| Uploader: | Tidus23 |
| Date Added: | 15.12.2018 |
| File Size: | 38.62 Mb |
| Operating Systems: | Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X |
| Downloads: | 34472 |
| Price: | Free* [*Free Regsitration Required] |
Introduction to Computer Security Pdf - libribook
About the Introduction To Computer Security Goodrich PDF Free Download AuthorProfessors Goodrich and Tamassia are well-recognized researchers in computer security, algorithms and data structures, having published many papers on these subjects, with applications to computer security, cryptography, cloud computing, information visualization, and geometric computing Introduction to Computer Security is a new Computer Security textbook for a new generation of IT professionals. It is ideal for computer-security courses that are taught at the undergraduate level and that have as their sole prerequisites an introductory computer science sequence (e.g., CS 1/CS 2) Introduction to Computer Security 1st Edition Goodrich Solutions Manual - Read online for free. Full download: blogger.com Introduction to Computer Security 1st Edition Goodrich
Introduction to computer security goodrich pdf download
Solutions Manual Introduction to Computer Security Version 1. Goodrich and R. This is sample only, Download all chapters at: testbankreal. Goodrich and Roberto Tamassia, published by Addison Wesley.
It is intended for use by instructors adopting the book in a course. Please contact the authors if you find errors in the solutions. You are not allowed to make the solutions available on a publicly accessible Web site. Solution Scalability: with public-key encryption, multiple users can send encrypted mes- sages to Alice using her public key and these messages can be decrypted only by Alice; thus, a linear number of public-private key pairs need to be established, distributed and protected to allow pairwise confidential communication between any two users; instead, symmetric encryption requires a quadratic number of secret keys.
Efficiency: existing sym- metric encryption methods are much faster and use much shorter keys than existing public- key encryption methods. Usability: symmetric-key encryption is easier to understand by an non-expert than public-key encryption. Problem R What kind of attack is this and what are some of its risks? Solution This is a Trojan horse, since it has a hidden malicious action that goes with a useful service.
Solution There are many examples. One possibility would be to use a weak encryption algorithm, like the Caesar cipher and try to keep secret the type of algorithm introduction to computer security goodrich pdf download you are using, in addition to keeping the key secret. The problem with this approach is that if someone guesses you are using such an algorithm or is able to reverse engineering your software, then they will discover your algorithm. Introduction to computer security goodrich pdf download there it is a simple matter to break your weak encryption scheme.
Thus, when using the standard 8-bit ASCII encoding, about 6. Compute the probability that a random array of t bytes corresponds to English text. Given that the information content of English text is 1.
Given that keys are short, an attacker is using a brute-force exhaustive search method to decrypt a ciphertext of t bytes. Estimate the probability of uniquely recovering the plaintext corresponding to the ciphertext for the following values introduction to computer security goodrich pdf download t: 8, 64, and Solution Brute-force decryption generates candidate plaintexts, one for each possible key value.
Since this number is less than one for the given values of t, the attack is expected to always recover the plaintext. What is the number of 8-character passwords that could be constructed from such a character set? How long, on average, would it take an attacker to guess such a password if he could test a password every nanosecond?
Solution There are possible passwords with 8 ASCII characters. This is 9, seconds or about days. Creativity Problem C Solution Take a file and introduction to computer security goodrich pdf download a digital signature on that file from the owner of that file or from another trusted authority. Problem C Describe how a user could discover that his ISP is doing this.
Solution Suppose the user bought both VoIP solutions. He could then do a set of simple end-to-end performance tests to see if one had degraded throughput with respect to the other in terms of packet delivery. Moreover, suppose you know that a security administrator is also aware of this fact and will be using it to detect the presence of your virus in operating systems files, as described in the previous problem. Explain how you can hide the embedded copy of your virus so that it is difficult for the security administrator to find it.
Solution If the embedded virus code is stored in encrypted form and only decrypted just before it is replicated in another operating system file, then it would be difficult to see the repeated pattern when the virus is at rest inside the infected file, introduction to computer security goodrich pdf download. Alice walked up, put in her ATM card, successfully entered her 4-digit PIN, and took some cash. But she was not able to get her card back, so she drove off to find help.
Solution Since Benny broke 5 different keys and Alice was still able to enter her PIN, it must only use the 5 remaining keys. In the worst case, Benny will have to enter before he enters the correct one. In a first attempt, Barack exchanges with Tim brief text messages, encrypted with public-key cryptography, to decide the exact amounts of bailout money to give to the largest 10 banks in the country.
Let pB and pT be the public keys of Barack and Tim, respectively. A message m sent by Barack to Tim is transmitted as EpT m and the reply r from Tim to Barack is transmitted introduction to computer security goodrich pdf download EpB r.
The attacker can eavesdrop the communication and knows the following information:. Describe how the attacker can learn the bailout amount for each bank even if he cannot derive the private keys.
Solution The attacker performs a dictionary attack. Since the message format is fixed and there are 10 possible banks and possible bailout amounts, the attacker encrypts the 10 candidate messages from Barack one for each bank using public key pBintroduction to computer security goodrich pdf download the candidate responses from Tim one for each bailout amountusing public key pT.
