Part 1: Determine if the following statements are True or False. 1. A good techn
ID: 3848938 • Letter: P
Question
Part 1: Determine if the following statements are True or False.
1. A good technique for choosing a password is to use the first letter of each word of a phrase.
2. Public-key algorithms are based on simple operations on bit patterns.
3. A token is the best means of authentication because it cannot be forged or stolen by an adversary.
4. User authentication is a procedure that allows communicating parties to verify that the contents of a received message have not been altered and that the source is authentic.
5. Public-key cryptography is asymmetric.
6. Memory cards store and process data.
7. Depending on the application, user authentication on a biometric system involves either verification or identification.
8. An individual’s signature is not unique enough to use in biometric applications.
9. A smart card contains an entire microprocessor.
10. Access control is the central element of computer security.
11. The authentication function determines who is trusted for a given purpose.
12. An auditing function monitors and keeps a record of user accesses to system resources.
13. External devices such as firewalls cannot provide access control services.
14. The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.
15. A user program executes in a kernel mode in which certain areas of memory are protected from the user’s use and certain instructions may not be executed.
16. An agent in Clock-Wilson Model(CWM) should also have the execute rights regarding an entity after the agent is permitted to certify that entity.
17. Since physical security is often managed under separate responsibility from information security, however, risk analysis for information security still needs to address physical security.
18. The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.
19. With unlimited resources and security controls, it is possible to reduce risk to zero.
20. Viruses infect executable files and hardware as well.
21. Cryptanalytic attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.
22. The purpose of the DSS algorithm is to enable two users to securely reach agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages.
23. Traditional RBAC systems define the access rights of individual users and groups of users.
24. Some process of managed downgrading of information is needed to restore reasonable classification levels.
25. A BLP model breaks down when low classified executable data are allowed to be executed by a high clearance subject.
26. The secret key is input to the encryption algorithm.
27. Triple DES takes a plaintext block of 64 bits and a key of 56 bits to produce a ciphertext block of 64 bits.
28. The advantage of a stream cipher is that you can reuse keys.
29. Like the MAC, a hash function also takes a secret key as input.
30. The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm.
Part 2: Short Answers. Please answer briefly and completely, and you must cite all sources of information if any.
1. Consider a public key encryption. Ann wants to send Bill a message. Let Annpriv and Annpub be Ann’s private and public keys respectively. The same for Bill (Billpriv and Billpub).
(a) If Ann sends a message to Bill, what encryption should Ann use so that only Bill can decrypt the message (secrecy)?
(b) Can Ann encrypt the message so that anyone who receives the message is assured that the message only came from Ann (authenticity)?
(c) Is it possible for Ann to devise a method that will allow for both secrecy and authenticity for her message? Please justify your answer.
2. Describe the fundamental principles in both the Bell-LaPadula and Biba security models. For each, explain what sort of security the model is intended to provide, the two key properties of the model, and then explain in your own words why each of the properties makes sense from a security standpoint.
3. Assume that passwords are limited to the use of the 95 printable ASCII characters and that all passwords are 12 characters in length. Assume a password cracker with an encryption rate of 100 giga encryptions per second. How many years will it take to test exhaustively all possible passwords on a UNIX system? Note you need to show the procedures of calculation step by step as well.
Explanation / Answer
1. True
2. True
3. False
4. True
5. False
6. False
7. True
8. True
9. True
10. False
11. False
12. True
13. False
14. True
15. True
16. False
17. True
18. False
19. False
20. False
21. True
22. True
23. True
24. False
25. True
26. False
27. False
28. True
29. True
30. True