ECMM462
COLLEGE OF ENGINEERING, MATHEMATICS
AND PHYSICAL SCIENCES
COMPUTER SCIENCE
Examination, May 2022
Fundamentals of Security
Question 1
For each of the following threats, mark the security property which is violated foremost (mark only one property for each threat):
(10 marks)
|
|
Confidentiality
|
Integrity
|
Availability
|
|
Inference
|
|
|
|
|
Incapacitation
|
|
|
|
|
Misappropriation
|
|
|
|
|
Intrusion
|
|
|
|
|
Obstruction
|
|
|
|
|
Falsification
|
|
|
|
|
Interception
|
|
|
|
|
Repudiation
|
|
|
|
|
Masquerade
|
|
|
|
|
Exposure
|
|
|
|
(Total 10 marks)
Question 2
(a) Decrypt the following text which was encrypted using a Caesar Cipher with key 5:
bjqqitsj
(6 marks)
(b) Briefly describe two possible ways to break a Caesar Cipher.
(4 marks) (Total 10 marks)
Question 3
(a) Given the following RSA key pair:
• PU={17, 551}
• PR={89, 551}
Encrypt M = 15 ensuring that intermediate results are always smaller that 500.000.
(5 marks)
(b) Is the following a valid RSA key pair:
(5 marks)
• PU={6, 35}
• PR={7, 35}
Explain your reasoning.
(c) Briefly explain three properties which make RSA suitable for public key cryptography.
(5 marks) (Total 15 marks)
Question 4
(a) Assuming you are given a function f : Bk × Bb → Bk where Bk denotes the set of all bit sequences of length k. Moreover, assume that f is preimage resistant and strong collision resistant.
• Briefly explain why fis not suitable to be used as a cryptographic hash function.
(2 marks)
• Briefly explain how this can be fixed.
(2 marks)
• Briefly explain why your fix is correct.
(2 marks)
(b) Assuming you want to send a message M to a receiver. To ensure integrity, you first compute the hash value h(M) and then you send the message and the hash value to the receiver.
• Explain how the receiver may check integrity
(3 marks)
• Explain why this scheme does not provide integrity by describing a possible attack
(3 marks)
• Explain how this could be fixed.
(3 marks) (Total 15 marks)
Question 5
Consider the following protocol:
(a) State whether or not the above protocol is feasible and brieflyjustify your answer.
(3 marks)
(b) Assume an intruder i according to Dolev and Yao with initial knowledge kb. For each of the following, state whether or not i can know the message and briefly justify your answer:
• {|⟨Ks , Na ⟩|}ka
(3 marks)
• Na
(3 marks)
• Nb
(3 marks)
• {|Nc |}kb
(3 marks) (Total 15 marks)
Question 6
Consider the following protocol:
The protocol is supposed to provide one-way authentication,i.e., after executing it, agent B should be sure to have talked with agent A.
(a) Explain how the protocol tries to ensure authentication
(5 marks)
(b) Describe an attack to the protocol.
(10 marks) (Total 15 marks)
Question 7
Consider the following access control matrix:
Write a sequence of commands to change the matrix to the following:
(10 marks) (Total 10 marks)
Question 8
Assume D is a database containing a field named cancer with the possible values {y, n}. Moreover, assume that we have an algorithm m which takes a databased of type D and returns the number of entries in d for which the value of cancer is y.
(a) Explain the problem w.r.t. privacy which might occur with this type of query.
(4 marks)
(b) What is the sensitivity of m. Explain your reasoning.
(3 marks)
(c) Assuming we have a mechanism m′ , such that m′ (d) = Lap(m(d), 1/2).
What is the differential privacy of m′ ? Explain your reasoning.
(3 marks) (Total 10 marks)