密码编码学与网络安全(第五版)答案

Chapter 1: Chapter 2: Chapter 3: Chapter 4: Chapter 5: Chapter 6: Chapter 7: Chapter 8: Chapter 9: Chapter 10: Chapter 11: Chapter 12: Chapter 13: Chapter 14: Chapter 15: Chapter 16: Chapter 17: Chapter 18: Chapter 19: Chapter 20: 文档来源为:从网络收集整理.word版本可编辑.欢迎下载支持. Introduction ..................................................................................................5 Classical Encryption Techniques ...............................................................7 Block Ciphers and the Date Encryption Standard ................................13 Finite Fields .................................................................................................21 Advanced Encryption Standard ..............................................................28 More on Symmetric Ciphers ....................................................................33 Confidentiality Using Symmetric Encryption .......................................38 Introduction to Number Theory ..............................................................42 Public-Key Cryptography and RSA ........................................................46 Key Management; Other Public-Key Cryptosystems ...........................55 Message Authentication and Hash Functions .......................................59 Hash and MAC Algorithms .....................................................................62 Digital Signatures and Authentication Protocols ..................................66 Authentication Applications ....................................................................71 Electronic Mail Security ............................................................................73 IP Security ...................................................................................................76 Web Security ...............................................................................................80 Intruders ......................................................................................................83 Malicious Software ....................................................................................87 Firewalls ......................................................................................................89 ANSWERS TO QUESTIONS 1.1 The OSI Security Architecture is a framework that provides a systematic way of defining the requirements for security and characterizing the approaches to satisfying those requirements. The document defines security attacks, mechanisms, and services, and the relationships among these categories. 1.2 Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, file transfers, and client/server exchanges are examples of transmissions that can be monitored. Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems. 1.3 Passive attacks: release of message contents and traffic analysis. Active attacks: masquerade, replay, modification of messages, and denial of service. 1.4 Authentication: The assurance that the communicating entity is the one that it claims to be. Access control: The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do). Data confidentiality: The protection of data from unauthorized disclosure. Data integrity: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them). 1.5 See Table 1.3. 1文档来源为:从网络收集整理.word版本可编辑. 文档来源为:从网络收集整理.word版本可编辑.欢迎下载支持.

ANSWERS TOPROBLEMS 1.1 Release of message contents Y Release of message contents Y Y Y Y Y Y Y Traffic analysis Traffic analysis Masquerade Replay Modification Denial of messages of service Y Y Y Y Peer entity authentication Data origin authentication Access control Confidentiality Traffic flow confidentiality Data integrity Non-repudiation Availability 1.2 Y Y Y Y Masquerade Replay Modification Denial of messages of service Y Y Y Y Y Y Encipherment Digital signature Access control Data integrity Authentication exchange Traffic padding Routing control Notarization Y Y Y Y Y Y Y Y Y CHAPTER 2 CLASSICAL ENCRYPTION TECHNIQUESR ANSWERS TO QUESTIONS 2.1 Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm.

2文档来源为:从网络收集整理.word版本可编辑.

文档来源为:从网络收集整理.word版本可编辑.欢迎下载支持.

2.2 Permutation and substitution.

2.3 One key for symmetric ciphers, two keys for asymmetric ciphers.

2.4 A stream cipher is one that encrypts a digital data stream one bit or one byte at a

time. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length. 2.5 Cryptanalysis and brute force.

2.6 Ciphertext only. One possible attack under these circumstances is the brute-force

approach of trying all possible keys. If the key space is very large, this becomes impractical. Thus, the opponent must rely on an analysis of the ciphertext itself, generally applying various statistical tests to it. Known plaintext. The analyst may be able to capture one or more plaintext messages as well as their encryptions. With this knowledge, the analyst may be able to deduce the key on the basis of the way in which the known plaintext is transformed. Chosen plaintext. If the analyst is able to choose the messages to encrypt, the analyst may deliberately pick patterns that can be expected to reveal the structure of the key.

2.7 An encryption scheme is unconditionally secure if the ciphertext generated by the

scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much ciphertext is available. An

encryption scheme is said to be computationally secure if: (1) the cost of breaking the cipher exceeds the value of the encrypted information, and (2) the time required to break the cipher exceeds the useful lifetime of the information. 2.8 The Caesar cipher involves replacing each letter of the alphabet with the letter

standing k places further down the alphabet, for k in the range 1 through 25.

2.9 A monoalphabetic substitution cipher maps a plaintext alphabet to a ciphertext

alphabet, so that each letter of the plaintext alphabet maps to a single unique letter of the ciphertext alphabet.

2.10 The Playfair algorithm is based on the use of a 5 ? 5 matrix of letters constructed

using a keyword. Plaintext is encrypted two letters at a time using this matrix.

2.11 A polyalphabetic substitution cipher uses a separate monoalphabetic substitution

cipher for each successive letter of plaintext, depending on a key.

2.12 1. There is the practical problem of making large quantities of random keys. Any

heavily used system might require millions of random characters on a regular basis. Supplying truly random characters in this volume is a significant task.

