信息安全技术复习题目最终版.docx

1. In the movie Office Space, software developers attempt to modify company software so that for each financial transaction, any leftover fraction of a cent goes to the developers, instead of going to the company. The idea is that for any particular transaction, nobody will notice the missing fraction of a cent, but over time the developers will accumulate a large sum of money. This type of attack is sometimes known as a salami attack. Now, find a real-world example of a salami attack and expound how it works. The most typical scheme portrayed by a salami attack is that which involves an automated modification to financial systems and their data. For example, the digits representing currency on a banks computer(s) could be altered so that values to the right of the pennies field ( 0.01 ) are always rounded down (fair arithmetic routines will calculate in both directions equally). 最典型的意大利腊肠攻击方案，包括自动修改财务系统和数据描述。例如，在银行的计算机上表示货币的数字可以被改变，使便士字段的右边的值（ 0.01）总是四舍五入（公平的算术程序将在两个方向上计算相等）。The essence of this mechanism is its resistance to detection. Account owners rarely calculate their balances to the thousandths or ten-thousandths of a cent, and, consequentially remain oblivious. Even if the discrepancies are noticed, most individuals have better things to do (like preserve their pride) than complain about an erroneous digit in some far off decimal place. The following (alleged) scenarios will demonstrate that slices need not always be tiny to evade detection. In fact, they can be rather large, as long as unsuspecting and/or ignorant victims are plentiful. 这种机制的本质是它的电阻检测。帐户所有者很少计算余额的千分之几或千分之十分，必然继续无视。即使这些差异被发现，大多数人有更好的事情要做（如保持他们的自豪感）比抱怨在一些遥远的小数点错误的数字。以下（所谓）的情况将表明，“片”不一定总是很小，以逃避检测。事实上，他们可以是相当大的，只要不知情的和/或无知的受害者是丰富的。 2 In the field of information security, Kerckhoffs Principle is like motherhood and apple pie, all rolled up into one.*Define Kerckhoffs Principle in the context of cryptography.（1）即使密码系统的任何细节已为人悉知，只要密钥未泄漏，它也应是安全的。Any details even if the cryptography system has informed all too often, as long as the key does not leak, it should also be safe*Give a real-world example where Kerckhoffs Principle has been violated. Did this cause any security problem? （2）自动取款机使用了DES数据加密，相当于一个加密系统，有时候密码未泄露，但犯罪份子知道了身份信息和银行卡号后能够盗取卡里的钱。 这个案例中的安全问题有：个人信息泄露，财产的损失。ATM using DES data encryption, is an cryptography system, sometimes the password does not leak, but criminals steal the money after know the identity information and bank card number .The security problem in this case are: personal information leakage, the loss of the property.3. Among the fundamental challenges in information security are confidentiality, integrity, and availability, or CIA. A. Define each of these terms: confidentiality, integrity, availability.B. Give a