6S0002- Network Secur|ty

Dharmendra G. Bhatti
dgbhatti@utu.ac.in Page1
Module-1
Short Cuestlon
1. What ls the CSl securlty archltecture?
2. What ls the dlllerence between passlve and actlve securlty threats?
3. Llst and brlelly dellne categorles ol passlve and actlve securlty attacks.
4. Llst and brlelly dellne categorles ol securlty servlces.
3. Llst and brlelly dellne categorles ol securlty mechanlsms.
6. What are the essentlal lngredlents ol a symmetrlc clpher?
7. What are the two baslc lunctlons used ln encryptlon algorlthms?
8. Pow many keys are requlred lor two people to communlcate vla a symmetrlc clpher?
9. What ls the dlllerence between a block clpher and a stream clpher?
10. What are the two general approaches to attacklng a clpher?
11. Why do some block clpher modes ol operatlon only use encryptlon whlle others use both
encryptlon and decryptlon?
12. What ls trlple encryptlon?
13. Why ls the mlddle portlon ol 3uLS a decryptlon rather than an encryptlon?
14.
Long Cuestlon
1. Conslder an automated teller machlne (A1M) ln whlch users provlde a personal
ldentlllcatlon number (ln) and a card lor account access. Clve examples ol
conlldentlallty, lntegrlty, and avallablllty requlrements assoclated wlth the system. ln
each case, lndlcate the degree ol lmportance ol the requlrement.
2. 8epeat roblem 1.1 lor a telephone swltchlng system that routes calls through a
swltchlng network based on the telephone number requested by the caller.
3. Conslder a desktop publlshlng system used to produce documents lor varlous
organlzatlons.
a. Clve an example ol a type ol publlcatlon lor whlch conlldentlallty ol the stored data ls
the most lmportant requlrement.
b. Clve an example ol a type ol publlcatlon ln whlch data lntegrlty ls the most lmportant
requlrement.
c. Clve an example ln whlch system avallablllty ls the most lmportant requlrement.
4. lor each ol the lollowlng assets, asslgn a low, moderate, or hlgh lmpact level lor the loss
ol conlldentlallty, avallablllty, and lntegrlty, respectlvely. !ustlly your answers.
a. An organlzatlon managlng publlc lnlormatlon on lts Web server.
b. A law-enlorcement organlzatlon managlng extremely sensltlve lnvestlgatlve
lnlormatlon.
c. A llnanclal organlzatlon managlng routlne admlnlstratlve lnlormatlon (not prlvacy-
related lnlormatlon).
d. An lnlormatlon system used lor large acqulsltlons ln a contractlng organlzatlon that
contalns both sensltlve, pre-sollcltatlon phase contract lnlormatlon and routlne
6S0002- Network Secur|ty

Dharmendra G. Bhatti
dgbhatti@utu.ac.in Page2
admlnlstratlve lnlormatlon. Assess the lmpact lor the two data sets separately and the
lnlormatlon system as a whole.
e. A power plant contalns a SCAuA (supervlsory control and data acqulsltlon) system
controlllng the dlstrlbutlon ol electrlc power lor a large mllltary lnstallatlon. 1he SCAuA
system contalns both real-tlme sensor data and routlne admlnlstratlve lnlormatlon.
Assess the lmpact lor the two data sets separately and the lnlormatlon system as a
whole.
3. uraw a matrlx that shows the relatlonshlp between securlty servlces and attacks.
6. uraw a matrlx that shows the relatlonshlp between securlty mechanlsms and attacks.
7. 1hls problem uses a real-world example ol a symmetrlc clpher, lrom an old u.S. Speclal
lorces manual (publlc domaln).1he document, lllename Speclallorces.pdl, ls avallable at
thls book's Web slte.
a. uslng the two keys (memory words) cryptographlc and network securlty, encrypt
the lollowlng message:
8e at the thlrd plllar lrom the lelt outslde the lyceum theatre tonlght at seven. ll
you are dlstrustlul brlng two lrlends.
Make reasonable assumptlons about how to treat redundant letters and excess letters
ln the memory words and how to treat spaces and punctuatlon. lndlcate what your
assumptlons are. note: 1he message ls lrom the Sherlock Polmes novel, 1he Slgn ol
lour.
b. uecrypt the clphertext. Show your work.
c. Comment on when lt would be approprlate to use thls technlque and what lts
advantages are.
8. Show that lelstel decryptlon ls the lnverse ol lelstel encryptlon.
9. Conslder a lelstel clpher composed ol 16 rounds wlth block length 128 blts and key
length 128 blts. Suppose that, lor a glven k, the key schedullng algorlthm determlnes
values lor the llrst elght round keys, k1, k2, . . ., k8, and then sets
k9 = k8, k10 = k7, k11 = k6, . . ., k16 = k1
Suppose you have a clphertext c. Lxplaln how, wlth access to an encryptlon oracle, you
can decrypt c and determlne m uslng [ust a slngle oracle query.1hls shows that such a
clpher ls vulnerable to a chosen plalntext attack. (An encryptlon oracle can be thought
ol as a devlce that, when glven a plalntext, returns the correspondlng clphertext.1he
lnternal detalls ol the devlce are not known to you, and you cannot break open the
devlce. ?ou can only galn lnlormatlon lrom the oracle by maklng querles to lt and
observlng lts responses.)
10. What 8C4 key value wlll leave S unchanged durlng lnltlallzatlon? 1hat ls, alter the lnltlal
permutatlon ol S, the entrles ol S wlll be equal to the values lrom 0 through 233 ln
ascendlng order.
11. ls lt posslble to perlorm encryptlon operatlons ln parallel on multlple blocks ol plalntext
ln C8C mode? Pow about decryptlon?
12. Suppose an error occurs ln a block ol clphertext on transmlsslon uslng C8C.What ellect
ls produced on the recovered plalntext blocks?
13.
6S0002- Network Secur|ty

