Cumulative Final Exam--cop4521--Programming Secure, Parallel, and Distributed Applications
What is the input for Pseudorandom Number Generators (PRNG)?
A fixed value—seed.
From the perspective of Normalization, what is a functional dependency? Explain with an example
A functional dependency occurs when one attribute uniquely determines another in a database table. For example, in an `Employees` table, `EmployeeID` → `EmployeeName` means knowing an `EmployeeID` uniquely identifies the `EmployeeName`. This concept helps in structuring databases to reduce redundancy and prevent anomalies.
What is a block cipher?
A method that treats a block of plaintext as a whole to produce a ciphertext block of equal length.
What is an entropy source?
A physical source of information whose output appears to be random or becomes so through filtering/distillation.
What are the two main types of symmetric ciphers?
Stream ciphers and block ciphers.
What are the two types of symmetric ciphers?
Stream ciphers and block ciphers.
What do Fiestel Ciphers combine?
Substitution and transposition ciphers.
Confusion
Substitution-based operation in cryptographic protocols.
What does a Pseudorandom Function (PRF) do?
Takes a string of a given length as input and outputs a pseudorandom sequence of fixed size.
What is the output generated by the following code snippet? def dec(fun): def new(*args): s = str(fun(*args)) return '$' + s + 'paid' return new @dec def val(one, two, three): amt = one * 10 + two + three/100 return amt print (val(12,15, 123))
$136.23 paid
List the differences between Python lists and NumPy arrays
- python list hold element of different data types, NumPy arrays are homogeneous - lists store additional information about each element, resulting in overhead, NumPy arrays are company and store data more efficiently, elements are stored contiguously in memory, improving performance - list not optimized for numerical computations, NumPy provides specialized functions for array manipulation and mathematical operations
What is the output of the following code snippet? from functools import reduce def func1(x,y): return x**(2) % y def func(a,b): return a - b numbers = map(func1, range(1,6), range(11,16)) print(reduce(func, numbers))
-24
List at least 2 differences between processes and threads
1. **Memory Allocation**: Processes run in separate memory spaces, while threads within the same process share memory, allowing easier data sharing. 2. **Overhead**: Processes have higher creation and management overhead; threads are lightweight, sharing the same process resources for efficient communication.
What are common block sizes in block ciphers?
64 or 128 bits.
What is symmetric encryption?
> Both the sender and the receiver use the same secret key to encode and decode the message. > most widely used of two types of encryption
What are the two additional Computer Security Objectives?
>>> Authenticity : Users are who they say they are and each input arriving at the system came from a trusted source >>> Accountability: Actions of an entity can be traced uniquely to that entity
Computer Security Objectives: Explain Integrity
>>> data integrity: Information and programs ONLY change in a specified and authorized manner. >>> system integrity: The system performs its intended function in an unimpaired manner, free from deliberate or inadvertent authorized manipulation of the system >>> Available: Systems work promptly, and service is not denied to authorized users.
Computer Security Objectives: Explain confidentiality
>>> sensitive information is not available or disclosed to unauthorized individuals. >>> individuals control or influence what information collected and stored and by whom and to whom that information may be disclosed.
How can plaintext be viewed to apply substitution techniques?
As a sequence of bits, where plaintext bit patterns are replaced with ciphertext bit patterns.
Kerchoff's Principle
Assumes adversary knows all encryption details except the secret key.
In cryptographic algorithms and protocols, What is the purpose of authentication protocols?
Authenticate identity of entities
Can you name examples of stream ciphers?
Autokey Vigenère cipher, Vernam cipher, one-time pad.
What defines a cryptosystem as "symmetric"?
Both sender and receiver use the same key for encryption and decryption.
What is required for a cryptosystem to be considered "symmetric"?
Both sender and receiver use the same key to encrypt/decrypt the message.
Symmetric Encryption
Both sender and recipient use the same secret key for encoding and decoding.
Computationally secure
Breaking the cipher is too costly or time-consuming.
How is the keystream generated in stream ciphers with PRNGs?
By an algorithmic procedure that both sender and receiver can implement.
How can a true random number generator deal with bias in the source?
