赞
踩
Chapter 1 Introduction
Answers to Questions
exchanges are examples of transmissions that can be monitored. Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems.
Active attacks: masquerade, replay modification of messages, and denial of service. •
Access control: The prevention of unauthorized use of a resource (i.e.z this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do).
Data confidentiality: The protection of data from unauthorized disclosure.
Data integrity: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).
Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication.
Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them).
-5-
both hardware and software should be as simple and small as possible.
Fail-safe defaults: access decisions should be based on permission rather than exclusion.
Complete mediation: every access must be checked against the access control mechanism.
Open Design: the design of a security mechanism should be open rather than secret.
Separation of privilege: a practice in which multiple privilege attributes are required to achieve access to a restricted resource. Least Privilege: every process and every user of the system should operate using the least set of privileges necessary to perform the task.
Least common mechanism: the design should minimize the functions shared by different users, providing mutual security. Psychological acceptability: the security mechanisms should not interfere unduly with the work of users, while at the same time meeting the needs of those who authorize access. Isolation: a principle that applies in three contexts. (1) public access systems should be isolated from critical resources (data, processes, etc.) to prevent disclosure or tampering. (2) the processes and files of individual users should be isolated from one another except where it is explicitly desired. (3) security mechanisms should be isolated in the sense of preventing access to those mechanisms. Encapsulation: a specific form of isolation based on object-oriented functionality. <
Modularity: refers both to the development of security functions as separate, protected modules and to the use of a modular architecture for mechanism design and implementation.
Layering: the use of multiple, overlapping protection approaches addressing the people, technology, and operational aspects of information systems.
Least Astonishment: means that a program or user interface should always respond in the way that is least likely to astonish the user.
Answers to Problems
-6-
publish corporate proprietary material.
publish a daily paper. 'J :
determines that there is no potential impact from a loss of confidentiality (i.e., confidentiality requirements are not applicable), a moderate potential impact from a loss of integrity, and a moderate potential impact from a loss of availability.
-7-
13 | Release of message contents | Traffic analysis | Masquerade | Replay | Modification of messages | Denial of service |
Peer entity authentication |
|
| Y |
|
|
|
Data origin authentication |
|
| Y |
|
|
|
Access control |
|
| Y |
|
|
|
Confidentiality | Y |
|
|
|
|
|
Traffic flow confidentiality |
| V |
|
|
|
|
Data integrity _____________ | __________________ |
|
| Y | Y |
|
Non-repudiation |
|
| Y |
|
|
|
Availability | — | — |
|
|
| Y |
-8-
1.6 | Release of message contents | Traffic analysis | Masquerade | Replay | Modification of messages | Denial of service |
Encipherment | Y |
|
|
|
|
|
Digital signature |
|
| Y | Y | Y |
|
Access control | Y | Y | Y | Y |
| Y |
Data integrity |
|
|
| Y | Y |
|
Authentication exchange | Y |
| Y | Y |
| Y |
Traffic padding |
| Y |
|
|
|
|
Routing control | Y | Y |
|
|
| Y |
Notarization |
|
| Y | Y | — Y — |
|
1.7
__________ | Open | Safe | 〜--------------- - ----------------- |
Pirk 丨 nek Learn | Cut Open Install | ||
Combination | S afe Improperly |
Find Writ- Get Combo
ten Combo from Target
AND 1. Survey physical perimeter to determine optimal monitoring position
OR 1. Pl lint spy as trusted insider
2. Use existing trusted insider
OR 1. Get physical, on-site access to Intranet
2. Get physictil access to external machines
OR 1. Monitor communications over Intemet for leakage
2. Gain privileged access to machines on intianet connected via Internet
Chapter 2 Symmetric Encryption and Message Confidentiality
Answers to Questions
one byte at a time. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length. 4
decrypt data encrypted by users of the older single DES by repeating the key.
