FinalSample1

# FinalSample1 - IS2935 Introduction to Computer Security...

This preview shows pages 1–5. Sign up to view the full content.

IS2935 Introduction to Computer Security Final, Thursday, December 11, 2003 Name: Email: Total Time : 2:30 Hours Total Score : 100 The questions have been grouped into four parts. These parts roughly correspond to the different sets of chapters as I had indicated in the class. Part 1: (Total Score 20) Part 2: (Total Score 25) Part 3: (Total Score 30) Part 4: (Total Score 25) Note that scores for each question may be different – so spend time accordingly on each question . Be precise and clear in your answers. Score Part 1 Part 2 Part 3 Part 4 Total: Best of Lucks!!

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Part I: Certificates, Authentication and Identity (Total Score 20) 1. Refer to the Merklee’s tree shown below. [1, 3] a. Indicate the hash values that need to be computed (use circles ) and that need to be obtained (use rectangular boxes) to validate C 3 b. At the time C 3 is being evaluated, suppose that C 1 gets corrupted. How does it affect the validation of C 3 ? Assume that the hash values are all available in the same file, but the certificates are not. Provide enough arguments to substantiate your point. 2. Recall that X << Y >> represents Y ’s certificate signed by X . Consider the following certificates and answer the following [2, 2] { Dan << Alice >> { Cathy << Bob > { Dan << Cathy >> { Cathy << Dan >> (a) Show steps (or just write the signature chain ) that Alice takes to validate Bob’s certificate: h (1,1) h (2,2) h (3,3) h (4,4) h (1,4) h (1,2) h (3,4) C 1 C 2 C 3 C 4
(b) Show steps (or just write the signature chain ) that Alice takes to validate Bob’s certificate: 3. What is a dictionary attack? Briefly describe the two types of dictionary attack. [4] 4. Provide argument(s) for or against the following statement: [2] Use of salt increases the effort needed to launch dictionary attack. 5. For the S/Key scheme for password authentication, write the following: [2, 2].

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
a. If h is the hash function used, (i) n keys k 1 , k 2 , . ., k n are generated as follows: --------------------------------------------------------- ( ii ) & the keys are used in the following sequence:
This is the end of the preview. Sign up to access the rest of the document.

## FinalSample1 - IS2935 Introduction to Computer Security...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online