ﺑﺴﻢ ﷲ ﺍﻟﺮﺣﻤﻦ ﺍﻟﺮﺣﻴﻢ
King Abdulaziz University
Faculty of Computing and Information Technology
CPIS 312: Information Security
Midterm Exam
1431/1432 (Term 1)
Student Name: Student ID:
1. The two major items in the Risk Management are: (1 point)
a. Vulnerabilities and thread.
b. Confidential and integrity.
c. Integrity and availability.
d. Risk and cryptography.
2. Cryptanalysis is: (1 point)
a. is the art and science of making and breaking “secret codes.”
b. is the making of “secret codes.”
c. is the breaking of “secret codes.”
d. is a synonym for any or all of the above (and more).
3. Suppose that we use a block cipher to encrypt according to the rule
C0 = IV ⊕ E(P0,K), C1 = C0 ⊕ E(P1,K), C2 = C1 ⊕ E(P2,K), . . .
What is the corresponding decryption rule? (3 points)
________________________________________________________________________________________
4. Suppose that Alice and Bob always use CBC mode encryption and they choose IVs in sequence. What are the
security advantages and disadvantages of this approach compared with using a random IV? (4 points)
Advantage: _________________________________________________________________________________
Disadvantage: _______________________________________________________________________________
5. Suppose that a hash function generates a 12-bit output. If you hash 210 randomly selected messages, how many
collisions would you expect to find? (2 points)
___________________________________________________________________________________________
6. For DES, how many bits are in the key, how many bits are in a plaintext block, how many bits are in each subkey,
how many rounds, and how many S-boxes? (8 points)
_____________________, ____________________, _____________________, _____________________.
7. DES swaps the output of the final round, that is, the ciphertext is not C = (L16,R16) but instead is C = (R16,L16).
What is the purpose of this swap? (2 points)
___________________________________________________________________________________________
___________________________________________________________________________________________
� ﺑﺴﻢ ﷲ ﺍﻟﺮﺣﻤﻦ ﺍﻟﺮﺣﻴﻢ
King Abdulaziz University
Faculty of Computing and Information Technology
8. Consider the following mutual authentication protocol, where KAB is a shared symmetric key. Describe the
purpose of each transaction shown (Note: R stands for a Random Number): (6 points)
a. “I’m Alice”, R : ______________________________________________________________________
b. E(R, KAB) : ______________________________________________________________________
c. E(R+1, KAB) : ______________________________________________________________________
9. Encrypt the message (4 points)
We are all together
using a columnar cipher with 4 rows and 4 columns, and the permutation (1, 2, 3, 4) −→ (3, 1, 2, 4)
________________________________________
10. Why is it a good idea to hash passwords that are stored in a file? (2 points)
___________________________________________________________________________________________
11. What is the keystream of the following key using A5/1 - 5 clocks only? (either 7 points or Zero)
X: 1 1 0 0 1 1 1 0 0 1 0 0 1 0 1 1 0 0 1
Y: 0 0 1 1 1 0 0 1 1 1 0 0 1 0 0 1 0 1 1 0 0 1
Z:
1 0 0 1 1 1 0 0 1 1 1 0 0 1 0 0 1 0 1 1 0 0 1
The keystream of the following key using A5/1 are:
__ __ __ __ __
(Hint: the following diagram)