Answers to Problems
1 A 3 G 6 o 9 T |
2 c a. 1 ■ 2 |
9 u 1 c 7 s 3 K |
6 R 5 o low 8 丁 2 E |
T | R | F | H | E | H | ■ •龍' ■■ F | 丁 | I | N |
B | R | 0 | u | Y | R | 下 | u | s | T |
E | A | E | 丁 | H | G | I | s | R | E |
H | F | T | E | A | T - | 「■ Y | R | N | D |
I | R | 0 | L | 下 | A | 0 | U | G | S |
H | L | L | E | 下 | I | N | I | B | I |
下 | I | H | I | u | 0 | V | E | U | F |
E | D | M | T | c | E | S | A | T | W |
T | L | E | D | M | N | E | D | L | R |
A | P | T | S | E | T | E | R | F | 0 |
ISRNG EYHAT NTEDS |
BUTLF TUCME IFWRO |
RRAFR HRGTA HUTEL |
LIDLP IOENT EITDS |
FTIYO TUSRU |
NVSEE IE ADR |
TBEHI FOETO |
HTETA LHMET |
2.2 a. Let -X be the additive inverse of X. That is -X | + | X = 0. Then: P = (C H -KJ ㊉ Ko
However, the operations I + I and ㊉ are not associative or distributive with one another, so it is not possible to solve this equation for Ko.
b. First two rounds:
L2 = Lq E [(Ro « 4) [T| Ko]㊉[Ro E ㊉[(Ro >> 5) E KJ
R2 = Ro H [(L2 « 4) H K2]㊉[L2 H 82]㊉[(L2 >> 5) [T] K3]
Now the decryption process. The input is the ciphertext (L2/ R2), and the output is the plaintext (Lo, Ro). Decryption is essentially the same as encryption, with the subkeys and delta values applied in reverse order. Also note that it is not necessary to use subtraction because there is an even number of additions in each equation.
l()= l2 L+J [(ro |
« 4) H Ko]㊉[Ro H ㊉[(% >> 5) E KJ
d.
for data traveling through the encryption algorithm and LD, and RDj for data traveling through the decryption algorithm. The diagram indicates that, at every round, the intermediate value of the decryption process is equal to the corresponding value of the encryption process with the two halves of the value swapped. To put this another way, let the output of the ith encryption round be LEj| |REj (Lj concatenated with Rj). Then the corresponding input to the (16 - i)th decryption round is RDj| |LD). Let us walk through the figure to demonstrate the validity of the preceding assertions. To simplify the diagram, it is unwrapped, not showing the swap that occurs at the end of each iteration. But note that the intermediate result at the end of the ith stage of the encryption process is the 2w-bit quantity formed by concatenating LEj and RE(, and that the intermediate result at the end of the ith stage of the decryption process is the 2w-bit quantity formed by concatenating LDj and RD(. After the last iteration of the encryption process, the two halves of the output are swapped, so that the ciphertext is REi6| |LEi6. The output of that round is the ciphertext. Now take that ciphertext and use it as input to the same algorithm. The input to the first round is REigI |LEi6, which is equal to the 32-bit swap of the output of the sixteenth round of the encryption process. '
Now we would like to show that the output of the first round of the decryption process is equal to a 32-bit swap of the input to the sixteenth round of the encryption process. First, consider the encryption process. We see that:
LEj.6 = RE15 REi6 = LE15 ㊉ F(REi5z K16) On the decryption side:
LDi = RDo = LEi6 = RE15 RDi = LDo ㊉ F(RDo, Kie) =RE16 ㊉ F(REi5/ Kis)
=[LEis ㊉ F(REi5/Kl6)J ㊉ F(REi5, Kie) The XOR has the following properties: [A㊉B]㊉C = A㊉[B㊉C] D ㊉ D = 0
E ㊉ 0 = E
Thus, we have LDi = RE15 and RDi = LE15. Therefore, the output of the first round of the decryption process is LE15IIRE15, which is the 32- bit swap of the input to the sixteenth round of the encryption. This
correspondence holds all the way through the 16 iterations, as is easily shown. We can cast this process in general terms. For the ith iteration of the encryption algorithm:
LEj = REj-i
REi = LEr® FfREj-i, Kj)
Rearranging terms:
REj-1 = LEi
LEj-i = RE,㊉ F(REj-i, Kj) = REj ㊉ F(LEiz Kj)
Thus, we have described the inputs to the ith iteration as a function of the outputs, and these equations confirm the assignments shown in the right-hand side of the following figure. 、
Finally, we see that the output of the last round of the decryption process is REq| |LEo. A 32-bit swap recovers the original plaintext, demonstrating the validity of the Feistel decryption process.