concrete example where confidentiality is more important than integrity.C. Give a concrete example where integrity is more important than confidentiality.D. Give a concrete example where availability is the overriding concern.Answer：A.Confidentiality is of the information with a certain degree of secrecy only for authorized person to read and change it; Integrity is to prevent or at least to detect unauthorized changes to information; Availability is that the legally ownes and users for information, they have access to the information at any time if they need.B.The document about State secrets.C.Test scores.D.E-commerce site. To avoid service interruption, lead to users and their own interests is damaged, its availability is the most important。翻译：信息安全领域的基本挑战包括机密性、完整性和可用性，或者简称CIA。A. 请给出机密性、完整性、可用性的术语定义。答：机密性具有一定保密程度的信息只能让有授权的人读取和更改；完整性是防止或至少检测出对信息进行未授权的修改；可用性是对于信息的合法拥有和使用者，在他们需要这些信息的任何时候，都应该保障他们能够及时得到所需要的信息。4. Suppose that we have a computer that can test 240 keys each second.*What is the expected time (in years) to find a key by exhaustive search if the keyspace is of size288?*What is the expected time (in years) to find a key by exhaustive search if the keyspace is of size2112?*What is the expected time (in years) to find a key by exhaustive search if the keyspace is of size2256?Anwser:(1)288/240=248 second 248/(60*60*24*365)=8.923*106 (2)2112/240=272 second 272/(60*60*24*365)=1.497*106 (3)2256/240=2216 second 2216/(60*60*24*365)=3.339*10575. Give four strong passwords derived from the passphrase “Gentlemen do not read other gentlemens mail.” And describe how to derive your answer from the passphrase.6. Give four strong passwords derived from the passphrase “Are you who you say you are?”. And describe how to derive your answer from the passphrase. 答：根据Are you who you say you are随便构造4个强密码并解释构造方法。例如1ReNwNs1yNA 此题要求独创性强密码长度至少有 8 个字符，不包含全部或部分用户帐户名，不包含完整的单词,至少包含以下四类字符中的三类:大写字母、小写字母、数字，以及键盘上的符号(如 !、#)。7. For each of the following passwords, give two passphrase that the password could have been derived from.A: PokeGCTall B: 4s&7vrsaC: gimmeliborD D: IcntgetNOsat例如：A. PokeGCTallPerson or kids end Good Cat Tall Play on kid Great Cool Top are like like8. Consider the ciphertext FALSZ ZTYSY JZYJK YWJRZ TYJZT YYNAR YJKYS WARZT YEGYY J, which was generated using an affine cipher with parameter a=7 and b=22. Decipher the message please.加密过程为：E(m)=(am+b)mod26解密过程为：c（m）=a-1(c-b)mod26=7-1（c-22）mod26=15(c-22)mod26 所以仿射码解密相对应的字母为0123456789101112明文ABCDEFGHIJKLM密文WDKRYFMTAHOVC13141516171819202122232425明文NOPQRSTUVWXYZ密文JQXELSZGNUBIP密文：FALSZ ZTYSY JZYJK YWJRZ TYJZT YYNAR YJKYS WARZT YEGYYJ明文： first the sentence and then the evidence said the queen.9. Consider the ciphertext QJKES REOGH GXXRE OXEO, which was generated using an affine cipher. Determine the constants a&b and decipher the message. Hint: Plaintext “t” encrypts to ciphertext “H” and plaintext “o” encrypts to ciphertext “E”.