CS代考 CITS3004 Cybersecurity

FAMILY NAME: GIVEN NAMES: SIGNATURE:
STUDENT NUMBER:
SEMESTER 2, 2020 EXAMINATIONS
Physics, Mathematics & Computing EMS
This paper contains: 5 Pages (including title page)
CITS3004 Cybersecurity
Time Allowed: 2:00 hours
INSTRUCTIONS:
• Open Book: Students may bring in to the exam any non-electronic materials.
• Calculators are permitted (UWA approved calculator with sticker).
• Your name and ID number should be written on the cover page of the answer booklet.
• Clearly state the question numbers in the answer booklet.
• This test is worth a total of 100 marks.
• Please do NOT use a pencil or a red pen.
• Please use readable handwriting. What we cannot read will not give you any points.
• In all answers be sure to provide clear and concise explanations of your reasoning. No marks will be given for
answers not directly relevant to the question.
• Where necessary, state assumptions clearly.
• You can use the extra pages if necessary.
THIS IS AN OPEN BOOK EXAMINATION
SUPPLIED STATIONERY 1 x Answer Booklet 18 Pages
ALLOWABLE ITEMS
UWA Approved Calculator with Sticker Any non-electronic materials
PLEASE NOTE
Examination candidates may only bring authorised materials into the examination room. If a supervisor finds, during the examination, that you have unauthorised material, in whatever form, in the vicinity of your desk or on your person, whether in the examination room or the toilets or en route to/from the toilets, the matter will be reported to the head of school and disciplinary action will normally be taken against you. This action may result in your being deprived of any credit for this examination or even, in some cases, for the whole unit. This will apply regardless of whether the material has been used at the time it is found.
Therefore, any candidate who has brought any unauthorised material whatsoever into the examination room should declare it to the supervisor immediately. Candidates who are uncertain whether any material is authorised should ask the supervisor for clarification.
Candidates must comply with the Examination Rules of the University and with the directions of supervisors. No electronic devices are permitted during the examination.
All question papers and answer booklets are the property of the University and remain so at all times.
This page has been left intentionally blank
Q1) [21 marks total] A new cipher SHUFFLER is developed as shown below in Figure 1. plaintext
Round2 Final Permutation
ciphertext
Figure 1. SHUFFLER cipher
• plaintext is only alphabetic letters. It is padded with the letter ‘X’ if the length is odd.
• Mixer divides the plaintext in half and sends the first half to Round1 and the other half to Round2.
o E.g. if the plaintext is “VEGETABLE”, Round1 receives “VEGET”, and Round2 receives “ABLEX”.
• Key1 is a collection of odd bits (e.g. key = TOMATO, key1 = TMT).
• Key2 is a collection of even bits (e.g. key = TOMATO, key2 = OAO).
• Round1 performs Caesar cipher using the length of key1 (e.g., 3 for key = TMT). The cipher clock figure can
be found at the end of the page.
• Round2 performs Vigenere cipher using key2. The cipher table figure can be found at the end of the page.
• Final permutation concatenates outputs from Round1 and Round2 in that order (e.g., Round1 generated
“HELLO” and Round2 generated “WORLD”, then it is combined as “HELLOWORLD”), and then swaps consecutive odd and even locations (e.g. HELLOWORLD -> EHLLWORODL).
Using the above information, provide solutions to the below questions/tasks. State any assumptions clearly.
i) [5 marks] Encrypt the plaintext “VEGETABLE” using key “TOMATO”.
ii) [5 marks] Decrypt the ciphertext “LNDNHQLI” using key “TOMATO”.
iii) [3 marks] Describe how SHUFFLER can be updated to be compatible with Caesar and Vigenere ciphers.
iv) [3 marks] What are the limitations of the round-key generator? Can we improve it?
v) [5 marks] Discuss attack tactic(s) to exploit SHUFFLER given you know the mechanisms but not the key. What is the difficulty of attacking this cipher? How can you improve it?
