Question1

A-What meant by authentication consept and then show the authentication

method in computer network with example
Authentication is the process of verifying something, Such as a user's identity, a
network address, or the integrity of a data string. Furthermore, authentication
establishes an association between two entities. For example, a client is
authenticated to a server, so the client can access authorized services from the
server, as shown in the last figure.
B- Requirements of one-way hash functions:
1- The one-way hash function H can be applied to a data block M of arbitrary
size.
2- The resulting message digest, d, is of fixed size, the message digest
size is usually 128 bits or 160 bits.
3- The one-way hash function H is easy to implement in both hardware
and software.
4- Given the message digest d, it is very hard to find the original message M.
5- Given the message M, it is very hard to find a data block N such that H
(N) = H (M).
6- It is very hard to find any two data blocks x and y such that: H (x) = H (y).

c-

H=2(1+1)+2(2+12)+2(3+23)+2(4+1)+2(5+25)+2(6+19)+2(7+22)+2(8+9)+
2(9+22)+2(10+1)+2(11+13)+2(12+1)+2(13+19)+2(14+18)=
2(2)+2(14)+2(26)+2(5)+ 2(27)+2(25)+2(29)+2(17)+2(31)+2(11)+2(24)+
2(13)+2(32)+2(32)=
4+28+52+10+54+50+58+34+62+22+48+26+64+64=576.
Question 2
A-What is meant By
-Profiles:The behavior of a subject (or a group of subjects) on an object (or
agroup of objects),include the description of normal behavior of subjects with
respect to the objects.
-Anomaly Records: Is created when the audit records show some abnormal
behaviorcompared to that in the profiles.
B-Explain the concept of the encryption and it’s type.
Is the process of transforming data into an unintelligible form in another a way
the original data can be obtained only by using the decryption process and the
encryption key. Types: The original data is called plain_text and the encrypted
data is called cipher data.
C-

The Modern Academy Student is the Best

Create Matrix (8*4)

-T h e M
-o d e r
Encrypt -n A c a
-d e m y
-S t u d
-e n t i
-s t h e
-B e s t

Transmiting TondSesBhdAetnteeecmuthsMraydiet

Create Matrix (8*4)

-T h e M
-o d e r
-n A c a
-d e m y
Decrypt -S t u d
-e n t i
-s t h e
-B e s t

P: The modern Academy student is the Best

Question 3
A-Explain one time password using token cards
The concept of one-time password is based on generating passwords that can be
used only once. After use, the onetime password becomes invalid. One-time
passwords can be generated in software, such as in a security server.
B-Compare Between:
-Bacteria > are programs that duplicate themselves. While these programs
don’t directly attack any software, they consume resources simply by
replicating themselves.
-Worms > is an independent program that can replicate itself and often
spreads to different sites over a network. Since it is an independent program, it
does not need another program to spread itself.
C- Explain in briefly the computer Security Concept
1. Identification Users are identified to a computer or an application through a
user identifier or user-id.
2. Authentication used to verify the identity of user. This verification requires
the exchange of shared secrets between the user and the application.
3. Authorization process of giving access rights to each user ID.
4. Access Control Process of enforcing access rights for network resources.
5. Confidentiality Process used to protect secret information from unauthorized
disclosure.
6. Integrity Data allows the detection of unauthorized modification of data.
7.repudiation-Non Is the capability to provide proof of the origin of data or
proof of the delivery of data.
8. Denial of Service attack is one in which the attacker takes over or consumes
a resource so that no one else can use it.
Question 4
A. Show by drawing the attack types.

B-Compare Between :
-Asymmetric => Uses one key for encryption and a different but related key for
decryption , Key encryption and is the basis of the public key schemes.
-Symmetric => Key encryption scheme uses the same key for encryption and
decryption .
- Private key => known only to the user.
-Public key => known to every one .
C-

Solution

-
Question 5
A- what is meant by audit trail and state Aduit requerments
Audit Trail: The process of automatic recording and saving of several
significant system events.
Audit Requirements :
1. Automatically collects information on all the security – sensitive activities.
2. Stores the information using a standard record format.
3. Creates and saves the audit records automatically without requiring any
action by the administrator.
4. Protects the audit records log under some security scheme.
5. Minimally affects the normal computer system operation and performance.

B-What is meant By access control (ACL)and capability

control(CL)
- Access Control List (ACL) =>
for a given object defines the access rights for each subject.
- Capability List (CL) =>
for a subject specifies the rights to access each object.

c-