Problem Session CMPE-552 Database and File Security,
7.01.2014
1. What is XML encryption?
2. What is XML signature?
3. Kerberos: What is Kerberos realm?
4. Kerberos: How Kerberos can be generalized to Kerberos realms?
5. Kerberos: What assumptions are used in implementation of Kerberos realms
interoperation?
6. Kerberos: Why, in description of Figure 14.2, timestamp TS5 is not shown?
7. X.509: How many versions are known and what are the differences between
them?
8. X.509: What is certificate authority?
9. X.509: What is certificate?
10. X.509: What for X.509 is intended?
11. X.509: Why unique subject identifier may be useful?
12. X.509: What is digital signature?
13. X.509: What notation in X.509 is used to specify digital signature?
14. X.509: What notation is used in X.509 to specify certificate?
15. X.509: What is the difference between signature algorithm identifier and
signature?
16. X.509: Why no party other than the CA can modify the certificate without this
being detected?
17. X.509: What are assumptions about X.509 directory?
18. X.509: What is the problem in establishing trusted communications between
users?
19. X.509: What is certificate path?
20. X.509: How can certificate paths be used to establish trusted communication?
21. X.509: What is CA hierarchy? What are the elements of it and their intention?
How CA hierarchy can be used to establish trusted communication?
22. X.509: How time can be saved for establishing of two way secure
communication? What should contain initial message of initiating party?
23. X.509: What are the reasons for certificate revocation?
24. X.509: What is CRL?
25. X.509: What is the use of Next update date?
26. X.509: What kinds of password protection can be used in simple authentication
procedures?
27. X.509: What parts might have a nonce and what for they are intended?
28. X.509: What information is conveyed in open and what in close in one-way
strong authentication procedure?
29. X.509: What is the use of timestamps in three-way strong authentication
procedure?
30. X.509: What is the problem with three-way strong authentication procedure?
What is the remedy to it?
31. X.509: What is the use of criticality indicator in version 3?
32. X.509: What are the possible uses of keys?
33. X.509: What is key agreement?
34. X.509: What is Diffie-Hellman key exchange?
35. X.509: What is a primitive root?
36. OTP: What is the need for OTP schemes?
37. OTP: What is hash function chain?
38. OTP: Why only limited number of authentications is allowed by OTP schemes?
39. OTP: What is small number attack?
40. OTP: Who is authenticated to whom in Lamport’s OTP scheme?
41. OTP: What serves as one-time password of a client? Of a server?
42. OTP: Why server side password compromise is allowed?
43. MD5: What are restrictions on input message length?
44. MD5: What is the output length?
45. MD5: What is the general idea of MD5 hashing?
46. MD5: How initial message is partitioned for MD5 processing?
47. MD5: How many inputs-outputs HMD5 has?
48. MD5: How initialization of MD5 made?
49. MD5: What number is represented by A0 C1 if big- and little-endian assumptions
are used?
50. MD5: How many rounds HMD5 has?
51. MD5: What are the inputs to HMD5 rounds?
52. MD5: What is the difference between HMD5 rounds?
53. MD5: What are arrays T and X?
54. MD5: What is the use of additions modulo 232 in HMD5?
55. MD5: How Boolean functions defined by Table 12.1 are applied to 32-bit words?
56. MD5: What is the range of numbers in T? Why?
57. MD5: Get analytical representation of the function I in Table 12.1
58. MD5: Show that  3 is actually a permutation
59. DBControl: How can be limited privileges propagation?
60. DBControl: What is Bell-LaPadula model?
61. DBControl: What is *-property?
62. DBControl: How database schema is extended to comply with multilevel security
model?
63. DBControl: How TC value is calculated?
64. DBControl: What is apparent key?
65. DBControl: What are restrictions on apparent key?
66. DBControl: Why poly-instantiation may be required?
67. DBControl: What is filtering?
68. DBControl: What covert channel is? Examples in databases?