What is the purpose of access control list?
to enforce a specified security policy
to prevent unauthorised access to data
to emphasize encryption
it is a key distribution center
Identify definition of authentication
establishes the identity of a subject
specifies and enforces that each object is accessed correctly and only by those that are allowed to do so
What does Access Control Information cover?
data, resources
AC policy
functions such as grant, deny
decisions
What does Access Control Enforcement cover?
What does Access Control Decision Function cover?
granting and denying access
Define a subject of Access Control List
an active entity requesting for resource access
a passive entity and target of the protection
an access control decision function
an access control information function
Define an object of Access Control List
How many types of resource dependent access controls exist?
1
2
3
4
How many types of access control mechanisms exist
Find an example of resource dependent access for network access
append
execute
redirected
granted
Find an example of resource dependent access for file access
Find incorrect access control goal
invalid operations should be permitted
every actions should be checked
unnecessary access should not be allowed
all the above mentioned
What is a property of the capability ticket in access control list?
Specifies a given subject can perform what operations on what objects
Subjects does not grant rights to other subjects
Users have only one ticket
Access rights given to a subject are valid for forever
What is a property of the procedure oriented objects in access control list?
Objects are encapsulated, permitting only certain specified accesses via program execution
Enforces accesses to an object be done through a trusted interface
What does multilevel security mean?
Classification of information by the level of importance and permission of access by users with different security clearance
Classification of information by date and permission of access by users with different security clearance
Classification of information by the level of importance and permission of access by users name
Classification of information by date and permission of access by users name
How many levels are covered in multilevel security
No read up (read down) means
A subject can only read an object of less or equal security level
A subject can only write into an object of greater or equal security level
A subject can only read an object of more or equal security level
A subject can only write into an object of less or equal security level
No write down (write up) means
Define a malware attacks
Malicious software causes data compromises
A browser helper object that detects changes to URL and logs
Users are tricked by fraudulent messages into giving out information
The lookup of host names is altered to send users to a fraudulent server
How many types of authentication schemes exist?
Define a change cipher spec
All data sent/received by software that uses SSL
used to carry handshake messages
used to indicates a change in the encryption and authentication of records
used to indicate when the connection is about to close
Define an alert
Which of the following is true about importance of hash functions i. High Computational Load ii. Message Overhead iii. Security Limitations
i only
none
All the mentioned
iii only
What does “computationally infeasible to find data mapping to specific hash” mean
One way property
Collision free property
Second way property
Collision property
Which of the following is not property of hash functions?
One wayness
Preimage resistance
Strong collision resistance
Long, unfixed output
How many types of hash constructions exist?
Output length for SHA-1
128
160
512
314
Input length for SHA-1
2014
Which construction method support SHA?
Schnorr
Diffie-Hellman
Merkle-Damgard
Alice & Bob
How many rounds in general hold SHA-1?
50
60
70
80
How many stages hold SHA-1?
How many rounds support one stage?
10
20
79
Name of the function that SHA-1 use
Feistel
How many types of SHA exist ?
How many rounds MD5 hold in general?
64
Which of the following does not refer to security requirements of Hash functions?
Second preimage resistance
Collision resistance
High Computational Load
The purpose of hash function is to
Create a message
Compress a message
Divide a message
Conquer a message
How many constant keys support SHA algorithm ?
Which of the following refers requirement of digital signature?
Must be relatively hard to produce
Must be relatively hard to recognize
Must depend on the message verified
Must to be computationally infeasible to forge
Must to be practical to save digital signature in storage
What is the property of direct digital signature?
Assumed receiver has sender’s private key
Involves only sender
Can encrypt using receiver’s public key
Assumed sender has receiver’s private key
Which of the following does not refer to characteristics of digital signature?
Private/public is generated by receiver
A durable private/public key pair
A disposable private/public key pair
Signature is two numbers, depending on message hash and secret information
How many message authentication functions exist?
If public key encryption is used
Encryption provides no confidence of sender
Encryption provides with some level of confidence of sender
Encryption provides fully confidence of sender
Encryption does not provided at all
In public key cryptography sender signs message using their
Public key
Shared key
Private key
Third key
In public key cryptography sender signs message using their private key, then encrypts with recipient’s
Single key
Key
What is authentication?
