《网络安全系统技术英文习题集_网络安全系统技术》由会员分享,可在线阅读,更多相关《网络安全系统技术英文习题集_网络安全系统技术(36页珍藏版)》请在金锄头文库上搜索。
1、word网络安全技术英文习题集Chapter 1 IntroductionANSWERS NSWERS TO QUESTIONS1.1 What is the OSI security architecture?The OSI Security Architecture is a framework that provides a systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. The docu
2、ment defines security attacks, mechanisms, and services, and the relationships among these categories.1.2 What is the difference between passive and active security threats?Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, file transfers, and client/ser
3、ver exchanges are examples of transmissions that can be monitored. Active attacks include the modification of transmitted data and attempts to gain unauthorized access to puter systems.1.3 Lists and briefly define categories of passive and active security attacks?Passive attacks: release of message
4、contents and traffic analysis. Active attacks: masquerade, replay, modification of messages, and denial of service.1.4 Lists and briefly define categories of security service?Authentication: The assurance that the municating entity is the one that it claims to be. Access control: The prevention of u
5、nauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do).Data confidentiality: The protection of data from unauthorized disclosure.Data integrity: The assurance that
6、data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).Nonrepudiation: Provides protection against denial by one of the entities involved in a munication of having participated in all or part of the munication.Availability service: T
7、he property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them).Chapter2 Symmet
8、ric Encryptionand Message ConfidentialityANSWERS NSWERS TO QUESTIONS2.1 What are the essential ingredients of a symmetric cipher?Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm.2.2 What are the two basic functions used in encryption algorithms?Permutation and substituti
9、on.2.3 How many keys are required for two people to municate via a symmetric cipher?One secret key.2.4 What is the difference between a block cipher and a stream cipher?A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. A block cipher is one in which a block of
10、 plaintext is treated as a whole and used to produce a ciphertext block of equal length.2.5 What are the two general approaches to attacking a cipher?Cryptanalysis and brute force.2.6 Why do some block cipher modes of operation only use encryption while others use both encryption and decryption?In s
11、ome modes, the plaintext does not pass through the encryption function, but is XORed with the output of the encryption function. The math works out that for decryption in these cases, the encryption function must also be used.2.7 What is triple encryption?With triple encryption, a plaintext block is
12、 encrypted by passing it through an encryption algorithm; the result is then passed through the same encryption algorithm again; the result of the second encryption is passed through the same encryption algorithm a third time. Typically, the second stage uses the decryption algorithm rather than the
13、 encryption algorithm.2.8 Why is the middle portion of 3DES a decryption rather than an encryption?There is no cryptographic significance to the use of decryption for the secondstage. Its only advantage is that it allows users of 3DES to decrypt data encrypted by users of the older single DES by rep
14、eating the key.2.9 What is the difference between link and end-to-end encryption?With link encryption, each vulnerable munications link is equipped on both ends with an encryption device. With end-to-end encryption, the encryption process is carried out at the two end systems. The source host or ter
15、minal encrypts the data; the data in encrypted form are then transmitted unaltered across the network to the destination terminal or host.2.10 List ways in which secret keys can be distributed to two municating parties.For two parties A and B, key distribution can be achieved in a number of ways, as
16、 follows:(1)A can select a key and physically deliver it to B.(2)A third party can select the key and physically deliver it to A and B.(3)If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key.(4)If A and B each has an encrypted connection to a third party C, C can deliver a key on the encrypted links to A
