Short Answer: (3 points each)
1. List and briefly describe the principal physical characteristics used for biometric identification.
2. What is multi-factor authentication? Why does it provide better protection?
3. What are the techniques to minimize password cracking?
4. What are the categories of access controls? Define each category.
5. How many keys are required for two people to communicate via a symmetric cipher?
6. What is a public-key certificate? What is the need for public-key certificates?
7. What is the difference between a private key and a secret key?
8. Define the two types of symmetric key cryptography.
9. What are the key features of the RSA algorithm?
10. List the minimum security requirements in an information security program for protecting confidentiality, integrity, and availability.
Problems/Long Answer (7 points each)
1. Why was it necessary to move beyond DES? Why has it been necessary to move beyond 3DES? Describe the encryption standard used to replace 3DES?
2. Why are public-key algorithms usually used just to establish a symmetrically encrypted communications channel?
3. A relatively new authentication proposal is the Secure Quick Reliable Login (SQRL). It is described at https://www.grc.com/sqrl/sqrl.htm. Briefly summarize how SQRL works and indicate how it fits into the categories of types of user authentication. Provide the benefits and identify any possible security issues with SQRL.
4. What is the purpose of evaluating an IT product against a trusted computing evaluation standard?
5. What properties must a hash function have to be useful for message authentication?
6. What are the features of the NIST RBAC standards?
7. Describe three types of password attacks. For each type of attack, provide an example of an authentication technique that can minimize or reduce the likelihood of the attack being successful.
8. What are the challenges of biometrics?
9. Provide a comparison of access control lists (ACL) and capability lists.
10. Describe three commonly used security architectural frameworks, as discussed in class.