Homework 5

Total points 10

Question 1 A file system design maintains per-user lists of files and directories they are allowed to access along with permissions for each. This approach is called: 1 point

• Access Control Lists

• None of these options

• Access Control Matrix

• Capabilities

SOLUTION-Capabilities

Question 2 A file system design maintains, for each file or directory, the list of all users who are allowed to access it, along with permissions for each. This approach is called: 1 point

• Access Control Matrix

• None of these options

• Capabilities

• Access Control Lists

SOLUTION-Access Control Lists

Question 3 Which of the following is true of public-private key (asymmetric) cryptography (select the best option)? 1 point

• Anything encrypted with a private key can be decrypted only with the matching public key.

• All these options are true.

• In a public-private key pair, the public key and private key should be different.

• Anything encrypted with a public key can be decrypted only with the matching private key.

SOLUTION-All these options are true.

Question 4 Alice needs to send a message to Bob. She creates the message and then encrypts it with Alice’s private key. She then sends this to Bob, knowing that Bob is the only one who will be able to decrypt it. Then: 1 point

• This does not work, as Bob cannot decrypt the message since he does not have Alice’s private key.

• This does not work, as Alice should have instead used Bob’s private key to encrypt the message.

• This does not work as the message is open to violation of confidentiality since anyone with Alice’s public key can decrypt the message.

• This works, as Bob is the only principal who can decrypt this message.

SOLUTION-This does not work as the message is open to violation of confidentiality since anyone with Alice’s public key can decrypt the message.

Question 5 In authentication systems, a “ticket”: 1 point

• Can be issued by one client to another but cannot be issued by a third party server

• Is a signature

• Is a way of direct authentication between two clients

• Contains encrypted information, such as a shared key, for a pair of clients to communicate with each other over an insecure channel

SOLUTION-Contains encrypted information, such as a shared key, for a pair of clients to communicate with each other over an insecure channel

Question 6 While creating a digital signature, one should hash the message first and then encrypt it because: 1 point

• That’s how it’s done, people!

• Hash is fast and its output is small, thus the encryption needs to work on only a small piece of data.

• One cannot encrypt a raw message – it needs to be hashed first.

• Otherwise decryption would not work

SOLUTION-Hash is fast and its output is small, thus the encryption needs to work on only a small piece of data.

Question 7 In a digital certificate given by a credit card company to your phone (e.g., Apple Pay or Google Wallet), the following fields are present: name, credit card number, CVV number (3 digits on back of card), issuing bank (MasterCard, Visa, etc.), certificate type (credit or debit card). The signature is constructed by adding (or mixing) the following fields together and then encrypting the result with the private key of the issuing authority: name, credit card number, CVV number. The entire certificate is sent in plain text.

In this approach, an attacker: 1 point

• Can modify the certificate type without invalidating the certificate

• Can modify the hash without invalidating the certificate

• Can modify the CVV number without invalidating the certificate

• Can modify the name without invalidating the certificate

SOLUTION-Can modify the certificate type without invalidating the certificate

Question 8 Alice would like Charlie to be able to access Alice’s file, and any other principal should be able to verify this certificate. Alice creates a digital certificate and includes a digital signature therein. The digital signature should use encryption using: 1 point

• The private key of a third party

• The public key of a third party

• Charlie’s public key

• Alice’s private key

SOLUTION-Alice’s private key

Question 9 When a datacenter outage starts, which of the following factors typically contributes to the outage being prolonged (select the best option)? 1 point

• All of these options

• Existing and undiscovered bugs

• Incoming traffic does not stop

• Aggressive behavior among processes, e.g., re-mirroring of data without backoff

SOLUTION-All of these options

Question 10 Which of the following approaches will likely NOT directly reduce the downtime suffered by customers or applications due to a datacenter outage? 1 point

• Providing frequent updates and post-mortems to customers

• Replication of data and services across providers

• Replication of data and services across datacenters

• Better documentation by the provider, especially of steps to take in case of an outage

SOLUTION-Providing frequent updates and post-mortems to customers