首页 > > 详细

代做FIT2093代做留学生R语言、R实验代写

Monash University 
Faculty of Information Technology 
FIT2093 Introduction to Cybersecurity 
 
 
S1 2020: In-Semester SAMPLE Test 
CAMPUS: CLAYTON / MALAYSIA / SOUTH AFRICA 
 
 
 
Instructions to Candidates: 
 
● There are two parts to this test: Part A (30 marks, multiple choice questions) and Part B 
(70 marks, short answer questions). 
● This In-Semester test is worth 10% of your final unit mark. 
● Answer all questions in a separate document. 
● Marks for each question are indicated at the beginning of each question and sub-question. 
● The duration of this test is 120 minutes (2 hours), which includes a reading time of 10 
minutes. 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
PART A (30 marks) 
 
Choose the correct answer a)-d) for each of the following questions. 
 
1. Which of the following statements is true regarding the security of the Diffie-Hellman  
key exchange algorithm?   
a) Its security depends on the integer factorisation problem  
b) It is a type of symmetric key encryption technique​
  
c) Its security depends on the discrete logarithm problem  
d) It makes use of the Euler totient function ​
  
 
2. Of the following, the mode that has the least error propagation effect is: 
 
a) ECB 
b) CFB 
c) CBC 
d) CTR 
 
3. ShiftRows is a basic component of AES which is used to achieve ___________. 
 
a) Substitution 
b) Diffusion 
c) Confusion 
d) All of the above 
 
4. When an attacker performs a capture of a data unit and its subsequent retransmission to 
produce an unauthorized effect, which attack is he performing? 
 
a) Disruption 
b) Replay 
c) Masquerade 
d) Service denial 
 
5. What is the multiplicative inverse of 2 mod 33?   
a) 12 ​
  
b) 14   
c) 15 ​
  
d) 17 ​
  
6. Which of the following statements is false regarding RSA algorithm?   
a)  The security of the algorithm relies on the difficulty of integer factorisation ​
  
b)  The relation between public exponent e and private exponent d is ed mod φ(n) = 1   
c)  The value of e is chosen such that GCD(e, φ(n)) = 1 ​
  
d)  If the ciphertext in a confidential message is C then the plaintext M = C ​d ​mod φ(n)  
(False ​
​as M = C ​d ​mod n) ​
  
 
7. What is the minimum number of key pairs required for 10 people to communicate securely 
with each other using asymmetric-key cryptography? 
 
a) 2 
b) 10 
c) 20 
d) 45 
 
8. Which kind of error is most relevant for biometric ​security​? 
 
a) False Rejection Rate (FRR) 
b) False Acceptance Rate (FAR) 
c) Equal Error Rate (EER) 
d) none of the above 
 
 
9. A file with UNIX permissions ​rw-r---w- ​ allows 
 
a) the owner to read only 
b) the owner’s group to read and write 
c) anyone to write 
d) all of the above 
 
 
10. The property of ________ ensures that the sender of a message cannot later claim that the 
message was never sent. 
 
a) Access control 
b) Authentication 
c) Authenticity 
d) Non-repudiation 
 
11. A program that performs a useful task but also has a hidden functionality is called a 
a) virus 
b) worm 
c) Trojan horse 
d) none of the above 
 
 
12. A new malware is suspected of making changes to the file system. Which of the following 
analysis tools or techniques would be likely to be most suitable for investigating these changes? 
a) fingerprinting 
b) Process Explorer 
c) Regshot 
d) none of the above 
 
 
13. A software application allows users to enter the name of a file system folder to view, and the 
application processes such inputs by incorporating them into a file system command string and 
forwarding the string for execution by the operating system. Which kind of vulnerability should 
be prioritised as the most important to analyse this application for? 
 
a) buffer overflows 
b) command injection 
c) integer overflows 
d) none of the above 
 
14. ​What kind of mitigation technique ​cannot​ be used to reduce the risk of offline dictionary 
attacks against password authentication systems: 
a) adding a random salt when hashing passwords 
b) locking out an account after several unsuccessful login attempts 
c) using a slow password hash function 
d) using strong access control to control exposure of password hash file 
 
 
15. ​In a typical programming language (e.g. C), suppose ​x​ is an 8-bit (byte or character) integer 
variable with the hex value​ ​0xfa ​ ​before the statement​ ​“​x = x + 10; ​”​ ​is executed. What 
would likely be the hex value of ​x ​ ​after the statement is executed? 
 
a) 0xff 
b) 0x03 
c) 0x04 
d) 0xf0 
 
 
 
END OF PART A 
 
 
 
 
 
 
 
 
 
 
PART B (70 Marks) 
 
Write your answers for each of these questions. 
 
