网络安全技术英文习题集_网络安全技术
《网络安全技术》英文习题集Chapter 1 Introduction
ANSWERS NSWERS TO QUESTIONS
1.1 What is the OSI curity architecture?
The OSI Security Architecture is a framework that provides a systematic way of defining the requirements for curity and characterizing the approaches to satisfying tho requirements. The document defines curity attacks, mechanisms, and rvices, and the relationships among the categories.
1.2 What is the difference between passive and active curity threats?
Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, file transfers, and client/rver exchanges are examples of transmissions that can be monitored. Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems.
1.3 Lists and briefly define categories of passive and active curity attacks? Passive attacks: relea of message contents and traffic analysis. Active attacks: masquerade, replay, modification of messages, and denial of rvice.
1.4 Lists and briefly define categories of curity rvice?
Authentication: The assurance that the communicating entity is the one that it claims to be.
Access contr ol: The prevention of unauthorized u of a resource (i.e., this rvice controls who can have access to a resource, under what conditions access can occur, and what tho accessing the resource are allowed to do).
Data confidentiality: The protection of data from unauthorized disclosure.
Data integrity: The assurance that data received are exactly as nt by an authorized entity (i.e., contain no modification, inrtion, deletion, or replay). Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of h
aving participated in all or part of the communication. Availability rvice: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance
specifications for the system (i.e., a system is available if it provides rvices according to the system design whenever urs request them).
Chapter2 Symmetric Encryptionand Message Confidentiality
ANSWERS NSWERS TO QUESTIONS
2.1 What are the esntial ingredients of a symmetric cipher?
Plaintext, encryption algorithm, cret key, ciphertext, decryption algorithm.
2.2 What are the two basic functions ud in encryption algorithms? Permutation and substitution.
2.3 How many keys are required for two people to communicate via a symmetric cipher?
One cret key.
2.4 What is the difference between a block cipher and a stream cipher?
A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. A block cipher is one in which a block of plaintext is treated as a whole and ud to produce a ciphertext block of equal length.
2.5 What are the two general approaches to attacking a cipher?
Cryptanalysis and brute force.
2.6 Why do some block cipher modes of operation only u encryption while others u both encryption and decryption?
In some modes, the plaintext does not pass through the encryption function, but is XORed with the output of the encryption function. The math works out that for decryption in the cas, the encryption function must also be ud.
2.7 What is triple encryption?
With triple encryption, a plaintext block is encrypted by passing it through an encryption algorithm; the result is then pasd through the same encryption algorithm again; the result of the cond encryption is pasd through the same encryption
algorithm a third time. Typically, the cond stage us the decryption algorithm rather than the encryption algorithm.
2.8 Why is the middle portion of 3DES a decryption rather than an encryption? There is no cryptographic significance to the u of decryption for the cond stage. Its only advantage is that it allows urs of 3DES to decrypt data encrypted by urs of the older single DES by repeating the key.
2.9 What is the difference between link and end-to-end encryption?
With link encryption, each vulnerable communications link is equipped on both ends with an encryption device. With end-to-end encryption, the encryption process is carried out at
the two end systems. The source host or terminal encrypts the data; the data in encrypted form are then transmitted unaltered across the network to the destination terminal or host.
2.10 List ways in which cret keys can be distributed to two communicating parties.