Dharmendra G. Bhatti
dgbhatti@utu.ac.in Page3
Multlple Cholce Cuestlons
1.
a)
1rue lALSL
1. Securlty ls not as slmple as lt mlght llrst appear to the novlce.
2. ln developlng a partlcular securlty mechanlsm or algorlthm, one must nC1 conslder
potentlal attacks on those securlty leatures.
3. Pavlng deslgned varlous securlty mechanlsms, lt ls necessary to declde where to use
them.
4. Securlty mechanlsms typlcally lnvolve more than a partlcular algorlthm or protocol.
3. Computer and network securlty ls essentlally a battle ol wlts between a perpetrator
who trles to llnd holes and the deslgner or admlnlstrator who trles to close them.
6. 1here ls a natural tendency on the part ol users and system managers to percelve llttle
benellt lrom securlty lnvestment belore a securlty lallure occurs.
7. Securlty does not requlre regular monltorlng.
8. Securlty ls stlll too olten an alterthought to be lncorporated lnto a system alter the
deslgn ls complete rather than belng an lntegral part ol the deslgn process.
9. Attack ls a potentlal lor vlolatlon ol securlty, whlch exlsts when there ls a clrcumstance,
capablllty, actlon, or event that could breach securlty and cause harm. 1hat ls, a threat ls
a posslble danger that mlght explolt vulnerablllty.
10. 1hreat ls an assault on system securlty that derlves lrom an lntelllgent threat. 1hat ls, an
lntelllgent act that ls a dellberate attempt (especlally ln the sense ol a method or
technlque) to evade securlty servlces and vlolate the securlty pollcy ol a system.
11.
llll ln the blanks:
1. 1he generlc name lor the collectlon ol tools deslgned to protect data and to thwart
hackers ls _____________.
2. ________________ assures that prlvate or conlldentlal lnlormatlon ls not made
avallable or dlsclosed to unauthorlzed lndlvlduals.
3. ____________ assures that lndlvlduals control or lnlluence what lnlormatlon related to
them may be collected and stored and by whom and to whom that lnlormatlon may be
dlsclosed.
4. _______________ assures that lnlormatlon and programs are changed only ln a
specllled and authorlzed manner.
3. _______________ assures that a system perlorms lts lntended lunctlon ln an
unlmpalred manner, lree lrom dellberate or lnadvertent unauthorlzed manlpulatlon ol
the system.
6. ____________ assures that systems work promptly and servlce ls not denled to
authorlzed users.
7. reservlng authorlzed restrlctlons on lnlormatlon access and dlsclosure, lncludlng
means lor protectlng personal prlvacy and proprletary lnlormatlon ls known as
____________ .
6S0002- Network Secur|ty

Dharmendra G. Bhatti
dgbhatti@utu.ac.in Page4
8. Cuardlng agalnst lmproper lnlormatlon modlllcatlon or destructlon, lncludlng ensurlng
lnlormatlon non-repudlatlon and authentlclty ls known as ______________ .
9. Lnsurlng tlmely and rellable access to and use ol lnlormatlon ls known as
_____________ .
10. _____________ ls verllylng the users who they say they are
11.