A A A A NSWERSNSWERSNSWERSNSWERS TOTOTOTO Q QQ QUESTIONSUESTIONSUESTIONSUESTIONS 1.1 The OSI Security Architecture is a framework that provides a systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. The document defines security attacks, mechanisms, and services, and the relationships among these categories. 1.2Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, file transfers, and client/server exchanges are examples of transmissions that can be monitored. Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems. 1.3Passive attacks: release of message contents and traffic analysis. Active attacks: masquerade, replay, modification of messages, and denial of service. 1.4 Authentication: The assurance that the communicating entity is the one that it claims to be. Access control: The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do). Data confidentiality: The protection of data from unauthorized disclosure. Data integrity: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). Chapter 1:Introduction.5 Chapter 2:Classical Encryption Techniques.7 Chapter 3:Block Ciphers and the Date Encryption Standard.13 Chapter 4:Finite Fields.21 Chapter 5:Advanced Encryption Standard .28 Chapter 6:More on Symmetric Ciphers .33 Chapter 7:Confidentiality Using Symmetric Encryption.38 Chapter 8:Introduction to Number Theory.42 Chapter 9:Public-Key Cryptography and RSA.46 Chapter 10:Key Management; Other Public-Key Cryptosystems.55 Chapter 11:Message Authentication and Hash Functions.59 Chapter 12:Hash and MAC Algorithms .62 Chapter 13:Digital Signatures and Authentication Protocols.66 Chapter 14:Authentication Applications.71 Chapter 15:Electronic Mail Security.73 Chapter 16:IP Security.76 Chapter 17:Web Security.80 Chapter 18:Intruders.83 Chapter 19:Malicious Software .87 Chapter 20:Firewalls.89 -2- Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them). 1.5 See Table 1.3. -3- A A A A NSWERSNSWERSNSWERSNSWERS TOTOTOTO P P P P ROBLEMSROBLEMSROBLEMSROBLEMS 1.1Release of message contents Traffic analysis MasqueradeReplayModification of messages Denial of service Peer entity authentication Y Data origin authentication Y Access controlY ConfidentialityY Traffic flow confidentiality Y Data integrityYY Non-repudiationY AvailabilityY 1.2Release of message contents Traffic analysis MasqueradeReplayModification of messages Denial of service EnciphermentY Digital signatureYYY Access controlYYYYY Data integrityYY Authentication exchange YYYY Traffic paddingY Routing controlYYY NotarizationYYY CHAPTER 2 CLASSICAL ENCRYPTION TECHNIQUESR -4- A A A A NSWERSNSWERSNSWERSNSWERS TOTOTOTO Q QQ QUESTIONSUESTIONSUESTIONSUESTIONS 2.1Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm. 2.2Permutation and substitution. 2.3One key for symmetric ciphers, two keys for a