Chapter 2

Question 1

What is a network protocol?

Answer 1

A network protocol defines the format and order of messages exchanged between network entities and specifies which actions are taken when messages are sent or received.

Question 2

What is unicast communication?

Answer 2

Unicast is point-to-point communication: one sender communicates with one receiver.

Question 3

What is multicast communication?

Answer 3

Multicast is point-to-multipoint communication: one sender transmits to a defined group of receivers.

Question 4

What is broadcast communication?

Answer 4

Broadcast is point-to-multipoint communication in which one sender transmits to many or all receivers, often without knowing each receiver individually.

Question 5

What is simplex communication?

Answer 5

In simplex communication, data flows in only one direction.

Question 6

What is half-duplex communication?

Answer 6

In half-duplex communication, both sides can send, but not at the same time.

Question 7

What is full-duplex communication?

Answer 7

In full-duplex communication, both sides can send simultaneously.

Question 8

Why are communication systems organized in layers?

Answer 8

They are organized in layers because networks are complex, and layering structures the many communication tasks by function and lets each layer provide services to the layer above it.

Question 9

What does layer transparency mean?

Answer 9

Layer transparency means that the Protocol Data Unit of layer N+1 is treated as payload by layer N; the lower layer does not interpret the higher-layer content.

Question 10

What is the relationship between an (N+1)-PDU and an N-SDU?

Answer 10

The (N+1)-PDU becomes the N-SDU, meaning the higher-layer protocol data unit is passed as service data to the next lower layer.

Question 11

Name the seven layers of the OSI model in order.

Answer 11

Physical, Data Link, Network, Transport, Session, Presentation, Application.

Question 12

Which OSI layers are transport-oriented?

Answer 12

Layers 1 to 4 are transport-oriented because they focus on end-to-end transfer of data without considering application semantics.

Question 13

Which OSI layers are application-oriented?

Answer 13

Layers 5 to 7 are application-oriented because they deal with semantics, structuring, presentation, and application cooperation.

Question 14

What is the task of the physical layer?

Answer 14

The physical layer provides an unreliable connection for transmitting unstructured bit sequences over the physical medium and standardizes the physical interface.

Question 15

What is the task of the data link layer?

Answer 15

The data link layer provides reliable transfer between two hosts by framing bit streams and handling errors with mechanisms such as acknowledgements, time/sequence monitoring, retransmission, or reset.

Question 16

What is the task of the network layer?

Answer 16

The network layer connects different links and LANs into an internetwork and handles routing, and possibly congestion control.

Question 17

What is the task of the transport layer?

Answer 17

The transport layer handles end-to-end data transfer between applications or users in end systems and provides transparency with respect to the underlying transfer technology.

Question 18

How does the Internet reference model differ from the OSI model?

Answer 18

In the Internet model, OSI layers 5 and 6 are merged into the application layer, and OSI layers 1 and 2 are combined into the link/data link layer.

Question 19

Name the layers of the Internet protocol stack.

Answer 19

Application, Transport, Network, Link, and Physical.

Question 20

Give examples of protocols for the application, transport, network, and link layers.

Answer 20

Application: HTTP(S), DNS, SSH. Transport: TCP, UDP. Network: IPv4/IPv6. Link: Ethernet, IEEE 802.11.

Question 21

Why is there no dedicated security layer in layered architectures?

Answer 21

Because security is not explicitly built into the layered architecture as its own separate layer; instead, security mechanisms are added across different layers or protocols.

Question 22

What does an IP address identify?

Answer 22

An IP address identifies an interface, not a host or router as a whole.

Question 23

Why can a router have multiple IP addresses?

Answer 23

Because a router typically has multiple interfaces, and IP addresses are associated with interfaces.

Question 24

What are the two main parts of an IP address?

Answer 24

The higher-order bits form the network part, and the lower-order bits form the host part.

Question 25

What does CIDR notation like a.b.c.d/x mean?

Answer 25

It means that the first x bits belong to the subnet or network part, and the remaining bits belong to the host part.

Question 26

What are the three overarching security goals of the CIA triad?

Answer 26

Confidentiality, Integrity, and Availability.

Question 27

What is confidentiality?

Answer 27

Confidentiality means that only authorized entities may obtain information during transmission or storage.

Question 28

What is integrity?

Answer 28

Integrity means that data may only be changed by authorized persons or processes during transmission or storage.

Question 29

What is availability?

Answer 29

Availability means that information and services must remain accessible to authorized entities.

Question 30

How do industrial security priorities differ from traditional IT security priorities?

Answer 30

Industrial security typically prioritizes safety first, then availability, integrity, and confidentiality, while traditional IT security usually prioritizes confidentiality, integrity, and availability.

Question 31

Why is safety often ranked above confidentiality in industrial networks?

