Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Activity 5.1:
Review questions
Ans: EPA is the path for the exchange of authentication information between a
client system and an authentication server.
1. EPA-TLS. This method defines how the TLS protocol can be encapsulated
in EAP messages.
2. EAP-TTLS. Same as EAP-TLS, except only the server has a certificate to
authenticate itself to client first.
3. EAP-GPSK. A method that uses a Pre-Shared Key.
4. ESP-1KEv2. This method is based on the Internet key exchange protocol.
Ans: 'EAP Over LAN' operates at the network layers and makes use of an IEEE
802 LAN, such as Ethernet or Wi-FI, at the link level. It enables a supplicant to
communicate with an authenticator and supports exchange of EAP packets for
authentication.
Ans: the function of IEEE 802.1X is that this is the link layer protocol that
enforces authorization before a port is assigned an IP address. It makes use of
the Extensible Authentication Protocol for the authentication process.
Ans: The three cloud service models are listed and described below:
P.5.1. In the last few years, cloud computing has grown from being a
promising business concept to one of the fastest growing segments of the IT
industry. But security concerns remain the barrier to cloud computing. Write
a short essay (200-300 words) to cover cloud computing security challenges
and solutions.
Ans:
Cloud computing security faces different challenges which are briefly describe
in this essay. DATA LEAKS is also referred to as data breach is the release of
confidential and private data to an untrusted environment. POOR
AUTHENTICATION is also one of the challenges of the cloud security. There are
numerous attacks that result from broken authentication standards. LOSS OF
DATA As the cloud got matured over the years; example of cloud providers
losing data has become extremely rare. But the attacks to permanently delete
cloud data and harm businesses are still prevalent, thus making cloud data
centres vulnerable to natural disasters as any other facility. PACKET SNIFFING
is one of the various network attacks that allows an attacker to access your
files and other information MALWARE INJECTION refers to a type of attack,
where a piece of code is injected into the cloud, and this embedded code tricks
the cloud and starts to act as Software as a Service. If this event takes place
successfully, the cloud system automatically redirects even the legit user
requests to the injected malware. Once after it gains proper access to the
cloud, it starts to steal data and misuse it. PORT SCANNING is a malicious
technique that identifies open, closed, and filtered ports on a system in cloud
environment. In this, intruders seize sensitive data with the help of any open
ports available. These ports include services that are running on a system, IP
and MAC addresses, gateway, and fire-wall rules. Hijacking of accounts, poor
diligence, AIP insecurity, cloud abuses are also the challenges face by cloud
computing security.
Activity 6.1:
Review questions
Ans: The basic building block of an 802.11 WLAN is the Basic Service Set which
consists of wireless stations executing the same MAC protocol and completing
for access to the same shared wireless medium.
Ans: Extended service set is defined as two or more basic service sets
interconnected by a distribution system.
Ans: A Distribution System may or may not be. A Distribution system can be a
switch, a wired network or a wireless network.
Ans: IEEE 802.11i addresses four main security areas which are authentication,
key management, data confidentiality and data integrity.
Activity 6.2:
Problems P.6.1.
In IEEE 802.11, open system authentication simply consists of two
communications. An authentication is requested by the client, which
contains the station ID (typically the MAC address). This is followed by an
authentication response from the AP/router containing a success or failure
message. An example of when a failure may occur is if the client’s MAC
address is explicitly excluded in the AP/router configuration.
Ans: This Scheme depends on all parties having honestly. The scheme
does not protect against MAC address forgery.
ITNE2002
Review questions
Ans: A detached signature may be stored and transmitted separately from the
message it signs. This is useful because User may wish to maintain a separate
signature log of all messages sent or received. Detached signature of an
executable program can detect subsequent virus infection, and detached
signatures can be used when more than one party must sign a document, such
as a legal contract.
Ans: Radix 64 conversion is a scheme that PGP uses to convert the raw 8-bit
binary scheme to a stream of printable ASCII characters. This expands a
message by 33%, but the session key and signature portions of the message
are relatively compact, and the plaintext message has been compressed.
It also blindly converts the input stream to radix-64 format regardless of the
content, even if the input happens to be ASCII text.
Ans: Most email mail systems only permit the use of blocks consisting of ASCII
text, so PGP must provide a service (Radix-64, or R64) of converting the raw 8-
bit binary stream to a stream of printable ASCII characters. The reason R64
conversion is useful for an email application is because it blindly converts the
input stream to radix-64 format regardless of the content, even if the input
happens to be ASCII text. In other words, if the message is signed (but not
encrypted) and the conversion is applied to the entire block, the output will
still be unreadable to the casual observer. This provides a certain degree of
confidentiality.
Ans: PGP associates "trust" with public keys and then exploits this trust
information. In other words, each entry in the public key ring has a public key
certificate. Each entry has a legitimate key field that indicates the extent to
which PGP will trust that the fact that this is a valid public key for this user. If
the level of trust if high, the bind to the user ID of the key will be strong.
Whereas,
S/MIME stands for Secure MIME. It adds digital signatures (DSS) and
encryptions to internet MIME messages. It is also the standard for public key
encryption (incorporates three public-key algorithms) and signing of MIME
data. It provides the following functions: 1. Enveloped data, 2. Signed data, 3.
Clear-signed data, and 4. Signed and enveloped data.
Ans: DKIM stands for Domain Keys Identified Mail. This is a specification for
cryptographically signing email messages, permitting a signing domain to claim
responsibility for a message in the mail stream. The message recipients can
verify the signature by querying the signer's domain directly to retrieve the
appropriate public key and thereby can confirm that the message was attested
to by a party in the possession of the private key for the signing domain. This is
the internet standard and has been adopted by a wide-range of e-mail
providers, including corporations, government agencies, gmail, yahoo, and
Internet Service Providers (ISPs).
P.7.1. Phil Zimmermann chose IDEA, three-key triple DES, and CAST-128 as
symmetric encryption algorithms for PGP. Give reasons why AES and DES
symmetric encryption algorithms are suitable or unsuitable for PGP
a. DES,
Ans: Two-key triple DES, which has a key length of 112 bits, is suitable.
c. AES
P.7.2. Encode the text “Test” using Radix-64 technique. Assume characters
are stored in 8-bit ASCII with zero parity.