Computer Security Principles | Exam Questions
With Complete Solutions 100% Verified Newest
2025
Security Policy - ANSWER What assets are we protecting and what properties are we
enforcing? (CIA, AAA)
Answers these question to determine where security needs to focused in an
organization
CIA - ANSWER Confidentiality, Integrity, Availability
Integrity - ANSWER Ensuring that a message sent across a network is not altered along
the way
Threat Model - ANSWER Who are the attackers and what are they capable of
Determining what type of attack to expect
Risk Assesment - ANSWER What are our weaknesses, what would the cost of a
successful attack, how likely is the attack
Confidentiality - ANSWER Ensure only trusted parties view the message
Availability - ANSWER Make sure trusted users can access the message at all times
AAA - ANSWER Authenticity, Anonymity, Accountability
,Authenticity - ANSWER Ability to determine if data issued by a user is genuine
Anonymity - ANSWER Transactions being unattributable to any certain origin
Accountability - ANSWER Requirement for actions of an entity to be traced uniquely to
that individual
Cheating on the final example
Bob needs to send a message to Alice and ensure the integrity of the message. They
don't know if Mallory will alter the message. - ANSWER Bob sends the plaintext message
along with the result of a f(m) to create v. Alice can use f to decode v and if it doesn't
match v Alice knows the message is incorrect.
f(m) properties - ANSWER We want a function that can alter m in a way that Mallory
cannot predict so they can't replicate v. It also needs to be reversible so Alice can
correctly decode it on reception
Generate consistent output
One to one mapping
Must be unknown to Mallort
Random Function f() - ANSWER Takes an input of any large size and returns a fixed
output. Maps each input to a possible output. Uses giant lookup table to pair inputs and
outputs
Is random function f() practical? - ANSWER No,
, The lookup table has to be huge and exchanged beforehand
PRF - ANSWER Pseudorandom Function (alternative to random function)
Function that looks random but isn't (therefore more practical)
This function is computable rather than needing a lookup table.
Using a PRF - ANSWER Start with a family of functions that can be known to Mallory (f0
... fn). Use fk where k is a secret key known to Alice and Bob.
Depends on secrecy of the key not the system
Kerchoff's Principles - ANSWER A system must be practically indecipherable
It shouldn't matter if the attacker has the function
Cheating example using a PRF - ANSWER Alice and Bob have exchanged a key k, Alice
sends Bob the message as well as the result of fk(m). Mallory knows all the functions but
doesn't know k so doesn't know which function was used to make v. If Mallory alters the
message they can't ensure v is altered correctly and Bob will notice the difference
Replay Attack - ANSWER Mallory can delay messages or send old ones the confuse Bob
Protection from Replay and Reordering attacks - ANSWER Use a different key each
message (needs to be communicated each time)
Do PRFs exists - ANSWER maybe
With Complete Solutions 100% Verified Newest
2025
Security Policy - ANSWER What assets are we protecting and what properties are we
enforcing? (CIA, AAA)
Answers these question to determine where security needs to focused in an
organization
CIA - ANSWER Confidentiality, Integrity, Availability
Integrity - ANSWER Ensuring that a message sent across a network is not altered along
the way
Threat Model - ANSWER Who are the attackers and what are they capable of
Determining what type of attack to expect
Risk Assesment - ANSWER What are our weaknesses, what would the cost of a
successful attack, how likely is the attack
Confidentiality - ANSWER Ensure only trusted parties view the message
Availability - ANSWER Make sure trusted users can access the message at all times
AAA - ANSWER Authenticity, Anonymity, Accountability
,Authenticity - ANSWER Ability to determine if data issued by a user is genuine
Anonymity - ANSWER Transactions being unattributable to any certain origin
Accountability - ANSWER Requirement for actions of an entity to be traced uniquely to
that individual
Cheating on the final example
Bob needs to send a message to Alice and ensure the integrity of the message. They
don't know if Mallory will alter the message. - ANSWER Bob sends the plaintext message
along with the result of a f(m) to create v. Alice can use f to decode v and if it doesn't
match v Alice knows the message is incorrect.
f(m) properties - ANSWER We want a function that can alter m in a way that Mallory
cannot predict so they can't replicate v. It also needs to be reversible so Alice can
correctly decode it on reception
Generate consistent output
One to one mapping
Must be unknown to Mallort
Random Function f() - ANSWER Takes an input of any large size and returns a fixed
output. Maps each input to a possible output. Uses giant lookup table to pair inputs and
outputs
Is random function f() practical? - ANSWER No,
, The lookup table has to be huge and exchanged beforehand
PRF - ANSWER Pseudorandom Function (alternative to random function)
Function that looks random but isn't (therefore more practical)
This function is computable rather than needing a lookup table.
Using a PRF - ANSWER Start with a family of functions that can be known to Mallory (f0
... fn). Use fk where k is a secret key known to Alice and Bob.
Depends on secrecy of the key not the system
Kerchoff's Principles - ANSWER A system must be practically indecipherable
It shouldn't matter if the attacker has the function
Cheating example using a PRF - ANSWER Alice and Bob have exchanged a key k, Alice
sends Bob the message as well as the result of fk(m). Mallory knows all the functions but
doesn't know k so doesn't know which function was used to make v. If Mallory alters the
message they can't ensure v is altered correctly and Bob will notice the difference
Replay Attack - ANSWER Mallory can delay messages or send old ones the confuse Bob
Protection from Replay and Reordering attacks - ANSWER Use a different key each
message (needs to be communicated each time)
Do PRFs exists - ANSWER maybe