The attacker then matches the ciphertexts exchanged by Barack and Tim with the precomputed ones and determines the corresponding plaintexts. Note that the attacker does not need access to the private keys used by Barack and Tim. Describe two simple modifications of the protocol that are not subject to the above attack. The first one should use random numbers and the second one should use symmetric encryption. Solution In the first case, Barack can add a random value with b bits to his message, which increases the number of possible messages by a factor of 2b.
In the second case, Barack can first encrypt a random key K for a symmetric encryption scheme, and then send the encrypted version of K along with an encryption of his actual message using key K and the symmetric cryptosystem. He does not care about confidentiality of these messages but wants to get credit for the jokes and prevent Bill from claiming authorship of or modifying them.
How can this be achieved using public-key cryptography? First, he shares a secret key k with Hillary but not with Bill. Does value d provide assurance to Hillary that Barack is the author of x and that x was not modified by Bill? Justify your answer. The reason is that a cryptographic hash function is one-way, Bill cannot recover the key k from value d, Thus, introduction to computer security goodrich pdf download, Hillary knows that only Barack could have computed value d from joke x.
Also, if Bill replaces joke x with a joke of his, x0it would infeasible for Bill to compute the MAC value corresponding to x0. He wants to share these ideas with all the cabinet members but also get credit for the ideas. Extending the above approach, he shares a secret key k with all the cabinet members. Next, he broadcasts each idea z followed by value h k z.
Does this approach work or can Tim claim that he came up with the ideas instead of Barack? Solution Barack is using a message authentication code MAC.
However, since all cab- inet members know the secret key, k, they infer that the idea z came from either Barack or one of them. However, it is impossible to determine exactly the individual in this group who had idea z.
Indeed, introduction to computer security goodrich pdf download, any of the people who know key k can compute the MAC value of an idea and claim ownership of the idea. Thus, Tim can claim he is the one who came up with the ideas.
The client and server use constant space for authentication. Every time the client authenticates to the server, a different random value for authen- tication is used for example, if you have n authentication rounds, introduction to computer security goodrich pdf download, the client and the server have to use n different random values—this means that sharing a key initially and using it for every round of authentication is not a valid solution.
Solution One solution is to have the client and server use public-key cryptography for authentication and then send the random messages as a way of issuing challenge-responses, say, by having the client send the server a digitally-signed copy of the random string. The problem with this approach is that it is subject to replay attacks. Someone listening in to this communication could replay it to the server and then be authenticated as the original client. Alice and Bob already share a secret key KAB for a symmetric cryptosystem.
Alice sends a random value NA to Bob along with her id, A. Bob sends encrypted message EKAB NAintroduction to computer security goodrich pdf download, NB to Alice, where NB is a random value chosen by Bob. Alice sends back EKAB NB.
Bob generates session key introduction to computer security goodrich pdf download and sends EKAB k to Alice. Now Alice and Bob exchange messages encrypted with the new session key k. Describe a possible attack for this authentication method. Can we make the method more secure by lifting the assumption that the random values and the keys have the same number of bits?
Solution In the first three steps, the attacker, Eve, introduction to computer security goodrich pdf download, observes random values NA and NB and their ciphertexts, EKAB NA and EKAB NBcomputed by Alice and Bob. In the fourth step, Eve replaces message EKAB k sent by Bob to Alice with EKAB NA or EKAB NB. Thus, Eve induces Alice to use NA or NB as the session key, which is known to Eve. When Alice sends a message to Bob using session key NA or NBEve can decrypt it. This attack does not work when the key has length different from the random values as Alice can check the length of the key.
Now they are no longer sure they still have the same key, introduction to computer security goodrich pdf download. Thus, they use the following method to communicate with each other over an insecure channel to verify that the key KA held by Alice is the same as the key KB held by Bob. Their goal is to prevent an attacker from learning the secret key. Alice generates a random n-bit value R. Alice compares R and Y. Show how an attacker eavesdropping the channel can gain possession of the shared secret key.
Solution The attacker eavesdrops X and Y. Explain how this could lead to a false sense of security in the case of a phishing attack. Solution The name for the phishing website needs to match the digital certificate but could be different from the name of the legitimate website being spoofed. Thus, the browser can display a closed lock for introduction to computer security goodrich pdf download phishing website.
Solution Create a directory, foo, in the home directory, which does not have read access rights for everyone, but has exec rights for everyone.
Introduction to Computer Security - Information Security Lesson #1 of 12
, time: 41:47Introduction to computer security goodrich pdf download
About the Introduction To Computer Security Goodrich PDF Free Download AuthorProfessors Goodrich and Tamassia are well-recognized researchers in computer security, algorithms and data structures, having published many papers on these subjects, with applications to computer security, cryptography, cloud computing, information visualization, and geometric computing Introduction to Computer Security is a new Computer Security textbook for a new generation of IT professionals. It is ideal for computer-security courses that are taught at the undergraduate level and that have as their sole prerequisites an introductory computer science sequence (e.g., CS 1/CS 2) Introduction to Computer Security 1st Edition Goodrich Solutions Manual - Read online for free. Full download: blogger.com Introduction to Computer Security 1st Edition Goodrich
No comments:
Post a Comment