EXAM questions for the course TTM4135 - Information Security

August 2007

Part 1

This part consists of 8 questions all from one common topic. The number of maximal points
for every correctly answered question is given next to the question. Maximal number of
points in this part of the exam is 34. Time for work on this test: ~60 minutes.

TOPIC: Types of security attacks

1. (5 points) What is a passive attack?

2. (5 points) What is an active attack?
3. (4 points) What is the usual countermeasure against passive attacks?
4. (4 points) What is the “traffic analysis”?
5. (4 points) What is a “masquerade”?
6. (4 points) What is a “replay”?
7. (4 points) What is a “modification of a messages”?
8. (4 points) What is a “denial of service”?
 KEY for Part 1

TOPIC: Block ciphers and modes of operations

1. Complete answer should mention that passive attacks have a nature of eavesdropping or
monitoring the transmissions, and that they are difficult to detect because they do not
involve any alternation of the data.

2. Complete answer should mention that active attacks involve some modification of the
data stream or the creation of a false stream and that it is difficult to absolutely prevent
active attacks because of the wide variety of potential physical, software and network
vulnerabilities.

3. Complete answer should mention: encryption.

4. Complete answer should mention analysis of the patterns of the messages, location and
identity of communication hosts and frequency and length of messages being exchanged.

5. Complete answer should define masquerade as an attack where one entity pretends to be a
different entity.

6. Complete answer should define replay as an attack that involves a passive capturing of a
transmitted data and its subsequent retransmission to produce an unauthorized effect.

7. Complete answer should define modification of message as an attack where some portion
of a legitimate message is altered, or delayed or reordered to produce an unauthorized
effect.

8. Complete answer should define the denial of service as an attack that prevents or inhibits
the normal use or management of communication facilities (either they are specific
targets or entire networks).
EXAM questions for the course TTM4135 - Information Security
August 2007

Part 2

This part consists of 7 questions all from one common topic. The number of maximal points
for every correctly answered question is given next to the question. Maximal number of
points in this part of the exam is 34. Time for work on this test: ~60 minutes.

TOPIC: Public-Key Cryptography (asymmetric encryption/decryption)

1. (6 points) What are the two most difficult problems of symmetric cryptography that
public-key cryptography solves?
2. (6 points) How asymmetric encryption/decryption works?
3. (3 points) What is the most widely used public-key crypto system?
4. (6 points) Describe the Diffie-Helman key exchange?
5. (7 points) Describe the RSA algorithm?
6. (3 points) On which mathematical problem RSA bases its security?
7. (3 points) On which mathematical problem Elliptical Curves Cryptography bases it
security?
 KEY for Part 2

TOPIC: Standards in Information Security

1. Complete answer should mention:

1. Key distribution
2. Digital Signatures

2. Complete answer should mention that asymmetric cryptosystem encrypts with one key
(called public key) and decrypts with another key (called private key).

3. RSA

4. Global public elements:

q – prime number
a – primitive root of q, where a<q

User A Key Generation:

Select randomly XA, XA < q
Compute YA, YA = a XA mod q

User B Key Generation:

Select randomly XB, XB < q
Compute YB, YB = aXB mod q

Calculation of Secret Key by User A

K = (YB)XA mod q

Calculation of Secret Key by User B

K = (YA)XB mod q

5. Key generation:
Select two prime numbers p and q such that p ≠ q,
Calculate n = p q
Calculate Phi(n) = (p – 1) (q – 1)
Select an integer e such that: gcd (Phi(n), e) = 1, 1 < e < Phi(n)
Calculate d = e-1 mod Phi(n)
Public key: (e, n)
Private key: (d, n)

Encryption:
Plaintext: M<n
Ciphertext: C = Me mod n

Decryption:
Ciphertext C
Plaintext: P = Cd mod n
6. On the difficulty of finding prime factors of a composite number (factorization of natural
numbers).

7. Discrete logarithm problem in an additive group.

EXAM questions for the course TTM4135 - Information Security
August 2007

Part 3

This part consists of 20 questions. For every question 5 alternative answers are given, of
which ONLY ONE is correct. If you chose the correct answer you will earn 1.6 points,
otherwise you will loose 0.4 points (i.e. the penalty is -0.4 points). If you not choose any
answer - then you will not get any points (i.e. the earned points are 0). Maximal number of
points in this part of the exam is 32. Time for work on this test: ~60 minutes.

1. What is “one-time pad”?

a. A symmetric cipher that needs only one master key.
b. An asymmetric cipher that needs only one master key.
c. A symmetric cipher that for every encrypted message needs a random key of the
same length as the message itself.
d. A symmetric cipher that have very long secret key, and with every new message
to be encrypted rotates the key for certain number of positions.
e. A symmetric cipher that have very long secret key, and with every new message
to be encrypted rotates the key for one position.

