2020 Exam – v2
DESK No.
FAMILY NAME:
GIVEN NAMES:
SIGNATURE:
STUDENT NUMBER:
SEMESTER 2, 2020 EXAMINATIONS
CITS3004
Physics, Mathematics & Computing
EMS
Cybersecurity
.
This paper contains: 5 Pages (including title page) Time Allowed: 2:00 hours
INSTRUCTIONS:
• Open Book: Students may bring in to the exam any non-electronic materials.
• Calculators are permitted (UWA approved calculator with sticker).
• Your name and ID number should be written on the cover page of the answer booklet.
• Clearly state the question numbers in the answer booklet.
• This test is worth a total of 100 marks.
• Please do NOT use a pencil or a red pen.
• Please use readable handwriting. What we cannot read will not give you any points.
• In all answers be sure to provide clear and concise explanations of your reasoning. No marks will be given for
answers not directly relevant to the question.
• Where necessary, state assumptions clearly.
• You can use the extra pages if necessary.
THIS IS AN OPEN BOOK EXAMINATION
SUPPLIED STATIONERY
1 x Answer Booklet 18 Pages
ALLOWABLE ITEMS
UWA Approved Calculator with Sticker
Any non-electronic materials
PLEASE NOTE
Examination candidates may only bring authorised materials into the examination room. If a supervisor finds, during the examination, that you have
unauthorised material, in whatever form, in the vicinity of your desk or on your person, whether in the examination room or the toilets or en route
to/from the toilets, the matter will be reported to the head of school and disciplinary action will normally be taken against you. This action may result
in your being deprived of any credit for this examination or even, in some cases, for the whole unit. This will apply regardless of whether the material
has been used at the time it is found.
Therefore, any candidate who has brought any unauthorised material whatsoever into the examination room should declare it to the supervisor
immediately. Candidates who are uncertain whether any material is authorised should ask the supervisor for clarification.
Candidates must comply with the Examination Rules of the University and with the directions of supervisors.
No electronic devices are permitted during the examination.
All question papers and answer booklets are the property of the University and remain so at all times.
This page has been left intentionally blank
Q1) [21 marks total] A new cipher SHUFFLER is developed as shown below in Figure 1.
Figure 1. SHUFFLER cipher
• plaintext is only alphabetic letters. It is padded with the letter ‘X’ if the length is odd.
• Mixer divides the plaintext in half and sends the first half to Round1 and the other half to Round2.
o E.g. if the plaintext is “VEGETABLE”, Round1 receives “VEGET”, and Round2 receives “ABLEX”.
• Key1 is a collection of odd bits (e.g. key = TOMATO, key1 = TMT).
• Key2 is a collection of even bits (e.g. key = TOMATO, key2 = OAO).
• Round1 performs Caesar cipher using the length of key1 (e.g., 3 for key = TMT). The cipher clock figure can
be found at the end of the page.
• Round2 performs Vigenere cipher using key2. The cipher table figure can be found at the end of the page.
• Final permutation concatenates outputs from Round1 and Round2 in that order (e.g., Round1 generated
“HELLO” and Round2 generated “WORLD”, then it is combined as “HELLOWORLD”), and then swaps consecutive
odd and even locations (e.g. HELLOWORLD -> EHLLWORODL).
Using the above information, provide solutions to the below questions/tasks. State any assumptions clearly.
i) [5 marks] Encrypt the plaintext “VEGETABLE” using key “TOMATO”.
ii) [5 marks] Decrypt the ciphertext “LNDNHQLI” using key “TOMATO”.
iii) [3 marks] Describe how SHUFFLER can be updated to be compatible with Caesar and Vigenere ciphers.
iv) [3 marks] What are the limitations of the round-key generator? Can we improve it?
v) [5 marks] Discuss attack tactic(s) to exploit SHUFFLER given you know the mechanisms but not the key. What
is the difficulty of attacking this cipher? How can you improve it?
Q2) [26 marks total] You are a new security engineer intern at Cyberdyne to work on a cool project named Skynet. For
ALL questions, explain your answer and clearly state any assumptions you make.
a) [6 marks] You implemented SSL to ensure your clients are secured when they connect to the Skynet. However,
you suspect there is a MITM attack. What could have gone wrong? How would you mitigate this attack?
b) [2 marks] For data integrity, you have implemented MAC. Some clients opted out from using a shared key for
this process (i.e., not using a key as part of the MAC algorithm). What attacks can you launch to exploit this?
c) [5 marks] To monitor attacks in real-time, you are implementing an IDS. If you only had a budget to install either
(i) a single NIDS at the entry point, or (ii) HIDS on application servers only (not the databases), which option
would you implement?
d) [8 marks] After all your hard work, the company fired you for drinking too much coffee. To take revenge, you
decided to implement a vulnerability that you can revisit later. What vulnerability would you leave behind? Discuss
about its impact, detectability, cost and any other relevant factors for you to be successful (please note, this is a
hypothetical scenario, do NOT carry out such actions in real-life).
e) [5 marks] Luckily for Cyberdyne, they decided to hire you back. As a new project, they have asked you to remove
all BOF vulnerabilities in the system. What would be the best approach?
