The exam is open notes, open book, and open Internet. You have only one attempt of 90 minutes to complete the exam once you begin. The Exam will save and submit automatically when time expires. • • • • Questions 1-15 - True/False Questions - 22.5% (each question is 1.5 point) Questions 16-30 - Multiple Choice Questions - 22.5% (each question is 1.5 point) Questions 31-42 - Short Answer/Fill in Blank Questions - 30% (each question is 2.5 point) Questions 43 (10 point) & 45 (15 point) - Essay Questions - 25% Sample Questions True/False With the introduction of the computer the need for automated tools for protecting files and other information stored on the computer became evident. There are clear boundaries between network security and internet security. The CIA triad embodies the fundamental security objectives for both data and for information and computing services. In developing a particular security mechanism or algorithm one must always consider potential attacks on those security features. A loss of confidentiality is the unauthorized modification or destruction of information. Patient allergy information is an example of an asset with a moderate requirement for integrity. AES uses a Feistel structure. The Feistel structure is a particular example of the more general structure used by all symmetric block ciphers. The essence of a symmetric block cipher is that a single round offers inadequate security but that multiple rounds offer increasing security. In the ECB mode of encryption if an attacker reorders the blocks of ciphertext then each block will still decrypt successfully, however, the reordering may alter the meaning of the overall data sequence. ……....... Multiple Choice __________ is a procedure that allows communicating parties to verify that received messages are authentic. Message authentication ECB Passive attack Encryption Public key cryptography is __________ . asymmetric symmetric bit patterned one key The most important hash function is ________ . SHA MAC OWH ECB A symmetric encryption scheme has _________ ingredients five three six four A symmetric block cipher processes _________ of data at a time. one block two blocks four blocks three blocks The _________ key size is used with the Data Encryption Standard algorithm. 56 bit 128 bit 168 bit 32 bit .................. Fill in the Blanks __________ prevents either sender or receiver from denying a transmitted message; when a message is sent the receiver can prove that the alleged sender in fact sent the message and when a message is received the sender can prove that the alleged receiver in fact received the message. A __________ attack attempts to learn or make use of information from the system but does not affect system resources. In the context of network security, _________ is the ability to limit and control the access to host systems and applications via communications links. __________ prevents either sender or receiver from denying a transmitted message; when a message is sent the receiver can prove that the alleged sender in fact sent the message and when a message is received the sender can prove that the alleged receiver in fact received the message. __________ is a stream cipher used in the Secure Sockets Layer/Transport Layer Security standards that have been defined for communication between Web browsers and servers and is also used in WEP and WPA protocols. The _________ algorithm takes the ciphertext and the same secret key and produces the original plaintext. A _________ cipher processes the plaintext input in fixed sized blocks and produces a block of ciphertext of equal size for each plaintext block. The three most important symmetric block ciphers are: triple DES (3DES), the Advanced Encryption Standard (AES), and the ___________ . The _________ was developed by NIST and published as a federal information processing standard in 1993. A _________ is when two sides cooperate to exchange a session key. Like the MAC, a __________ accepts a variable size message M as input and produces a fixed size message digest H(M) as output. Unlike the MAC, it does not take a secret key as input. The __________ algorithm accepts the ciphertext and the matching key and produces the original plaintext Essay: Sensor X periodically sends a 32-octet measurement to a receiver Y (1 octet = 8 bits). One day the administrator decides that X should protect the measurement data by adding a MAC obtained using DES in CBC mode (in the standard way). How many octets does X now send for each measurement? Explain your answer. Answer: Omitted. Consider Alice sending Bob a cipher message C1 with plaintext M1. Message is encrypted using AES in Counter mode (CRT Mode), i.e., Kj = E(K, Tj) Cj = Mj ⊕ Kj where 'K' is the encryption key, 'Tj' is a counter (nonce) corresponding to block j, 'Mj' is the plaintext block j, and 'Cj' is the ciphertext corresponding to 'Mj'. a. An adversary Charlie can intercept and change messages. Assume Charlie somehow knows plaintext M1 for a particular ciphered message m = C1. Explain how he can modify the message as M1’ to fool Bob (Bob receives C1’ as the ciphertext of M1’). Answer: C1 ⊕ M1 ⊕ M1’ = M1 ⊕ K1 ⊕ M1 ⊕ M1’ = K1 ⊕ M1’. (Need to explain to earn credits) b. Are there any way to prevent Charlie from doing this? Answer: Omitted. Think by yourself.