Answer 31

Because security failures in industrial environments can cause physical damage, safety incidents, and irreparable real-world consequences.

Question 32

What are typical characteristics of industrial systems that make security harder?

Answer 32

Long product lifecycles, rare patching, few adjustments, low-latency requirements, potentially irreparable damage, and the need for emergency or fallback plans.

Question 33

What are the three parts of comprehensive security for industrial networks?

Answer 33

Prevention, Detection, and Response.

Question 34

What is the goal of prevention in industrial security?

Answer 34

Prevention aims to stop or hinder successful attacks and to minimize their possible consequences.

Question 35

What is the goal of detection in industrial security?

Answer 35

Detection aims to identify attacks or suspicious behavior, for example through break-in detection, validity checks, or anomaly detection.

Question 36

What is the goal of response in industrial security?

Answer 36

Response aims to contain damage, clean up systems, and revise the security concept after incidents.

Question 37

How can attacks be classified at a high level?

Answer 37

They can be classified as passive attacks, such as eavesdropping, or active attacks, such as modification.

Question 38

Which attacks target confidentiality?

Answer 38

Eavesdropping and traffic analysis target confidentiality.

Question 39

What is eavesdropping?

Answer 39

Eavesdropping means intercepting messages to gain unauthorized access to information.

Question 40

Why is traffic analysis still dangerous even when data is encrypted?

Answer 40

Because metadata such as addresses, timing, frequencies, communication partners, locations, or used protocols can still reveal sensitive information.

Question 41

Which attacks target integrity?

Answer 41

Modification, masquerading, replaying, and repudiation target integrity-related goals.

Question 42

What is modification as an attack?

Answer 42

Modification means changing intercepted information, including deleting or delaying messages.

Question 43

What is masquerading?

Answer 43

Masquerading, also called spoofing, means impersonating another entity in order to inject or manipulate messages.

Question 44

What is replaying?

Answer 44

Replaying means sending a previously recorded valid message again to the receiver.

Question 45

What is repudiation?

Answer 45

Repudiation means that a sender later denies having sent a message or a receiver later denies having received it.

Question 46

Which attacks target availability?

Answer 46

Denial of service and delay target availability.

Question 47

What is denial of service?

Answer 47

Denial of service interrupts a service for legitimate users, for example by overloading a server, blocking requests, or deleting responses.

Question 48

What is distributed denial of service?

Answer 48

Distributed denial of service uses many distributed resources, such as a botnet, to overload a target.

Question 49

What is a delay attack?

Answer 49

A delay attack artificially delays messages to impair quality of service.

Question 50

Which basic security measures correspond to common threats?

Answer 50

Data confidentiality, data integrity, authentication, non-repudiation, and access control.

Question 51

What is authentication?

Answer 51

Authentication is the assurance that a communicating entity is really the one it claims to be.

Question 52

What is non-repudiation?

Answer 52

Non-repudiation protects against one communication party denying its participation later.

Question 53

What is access control?

Answer 53

Access control prevents unauthorized use of a resource.

Question 54

What are the main technical security building blocks introduced in Chapter 2?

Answer 54

Encryption, integrity protection, digital signatures, authentication exchange, and key agreement.

Question 55

What is encryption?

Answer 55

Encryption encodes information so that unauthorized parties cannot understand it.

Question 56

What is integrity protection?

Answer 56

Integrity protection augments data with a check value so that unauthorized modifications can be detected.

Question 57

What do digital signatures provide?

Answer 57

Digital signatures provide integrity and non-repudiation through a verifiable electronic signature.

Question 58

What is an authentication exchange?

Answer 58

An authentication exchange is a protocol step that proves the identity of one entity to another.

Question 59

What is key agreement?

Answer 59

Key agreement is a mechanism that lets two or more parties agree on a secret key, typically needed for later secure communication.

Question 60

What is symmetric encryption?

Answer 60

Symmetric encryption uses the same shared key for encryption and decryption.

Question 61

What is the main challenge of symmetric cryptography?

Answer 61

The main challenge is secure key distribution: sender and receiver must already share a secret key.

Question 62

What is asymmetric cryptography?

Answer 62

Asymmetric cryptography, also called public-key cryptography, uses different keys for encryption and decryption.

Question 63

What is the main idea behind asymmetric cryptography?

Answer 63

The sender and receiver do not need to share a secret key beforehand; the public encryption key can be known to everyone, while only the receiver knows the private decryption key.

Question 64

Name common examples of asymmetric cryptography.

Answer 64

Diffie-Hellman for key agreement, RSA for encryption and signatures, and elliptic-curve methods for key agreement and signatures.

Question 65

What are the core requirements of public-key encryption?

Answer 65

Decrypting a ciphertext created with the public key must recover the plaintext with the private key, and computing the private key from the public key should be computationally infeasible.

