A. use symmetric encryption; B. use asymmetric encryption; C. do not use encryption.
2. What is a replay attack? Please briefly describe how IPSec uses the window mechanism to resist replay attacks.
1) replay refers to passively capturing data units and then retransmitting them in the original order.
2) setting the window size w, and if the message sequence number is on the left of N-W, discarding it; If the serial number is in the window, receive it and mark the corresponding slot; If the message sequence number is greater than N+ 1, receive it, mark the slot and move the window to the right.
3. Please briefly describe the generation process and verification method of public key certificate.
1) generation process: make two copies of unsigned certificates, including user ID and user public key, one for signing CA and the other for generating hash code, and then encrypt the hash code with CA's private key to form a signature. Then add the signature to the certificate signed by the CA.
2) Authentication: The receiver decrypts the signature with the public key of CA to obtain the hash code of the sender. Then, the receiver generates a hash code from the obtained unsigned certificate to see whether the obtained hash code is the same as the obtained hash code. P
4. Please briefly describe how to use public key encryption for key distribution.
1) uses Diffie-Hellman key exchange.
2) Use public key certificate: When A wants to communicate with B, A can do the following:
(1) Prepare message
(2) Encrypt the message with one-time session key (conventional encryption)
(3) Use B's public key to encrypt the session key (public key encryption)
(4) Add the encrypted session key to the message and send it to B..
5. Please briefly describe the transmission mode and tunnel mode of IPSec. What are their main differences?
1) transmission mode: AH and ESP only handle the payload, and do not modify the original IP protocol header.
2) Tunnel mode: used for routing in the Internet to protect the entire IP packet. Firstly, the IP packet is encrypted, and then the encrypted packet is encapsulated into another IP packet.
6. What are the three main ways of identity authentication at present? Give examples respectively.
1) What do users know: secrets, such as passwords.
2) What do users have: tokens, such as ATM cards.
3) Who is the user? Fingerprints and other characteristics.
7. Please briefly describe what is the replacement algorithm and the replacement algorithm, and illustrate them with examples respectively.
1) permutation algorithm: the letters of plaintext and ciphertext remain unchanged, but the order is out of order.
2) Replacement algorithm: Every symbol in plaintext is replaced by another character in the cipher text.
For example, Wignere.
8. Please draw the authentication exchange between client and server in Kerberos V4 version. There are text descriptions and graphic descriptions. P 145
9. In multi-Kerberos, please describe how client C in domain A requests services in another domain.
1) If a user wants to use a service on a server in another domain, then the user needs a ticket to use that server;
2) The user's client accesses the local TGS using the usual process, and then requests an authorization ticket to access the remote TGS (TGS in other domains).
3) Next, the client can access the remote TGS and request the service authorization ticket of the server that the client wants to access in the domain where the remote TGS is located.
10. Please briefly describe any three distribution methods of * * * shared key K. ..
1) is realized by artificial channel.
2) Intranet key distribution mode
3) Using physical phenomena to realize
1 1. What are the common cryptographic block operations? Please briefly describe its operation method.
1) Electronic binder mode:
Ci = desk (Pi)
2).CBC mode:
c 1=des(p 1⊕iv)c2=des(p2⊕c 1)ci=des(pi⊕ci- 1)
3) Ciphertext Feedback (CFB) mode:
c 1=p 1⊕leftn[desk(iv)]
C2=P2⊕Leftn[DESk(C 1)]
Ci=Pi⊕Leftn[DESk(Ci- 1)]
4) Triple DES
Encryption: C=Ek3(Dk2(Ek 1(M)))
Decryption: M=Dk 1(Ek2(Dk3(M)))
12. Please briefly explain how to authenticate messages by RSA algorithm. (Drawing instructions can be drawn at the same time)
1) hashes the message to obtain a hash value.
2) User A encrypts the hash value with the private key, and then digitally signs it and sends it to B..
3)B decrypts with the public key of A to get the hash value 1.
4)B hashes the message to obtain a hash value of 2.
5) If the hash value is equal to the hash value of 2, it proves that the message was sent by A..
13. What protocols does the SSL protocol stack include? What is the difference between them?
1) handshake protocol: used for authentication, negotiation of encryption algorithm, exchange of encryption keys, etc. Before the actual transmission.
2) Change password specification protocol: used to convert from one encryption algorithm to another.
3) Alarm protocol: used to explain the severity of messages and alarm messages.
4) Recording protocol: transmitting application data and SSL/TLS control data between client and server.
14. What are the requirements for a secure hash function?
What are the operating steps of 15? SSL recording protocol? Please briefly describe them separately.
1), which divides each upper layer protocol into blocks with no more than 2 14 bytes;
2) Compression, which must be lossless compression, can not increase the content length by more than 1024 bytes (optional non-compression);
3) Add MAC, and calculate the message authentication code on the basis of compressed data;
4) encryption: the compressed message and MAC are encrypted by using a symmetric encryption algorithm;
5) Add SSL header, which consists of content type (8 bits), major version (8 bits), minor version (8 bits) and compressed length (8 bits).
Figure 7.3
16. What are the AH protocol and ESP protocol? What is the difference?
AH does not have the encryption characteristics of ESP.
17. Please explain how the third party attacked Diffie-Hellman and give an example. P72
18. What is a firewall? According to the technology adopted, what kinds of firewalls can be generally divided into?
1) firewall is a system to realize the security of internal and external networks.
2) Classification by technology: (1) Anomaly detection (2) Misuse detection (3) Intrusion detection using a mixture of two technologies.
19. What is an intrusion detection system? According to the technology adopted, what kinds of intrusion detection systems can be divided into?