加密过程：a,b are constants(常数)，p is plaintext（明文），C is ciphertext（密文）So a= 11 ,b= 6解密过程：c（m）=a-1(c-b)mod26=11-1（c-6）mod26序号0123456789101112明文abcdefghijklm密文GRCNYJUFQBMXI序号13141516171819202122232425明文nopqrstuvwxyz密文TEPALWHSDOZKVCiphertext（密文） :QJ KES REOGH GXXRE OXEOPlaintext（明文） :If you bow at all bow low.10. Please give three examples of authentication based on “something you know”, “something you have” and “something you are”;a.Password authentication(something you know)b.Security token and a smart card(something you have)c. Biometric authentication is the use of fingerprints or face scanning and iris（虹膜） or voice recognition，iris type or fingerprints scanned(something you are)a.密码验证b.安全令牌和智能卡c.生物特征识别11. Two-factor authentication requires that two of the three authentication methods (something you know, something you have, something you are) be used. Give two examples from everyday life where two-factor authentication is used. Which two of the three are used?答：1. Use the bank card to withdraw money in ATM. Bank card is something you have and password is something you know. 2.Use the ID card and the admission notice to verify identity,whenentering the university. ID card and the admission notice are something you have, oneself is something you are .翻译：双重认证要求的两三个身份验证方法(你知道的东西,你拥有的东西,你是什么)被使用。给两个例子从日常生活使用双重认证。使用了其中的哪两个因素？First example,ATM card, of which the user must hold a card and PIN number.”something you have” and “something you know” are used on ATM cards.Other examples of two-factor authentication include credit card with handwritten signature. “something you have” and “something you are” are used on this method.12. RFID tags are extremely small devices capable of broadcasting a number over the air that can be read by a nearby sensor. RFID tags are used for tracking inventory, and they have many other potential uses. For example, RFID tags are used in passports and it has been suggested that they should be put into paper money to prevent counterfeiting. In the future, a person might be surrounded by a cloud of RFID number that would provide a great deal of information about the person.*Discuss some privacy concerns related to the widespread use of RFID tags.*Discuss security issues, other than privacy, that might arise due to the widespread use of RFID tags.Anwser:(1)Illegal to read the information（非法读取信息）、Position location tracking（位置定位跟踪） （2）Interfere with the correct receiving information(干扰正确信息接收)、counterfeiting（伪造假币）1.非法读取信息；RFID tags offer way to illegal read of the information about customers.位置定位跟踪.RFID tags could be used to track peoples movements, determine their identities or make inferences about their habits（用来追踪人们的动作,确定他们的身份或推断他们的习惯）2.