代写ECMM462 Fundamentals of Security 2023调试R语言程序

- 首页 >> C/C++编程

ECMM462

FACULTY OF ENVIRONMENT, SCIENCE

AND ECONOMY

COMPUTER SCIENCE

Examination, May 2023

Fundamentals of Security

Question 1

Determine whether each of the following propositions is true (T) or false (F):

(a)  Computer security is the protection of the integrity, availability, and

confidentiality of information system resources.

(b)  Confidentiality is the protection of assets from unauthorized change.

(c)  Confidentiality, availability, and integrity do not influence each other and can be viewed in isolation.

(d)  A communication link is an example of an asset.

(e)  Threats are attacks carried out.

(f)  Threat agent is another term for attacker.

(g)  A countermeasure can be devised to recover from a particular type of attack.

(h)  A circumstance or event that interrupts or prevents the correct operation of system services and functions is also called deception.

(i)  Obstruction leads to usurpation.

(j)  Hardware is the most vulnerable to attack and the least susceptible to automated controls.

Note: For each answer you get 1.5 mark if it is correct, −0.5 marks if it is wrong, and 0 marks otherwise. You can never get less than 0 marks in total.

(15 marks) (Total 15 marks)

Question 2

(a)  Consider the following access control matrix:

Write a sequence of commands to change the matrix to the following:

(10 marks)

(b)  Briefly describe the three components of a security state in Bell-LaPadula.

(6 marks) (Total 16 marks)

Question 3

(a)  What are the four properties required of a symmetric cryptosystem given by the functions:

E : K × M → C

D : K × C → M

where M and C denote the sets of messages and corresponding ciphertext, and K denotes the set of keys. (8 marks)

(b)  Use the advanced version of the Rail Fence Cipher to encrypt

SECURITYISSOMUCHFUNNNNNNN

with key

14032

in two rounds.

(6 marks) (Total 14 marks)

Question 4

(a)  Use Eulers theorem to calculate the multiplicative inverse of 8 in mod 35. (7 marks)

(b)  Briefly describe 2 possible ways to attack an RSA ciphertext and briefly explain why they are not feasible.

(8 marks) (Total 15 marks)

Question 5

(a)  Describe the concept of a Merkel structure.

State its purpose

•  State the requirement for the compression function

•  State its guarantee for the composed function

(6 marks)

(b)  Assume  the  following  scheme  to  provide  message  authentication  using public key cryptography:

The sender computes the hash value h(m) of the message.

•  The sender sends the message m and an encrypted version of the hash value {h(m)}pr  to the receiver.  (Here pr denotes the senders private key).

•  The receiver uses the public key of the sender to decrypt {h}pr .

The receiver computes h(m) and compares it to h.

(i)  Describe  a possible  attack  on message integrity  assuming that  h is preimage resistant but not weak collision resistant and briefly justify why it works. (4 marks)

(ii)  Describe  a possible  attack  on message integrity  assuming that  h is preimage resistant and weak collision resistant but not strong collision resistant and briefly justify why it works.

(4 marks) (Total 14 marks)

Question 6

Assume, that a Dolev-Yao intruder has acquired the following knowledge

M = {⟨a,b⟩ , {d}inv(c), inv(e), {|f|}b, {g}e, {h}a }

(a)  Decide whether or not the intruder can learn the following messages and briefly explain your reasoning.

(i)  {|d|}d

(ii)  {f}a

(iii)  {|h|}b

(iv)  {g}inv(e)

(v)  {b}e

(10 marks)

(b)  Briefly answer the following questions about nonces:

(i)  What are they?

(ii)  What are they used for?

(4 marks) (Total 14 marks)

Question 7

Consider the following datasets A and B.

In addition assume a mechanism K which returns the average weight of the people in the database (and 0 if the database is empty).  For example K(A) =  161.7. Finally, assume that a person always weights between 0 and 450 lb. Answer each of the following questions and briefly justify your answer.

(a)  Are the two datasets A and B neighbouring datasets? (3 marks)

(b)  What is the sensitivity K? (4 marks)

(c)  Does K satisfy 0.01-differential privacy?

(5 marks) (Total 12 marks)





站长地图