Instructions: Answers can be submitted on a separate answer key or can be inserted into this document.

Short Answer: (3 points each)

  • 1.List and briefly describe the principal physical characteristics used for biometric identification.
  • 2.What is multi-factor authentication? Why does it provide better protection?
  • 3.What techniques can be used to minimize password cracking?
  • 4.What are the categories of access controls? Define each category.
  • 5.How many keys are required for two people to communicate via a symmetric cipher?
  • 6.What is a public-key certificate? What is the need for public-key certificates?
  • 7.What is the difference between a private key and a secret key?
  • 8.Define the two types of symmetric key cryptography.
  • 9.What are the key features of the RSA algorithm?
  • 10.Why are public-key algorithms usually used just to establish a symmetrically encrypted communications channel?

Problems/Long Answer (7 points each)

  • 1.Why was it necessary to move beyond DES? Why has it been necessary to move beyond 3DES? Describe the encryption standard used to replace 3DES?
  • 2.As a part of a formal risk assessment of the external server in a small Web design company, you have identified the asset “integrity of the organization’s Web server” and the threat “hacking and defacement of the Web server.” Suggest reasonable values for the items in the risk table for this asset and threat, and provide justifications for your choices.
  • 3.A relatively new authentication proposal is the Secure Quick Reliable Login (SQRL). It is described at https://www.grc.com/sqrl/sqrl.htm. Briefly summarize how SQRL works and indicate how it fits into the categories of types of user authentication. Provide the benefits and identify any possible security issues with SQRL.
  • 4.What is the purpose of evaluating an IT product against a trusted computing evaluation standard?
  • 5.What properties must a hash function have to be useful for message authentication?

6. What are the features of the NIST RBAC standards?

7. Describe three types of password attacks. For each type of attack, provide an example of an authentication technique that can minimize or reduce the likelihood of the attack being successful.

8. What are the challenges of biometrics?

9. Provide a comparison of access control lists (ACL) and capability lists.

10. How is an Internet proxy server related to the Clark-Wilson Security Model?