Solutions: Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, le transfers, and client/server exchanges are examples of transmissions that can be monitored. Active attacks include the modifcation of transmitted data and attempts to gain unauthorized access to computer systems.
List and briefly define categories of passive and active security attacks.
Solutions: Passive attacks: release of message contents and tra c analysis. Active attacks: masquerade, replay, modi cation of messages, and denial of service.
List and brie y define categories of security services.
Solutions: Authentication: The assurance that the communicating entity is the one that
it claims to be. Access control: The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do). Data con dentiality: The protection of data from unauthorized disclosure. Data integrity: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modi cation, insertion, deletion, or replay). Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance speci cations for the system (i.e., a system is available if it provides services according to the system design whenever users request them).
Consider an automated teller machine (ATM) in which users provide a personal identi cation number (PIN) and a card for account access. Give examples of con dentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirement.
Solutions: The system must keep personal identi cation numbers con dential, both in the host system and during transmission for a transaction. It must protect the integrity of account records and of individual transactions. Availability of the host system is important to the economic well being of the bank, but not to its duciary responsibility. The availability of individual teller machines is of less concern.
Consider a desktop publishing system used to produce documents for various organizations.
Give an example of a type of publication for which con dentiality of the stored data is the most important requirement.
Solutions: The system will have to assure con dentiality if it is being used to publish corporate proprietary material.
Give an example of a type of publication in which data integrity is the most important requirement.
Solutions: The system will have to assure integrity if it is being used to laws or regu-lations.
Give an example in which system availability is the most important requirement. Solutions: The system will have to assure availability if it is being used to publish a daily paper.
What are the essential ingredients of a symmetric cipher?
Solutions: Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm.
What are the two basic functions used in encryption algorithms? Solutions: Permutation and substitution.
One way to solve the key distribution problem is to use a line from a book that both the sender and the receiver possess.Typically, at least in spy novels, the rst sentence of a book serves as the key. The particular scheme discussed in this problem is from one of the best suspense novels involving secret codes, Talking to Strange Men, by Ruth Rendell.Work this problem without consulting that book! Consider the following message:
SIDKHKDM AF HCRKIABIE SHIMC KD LFEAILA
This ciphertext was produced using the rst sentence of The Other Side of Silence (a book about the spy Kim Philby):
The snow lay thick on the steps and the snow akes driven by the wind looked black in the headlights of the cars.
A simple substitution cipher was used.
What is the encryption algorithm?
Solutions: The rst letter t corresponds to A, the second letter h corresponds to B, e is C, s is D, and so on. Second and subsequent occurrences of a letter in the key sentence are ignored. The result
plaintext: basilisk to leviathan blake is contact
How secure is it?
Solutions: It is a monoalphabetic cipher and so easily breakable.
To make the key distribution problem simple, both parties can agree to use the rst or last sentence of a book as the key. To change the key, they simply need to agree on a new book.The use of the rst sentence would be preferable to the use of the last.Why? Solutions: The last sentence may not contain all the letters of the alphabet. If the rst sentence is used, the second and subsequent sentences may also be used until all 26 letters are encountered.
(a) Construct a Playfair matrix with the key largest. Solutions:
Construct a Playfair matrix with the key occurrence. Make a reasonable assumption about how to treat redundant letters in the key.
(a) Encrypt the message meet me at the usual place at ten rather than eight oclock” using
|the Hill cipher with the key94. Show your calculations and the result.|
The calculations proceed two letters at a time. Therst pair:
|5||7||15||mod 26 =||22|
The rst two ciphertext characters are alphabetic positions 7 and 22, which correspond to GV. The complete ciphertext:
|5||12||mod 26. Show the calculations for the|
|Solutions: For the rst pair:|
|152522mod 26 = 15|