You are developing a server that collects data from branches. To ensure data in transit is not tampered with and the identity of data origin is authentic, which of the following is the best cryptographic function that meets the security requirement? (Wentz QOTD)
A. SHA
B. 802.1X
C. Skipjack
D. CBC-MAC
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. CBC-MAC.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams, and an informative reference for security professionals.
The question is asking about ensuring the integrity of data itself and the authenticity of the origin of data, or the so-called “authenticity,” that comprises the two ideas. HMAC and CBC-MAC are the means that enforce authenticity. Hashes enforce data integrity (or the integrity of the data itself).
- SHA: a one-way hash function.
- 802.1X: EAP over LAN, used for authentication.
- Skipjack: a block cipher for encryption and confidentiality.
Reference
您正在開發一個從分支機構收集數據的服務器。 為確保傳輸中的數據不被篡改且數據來源身份真實,以下哪項是滿足安全要求的最佳密碼學功能? (Wentz QOTD)
A. SHA
B. 802.1X
C. Skipjack
D. CBC-MAC