1
Course: Network Security
Sample Midterm Exam
Name: _____________________
1. For each question (4 points), there are multiple choices, but only one
is correct
1.1 When a user receives an email sent by the Melissa virus
(a) Even if the user does not open the attachment, the user’s computer will still be affected by the
virus when the email is opened.
(b) The attachment contains only MS WORD macro code, so the attachment is not a readable
when you open it.
(c) If the user does not open the attachment, the user’s computer will not be affected by the virus.
(d) The attachment is still readable, but when the attachment is opened, the malicious macro code
included in the attachment will not be executed. The macro code will be executed only when the
attachment is saved onto the local disk.
Answer: to be announced in Feb 27.
1.2 The Internet worm uses one of the following methods to establish a shell on a remote
computer except
(a) rsh
(b) fingerd
(c) sendmail
(d) pingd
Answer: to be announced in Feb 27.
1.3 When the attacker uses a faked source IP address to send an attacking packet to a target, the
corresponding attack is a_____
(a) scan attack
(b) sniffer attack
(c) spoofing attack
(d) Trojan horse
(e) buffer overflow attack
Answer: to be announced in Feb 27.
1.4 To establish a listening post, which of the following tools is useful?
(a) remote exploit tools
(b) local exploit tools
(c) stealth tools
(d) backdoor tools
Answer: to be announced in Feb 27.
1.5 The key length of RSA is____
(a) 56 bits
(b) 64 bits
2
(c) 512 bits
(d) 1024 bits
(e) determined by the user
Answer: to be announced in Feb 27.
1.6 When Alice uses her private key to sign a message and send the signed message to Bob,
_____ can know the content of the message.
(a) Only Bob can know, since the message is sent to Bob
(b) Anybody that can get a copy of the signed message
(c) Only the people who know the private key of Alice
(d) A third guy can know the content of the message only after Bob verifies the signed message.
Answer: (b)
1.7 In the CBC mode of DES, the nth ciphertext block is determined by ____
(a) Only the nth plaintext block and the key.
(b) The key, the nth plaintext block, and the (n-1)th plaintext block.
(c) The key, the initiation vector (i.e., ciphertext block 0), the nth plaintext block, and all the
previous plaintext blocks.
(d) The key, the initiation vector (i.e., ciphertext block 0), and all the previous ciphertext blocks.
Answer: (c)
2. Please say TRUE or FALSE to each of the following statements (4
points each)
2.1 ______When an Internet DoS attack is enforced, the real attacker will send a message to each
daemon to instruct the daemon to send packets to the victim.
Answer: to be announced in Feb 27.
2.2 ______ A Melissa virus can make a mail server unable to send out emails because the virus
corrupts the code of the mail server.
Answer: to be announced in Feb 27.
2.3 ______ In known plaintext cryptanalysis, the attacker knows the plaintext of any ciphertext he
or she is interested.
Answer: to be announced in Feb 27.
2.4 ______ Both RSA and DES are a block cipher.
Answer: to be announced in Feb 27.
2.5 ______When Venam one-time pad is used to achieve perfect secrecy, the key must be as long
as the plaintext.
Answer: to be announced in Feb 27.
3
2.6 ______ Double DES is two times as secure as single DES.
Answer: to be announced in Feb 27.
2.7 ______ Since the attacker can easily figure out Bob’s private key using Bob’s public key, so
when Alice wants to use public key cryptograph to communicate with Bob securely, Alice needs
to keep Bob’s public key confidential.
Answer: to be announced in Feb 27.
2.8 ______ The only way to authenticate the sender of a message is to use digital signatures.
Answer: to be announced in Feb 27.
3. When letter substitution is used to do encryption: (10 points)
3.1 If the plaintext is “west”, and the key is {wx, eu, sc, ti}, what is the ciphertext?
Answer: to be announced in Feb 27.
3.2 If the plaintext is “west”, and the cybertext is “gord”, what is the key?
Answer: to be announced in Feb 27.
4. When KDC and symmetric cryptography are used to do key change,
the key change can be done by three messages. What are the three
messages? (7 points)
Answer: to be announced in Feb 27.
5. Please show how DES can be used to generate message digests. (7
points)
Answer: to be announced in Feb 27.
6. What are the seven penetration stages that an attacker will typically
follow? (6 points)
Answer: see slides 15 and 16 in On Attacks – Part II.
7. Alice and Bob are two business partners that know each others’ public keys.
They want to do secure communications between each other such that
o Each message will be encrypted;
o Bob will be able to authenticate that the sender is Alice after he receives a
message from Alice;
o If a message is modified by the attacker during transmission, Bob will be
able to detect such modification; and
4
o Neither encryption nor signing should slow down message transmission
significantly.
We assume that 128 bit message digests do not suffer from the message replacement
attack. Please provide a solution that can satisfy the security requirements of Alice
and Bob. (10 points)
Answer:
o Since encryption should be quick, we use DES instead of RSA for encryption.
o Since signing should be quick, we use one-way hash function, e.g., MD2, in the
same way as on Slide 32 (in Crypto-Part II). We use MD2 (or MD5) to generate
128 bit message digests to defeat the message replacement attack. Of course, you
should give the details in the exam.
o We use RSA to distribute the session keys between Alice and Bob. For example,
when Alice wants to send a message to Bob, Alice will first generate a session
key, then use Bob’s public key to encrypt the session key and send the encrypted
session key to Bob.
o Since the verification procedure on Slide 32 can authenticate the sender of a
message, our solution can authenticate the sender of a message.
o Since we use 128 bit message digests, our solution does not suffer from the
message replacement attack against one-way hash. Since our solution does not
suffer from the message replacement attack, so the verification procedure on Slide
32 can detect message modification by the attacker.