Q2) [26 marks total] You are a new security engineer intern at Cyberdyne to work on a cool project named Skynet. For ALL questions, explain your answer and clearly state any assumptions you make.
a) [6 marks] You implemented SSL to ensure your clients are secured when they connect to the Skynet. However, you suspect there is a MITM attack. What could have gone wrong? How would you mitigate this attack?
b) [2 marks] For data integrity, you have implemented MAC. Some clients opted out from using a shared key for this process (i.e., not using a key as part of the MAC algorithm). What attacks can you launch to exploit this?
c) [5 marks] To monitor attacks in real-time, you are implementing an IDS. If you only had a budget to install either (i) a single NIDS at the entry point, or (ii) HIDS on application servers only (not the databases), which option would you implement?
d) [8 marks] After all your hard work, the company fired you for drinking too much coffee. To take revenge, you decided to implement a vulnerability that you can revisit later. What vulnerability would you leave behind? Discuss about its impact, detectability, cost and any other relevant factors for you to be successful (please note, this is a hypothetical scenario, do NOT carry out such actions in real-life).
e) [5 marks] Luckily for Cyberdyne, they decided to hire you back. As a new project, they have asked you to remove all BOF vulnerabilities in the system. What would be the best approach?
Round-key generator
Q3) [22 marks total] You lost interest in being a security engineer and decided to join as a software engineer to work on a new exciting project named WhatsInstaFaceTubeChatTalk, a new social media platform that is better than everyone else (theoretically). For ALL questions, explain your answer and clearly state any assumptions you make.
a) [4 marks] You are working in a group to develop the mobile app version for your project. Before launching the app, you found out your teammate forgot to conduct Integration Testing. What could go wrong? How can you address this issue?
b) [3 marks] Another colleague in charge of unit testing reported that there were no positive test results so there is no need to panic. Do you agree? What is your reason for your response?
c) [6 marks] After the havoc, you moved onto a new project for implementing a new holographic group chat function. To conform to international security standards, the ISO27001 has been selected for security management. But due to its lengthy timeline, your team decided to minimise the effort in one of the nine steps needed to get the certificate. Which one? Why?
d) [5 marks] Your competitor released a product that does exactly the same for your holographic group chat function. To upsell your product, your selling point is that yours is more secure. How could you demonstrate this? What are the hurdles in achieving this?
e) [4 marks] Given Figure 2 below, with attack costs stated in the boxes, calculate the attack cost. Note, 1.2.1.1. and 1.2.1.2. are joined by AND gate, 1.4.1. and 1.4.2. are joined by AND gate, and 1.3. and 1.4. are joined by AND gate.
1.1.1. Exploit a
hole in system application kernel
1.2.2. Steal user credentials
1.2.1.2. Identify
user password $150
1.1. Gain direct access to the database
1.2. Login as target user
1.3. Hijack user session
1.3.1. Steal user session cookie
1.4. Passively intercept personal data
1.2.1. Bruteforce login
1.4.1. Identify user connection
1.4.2. Sniff network traffic for personal data
1. Adversary gains access to a user’s personal information
1.2.1.1. Identify username
Figure 2. Attack tree for gaining personal information.
Q4) [21 marks total] You have yet another job transition into a network engineer working for the same company. For
ALL questions, explain your answer and clearly state any assumptions you make.
a) [6 marks] The competitor has approached you to give them the backdoor access to your server. You agreed and have decided to sneak in a forward shell. What are the defence mechanisms that you should be disabling to ensure this is successful? (Note, don’t do this in real-life).
b) [4 marks] Since your company is so popular with many users, you decided to sneakily spread a ransomware. What could the company do ensure employees like you cannot spread ransomware?
c) [3 marks] Despite the company’s attempts, you were successful in spreading the ransomware. You have received enough ransom so you decided to unlock all victim machines. However, you forgot where the private key was stored. Fortunately, your ransomware was configured in THIS way, so the users can simply do another round of encryption to gain their data. What is THIS way that allows this to happen? Hint: a block cipher mode is involved.
d) [8 marks] While reviewing your SQL database, you found an SQLi vulnerability. To protect your database, you decided to implement security measures. Given the database stores users’ sensitive information such as passwords (salted and hashed), profiles (name, address, etc.) and other personal data (messages, photos etc.), what would be the best approach without disrupting the service much?
initiatio $20
Q5) [10 marks total] Social engineering, such as phishing, targets humans to gain entry into a system. For ALL questions, explain your answer and clearly state any assumptions you make.
a) [6 marks] Reflected XSS involves luring users to click onto malicious links that contain dangerous scripts. What are the luring techniques you can use to increase the number of victims? How can people identify such attacks? What could the browser companies do to limit these attacks?
b) [4 marks] You received an email from Do you trust it?
Figure A. Vigenere cipher table
Figure B. Caesar cipher clock End of the Examination