Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE

advertisement 
CUSTOMER_CODE
SMUDE
DIVISION_CODE
SMUDE
EVENT_CODE
OCTOBER15
ASSESSMENT_CODE MCA5042_OCTOBER15
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
12782
QUESTION_TEXT
Discuss Chinese Wall security policies.
SCHEME OF
EVALUATION
Chinese Wall Security Policies:
Definition: Brewer and Nash defined a security policy called the Chinese
Wall that reflects certain commercial needs for information access
protection. The security requirements reflect issues relevant to those
people in legal, medical, investment, or accounting firms who might be
subject to conflict of interest. (2 marks)
The security policy builds ion three levels of abstraction.
1.Objects: At lowest level are elementary objects, such as files. Each file
contains information concerning only one company.(2 marks)
2.Company Groups: At the next level, all objects concerning a particular
company are grouped together.(2 marks)
3.Conflict classes: At the highest level, all groups of objects are
competing companies are clustered. (2 marks)
The Chinese Wall is a commercially inspired confidentiality policy. It is
unlike most other commercial policies, which focus on integrity. As a
subject accesses some objects, other objects that would previously have
been accessible are subsequently denied. (2 marks)
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
12783
QUESTION_TEXT
Explain SET features and components.
SCHEME OF
EVALUATION
SET incorporates important features needed for secure credit card
transaction over the Internet:
*Confidentiality of information: Cardholder account and payment
information is secured as it traverses across the network. DES is used to
provide confidentiality.
*Integrity of Data: Payment information sent from cardholders to
merchants includes order information, personal data, and payment
instructions. SET guarantees that these message contents are not altered
in transit. RSA digital signatures, using SHA-1 hash codes, sometimes
HMAC, using SHA-1.
*Cardholder account authentication: SET enables merchants to verify
that a cardholder is legitimate user of a valid card account number. SET
uses digital certificates with RSA signatures for this purpose.
*Merchant Authentication: SET enables cardholders to verify that a
merchant has a relationship with a financial institution allowing it to
accept payment cards. SET uses Digital certificates with RSA signatures
for this purpose.
(1 mark each=4 marks)
Components:
*Cardholder: A cardholder is an authorized holder of a payment card
that has been issued by issuer.
*Merchant: A merchant is a person or organization with goods or
services to sell to the cardholder.
*Issuer: This is a financial institution such as bank that provides the
cardholder with the payment card.
*Acquirer: This is a financial institution that establishes an account with
a merchant and processes payment card authorization and payments.
*Payment Gateway: This is a function operated by the acquirer or a
designated third party that processes merchant payment messages.
*Certificate Authority: This is an entity that is trusted to issue X.509v3
public key certificates for cardholders, merchants, and payment
gateways.(1 mark each= 6 marks)
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
12787
QUESTION_TEXT
Discuss three important aspects of security services.
SCHEME OF
EVALUATION
Information security is concerned with the confidentiality, integrity and
availability of data.
(1 mark)
Confidentiality: only the authorized parties are given access like reading,
viewing, printing etc., to the computer related assert. It is also called as
secrecy or privacy. Ensuring confidentiality can be difficult.(2 marks)
Integrity: only the authorized parties can modify the computer related
assert in authorized ways. Modification includes writing, changing,
changing status, deleting and creating. Integrity is much harder to pin
down.(2 marks)
Availability: it means that assets are accessible to authorized parties at
appropriate times. If some person or system has legitimate access to
particular set of objects, that access should not be prevented. Availability
applies both to data and to services, and it is similarly complex.
(3 marks)
A challenge is to build a secure system by having the right balance
among the three goals. It is easy to preserve a particular object’s
confidentiality in a secure system, simply by preventing everyone from
reading that object. However this system is not secure, because it does
not meet the requirement of availability for proper access.
(2 marks)
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
72791
QUESTION_TEXT
Explain how cryptanalyst uses different information to break the
cipher?
SCHEME OF
EVALUATION
a. Ciphertext only: The cryptanalyst decrypt messages based on
probabilities, distributions, and characteristics of the available
ciphertext, plus publicly available knowledge.
b. Full or partial plaintext: the analyst may be fortunate to have a
sample message and its decipherment. In these cases, the analyst can
use what is called a probable plaintext analysis. After doing part of the
decryption, the analyst may find places where the known message fits
with the deciphered parts, thereby giving more clues about the total
translation.
c. Ciphertext of any plaintext: the analyst might have infiltrated the
sender’s transmission process so as to be able to cause messages to be
encrypted and sent at will. This attack is called a chosen plaintext
attack. For instance, the analyst may be able to insert records into a
database and observe the change in statistics after the insertions.
Linear programming some times enables such an analyst to infer data
that should be kept confidential in the database. This attack is very
favorable to the analyst.
d. Algorithm and Ciphertext: the analyst may have both the
encryption algorithm and the ciphertext. In a chosen plaintext attack,
the analyst can run the algorithm on massive amounts of plaintext to
find one plaintext message that encrypt as the ciphertext. This
approach fails if two or more distinct keys can produce the same
ciphertext as the result of encrypting meaningful plaintext.
e. Ciphertext and Plaintext: the cryptanalyst may lucky enough to
have some pairs of plaintext and matching ciphertext. Then, the game is
to deduce the key by which those pairs were encrypted so that the
same key can be used in cases in which the analyst has only the
ciphertext. (2 marks each)
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
72795
QUESTION_TEXT
Write a note on
i. Cryptographic Hash function
ii.
Digital Signature
Short note on:
SCHEME OF EVALUATION i. Cryptographic Hash function
ii. Digital Signature
5 marks
5 marks
QUESTION_TYPE
DESCRIPTIVE_QUESTION
QUESTION_ID
118693
QUESTION_TEXT
Give the advantages and disadvantages of different types of
Encryption System.
Ans:
Stream Encryption system:
Advantages:
1.
Speed of transformation–1M
2.
Low error propagation–1M
Disadvantages:
SCHEME OF
EVALUATION
1.
Susceptibility to malicious insertions and modifications–2M
2.
Low diffusion–2M
Block Encryption Algorithms advantages:
1.
High diffusion–1M
2.
Immunity to insertion of symbols–1M
Disadvantages:
1.
Slowness of encryption–1M
2.
Error Propagation–1M
Related documents
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
midterm questions
midterm questions
BT0088A02
BT0088A02
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
Homework
Homework
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
Example Biological Level of Analysis Test
Example Biological Level of Analysis Test
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
Explain how human activities on a floodplain can increase the
Explain how human activities on a floodplain can increase the
Download
advertisement