拒绝服务：人为的信号干扰使合法的阅读器不能正常读取标签数据；Denial of service :Artificial interference make the legal reader cant read the label data properly. 重放：根据窃听到的阅读器和标签之间的数据通信，重复之前的通信行为从而获得信息数据。The replay: According to hacking into the data communication between the reader and the tag, repeat previous data communication behavior in order to gain information.13. Decrypt the following message that was encrypted using a simple substitution cipher: WB WI KJB MK RMIT BMIQ BJ RASHMWK RMVP YJERYRKB MKD WBI IWOKWXWVMKVR MKD IJYR YNIB URYMWKNKRASHMWKRD BJ OWER M VJYSHRBR RASHMKMBWJK JKR CJNHD PMER BJLR FNMHWXWRD MKD WKISWURD BJ INVPMK RABRKB BPMB PR VJNHD URMVP BPR IBMBR JXRKHWOPBRKRD YWKD VMSMLHR JX URVJOKWGWKOIJNKDHRII IJNKD MKD IPMSRHRII IPMSR W DJ KJB DRRY YRIRHX BPR XWKMH MNBPJL WBT LNB YT RASRL WRKVRCWBP QMBM PMI HRXB KJ DJNLB BPMB BPR XJHHJCWKO WIBPR SUJSRU MSSHWVMBWJK MKD WKBRUSURBMBWJK WJXXRU YT BPRJUWRI WK BPR PJSR BPMB BPR RIIRKVR JX JQWKMCMK QMUMBR CWHH URYMWK WKBMVB14. This problem deals with digital signatures.*Precisely how is a digital signature computed and verified. *Show that a digital signature provides integrity protection.*Show that a digital signature provides non-repudiation.答：1. When Sending a message, the sender use a hash function to generate a message digest from the message text , and then the sender use his private key to encrypt it .The encrypted digest will as a digital signature with the message to sent to the receiver. The receiver use the same hash function to compute the message digest from the original message.Then use the senders public key to decrypt the additional digital signature. If the two the same, then the receiver can verify the digital signature is the sender.2. Using the algorithm (hash)，Ensuring that once the message is changed or replaced，even if only has changed a data,will lead the digest to change.Thus protect the integrity and authenticity of the message.3. Because only the sender has the private key, so it cannot deny the electronic file is not sent by it.翻译：1.数字签名是如何计算和验证：计算：发送报文时，发送方用一个哈希函数从报文文本中生成报文摘要,然后用自己的私人密钥对这个摘要进行加密，这个加密后的摘要将作为报文的数字签名和报文一起发送给接收方。验证：接收方首先用与发送方一样的哈希函数从接收到的原始报文中计算出报文摘要，接着再用发送方的公用密钥来对报文附加的数字签名进行解密，如果这两个摘要相同、那么接收方就能确认该数字签名是发送方的。2.表明数字签名提供完整的保护：使用了摘要算法（hash），确保一旦原文还改动或替换（哪怕只已改动了一位数据），都会导致摘要的变化，从而保护报文的完整性和真实性。3.表明数字签名提供不可抵赖性:由于只有发文者拥有私钥,所以其无法否认该电子文件非由其所发送.a计算:报文的发送方用一个哈希函数从报文文本中生成报文摘要（散列值）。发送方用自己的私人密钥对这个散列值进行加密。然后，这个加密后的散列值将作为报文的附件和报文一起发送给报文的接收方。验证：报文的接收方首先用与发送方一样的哈希函数从接收到的原始报文中计算出报文摘要，接着再用发送方的公有密钥来对报文附加的数字签名进行解密。如果两个散列值相同、那么接收方就能确认该数字签名是发送方的。通过数字签名能够实现对原始报文的鉴别。