptographicoalgorithm appliedtothemessage ortoasmaIIblock ofdata thatisa function ofthemessageKeyoexchange:Two sidescooperate toexchangeasess ionkeySeveraI different approaches are possoi bIe,i nvoIvingtheprivatekeysofoneor bothparties.38What isthe differencebetweenaprivate keyandasecret keyOThekey usedinconventionaIencryptionistypically referredtoasasecretkey Thetwookeys usedfor pubIic一key encryptionare referredtoasthe pubIickeyandtheprivate keyo3o9What isdigital signatureAdigital signatureisanauthenticationmechan ism thatenabIesthe creator ofa messagetoattach acode thatacts asasignature.The signatureis formedbytakingthehashofthemessageand encryptingthemessagewiththecreatorsprivatekey Thesignature guaranteesthe sourceoandintegr ityofthemessageo

3.10What isa pubIic-key certificateApubic一key certificateconsistsofapubIic keyplus aUser IDofthekey owner,withthewhoIe bIocksigned bya trustedthirdparty.Typ icaIIy,thethirdparty isa cert ificateauthor i ty（CA）thatistrustedbytheuser communi ty,suchasa governmentagency orafi nanciaIi nsti tution.11HowcanpubIic-key encryptionbeusedto distributeasecretkey3oSevers Idifferentapproachesarepossi bIe,involving theprivatekey（s）ofoneor bothparties Oneapproach is Diffie—He IIman keyexchange Anotherapproach isforthe senderto encrypto oa secretkey withthe recipientspubIic key.ANSWERSNSWERSTOPROBLEMS1Consider a32-bit hash function definedastheconcatenation oftwo16-bit functions:XOR and3oRXOR,def inedin Section32as“two simplehashfunction.a WiIIthis checksum detect alI errorsOocaused byan odd number of error bitsExp Iain WiIIthischecksumdetectalI errors causedoboby an even number of error bits Ifnot,characterize the error patternsthat wi11causethechecksumto fail,c.Comments onthe effectivenessof thisfunction foruse ahash functionsfor authenticationoaYeso TheXOR functionissimply avert icaIpar ity check.Ifthere isan odd number ofoerrors,then theremustbeat Ieast onecoI umn that conta insan odd numberof errors,and theparitybit forthatcoI umnwiII detecttheerror.Note thatthe RXORfunctionaIsocatchesa IIerrorscaused byanoddnumberof error bitsEach RXORbit isafunctionofa unique“spioraI ofbits inthe bIockofdataIf thereisanoddnumberof errors,then theremustbeatIeastoone spiralthat containsanoddnumberoferrors,andthepar itybit forthat spiralwiIIdetectthe errorob.Noo Thechecksum wiIIfai Ito detectan even numberoferrors whenboththeXOR andRXOR functionsfaiI Inorder forboth tofail,the patternoferrorbits mustbeati ntersectionpoints betweenoparity spiralsand paritycoIumns suchthat thereisanevennumberoferrorbitsineach paritycoIumnandanevennumberoferrorbits ineach spiraIoCo Itis toosimple tobeusedasasecure hashfunction;finding multiplemessages withthesamehashfunction wouIdbe tooeasy3o2Suppose H（加）isacoIIisionresistant hashfunction thatomapsamessageof arbitrarybit lengthinto ann-bit hashvaIue.Is ittrue that,for alI messagesx,x withx*x,we haveHC*）手H（x，）Exp lainyour answeroThestatement is faIse Suchafunctioncannotbeone—to-one becausethe numberofinputs toothefunct ionisof arbitrary,but thenumberofun iqueoutputs is2n.Thus,there aremultiplei nputsthat mapi ntothesameoutput.33Perform encryptionanddecryptionusingtheRSA algorithm,asinFigture

3.9,forthefollowing:Oa p=3;q=11;e=7;M=5ob.p=5;q=11;e=3;M=9Co p=7;q=11;e=17;M=8d.p=11;q=13;e=11;M=7e.p=17;q=31;e=7;M=2Hint:Zhcryption isnot ashard asyou think;use somef inesseooa.n-33;〃=20;t/=3；C=26b.n:55;〃=40;d=27；C=

14.c.n二77；〃=60;d=53;C=

57.don=143;〃二120；4=11；C=

106.en-527；〃=480;d-343;C=128For decryption,we haveoO128343mod527=1282561286412816128412821281mod527二352563510147128=2mod527=2mod25734In apubIic-key systemusing RSA,you interceptthe ciphertext R10sent toauserwhose pubOIic keyise=5,属35What isthepIaintext MlM二535In anRSA system,the pubI ickey ofagivenuser ise=31,n=3599What isthe privateOokey ofthis userd=