2. Which two types of attacks on DES are slightly better than brute-force key search?
a. Factorization of numbers and Discrete logarithm
b. Differential cryptanalysis and Linear cryptanalysis
c. Statistical cryptanalysis and Testing of randomness
d. Embedded cryptanalysis and Multidimensional cryptanalysis
e. General Number sieve and Polynomial Quantum Factorization

3. LUCIFER was the predecessor of DES and had the key length of:
a. 128 bits
b. 96 bits
c. 80 bits
d. 64 bits
e. 56 bits

4. What is “the greatest common divisor of two integers”?

a. It is the greatest integer obtained when two integers divide each other
b. It is the largest prime number that is a factor of both integers
c. It is the largest positive integer that exactly divides both integers
d. It is the first prime number greater than the arithmetic average of the numbers
 e. It is the first power of 2 greater than the biggest of two integers

5. AES uses:
a. 128, 160 or 256 bits block size and a key size of 128, 160 or 256 bits
b. 512 bits block size and a key size of 128, 256 or 512 bits
c. 128, 256 or 512 bits block size and a key size of 128, 192 or 256 bits
d. 128, 192 or 256 bits block size and a key size of 128, 192 or 256 bits
e. 128 bits block size and a key size of 128, 192 or 256 bits

6. RC4 is:
a. A stream cipher with variable key length
b. A stream cipher with 128 bits key length
c. A block cipher with variable key length
d. A block cipher with 128 bits key length
e. A hash function with 128 bits hash output

7. What is the “key distribution”?

a. A function that delivers two master keys to two different key distribution centers.
b. A function that produces a master key in the key distribution center.
c. A function that delivers a key to two parties who wish to exchange secure
encrypted data.
d. A function that delivers a key to two parties who wish to exchange secure
encrypted data, and the key must be protected from access by others.
e. A function that analyses the statistical distribution of the secret keys.

8. By Miller-Rabin algorithm we can prove that a number is:

a. composite
b. prime
c. power of 2
d. relatively prime to another number
e. a factor of another number

9. :Which three public-key algorithms can be used for digital signature:

a. RSA, Elliptic Curve, Diffie-Hellman
b. RSA, Elliptic Curve, DSS
c. Elliptic Curve, Diffie-Hellman, DSS
d. RSA, Diffie-Hellman, DSS
e. RSA, Diffie-Hellman, SFLASH
10. The “man-in-the-middle” attack is attack against:
a. Hash functions
b. Key distribution centers
c. Symmetric key algorithms
d. Public-key algorithms
e. Kerberos

11. Two most common cryptographic techniques for message authentication are:
a. Digital signatures and key production
b. Encryption and decryption
c. Digital signatures and encryption
d. Universal hashing and digital signatures
e. MAC and secure hash function

12. What is the message digest size of SHA-1:

a. 128 bits
b. 160 bits
c. 192 bits
d. 256 bits
e. 512 bits

13. DSS uses the following hash function:

a. SHA
b. Whirlpool
c. MD5
d. MD4
e. MD2

14. Kerberos is:

a. A part of PKI.
b. A part of X.509 public-key infrastructure.
c. An authentication service designed for use in a distributed environment.
d. A pubic-key based key distribution center
e. A symmetric key based key distribution center

15. For digital signatures PGP uses:

a. ECC and SHA or Diffie-Hellman and SHA
b. DSS and SHA or RSA and SHA
 c. DSS and MD5 or RSA and MD5
d. DSS and MD4 or RSA and MD4
e. ECC and MD4 or DSS and MD4

16. Which three functional areas are present in IPSec:

a. Encryption, decryption, authentication
b. Encryption, key distribution, authentication
c. Authentication, confidentiality, digital signatures
d. Authentication, confidentiality, key management
e. Link encryption, end-to-end encryption, low layer encryption

17. Secure Electronic Transaction (SET) is:

a. An open encryption and security specification designed to protect credit card
transactions on the Internet.
b. A proprietary encryption standard for smart cards.
c. An open encryption standard for smart cards.
d. A part of SSL/TLS protocol
e. A part of S/MIME protocol

18. A “clandestine user” is:

a. An individual who is not authorized to use the computer.
b. A legitimate user who accesses data, programs or resources for which such access
is not authorized.
c. An individual who seizes supervisory control of the system and uses this control
to evade auditing and access controls or to suppress audit collection.
d. An individual who penetrate a system’s access controls to exploit a legitimate
user’s account
e. A legitimate user who accesses data, programs or resources but misuses his or her
privileges.

19. A “Backdoor” is:

a. A code embedded in some legitimate program that is set to “explode” when
certain conditions are met.
b. A program or command procedure that contains hidden code that when invoked
performs unwanted or harmful function.
c. A security entry point into a program that allows someone to gain access without
going trough usual security procedures.
d. A program that secretly takes over another Internet-attached computer.
e. A program that installs other items on a machine that is under attack.
20. The following control service is not the part of the Firewall services:
a. Service control
b. Content control
c. Direction control
d. User control
e. Behavior control
 KEY for Part 3
1. c

2. b

3. a

4. c

5. e

6. a

7. d

8. a

9. b

10. d

11. e

12. b

13. a

14. c

15. b

16. d

17. a

18. c

19. c

20. b