網(wǎng)絡(luò)安全期末復(fù)習(xí)題參考資料

1、網(wǎng)絡(luò)安全期末復(fù)習(xí)題一、填空題：Availability（計算機安全的三個關(guān)鍵目標，保密性，完整性和可用性）Active1、The three key objectives of compu ter security are con fide ntiality, ， In tegrity and2、Active Attack attempts to alter system resources or affect their operation.（主動攻擊試圖 改變或影響其操作系統(tǒng)資源）3、 Attack attempts to learn or make use of information

2、from the system but dosenot affect system resources.（被動 攻擊試圖學(xué)習(xí)或者從系統(tǒng)中而不影響系統(tǒng)資源利用信息。）cryptan alysis4、 The pro cess of atte mp ti ng to discover the plain text or key is known as（試圖發(fā)現(xiàn)明文或密鑰的過程稱為密碼分析）5、 0Two types of passive attacks are the release of message contents and traffic analysis.（被動 攻擊的兩種類型是消息分析

3、和流量分析）6、 A symmetric encryp ti on scheme has five in gredie nts ,they are plain text , encryp ti on algorithm, decryption algorithm ,secret key and ciphertext .（對稱加密方案有五種成分， 它們是明文，加密算法，解密算法，密鑰和密文）7、 The two gen eral app roaches to attack ing a cip her are cryptan alysis a ndbrute-force attack。 （一般攻擊

4、密碼的兩種方法：密碼分析和蠻力攻擊）8、）If the en cry ption algorithm of 3DES is C=E（K3 , D（K2 , E（K1 , P） , then the decry ptionalgorithm is P=D（K 1（E（K2、DW?、C）.（如果 3DES 加密算法是 C = E （ K3，D （ E（K1，K2，P）,然后解密算法是 P=D（K1（E（K2、D（K3、C）9、With RSA algorithm , if the n is easily factored into its two prime factors , then the

5、algorithm will be obsolete .（對于RSA算法，如果n是容易分解成它的兩個主要因素，那么 算法將被淘汰）10、 A Public key certificateconsists of a public key plus a User ID of the key owner , withthe whole block signed by a trusted third party .（一個公鑰證書由公鑰加上所有者的用戶ID以及可信的第三方簽名的整個數(shù)據(jù)塊組成。）11、 The SSL Record Protocol p rovides two services for

6、SSL conn ecti ons :Con fide ntiality and Message Integrity . （ SSl記錄協(xié)議提供 SSl連接的兩種服務(wù)：保密和消息完整性）12、To store the public private key pairs owned by the node and the public keys of other usersknown at this node , PGP p rovides a p air of data structures at each node . These data structures are referred to

7、 respectively , as the private-key ring andpublic keyring .（存儲的公共密鑰對由節(jié)點和其他用戶在這個節(jié)點已知公鑰擁有，PGP在每個節(jié)點提供了一種數(shù)據(jù)結(jié)構(gòu)。這些數(shù)據(jù)結(jié)構(gòu)被分別稱為，私鑰環(huán)和公鑰環(huán)。）13、IP Sec support two modes of use : transport mode and tunnel mode .（存儲的公共密鑰對由節(jié)點和IPSec支持兩種使用方式：傳輸模式和隧道模式。014、 The tunnel mode of IP Sec p rovides p rotect ion to the en tir

8、e IP p acket . （IP Sec 隧道 模式對整個IP數(shù)據(jù)包提供保護）二、判斷題：1、2、（對）The emp hasis in deali ng with p assive attack is on preven ti on rather tha n detecti on .（錯）De nial of service is a type of p assive attack .3、4、5、（對）ln DES , the plai ntext is 64 bits in len gth and the key is 56 bits in length .（錯）RC4 is bloc

9、k cip her .（錯）Block cip her are almost always faster and use far less code tha n do stream cip her .（對）For len gthy message , the ECB mode may not be secure .6、7、 （對）Symmetric encryption can be used to authenticate message .8、（對）Unlike the MAC , a hash function does not take a secret key as 9、 （對）Co

10、mpared to the encryption algorithm , the MAC authentication algorithm needs not be reversible .10、 作錯）Public-key encryption is general-purpose technique that conventional encryption obsolete .11、 （錯）All public-key algorithms can encrypt/decrypt message .12、（對）RES is a block cipher .13、 （對）The princi

11、pal objective for developing a PKI is to convenient , and efficient acquisition of p ublic keys .14、 （對）SSL/TLS p rovides con fide ntiality using symmetric encryp ti on and message in tegrity using a message authe nticati on code .15、（錯）The smallest building block of a wireless LAN is an independent

