Candidate Number
G6077
THE UNIVERSITY OF SUSSEX
BSc FINAL YEAR EXAMINATION
MComp THIRD YEAR EXAMINATION
January 2020 (A1)
Introduction to Computer Security
Assessment Period: January 2020 (A1)
DO NOT TURN OVER UNTIL INSTRUCTED TO BY THE LEAD INVIGILATOR
Candidates should answer TWO questions out of THREE.
If all three questions are attempted only the first two answers will be marked.
The time allowed is TWO hours.
Each question is worth 50 marks.
At the end of the examination the question paper and any answer books/answer sheets, used or unused, will be collected from you before you leave the examination room.
G6077 Introduction to Computer Security
1.
a) What are the principles of public key cryptography?
[10 marks]
b) Explain the mechanism employed by the RSA algorithm and exemplify its
functionality for the following values:
p=3, q=11.
[20 marks]
c) A particular web application stores its passwords as a table containing the
output of hashing the raw password with the secure hash algorithm (SHA1).
i) What is a secure hash function?
ii) Explain the vulnerabilities in this approach to securing passwords, and
describe how an ethical hacker would demonstrate these vulnerabilities
to the web-site owner. Your answer should include a description of the
use of the appropriate tools.
[20 marks]
/Turn over
G6077 Introduction to Computer Security
2.
• Describe how drive by download malware works. How would a system administrator protect their users from such malware?
[12 marks]
• Explain why a brute force attack will fail when using One Time Pad cipher.
[13 marks]
c) Explain the obligations of an organisation in looking after personal data
under the GDPR legislation.
[25 marks]
/Turn over
G6077 Introduction to Computer Security
3.
a) Explain the functionality of block-based ciphers. In the context of block-
based ciphers, explain the process of padding. Exemplify padding for the
word hello using three different methods. Use the attached ASCII table
for hexadecimal values of the characters. hello hexadecimal value is
68656c6c6c.
[25 marks]
b) What is an attack tree? Develop an attack tree for gaining access to the
contents of a physical safe. Physical safes are common in work places,
where a multi-digit combination code is used to lock and unlock the safe,
and the physical strength of the cabinet inhibits entry except via the door.
[10 marks]
c) A university network administrator is responsible for 15,000 computers on
their site, where users may accidentally allow malware to be installed, or
may install their own software. Explain how the tools of ethical hacking
can help the administrator to detect security holes in the computers within
the site.
[15 marks]
End of paper