אמרת2024

Non-repudiation is a key concept in computer security and refers to the assurance that someone cannot deny the validity of something. Specifically, it ensures that: The sender of a message cannot deny having sent it. The receiver of a message cannot deny having received it.

Prints a status about the user: This is incorrect. The usermod command is not used to print user status. To print user information, you would use commands like id, whoami, or getent passwd. Creates a new group in the system: This is incorrect. The usermod command does not create a new group. The command to create a group is groupadd. Creating a new user in the system: This is incorrect. To create a new user, you would use the useradd command, not usermod. Neither answer is correct: This is correct because none of the options accurately describe the usermod command. Defines the user's home directory: This is correct. The usermod command can be used with the -d option to change a user's home directory.

A. Always use the same key: This is incorrect because while CBC does use the same key for all blocks in a single session, it's not considered an advantage specific to CBC. Reusing the same key over multiple sessions can be insecure if not paired with an initialization vector (IV) for each message. B. In decoding, an error in the information in a block will not affect any other block: This is incorrect. In CBC, if there's an error in one block, it propagates to subsequent blocks during decryption. This is known as error propagation. So, an error in one block can affect other blocks. C. Encryption of one block does not depend on the next block and this is an advantage in security: This is incorrect because, in CBC, each block's encryption depends on the previous block (and the IV for the first block). This interdependence provides some security benefits, but this description does not apply to CBC. Real Advantage of CBC: One of the key advantages of CBC is that the same plaintext block will encrypt to different ciphertexts if it appears in different positions in the message, due to the XOR with the previous block's ciphertext. This ensures more secure encryption compared to modes like Electronic Codebook (ECB). Since none of the provided answers describe CBC correctly, D (Neither answer is correct) is the appropriate choice.

Key Data: Total authentication attempts per day: 1000 Impersonation attempts per day: 20 Threshold point: X = 0.2, Y = 0.95 (FAR = 0.2, TAR = 0.95) 1. Calculating Missed Impersonation Attempts (FAR): The False Acceptance Rate (FAR) at this threshold is 0.2, which means 20% of the impersonation attempts will be incorrectly accepted as legitimate users. Since there are 20 impersonation attempts per day, the number of missed attempts (incorrectly accepted impersonators) is: Missed impersonation attempts = 20 × 0.2 = 4 Missed impersonation attempts=20×0.2=4 2. Calculating False Rejections (FRR): The True Acceptance Rate (TAR) is 0.95, which means 95% of legitimate users are correctly accepted. The False Rejection Rate (FRR) is the percentage of legitimate users incorrectly rejected: FRR = 1 − TAR = 1 − 0.95 = 0.05 FRR=1−TAR=1−0.95=0.05 Since there are 980 legitimate attempts (1000 total attempts minus 20 impersonation attempts), the number of false rejections per day (incorrectly rejected legitimate users) is: False rejections = 980 × 0.05 = 49 False rejections=980×0.05=49 Answer: The number of missed impersonation attempts per day is 4, and the number of false rejections per day is 49. Therefore, the correct answer is 49:4.

Let's break down the problem and explain why the correct answer is as follows: Understanding DES-5 System: The encryption for DES-5 is structured as: 𝐶 = DEC 𝐾 1 ( ENC 𝐾 2 ( ENC 𝐾 3 ( DEC 𝐾 4 ( ENC 𝐾 5 ( 𝑀 ) ) ) ) ) C=DEC K1 ​ (ENC K2 ​ (ENC K3 ​ (DEC K4 ​ (ENC K5 ​ (M))))) Given: K2 = K3 and K4 = K5, this reduces the system to 3 unique keys: 𝐾 1 K1, 𝐾 2 / 𝐾 3 K2/K3, and 𝐾 4 / 𝐾 5 K4/K5. Since each key is 56 bits, brute-forcing a single key requires testing 2 56 2 56 possible keys. For DES-5, with 3 unique keys to brute-force, the total number of combinations is: Time complexity for DES-5 = 𝑂 ( 2 56 ) × 𝑂 ( 2 56 ) × 𝑂 ( 2 56 ) = 𝑂 ( 2 3 × 56 ) = 𝑂 ( 2 168 ) Time complexity for DES-5=O(2 56 )×O(2 56 )×O(2 56 )=O(2 3×56 )=O(2 168 ) Thus, the brute-force time complexity for DES-5 is O(2^168). Understanding DES-2 System: For the DES-2 system, it uses 2 unknown keys, each 56 bits long. To brute-force both keys, you would have to try all combinations of the two keys, resulting in a time complexity of: Time complexity for DES-2 = 𝑂 ( 2 56 ) × 𝑂 ( 2 56 ) = 𝑂 ( 2 2 × 56 ) = 𝑂 ( 2 112 ) Time complexity for DES-2=O(2 56 )×O(2 56 )=O(2 2×56 )=O(2 112 ) Thus, the brute-force time complexity for DES-2 is O(2^112). Answer: Method A (DES-5) has a brute-force time complexity of O(2^{168}), or O(2^{3 \times 56}). Method B (DES-2) has a brute-force time complexity of O(2^{112}), or O(2^{2 \times 56}). This matches the correct answer: Method A: O(2^{3 \times 56}) Method B: O(2^{2 \times 56})