The process of verifying a claimed identity
Identification of user
Access control
Accounting of service
Define AAA.(triple A)
Access After Anyone
Authentication Authorization Accounting
Authentication Authorization Access
Authentication Access Accounting
Which of the term refers to authorization?
The user identity is a parameter in access control decisions
The user identity is recorded when logging security
Which of the term refers to accounting?
PIN, passwords refer to
Something you have
Something you know
Something you are
Combined method
Keys, soft tokens refer to
Fingerprint, iris, palm recognition refer to
Combined or multiple methods of authentication are used for
Lower level assurance
Medium level assurance
Higher level assurance
Not used at all
How many phases are exist in biometric?
When fingerprint was developed?
1988
1888
1887
1987
What is minutia ?
Time
comparisons of one print with another can be made
comparison of eyes
comparison of palms
What is TTP?
TTP certifies trustworthiness of binding public key with its rightful owner’s identity
TTP certifies trustworthiness of binding private key with its rightful owner’s
To enable the validation and to give legal meaning to digital signature
Answers for supporting encryption/decryption algorithms
Define X.509
TTP certifies trustworthiness of binding private key with its rightful owner’s identity
Define a Kerberos
Trusted third party authentication system and makes no use of public key cryptography
Which of the following does not refer for Kerberos property
Impeccability
Containment
Transparency
Viciousness
Подписываемся на мой инстаграм @beketoo
What is a security?
The protection of information assets through the use of technology, processes, and training
The presence of weaknesses or loopholes in systems which may lead (systematically) to cyber attacks
Occurs when a system is compromised based on a vulnerability by an unknown exploit
Ensures that computer-related assets are accessed only by authorized parties
What is a vulnerability?
The presence of weaknesses or loopholes in systems which may lead (systematically) to cyber attack
What is an attack?
Written to take advantage of a vulnerability; could be a piece of software; a technology; or data that can cause damage or change the behavior of a computer
The presence of weaknesses or loopholes in systems which may lead (systematically) to cyber attacks.
Types of Threats
Interception, Interruption, Modification, Fabrication
Method, Opportunity, Motive
Confidentiality, Integrity, Availability, Authentication
Non-repudiation, Authorisation/Access control, Destruction
How to protect?
Encryption, Software control, Hardware control, Policies and Procedures,Physical control
Interception is __
Asset lost, unusable,unavailable
Unauthorized access
Unauthorized change, tamper of data
Ex. Unauthorized add data to a DB
Security goals are:
CIA
CEA
CLA
CDD
Confidentiality means
messages exchanged across network remains private
contents of messages are not modified while in transit
determining the identity of entities involved in message exchanges
determining the resources that an entities are allowed to access and in what manner
Deterrence is
Punishment makes attackers think twice –Examples include laws and organisational policy
Reduce likelihood and save cost of incidents ◦ ( Ex.: Firewalls, router access control list, spam filters, virus scanners)
Need alert if breach occurs –Collection of evidence ◦ ( ex.: Audit logs, intrusion detection system, network traffic monitoring)
Punishment by taking money
Defence is
Detection is
Integrity means
Authentication means
Non-repudiation means
ensures that parties cannot deny having sent messages
DES stands for
Demand Encryption Standard
Data Encryption Standard
Digital Encryption Standard
Database Encryption Standard
When DES released?
1977
1974
1960
1965
Who introduced idea of substitution-permutation (S-P) networks?
Shannon
Feistal
Lucifer
Rijndael
In how many rounds DES encryption is handled?
16
8
32
_____ process messages in blocks, each of which is then encrypted/decrypted?
block ciphers
stream ciphers
mode ciphers
code ciphers
What is the cryptography?
study about how hacker should behave
study of encryption principles/methods
study about message transformation
study of the computer system
Which cipher is described below: “Each letter in the plaintext is replaced by a letter some fixed number of positions down the alphabet.”
