CS 417 Exam 3
Spring 2006
Part I - 32 points
- 7 points
Explain how you use hash functions and public key cryptography to generate a digital signature for a document.
- 6 points
You need to create a system where you need to validate a user's password. How can you create a publicly readable password file? Software that verifies a password cannot employ any keys in validating a password against data in the file. Explain what is contained in the file and how the software validates the password. (Think about McCarthy's puzzle.)
- 7 points
How can Bob authenticate Alice if he has her digital certificate? Explain the steps. (N.B.: the question is not asking how Bob authenticates Alice's certificate.)
- 6 points
What problem does the Diffie-Hellman algorithm solve? (Don't explain or cite the algorithm/formula.)
- 6 points
What is tunneling and why is it crucial to the implementation of a VPN?
Part II - 68 points - 4 points each
For each statement, select the most appropriate answer.
- The biggest problem with symmetric cryptography is:
(a) the fact that symmetric algorithms are more easily cracked than public key algorithms.
(b) the fact that symmetric algorithms are much slower than public key algorithms.
(c) key exchange.
(d) man-in-the-middle attacks.
- A rotor machine implements a:
(a) monoalphabetic substitution cipher.
(b) polyalphabetic substitution cipher.
(c) transposition cipher.
(d) combined substitution-transposition cipher.
- A disk drive controller that always returns random values in the bit-two position of data exhibits a:
(a) permanent, fail-silent failure.
(b) permanent, Byzantine failure.
(c) transient, fail-silent failure.
(d) transient, Byzantine failure.
- Compared to two-phase locking, strict two-phase locking avoids the problem of:
(a) cascading aborts.
(b) deadlocks.
(c) having to use a lock manager.
(d) suboptimal concurrency.
- Which of the following is not an example of two-factor authentication?
(a) Your iris scan and your password.
(b) Your iris scan and your fingerprint.
(c) Your access card and your password.
(d) Your access card and your fingerprint.
- A Kerberos ticket (sealed envelope) contains the:
(a) session key for communicating with the service, encrypted with your key.
(b) session key for communicating with the service, encrypted with the service's key.
(c) service's key, so you can encrypt data for the service, encrypted with your key.
(d) session key for communicating with the service, encrypted with Kerberos' key.
- Authentication using Gestalt psychology relies on:
(a) anticipating the answers that a user will provide.
(b) masquerading as another system and convincing the user that it is the legitimate one.
(c) asking a series of questions, each time increasing the confidence of authentication.
(d) people being better than computers at identifying incomplete patterns.
- A SYN fiooding attack relies on:
(a) saturating a network with packets so there is no more capacity for legitimate data.
(b) Flooding a machine with network packets so that it is fully congested by processing them.
(c) sending an IP datagram that's larger than allowed to cause a buffer over?ow in the kernel.
(d) restricting a machine's ability to accept new TCP connections.
- A packet filter cannot guard against the following:
(a) packets from the external network that are masqueraded to look like they are from the internal network.
(b) RIP (Router Information Protocol) packets being sent to the LAN.
(c) attempts to create a buffer overflow attack on the mail server.
(d) access to the FTP server from everywhere but one range of IP addresses.
- A system or service that is set up specifically to trap intruders is a:
(a) demilitarized zone.
(b) honeypot.
(c) denial of service attack.
(d) ping of death.
- A proprietary encryption algorithm likely to be more secure than a standard algorithm like DES because the details of its implementation are not revealed.
(a) True
(b) False
- For a system that exhibits Byzantine faults to be k-fault tolerant, it needs to have:
(a) k+1 components.
(b) 2k+1 components.
(c) 2k+1 components.
(d) k2 components.
- A movie render farm primarily relies on:
(a) cascading failover.
(b) active failover.
(c) workload distribution.
(d) distributed message passing.
- Cascading failover handles the case where:
(a) one application failing over to another system leads to related applications doing the same.
(b) a failure in one system leads to failures in other systems.
(c) an application migrates back to the original machine after a failover.
(d) a backup system that took over running some applications dies.
- Microsoft Authenticode is best described as:
(a) a run-time component that validates access to system resources.
(b) an intermediate language that is verified before being compiled to native code.
(c) a digital signature on a software file.
(d) an encrypted format for software distribution.
- A storage area network (SAN) is a:
(a) network of file servers.
(b) clustered collection of computers acting as one file server.
(c) high-speed machine-machine interconnect that bypasses a conventional IP network.
(d) collection of storage units that appear to computers as one or more disks.
- A null cipher is:
(a) a message embedded within another message, formed from pieces of the that message.
(b) an encryption with no key.
(c) a cryptographic system built around a null function.
(d) any cipher where the size of the ciphertext is never greater than the size of the plaintext.