Q: What are the essential ingredients of a public-key directory? Q : What are the requirements for the use of a public-key certificate scheme? Q7: What is the purpose of the X.509 standard? Q8: What is a chain of certificates? 16.1 Provide a brief definition of network access control. 16.2 What is an EAP? 16.6 Define cloud computing. 16.5 What is the function of IEEE 802.1X? 16.7 List and briefly define three cloud service models. 16.8 What is the cloud computing reference architecture? 16.9 Describe some of the main cloud-specific security threats 17.2 What protocols comprise SSL? 17.2 What protocols comprise SSL? 17.4 List and briefly define the parameters that define an SSL session state. 17.5 List and briefly define the parameters that define an SSL session connection. 17.6 What services are provided by the SSL Record Protocol? 17.7 What steps are involved in the SSL Record Protocol transmission? 17.10 List and briefly define the SSH protocols. 17.2 What purpose does the MAC serve during the change cipher spec SSL exchange? 17.3 Consider the following threats to Web security and describe how each is countered by a particular feature of SSL. 17.5 For SSH packets, what is the advantage, if any, of not including the MAC in the scope of the packet encryption? 18.3 List and briefly define IEEE 802.11 services. 18.5 How is the concept of an association related to that of mobility? 18.7 Briefly describe the four IEEE 802.11i phases of operation. 18.2 Prior to the introduction of IEEE 802.11i, the security scheme for IEEE 802.11 was Wired Equivalent Privacy (WEP). WEP assumed all devices in the network share a secret key. The purpose of the authentication scenario is for the STA to prove that it possesses the secret key. Authentication proceeds as shown in Figure 18.12. The STA sends a message to the AP requesting authentication. The AP issues a challenge, which is a sequence of 128 random bytes sent as plaintext. The STA encrypts the challenge with the shared key and returns it to the AP. The AP decrypts the incoming value and compares it to the challenge that it sent. If there is a match, the AP confirms that authentication has succeeded. a. What are the benefits of this authentication scheme? b. This authentication scheme is incomplete. What is missing and why is this important? Hint: The addition of one or two messages would fix the problem. c. What is a cryptographic weakness of this scheme? 5.The plaintext IV is prepended to the ciphertext block to form the encapsulated MPDU for transmission. a. Draw a block diagram that illustrates the encapsulation process. b. Describe the steps at the receiver end to recover the plaintext and perform the integrity check. c. Draw a block diagram that illustrates part b. 19.1 What are the five principal services provided by PGP? 19.2 What is the utility of a detached signature? 19.5 Why is R64 conversion useful for an e-mail application? 19.6 How does PGP use the concept of trust? 19.8 What is MIME? 19.9 What is S/MIME? 19.4 As discussed in Appendix P, the first 16 bits of the message digest in a PGP signature are translated in the clear. This enables the recipient to determine if the correct public key was used to decrypt the message digest by comparing the plaintext copy of the first two octets with the first two octets of the decrypted digest. a. To what extent does this compromise the security of the hash algorithm? b. To what extent does it in fact perform its intended function, namely, to help determine if the correct RSA key was used to decrypt the digest? 19.6 What is the basic difference between X.509 and PGP in terms of key hierarchies and key trust? 19.8 Consider radix-64 conversion as a form of encryption. In this case, there is no key. But suppose that an opponent knew only that some form of substitution algorithm was being used to encrypt English text and did not guess that it was R64. How effective would this algorithm be against cryptanalysis? 19.9 Encode the text “plaintext” using the following techniques. Assume characters are stored in 8-bit ASCII with zero parity. a. Radix-64 b. Quoted-printable 20.1 Give examples of applications of IPsec. 20.2 What services are provided by IPsec? 20.3 What parameters identify an SA and what parameters characterize the nature of a particular SA? Security Associations (SA) are identified by the following three parameters: 1. Security Parameter Index 2. IP Destination Address 3. Security Protocol Identifier The following parameters characterize the nature of a particular SA: 20.4 What is the difference between transport mode and tunnel mode? 20.5 What is a replay attack? 20.7 What are the basic approaches to bundling SAs? 20.3 List the major security services provided by AH and ESP, respectively. 20.4 In discussing AH processing, it was mentioned that not all of the fields in an IP header are included in MAC calculation. a. For each of the fields in the IPv4 header, indicate whether the field is immutable, mutable but predictable, or mutable (zeroed prior to ICV calculation). b. Do the same for the IPv6 header. c. Do the same for the IPv6 extension headers. In each case, justify your decision for each field. 20.10 Where does IPsec reside in a protocol stack?