Playfair Cipher
Vigenere Cipher
Caesar Cipher
Kerberos
How Cryptography is divided by the way in which plaintext is processed:
Substitution and Transposition
Single-key or Private key
Two- key or Public
Block and Stream
What is the Key Matrix size in Playfair
3x3
4x4
5x5
9x9
Using the Caesar cipher decrypt this message “Vwdb kxqjub, vwdb irrolvk” (key=2)
Stay hungry, stay foolish
Never give up
Dance as if no one sees
With the great power comes great responsibility
3 Ds of Security: (DDD)
Defence, Deterrence, Detection
Data, Development, Device
Database, Data, Deadline
Demand, Design, Decision
MOM stands for ____
Modification, Operation, Motto
Malfunction, Opinion, Management
Messages, Opportunity, Monitoring
DES is a symmetric cipher
Block size of DES
256-bits
128-bits
64-bits
32-bits
AES stands for
Advanced Encryption Standard
Advanced Encryption System
American Encryption Standard
Alias Encryption Standard
Advanced Encryption Standard(AES) also known like
Rassul
Who introduce idea of substitution-permutation?
David Shannon
Andre Shannon
Petre Shannon
Claude Shannon
In which year was introduced idea of substitution-permutation?
1949
1948
1950
1951
What is the plaintext?
Original Message
Coded Message
Algorithm for transforming text
Secret key
What is not the model of the symmetric cipher?
conventional / private-key / single-key
sender and recipient share a common key
all classical encryption algorithms are private-key
was only type prior to invention of public- key in 1982’s
What is the Cipher ?
algorithm for transforming plaintext to ciphertext
coded message
original message
What is the cryptanalysis (codebreaking ) ?
algorithm for transforming plaintext to cipher text
study of principles/methods of deciphering cipher text without knowing key
What is the cryptology?
field of both cryptography & cryptanalysis
What are the general approaches for Cryptanalysis?
cryptanalytic attack/brute force attack
substitution/transposition
permutation/transposition
substitution/permutation
What is Ciphertext only?
attacker knows suspects plaintext/ciphertext
only know algorithm & ciphertext, is statistical, must know or be able to identify plaintext
attacker selects plaintext and gets ciphertext
attacker selects ciphertext and gets plaintext
How many types of threats exist?
Authorisation means
defining the identity of entities involved in message exchanges
CIA means
Confidentiality, invalid, availability
Confidentiality, interact, access
Certain, integrity,availability
Confidentiality, integrity, availability
What is Threat?
The presence of weaknesses or loopholes in systems which may lead (systematically) to cyber attacks. A weak link in the software, settings, etc., through which, if not fixed early, someone can get access to the computer, application, and/or network and can cause damage
Typical threats include unauthorised access, destruction, system overrun and takeover, propagation of malicious code, data thieving and fabrication;
What is ciphertext?
info used in cipher known only to sender/receiver
What is a key?
converting plaintext to ciphertext
recovering ciphertext from
What is encipher (encrypt)?
study of principles/ methods of deciphering ciphertext without knowing key
What is decipher (decrypt)?
recovering ciphertext from plaintext
recovering plaintext from ciphertext
Mostly used symmetric cipher
AES
DES
RSA
SHA-1
Possible length of AES key
128 156 198
128 192 256
128 184 228
128 164 256
How many stages has final round of AES?
RSA uses
two keys - private & publiс
one key - only private
one key - only public
no correct answer
What is TRUE about RSA? Each user generates a public/private key pair by:
selecting two large primes at random: p, q
selecting two small primes at random: p, q
selecting three large primes at random: p, q, r
selecting only one number at random: p
In RSA security relies on a ___ difference in difficulty between ___ (en/decrypt) and ___ (cryptanalyse) problems
large enough, easy, hard
small enough, hard, easy
small enough, easy, hard
large enough, hard, easy
Advanced Encryption Standard (AES), has three different configurations with respect to number of rounds and
