网络安全期末复习题参考资料

1、网络安全期末复习题一、填空题：Availability（计算机安全的三个关键目标，保密性，完整性和可用性）Active1、The three key objectives of compu ter security are con fide ntiality, ， In tegrity and2、Active Attack attempts to alter system resources or affect their operation.（主动攻击试图 改变或影响其操作系统资源）3、 Attack attempts to learn or make use of information

2、from the system but dosenot affect system resources.（被动 攻击试图学习或者从系统中而不影响系统资源利用信息。）cryptan alysis4、 The pro cess of atte mp ti ng to discover the plain text or key is known as（试图发现明文或密钥的过程称为密码分析）5、 0Two types of passive attacks are the release of message contents and traffic analysis.（被动 攻击的两种类型是消息分析

3、和流量分析）6、 A symmetric encryp ti on scheme has five in gredie nts ,they are plain text , encryp ti on algorithm, decryption algorithm ,secret key and ciphertext .（对称加密方案有五种成分， 它们是明文，加密算法，解密算法，密钥和密文）7、 The two gen eral app roaches to attack ing a cip her are cryptan alysis a ndbrute-force attack。 （一般攻击

4、密码的两种方法：密码分析和蛮力攻击）8、）If the en cry ption algorithm of 3DES is C=E（K3 , D（K2 , E（K1 , P） , then the decry ptionalgorithm is P=D（K 1（E（K2、DW?、C）.（如果 3DES 加密算法是 C = E （ K3，D （ E（K1，K2，P）,然后解密算法是 P=D（K1（E（K2、D（K3、C）9、With RSA algorithm , if the n is easily factored into its two prime factors , then the

5、algorithm will be obsolete .（对于RSA算法，如果n是容易分解成它的两个主要因素，那么 算法将被淘汰）10、 A Public key certificateconsists of a public key plus a User ID of the key owner , withthe whole block signed by a trusted third party .（一个公钥证书由公钥加上所有者的用户ID以及可信的第三方签名的整个数据块组成。）11、 The SSL Record Protocol p rovides two services for

6、SSL conn ecti ons :Con fide ntiality and Message Integrity . （ SSl记录协议提供 SSl连接的两种服务：保密和消息完整性）12、To store the public private key pairs owned by the node and the public keys of other usersknown at this node , PGP p rovides a p air of data structures at each node . These data structures are referred to

7、 respectively , as the private-key ring andpublic keyring .（存储的公共密钥对由节点和其他用户在这个节点已知公钥拥有，PGP在每个节点提供了一种数据结构。这些数据结构被分别称为，私钥环和公钥环。）13、IP Sec support two modes of use : transport mode and tunnel mode .（存储的公共密钥对由节点和IPSec支持两种使用方式：传输模式和隧道模式。014、 The tunnel mode of IP Sec p rovides p rotect ion to the en tir

8、e IP p acket . （IP Sec 隧道 模式对整个IP数据包提供保护）二、判断题：1、2、（对）The emp hasis in deali ng with p assive attack is on preven ti on rather tha n detecti on .（错）De nial of service is a type of p assive attack .3、4、5、（对）ln DES , the plai ntext is 64 bits in len gth and the key is 56 bits in length .（错）RC4 is bloc

9、k cip her .（错）Block cip her are almost always faster and use far less code tha n do stream cip her .（对）For len gthy message , the ECB mode may not be secure .6、7、 （对）Symmetric encryption can be used to authenticate message .8、（对）Unlike the MAC , a hash function does not take a secret key as 9、 （对）Co

10、mpared to the encryption algorithm , the MAC authentication algorithm needs not be reversible .10、 作错）Public-key encryption is general-purpose technique that conventional encryption obsolete .11、 （错）All public-key algorithms can encrypt/decrypt message .12、（对）RES is a block cipher .13、 （对）The princi

11、pal objective for developing a PKI is to convenient , and efficient acquisition of p ublic keys .14、 （对）SSL/TLS p rovides con fide ntiality using symmetric encryp ti on and message in tegrity using a message authe nticati on code .15、（错）The smallest building block of a wireless LAN is an independent