By converting an analog source to binary output and possibly involving additional processing.
How is the output of a PRNG determined?
By the input alone using a deterministic algorithm.
Use SQL command to explain the process of granting privileges to a user in SQL RBAC. For example, you may write SQL commands to set up a role, grant certain privileges to the role and then assign that role to a user
CREATE ROLE my_app_role; GRANT SELECT ON mydb.* TO my_app_role; GRANT my_app_role TO 'myuser'@'%';
Unconditionally secure
Ciphertext decryption is impossible regardless of time or power.
What are the three main objectives of computer security?
Confidentiality, Integrity, Availability
Substitution Techniques
Confusion ciphers replacing plaintext with symbols or bit patterns.
What type of ciphers are substitution ciphers?
Confusion ciphers.
Public-key Encryption
Developed in the 1970s, uses different keys for encoding and decoding.
What makes a number truly random?
Each number is statistically independent of the other numbers in the sequence.
Stream Ciphers
Encrypt plaintext as it is produced, creating a stream of output.
Block Ciphers
Encrypt plaintext in blocks, splitting and processing one chunk at a time.
Cryptanalysis
Exploits algorithm characteristics to find plaintext or key.
What is the purpose of substitution in Fiestel Ciphers?
For confusion, making the relationship between the ciphertext and encryption key complex.
What role does transposition play in Fiestel Ciphers?
For diffusion, ensuring that changing a single bit of plaintext changes about half of the ciphertext bits.
Which of the following DCL Commands is used to award a privilege to a user?
Grant
Explain the step by step process through which the data in an HTML form on the client side is available for use in a function on the server side in a client-server application
In a client-server application, when a user submits an HTML form on the client side, the browser gathers the input data from the form fields and sends it to the server using a HTTP request, typically either POST or GET method. The server then receives this request and extracts the form data from the request body (in the case of POST) or query string (in the case of GET). This data is then passed to a server-side function for processing or storage, such as saving the information in a database or using it to perform some calculations. The server-side application, which could be written in languages like PHP, Python (using frameworks like Django or Flask), or JavaScript (Node.js), then executes the function that utilizes the form data according to the application's logic.
What does a True Random Number Generator (TRNG) take as input?
Input that is effectively random.
What common application uses the output of a PRNG?
Input to symmetric stream cipher.
What is essential for the keystream in PRNG-based stream ciphers?
It must be hard to predict portions of the bit stream based on previous portions.
Which of the following functions is only performed by a socket on the server side? a) Connect b) Listen c) Send d) Close
Listen
What forms can symmetric encryption keys take?
Numbers, bitstreams, strings, compound data, etc.
What types of data can serve as symmetric encryption keys?
Numbers, bitstreams, strings, compound data, etc.
How do stream ciphers encrypt data?
One bit or byte at a time.
Why does SQLite require ""affinities" when traditional SQL databases like Oracle and MySQL do not?
Oracle and MySQL have more rigid data type systems, so SQLite allows for dynamic typing. These affinities help SQLite handle data more flexibly, especially in scenarios where the exact data type may vary.
Concerning networking, what is a port number? Why is it not advisable to choose a port number below 1024 for a custom application?
Port number below 1024 are already being used.
Security through obscurity
Relying on secrecy of design for security, discouraged in system design.
Write and SQL Query: Consider a database with a table called "Employee" with the following columns: EmployeeID, Name, Department, HoursAWeek, and SupervisorID. A Supervisor is also an employee in the department. Write an SQL command to get all the Departments that have at least 5 supervisors. Make sure a department's name is displayed only once
SELECT Department FROM Employee GROUP BY Department HAVING COUNT(DISTINCT SupervisorID) >= 5;
Write and SQL Query Consider a database with a table called Shipments with the following columns: CustomerID, Origin, Destination. Weight, Service, Cost Write an SQL command to find the top 10 origins by the average weight of the "Freight" shipments. If 2 Origins have the same Origins have the same average weight, then use the total cost to break the tie, with the higher cost being displayed first.
SELECT Origin, AVG(Weight) AS AverageWeight, SUM(Cost) AS TotalCost FROM Shipments WHERE Service = 'Freight' GROUP BY Origin ORDER BY AverageWeight DESC, TotalCost DESC LIMIT 10;
When we implement client sockets, we do not use the bind or listen function. Why?
