Cryptography and Network Security Principles and Practice 5th manual solution 解答

所需积分/C币:11 2012-08-19 07:43:41 3.04MB PDF

Cryptography and Network Security Principles and Practice 5th 完整解答 By William Stallings
NOTICE This manual contains solutions to the review questions and homework problems in Cryptography and Network Security, Fifth Edition. If you spot an error in a solution or in the wording of a problem, I would greatly appreciate it if you would sheet for this manual, if needed, is available at S-Cryptose-mmyy WS TABLE OF CONTENTS Chapter 1 Introduction..................5 Chapter 2 Classical Encryption Techniques..........8 Chapter 3 Block Ciphers and the Data Encryption Standard 14 Chapter 4 Basic Concepts in number Theory and Finite Fields.....23 Chapter 5 Advanced Encryption Standard....30 Chapter9 Public-Key Cryptography and rSA :. an Chapter 6 Block Cipher Operation ………36 Chapter 7 Pseudorandom Number generation d stream Ciphers…0 Chapter 8 Introduction to Number Theory 。。着。鲁非。,。自。看鲁。非 47 Chapter10 Other Public-Key( ryptosystems………….6 Chapter1 Cryptographic Hash Functions…… ∴…60 Chapter 12 Message Authentication Codes. Chapter 13 Digital Signatures Chapter 14 Key management and Distribution 73 Chapter 15 User Authentication...... 鲁非鲁非非鲁 Chapter 16 Transport-Level Security...............83 Chapter 17 Wireless Network Security ∴86 Chapter 18 Electronic Mail Security Chapter 19 IP Security 鲁·鲁· ··自·音。音鲁非····曲非。·非 .D鲁。 ·看·申··。·非 4 Chapter 20 Intruders 100 Chapter 21 Malicious Software.........106 Chapter 22 Firewalls.. 10 Chapter23 Legal and Ethical Aspects…… 鲁。。鲁非·非D。自。非。。非4·非 CHAPTER 1 INTRODUCTION ANsw同s⑥QUST◎N 1.1 The osi Security architecture is a framework that provides a systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. The document defines security attacks, mechanisms and services, and the relationships among these categories 1.2 Passive attacks have to do with eavesdropping on, or monitoring, transmissions Electronic mail, file transfers, and client/ server exchanges are examples of transmissions that can be monitored Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems 1.3 Passive attacks: release of message contents and traffic analysis. active attacks: masquerade, replay, modification of messages, and denial of service 1.4 Authentication: The assurance that the communicating entity is the one that it claims to be Access control: The prevention of unauthorized use of a resource (i.e, this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do Data confidentiality: The protection of data from unauthorized disclosure Data integrity: The assurance that data received are exactly as sent by an authorized entity (i.e, contain no modification, insertion, deletion, or replay) Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system(i. e, a system is available if it provides services according to the system design whenever users request them) 1.5 See table 1.3 ANSWER听@PR◎LM感 1.1 The system must keep personal identification numbers confidential, both in the host system and during transmission for a transaction It must protect the integrity of account records and of individual transactions. Availability of the host system is important to the economic well being of the bank but not to its fiduciary responsibility. The availability of individual teller machines is of less concern 1.2 The system does not have high requirements for integrity on individual transactions, as lasting damage will not be incurred by occasionally losing a call or billing record. The integrity of control programs and configuration records, however, is critical. Without these, the switching function would be defeated and the most important attribute of all availability - would be compromised. a telephone switching system must also preserve the confidentiality of individual calls, preventing one caller from overhearing another 1.3 a. The system will have to assure confidentiality if it is being used to publish corporate proprietary material b.The system will have to assure integrity if it is being used to laws or regulations The system will have to assure availability if it is being used to publish a daily paper. 1.4 a. An organization managing public information on its web server determines that there is no potential impact from a loss of confidentiality (i.e., confidentiality requirements are not applicable), a moderate potential impact from a loss of integrity, and a moderate potential impact from a loss of availability b. a law enforcement organization managing extremely sensitive investigative information determines that the potential impact from a loss of confidentiality is high, the potential impact from a loss of integrity is moderate, and the potential impact from a loss of availability is moderate A financial organization managing routine administrative information (not privacy-related information) determines that the potential impact from a loss of confidentiality is low the potential impact from a loss of integrity is low and the potential impact from a loss of availability is low d. The management within the contracting organization determines that: (i) for the sensitive contract information the potential impact from a loss of confidentiality is moderate the potential impact from a loss of integrity is moderate, and the potential impact from a loss of availability is low; and (ii) for the routine administrative information(non-privacy-related information), the potential impact from a loss of confidentiality is low the potential impact from a loss of e. integrity is low, and the potential impact from a loss of availability is low e. The management at the power plant determines that: (i) for the sensor data being acquired by the SCADA system, there is no potential impact from a loss of confidentiality, a high potential impact from a loss of integrity, and a high potential impact from a loss of availability; and (ii) for the administrative information being processed by the system, there is a low potential impact from a loss of confidentiality, a low potential impact from a loss of integrity, and a ow potential impact from a loss of availability Examples from FIps 199 15 Release Traffic Masquerade Replay Modification Denial of analysis of messages 0 message Service contents Peer entity authentication Data origin authentication Access control Y Confidentiality Traffic flow confidentiality Data integrity Y on-repudlation Availability Y 1.6 Release Traffic Masquerade Replay Modification Denial analysis of messages o1 message service contents Encipherment Digital signature Access control Y Y Y Y Y Data integrity Y Y Authentication exchange Traffic padding Y Routing contro Notarization -7- CHAPTER 2 CLASSICAL ENCRYPTION TECHNIQUES ANSWER8 TO QUESTION感 2.1 Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm 2.2 Permutation and substitution 2.3 One key for symmetric ciphers, two keys for asymmetric ciphers 2.4 A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of cqual length 2.5 Cryptanalysis and brute force. 