12、 and service set （IBSS）.16、（對）The principal feature of IP Sec is that it can encrypt an d/or authe nticate all traffic at the IP level .三、選擇題：1. Of all the follow ing op ti onsA.B.doesn belong to the security services（不屬于安全服務(wù)）C.D.2. ACon fide nticalityIn tegritySecret keyAuthe nticati onattack in vo

13、lves trying every po ssible key un til an in telligible tran slati on of the cip ertextinto plain text is obta in ed.A. Brute-force（什么攻擊涉及嘗試每個可能的密鑰直到得到的密文變成明文易懂的翻譯。B. cip hertext onlyC. known plain text（對于DES，下列哪種說法是錯誤的）D. chose n text3. For DES, which of followi ng is false?A. DES is a block cip he

14、rB. the plain text is pro cessed in 80-bit blocksC. the key size is 56-bits（不是對稱分組密碼）D. plain text goes through 16 iterati ons4. All offollowi ng are symmetric block cip hers exce pt forA. IDEAB. AESC. 3DESD. RC45. Inmode, the input to the encryp tio n algorithms is the XOR of the curre nt plain tex

15、t blockand the p recedi ng cip hertext block, the same key is used for each blocks.A. ECB（哪種模式，輸入到異或加密算法是當(dāng)前和前面的ciphertext明文塊的塊.）B. CBCC. CFBD OFB6. is not the requirement of hash function H. （ _什么不是散列函數(shù)的一個要求。）A. H can be app lied to a block of data of any sizeB. H p roduces a fixed len gth out putC.

16、 H（x） is relatively easy to compute for any give n xD. H must be shared secretly by both p artiessecret key.）7. For app roaches to message authe nticati on, the app roach ofdoes nn eed aA. Using conventional encryption（消息認證 的方法，什么方法不需要密鑰。B. MACC. on e-way hash codeD. HMAC8. The purpose ofalgorithm i

17、s to enable two users to exchange.A. DSSB. Diffie-Hellman key（哪種算法的目的是使兩個用戶交換）C. RSAD. ECC9. Which of following is right about Kerberos? （關(guān)于 Kerberos 下列哪一項是正確的）A. User must en ter a p assword each time to access a server.B. A full-service Kerberos environment con sist of a Kerberos nu mber of clie n

18、ts, and a nu mber of app licati on servers.C. Kerberos also relies on p ublic-key encryp ti on.D. The ticket message tran smitted is in clear.10. Which of following is not right about X.509 certificate?_（關(guān)于 X.509 證書，哪一個是錯的）A. X.509 certificate must contains the p ublic key of a userB. X.509 certific

19、ate format is used in IP Sec and SSLC. X.509 certificate can be revoked before it expiresD. X.509 certificate is sig ned with the p ublic key of a trusted CA11. op eration of SSL record p rotocol is （ P145）（ SSL 記錄協(xié)議是A. Fragme ntB. Comp ressC. Fragme ntD. Add MACComp ress Add MACFragme nt Add MAC En

20、crypt Add MACComp ress Fragme nt12. PGP makes use of four types of keys, the_A. On e-time sessi on conven ti onal keyB. P ublic key（ PGP使用了四種類型的密鑰，C. Private keyD. Pass phrase-based conven ti onal key操作）Encrypt Append SSL record headerEncrypt Append SSL record headerComp ress Append SSL record heade

21、rEncrypt Append SSL record header is used to p rotect p rivate key用于保護私鑰）13. In IP Sec, a SA is uniq uely ide ntified by three p arameters .The is not the one of theparameters.（在IP Sec中，一個 SA由三個參數(shù)唯一確定。 不是一個參數(shù)。）A. SPIB. IP Desti nati onC. I PSec P rotocol ModeD. Security P rotocol14. In IP Sec, AH p

22、rovides all follow ing security services exce pt forA. Con fide ntiality（在IP Sec安全服務(wù)，AH提供的服務(wù)不包括B. access con trolC. connection! ess in tegrityD. data origi n authe nticati onE. reject ion of rep layed p ackets四、計算題：2、If the length of the message is 1921 bits . What are the value of the padding field

23、 and the len gth in SHA-512 .答 Suppose the value of the padding field is x so1921+x=896(mod1024)1921+x-896=0(mod1024)1025+x=0(mod1024)X=1023 The value of the paddi ng field is 1023 bitsIn the sec ond ste p of SHA-512 algorithm.a block of 128 bits is appen ded to the message.This block contains the l

