A protocol is a set of specifications, rules, and instructions agreed by two or more parties. A standard is a formalized protocol defined by a standard body. Most of the communication protocols are designed without security in mind in the early days. Which of the following is designed with the least consideration of security in nature?
A. PPP (Point-to-Point Protocol)
B. IPsec
C. WEP (Wired Equivalent Privacy)
D. OFDM (Orthogonal Frequency Division Multiplexing)
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. OFDM (Orthogonal Frequency Division Multiplexing).
Orthogonal frequency-division multiplexing (OFDM) is a type of digital transmission and a method of encoding digital data on multiple carrier frequencies to improve bandwidth efficiency, which reflects how efficiently the allocated bandwidth is used and is defined as the throughput data rate per Hertz in a given bandwidth. (Source: Wikipedia)
OFDM is designed primarily to improve bandwidth efficiency with fewer security considerations. The following video has a concise introduction to OFDM:
PPP (Point-to-Point Protocol)
PPP uses PAP, CHAP, and EAP for authentication. Even though PAP is transmitted in clear text, PAP is designed with consideration of authentication.
WEP (Wired Equivalent Privacy)
WEB has been craked and insecure. However, it use the stream cipher, RC4 for encryption (confidentiality), shared key for authentication, and the CRC-32 checksum for integrity.
IPsec
IPsec provides tunnel mode and transport mode, and AH and ESP to enforce confidentiality, integrity, and authenticity.
Reference
- What’s the difference between the terms “protocol” and “standard”?
- Point-to-Point Protocol
- Wired Equivalent Privacy
- OFDM – Orthogonal Frequency Division Multiplexing
- Secure OFDM System Design for Wireless Communications
- Orthogonality
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
協定(protocol)是由兩個或更多各方同意的一組規格,規則和指令(instructions)。 標準(standard)是由標準機構定義的正式協定。 在早期,大多數通信協定在設計時都沒有考慮安全性。 以下哪項在設計時,本質上對安全性的考慮最少?
A. PPP (Point-to-Point Protocol)
B. IPsec
C. WEP (Wired Equivalent Privacy)
D. OFDM (Orthogonal Frequency Division Multiplexing)
I was debating between answer A and D and decided to go with answer A.
Thank you for your further explanation on Answer D even with Sunny’s video 🙂
My pleasure, Joey!