《网络安全技术英文习题集-网络安全技术》由会员分享,可在线阅读,更多相关《网络安全技术英文习题集-网络安全技术(36页珍藏版)》请在金锄头文库上搜索。
1、网络安全技术英文习题集Chapter 1 IntroductionANSWERS NSWERS TO QUESTIONS1.1 What is the OSI security architecture?The OSI Security Architecture is a framework that provides a systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. The document
2、 defines security attacks, mechanisms, and services, and the relationships among these categories.1.2 What is the difference between passive and active security threats?Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, file transfers, and client/server
3、exchanges are examples of transmissions that can be monitored. Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems.1.3 Lists and briefly define categories of passive and active security attacks?Passive attacks: release of message c
4、ontents and traffic analysis. Active attacks: masquerade, replay, modification of messages, and denial of service.1.4 Lists and briefly define categories of security service?Authentication: The assurance that the communicating entity is the one that it claims to be. Access control: The prevention of
5、 unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do).Data confidentiality: The protection of data from unauthorized disclosure.Data integrity: The assurance tha
6、t data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication.Availability se
7、rvice: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them).Chapter
8、2 Symmetric Encryptionand Message ConfidentialityANSWERS NSWERS TO QUESTIONS2.1 What are the essential ingredients of a symmetric cipher?Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm.2.2 What are the two basic functions used in encryption algorithms?Permutation and su
9、bstitution.2.3 How many keys are required for two people to communicate via a symmetric cipher?One secret key.2.4 What is the difference between a block cipher and a stream cipher?A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. A block cipher is one in which
10、 a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length.2.5 What are the two general approaches to attacking a cipher?Cryptanalysis and brute force.2.6 Why do some block cipher modes of operation only use encryption while others use both encryption and decr
11、yption?In some modes, the plaintext does not pass through the encryption function, but is XORed with the output of the encryption function. The math works out that for decryption in these cases, the encryption function must also be used.2.7 What is triple encryption?With triple encryption, a plainte
12、xt block is encrypted by passing it through an encryption algorithm; the result is then passed through the same encryption algorithm again; the result of the second encryption is passed through the same encryption algorithm a third time. Typically, the second stage uses the decryption algorithm rath
13、er than the encryption algorithm.2.8 Why is the middle portion of 3DES a decryption rather than an encryption?There is no cryptographic significance to the use of decryption for the secondstage. Its only advantage is that it allows users of 3DES to decrypt data encrypted by users of the older single
14、 DES by repeating the key.2.9 What is the difference between link and end-to-end encryption?With link encryption, each vulnerable communications link is equipped on both ends with an encryption device. With end-to-end encryption, the encryption process is carried out at the two end systems. The sour
15、ce host or terminal encrypts the data; the data in encrypted form are then transmitted unaltered across the network to the destination terminal or host.2.10 List ways in which secret keys can be distributed to two communicating parties.For two parties A and B, key distribution can be achieved in a n
16、umber of ways, as follows:(1)A can select a key and physically deliver it to B.(2)A third party can select the key and physically deliver it to A and B.(3)If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key.(4)If A and B each has an encrypted connection to a third party C, C can deliver a key on the encryp
