ECMM462
COLLEGE OF ENGINEERING, MATHEMATICS
AND PHYSICAL SCIENCES
COMPUTER SCIENCE
Examination, May 2021
Fundamentals of Security
Question 1
Consider the following access control matrix:
Draw the matrix which results after executing all of the following commands (draw only the final matrix).
(9 marks)
(a) Alice executes: create subject Dave
(b) Alice executes: transfer write for Doc1 to Dave (c) Alice executes: grant control for Bob to Dave
(d) Alice executes: grant control for Charlie to Dave (e) Dave executes: destroy subject Bob
(f) Dave executes: delete read for Doc1 from Charlie
(Total 9 marks)
Question 2
Assume you are provided with a protection model according to Bell-LaPadula in which there are two subjects Alice and Bob, two objects Doc1 and Doc2, two security categories Category1 and Category2, and two security classifications high and low with high > low. The following tables depict a possible protection state of such a model consisting of executing rights b, an access control matrix m, and security levels f.
Answer the following questions:
(a) Briefly argue whether or not the protection state satisfies the simple security condition. (3 marks)
(b) Briefly argue whether or not the protection state satisfies the *-property. (3 marks)
(c) Briefly argue whether or not the protection state satisfies the ds-property. (3 marks)
(d) Briefly explain the reason of having two different security levels assigned to each subject.
(3 marks) (Total 12 marks)
Question 3
(a) Use the Vigenère cipher to encrypt
SECURE
using keyword
EXE
(3 marks)
(b) How many alphabets are used for the previous encryption? (2 marks)
(c) Why is the Vigenère cipher considered more secure than a general monoalphabetic cipher? (2 marks)
(d) Encrypt the following text using the Rail Fence Cipher with a depth of 3: CYBERSECURITY
(3 marks) (Total 10 marks)
Question 4
Consider the following Feistel structure with function f denoting the bitwise "and" of its inputs:
(a) Name the values at the labels (1), (2), (3), and (4) for input 0100 using keys k1 = 01 and k2 = 00. (8 marks)
(b) Sketch an algorithm for decrypting messages encrypted with the given Feistel structure.
(4 marks) (Total 12 marks)
Question 5
Create an RSA key pair for p = 7, q = 13, n = 91, and e = 7 (a) Calculate φ(91). (2 marks)
(b) Calculate d using the extended Euclidean algorithm. (6 marks)
(c) Define the private and the public key.
(2 marks) (Total 10 marks)
Question 6
The following figure depicts a simple Merkel structure consisting of a round function f : B4 × B4 × B4 where B denotes the set of bits {0, 1}:
(a) Assuming that the round function f is strong collision resistant. Briefly argue whether or not it is possible to find two bit sequences x xI ∈ B4*n , such that (0000, x) = (0000, xI ). (3 marks)
(b) Assume that f (y, x) = (shift x left by 1) 田 y.
• Calculate the hash value for 11011 using 0 for padding and 0000 as initial value. Show the outcome after each round. (3 marks)
• The hash function is not collision resistant. Provide a collision for 1111 with initial value 0000 and briefly explain your answer.
(4 marks) (Total 10 marks)
Question 7
Consider the following scheme to implement message authentication which assumes that sender and receiver share a common secret S: To send a message M, the sender computes h = H(MjjS) and then sends Mjjh. After receiving the message M, jjh, , the receiver computes h,, = H(M, jjS) and only if h,, = h, it accepts M.
(a) Explain why the scheme provides message authentication. (4 marks)
(b) Describe which properties of a hash functions are required for H to ensure that the scheme works properly. (2 marks)
(c) Describe whether or not the scheme also provides confidentiality and briefly explain why.
(3 marks) (Total 9 marks)
Question 8
The following figure depict a network consisting of three public key authorities X1, X2 , and X3 , and two users A and B:
We assume that A knows the public key of X1 and B knows the public key of X2 .
(a) List the certificates which are required to allow A to obtain a trusted copy of B’s public key. For each certificate list the identity of the certified entity and the signing authority. (6 marks)
(b) Explain how A can use these certificates to obtain the public key of B in a secure way. (4 marks)
(c) Assume B’s private key gets compromised and B obtains a new certificate from X2 . How can we ensure that no one can use the old certificate to impersonate B?
(3 marks) (Total 13 marks)
Question 9
Assume D is a database containing the following fields:
• cancer: {t, f }
• age: [1..99]
• smoker: {y, n}
Answer the following questions: (a) Let’s assume the query
count(age = 50, smoker = true, weight = 90)
returns 1 for D. Moreover, let’s assume Mr. Smith is 50 years old and a smoker. Explain how to determine whether Mr. Smith does have cancer. (3 marks)
(b) Sketch an algorithm which allows to count the number of people in D which satisfy a certain criteria and ensure the algorithm provides 1.2 differential privacy. (4 marks)
(c) Briefly explain what it means that the algorithm provides 1.2 differential privacy. (2 marks)
(d) Is there still a way to determine whether or not Mr. Smith has cancer? Briefly explain. (2 marks)
(e) Briefly explain the trade-off between utility and privacy and how it can be controlled. (2 marks)
(f) What would be the sensitivity of a query which returns the maximum age from the database? Why?
(2 marks) (Total 15 marks)