New England College WK1 Key Security Requirements of Confidentiality Paper –

New England College WK1 Key Security Requirements of Confidentiality Paper –

Programming –

Week 1 :

Describe the key security requirements of confidentiality, integrity, and availability.

Describe the X.800 security architecture for OSI.

Discuss the types of security threats and attacks that must be dealt with and give examples of the types of threats and attacks that apply to different categories of computer and network assets.

Explain the fundamental security design principles.

Discuss the use of attack surfaces and attack trees. List and briefly describe key organizations involved in cryptography standards.

Week 2:

.1 What are the essential ingredients of a symmetric cipher?

2.2 What are the two basic functions used in encryption algorithms?

2.3 How many keys are required for two people to communicate via a symmetric cipher?

2.4 What is the difference between a block cipher and a stream cipher?

2.5 What are the two general approaches to attacking a cipher?

2.6 Why do some block cipher modes of operation only use encryption while others use both encryption and decryption?

2.7 What is triple encryption?

2.8 Why is the middle portion of 3DES a decryption rather than an encryption?

Week 3:

Define the term message authentication code. List and explain the requirements for a message authentication code.

Explain why a hash function used for message authentication needs to be secured. Understand the differences among preimage resistant, second preimage resistant, and collision resistant properties. Understand the operation of SHA-512.

Present an overview of HMAC. Present an overview of the basic principles of public-key cryptosystems.

Explain the two distinct uses of public-key cryptosystems. Present an overview of the RSA algorithm. Define Diffie–Hellman key exchange. Understand the man-in-the-middle attack.

Week 4 :

4.1 List ways in which secret keys can be distributed to two communicating parties.

4.2 What is the difference between a session key and a master key?

4.3 What is a key distribution center?

4.4 What entities constitute a full-service Kerberos environment?

4.5 In the context of Kerberos, what is a realm?

4.6 What are the principal differences between version 4 and version 5 of Kerberos?

4.7 What is a nonce?

4.8 What are two different uses of public-key cryptography related to key distribution?

4.9 What are the essential ingredients of a public-key directory?

4.10 What is a public-key certificate?

4.11 What are the requirements for the use of a public-key certificate scheme?

4.12 What is the purpose of the X.509 standard?

4.13 What is a chain of certificates?

4.14 How is an X.509 certificate revoked?

Week 5:

5.1 Provide a brief definition of network access control.

5.2 What is an EAP?

5.3 List and briefly define four EAP authentication methods.

5.4 What is EAPOL?

5.5 What is the function of IEEE 802.1X?

5.6 Define cloud computing.

5.7 List and briefly define three cloud service models.

5.8 What is the cloud computing reference architecture?

5.9 Describe some of the main cloud-specific security threats.