信息安全技术复习题目最终版

11.InthemovieOfficeSpace,softwaredevelopersattempttomodifycompanysoftwaresothatforeachfinancialtransaction,anyleftoverfractionofacentgoestothedevelopers,insteadofgoingtothecompany.Theideaisthatforanyparticulartransaction,nobodywillnoticethemissingfractionofacent,butovertimethedeveloperswillaccumulatealargesumofmoney.Thistypeofattackissometimesknownasasalamiattack.Now,findareal-worldexampleofasalamiattackandexpoundhowitworks.Themosttypicalschemeportrayedbyasalamiattackisthatwhichinvolvesanautomatedmodificationtofinancialsystemsandtheirdata.Forexample,thedigitsrepresentingcurrencyonabank'scomputer(s)couldbealteredsothatvaluestotherightofthepenniesfield(0.01)arealwaysroundeddown(fairarithmeticroutineswillcalculateinbothdirectionsequally).最典型的意大利腊肠攻击方案，包括自动修改财务系统和数据描述。例如，在银行的计算机上表示货币的数字可以被改变，使便士字段的右边的值（0.01）总是四舍五入（公平的算术程序将在两个方向上计算相等）。Theessenceofthismechanismisitsresistancetodetection.Accountownersrarelycalculatetheirbalancestothethousandthsorten-thousandthsofacent,and,consequentiallyremainoblivious.Evenifthediscrepanciesarenoticed,mostindividualshavebetterthingstodo(likepreservetheirpride)thancomplainaboutanerroneousdigitinsomefaroffdecimalplace.Thefollowing(alleged)scenarioswilldemonstratethatslicesneednotalwaysbetinytoevadedetection.Infact,theycanberatherlarge,aslongasunsuspectingand/orignorantvictimsareplentiful.这种机制的本质是它的电阻检测。帐户所有者很少计算余额的千分之几或千分之十分，必然继续无视。即使这些差异被发现，大多数人有更好的事情要做（如保持他们的自豪感）比抱怨在一些遥远的小数点错误的数字。以下（所谓）的情况将表明，“片”不一定总是很小，以逃避检测。事实上，他们可以是相当大的，只要不知情的和/或无知的受害者是丰富的。2Inthefieldofinformationsecurity,Kerckhoffs’Principleislikemotherhoodandapplepie,allrolledupintoone.*DefineKerckhoffs’Principleinthecontextofcryptography.（1）即使密码系统的任何细节已为人悉知，只要密钥未泄漏，它也应是安全的。Anydetailsevenifthecryptographysystemhasinformedalltoooften,aslongasthekeydoesnotleak,itshouldalsobesafe*Giveareal-worldexamplewhereKerckhoffs’Principlehasbeenviolated.Didthiscauseanysecurityproblem?（2）自动取款机使用了DES数据加密，相当于一个加密系统，有时候密码未泄露，但犯罪份子知道了身份信息和银行卡号后能够盗取卡里的钱。这个案例中的安全问题有：个人信息泄露，财产的损失。ATMusingDESdataencryption,isancryptographysystem,sometimesthepassworddoesnotleak,butcriminalsstealthemoneyafterknowtheidentityinformationandbankcardnumber.Thesecurityprobleminthiscaseare:personalinformationleakage,thelossoftheproperty.23.Amongthefundamentalchallengesininformationsecurityareconfidentiality,integrity,andavailability,orCIA.A.Defineeachoftheseterms:confidentiality,integrity,availability.B.Giveaconcreteexamplewhereconfidentialityismoreimportantthanintegrity.C.Giveaconcreteexamplewhereintegrityismoreimportantthanconfidentiality.D.Giveaconcreteexamplewhereavailabilityistheoverridingconcern.Answer：A.Confidentialityisoftheinformationwithacertaindegreeofsecrecyonlyforauthorizedpersontoreadandchangeit;Integrityistopreventoratleasttodetectunauthorizedchangestoinformation;Availabilityisthatthelegallyownesandusersforinformation,theyhaveaccesstotheinformationatanytimeiftheyneed.B.ThedocumentaboutStatesecrets.C.Testscores.D.E-commercesite.Toavoidserviceinterruption,leadtousersandtheirowninterestsisdamaged,itsavailabilityisthemostimportant。翻译：信息安全领域的基本挑战包括机密性、完整性和可用性，或者简称CIA。A.请给出机密性、完整性、可用性的术语定义。答：机密性具有一定保密程度的信息只能让有授权的人读取和更改；完整性是防止或至少检测出对信息进行未授权的修改；可用性是对于信息的合法拥有和使用者，在他们需要这些信息的任何时候，都应该保障他们能够及时得到所需要的信息。4.Supposethatwehaveacomputerthatcantest240keyseachsecond.*Whatistheexpectedtime(inyears)tofindakeybyexhaustivesearchifthekeyspaceisofsize288?*Whatistheexpectedtime(inyears)tofindakeybyexhaustivesearchifthekeyspaceisofsize2112?*Whatistheexpectedtime(inyears)tofindakeybyexhaustivesearchifthekeyspaceisofsize2256?Anwser:(1)288/240=248second248/(60*60*24*365)=8.923*106(2)2112/240=272second272/(60*60*24*365)=1.497*106(3)2256/240=2216second2216/(60*60*24*365)=3.339*10575.Givefourstrongpasswordsderivedfromthepassphrase“Gentlemendonotreadothergentlemen’smail.”Anddescribehowtoderiveyouranswerfromthepassphrase.6.Givefourstrongpasswordsderivedfromthepassphrase“Areyouwhoyousayyouare?”.Anddescribehowtoderiveyouranswerfromthepassphrase.答：根据Areyouwhoyousayyouare随便构造4个强密码并解释构造方法。例如1Re@NwNs1yNA此题要求独创性强密码长度至少有8个字符，不包含全部或部分用户帐户名，不包含完整的单词,至少包含3以下四类字符中的三类:大写字母、小写字母、数字，以及键盘上的符号(如!、@、#)。7.Foreachofthefollowingpasswords,givetwopassphrasethatthepasswordcouldhavebeenderivedfrom.A:PokeGCTallB:4s&7vrsaC:gimmeliborDD:IcntgetNOsat例如：A.PokeGCTallPersonorkidsendGoodCatTallPlayonkidGreatCoolToparelikelike8.ConsidertheciphertextFALSZZTYSYJZYJKYWJRZTYJZTYYNARYJKYSWARZTYEGYYJ,whichwasgeneratedusinganaffinecipherwithparametera=7andb=22.Decipherthemessageplease.加密过程为：E(m)=(am+b)mod26解密过程为：c（m）=a^-1(c-b)mod26=7^-1（c-22）mod26=15(c-22)mod26所以仿射码解密相对应的字母为0123456789101112明文ABCDEFGHIJKLM密文WDKRYFMTAHOVC13141516171819202122232425明文NOPQRSTUVWXYZ密文JQXELSZGNUBIP密文：FALSZZTYSYJZYJKYWJRZTYJZTYYNARYJKYSWARZTYEGYYJ明文：firstthesentenceandthentheevidencesaidthequeen.44432617719.ConsidertheciphertextQJKESREOGHGXXREOXEO,whichwasgeneratedusinganaffinecipher.Determinetheconstantsa&banddecipherthemessage.Hint:Plaintext“t”encryptstociphertext“H”andplaintext“o”encryptstociphertext“E”.加密过程：a,bareconstants(常数)，pisplaintext（明文），Cisciph