信息安全技术复习题目最终版

1.In the movie Office Space, software developers attempt to modify company software

so that for each financial transaction, any leftover fraction of a cent goes to the developers, instead of going to the company. The idea is that for any particular transaction, nobody will notice the missing fraction of a cent, but over time the developers will accumulate a large sum of money. This type of attack is sometimes known as a salami attack. Now, find a real-world example of a salami attack and expound how it works.

The most typical scheme portrayed by a salami attack is that which involves an automated modification to financial systems and their data. For example, the digits representing currency on a bank's computer(s) could be altered so that values to the right of the pennies field ( < 0.01 ) are always rounded down (fair arithmetic routines will calculate in both directions equally).

最典型的意大利腊肠攻击方案，包括自动修改财务系统和数据描述。例如，在银行的计算机上表示货币的数字可以被改变，使便士字段的右边的值（< 0.01）总是四舍五入（公平的算术程序将在两个方向上计算相等）。

The essence of this mechanism is its resistance to detection. Account owners rarely calculate their balances to the thousandths or ten-thousandths of a cent, and, consequentially remain oblivious. Even if the discrepancies are noticed, most individuals have better things to do (like preserve their pride) than complain about an erroneous digit in some far off decimal place. The following (alleged) scenarios will demonstrate that "slices" need not always be tiny to evade detection. In fact, they can be rather large, as long as unsuspecting and/or ignorant victims are plentiful.

这种机制的本质是它的电阻检测。所有者很少计算余额的千分之几或千分之十分，必然继续无视。即使这些差异被发现，大多数人有更好的事情要做（如保持他们的自豪感）比抱怨在一些遥远的小数点错误的数字。以下（所谓）的情况将表明，“片”不一定总是很小，以逃避检测。事实上，他们可以是相当大的，只要不知情的和/或无知的受害者是丰富的。

2 In the field of information security, Kerckhoffs’ Principle is like motherhood and apple pie, all rolled up into one.

*Define Kerckhoffs’ Principle in the context of cryptography.

（1）即使密码系统的任何细节已为人悉知，只要密钥未泄漏，它也应是安全的。

Any details even if the cryptography system has informed all too often, as long

as the key does not leak, it should also be safe

*Give a real-world example where Kerckhoffs’ Principle has been violated. Did this cause any security problem?

（2）自动取款机使用了DES数据加密，相当于一个加密系统，有时候密码未泄露，但犯罪份子知道了身份信息和银行卡号后能够盗取卡里的钱。这个案例中的安全问题有：个人信息泄露，财产的损失。

ATM using DES data encryption, is an cryptography system, sometimes the password does not leak, but criminals steal the money after know the identity information and bank card number .The security problem in this case are: personal information