Mixer
Round2
plaintext
Final Permutation
Ro
un
d-
ke
y
ge
ne
ra
to
r
key
SHUFFLER
ciphertext
Round1
key1
key2
Q3) [22 marks total] You lost interest in being a security engineer and decided to join as a software engineer to work
on a new exciting project named WhatsInstaFaceTubeChatTalk, a new social media platform that is better than
everyone else (theoretically). For ALL questions, explain your answer and clearly state any assumptions you make.
a) [4 marks] You are working in a group to develop the mobile app version for your project. Before launching the
app, you found out your teammate forgot to conduct Integration Testing. What could go wrong? How can you
address this issue?
b) [3 marks] Another colleague in charge of unit testing reported that there were no positive test results so there is
no need to panic. Do you agree? What is your reason for your response?
c) [6 marks] After the havoc, you moved onto a new project for implementing a new holographic group chat function.
To conform to international security standards, the ISO27001 has been selected for security management. But
due to its lengthy timeline, your team decided to minimise the effort in one of the nine steps needed to get the
certificate. Which one? Why?
d) [5 marks] Your competitor released a product that does exactly the same for your holographic group chat function.
To upsell your product, your selling point is that yours is more secure. How could you demonstrate this? What
are the hurdles in achieving this?
e) [4 marks] Given Figure 2 below, with attack costs stated in the boxes, calculate the attack cost. Note, 1.2.1.1.
and 1.2.1.2. are joined by AND gate, 1.4.1. and 1.4.2. are joined by AND gate, and 1.3. and 1.4. are joined by
AND gate.
Figure 2. Attack tree for gaining personal information.
Q4) [21 marks total] You have yet another job transition into a network engineer working for the same company. For
ALL questions, explain your answer and clearly state any assumptions you make.
a) [6 marks] The competitor has approached you to give them the backdoor access to your server. You agreed and
have decided to sneak in a forward shell. What are the defence mechanisms that you should be disabling to
ensure this is successful? (Note, don’t do this in real-life).
b) [4 marks] Since your company is so popular with many users, you decided to sneakily spread a ransomware.
What could the company do ensure employees like you cannot spread ransomware?
c) [3 marks] Despite the company’s attempts, you were successful in spreading the ransomware. You have
received enough ransom so you decided to unlock all victim machines. However, you forgot where the private
key was stored. Fortunately, your ransomware was configured in THIS way, so the users can simply do another
round of encryption to gain their data. What is THIS way that allows this to happen? Hint: a block cipher mode is
involved.
d) [8 marks] While reviewing your SQL database, you found an SQLi vulnerability. To protect your database, you
decided to implement security measures. Given the database stores users’ sensitive information such as
passwords (salted and hashed), profiles (name, address, etc.) and other personal data (messages, photos etc.),
what would be the best approach without disrupting the service much?
1. Adversary gains access to a user’s
personal information
1.1. Gain direct
access to the
database
1.2. Login as target
user
1.3. Hijack user
session
1.4. Passively
intercept personal
data
1.1.1. Exploit a
hole in system
application kernel
1.2.1. Bruteforce
login
1.2.2. Steal user
credentials
1.3.1. Steal
user session
cookie
1.4.1. Identify
user
connection
initiation
1.4.2. Sniff network
traffic for personal
data
1.2.1.1. Identify
username
1.2.1.2. Identify
user password
$50 $250
$50 $150
$150
$20 $40
Q5) [10 marks total] Social engineering, such as phishing, targets humans to gain entry into a system. For ALL
questions, explain your answer and clearly state any assumptions you make.
a) [6 marks] Reflected XSS involves luring users to click onto malicious links that contain dangerous scripts. What
are the luring techniques you can use to increase the number of victims? How can people identify such attacks?
What could the browser companies do to limit these attacks?
b) [4 marks] You received an email from Jin Hong (jin. .au). Do you trust it?
Figure A. Vigenere cipher table
Figure B. Caesar cipher clock
End of the Examination