ECMM462
FACULTY OF ENVIRONMENT, SCIENCE
AND ECONOMY
COMPUTER SCIENCE
Examination, May 2023
Fundamentals of Security
Question 1
Determine whether each of the following propositions is true (T) or false (F):
(a) Computer security is the protection of the integrity, availability, and
confidentiality of information system resources.
(b) Confidentiality is the protection of assets from unauthorized change.
(c) Confidentiality, availability, and integrity do not influence each other and can be viewed in isolation.
(d) A communication link is an example of an asset.
(e) Threats are attacks carried out.
(f) Threat agent is another term for attacker.
(g) A countermeasure can be devised to recover from a particular type of attack.
(h) A circumstance or event that interrupts or prevents the correct operation of system services and functions is also called deception.
(i) Obstruction leads to usurpation.
(j) Hardware is the most vulnerable to attack and the least susceptible to automated controls.
Note: For each answer you get 1.5 mark if it is correct, −0.5 marks if it is wrong, and 0 marks otherwise. You can never get less than 0 marks in total.
(15 marks) (Total 15 marks)
Question 2
(a) Consider the following access control matrix:
Write a sequence of commands to change the matrix to the following:
(10 marks)
(b) Briefly describe the three components of a security state in Bell-LaPadula.
(6 marks) (Total 16 marks)
Question 3
(a) What are the four properties required of a symmetric cryptosystem given by the functions:
E : K × M → C
D : K × C → M
where M and C denote the sets of messages and corresponding ciphertext, and K denotes the set of keys. (8 marks)
(b) Use the advanced version of the Rail Fence Cipher to encrypt
SECURITYISSOMUCHFUNNNNNNN
with key
14032
in two rounds.
(6 marks) (Total 14 marks)
Question 4
(a) Use Euler’s theorem to calculate the multiplicative inverse of 8 in mod 35. (7 marks)
(b) Briefly describe 2 possible ways to attack an RSA ciphertext and briefly explain why they are not feasible.
(8 marks) (Total 15 marks)
Question 5
(a) Describe the concept of a Merkel structure.
• State its purpose
• State the requirement for the compression function
• State its guarantee for the composed function
(6 marks)
(b) Assume the following scheme to provide message authentication using public key cryptography:
• The sender computes the hash value h(m) of the message.
• The sender sends the message m and an encrypted version of the hash value {h(m)}pr to the receiver. (Here pr denotes the senders private key).
• The receiver uses the public key of the sender to decrypt {h}pr .
• The receiver computes h(m) and compares it to h.
(i) Describe a possible attack on message integrity assuming that h is preimage resistant but not weak collision resistant and briefly justify why it works. (4 marks)
(ii) Describe a possible attack on message integrity assuming that h is preimage resistant and weak collision resistant but not strong collision resistant and briefly justify why it works.
(4 marks) (Total 14 marks)
Question 6
Assume, that a Dolev-Yao intruder has acquired the following knowledge
M = {⟨a,b⟩ , {d}inv(c), inv(e), {|f|}b, {g}e, {h}a }
(a) Decide whether or not the intruder can learn the following messages and briefly explain your reasoning.
(i) {|d|}d
(ii) {f}a
(iii) {|h|}b
(iv) {g}inv(e)
(v) {b}e
(10 marks)
(b) Briefly answer the following questions about nonces:
(i) What are they?
(ii) What are they used for?
(4 marks) (Total 14 marks)
Question 7
Consider the following datasets A and B.
In addition assume a mechanism K which returns the average weight of the people in the database (and 0 if the database is empty). For example K(A) = 161.7. Finally, assume that a person always weights between 0 and 450 lb. Answer each of the following questions and briefly justify your answer.
(a) Are the two datasets A and B neighbouring datasets? (3 marks)
(b) What is the sensitivity K? (4 marks)
(c) Does K satisfy 0.01-differential privacy?
(5 marks) (Total 12 marks)