辅导CSE3400、辅导book + notes、C/C++讲解、讲解Java,Python程序语言 解析R语言编程|讲解留学生Proces
- 首页 >> Web CSE3400 Final Exam
Calculators are allowed
Closed book + notes.
Review HW Problems. An answer guide for HW5 will be available immediately after the due date.
Chapter 3: MAC
Know what a MAC is, but I won't ask you to prove or disprove something is a MAC. You will
have to use them though.
Know that MAC's are symmetric key systems.
Their purpose is to ensure integrity not secrecy
key holders can create a “tag” of any message
key holders can verify that the given tag and message are authentic (i.e., an adversary cannot
forge a tag without having the secret key)
Know the differences between MAC and digital signatures (beyond the latter being public key
of course).
Know how CBC MAC works to MAC a message of arbitrary, but fixed, length. Know the
definition of CBC MAC.
Chapter 5:
Know the definition of public key encryption
Be able to prove something is not a secure public key system
What is the difference between EAV and CPA in public key enc.? (Hint: there is none – but why?)
Know the DH key exchange protocol and text-book RSA. If you need OAEP I will provide you
the definitions
Be able to derive a public/private key given small numbers for textbook RSA.
Given the definition of OAEP, understand the meaning behind it (e.g., why pad with 0's?
Why pad with random “r”?)
If you need ElGamal, I will give you the definitions
Be able to construct MitM attacks against protocols (e.g., key exchange, enc., or more broad –
much like on HW4)
Chapter 7:
Know the SSL/TLS handshake protocol and why each part is important (e.g., why is it
important that both server and client choose “nonces”)
I will provide you with the general handshake protocol – but know why each part of it is
important for security
Also know how many keys are actually established at the end – and why? Also, why not
just use a single session key?
Given a variant of the handshake protocol, show it is insecure.
Know about certificate authorities – what problem do they solve? What are the strengths and
weaknesses of that system? What, at a minimum, must be in a certificate and why?
Know the history of SSL/TLS – not exact dates, but what was the difference in v2 and v3 for
instance?
What security guarantees does SSL/TLS give?
What is the cipher suite downgrade attack?Wireless Security:
Given the four-way handshake used by WPA2, explain the importance of each step or certain
design choices
Given a modified handshake protocol, show it is insecure by constructing an actual attack.
Know the general history of WEP/WPA/WPA2 (not exact dates necessarily)
General (Combination of Chapters 3,5, and 7, plus past work):
Be able to construct attacks against a given protocol given a particular attack model (e.g., EAV
or MitM)
Be able to construct a secure protocol (e.g., key exchange), given certain tools and a security
model.
Calculators are allowed
Closed book + notes.
Review HW Problems. An answer guide for HW5 will be available immediately after the due date.
Chapter 3: MAC
Know what a MAC is, but I won't ask you to prove or disprove something is a MAC. You will
have to use them though.
Know that MAC's are symmetric key systems.
Their purpose is to ensure integrity not secrecy
key holders can create a “tag” of any message
key holders can verify that the given tag and message are authentic (i.e., an adversary cannot
forge a tag without having the secret key)
Know the differences between MAC and digital signatures (beyond the latter being public key
of course).
Know how CBC MAC works to MAC a message of arbitrary, but fixed, length. Know the
definition of CBC MAC.
Chapter 5:
Know the definition of public key encryption
Be able to prove something is not a secure public key system
What is the difference between EAV and CPA in public key enc.? (Hint: there is none – but why?)
Know the DH key exchange protocol and text-book RSA. If you need OAEP I will provide you
the definitions
Be able to derive a public/private key given small numbers for textbook RSA.
Given the definition of OAEP, understand the meaning behind it (e.g., why pad with 0's?
Why pad with random “r”?)
If you need ElGamal, I will give you the definitions
Be able to construct MitM attacks against protocols (e.g., key exchange, enc., or more broad –
much like on HW4)
Chapter 7:
Know the SSL/TLS handshake protocol and why each part is important (e.g., why is it
important that both server and client choose “nonces”)
I will provide you with the general handshake protocol – but know why each part of it is
important for security
Also know how many keys are actually established at the end – and why? Also, why not
just use a single session key?
Given a variant of the handshake protocol, show it is insecure.
Know about certificate authorities – what problem do they solve? What are the strengths and
weaknesses of that system? What, at a minimum, must be in a certificate and why?
Know the history of SSL/TLS – not exact dates, but what was the difference in v2 and v3 for
instance?
What security guarantees does SSL/TLS give?
What is the cipher suite downgrade attack?Wireless Security:
Given the four-way handshake used by WPA2, explain the importance of each step or certain
design choices
Given a modified handshake protocol, show it is insecure by constructing an actual attack.
Know the general history of WEP/WPA/WPA2 (not exact dates necessarily)
General (Combination of Chapters 3,5, and 7, plus past work):
Be able to construct attacks against a given protocol given a particular attack model (e.g., EAV
or MitM)
Be able to construct a secure protocol (e.g., key exchange), given certain tools and a security
model.