Friday 15 May 2020, 09:00 BST
(24 hour open online assessment – Indicative duration 2 hours)
DEGREES OF MSc, MSci, MEng, BEng, BSc,MA and MA (Social Sciences)
Cyber Security Fundamentals (H) COMPSCI 4062
Copyright By PowCoder代写 加微信 powcoder
(Answer All 5 Questions)
This examination paper is worth a total of 60 marks
(a) Describe the Kerberos authentication protocol, explaining the structure and purposes of tickets and authenticators.
(b) Alice wishes to use a remote printer in a system protected by Kerberos. Describe in detail how Kerberos makes sure that it really is Alice using the printer.
(c) Kerberos has been set up so that Alice can use the printer all day without having to re- enter her password. Give details of any insecurity that this may cause.
(a) A bank has decided to offer a flatmates joint bank account protected with the usual 4 digit PIN, but with a twist: both flatmates must be present to enter their own PIN, and neither knows enough to access the account on their own. The bank will provide special dual person PIN pads, designed so that neither person can see what the other is entering. Devise a cryptographic algorithm that will make this scheme work with the same security as a single person bank account. Give an example of the account PIN number and the numbers entered by each person.
(b) Describe how this scheme can be extended to three flatmates, assuming that an acceptable three person PIN pad design is available.
(c) This system has the unfortunate problem in that the account cannot be accessed if one of the two flatmates has an accident. Outline how this scheme can be modified to include the bank manager, with any two people being able to access the account but no person can access the account on their own.
(a) Define the term digital steganography and describe the similarities and differences with encryption and digital watermarking. Explain how image and video files can be used for steganography. Explain why are some file types more convenient than others?
(b) Explain how the Least Significant Bit algorithm with a capacity of about 25% works. Give an example to show how the Bit Plane Complexity Segment algorithm with a capacity of 25% would be better?
Summer Diet 1 Continued Overleaf/
(c) Explain with an example how the use of steganography can be detected even when a method such as BPCS has been used. Describe a precautionary technique that will make steganography harder and that does not rely on detecting which files are using steganography.
(a) What are the aims of a MAC flooding attack and how is it achieved? What are the aims of an ARP poisoning attack and how are they achieved? What are the aims of a DNS poisoning and how are they achieved?
(b) Explain the terms black hat, white hat and grey hat hackers. Describe with the aid of examples the 5 stages of penetration testing.
(a) The Bell-LaPadula, Chinese Wall and BMA model are three ways of controlling information in an organisation. Describe each approach, explaining its advantages and disadvantages. Describe a situation when the BMA model is a better way of organising information than Bell-LaPadula, justifying your answer.
(b) Describe the “Common Criteria” system of providing reassurance that software systems are secure. You should describe the different levels of security and the organisations involved in providing security assurance.
(c) The Common Criteria system has a number of flaws. Create your own replacement system that is better than the Common Criteria, explaining why your system is better.
Summer Diet 2 /END
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com