C=㊉ Ci = ® E(/Hf.) = E| © zn; I
碑) 碑) )
Thus, we obtain the plaintext of c by computing ㊉ nr. Let 0 be the 'e'(r)
all-zero string. Note that 0 = 0 ㊉ 0. From this we obtain E(0) = E(0 ㊉
0) = E(0)㊉ E(0) = 0. Thus, the plaintext of c = 0 is m = 0. Hence we can decrypt every c e <0, I}128.
2.7 a. |
|
defined as:
b = ai ㊉ a2 ㊉."㊉ ar
2.
bits
b. The number of states is [256! x 2562]。21700. Therefore, 1700 bits are required.
messages are sent, we expect the same v, and hence |
the same key stream, to be used more than once.
depends only on the input blocks C2 and C3,
(except the first) depends on the result of the previous forward cipher operation, so the forward cipher operations cannot be performed in parallel. In CBC decryption, however, the input blocks for the inverse cipher function (i.e., the ciphertext blocks) are immediately available, so that multiple inverse cipher operations can be performed in parallel. < ;
< 2w/8. The encryption sequence is as follows (The description in RFC 2040 has an error; the description here is correct.):
The last two blocks of the ciphertext are and CN. b- P/v-i = CN_2 ㊉ D(K, [CN II X]) PNWX= {CN II 00...0)㊉ D(K,
PN = left-hand portion of (PN II X) where II is the concatenation function
full block encrypt the ciphertext (C^j) again, select the
leftmost j bits of the encrypted ciphertext, and XOR that with the short block to generate the output ciphertext.
Chapter 3 Public-Key Cryptography and Message Authentication
Answers to Questions
Answers to Problems
3.1 a. Yes. The XOR function is simply a vertical parity check. If there is an odd number of errors, then there must be at least one column that contains an odd number of errors, and the parity bit for that column will detect the error. Note that the RXOR function also catches all errors caused by an odd number of error bits. Each RXOR bit is a function of a unique "spiral" of bits in the block of data. If there is an odd number of errors, then there must be at least one spiral that contains an odd number of errors, and the parity bit for that spiral will detect the error.
For example, for property 4, a message consisting of the value h satisfies H(/i) = h. For property 5, take any message M and add the decimal digit 0 to the sequence; it will have the same hash value.
Message
|
|
|
|
|
|
Column-wise mod 26 addition )
row-wise ]
rotations J
►〔 Column-wise mod 26 addition〕
Hi
AYHG DAAAAAAAAAAAAAAAAAAA
aaaaaaaaaaaaaaaaaaaaaaaa
Rj = Lkl ㊉ F(Rhl, Kj)
For DES, the function F is depicted in Figure 2.2. It maps a 32-bit R and a 48-bit K into a 32-bit output. That is, it maps an 80-bit input into a
32-bit output. This is clearly a one-way function. Any hash function that produces a 32-bit output could be used for F. The demonstration in the text that decryption works is still valid for any one-way function F.
C2 = RSA(Cl)㊉ RSA(Bl)㊉ B2 then RSA(Cl)㊉ C2 = RSA(Cl)㊉ RSA(Cl)㊉ RSA(Bl)㊉ B2 =RSA(Bl)㊉ B2
so RSAH(C1, C2) = RSA[RSA(C1)㊉ C2)] = RSA[RSA(B1)㊉ B2]
=RSAH(B1, B2)
64-bit CFB mode with IV = DI and plaintext blocks D2, D3, . . Dn
yield the same result.
(ii) MAC: Bob has to challenge both, Oscar and Bob, to reveal their secret key to him (which he knows anyway). Only Bob can do that.
(ii) MAC: No, Bob can claim that Alice generated this message.
f(IV, (/<+ ㊉ ipad)) f(IV, (/<+ ㊉ opad))
where f(cv, block) is the compression function for the hash function, which takes as arguments a chaining variable of n bits and a block of b bits and produces a chaining variable of n bits. These quantities only need to be computed initially and every time the key changes. In effect, the precomputed quantities substitute for the initial value (IV) in the hash function. With this implementation, only one additional instance of the compression function is added to the processing normally produced by the hash function.
b. This is a more efficient implementation. This more efficient implementation is especially worthwhile if most of the messages for which a MAC is computed are short.
