(4 minutes) Message authentication can be provided by digital signature and message
authentication code. What are the differences between them? 4 points
(2 minutes) Define the following security terms: 1. Non-repudiation
2. Masquerading
Copyright By PowCoder代写 加微信 powcoder
(3 minutes) What is asynchronous stream cipher? Why is it said to be securer than the synchronous
(2 minutes) Why are asymmetric key cryptosystems (a.k.a. public key cryptosystems) typically slower than
symmetric key cryptosystems?
(4 minutes) Explain the purpose of using hash function in digital signature schemes.
(12 minutes) Read the following article and answer the questions.
FOR YEARS, FACEBOOK has given its users the option of protecting their accounts with two-factor authentication. Soon, the platform’s highest-risk users will no longer have a choice: The social network will require them to lock up their profiles with more than just a password. Good.
Facebook’s parent company, Meta, has required since last year that advertising accounts and administrators of popular pages turn on two-factor. It’s not the only platform taking this step; in May, Google announced a move toward making two-factor authentication the default for all of its users. And while Meta says that its current initiative applies only to the politicians, activists, journalists, and others enrolled in its Facebook Protect
program, this seems like a sort of test for figuring out how to make two-factor authentication as easy as possible for everyone to turn on. Meta is also working to make sure it can help troubleshoot any related issues that may arise for users around the world.
“We aren’t planning currently on rolling it out to everyone, but we can slowly expand within the communities where it’s most critical – communities where people could be most targeted and where the consequences would be most significant,” Meta’s head of security policy, , told reporters ahead of the announcement.
Facebook Protect started as a pilot project in the United States ahead of the 2018 midterm elections and expanded leading up to the 2020 presidential election. Facebook enrolls some prominent public figures in the program automatically, but the company has also been creating mechanisms for people to nominate themselves for inclusion, like enrolling whole newsrooms. Once users join Facebook Protect, they can’t opt out.
Protect’s global rollout began in September, and Meta currently offers it in 12 countries, including India, the Philippines, and Turkey. The program has more than 1.5 million enrollees, including close to 950,000 who first enabled two-factor authentication as a result of the mandate. Gleicher says the company will offer Protect in 50 countries by the end of the year, with more to come in 2022, like Myanmar and Ethiopia. In addition to mandating two-factor authentication, Facebook Protect offers additional automated monitoring and scanning on enrolled accounts.
Though Google is the consumer tech company pursuing mandatory two-factor use most aggressively, others have taken smaller steps. Amazon’s Ring smart camera company mandated two-factor for its few million customers in early 2020 after a wave of break-ins on Ring accounts. And in 2018, Twitter debuted prompts to encourage candidates to turn on two-factor authentication. The social network said in July that only 2.3 percent of its users have enabled two-factor authentication.
Facebook revealed ahead of the announcement that only about 4 percent of Facebook’s monthly active users worldwide have adopted two-factor authentication.
“Two-factor has historically been underutilized across the internet, even by people who are most targeted by malicious hackers, despite it being one of the best available protections against account compromise,” Gleicher said. “To help drive wider enrollment in 2FA we all need to go beyond raising awareness or encouraging enrollment. But we also have to make sure that people around the world, including in areas where people have limited or restricted access to the internet or smartphones, like large parts of the global south, can continue to access these platforms.”
Usability and access issues are important to work out slowly and deliberately, Gleicher says, because his team has made the decision to stand firm on mandatory two-factor for Facebook Protect. Users can choose to enable the additional defense using a number of second-factor options, including authentication apps and physical security keys. Accounts enrolled in the program will receive numerous prompts over time to enable the protection, but if account owners don’t turn it on they will eventually lose access until they do.
“I think it’s very reasonable for companies to make a risk-based business decision to require 2FA for certain things,” says , an independent identity privacy and security consultant. “Services should continue to look at authentication risks and require 2FA where needed. Hopefully this includes enough consideration of the risks to the user and not just to the service itself.”
[Source: https://www.wired.com/story/facebook-protect-two-factor-authentication-requirement/]
(3 minutes) Why are assumptions important in information security?
List all the examples of the authentication factors in the passage. Which factor does each
of them belong to? (3 marks)
Which “Security Principle(s)” has/have to be considered when the tech giants adopt 2FA?
Explain briefly. (4 marks)
(7 minutes) Suppose, in RSA, that two users, A and B, generate the same n, with different values of their public exponents, e. The two e(s) are relatively prime. If there is an attacker who intercepts two ciphertexts c1 and c2, which are the ciphertexts of the same message, m, by A and B, respectively. Explain how the attacker can recover m, without knowing A and B’s private
(5 minutes) In Playfair Cipher, suppose the possible length of a secret key is 1 – 5 letter(s). Assume there is no duplicate of letter in the key. How many possible matrices can be generated?
Justify your answer.
(20 minutes) Assume stuNo is your PolyU student number. We define the followings:
A hash function, H, on input, stuNo, it will output the rightmost numeric digit of stuNo. A symmetric encryption algorithm, E, on input plaintext m and a key k, it outputs a ciphertext text, c = (m + k) mod 16.
An asymmetric encryption algorithm, g, which is the RSA algorithm, where the public key, pk, is denoted by (e, n) and the private key, sk, is denoted by d.
Suppose you need to generate a ring signature, σ, on stuNo, that contains three public keys, (pk1, pk2, pk3). You are the owner of pk3, so you know the corresponding private key. Here are the values of the keys:
pk1 = (5, 21)
pk2 = (7, 21)
pk3 = (11, 21), sk3 = 11
Assume the initial value v is 10 and the random values used for pk1 and pk2 are 3 and 6 respectively. Also, the verifier will check σ based on the sequence, pk1, pk2 and pk3.
stuNo=21027676D
Answer the following questions:
1. What is H(stuNo)?
2. Define the components of σ.
3. What are the values in σ based on your definition in b)?
(2 marks) (3 marks)
(10 marks)
(4 minutes) What is the primary goal of cross-site scripting (XSS)? If an honest website provides purely file
download service to the public, i.e., a user requests a file and the website returns it if it exists, is it possible
to launch XSS attack on this website? Explain briefly
(4 minutes) Why is there a certificate revocation mechanism in public-key infrastructure?
(5 minutes) What are the requirements of a strong password protocol? Is the following protocol a strong
password protocol? Justify your answer.
(4 minutes) Does the hash function adopted in Lamport’s One-Time Password Scheme require
collision-resistant? Explain briefly.
(10 minutes) Answer the following questions regarding software buffer overflow attacks:
2. Examine the following C functions:
Describe the consequence of software buffer overflow attacks, with respect to the C.I.A.
model, on computer systems. (3 marks)
Is there buffer overflow vulnerability issue in the above program?
Explain briefly. (3 marks)
(3 minutes) Explain why if factorization is easy, RSA is insecure.
(5 minutes) Encrypt the following using . The key 23.
he is on the air
(10 minutes) Let S = {A, B, C, … , X, Y, Z} be the space of both plaintext and ciphertext. Suppose the ciphertext
and the secret key is
Decrypt the ciphertext using Vigenère Cipher.
(4 minutes) In a biometric-based authentication system, if the threshold is set to a large value, what is its implication? Explain briefly.
(3 minutes) What is the advantage of Cipher Feedback over Cipher Block Chaining?
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com