AKs

Question 1

One evaluation criterion for electronic payment systems is traceability. Briefly explain its meaning! Describe the conflict of interest concerning customers and service providers!

Answer 1

The payment transfer allows to conclude who has used the money, what the money has been used for and where the money has been used.

Customers will be interested in anonymity,

while service providers will request traceability.

Question 2

Name 4 other evaluation criteria for electronic payment systems!

Answer 2

• System security,
• transaction costs
• online-checking requirements
• acceptability
• transferability
• divisibility.

Question 3

Name a secure up-to-date hash algorithm which is currently used

Answer 3

Secure Hash Algorithm (SHA) - latest version is SHA-3

(known practical attacks on MD5)

Question 4

strong collision resistance?

Answer 4

“two arbitrary byte sequences result in the same hash values with a probability of

2^(-x) = 1/y

y = Länge obere Schranke

Question 5

Name an advantage as well as a disadvantage of link state routing! Also state one routing protocol which uses link state routing.

Answer 5

• Advantage: Routers can react fast to changes in network topology and does not have to deal with the count-to-infinity problem.
• Disadvantage: Quite large overhead due to flooding.
• Examples:
• *OSPF** (Open Shortest Path First),
• *IS-IS** (Intermediate System to Intermediate System Protocol).

Question 6

What are the two key quality measurements in information retrieval? Give a short defi- nition of each of them.

Answer 6

• Recall: The ratio of relevant documents retrieved for a given query over the number of relevant documents for that query in a database. The highest value of recall is achieved when all relevant documents are retrieved.
• Precision: The ratio of the number of relevant documents retrieved over the total number of documents retrieved. The highest value of precision is achieved when only relevant documents are retrieved.

Question 7

To measure the similarity of words the Hamming distance and the Editing distance can be used. Give a short definition of each of them.

Answer 7

• Hamming distance: Hamming distance gives the number of positions in the words with different characters.
• Editing distance: The Editing distance gives the number of operations needed to transform a word into another. Possible operations are insertion, deletion and replace.

Question 8

OFB (dis-)advantage

Answer 8

AD:

the necessary encryptions of the initial vector can be computed prior to the encryption of the plaintext!
1-bit flip of ciphertext affects single bit of plaintext only

DisAD:

Can not recover from loss of a block

Prone to attack

Question 9

The routing slgorithm OSPF is mainly used within autonomous systems, whereas EGP and BGP are used between autonomous systems.

Answer 9

TRUE

Question 10

Komplexität

Answer 10

• In KMP: worst case is O(n)
• BM: worst case is O(n*m), but average (& best) case is O(n/m).
• Editing distance average: O(n^2)
• Native approach average: O(n*m)

Question 11

Triple DES is an enhanced stream chipger which applies the data Encryption Standard chipher algorithm three times to the data stream. It was deigned to overcome the weakness of DES.

Answer 11

FALSE

Question 12

With Ecash, the issuing bank validates the coins by its value specific blind signature.

Answer 12

TRUE

Question 13

count-to-infinity-problem sentence

Answer 13

just the indexed cectors with distances, but no corresponding links are being distributed.

Question 14

flow control synonym

Answer 14

congestion-avoidance

Question 15

Why flow control in TCP? Which other protocol not need these mecahnisms and why?

Answer 15

• determine size of congestion window to avoid buffer overflow
• trasmission starts with small amount of data
• reliable data communication ca be realised
• UPD, because for fast transmission of data without guranteeing the reliability of the data transmission

Question 16

Explain the difference between authentication and authorisation.

other 2 requirements of secure communication

Answer 16

• Authentication: correct identification of the sender of a message
• Authorisation: function of specifying access rights to resources, e.g. file contents or transmission channels.
• Confidentiality: process of transforming information (pt) using an algorithm (chipher) to make it unreadable to anyone except those possessing special knowledge usually reffered to as a key.
• Integrity check: method to check wheather the data or data flow have been changed, e.g. with respect to sender, contetns ordering or time stamps

Question 17

abbreviation DES stand for?

symmetric or asymmetric method

main problem with these kinds of cryptographic methods

Answer 17

• Data Encryption Standard
• symmetric
• all symmetric methods require O(n^2) keys for a secure communication between n persons and the transmission of keys has to be done with highest security

Question 18

hybrid cryptosystem works

benefits compared to using only one category of cryptosystems

examples

Answer 18

• uses benefits of both symmetric and asymmetric methods
• symmetric like AES to generate a session key faster than asymmetric
• asymmetric like RSA to exchange private and public keys with higher security
• basically: big messages -> symmetric
• small data amount -> asymmetric

Question 19

Crypto Methods

Answer 19

Question 20

3 characteristics from FNCs (Federal Networking Council) definition of global information system “Internet”

Answer 20

• logically linked together by a globally unique address space based on IP
• communication using TCP/IP
• provides, uses or makes accessible high level services layered on the communications and related infrastructure described herein

Question 21

Hierarchical routing may lead to longer “shortest paths” than flat routing.

Answer 21

TRUE

Question 22

reasonable use case for hash algo

Answer 22

SSL certificates or digital signatures

Question 23

C₁ = AES₁₂₈(M),

C₂=RSA₁₂₈(M)

encypt via burte-force

Answer 23

attack C2 because there are only a fraction of possible keys which mathematically work.

dont have to try all keys like in AES

Question 24

one and only verifiable method of encrypting a message so that no other person except the intended receiver will ever be able to decrypt the messyge? Which resitrictions must be followed?

Answer 24

One-time pad

key has to be truly random,

as alrge as or greater than the plaintext,

never reused in whole or part and

kept secret.

(impossible to decrypt without knowing the key)

Question 25

The S-box provides the ccore of the security of the Data Encryption Standard. Why?

Answer 25

Without them, the cipher would be linear, and trivially breakably by differential cryptanalysis.

Question 26

What are the three different levels of Electronic Payment Systems?

Answer 26

• Fist level (two party stored-value system): Client may buy at the emitter only.
• Second level (three-party stored-value system): Client may buy at other places/shops as well.
• Third level (open-loop stored-value system): Currency-like “open-loop” system: electronic money may circulate freely through several transactions.

Question 27

slow start & flow control

Answer 27

• slow start to prevent overloading the network
• window size (in TCP header) based on the buffer size of the receiver
• capacity of the network as well: congestion window (CWnd)
• In detail: 1MSS sent -> doubled if acknowledged
• until timeout or windowsize is reached
• threshold = CWnd/2 whenever timer expires
• threshld is reached -> increase CWnd linear not exponentially like before