3.13
5 | 2 | 1 | 4 | 5 |
1 | 4 | 3 | 2 | 2 |
3 | 1 | 2 | 5 | 3 |
4 | 3 | 4 | 1 | 4 |
2 | 5 | 5 | 3 | 1 |
3.14 a. n = 33;(|)⑻=20; d = 3; C = 26.
527 | =35 x 256 x 35 x 101 x 47 x 128 = 2 mod 527 =2 mod 257 |
3.15 M = 5
3.16 d = 3031
3-19 Yes.
Thus, the most efficient attack against the scheme described in the problem is to compute Me mod N for all possible values of M, then create a look-up table with a ciphertext as an index, and the corresponding plaintext as a value of the appropriate location in the table. 7 *
b. K = 3
Chapter 4 | Key Distribution and User Authentication |
Answers to Questions
Answers to Problems
(his own), and E(Ka, R), as if A wanted to send him the same message encrypted under the same key R as A did it with B
Pr = E[K, CJ ㊉ IV
P2 = E[K, c2]㊉ q ㊉ Pi = E[K, c2]㊉ ㊉ E[K, CJ ㊉ IV
P3 = E[K, C3]㊉ C2 ㊉ P2 = E[K, C3]㊉ C2 ㊉ E[K, C2]㊉ q ㊉ E[K, CJ ㊉ IV Now suppose that and C2 arrive in the reverse order. Let us refer to the decrypted blocks as Q(.
Qx= e[k,c2] ©iv
Q2 = E[K, CJ ㊉ c2 ㊉ Qt = E[K, CJ ㊉ c2 ㊉ E[K, C2]㊉ IV Q3 = E[K, C3]㊉ q ㊉ Q2 = E[K, C3]㊉ q ㊉ E[K, CJ ㊉ C2 ㊉ E[K, C2]㊉ IV The result is that 本 Pj Q2 本 P2; but Q3 = P3. Subsequent blocks are clearly unaffected.
the signed information for the third message, so that the third message now reads: 1
A^B: A <rB, B}
and only A is able to encrypt so that it can be decrypted with Afs public key.
b. Someone (e.g., C) can use this mechanism to get A to sign a message. Then, C will present this signature to D along with the message, claiming it was sent by A. This is a problem if A uses its public/private key for both authentication, signatures, etc.
second message, to recover R2.
b. Someone (e.g. C) can use this mechanism to get A to decrypt a message (i.e., send that message as /?2) that it has eavesdropped from the network (originally sent to A).
0 、 Certificate ViewerfBuiltin Object Token:DigiCert High Assurance EV Root CAH
General |
Details |
This certificate has been verified for the following uses:
Email Signer Certificate
SSL Certificate Author ty
Status Responder Certificate Issued To
Common Name (CN) Organization (0) Organizational Unit (OU) Serial Sumber | DigiCert High Assurance EV Root CA DigiCert Inc 02:AC:5C:26:6A:0B:40:9B:8F:0B:79:F2:AE:46:25:77 |
Issued By Common Name (CN) Organization (O) Organizational Unit (OU) Validity Issued On Expires On Fingerprints SHA1 Fingerprint MD5 Fingerprint | DigiCert High Assurance EV Root CA DigiCert Inc 11/9/06 11/9/31 5F B7 EE 06:33:E2 59 D8 AD OC 4C:9A:E6 D3:8F 1A 61:C7:DC 25 D4:74:DE:57 5C 39 B2 D3 9C 85:83 C5 CO 65:49 8A |
b. B. We consider the following interleaved runs of the protocol:
1. | A ->C(B): | A,% |
1'. | C(B) -^A : | 巳為 |
2'・ | A -C(B): | E(KAB,[NA9KfAB]) |
2. | C(B) -A : | E(KAB.[NA,KfAB]) |
3. | A —C(B): | ^fAB. Na) |
C cannot encrypt A’s nonce, so he needs to get help with message 2. He therefore starts a new run with A, letting A do the encryption and reflecting the reply back. A will accept the unprimed protocol run and believe that B is present.
c. To prevent the attack, we need to be more explicit in the messages, e.g. by changing message 2 to include the sender and receiver (in this order), i.e. to be [A, B, NA,
nonce is used for challenge-response.