Server-side sockets often use bind() to associate a specific local address and port with the socket. However, for client sockets, the local address and port are usually not critical.The operating system automatically assigns a random port to the client socket.This dynamic assignment allows multiple clients to connect simultaneously without conflicts. The listen() function is typically used by server sockets to wait for incoming connections.
Why are random binary numbers used in many cryptographic protocols?
Speed is important.
On what does the security of a symmetric key encryption system rely?
The key being kept secret, known only to the communicating parties.
What does uniform distribution indicate in a random sequence?
The occurrence of ones and zeros is approximately equal.
What is crucial for the security of a symmetric key encryption system?
The secrecy of the key, known only to the communicating parties.
What characteristic do successive numbers in pseudorandom sequences have?
They are unpredictable.
How can letters of plaintext be altered in substitution ciphers?
They can be replaced by other letters, numbers, or symbols.
How can the randomness of a sequence be validated?
Through uniform distribution and independence.
What is the purpose of adding confusion in encryption?
To make the relation between the key and the ciphertext complex.
Diffusion
Transposition-based operation in cryptographic protocols. cause (two or more things) to change places with each other.
Brute Force Attacks
Trying all possible keys on ciphertext until plaintext is obtained.
What does independence mean in the context of randomness?
You can't predict the subsequence from other subsequences.
Which of the following is the SQL keyword to select unique values? a) Distinct b) Unique c) unrepeated d) isolated
a) Distinct
Which of the following IS an advantage of High Performance (Parallel) Computing Infrastructure? a) It is cheaper to purchase multiple units of commodity hardware instead of a custom machine b) It is easy to adapt to existing sequential algorithms to exploit parallelism c) Superlinear speedup can always be achieved if we parallelize an algorithm d) A lower failure rate may be achieved due to the existence of multiple processing elements and interconnects
a) It is cheaper to purchase multiple units of commodity hardware instead of a custom machine
What is ACID Compliance from the perspective of Databases?
atomicity, consistency, isolation. durability
WHich of the following special names/methos gives you to current module? a) __name__ b) __main__ c) __init__ d) __str__
b) __main__
Which normal form requires the removal of Transitive Dependencies? a) 1NF b) 2NF c) 3NF d) BCNF
c) 3NF
Which of the following statements is FALSE? a) All python classes inherit automatically from the "object " class b) In a standard, unchanged configuration. the Flask template should be in a folder called "templates" in a same directory as the Flask app c) Arguments key will ALWAYS be in a single field d) Arguments to a Python function are packed as tuples
c) Arguments key will ALWAYS be in a single field
In cryptographic algorithms and protocols, What does asymmetric encryption do?
conceal contents of blocks of data using public key. private key is used to retrieve contents of the blocks.
In cryptographic algorithms and protocols, What does symmetric encryption do?
conceal contents of blocks or streams of data, using the same private key as used for decrypting.
What are the two components of cyptology?
cryptography, cryptoanalysis
Which of the following is an invalid Python variable? a) _underscore b) string c) SnittyWerbenJaegererteJension d) with
d) with
Which of the following is NOT a Python keyword? a) yield b) pass c) global d) local
local
In cryptographic algorithms and protocols, What is the purpose of data integrity algorithms?
protect blocks of data, like messages, from alteration
List at least 2 ways to which lambda functions are different from run-of-the-mill functions
single line expressions. use lambda instead of def
List at least 2 advantages of implementing Transaction Control is a database
transaction control safeguards data consistency, prevents corruption, and ensures reliable database operations1
What are some Security Challenges?
• Security is not simple • Potential attacks on the security features need to be considered • Procedures used to provide particular services are often counter-intuitive • It is necessary to decide where to use the various security mechanisms • Requires constant monitoring • Is too often an afterthought • Security mechanisms typically involve more than a particular algorithm or protocol • Security is essentially a battle of wits between a perpetrator and the designer • Little benefit from security investment is perceived until a security failure occurs • Strong security is often viewed as an impediment to efficient and user-friendly operation