Computing：The sender of a message using a hash function to generate the message digest (hash) from the message text. The sender use its own private key to encrypt the hash value. Then, the encrypted hash value will be sent to the receiver of a message as the attachment of a message with a message. Verifying:The receiver of a message calculate the message digest of the original message by using the same hash function as the sender from receiving, and then use the senders public key to decrypt the digital signature of message attached.If the two hash values are the same, then the receiver can verify the digital signature is the senders. The identification of the original message can be realized through the digital signature .b完整性保护：消息一经签名，任何人（包括签名者）均无法修改该消息。Integrity protection :Once the message after a digital signature, anyone (including the signer) are unable to modify the messagec不可否认性：接受者能够确认或证实签名者的签名，但不能否认。Non-repudiation :The recipient can verify or confirm the signature of the signer, but cannot deny15. Suppose that Alice RSA public key is (N, e)= (33 , 3 ) and her private key is d=7.*If Bob encrypts the message M=19 using Alices public key, what is the ciphertext CI Show that Alice can decrypt C to obtain M. So the ciphertext C=28. Then Alice can decrypt C to obtain M=19答：用RSA非对称加密法加密，n=33,e=3,d=7，明文m=19，加密：c=me mod n =193 mod 7=6859 =28 mod 33解密：m=cd mod n=c7 mod 33 =19*Let S be the result when Alice digitally signs the message M= 25. What is 5? If Bob receives M and S, explain the process Bob will use to verify the signature and show that in this particular case, the signature verification succeeds.答：M=25时，S=Me mod n =253 mod 33 =16 解密验证：m=Sd mod n =167 mod 33=25M=5时 ，S=Me mod n =53 mod 33 =26解密验证：m=Sd mod n =267 mod 33=516. Suppose Bob and Alice share a symmetric key K. Draw a diagram （图表）to illustrate a variant （变量）of Dime-Hellman key exchange between Bob and Alice that prevents the man-in-the-middle attack.使用第三方TA签证的证书：17. From a banks perspective, which is usually more important, the integrity of its customers data or the confidentiality of the data? From the perspective of the banks customers, which is more important?Anwser: bank:confidentiality(机密性) banks customers:the integrity（完整性） 18. 阐述分组对称加密技术五种运行模式的名称、工作原理及特点，举例说明其工作过程和应用场合。 ECB、CBC、CFB、OFB、 CTR ECB模式：（Electronic Codebook）电码本模式工作原理：加密算法的输入是明文，算法的输出将直接作为密文进行输出，不进行任何形式的反馈，每个明文分组的处理是相互独立的，这种方式也是分组密码工作的标准模式特点：简单，有利于并行计算，误会不会被传送。但是不能隐藏明文的模式，可能对明文进行主动攻击。应用场合：ECB模式一般只适用于小数据量的字符信息的安全性保护，例如密钥保护。 ECB模式适用于对字符加密,例如,密钥加密。 CBC模式：密码分组链接模式（CBC）cipherblockchainingmodeCBC工作原理：模式是在密钥固定不变的情况下，改变每个明文组输入的链接技术。 特点：1.不容易主动攻击,安全性好于ECB,适合传输长度长的报文,是SSL、IPSec的标准。2.不利于并行计算；3.误差传递；3.需要初始化向量。 工作过程：在CBC模式下，每个明文组在加密之前,先与反馈至输入端的前一组密文逐一比对相加（异或）后再加密。 应用场合：CFB模式：cipherfeedbackmode 特点：隐藏了明文模式;分组密码转化为流模式;可以及时加密传送小于分组的数据;1不利于并行计算;误差传送：一个明文单元损坏影响多个单元;唯一的IV;OFB模式：outputfeedbackmode 工作原理：与OFB相似，CTR将块密码变为流密码。 