4. 19 Adding EMK0 would allow users to generate personal session keys, which could be exchanged, avoiding the necessity of storing a key variable in a user-to-user session.
4.20 Host / has master key KMH/F with variants KMH", j = 0, 1, 2.
KMHZ 0: used to encrypt session key KS
KMHy used to encrypt user master keys (at Host /) KMH/ 2: used to encrypt cross domain key KMH(/Z j) = KMH(J, /) (Host / to Host j)
Host i stores E[KMH^2/ KMH(/Z J)] and uses a translation instruction RFMK*: '
RFMK*[E[KMH/ 2, KMH(/;j)], E(KMH, 0, KS)] -> E(KMH,j7 K)] A second translation function RTMK (at Host j) RTMK[E[KMH; 2, KMH(J, '■)], E(KMH('; j), KS)] E(KMH; 0, KS)] which may be deciphered by a user at Host j.
4.21 One solution is to add an instruction similar to RFMK of the form KEYGEN[RNZ KMT" KMT^]
which will interpret RN as E(KMH0, KS) and return both E(KMH/Z KS) and E(KMH;7 KS), which are sent to the terminals i and j, respectively. RN need not be maintained at the host.
Chapter 5 Network Access Control and Cloud Security
Answers to Questions
Answers to Problems
Chapter 6 Transport-Level Security
Answers to Questions
6.5 Server and client random: Byte sequences that are chosen by the server and client for each connection. Server write MAC secret: The secret key used in MAC operations on data sent by the server. Client -41-
© 2017 Pearson Education, Inc., Hoboken. NJ All rights reserved.
write MAC secret: The secret key used in MAC operations on data sent by the client. Server write key: The conventional encryption key for data encrypted by the server and decrypted by the client. Client write key: The conventional encryption key for data encrypted by the client and decrypted by the server. Initialization vectors: When a block cipher in CBC mode is used, an initialization vector (IV) is maintained for each key. This field is first initialized by the TLS Handshake Protocol. Thereafter the final ciphertext block from each record is preserved for use as the IV with the following record. Sequence numbers: Each party maintains separate sequence numbers for transmitted and received messages for each connection. When a party sends or receives a change cipher spec message, the appropriate sequence number is set to zero. Sequence numbers may not exceed 264 - 1.
Chapter 7 Wireless Network
Security
Answers to Questions
Chapter 8 Electronic Mail Security
Answers to Questions
Content-Transfer-Encoding: Indicates the type of transformation that has been used to represent the body of the message in a way that is acceptable for mail transport.
© 2017 Pearson Education, Inc., Hoboken. NJ All rights reserved.
virus infection. Finally, detached signatures can be used when more than one party must sign a document, such as a legal contract. Each person*s signature is independent and therefore is applied only to the document. Otherwise, signatures would have to be nested, with the second signer signing both the document and the first signature, and so on.
As with POP3, Internet Mail Access Protocol (IMAP) also enables an email client to access mail on an email server. IMAP also uses TCP, with server TCP port 143. IMAP is more complex than POP3. IMAP provides stronger authentication than POP3 and provides other functions not supported by POP3.
k = 1.18xVk For a 128-bit key, there are 2128 possible keys. Therefore
jt = 1.18xx/2H?=1.18x2M
P(/?, k) = Pr [at least one duplicate in k items, with each item able to
take on one of n equally likely values between 1 and n]
In this case, k = N and n |
private key. Therefore, anyone in possession of the public key can decrypt it and recover the entire message digest.
b. The probability that a message digest decrypted with the wrong key would have an exact match in the first 16 bits with the original message digest is
2~16. I
i 01101001 n 01101110 t 01110100 e 01100101
x 01111000 t 01110100
Next, we block these off into groups of 6 bits, show the 6-bit decimal value, and do the encoding.
011100 000110 110001 100001 011010 010110 111001 110100
28 6 49 33 26 22 57 52
cGxhaW5 0
011001 010111 100001 110100
25 23 33 52 Z X h 0
So the radix-64 encoding is cGxhaW50ZXh0
b. All of the characters are "safe", so the quoted-printable encoding is simply plaintext
8.12 |
| |
Requires PKIX validation | Does not require PKIX validation | |
TLSA RR contains a trust anchor that issued one of the certificates | PKIX-TA | DANE-TA |
TLSA matches an end entity, or leaf certificate | PKIX-EE | DANE-EE |
Chapter 9 IP Security
Answers to Questions
画ntranet connectivity with partners: IPSec can be used to secure communication with other organizations, ensuring authentication and confidentiality and providing a key exchange mechanism. Enhancing electronic commerce security: Even though some Web and electronic commerce applications have built-in security protocols, the use of IPSec enhances that security.