30313.6Suppose wehaveasetofbIocks encodedwiththeRSA algorithmand wedon thave theprivate key,Assume n=pq,eisthepubIickey.Suppose alsosomeone telIs usthey knowoneofthep IaintextbIockshasa common factor with n.Does thishelp usin anywayYes.IfapIaintextbIock hasacommon factorwith n moduIon thenthe encodedbIock wiIIaIsohaveacommonfactorwithnmoduIon.Because weencode blocksthataresma IIerthanpq,the factormustbep or q andthepIaintextbIock mustbeamu11ipIeofpor qWe canotesteach bIockfor primality.Ifpr ime,itisporq.Inthiscasewe divideinton tofindtheotherfactor Ifnot prime,we factorit andtry thefactors asdivi sorsof n.o7Consider aDiffie-He11man schemewithacommon primet^11andaprimitive root3^23ooa.If userAhas pubIickey YA=9,what isAsprivatekeyXAbo Ifuser BhaspubIickeyYB=3,what isthe sharedsecretkeyKa.XA=6b.K=3Chapter4Authent ication ApplicationsANSWERS NSWERSTOQUESTIONS1What problemwas Kerberosdesigned toaddress4oThe probIem thatKerberos addressesisthis:Assume anopen di str ibutedenvi ronment inwhichusersat workstationswish toaccess serviceson serversdistributed throughoutthe networkoWe wouIdIi kefor serverstobeabIe torestrict accessto authorizedusers andtobeabIe toauthenticaterequests forservice.Inthisenvi ronment,a workstat ion cannotbe trustedto ident ify its userscorrect Iyto networkserviceso42What arethree threatsassociated withuser authenticationoveranetwork orInternetOA usermay gainaccesstoaparti cuIar workstat ionand pretendtobeanother useroperatingfrom thatworkstat ion.

2.A usermayaIterthenetworkaddress ofa workstationsothatthe requestssentfromthealtered workstationappear tocome fromthe impersonatedworkstation.3AusermayOeavesdrop onexchanges andusearepIayattacktogainentrance toaserverortodisrupt operationso

4.3List threeapproachestosecure userauthentication ina distributedenvironment.Re Iy oneach individuaIcIientworkstationtoassure theidentity ofits useror usersandreIyoneach serverto enforceasecuritypolicy based on useridentif ication ID.2Requi rethatcI ientsystems authenticate themseI vesto servers,but trustthecIientsystemOconcerning theidentity ofitsuser.

3.Requi retheuserto proveidentity foreachservicei nvokedoAlso requirethat serversprove their identityto cIients.4What fourrequirements aredefined forKerberos4oSecure:A networkeavesdropper should notbeabIetoobtain thenecessary informationto impersonateauser.More generaIIy,Kerberos shouIdbe strongenough thatapotentiaI opponentdoes notfindittobetheweak Iink.Rei iabIe:ForaIIservicesthatreIyonKerberos foraccesscontro I,I ackof avai labi IityoftheKerberos servicemeans IackofavailabiIityofthesupportedservices.Hence,Kerberos shouldbe highlyrel iableand shouIdempIoy adistr ibutedserverarchitecture,withonesystem abIeto backup anotheroTransparent:IdeaI Iy,theusershouldnotbeaware thatauthentication is takingpIace,beyond therequirement toenterapassword.Sea Iable:The systemshouIdbecapabIeofsupport ingIarge numbersofcIients andservers.Thi ssuggestsa modular,distributed architectureo4o5What entitiesconstitute afulI-service KerberosenvironmentA fuII—service Kerberosenvi ronmentconsi stsofaKerberos server,anumberof cIients,and anumberof application servers.

4.6In thecontext of Kerberos,what isa realmArealm isan environmentinwhich:

1.The Kerberos server musthavetheuser IDIIID andhashedpassword ofaII participatingusers initsdatabase.Al Iusers areregistered withthe Kerberosserver2The Kerberosserver mustshare asecretkeywith eachserver.AlIservers areregi steredoOwith theKerberosserver.

4.7What arethe principaldifferencebetweenversion4and version5ofKerberosVers ion5overcomessome envi ronmentaIshortcomings andsome technicaIdeficiencies inVers ion4O

4.8What isthe purposeoftheX509standardoX.509definesaframework forthe provisionof authenticationservices bytheX500directory tooitsusers.The directory mayserveasa repositoryof pubIic-key certificates.Each certificatecontai nsthepubIickeyofauserandissigned withtheprivatekeyofatrustedcertification authority.In addition,X509defines alternativeauthentication protocoIsbasedontheuseof pubIic—keyocertificates.49What isa chainof certificatesOAcha inofcertificates consistsofasequence ofcertificates createdby differentcertificationauthor ities CAsinwhich eachsuccess ive certificateisacertificateby oneCA thatcertifiesthepubIickeyofthenext CAinthe chain.

4.10How isan X.509certificate revokedTheowner ofapubIic—keycani ssuea certificaterevocat ionIistthat revokesoneormorecertificates.ANSWERSNSWERSTOPROBLEMS。