Q1. (14 marks) 
Figure 1 below shows the F(R, K) function of a ​variant of the DES block cipher. The expansion 
subfunction E and the S-Boxes work as follows: 
● The expansion subfunction E permutes the input bits R​1​...R​32 and generates 48 bits output 
R’ by using the permutation Table 1 (see Reference material below). For example, the 
first 6 bits of R’ are correspondingly equal to the input bits R​32​, R ​1​, R​2​, R​3​, R​4​, R​5​. 
● The S-Box transformations are defined in Table 2 (see Reference material below), which 
is interpreted as follows: The first and last bits of the input to the S-Box form a 2-bit 
hexadecimal number to select one of four substitutions defined by the four rows in the 
table for the S-Box. The middle four bits in hexadecimal select one of the sixteen 
columns. 
Assume the input bits R​1​...R​32​ are all zeros, the round key bits K​1​...K​48​ are all ones, and ​all 8 
S-boxes S​1​,…,S​8​ are identical (and specified by Table 2, see Reference material at end of 
test). 
(a) (4 marks)​ Write the 48-bit output of xor with the round key K in binary. Show your 
working. 
(b) (5 marks)​ Write the 32-bit output of the S-Box substitutions in hexadecimal. 
(c) (5 marks)​ The encryption and decryption algorithms for the s-bit CFB mode of operation 
of a block cipher are given in Figure 1 (see Reference material below).​ ​Suppose the 
sender’s s-bit CFB encryption algorithm has the following vulnerability: it always uses 
the same IV of all zero bits to encrypt each message. Explain how an attacker that 
intercepts two or more such ciphertexts can exploit this vulnerability to reveal some 
information on the encrypted messages. 
Hint: A hexadecimal digit can be represented directly by 4 binary bits (and vice versa): 
0: 0000 1: 0001 2: 0010 3: 0011 4: 0100 5: 0101 6: 0110 7: 0111 
8: 1000 9: 1001 A: 1010 B: 1011 C: 1100 D: 1101 E: 1110 F: 1111 
 
Figure 1: DES F(R, K) function 
 
 
You can use the following reference material to help you answer this question. 
 
 
32 1 2 3 4 5 
4 5 6 7 8 9 
8 9 10 11 12 13 
12 13 14 15 16 17 
16 17 18 19 20 21 
20 21 22 23 24 25 
24 25 26 27 28 29 
28 29 30 31 32 1 
Table 1: DES expansion permutation table E 
 
0 1 2 3 4 5 6 7 8 9 A B C D E F 
0 E 4 D 1 2 F B 8 3 A 6 C 5 9 0 7 
1 0 F 7 4 E 2 D 1 A 6 C B 9 5 3 8 
2 4 1 E 8 D 6 2 B F C 9 7 3 A 5 0 
3 F C 8 2 4 9 1 7 5 B 3 E A 0 6 D 
Table 2: DES-like S-Box in hexadecimal 
 
 
 
 
 
 
 
 
 
Figure 1: CFB mode encryption and decryption algorithms 
 
 
Q2. (14 marks) 
 
(a) (4 marks) ​In phone-based MFA systems such as the Okta phone app used by Monash, 
explain the purpose of the phone app for security. 
 
(b) (5 marks) ​The Okta phone app in offline mode uses a number code derived from the time of 
day (to a resolution of about one minute) and asks the authenticating user to type the code into 
their web browser. Explain how a phishing attacker could potentially break this MFA system. 
 