Data Size
Round Size
Key Size
Encryption Size
_______ is a round cipher based on the Rijndael algorithm that uses a 128-bit block of data.
Karberos
Caesar
In asymmetric key cryptography, the private key is kept by
sender
receiver
sender and receiver
all the connected devices to the network
none of these
RSA was developed by:
Dr.Tahir El-Gamal
Rivest, Shamir, Adleman
Encryption by receiver with sender’s public key:
C = Me mod N
M=Cd mod N
Ya=Xa mod Q
C=Km mod Q
RSA was founded in:
1975
1976
Decryption by sender with sender’s public key:
C=Me mod N
Calculate n and φ, if p = 3, and q = 11 (RSA)
n = 33, φ = 20
n = 20, φ = 33
n = 33, φ = 33
n = 33, φ = 22
Calculate n and φ, if p = 17, and q = 11 (RSA)
n = 187, φ = 160
n = 160, φ = 187
n = 187, φ = 187
n = 187, φ = 170
Calculate C (ciphertext), if p = 3, q = 11, e = 7, M = 2 (RSA)
C = 29
C = 3
C = 22
C = 2
Calculate M (plaintext), if p = 3, q = 11, d = 3, C = 29 (RSA)
M = 2
M = 29
M = 30
M = 1
Block size of AES plaintext:
192
164
256
Maximum AES number of rounds:
12
14
AES size of output(output parameter):
First public-key type scheme proposed by Diffie & Hellman in
1971
1981
1986
Value of key depends on the: (Diffie & Hellman)
Participants
Keys
Message
Algorithm
If Alice and Bob subsequently communicate, they will have the____ key
Same
Different
Private
Public
Which of these are true about “a public-key distribution scheme ”?
cannot be used to exchange an arbitrary message
rather it can establish a common key
known only to the two participants
all of above
When by Diffie & Hellman along with the exposition of public key concepts?
1978
1979
none of them
Which of them uses two keys( public and private):
Vigenere
Playfair
A related private-key, known
only to the recipient
only to the sender
to everyone
The key must be kept secret for
needed security
encryption and decryption
encryption
decryption
The _________ attack can endanger the security of the Diffie-Hellman method if two parties are not authenticated to each other.
man-in-the-middle
ciphertext attack
plaintext attack
none of the above
“Using only a subset of letters/words in a longer message marked in some way ” is__
Steganography
For which cipher an example is given: “Say hi to IITU” After encrypt “Yas ih ot UTII”
Transposition Cipher
Route Cipher
Polyalphabetic substitution ciphers improve security using multiple cipher alphabets
For RSA to work, value of P must be less than value of:
P
Q
n
r
In symmetric key cryptography, key used by sender and receiver is:
shаrеd
Two keys are used
None
In symmetric-key cryptography, same key is used by:
One Party
Multi Party
Third Party
Both Party
RSA stands for
Rivеst, Shаmir,, Аdlеmаn
Roger, Shamir, Adrian
Robert, Shamir, Anthoney
Rivest, Shaw, Adleman
Which of them is first public-key type scheme?
Diffiе & Hеllmаn
Elgamal
When Diffie & Hellman protocol was invented?
1980
1990
In Diffie & Hellman key exchange a public key is known only to the two participants
In Diffie & Hellman key exchange a public key is cannot be used to exchange an arbitrary message
Diffie & Hellman key exchange based on exponentiation in a finite (Galois) fields
In Diffie & Hellman protocol when the user A generates their key a secret key should be
XА < q
generated randomly
given by user B
Choose the correct formula for computing public key YA in Diffie & Hellman protocol
YА= а mod q
BA = a + b
CA = a – b
DA = a * b
Choose the correct formula for computing secret key K by user A in Diffie & Hellman protocol
K = (YА)^X А mod q
S = a + b
D = a * b
L = a * b + 2
Elgamal cryptography uses exponentiation in a finite (Galois) fields
In the Elgamal cryptography when the user A generates their key a secret key should be
1 < XА < q-1
given by user
Choose the correct formula for computing public key YA in Elgamal cryptography
YА = аXА mod q
K = YАk mod q
Choose the correct formula for computing one-time key K in Elgamal cryptography
S = a + b + 1
D = a * b + 2
L = a * b + 3
Choose the correct formula for computing C1 in Elgamal cryptography
C1 = аk mod q
C3 = a mod b
C = z + 2 + 5
C5 = a * b +2
Choose the correct formula for computing C2 in Elgamal cryptography
C2 = KM mod q
C = MK
C3 = AK
C4 = AA
In Elgamal cryptography public key cryptosystem related to D-H
Known plaintext is...
Attacker selects plaintext or ciphertext to en/decrypt
Chosen plaintext is...
Chosen ciphertext is...
Chosen text is ...
attacker selects plaintext or ciphertext to en/decrypt
