CS 417 Exam 3

Fall 2005

    Part I - 55 points

  1. 5 points
    The Diffie-Hellman algorithm is not an encryption algorithm. Is this statement true or false? Explain.
  2. 9 points
    Alice wants to communicate with Bob using a hybrid cryptosystem. Bob and Alice each have their own public and private keys. They share no other information. Authentication is not required. Explain the sequence of steps they would take to allow them to send messages back and forth securely.
  3. 5 points
    How does steganography differ from cryptography?
  4. 5 points
    What problem were digital certificates created to solve?

    Part II - 76 Points

    For each statement, select the most appropriate answer.
  5. A restricted cipher is one
    (a) that operates on limited types of data.
    (b) where the secret is the cipher.
    (c) that can only accept a restricted set of keys.
    (d) that can only be used a limited number of times.
  6. A random number is not useful as a/an:
    (a) nonce.
    (b) session key.
    (c) Diffie-Hellman private key.
    (d) rsa private key.
  7. To decrypt a message that Alice encrypted for only Bob to read, you need:
    (a) Bob's private key.
    (b) Bob's public key.
    (c) Either Bob's private key or Alice's private key.
    (d) Either Bob's public key or Alice's private key.
  8. A rotor machine is best described as:
    (a) a monoalphabetic substitution cipher.
    (b) a polyalphabetic substitution cipher.
    (c) a combined transposition and monoalphabetic substitution cipher.
    (d) a combined transposition and polyalphabetic substitution cipher.
  9. SSL is best described as using:
    (a) symmetric cryptography with an arbitrated protocol.
    (b) symmetric cryptography without an arbitrated protocol.
    (c) a public key infrastructure.
    (d) a hybrid cryptographic system.
  10. Kerberos is best described as using:
    (a) symmetric cryptography with an arbitrated protocol.
    (b) symmetric cryptography without an arbitrated protocol.
    (c) a public key infrastructure.
    (d) a hybrid cryptographic system.
  11. Alice sends Bob a digital signature for a document. She generates a hash and encrypts it with:
    (a) her own private key.
    (b) Bob's public key.
    (c) her own public key.
    (d) a session key.
  12. The primary advantage of two-factor authentication is:
    (a) It ensures that the same password is never sent twice.
    (b) It makes theft more difficult.
    (c) It allows the system to offer a limited number of logins.
    (d) The password includes data from both the user and the system with which you are authenticating.
  13. When Alice receives a sealed envelope (ticket) from Kerberos allowing her to talk to Bob, the ticket is:
    (a) encrypted so only Alice can decrypt it.
    (b) encrypted so only Alice and Bob can decrypt it.
    (c) encrypted so only Bob can decrypt it.
    (d) encrypted so only Kerberos can decrypt it.
  14. Biometric authentication generally will not:
    (a) involve pattern matching.
    (b) require the use of thresholds.
    (c) use signal processing for feature extraction.
    (d) produce a unique key.
  15. CAPTCHA systems rely on
    (a) one-time passwords.
    (b) information that humans can process easily but computers cannot.
    (c) information that computers can process easily but humans cannot.
    (d) multi-factor authentication.
  16. The key concept in two-phase locking is:
    (a) that atomic multicasts must be used for obtaining and releasing locks.
    (b) that a transaction cannot get new locks after it has released a lock.
    (c) that a transaction obtains a lock via a two-way handshake with the lock manager.
    (d) ensuring timestamp ordering among competing lock requests.
  17. Microsoft Authenticode is a:
    (a) file that includes a signature by the software publisher.
    (b) system for validating that executable code does not contain viruses or spyware.
    (c) system for authenticating users.
    (d) system to compare the hash of downloaded software against a hash stored on a trusted server.
  18. SYN flooding is used to:
    (a) cause a machine to crash.
    (b) make a machine stop accepting tcp connections.
    (c) cause a machine to stop accepting any network packets.
    (d) masquerade the source address of a message.
  19. A stateless screening router will guard against:
    (a) syn flooding attacks.
    (b) tcp sequence number attacks.
    (c) application protocol attacks.
    (d) masqueraded source addresses.
  20. A proxy will guard against:
    (a) masqueraded source addresses.
    (b) syn flooding attacks.
    (c) tcp sequence number attacks.
    (d) application protocol attacks.
  21. Tunneling relies on:
    (a) address translation.
    (b) packet encapsulation.
    (c) encryption of packet header.
    (d) encryption of the entire packet.
  22. Triple Modular Redundancy (tmr) is an example of:
    (a) information redundancy.
    (b) time redundancy.
    (c) physical redundancy.
    (d) All of the above.
  23. TCP reliability is achieved with:
    (a) information redundancy.
    (b) time redundancy.
    (c) physical redundancy.
    (d) None of the above.
  24. How many components do you need to withstand k Byzantine component failures?
    (a) k+1
    (b) 2k+1
    (c) 3k+1
    (d) No amount of components will guard against this.