2.6 Ciphertext only One possible attack under these circumstances is the brute-force approach of trying all possible keys. If the key space is very large, this becomes impractical. Thus, the opponent must rely on an analysis of the ciphertext itself, generally applying various statistical tests to it. Known plaintext. The analyst may be able to capture one or more plaintext messages as well as their encryptions With this knowledge, the analyst may be able to deduce the key on the basis of the way in which the known plaintext is transformed Chosen plaintext. If the analyst is able to choose the messages to encrypt, the analyst may deliberately pick patterns that can be expected to reveal the structure of the key 2. 7 An encryption scheme is uncon ditionally secure if the ciphertext generated by the scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much ciphertext is available. An encryption scheme is said to be computationally secure if: (1)the cost of breaking the cipher exceeds the value of the encrypted information, and(2)the time required to break the cipher exceeds the useful lifetime of the information 2.8 The Caesar cipher involves replacing each letter of the alphabet with the letter standing k places further down the alphabet, for k in the range 1 through 25 2.9 A monoalphabetic substitution cipher maps a plaintext alphabet to a ciphertext alphabet, so that each letter of the plaintext alphabet maps to a single unique letter of the ciphertext alphabet 2.10 The Playfair algorithm is based on the use of a 5 x 5 matrix of letters constructed using a keyword. Plaintext is encrypted two letters at a time using this matrix -8- 2.11 A polyalphabetic substitution cipher uses a separate monoalphabetic substitution cipher for each successive letter of plaintext, depending on a key 2.12 1. There is the practical problem of making large quantities of random keys. Any heavily used system might require millions of random characters on a regular basis. Supplying truly random characters in this volume is a significant task 2. Even more daunting is the problem of key distribution and protection. For every message to be sent, a key of equal length is needed by both sender and receiver Thus, a mammoth key distribution problem exists 2.13 A transposition cipher involves a permutation of the plaintext letters 2.14 Steganography involves concealing the existence of a message 2.1 a. No. a change in the valuc of b shifts the relationship between plaintext letters and ciphertext letters to the left or right uniformly, so that if the mapping is one-to-one it remains one-to-one b. 2,4, 6,8,10, 12, 13, 14, 16, 18, 20, 22, 24. Any value of a larger than 25 is equivalent to a mod 26. c. The values of a and 26 must have no common positive integer factor other than 1. This is equivalent to saying that a and 26 are relatively prime, or that the greatest common divisor of a and 26 is 1. To see this, first note that E(a, p)=e(a, q)(0sps q<26) if and only if alp-g is divisible by 26. 1. Suppose that a and 26 are relatively prime. Then, a(p-g) is not divisible by 26, because there is no way to reduce the fraction a/26 and (p-q) is less than 26. 2. Suppose that a and 26 have a common factor k >l Then e(a, p)=e(a, q, if q=p+ m/k+p 2.2 There are 12 allowable values of a(1, 3, 5, 7,9, 11, 15, 17, 19, 21, 23, 25). There are 26 llowable values of b, from 0 through 25). Thus the total number of distinct affine Caesar ciphers is 12 x 26=312 2.3 Assume that the most frequent plaintext letter is e and the second most frequent letter is t. Note that the numerical values are e= 4: b=1 t=19: U=20. Then we have the following equations 1=(4a+b)mod26 20=(19+b)mod26 Thus, 19= 15a mod 26 By trial and error, we solve: a=3 Then 1=(12+ b)mod 26. By observation, b=15 2.4 a good glass in the Bishop's hostel in the Devil's seat-twenty-one degrees and thirteen minutes northeast and by north main branch seventh limb cast sidc shoot from the left eye of the death's head-a bee line from the tree through the shot fifty feet out. (from The Gold Bug, by Edgar Allan poe) 2.5 a. The first letter t corresponds to A the second letter h corresponds to b, e is c,s is D, and so on Second and subsequent occurrences of a letter in the key sentence are ignored. The result ciphertext: SIDKHKDM AF HCRKIABIE SHIMC KD IFEAILA plaintext: basilisk to leviathan blake is contact b. It is a monoalphabetic cipher and so easily breakable c. The last sentence may not contain all the letters of the alphabet. If the first sentence is used, the second and subsequent sentences may also be used until all 26 letters arc cncountcred 2.6 The cipher refers to the words in the page of a book. The first entry, 534, refers to page 534. The second entry, C2, refers to column two. The remaining numbers are words in that column. The names DOUGLAS and BirlStoNE are simply words that do not appear on that page. Elementary!(from The valley of fear, by Sir Arthur 27 8 6 4 RED T O H H 2CBROUYRTUST4 GEAE H R R E O YAPTSETERFO8TFOETO E HE E T CESA H A 2ERRAFR HIUOVEUFDwHUTELEITDs E B R HGISRE3KFT R D C E B T H RHRGTAIOENT R A R HTHTETA U U DLP HMET M ONVSEE B E U F R E R F O 工 SRNG BUTLF RRAFR工 DIP FI工 YO NVSEE TBEH工HTE卫 EYHAT TUCME HRGTA工 OENT TUSRU工 EADR FOETO LHMET NTEDS工 FWRO HUTEL工DS


评论 下载该资源后可以进行评论 24

catv 有用,谢谢!
lld0303 帮了我的忙,谢谢啦
lmy3228586 特别有用。十分感谢
nmhnhjcf 非常好,确实是第五版的答案。
baidu_32771463 不错的,可以学到很多。

关注 私信 TA的资源