(c) (5 marks) ​Explain how the phishing attack on above MFA differs from a standard phishing 
attack on password-only authentication in terms of the attacker’s required capabilities. 
 
 
 
 
 
 
 
 
 
 
 
 
Q3.​ <​RSA Public-key Cipher​> ​(14​ ​marks) 
With regard to the RSA public-key cryptosystem: 
 
(a)​ ​(4 marks)​ Consider the key generation process for RSA by a user Bob. Suppose that Bob 
chooses as his primes p = 5 and q = 17, and e = 43 as his public exponent. Compute the value of 
Bob’s public modulus n and Bob’s private exponent d. Show your computation process. 
 
(b)​ ​(5 marks)​ An implementation of the RSA encryption software that Alice uses on a cloud 
computing platform has the following vulnerability: the software neglects to clear the value of 
the secret prime p from the memory after the key generation process, although it does clear the 
value of the other prime q from memory. An attacker Marvin who has access to the same cloud 
computing machine exploits this vulnerability by performing a memory dump of the machine 
after Alice completed her key generation, to get the value of Alice’s prime p. Assume Alice‘s 
public key integer n is a very large integer for which the prime factorisation cannot be found in a 
reasonable amount of time. Explain how Marvin can use his memory dump contents and Alice’s 
public key, to decrypt any messages encrypted by Alice’s public key efficiently. 
 
(c) (5 marks)​ Another vulnerable implementation of RSA key generation used by Cathy came 
up with a way to simplify the process of generating p and q: it just looks for a random large 
prime p such that q = p+2 is also prime and uses n = p*q as the RSA pub key. Explain how an 
attacker Marvin that knows this implementation algorithm (but not p used by Cathy) can 
efficiently factor n. 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Q4. (14 marks). 
Read the following C source code with vulnerabilities and answer the questions: 
 
Hint: ​Use the ANSI C function reference at the following link: 
https://www.csse.uwa.edu.au/programming/ansic-library.html 
 
1 #include 
2 #include 
4 void doit(void) 
5 { 
6 char buf[8]; 
8 gets(buf); 
9 printf("%s\n", buf); 
10 } 
11 
12 int main(void) 
13 { 
14 printf("So... The End...\n"); 
15 doit(); 
16 printf("or... maybe not?\n"); 
17 
18 return 0; 
19 } 
 
 
(a) (7 marks)​ Identify one vulnerability from the source code. Show the name of the 
vulnerability and the position (i.e. line number or the relevant source code) of the 
vulnerability. 
 
(b) (7 marks)​ Describe how to modify the source code to mitigate the vulnerability you find 
in part (a). Show the source code of your mitigation technique. 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Q5. (14 marks) 
Read the assembly codes provided below and answer the questions. 
 
Hint:​ Use the x86 assembly reference at the following link: 
https://www.cs.virginia.edu/~evans/cs216/guides/x86.html 
 
(a) ​(4 marks)​ Describe what the following assembly code is doing. What is the value of 
register esi when the PC is at the next instruction after address 8048430? 
 
... 
804841e: mov esi, 0x0 
8048423: mov ebx, 0x1 
8048428: add esi, ebx 
804842a: add ebx, 0x1 
804842d: cmp ebx, 0xa 
8048430: jle 8048428 
... 
 
(b) ​(5 marks)​ The following screenshot is the debugger view of a piece of malware that 
uses a covert technique. Identify the covert technique used by this malware. 
 
Hint:​ Search on the Microsoft MSDN to find the reference of a specific Windows API: 
https://docs.microsoft.com/en-us/windows/win32/apiindex/windows-api-list 
 
 
 
(c )​ ​(5 marks)​ The following screenshot is the debugger view of a function protected by 
anti-disassembly/anti-debugging techniques. Briefly explain how this 
anti-disassembly/anti-debugging technique tricks the debugger by using the address and 
assembly code from this screenshot. 
 
 

联系我们
  • QQ:99515681
  • 邮箱:99515681@qq.com
  • 工作时间:8:00-23:00
  • 微信:codinghelp2

联系我们 - QQ: 99515681 微信:codinghelp2
© 2014 www.7daixie.com
程序代写网!