Question 66

What is a digital signature?

Answer 66

A digital signature is a cryptographic mechanism analogous to a handwritten signature that is verifiable and should be non-forgeable.

Question 67

Why is the simple idea of signing a whole message impractical?

Answer 67

Because signing long messages directly is computationally expensive and slow.

Question 68

How is this problem solved in practice for digital signatures?

Answer 68

Instead of signing the whole message, the sender signs a fixed-length cryptographic hash of the message, called the message digest.

Question 69

What is a cryptographic hash function?

Answer 69

A cryptographic hash function maps an input message of arbitrary length to a fixed-length hash value.

Question 70

What is preimage resistance?

Answer 70

Given a hash value H, it should be hard to find a message m such that h(m) = H.

Question 71

What is second-preimage resistance?

Answer 71

Given a message m, it should be hard to find a different message m' with the same hash.

Question 72

What is collision resistance?

Answer 72

It should be hard to find any two different messages that produce the same hash value.

Question 73

Name standardized cryptographic hash functions mentioned in the lecture.

Answer 73

MD5, SHA-1, SHA-2, and SHA-3.

Question 74

What is HMAC?

Answer 74

HMAC is a hash-based message authentication code that combines a shared key and a cryptographic hash function to provide integrity and authenticity.

Question 75

Why is HMAC called a symmetric alternative?

Answer 75

Because both communication parties share the same secret key used for computing and verifying the message authentication code.

Question 76

How are security claims usually expressed for symmetric cryptography?

Answer 76

They are usually expressed in bits and often correspond to the brute-force effort needed to guess the correct key.

Question 77

What does n-bit security mean for symmetric cryptography?

Answer 77

It means an attacker would need about 2^n guesses in a brute-force attack.

Question 78

What is the typical security claim of AES with an n-bit key?

Answer 78

An n-bit AES key provides about n bits of security against brute force.

Question 79

How strong is preimage resistance for a hash function with n-bit output?

Answer 79

It provides about n bits of security.

Question 80

How strong is collision resistance for a hash function with n-bit output?

Answer 80

It provides about n/2 bits of security because of the birthday paradox.

Question 81

How is the security of asymmetric cryptography usually justified?

Answer 81

It is justified by computational hardness assumptions, such as factoring for RSA or discrete logarithms for Diffie-Hellman and elliptic-curve cryptography.

Question 82

Why are quantum computers relevant for cryptography?

Answer 82

Because quantum algorithms can solve certain cryptographic problems much faster than classical algorithms.

Question 83

How do quantum computers affect symmetric cryptography and hash functions?

Answer 83

They weaken them, but the impact can usually be mitigated by increasing key sizes or output sizes.

Question 84

Which quantum algorithm is associated with this weaker but manageable impact on symmetric schemes?

Answer 84

Grover's algorithm.

Question 85

How do quantum computers affect current asymmetric cryptography?

Answer 85

They break the hardness assumptions behind common public-key systems such as RSA and elliptic-curve cryptography.

Question 86

Which quantum algorithm is associated with the severe threat to asymmetric cryptography?

Answer 86

Shor's algorithm.

Question 87

What is post-quantum cryptography?

Answer 87

Post-quantum cryptography uses cryptographic primitives that are intended to remain secure even if large-scale quantum computers become practical.

Question 88

What is one advantage of quantum-resistant algorithms over quantum cryptography like QKD?

Answer 88

They can be used on existing hardware and can serve as drop-in replacements for current cryptographic primitives.

Question 89

What is one drawback of quantum-resistant algorithms?

Answer 89

They are not proven perfectly secure and may still be affected by future quantum discoveries or advances.

Question 90

What is one major drawback of QKD/OTP-style quantum cryptography according to the lecture?

Answer 90

It requires dedicated point-to-point optical fiber connections and has strict keying requirements.

Question 91

Which NIST-standardized post-quantum schemes are named in the lecture for key exchange and signatures?

Answer 91

For PKE/KEM: ML-KEM (CRYSTALS-Kyber) and HQC. For signatures: ML-DSA (CRYSTALS-Dilithium), SLH-DSA (SPHINCS+), and FN-DSA (Falcon).

Question 92

What migration strategy toward quantum-resistant cryptography is suggested in the lecture?

Answer 92

Use traditional and quantum-resistant algorithms in parallel so that security remains intact as long as at least one of the two schemes stays secure.

Question 93

What was the key idea of the TLS post-quantum experiment mentioned in the lecture?

Answer 93

It performed both a traditional and a quantum-resistant key exchange during the TLS handshake and derived one master secret from both shared secrets.

Question 94

What is the trade-off of parallel migration to post-quantum cryptography?

Answer 94

It improves robustness during migration but increases CPU usage, latency, and bandwidth costs.