12、 and service set （IBSS）.16、（对）The principal feature of IP Sec is that it can encrypt an d/or authe nticate all traffic at the IP level .三、选择题：1. Of all the follow ing op ti onsA.B.doesn belong to the security services（不属于安全服务）C.D.2. ACon fide nticalityIn tegritySecret keyAuthe nticati onattack in vo

13、lves trying every po ssible key un til an in telligible tran slati on of the cip ertextinto plain text is obta in ed.A. Brute-force（什么攻击涉及尝试每个可能的密钥直到得到的密文变成明文易懂的翻译。B. cip hertext onlyC. known plain text（对于DES，下列哪种说法是错误的）D. chose n text3. For DES, which of followi ng is false?A. DES is a block cip he

14、rB. the plain text is pro cessed in 80-bit blocksC. the key size is 56-bits（不是对称分组密码）D. plain text goes through 16 iterati ons4. All offollowi ng are symmetric block cip hers exce pt forA. IDEAB. AESC. 3DESD. RC45. Inmode, the input to the encryp tio n algorithms is the XOR of the curre nt plain tex

15、t blockand the p recedi ng cip hertext block, the same key is used for each blocks.A. ECB（哪种模式，输入到异或加密算法是当前和前面的ciphertext明文块的块.）B. CBCC. CFBD OFB6. is not the requirement of hash function H. （ _什么不是散列函数的一个要求。）A. H can be app lied to a block of data of any sizeB. H p roduces a fixed len gth out putC.

16、 H（x） is relatively easy to compute for any give n xD. H must be shared secretly by both p artiessecret key.）7. For app roaches to message authe nticati on, the app roach ofdoes nn eed aA. Using conventional encryption（消息认证 的方法，什么方法不需要密钥。B. MACC. on e-way hash codeD. HMAC8. The purpose ofalgorithm i

17、s to enable two users to exchange.A. DSSB. Diffie-Hellman key（哪种算法的目的是使两个用户交换）C. RSAD. ECC9. Which of following is right about Kerberos? （关于 Kerberos 下列哪一项是正确的）A. User must en ter a p assword each time to access a server.B. A full-service Kerberos environment con sist of a Kerberos nu mber of clie n

18、ts, and a nu mber of app licati on servers.C. Kerberos also relies on p ublic-key encryp ti on.D. The ticket message tran smitted is in clear.10. Which of following is not right about X.509 certificate?_（关于 X.509 证书，哪一个是错的）A. X.509 certificate must contains the p ublic key of a userB. X.509 certific

19、ate format is used in IP Sec and SSLC. X.509 certificate can be revoked before it expiresD. X.509 certificate is sig ned with the p ublic key of a trusted CA11. op eration of SSL record p rotocol is （ P145）（ SSL 记录协议是A. Fragme ntB. Comp ressC. Fragme ntD. Add MACComp ress Add MACFragme nt Add MAC En

20、crypt Add MACComp ress Fragme nt12. PGP makes use of four types of keys, the_A. On e-time sessi on conven ti onal keyB. P ublic key（ PGP使用了四种类型的密钥，C. Private keyD. Pass phrase-based conven ti onal key操作）Encrypt Append SSL record headerEncrypt Append SSL record headerComp ress Append SSL record heade

21、rEncrypt Append SSL record header is used to p rotect p rivate key用于保护私钥）13. In IP Sec, a SA is uniq uely ide ntified by three p arameters .The is not the one of theparameters.（在IP Sec中，一个 SA由三个参数唯一确定。 不是一个参数。）A. SPIB. IP Desti nati onC. I PSec P rotocol ModeD. Security P rotocol14. In IP Sec, AH p

22、rovides all follow ing security services exce pt forA. Con fide ntiality（在IP Sec安全服务，AH提供的服务不包括B. access con trolC. connection! ess in tegrityD. data origi n authe nticati onE. reject ion of rep layed p ackets四、计算题：2、If the length of the message is 1921 bits . What are the value of the padding field

23、 and the len gth in SHA-512 .答 Suppose the value of the padding field is x so1921+x=896(mod1024)1921+x-896=0(mod1024)1025+x=0(mod1024)X=1023 The value of the paddi ng field is 1023 bitsIn the sec ond ste p of SHA-512 algorithm.a block of 128 bits is appen ded to the message.This block contains the l

