Student Name:__________________________Student ID#______ University of Windsor Department of Electrical and Computer Engineering ECE 88-558: Network Security Final Examination - August 17, 2016 CLOSED BOOK, CLOSED NOTES, TIME: 2:00 Hours, TOTAL MARKS: 50 1. This is a closed book, closed notes no crib sheet, 2:00 hours final exam having a total 50 points towards your final course grade. 2. Do not open the question sheets until the exam begins. Read all the instructions first. 3. Write your name and student ID on the top of this answer sheet. 4. This exam contains 6 problems. Attempt all the problems. Write your answer to each question immediately below it. Use back of each sheet if needed. 5. Please read all questions once, and clarify any questions you may have first. No questions will be answered after 10 minutes into the exam time. 6. Do not put part of the answer to one problem in pages apart in a way to be difficult for grading. Note that additional booklets will be supplied reluctantly. 7. Be neat and write legibly. You will be graded not only on the correctness of your answer, but also on the clarity with which you express it. 8. No calculator is allowed to be used. No programmable devices including tablets are permitted. 9. No cell phones and/or other information devices are allowed to be used during the exam and in the exam room. 10. If you choose to leave the examination room unaccompanied, you are not permitted to return. 11. By signing the attendance sheet, you affirm that the work on this exam is represents your sole efforts and that you have complied with the academic code of conduct and exam policies set forth by the faculty of engineering. S. Erfani – 88-558 Page 1 ( ), ( ) for ( ) = Problem 1. [ 8 points] (a) Find + + + + + + 1 and ( ) = + + +1. b) What is representations of ( ) and ( ) as bytes in (2 ) ? c) What is ( ) ( )? d) Show that the multiplicative inverse of ( + + 1) is using modular arithmetic ( + S. Erfani – 88-558 + + + 1) . [Please show all your calculations clearly.] Page 2 Problem 2. [7 points] In a quantum key distribution protocol BB84, Alice chooses a rectilinear basis, use " ↑ 1" and " → 0", and generate a one-time pad using a random-number generator, and transmits it qubit-by-qubit. Bob after communicating the basis used with Alice, he detects the “Detection Results” as shown in the diagram. a) Mark the right compatibility with √ and the wrong compatibility with × in the diagram. Explain your deduction. b) What is Alice and Bob’s shared sifted key? Fill it out in the given diagram. Explain your result. S. Erfani – 88-558 Page 3 Problem 3. [7 points] The elliptic curve modulo , denoted by , is the set of solutions ( , ) satisfying ≡ + + + ( ). Find all solutions to the following elliptic curve. How many solutions points are there? : S. Erfani – 88-558 ≡ +1 ( 5) Page 4 Problem 4. [10 points] Steps of a communication process are shown in the following diagram. a) What are the function and purpose of this protocol? b) Describe the function of each message noted in the diagram. c) Briefly explain the data fields of each message. Label and describe the function of unlabeled boxes in this diagram. d) What are the drawbacks in this process, if any? S. Erfani – 88-558 Page 5 Problem 5. Pick up and mark the write answer. [8 points] 1. A abelian group is a group for which the following axiom holds: a. Distributive law b. Permutation property c. Commutative law d. Cyclic subgroup. 2. The SNMPv3 for security services uses a User Security Model (USM) which provides the following securities: a. Authentication b. Privacy c. Timeliness and data integrity d. Items (a) and (c) e. All of the above 3. To obtain a certificate, a user must contact whom? a. The Internet Engineering Task Force, via a X.509 request. b. A Certificate Authority (CA) c. The Internet Service Provider (ISP) d. A Key Distribution Center (KDC) 4. A “ zero polynomial” has no terms at all and its degree is considered to be: a. Zero b. Undefined c. Negative infinity d. Items (b) and (c) e. All of the above S. Erfani – 88-558 Page 6 5. What is the main difference(s) between SET and SSL? a. SSL is not secure against breaking of any one form of encryption. b. SET is a payment protocol. c. SET requires all parties to have certificates d. SSL is a secure message protocol, not a payment protocol. e. All a, b and c above f. Items b, c and d above 6. Which of the following is associated with NAT? a. Switches b. SNMP c. Routers and firewalls d. Hubs 7. The following types of certificates are used in a Public-Key Infrastructure(PKI): a. No particular type is specified b. S/MIME c. X.509 d. SSL and SET e. Items (b), (c), (d) f. Items (b) and (c) 8. IPSec uses ___________ to implement data confidentiality a. Proprietary protocols b. Tunneling c. EAPOL d. IKE 9. An X.509v3 certificate has the following properties: a. It is used in conjunction with PKI platform. b. It does not allow for inclusion of extra information. c. It can be used with most network security protocols such as IPSec, SET, and SSL. d. It is an IETF standard for the use in the Internet. e. Items (a) and (c) only f. All of the above 10. What is Diffie-Hellman most commonly used for? a. Symmetric encryption key exchange b. Signing digital contracts c. Securing e-mail d. Storing encrypted passwords S. Erfani – 88-558 Page 7 11. A digital signature requires what types of encryption? a. Hashing and asymmetric b. Asymmetric and symmetric c. Hashing and symmetric d. ECC and asymmetric 12. What is the meaning of the following collection of cryptographic entities? TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA a. Means the corresponding security system supports many different ciphers b. This is used in SET environment to provide security c. This is an example of Handshake protocol d. This defines a cipher suite for a SSL session. e. Record Protocol in SSL. 13. What is the purpose of Inform command in SNMPv2? a. It is used to notify a trap. b. It is used for bulk data to exchange. c. It is used to construct multiple management cooperation in a large network. d. It is not part of SNMPv2 commands set. 14. Which of the following indicates the characteristics of a dual signature? a. It is intended for one particular recipient. b. It uses three message digests. c. It is used in SET. d. It is signed by the public key of the recipient key. e. Items (b) and (c). f. All of the above. 15. A State used in AES is a data block made of 16 bytes, but normally is treated as: a. A column vector b. A row vector. c. A matrix of 4 X 4 bytes. d. A data block of 128 bits. 16. SSL is a general protocol that … a. Provides security at transport layer. b. Subsequently became TLS. c. Is application independent. d. All of the above e. Only items (a) and (b) S. Erfani – 88-558 Page 8 Problem 6. Indicate false (F) or True (T) [10 points] 1. The AES is a non-Feistel cipher that encrypts and decrypts a data block of 32 bits. 2. It can be shown that ( ) = (1 − ) if and only if = when is prime. 3. Kerberos versions 4 and 5 provide complete authentication protocols based on the 3rd party authentication service. ( ) for given positive 4. From an algebraic perspective, there are many and prime number . 5. Addition in a “round” operation of AES is the same as XORing of 8-bit words.. 6. The result of the addition operation ( + + 1)⨁( + + 1) is ( + + 1) . 7. The integer value − is not necessarily divisible by 8 for every positive integer n. 8. SNMP is a transport layer protocol that is part of the TCP/IP protocol suite. 9. A “quantum state” is a measurement of position, momentum, spin, and polarization of photons, where polarization is used to represent a 0 or 1. 10. A “three-way authentication” scheme relies on the “nonce” and enables authentication with or without synchronized clocks. S. Erfani – 88-558 Page 9