Currently, only unicast addresses are allowed; this is the address of the destination endpoint of the SA, which may be an end user system or a network system such as a firewall or router. Security Protocol Identifier: This indicates whether the association is an AH or ESP security association.
A security association is normally defined by the following parameters:
Sequence Number Counter: A 32-bit value used to generate the Sequence Number field in AH or ESP headers, described in Section 9.3 (required for all implementations). Sequence Counter Overflow: A -53-
flag indicating whether overflow of the Sequence Number Counter should generate an auditable event and prevent further transmission of packets on this SA (required for all implementations). Anti-Replay Window: Used to determine whether an inbound AH or ESP packet is a replay, described in Section 9.3 (required for all implementations). AH Information: Authentication algorithm, keys, key lifetimes, and related parameters being used with AH (required for AH implementations). ESP Information: Encryption and authentication algorithm, keys, initialization values, key lifetimes, and related parameters being used with ESP (required for ESP implementations). Lifetime of this Security Association: A time interval or byte count after which an SA must be replaced with a new SA (and new SPI) or terminated, plus an indication of which of these actions should occur (required for all implementations). IPSec Protocol Mode: Tunnel, transport, or wildcard (required for all implementations). These modes are discussed later in this section. Path MTU: Any observed path maximum transmission unit (maximum size of a packet that can be transmitted without fragmentation) and aging variables (required for all implementations).
-54-
destination. Iterated tunneling: Refers to the application of multiple layers of security protocols effected through IP tunneling. This approach allows for multiple levels of nesting, since each tunnel can originate or terminate at a different IPSec site along the path.
Answers to Problems
9.1 row 1: Traffic between this host and any other host, both using port 500, and using UDP, bypasses IPsec. This is used for IKE traffic.
row 2: ICMP message to or from any remote address are error messages, and bypass IPSec.
row 3: Traffic between 1.2.3.101 and 1 23.0/24 is intranet traffic itnd must be protected by ESP,with the exception of traffic defined in earlier rows, row 4: TCP traffic between this host (1.2 3 101) and the sender (1.2.4.10) on server port 80 is ESP protected.
row 5: TCP traffic between this host(! 2.3.101) and the sender (1.2.4.10) on server port 80 is protected by TLS and so can bypass IPSec. row 6: Any other traffic between 1.23.101 and 1.2.3.0/24 is prohibited and is discarded.
row 7: Any other traffic between 1.2.3.101 goes to the Internet and bypasses IPSec.
IPv4 | orig IP | hdr | | TCP | Data | |
|
|
|
|
|
…z lorig IP IPv6 I hdr | extension headers | (if present) | | TCP | Data | |
9.2. |
|
|
authenticated except for mutable fields
IPv6 | orig IP hdr | hop-by-hop,des“ I routing, fragment | A II | dest | TCP | Data |
(b) Transport Mode
|
◄------------ |
| new IP header and its extension headers |
|
| |
new IP I | ext | I orig IP | ext I | |
|
|
hdr | | headers | |AH| hlr | headers | TCP | | Data |
|
IPv6 |
authenticated except for mutable fields in |
(c) Tunnel Mode |
9.3 |
9.4 |
Mutable but predictable: Destination Address (with loose or strict source routing). At each intermediate router designated in the source routing list, the Destination Address field is changed to indicate the next designated address. However, the source routing field contains the information needed for doing the MAC calculation. Mutable (zeroed prior to ICV calculation): Type of Service (丁OS), Flags, Fragment Offset, Time to Live (TTL), Header Checksum. TOS may be altered by a router to reflect a reduced service. Flags and Fragment offset are altered if an router performs fragmentation. TTL is decreased at each router. The Header Checksum changes if any of these other fields change.