24、engh of the origi nal message(before the p addi ng),so the value of the len gth field is 19213、Perform encryption and decryption using the RSA algorithm for the following : p=3 ; q=11 ; e=7 ; m=5 .答 p=3;q=11,e=7;M=5.n=P*q=3*11=33;o(n)=(p-1)*(q-1)=2*10=20;e7d3ed mod o(n)=1 f d=3;C=M mod n=5 mod33=14;

25、 M=C mod n=14 mod33=55、 Con sider a Diffie-Hellma n scheme with a com mon p rime q=11 and a p rimitive root a=2a. If user A has public key Y A=9,what is As private key X a?b. If user B has public key Y B=3,what is the shared secret key K?答 Y A=aXA mod q K=Y bXA mod q五、简答题：1、Why is the middle portion

26、 od 3DES a decryption rather than an encryption ?答 There is no cryptographic significanee to the use of decryption for the second stage.Its only adva ntage is that it allows users of 3DES to decry pt data encryp ted by users of the older sin gle DES by rep eat ing the key.2、Suppose an error occurs i

27、n a block of ciphertext on transmission using CBC . What effect is p roduced on the recovered plain text blocks .答 f an error occurs in tran smissi on of cip hertext block Ci, the n this error prop agates to the recovered plain text blocks Pi and P i-1.3、When Bob wishes to com muni cate with Alice s

28、ecurely , how can he do it wihr the help of p ublic-key certificate to distribute a secret key to Alice ?答1、产生会话秘钥，2、让A公钥加密会话秘钥，3、让会话秘钥加密消息，4、将加密的消息与加密的会话秘钥发送出去4、What is Message authentication ?答：消息认证是指通过对消息或者消息有关的信息进行加密或签名变换进行的认证，目的是为了防止传输和存储的消息被有意无意的篡改，包括消息内容认证（即消息完整性认证）、消息的源和宿认证（即身份认证0）、及消息的序号和操作

29、时间认证等。5、What is Digital sig nature ?答 A digital sig nature is an authe nticati on mecha nism that en ables the en ables the creator of a message to attach a code that acts as a sig nature.The sig nature is formed by tak ing the hash of the message and encryp ti ng the message with the creators priva

30、te key.The sig nature guara ntees the source and in tegrity of the message.6、Please compare the similarities and differe nces of n etwork security p rotocols : IP Sec , SSL/TLS , Kerberos .答相同点：安全服务相似；不同点：所在位置不同，网络层、传输层、应用层7、What is the purpose of HTTPS ?答 HtT PS(HTT P over SSL)refers to the comb in

31、 ati on of HTT P and SSL to impi eme nt secure com muni cati on betwee n a Web browser and a Web server.8、What security areas are addressed by IEEE 802.11i ?答jEEE802.11i addresses three main security areas authe nticatio n: key man ageme nt,a nd data tran sfer p rivacy.9、Briefly describe the five IE

32、EE 802.11i phases of op eration .(P185)答1、发现；2、认证；3、密钥管理；4、保护数据传输；5、连接终止10、Why does PGP gen erate a sig nature before applying comp ressi on ?(1) PGP压缩算法不确定(2) 如果对压缩文件签名，则需要对解压的文件在进行加密之后才能认证答 a.It is preferable to sign an uncompressed messages so that one can store only theuncomp ressed message toge

33、ther with the sig nature for future verificati on.b.Eve n if one were willi ng to gen erate dyn amically a reco mp ressed message for verificati on. PGP comp ressi on algorithm p rese nts a difficulty. The algorithm is not determi nistic11、What is the basic differenee between X.509 and PGP in terms

34、of key hierarchies and key trust ?答 In X_509 there is a hierarchy of Certificate Authorities.Another differenee is that in X_509 users will only trust Certificate Authorities while in PGP users can trust other users.12、List and briefly define three classes of intruders .冒充者：没有通过验证，使用计算机资源 违法者：通过验证，窃取用户的数据和资源 潜入者：控制用户计算机答 Masquerader:A n in dividual who is not authorized to use the compu ter and who pen etrates a systems access controls to exploit a legitimate user account.Misfeasor:A legitimate user who accesses data, p rograms, or resources for which such access is not authorized, or who i