1 Course: Network Security Sample Midterm Exam Name: _____________________ 1. For each question (4 points), there are multiple choices, but only one is correct 1.1 When a user receives an email sent by the Melissa virus (a) Even if the user does not open the attachment, the user’s computer will still be affected by the virus when the email is opened. (b) The attachment contains only MS WORD macro code, so the attachment is not a readable when you open it. (c) If the user does not open the attachment, the user’s computer will not be affected by the virus. (d) The attachment is still readable, but when the attachment is opened, the malicious macro code included in the attachment will not be executed. The macro code will be executed only when the attachment is saved onto the local disk. 1.2 The Internet worm uses one of the following methods to establish a shell on a remote computer except (a) rsh (b) fingerd (c) sendmail (d) pingd 1.3 When the attacker uses a faked source IP address to send an attacking packet to a target, the corresponding attack is a_____ (a) scan attack (b) sniffer attack (c) spoofing attack (d) Trojan horse (e) buffer overflow attack 1.4 To establish a listening post, which of the following tools is useful? (a) remote exploit tools (b) local exploit tools (c) stealth tools (d) backdoor tools 1.5 The key length of RSA is____ (a) 56 bits (b) 64 bits (c) 512 bits (d) 1024 bits (e) determined by the user 1.6 When Alice uses her private key to sign a message and send the signed message to Bob, _____ can know the content of the message. (a) Only Bob can know, since the message is sent to Bob (b) Anybody that can get a copy of the signed message 2 (c) Only the people who know the private key of Alice (d) A third guy can know the content of the message only after Bob verifies the signed message. 1.7 In the CBC mode of DES, the nth ciphertext block is determined by ____ (a) Only the nth plaintext block and the key. (b) The key, the nth plaintext block, and the (n-1)th plaintext block. (c) The key, the initiation vector (i.e., ciphertext block 0), the nth plaintext block, and all the previous plaintext blocks. (d) The key, the initiation vector (i.e., ciphertext block 0), and all the previous ciphertext blocks. 2. Please say TRUE or FALSE to each of the following statements (4 points each) 2.1 ______When an Internet DoS attack is enforced, the real attacker will send a message to each daemon to instruct the daemon to send packets to the victim. 2.2 ______ A Melissa virus can make a mail server unable to send out emails because the virus corrupts the code of the mail server. 2.3 ______ In known plaintext cryptanalysis, the attacker knows the plaintext of any ciphertext he or she is interested. 2.4 ______ Both RSA and DES are a block cipher. 2.5 ______When Venam one-time pad is used to achieve perfect secrecy, the key must be as long as the plaintext. 2.6 ______ Double DES is two times as secure as single DES. 2.7 ______ Since the attacker can easily figure out Bob’s private key using Bob’s public key, so when Alice wants to use public key cryptograph to communicate with Bob securely, Alice needs to keep Bob’s public key confidential. 2.8 ______ The only way to authenticate the sender of a message is to use digital signatures. 3. When letter substitution is used to do encryption: (10 points) 3.1 If the plaintext is “west”, and the key is {wx, eu, sc, ti}, what is the ciphertext? 3.2 If the plaintext is “west”, and the cybertext is “gord”, what is the key? 3 4. When KDC and symmetric cryptography are used to do key change, the key change can be done by three messages. What are the three messages? (7 points) 5. Please show how DES can be used to generate message digests. (7 points) 6. What are the seven penetration stages that an attacker will typically follow? (6 points) 7. Alice and Bob are two business partners that know each others’ public keys. They want to do secure communications between each other such that o Each message will be encrypted; o Bob will be able to authenticate that the sender is Alice after he receives a message from Alice; o If a message is modified by the attacker during transmission, Bob will be able to detect such modification; and o Neither encryption nor signing should slow down message transmission significantly. We assume that 128 bit message digests do not suffer from the message replacement attack. Please provide a solution that can satisfy the security requirements of Alice and Bob. (10 points)