THE UNIVERSITY OF TRINIDAD & TOBAGO

Transcription

1 THE UNIVERSITY OF TRINIDAD & TOBAGO FINAL ASSESSMENT/EXAMINATIONS DECEMBER 2013 ALTERNATE Course Code and Title: TCOM3003 Communication Security and Privacy Programme: Bachelor of Applied Science in Computer Engineering Date and Time: PLEASE READ EXAMINATION Duration: ALL INSTRUCTIONS CAREFULLY BEFORE YOU BEGIN THIS Instructions to Candidates 1. This paper has 5 pages and 10 questions. 2. You are required to answer all 10 questions 3. Each question is 10 points. 4. This final exam accounts for 40% of course evaluation Key Examination Protocol 1. Students please note that academic dishonesty (or cheating) includes but is not limited to plagiarism, collusion, falsification, replication, taking unauthorised notes or devices into an examination, obtaining an unauthorised copy of the examination paper, communicating or trying to communicate with another candidate during the examination, and being a party to impersonation in relation to an examination. 2. The above mentioned and any other actions which compromise the integrity of the academic evaluation process will be fully investigated and addressed in accordance with UTT s academic regulations. 3. Please be reminded that speaking without the Invigilator s permission is NOT allowed. The University of Trinidad & Tobago Page 1 of 6

2 Question 1 RSA scheme has been most widely accepted and implemented general-purpose approach to public-key encryption. Following the figure below, perform encryption and decryption using the RSA algorithm, for the following p = 5; q = 13; e = 7; M = 18 Question 2 If a password is salted with a 24-bit random number, how big is the dictionary attack search space for a 200,000 word dictionary? The University of Trinidad & Tobago Page 2 of 6

3 Question 3 Consider the following fragment in an authentication program: username = read_username ( ); password = read_password ( ); If username is 133t h4ck0r return ALLOW_LOGIN; If username and password are valid return ALLOW_LOGIN else return DENY_LOGIN What type of malicious software is this? Question 4 Explain how IP broadcast messages can be used to perform a smurf DOS attack. Question 5 Either party in an established TCP session is allowed to instantly kill their session just by sending a packet that has the reset bit, RST, set to 1. After receiving such a packet, all other packets for this session are discarded and no further packets for this session are acknowledged. Explain how to use this fact in a way that allows a third party to kill an existing TCP connection between two others. This attack is called a TCP reset attack. Include both the case where the third party can sniff packets from the existing TCP connection and the case where he cannot. The University of Trinidad & Tobago Page 3 of 6

4 Question 6 What is ACK storm and how does it start? Question 7 Explain how a stateless firewall would block all incoming and outgoing HTTP requests. Question 8 Why are pharming and phishing attacks often used in concert with each other? The University of Trinidad & Tobago Page 4 of 6

5 Question 9 As illustrated in the following figure, public key cryptography solves the problem of how to get Alice and Bob to share a common secret key. That is, Alice can simply encrypt secret key K using Bob s public key, P b, and send the ciphertext to him. But this solution has a flaw: How does Alice know that the public key, P b, that she used is really the public key for Bob? And if there are lots of Bobs, how can she be sure she used the public key for the right one? The University of Trinidad & Tobago Page 5 of 6

6 Question 10 Find an integer x, 7x 6 (mod 5) END OF EXAMS The University of Trinidad & Tobago Page 6 of 6