Mutable but predictable: Destination Address (with Routing Extension Header)
Mutable (zeroed prior to ICV calculation): Class, Flow Label, Hop Limit
Mutable but predictable: Routing
Not Applicable: Fragmentation occurs after outbound IPSec processing and reassembly occur before inbound IPSec processing , so the Fragmentation Extension Header, if it exists, is not seen by IPSec.
9.5 a. The received packet is to the left of the window, so the packet is discarded; this is an auditable event. No change is made to window parameters.
IPv4 Header Fields | Outer Header at Encapsulator | Inner Header at Decapsulator |
version | 4(1) | no change |
header length | constnicted | no chiinge |
TOS | copied from inner header (5) | no change |
total length | constnicted | no change |
ID | constructed | no change |
Flags | constructed. DF (4) | no change |
Fragment offset | constructed | no chiinge |
TTL | constnicted | decrement (2) |
protocol | AH,ESP, routing header | no change |
checksum | constructed | no change |
source address | constructed (3) | no change |
destination address | constnicted (3) | no change |
options | never copied | no change |
IPv6 Header Fields | Outer Header at 1 Encapsulator | r dinner Header at Decapsulator |
version | 6(1) | no change |
class | copied or configured (6) | no change |
flow id | copied or configured | no change |
length | constructed | no change |
next header | AH、ESP. routing header | no chiinge |
hop count | constnicted (2) | decrement (2) |
source address | constnicted (3) | no change |
dest address | constructed (3) | no change |
extension headers | never copied | no chiinge |
ESP trlr |
authenticated except for mutable fields |
encrypted |
°2P TCP | |
Data |
AH |
authenticated except for mutable fields- ----------------- ncrypted |
orig IP |
new IP |
|
I SI, trlr |
◄-authenticated except for mutable fields-►
◄--------------------- encry pted------------------------ ►
new IP hdr | ESP hdr | orig IP hdr | AH | TCP | Data | ESP trlr |
Chapter 10 Malicious Software
Answers to Questions
specific malware that has infected the system; and removaI to remove all traces of malware virus from all infected systems so that it cannot spread further.
First generation: simple scanners that require a malware signature to identify it
Second generation: heuristic scanners use heuristic rules to search for probable malware instances, or uses integrity checking to identify changed files
Third generation: activity traps that identify malware by its actions rather than its structure in an infected program
Fourth generation: full-featured protection uses packages of a variety of anti-virus techniques used in conjunction, including scanning and activity trap components.
Answers to Problems
Analysis." Purdue Technical Report CSD-TR-823.
Common choices for passwords usually include fantasy characters, but this list contains none of the likely choices (e・g., ''hobbit: ''dwarf", Ugandalf\ ''skywalker", ''conan"). Names of relatives and friends are often used, and we see women’s names like ''jessica", ''Caroline", and ”edwina〃,but no instance of the common names ''jennifer" or Mkathy\ Further, there are almost no men’s names such as uthomas/z or either of ''stepherT or ''steven〃 (or Ueugene,r!). Additionally, none of these have the initial letters capitalized, although that is often how they are usee ;n passwords. Also of interest, there are no obscene words in tnis dictionary, yet many reports of concerted password cracking experiments have revealed that there are a significant number of users who use such words (or phrases) as passwords. The list contains at least one incorrect spelling: ’'commrades〃 instead of''comrades"; I also believe that ''markus" is a misspelling of umarcus〃. Some of the words do not appear in standard dictionaries and are non-English names: ”jixian"' ''vasant", ''puneet", etc. There are also some unusual words in this list that I would not expect to be considered common: ''anthropogenic", ''imbroglio", vumesh〃,'’rochester", ''fungible", ”cerulean", etc.
b. Again, from Spafford:
I imagine that this list was derived from some data gathering with a limited set of passwords, probably in some known (to the author) computing environment. That is, some dictionary-based or bruteforce attack was used to crack a selection of a few hundred passwords taken from a small set of machines. Other approaches to gathering passwords could also have been used: Ethernet monitors, Trojan Horse login programs, etc. However they may have been cracked, the ones that were broken would then have been added to this dictionary. Interestingly enough, many of these words are not in the standard on-line dictionary (in /usr/dict/words). As such, these words are useful as a supplement to the main dictionarybased attack the worm used as strategy #4, but I would suspect them to be of limited use before that time.
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。