24、engh of the origi nal message(before the p addi ng),so the value of the len gth field is 19213、Perform encryption and decryption using the RSA algorithm for the following : p=3 ; q=11 ; e=7 ; m=5 .答 p=3;q=11,e=7;M=5.n=P*q=3*11=33;o(n)=(p-1)*(q-1)=2*10=20;e7d3ed mod o(n)=1 f d=3;C=M mod n=5 mod33=14;

25、 M=C mod n=14 mod33=55、 Con sider a Diffie-Hellma n scheme with a com mon p rime q=11 and a p rimitive root a=2a. If user A has public key Y A=9,what is As private key X a?b. If user B has public key Y B=3,what is the shared secret key K?答 Y A=aXA mod q K=Y bXA mod q五、簡答題：1、Why is the middle portion

26、 od 3DES a decryption rather than an encryption ?答 There is no cryptographic significanee to the use of decryption for the second stage.Its only adva ntage is that it allows users of 3DES to decry pt data encryp ted by users of the older sin gle DES by rep eat ing the key.2、Suppose an error occurs i

27、n a block of ciphertext on transmission using CBC . What effect is p roduced on the recovered plain text blocks .答 f an error occurs in tran smissi on of cip hertext block Ci, the n this error prop agates to the recovered plain text blocks Pi and P i-1.3、When Bob wishes to com muni cate with Alice s

28、ecurely , how can he do it wihr the help of p ublic-key certificate to distribute a secret key to Alice ?答1、產(chǎn)生會話秘鑰，2、讓A公鑰加密會話秘鑰，3、讓會話秘鑰加密消息，4、將加密的消息與加密的會話秘鑰發(fā)送出去4、What is Message authentication ?答：消息認證是指通過對消息或者消息有關(guān)的信息進行加密或簽名變換進行的認證，目的是為了防止傳輸和存儲的消息被有意無意的篡改，包括消息內(nèi)容認證（即消息完整性認證）、消息的源和宿認證（即身份認證0）、及消息的序號和操作

29、時間認證等。5、What is Digital sig nature ?答 A digital sig nature is an authe nticati on mecha nism that en ables the en ables the creator of a message to attach a code that acts as a sig nature.The sig nature is formed by tak ing the hash of the message and encryp ti ng the message with the creators priva

30、te key.The sig nature guara ntees the source and in tegrity of the message.6、Please compare the similarities and differe nces of n etwork security p rotocols : IP Sec , SSL/TLS , Kerberos .答相同點：安全服務(wù)相似；不同點：所在位置不同，網(wǎng)絡(luò)層、傳輸層、應(yīng)用層7、What is the purpose of HTTPS ?答 HtT PS(HTT P over SSL)refers to the comb in

31、 ati on of HTT P and SSL to impi eme nt secure com muni cati on betwee n a Web browser and a Web server.8、What security areas are addressed by IEEE 802.11i ?答jEEE802.11i addresses three main security areas authe nticatio n: key man ageme nt,a nd data tran sfer p rivacy.9、Briefly describe the five IE

32、EE 802.11i phases of op eration .(P185)答1、發(fā)現(xiàn)；2、認證；3、密鑰管理；4、保護數(shù)據(jù)傳輸；5、連接終止10、Why does PGP gen erate a sig nature before applying comp ressi on ?(1) PGP壓縮算法不確定(2) 如果對壓縮文件簽名，則需要對解壓的文件在進行加密之后才能認證答 a.It is preferable to sign an uncompressed messages so that one can store only theuncomp ressed message toge

33、ther with the sig nature for future verificati on.b.Eve n if one were willi ng to gen erate dyn amically a reco mp ressed message for verificati on. PGP comp ressi on algorithm p rese nts a difficulty. The algorithm is not determi nistic11、What is the basic differenee between X.509 and PGP in terms

34、of key hierarchies and key trust ?答 In X_509 there is a hierarchy of Certificate Authorities.Another differenee is that in X_509 users will only trust Certificate Authorities while in PGP users can trust other users.12、List and briefly define three classes of intruders .冒充者：沒有通過驗證，使用計算機資源 違法者：通過驗證，竊取用戶的數(shù)據(jù)和資源 潛入者：控制用戶計算機答 Masquerader:A n in dividual who is not authorized to use the compu ter and who pen etrates a systems access controls to exploit a legitimate user account.Misfeasor:A legitimate user who accesses data, p rograms, or resources for which such access is not authorized, or who i