THE UNIVERSITY OF SUSSEX INFORMATICS
G6077
CANDIDATE: please attach Student Support Unit sticker, if relevant
BSc and MComp (Third and Final Year) EXAMINATION 2020 August 2020 (A3)
Introduction to Computer Security Candidates should answer TWO questions out of THREE. Time allowed: 3 hours
If all three questions are attempted only the first two answers will be marked. Each question is worth 50 marks.
Write your answers on A4 paper, scan and save as a single PDF file and upload to Canvas PDF file name: candidate number_module title
Read Academic Integrity Statement
You are reminded that, unless you have been authorised to do so in School or specific assessment guidance, you should not access online materials, notes etc. during this examination or discuss this assessment with others before the end of its 24 hour window. By submitting this assessment you confirm that you have read the above Statement and are responsible for understanding and complying with our academic misconduct regulations (found on Student Hub and here: Academic Misconduct regulations).
G6077 Introduction to Computer Security
1.
a) A major problem in encryption is playback, where an intruder can copy an
encrypted message and play it back, as the same plain text will always give the same cipher text. What would you recommend to overcome this
problem and why?
b) What does privacy by design mean?
[25 marks] [10 marks]
c) What is host header injection? What techniques can an application
developer use to avoid such an attack?
[15 marks]
2.
a) You have been hired as a security consultant for a company that is worried
that its authentication mechanism has been compromised for an employee. Outline the potential problems this might cause, and discuss how serious each problem might be for the company.
[25 marks]
b) What is proactive password checking? Explain at least two different ways of implementing it in an organisation.
[25 marks]
3.
a) Explain the key distribution problem through an example.
[15 marks] b) How are attacks different from threats? Differentiate between passive and
active attacks.
[15 marks]
c) What is malware? Describe the possible consequences to systems once malware has become installed.
[20 marks]
End of paper
2