ﻢﻴﺣﺮﻟﺍ ﻦﻤﺣﺮﻟﺍ ﷲ ﻢﺴﺑ

King Abdulaziz University

Faculty of Computing and Information Technology

CPIS 312: Information Security Midterm Exam

1431/1432 (Term 1)

Student Name: Student ID:

1. The two major items in the Risk Management are: (1 point) a. Vulnerabilities and thread.

b. Confidential and integrity.

c. Integrity and availability.

d. Risk and cryptography.

2. Cryptanalysis is: (1 point)

a. is the art and science of making and breaking “secret codes.”

b. is the making of “secret codes.”

c. is the breaking of “secret codes.”

d. is a synonym for any or all of the above (and more).

3. Suppose that we use a block cipher to encrypt according to the rule

C0 = IV ⊕ E(P0,K), C1 = C0 ⊕ E(P1,K), C2 = C1 ⊕ E(P2,K), . . . What is the corresponding decryption rule? (3 points)

________________________________________________________________________________________

4. Suppose that Alice and Bob always use CBC mode encryption and they choose IVs in sequence. What are the security advantages and disadvantages of this approach compared with using a random IV? (4 points)

Advantage: _________________________________________________________________________________

Disadvantage: _______________________________________________________________________________

5. Suppose that a hash function generates a 12-bit output. If you hash 2¹⁰ randomly selected messages, how many collisions would you expect to find? (2 points)

___________________________________________________________________________________________

6. For DES, how many bits are in the key, how many bits are in a plaintext block, how many bits are in each subkey, how many rounds, and how many S-boxes? (8 points)

_____________________, ____________________, _____________________, _____________________.

7. DES swaps the output of the final round, that is, the ciphertext is not C = (L16,R16) but instead is C = (R16,L16).

What is the purpose of this swap? (2 points)

___________________________________________________________________________________________

___________________________________________________________________________________________

ﻢﻴﺣﺮﻟﺍ ﻦﻤﺣﺮﻟﺍ ﷲ ﻢﺴﺑ

King Abdulaziz University

Faculty of Computing and Information Technology

8. Consider the following mutual authentication protocol, where KAB is a shared symmetric key. Describe the purpose of each transaction shown (Note: R stands for a Random Number): (6 points)

a. “I’m Alice”, R : ______________________________________________________________________

b. E(R, KAB) : ______________________________________________________________________

c. E(R+1, K_AB) : ______________________________________________________________________

9. Encrypt the message (4 points) We are all together

using a columnar cipher with 4 rows and 4 columns, and the permutation (1, 2, 3, 4) −→ (3, 1, 2, 4) ________________________________________

10. Why is it a good idea to hash passwords that are stored in a file? (2 points)

___________________________________________________________________________________________

11. What is the keystream of the following key using A5/1 - 5 clocks only? (either 7 points or Zero) X:

Y:

Z:

The keystream of the following key using A5/1 are:

__ __ __ __ __

(Hint: the following diagram)

1 1 0 0 1 1 1 0 0 1 0 0 1 0 1 1 0 0 1

0 0 1 1 1 0 0 1 1 1 0 0 1 0 0 1 0 1 1 0 0 1

1 0 0 1 1 1 0 0 1 1 1 0 0 1 0 0 1 0 1 1 0 0 1