Chapter 7 Reading Questions Student Name: ____________________________________ Read pages 272-284 in order to answer the following questions Q.1. As mentioned in the introduction of Digital Certificates (p. 273-274), in Public key-based authentication the verifier (usually a server) uses the applicants’ (i.e. the clients’ or true parties’) Public keys to decrypt Digital Signatures (DS) (see Figure 7-13 for illustration). But verifiers cannot rely on the applicants to provide them with their Public key because some applicants’ could be imposters. If verifiers rely on applicants to get applicants’ Public keys and use them to authenticate the messages they receive from the applicants there might be disastrous consequences and financial lost. Read the message-by-message authentication process illustrated in Figure 7-13 and tell which of the following could be a reason why imposters could easily mislead verifiers if the verifiers rely on applicants. a) Given the fact that the applicants’ digital signatures (DS) are created by encrypting the Hash of the Plaintext using the senders’ Public key, the verifiers would decrypt the digital signatures (DS) they receive from imposters using the imposters’ Public key and get message digests (MD) that could lead to (false) positive authentications of the imposters’ messages. b) Given the fact that the applicants’ digital signatures (DS) are created by encrypting the Hash of the Plaintext using the senders’ Private key, the verifiers would decrypt the digital signatures (DS) they receive from imposters using the imposters’ Public key and get message digests (MD) that could lead to (false) positive authentications of the imposters’ messages. c) None of the above Q.2. Why are certificate authorities used? (Choose all that apply) a) because using certificate authorities allow servers configured to authenticate transactional messages (like trade secrets, financial transactions, etc.) to make sure that the messages they receive come from the right sources. b) because using certificate authorities is a good way to avoid Public Key Deception c) because certificate authorities are regulated in most countries d) None of the above Q.3. If a verifier could request and get a digital certificate from a well-known certificate authority (CA), this means …. a) that the applicant (or the firm) named in the certificate is honest b) that the applicant (or the firm) named in the certificate is a customer of the certificate authority c) None of the above Q.4. Which of the following is the standard for digital certificates? a) RSA b) DCS c) X.509 MIS 4850 Systems Security 106729803 Page 1 of 5 Exhibit Q.5. Based on the definition of the fields of a X.509 digital certificate as explained in the book, what is the entity to which the certificate (shown in the above exhibit) is issued? a) Thawte Consulting of Western Cape in South Africa b) Freesoft of Maryland in the U.S. c) None of the above Q.6. To prevent deception, digital certificates are signed by the _____. a) applicant b) verifier c) certificate authority d) Both a. and b. Q.7. Digital certificates are created to tell you… a) A true party’s public key. b) That the individual or company owning the certificate is trustworthy c) Both of the above. d) Neither a. nor b. Q.8. What are the TWO most critical fields in a X.509 digital certificate? a) the version number b) the issuer c) the subject d) the public key MIS 4850 Systems Security 106729803 Page 2 of 5 Q.9. What other field is needed to use the information in the two most critical fields of a X.509 digital certificate? a) the signature algorithm identifier b) the Public key algorithm c) The serial number Q.10. What TWO fields of a X.509 digital certificate allow the receiver of a certificate to determine if the certificate has been altered? a) the Signature algorithm identifier b) the version number c) the Digital Signature Q.11. Why is it important to check CRLs? a) because CRLs are used to authenticate applicants b) because the CA may cancel the digital certificate before its expiration date. c) None of the above Q.12. Which of the following is not a function of a Public Key Infrastructure? a) Create public key-private key pairs. b) Distribute private keys securely. c) Distribute public keys through digital certificates. d) None of the above Q.13. Distinguish between long-term versus session symmetric keys. ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ Q.14. When Public Key Encryption is used to exchange symmetric keys between Party A and Party B, what key from the pair of Public-Private key is used by the sender to encrypt the symmetric key that needs to be sent to the other party? a) The session key. b) The sender’s Public key. c) None of the above. MIS 4850 Systems Security 106729803 Page 3 of 5 Chapter 8 Reading Questions Read pages 290-318 in order to answer the following questions Q.1. _____ works at the application layer? a. SSL/TLS b. Kerberos c. PPTP d. IPsec e. All of the above. Q.2. Which of the following provides security at the transport layer? a. IPsec b. PPTP c. SSL/TLS d. Kerberos Q.3. In consumer e-commerce, SSL/TLS normally authenticates _____. a) the consumer b) the merchant c) Both of the above. d) Neither a. nor b. Q.4. SSL/TLS provides _____. a. confidentiality b. key exchange c. Both of the above. d. Neither a. nor b. Q.5. When SSL/TLS security is used in e-commerce, the number of transactions a server can process per second …….. a. reduces b. increases c. remain the same Q.6. _____ provides protection transparently to higher-layer protocols with most network applications. a. SSL/TLS b. IPsec c. Both of the above. d. Neither a. nor b. Q.7. When users dial into corporate networks, they reach a device called a ______. a. RAS b. RADIUS server Q.8. Authentication is mandatory in PPP. MIS 4850 Systems Security 106729803 T Page 4 of 5 F Q.9. Which type of PPP authentication sends passwords/secrets in the clear, without encryption for confidentiality? a. PAP b. MS-CHAP c. Both of the above. d. Neither a. nor b. Q.10. Which of the following PPP authentication protocol is more secure? a. PAP b. CHAP c. MS-CHAP Q.11. Which of the following modes offers end-to-end security between hosts in IPsec? a. tunnel mode b. transport mode c. Both of the above. d. Neither a. nor b. Q.12. Which of the following usually requires the addition of software to the source and destination hosts? a) IPsec tunnel mode b) IPsec transport mode c) Both of the above. d) Neither a. nor b. Q.13. In IPsec, a mandatory default algorithm for bulk encryption (i.e. confidentiality) is…. a. Simple DES b. DES-CBC c. Both of the above. d. Neither a. nor b. Q.14. In IPsec, the mandatory default algorithm for key exchange is _____. a. RSA b. Diffie-Hellman c. DES-CBC d. Digital Signatures Q.15. Which of the following provides message-by-message authentication? a) Digital signatures b) HMACs c) Both of the above. Q.16. HMACs use ____. a. symmetric key encryption b. public key encryption c. hashing d. a. and c. e. a., b., and c. MIS 4850 Systems Security 106729803 Page 5 of 5