2. Even more daunting is the problem of key distribution and protection. For every message to be sent, a key of equal length is needed by both sender and receiver. Thus, a mammoth key distribution problem exists.

2.13 A transposition cipher involves a permutation of the plaintext letters. 2.14 Steganography involves concealing the existence of a message.

ANSWERS TO PROBLEMS

2.1 a. No. A change in the value of b shifts the relationship between plaintext letters

and ciphertext letters to the left or right uniformly, so that if the mapping is one-to-one it remains one-to-one.

3文档来源为:从网络收集整理.word版本可编辑.

2.2

2.3

2.4

2.5

2.6

2.7

文档来源为:从网络收集整理.word版本可编辑.欢迎下载支持.

b. 2, 4, 6, 8, 10, 12, 13, 14, 16, 18, 20, 22, 24. Any value of a larger than 25 is equivalent to a mod 26.

c. The values of a and 26 must have no common positive integer factor other than 1. This is equivalent to saying that a and 26 are relatively prime, or that the

greatest common divisor of a and 26 is 1. To see this, first note that E(a, p) = E(a, q) (0 ≤ p ≤ q < 26) if and only if a(p – q) is divisible by 26. 1. Suppose that a and 26 are relatively prime. Then, a(p – q) is not divisible by 26, because there is no way to reduce the fraction a/26 and (p – q) is less than 26. 2. Suppose that a and 26 have a common factor k > 1. Then E(a, p) = E(a, q), if q = p + m/k ≠ p.

There are 12 allowable values of a (1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25). There are 26 allowable values of b, from 0 through 25). Thus the total number of distinct affine Caesar ciphers is 12 ? 26 = 312.

Assume that the most frequent plaintext letter is e and the second most frequent letter is t. Note that the numerical values are e = 4; B = 1; t = 19; U = 20. Then we have the following equations: 1 = (4a + b) mod 26 20 = (19a + b) mod 26

Thus, 19 = 15a mod 26. By trial and error, we solve: a = 3. Then 1 = (12 + b) mod 26. By observation, b = 15.

A good glass in the Bishop's hostel in the Devil's seat—twenty-one degrees and thirteen minutes—northeast and by north—main branch seventh limb east

side—shoot from the left eye of the death's head— a bee line from the tree through the shot fifty feet out. (from The Gold Bug, by Edgar Allan Poe)

a. The first letter t corresponds to A, the second letter h corresponds to B, e is C, s is D, and so on. Second and subsequent occurrences of a letter in the key sentence are ignored. The result

ciphertext: SIDKHKDM AF HCRKIABIE SHIMC KD LFEAILA plaintext: basilisk to leviathan blake is contact b. It is a monalphabetic cipher and so easily breakable.

c. The last sentence may not contain all the letters of the alphabet. If the first sentence is used, the second and subsequent sentences may also be used until all 26 letters are encountered.

The cipher refers to the words in the page of a book. The first entry, 534, refers to page 534. The second entry, C2, refers to column two. The remaining numbers are words in that column. The names DOUGLAS and BIRLSTONE are simply words that do not appear on that page. Elementary! (from The Valley of Fear, by Sir Arthur Conan Doyle) a.

2 8 10 7 9 6 3 1 4 5 C R Y P T O G A H I B E A T T H E T H I R D P I L L A R F R O M T H E L E F T O U T S I D E T H E L Y C E U M T H E A T 4文档来源为:从网络收集整理.word版本可编辑.

文档来源为:从网络收集整理.word版本可编辑.欢迎下载支持.

R E T O N I G H T A T S E V E N I F Y O U A R E D I S T R U S T F U L B R I N G T W O F R I E N D S 4 2 8 10 5 6 3 7 1 9 N E T W O R K S C U T R F H E H F T I N B R O U Y R T U S T E A E T H G I S R E H F T E A T Y R N D I R O L T A O U G S H L L E T I N I B I T I H I U O V E U F E D M T C E S A T W T L E D M N E D L R A P T S E T E R F O ISRNG BUTLF RRAFR LIDLP FTIYO NVSEE TBEHI HTETA EYHAT TUCME HRGTA IOENT TUSRU IEADR FOETO LHMET NTEDS IFWRO HUTEL EITDS b. The two matrices are used in reverse order. First, the ciphertext is laid out in

columns in the second matrix, taking into account the order dictated by the second memory word. Then, the contents of the second matrix are read left to right, top to bottom and laid out in columns in the first matrix, taking into

account the order dictated by the first memory word. The plaintext is then read left to right, top to bottom.

c. Although this is a weak method, it may have use with time-sensitive

information and an adversary without immediate access to good cryptanalysis (e.g., tactical use). Plus it doesn't require anything more than paper and pencil, and can be easily remembered.

2.8 SPUTNIK

2.9 PT BOAT ONE OWE NINE LOST IN ACTION IN BLACKETT STRAIT TWO

MILES SW MERESU COVE X CREW OF TWELVE X REQUEST ANY INFORMATION 2.10 a.

L S F N V

b.

O C U R E A T H O W R B I/J P X G C K Q Y E D M U Z 5文档来源为:从网络收集整理.word版本可编辑.