CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
advertisement
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE EVENT_CODE OCTOBER15 ASSESSMENT_CODE MIT4022_OCTOBER15 QUESTION_TYPE DESCRIPTIVE_QUESTION QUESTION_ID 12782 QUESTION_TEXT Discuss Chinese Wall security policies. SCHEME OF EVALUATION Chinese Wall Security Policies: Definition: Brewer and Nash defined a security policy called the Chinese Wall that reflects certain commercial needs for information access protection. The security requirements reflect issues relevant to those people in legal, medical, investment, or accounting firms who might be subject to conflict of interest. (2 marks) The security policy builds ion three levels of abstraction. 1.Objects: At lowest level are elementary objects, such as files. Each file contains information concerning only one company.(2 marks) 2.Company Groups: At the next level, all objects concerning a particular company are grouped together.(2 marks) 3.Conflict classes: At the highest level, all groups of objects are competing companies are clustered. (2 marks) The Chinese Wall is a commercially inspired confidentiality policy. It is unlike most other commercial policies, which focus on integrity. As a subject accesses some objects, other objects that would previously have been accessible are subsequently denied. (2 marks) QUESTION_TYPE DESCRIPTIVE_QUESTION QUESTION_ID 12783 QUESTION_TEXT Explain SET features and components. SCHEME OF EVALUATION SET incorporates important features needed for secure credit card transaction over the Internet: *Confidentiality of information: Cardholder account and payment information is secured as it traverses across the network. DES is used to provide confidentiality. *Integrity of Data: Payment information sent from cardholders to merchants includes order information, personal data, and payment instructions. SET guarantees that these message contents are not altered in transit. RSA digital signatures, using SHA-1 hash codes, sometimes HMAC, using SHA-1. *Cardholder account authentication: SET enables merchants to verify that a cardholder is legitimate user of a valid card account number. SET uses digital certificates with RSA signatures for this purpose. *Merchant Authentication: SET enables cardholders to verify that a merchant has a relationship with a financial institution allowing it to accept payment cards. SET uses Digital certificates with RSA signatures for this purpose. (1 mark each=4 marks) Components: *Cardholder: A cardholder is an authorized holder of a payment card that has been issued by issuer. *Merchant: A merchant is a person or organization with goods or services to sell to the cardholder. *Issuer: This is a financial institution such as bank that provides the cardholder with the payment card. *Acquirer: This is a financial institution that establishes an account with a merchant and processes payment card authorization and payments. *Payment Gateway: This is a function operated by the acquirer or a designated third party that processes merchant payment messages. *Certificate Authority: This is an entity that is trusted to issue X.509v3 public key certificates for cardholders, merchants, and payment gateways.(1 mark each= 6 marks) QUESTION_TYPE DESCRIPTIVE_QUESTION QUESTION_ID 72791 QUESTION_TEXT Explain how cryptanalyst uses different information to break the cipher? SCHEME OF EVALUATION a. Ciphertext only: The cryptanalyst decrypt messages based on probabilities, distributions, and characteristics of the available ciphertext, plus publicly available knowledge. b. Full or partial plaintext: the analyst may be fortunate to have a sample message and its decipherment. In these cases, the analyst can use what is called a probable plaintext analysis. After doing part of the decryption, the analyst may find places where the known message fits with the deciphered parts, thereby giving more clues about the total translation. c. Ciphertext of any plaintext: the analyst might have infiltrated the sender’s transmission process so as to be able to cause messages to be encrypted and sent at will. This attack is called a chosen plaintext attack. For instance, the analyst may be able to insert records into a database and observe the change in statistics after the insertions. Linear programming some times enables such an analyst to infer data that should be kept confidential in the database. This attack is very favorable to the analyst. d. Algorithm and Ciphertext: the analyst may have both the encryption algorithm and the ciphertext. In a chosen plaintext attack, the analyst can run the algorithm on massive amounts of plaintext to find one plaintext message that encrypt as the ciphertext. This approach fails if two or more distinct keys can produce the same ciphertext as the result of encrypting meaningful plaintext. e. Ciphertext and Plaintext: the cryptanalyst may lucky enough to have some pairs of plaintext and matching ciphertext. Then, the game is to deduce the key by which those pairs were encrypted so that the same key can be used in cases in which the analyst has only the ciphertext. (2 marks each) QUESTION_TYPE DESCRIPTIVE_QUESTION QUESTION_ID 118693 QUESTION_TEXT Give the advantages and disadvantages of different types of Encryption System. Ans: Stream Encryption system: Advantages: 1. Speed of transformation–1M 2. Low error propagation–1M Disadvantages: SCHEME OF EVALUATION 1. Susceptibility to malicious insertions and modifications–2M 2. Low diffusion–2M Block Encryption Algorithms advantages: 1. High diffusion–1M 2. Immunity to insertion of symbols–1M Disadvantages: 1. Slowness of encryption–1M 2. Error Propagation–1M QUESTION_TYPE DESCRIPTIVE_QUESTION QUESTION_ID 118695 QUESTION_TEXT Explain the different fields of AH and ESP. Ans: The fields of AH are–5M 1. Next header 2. Payload length 3. Reserved Field 4. SPI field 5. Sequence number 6. The authentication data SCHEME OF EVALUATION The field of ESP are–5M 1. Security Association Identifier 2. Sequence number 3. Payload data 4. Padding 5. Pad length 6. Next header 7. Authentication data QUESTION_TYPE DESCRIPTIVE_QUESTION QUESTION_ID 118697 QUESTION_TEXT Write a short note on IPSec architecture. Ans: It provides a set of security services which includes access control, connectionless integrity, data origin authentication, rejection of replayed packets, confidentiality. These services are provided at the IP layer. They can be used by any higher layer protocols. SCHEME OF EVALUATION These security services are met through the use of two traffic security protocols; the AH and the ESP, and through the use of cryptographic key management procedures and protocols. The set of IPSec protocols employed in any context, and the ways in which they are employed, will be determined by the security and the system requirements of users, applications, and/or organizations. 4M When these mechanisms are correctly implemented and deployed, they will not affect the other parts of the implementation such as hosts, and other internet components that do not employ these security mechanisms for protection of their traffic. These mechanisms are also providing modularity which permits selection of different set of algorithms without affecting the other parts of the implementation. So we can say these mechanisms are algorithm–independent. For example, different user communities may select different set of algorithms. 4M A standard set of default algorithms in conjunction with IPSec traffic protection and key management protocols, is intended to permit system and application developers to deploy high quality, internet layer, cryptographic security technology. 2M