特点：隐藏了明文模式;分组密码转化为流模式;可以及时加密传送小于分组的数据;不利于并行计算;对明文的主动攻击是可能的;误差传送：一个明文单元损坏影响多个单元; 工作方式：OFB模式实质上就是一个同步流密码，通过反复加密一个初始向量IV来得到密钥流。这种方法有时也叫“内部反馈”，因为反馈机制独立于明文和密文而存在的。 应用场合：OFB模式常用于卫星通信中的加密。计数器模式（CTR）：countermode特点：1）随机访问性。可以随机地对任意一个密文分组进行解密，对该密文分组的处理与其他密文无关。2）高效率3）CTR可以处理任意长度的数据，只要相应调整CTR产生的密钥长度即可。而且加解密过程是对称的XOR。工作过程：它通过递增一个加密计数器以产生连续的密钥流，其中，计数器可以是任意保证不产生长时间重复输出的函数，但使用一个普通的计数器是最简单和最常见的做法。应用场合：19常见的网络攻击手段有哪些？并举例说明其特点、后果和攻击案例。阻塞型攻击、控制型攻击、探测型攻击、欺骗型攻击、漏洞型攻击、破坏型攻击 阻塞型攻击：1、特点：通过强制占有信道资源、网络连接资源、存储空间资源，使服务器崩溃或资源耗尽无法对外提供服务。2、后果：使目标系统死机，使端口处于停顿状态； 扭曲系统的资源状态、降低系统处理速度。3、典型手段：拒绝服务攻击（DoS）TCP SYN洪泛攻击、电子邮件炸弹等控制型攻击：1、特点：试图获取对目标机器的控制权2、后果：夺取目标机器的完全控制权 使用目标机器作为进一步攻击的跳板。3、典型手段：口令截获与破解特洛伊木马：欺骗用户、隐藏自身、秘密信道 缓冲区溢出：利用软件自身的缺陷攻击探测型攻击：1、特点：收集目标系统的各种与网络安全有关的信息，对目标可能存在的已知安全弱点进行逐项检查，为下一步入侵提供帮助。2、后果：找出目标系统的安全弱点 既可用于安全增强，也可被用于攻击。3、典型手段：扫描技术，体系结构刺探 系统信息服务收集、无踪迹信息探测欺骗型攻击：1、 特点：冒充合法信息系统中尸体或者散布虚假信息，达到欺骗其他实体的目的 2、 3、典型手段：ARP缓存虚构 DNS高速缓存污染 伪造电子邮件 伪造电话号码，伪造短信等漏洞型攻击：漏洞：系统硬件或者软件存在的某种形式的安全脆弱点。1、 特点：针对探测型攻击发现的系统安全弱点和漏洞攻击实施的相应攻击，进而获取利益。2、 后果：使得非法用户未经授权活的访问权或提高其访问权限，破坏系统的机密性3、 典型手段：通过Internet网，查找目标平台或者某类安全漏洞的详细信息和利用手段。破坏型攻击：1、 特点：对目的机器的各种数据与软件实施破坏，是的目标系统彻底瘫痪和实效。2、 后果：3、 典型手段：计算机病毒 恶意炸弹 逻辑炸弹4、 攻击实例：GPS系统，飞行主控软件20什么是恶意代码？阐述恶意代码的分类和各自的特点，并举例说明。 答：恶意代码：完成恶作剧、报复、版权保护或其它特殊目的等攻击任务，具有破坏作用的程序代码。分类：按恶意代码是否需要特定的应用程序、工具程序或系统程序作为宿主：需要宿主的恶意代码具有依附性，不能脱离宿主而独立运行；不需要宿主的恶意代码具有独立性，可不依赖宿主而独立运行。按恶意代码是否能够自我复制：不能自我复制的恶意代码是不感染的；能够自我复制的恶意代码是可感染的。类标准需要宿主无需宿主不能自我复制不感染的依附性恶意代码不感染的独立性恶意代码能够自我复制可感染的依附性恶意代码可感染的独立性恶意代码类别实例不感染的依附性恶意代码特洛伊木马、逻辑炸弹、后门或陷门不感染的独立性恶意代码繁殖器、恶作剧可感染的依附性恶意代码病毒可感染的独立性恶意代码蠕虫、细菌21. 什么是物理安全？物理安全的研究内容有哪些？物理安全：物理硬件设备的安全防护研究内容：物理安全涉及在物理层面上保护企业资源和敏感信息所遭遇的威胁、所可能存在的缺陷和所采取的相应对策。企业资源包括员工及其赖以工作的设施、数据、设备、支持系统、介质等。 其内容包括有关选择、设计和配置工作场所应该注意的事项；保护设施免遭非法入侵的方法；保护设备和信息免遭盗窃的方法；保护员工、设施及其资源免遭环境和意外伤害的手段。22. 通过本课程，我们学习了分组过滤、堡垒主机、屏蔽主机和屏蔽子网等四种体系的防火墙。（1）描述这些防火墙的工作原理；（2）它们分别工作在IP协议栈的哪个层次上？（3）他们各有什么优点和缺点？（4）举例说明各自的应用场合答案：（1）分组过滤：它根据分组包头源地址、目的地址和端口号、协议类型等标志确定是否允许数据包通过。只有满足过滤逻辑的数据包才被转发到相应的目的地出口端，其余数据包则被从数据流中丢弃。 堡垒主机：堡垒主机是一个主机系统，其自身通常经过了一定的加固，具有较高的安全性，其作用束腰是将需要保护的信息系统资源与安全威胁的来源进行隔离，从而在被保护的资源前面形成一个坚固的“堡垒”，并且在抵御威胁的同时又不影响普通用户对资源的正常访问。 屏蔽主机：屏蔽主机体系结构使用一个单独的路由器提供来自仅仅与内部的网络相连的主机的服务。在这种体系结构，主要的安全由数据包过滤提供。 屏蔽子网：这种方法是在内部网络和外部网络之间建立一个被隔离的子网，用两台分组过滤路由器将这一子网分别与内部网络和外部网络分开。（2）（3）分组过滤：网络层 优点：不用改动客户机和主机上的应用程序，与应用层无关 缺点：据以过滤判别的只有网络层和传输层的有限信息，因而各种安全要求不可能充分满足；在许多过滤器中，过滤规则的数目是有限制的，且随着规则数目的增加，性能会受到很大影响。堡垒主机：应用层 优点:把整个网络的安全问题集中在某个主机上解决，从而省时省力，不用考虑其它主机的安全的目的。 缺点：堡垒主机是一台完全暴露给外网攻击的主机。它没有任何防火墙或者包过虑路由器设备保护。屏蔽主机：网络层和应用层 优点：具有更好的安全性和可用性，确保了内部网络不受未被授权的外部用户的攻击。 缺点：网关的基本控制策略由安装在上面的软件决定。如果攻击者设法登录到它上面，内网中的其余主机就会受到很大威胁。屏蔽子网：网络层 优点：安全性最高。缺点：实现较为复杂。 （4） 分组过滤：使用它在内外网连接时由策略决定转发或阻止数据包。例如，阻拦所有从本单位发送出去的，向计算机8请求FTP服务的分组，由于FTP的熟知端口号为21，因此只要在分组过滤器的阻拦规则中写上“禁止到目的地址为8且目的端口号为21的所有分组”即可。 堡垒主机：在内外网设置一个堡垒主机，完全阻止IP通信，所有通信服务均由代理服务器完成。政务电子化是信息社会政府管理发展的一种新趋势，基于天融信堡垒主机(TA-SAG)政府行业技术解决方案是出于4A统一网络安全管理平台的理念，通过账号的集中管理、认证机制、授权机制、以及用户的操作行为审计等策略