QUESTIONS AND ANSWER FOR TEST1 (COMPUTER SECURITY) QUESTION 1 Confidentiality

a) What is computer security? Computer security is the protection/prevention of organizational assets from unauthorized disclosure and modification and provided he computer services is available. (P/s: insert the three objectives of computer security CIA) Integrity Availability

b) Explain the role of security policy and security mechanism in implementing computer security? Define security policy->Security policy is a statement of what is and what is allowed and not allowed Role of security policy->Policy define security Define security mechanism->is a method, tool, or procedure for enforce security policy Role of security mechanism->enforce security policy QUESTION 2 Explain with example THREE instruments in computer mechanism. Instrument 1. Prevention 2. Detection 3. Recovery/reaction Explanation Try to avoid attack from occur Identify the attack Remove the attack /stop the attack from happen again, then implement mechanism to avoid repetition. Example Firewall Antivirus Recovery back-up
P/s: Just additional note P/s: Just additional note

QUESTION 3 Security risk is always being associated with threats and vulnerabilities. Explain with example what is threat and vulnerability. Term Threat Vulnerability Definition Action by adversaries to exploit vulnerabilities Weakness of a system that can be exploited by attacker Example Information disclosure Virus attack Software bugs Wrong access permission

QUESTION 4 a) Cryptanalysis is the study of methods for obtaining the meaning of encrypted information. Without access to the secret information that is normally required to do so. Typically, there are three types of approaches: Explain the above cryptanalysis approaches. I. Cipher-text cryptanalysis->Attacker only has cipher-text given and need to find the key II. Known plain-text cryptanalysis ->Attacker only have plain text & cipher text given need to find key & algorithm III. Chosen text cryptanalysis ->Attacker are given with either plain or cipher text .He know the algorithm and able to encrypt and decrypt the message to find the key. b) What is the main objective of cryptanalysis? Main objective of cryptanalysis is to obtain the meaning of encrypted information.(P/s: just take from the question) QUESTION 5 Encryption is the conversion of data into a form, called a cipher-text that cannot be easily understood by unauthorized people. THE COOK WAS A GOOD COOK. a) Encrypt the above plain-text using: I. Columnar transposition cipher with the size of 5 1 2 3 Key T H E O K W A G O C O O The cipher text: TOAC HKGO EWOO CAOK OSD Rail-fence transposition cipher with the size of 6 A H S G E A C W O K O The cipher text: TA HSG EAOK CWOO OKDO OC

4 C A O K

5 O S D Z

WRITE IN ROWS READ IN COLUMN (COLUMNAR)

Padding

Key

II. 1 T 2 3 4 5 6

O O D C O O

b) Discuss how the encryption of the above techniques can be made more secure. ???????????

QUESTION 6 Decryption is the process of converting encrypted data back into its original form, so it can be understood. a) Write a pseudo-code for Thomas Jefferson Wheels decryption. Identify key define cipher-text find position of key read plain-text b) Using Vigenere Tableau as in Appendix A, decrypt the following cipher-text with COMPUTER as the key. Cipher Key XWSYG IIGHM VEEVW GUGNP RVCD (cipher text) X W S Y G I I G H M V E E V W G U G N P R V C D C O M P U T E R C O M P U T E R C O M P U T E R

Plaintext Key

1) Put COMPUTER as key at the bottom of the cipher text 2)find cipher letter along the row Eg) letter c have cipher letter x..so find the plain letter which is letter v 3) continue until finish Cipher text

The plain text is: VIGJM PEPFY JPKCS PSSBA XCYM

QUESTION 7 In cryptanalysis, frequency analysis is the study of the frequency of letters or groups of letters in a cipher-text. The method is used as an aid to breaking classical ciphers. a) Explain how monograms, bigrams/digrams and trigrams being used in frequency analysis. Create frequency table Base on most used appeared single letter(monogram) Base on most used appeared couple letter(bigram/digram) Base on most used appeared triple letter(trigram) b) Determine the plain-text for the cipher-text below: (Please refer to Appendix B) BPMKW WSEIA IOWWL KWWSI AKWWS AOWIV LIAKW WSAOW APMEM VB

In the sentence, w is the most appeared single letter. So, compare w with the highest probability in single letters frequency Try w= e (key=18) Try w= t (key=3) Try w = a (key=22) Try w = o (key=8) Match The plaintext is = THE COOK WAS A GOOD COOK AS COOKS GO AND AS COOKS GO SHE WENT

QUESTION 8 The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128bit (16 Byte) hash value. a) What hash function as stated in above statement. Hash function is a mathematical function that able to process variable b) What is the objective of this hash function from computer securitys perspective? Want to handle issue of integrity or secure transmission of message useful in encryption algorithm c) Why is necessary for the MD5 to produce 128-bit hash value? 2 points: 1) to prevent second pre-image attack/soft attack (ability to produce msg again) 2) to prevent collision attack (having identical hash value)

QUESTION 9 Please classify each of the following as a violation of confidentiality, of integrity, of availability or of some combination of those: Question John copies Marys homework. Paul crashes Lindas system. Carol changes the amount of Angelos check from 100 to 1000. Henry spoof Julies IP address to gain access to her computer. Answer Availability

Integrity Integrity

Integrity/Confidentiality