Message Authentication Code (MAC): Purpose: A MAC is used to ensure the integrity and authenticity of a message, ensuring that the message has not been tampered with and that it comes from a legitimate source. Key-based: The MAC is generated using a secret key shared between the sender and the receiver. Integrity: It ensures the integrity of the message but does not guarantee non-repudiation, since both the sender and receiver share the same key. Either party could have generated the MAC, so the sender can deny having sent the message. Digital Signature (DS): Purpose: A digital signature is used to ensure authenticity, integrity, and non-repudiation. It provides evidence that the message originated from a specific sender and that the message has not been altered. Public/Private key-based: The digital signature is generated using the sender’s private key, and the receiver can verify it using the sender’s public key. Non-repudiation: A key difference is that a digital signature provides non-repudiation, meaning the sender cannot deny having signed the message, since only the sender holds the private key used for signing.

Here's an explanation of each option: SHA-256: What it does: SHA-256 is a cryptographic hash function, not an encryption algorithm. It takes an input and produces a fixed-size (256-bit) hash. Hash functions are typically used for integrity checks, not for encryption or message transmission. Conclusion: It does not transmit encrypted messages. Diffie-Hellman: What it does: Diffie-Hellman is a key exchange algorithm used to securely exchange cryptographic keys over a public channel. It does not directly encrypt or transmit messages but helps establish a shared secret key for later encryption. Conclusion: It does not directly transmit encrypted messages. Digital Signature: What it does: A digital signature is used to verify the authenticity and integrity of a message, ensuring it was sent by the claimed sender and has not been altered. It does not encrypt the message itself. Conclusion: It does not transmit encrypted messages. Random Salt: What it does: A salt is random data added to a password or message before hashing, typically to enhance security in password storage. It is not used for encryption or transmission of messages. Conclusion: It does not transmit encrypted messages.

Use of password only and not 2-way verification: While not using 2-factor authentication (2FA) increases risk, it does not necessarily constitute a clear vulnerability. It would be considered a security weakness or bad practice, but not necessarily a vulnerability by itself. This is why it's likely not included in the final answer. Using telnet to configure the system: Vulnerability: Telnet transmits data, including passwords, in plain text, making it susceptible to eavesdropping. It’s a known security risk, especially when configuring systems remotely. More secure alternatives like SSH should be used. Failure to keep activity logs: Vulnerability: Without activity logs, tracking unauthorized access or detecting security breaches becomes difficult. It is a significant vulnerability, as you would have no evidence of suspicious activity or intrusions. Using default passwords on networked devices: Vulnerability: Default passwords are well-known and easily exploitable by attackers. Failure to change default passwords is a classic security vulnerability. Answer 2, 3, 4: This suggests that the most severe vulnerabilities identified are those in answers 2, 3, and 4. All three involve clear, well-established vulnerabilities in system security. Everything: This would imply that all the items listed are vulnerabilities. However, as mentioned earlier, not using 2FA is more of a bad practice than a direct vulnerability, which is likely why this was not the correct answer.

Firewalk (L4 determination) An active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass (TCP/UDP) Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway ▪ If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. Else, it will likely drop the packets.