Part -1:
1. What is the difference between a block cipher and a stream cipher?
2. List ways in which secret keys can be distributed to two communicating parties.
Part -2:
Consider a Feistel cipher composed of 16 rounds with block length 128 bits and key length 128 bits. Suppose that, for a given k, the key scheduling algorithm determines values for the first 8 round keys, k1 , k2 , . . . k8 , and then sets
Suppose you have a ciphertextc . Explain how, with access to an encryption oracle, you can decrypt c and determine m using just a single oracle query. This shows that such a cipher is vulnerable to a chosen plaintext attack. (An encryption oracle can be thought of as a device that, when given a plaintext, returns the corresponding ciphertext. The internal details of the device are not known to you and you cannot break open the device. You can only gain information from the oracle by making queries to it and observing its responses.)
Part 3:
Suppose an error occurs in a block of ciphertext on transmission using CBC. What effect is produced on the recovered plaintext blocks?
What is a one-way function?
Briefly explain Diffie-Hellman key exchange.
In an RSA system, the public key of a given user is e = 31,n= 3599. What is the private key of this user?
Part -4:
List four functions supported by S/MIME.
What is the purpose of HTTPS?
What are two ways of providing authentication in IPsec?
In SSL and TLS, why is there a separate Change Cipher Spec Protocol rather than including a change_cipher_spec message in the Handshake Protocol?
Part -5:
What are the principal elements of a Kerberos system?
What is the role of a CA in X.509?
Part -6:
List and briefly define IEEE 802.11 services.
What security areas are addressed by IEEE 802.11i?
In IEEE 802.11, open system authentication simply consists of two communications. An authentication is requested by the client, which contains the station ID (typically the MAC address). This is followed by an authentication response from the AP/router containing a success or failure message. An example of when a failure may occur is if the client's MAC address is explicitly excluded in the AP/router configuration.
a. What are the benefits of this authentication scheme?
b. What are the security vulnerabilities of this authentication scheme?
What effect does "setgid" have on directories? On files?
What is a rootkit? Why are they hard to detect?
Part -7:
Why are file system permissions so important in the Linux DAC model?
How do they relate or map to the concept of "subject-action-object" transactions?
Part -8:
1 What are the two kinds of ACLs in Windows, and what does each do?
2 Why does XBox Live use only IPSec and not IPv4?
Paige's (simplified) token looks like this:
User:
FOOCorp\PaigeH
Groups:
Everyone
Authenticated Users
Developers
Her word processor attempts to open a file for RWX access, and the
file has the following ACL:
Administrators: Full Control
Authenticated Users: RW
Developers: RWD
Will Paige be granted access to the object? Why or why not?
3. Practical Assignment:
(Note: You need to use a tool that is different from the one you used for assignment 2.)
General Description:
This practical assignment is intended for you to get familiar with some of the current security tools. These tools are powerful and are widely used in the security community. You may find some of the tools useful in protecting your own computer as well as computing resources within your organization. Special attention should be paid in choosing some of the tools and instructions should be followed.
1) Select a tool from "Top 100 Network Security Tools" (https://sectools.org/). The use of an open-source tool is highly encouraged.
I choose Cain and Abel
Cain and Abel
UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using dictionary, brute-force and cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. It is also well documented. For downloads and more information, visit the Cain and Abel homepage.
2) It is required that you install and run the tool in an enclosed network environment or use it on your own computer ONLY. An enclosed network environment means a non-operational networked system without any physical connection to other working computing environments (e.g., the Internet). Special attention should be paid when you use network scanners, sniffers, hacking tools or password crackers because their usage may violate an organization's security policies or compromise other computing resources. It is therefore your own responsibility to guarantee that the running of security tool(s) does not violate your organization's regulations, procedures, policies, and/or local, state and federal laws.
3) Follow the instructions to configure and run the tool you chose.
4) Write a brief report (2-3 pages, single-spaced, not counting quotations used). In your report, answer the following questions in your own words (please do not copy/paste from a tutorial or other online materials).
a) What is the functionality of the tool?
b) What is the actual running environment (software and hardware) of the tool?
c) How will you evaluate the tool based on your own experience?
d) In what aspects could the tool be improved?
5) Take a screenshot (usually by pressing Shift + PrintScreen) during the running of the tool and paste it in your lab report. In your lab report you can provide as many screenshots as you want and/or other output to show you have actually run the tool.