When combined with unique session values, message authentication can protect against which of
the following?

A.
Reverse engineering, frequency analysis, factoring attacks, and ciphertext-only attack.

B.
Masquerading, frequency analysis, sequence manipulation, and ciphertext-only attack.

C.
Reverse engineering, content modification, factoring attacks, and submission notification.

D.
Masquerading, content modification, sequence manipulation, and submission notification.

Explanation:
Unique session values: “IPSec: ….Each device will have one security association
(SA) for each session that it uses. The SA is critical to the IPSec architecture and is a record of the
configuration the device needs to support an IPSec connection. Pg 575 Shon Harris All-In-One
CISSP Certification Exam Guide.
Message authentication and content modification: “Hashed Message Authentication Code

(HMAC): An HMAC is a hashed alogrithim that uses a key to generate a Message Authentication
Code (MAC). A MAC is a type of check sum that is a function of the information in the message.
The MAC is generated before the message is sent, appended to the message, and then both are
transmitted. At the receiving end, a MAC is generated from the message alone using the same
algorithm as used by the sender and this MAC is compared to the MAC sent with the message. If
they are not identical, the message was modified en route. Hashing algorithms can be used to
generate the MAC and hash algorithms using keys provide stronger protection than ordinary MAC
generation.
Frequency analysis: Message authentication and session values do not protect against Frequency
Analysis so A and B are eliminated.
“Simple substitution and transposition ciphers are vulnerable to attacks that perform frequency
analysis. In every language, there are words and patters that are used more often than others. For
instance, in the English language, the words “the.’ “and,” “that,” and “is” are very frequent patters
of letters used in messages and conversation. The beginning of messages usually starts “Hello” or
“Dear” and ends with “Sincerely” or “Goodbye.” These patterns help attackers figure out the
transformation between plaintext to ciphertext, which enables them to figure out the key that was
used to perform the transformation. It is important for cryptosystems to no reveal these patterns.”
Pg. 507 Shon Harris All-In-One CISSP Certification Exam Guide
Ciphertext-Only Attack: Message authentication and session values do not protect against
Ciphertext so A and B are again eliminated.
“Ciphertext-Only Attack: In this type of an attack, an attacker has the ciphertext of several
messages. Each of the messages has been encrypted using the same encryption algorithm. The
attacker’s goal is to discover the plaintext of the messages by figuring out the key used in the
encryption process. Once the attacker figures out the key, she can now decrypt all other
messages encrypted with the same key.” Pg 577 Shon Harris All-In-One CISSP Certification
Exam Guide.
Birthday attack: “….refer to an attack against the hash function known as the birthday attack.” Pg
162 Krutz: The CISSP Prep Guide. MAC utilizes a hashing function and is therefore susceptible to
birthday attack.
Masguerading Attacks: Session values (IPSec) does protect against session hijacking but not
spoofing so C is eliminated.
“Masguerading Attacks: ….we’ll look at two common masquerading attacks – IP Spoofing and
session hijacking.” Pg 275 Tittel: CISSP Study Guide.
Session hijacking: “If session hijacking is a concern on a network, the administrator can implement
a protocol that requires mutual authentication between users like IPSec. Because the attacker will
not have the necessary credentials to authenticate to a user, she cannot act as an imposter and
hijack sessions.” Pg 834 Shon Harris All-In-One CISSP Certification Exam Guide

Reverse engineering: Message authentication protects against reverse engineering.
Reverse engineering: “The hash function is considered one-way because the original file cannot
be created from the message digest.” Pg. 160 Krutz: The CISSP Prep Guide
Content modification: Message authentication protects against content modification.
Factoring attacks: Message authentication protects against factoring attacks.