Faculty Of Computer Studies

T215B
Communication and Information Technologies (II)

Midterm Assessment
Version 2 – Answer Key
Spring – 2012/2013
Day and Date
Number of Exam Pages: Time (2)
()
(Including this cover sheet) Allowed: Hours

Instructions:

1. The use of calculators is allowed

2. Write the answers on the separate answer booklet
3. The exam consists of three parts:
A. Multiple Choice (10 marks): You should answer All 10 questions
B. Essay Questions (40 marks): You should answer 8 questions out of 10
C. Problem Solving (50 marks): You should solve all problems

Spring 2012/2013 1 MTA – V 2

Part I: Multiple Choice Questions (10 marks)
This part consists of 10 questions carrying a WEIGHT OF 1 mark each. You must answer
ALL of the following Multiple Choice questions. You are advised to dedicate approximately 20
minutes to this part

1) What is the decryption key for the Caesar cipher with encryption key of 15?
a. 15
b. 11
c. 26
d. 5
e. 30

2) The method of trying all possible combinations in a key space is known as:
a. Linguistic attack
b. Scytale
c. Brute force attack
d. Bitcoin
e. None of the above
3) Whether accomplished in hardware or software, encryption frequently involves an
operation known as the:
a. XNOR process
b. XOR process
c. NOR process
d. NAND process
e. None of the above
4) The quantum cryptography works by exploiting properties of _______ to distribute a
secret key that can then be used to encrypt messages in the traditional way.
a. protons
b. neutrons
c. electrons
d. photons
e. none of the above
5) One of the characteristics of biometrics against which it can be judged is________ where
it indicates how well the biometric remains the same over time.
a. Distinctiveness
b. Permanence
c. Universality
d. Collectability
e. None of the above
6) ________________are the ones most commonly used by fingerprint recognition systems.
a. Lake and independent ridge
b. Termination and bifurcation
c. Island and spur
d. Spur and crossover
e. c and d.

Spring 2012/2013 2 MTA – V 2

 7) What is the minutia type for the grid pattern shown in the figure below? Note that each
box in the grid represents a pixel and the minutia is detected by running an image
window that is 3 × 3 pixels.
a. Termination.
b. Island
c. Bifurcation
d. Crossover
e. None of the above
8) How many different arrangements would be possible using the letters of the word
‘product’?
a. 5040
b. 2520
c. 1260
d. 840
e. None of the above
9) Using a computer that can perform 1012 calculations a second, roughly how long would it
take to try all possible permutations of 15 different letters?
a. 1.3 nanoseconds
b. 1.3 microseconds
c. 1.3 milliseconds
d. 1.3 seconds
e. 1.3 minutes
10) One way to decouple from the linguistic patterns of the plaintext is to encrypt with a
cipher that uses a succession of different keys. An example of this is
a. Kirshoff cipher
b. Volta cipher
c. Vigenère cipher
d. Dmitri cipher
e. None of the above

Part II: Short Questions & Problems (42 marks)

This part consists of 10 questions carrying a WEIGHT OF 6 marks each. You must answer
ONLY 7 of these questions. You are advised to dedicate approximately 50 minutes to this part

11) Identity is closely tied to and often confused with two other important concepts:
authorisation and authentication. From your study, define these three terms: identity,
authorisation and authentication.
• Identity is about who you are; the means through which this is typically detected
or verified.
• Authentication is (usually) about proving who you are
• Authorisation is about what you are permitted to do.
12) Privacy comes in many forms, relating to what it is that one wishes to keep private. In
this context, you have studied the following terms: privacy of identity and privacy of
self-determination. Define each one of them.

Spring 2012/2013 3 MTA – V 2

 • privacy of identity: the right to keep one’s identity unknown for any reason,
including keeping one’s individual identity separate from a public persona or
official role;
• privacy as self-determination: we might consider some of our behaviour private
in that it is ‘up to us’ and no business of others.
13) What does the term Wimax stands for? How can it be used in surveillance?
• Wimax (wireless interoperability for microwave access – standard
implementation of IEEE 802.16 wireless networks): alternative to other means
of networking such as Ethernet or cable and minimal disruptive influence in terms
of deploying identity-based applications. This is likely to be true of other global
connection technologies, such as 4G and 5G.
14) From your study of “Identity and identity theft”, what is the definition of “Profiling”?
What it is used for?
• Profiling is the practice of analysing a set of data about an individual in order to
identify that individual as fitting into a particular category. Frequently this is done for
the purpose of targeted advertising which, though it may be irritating, is largely
benign. It’s also carried out as a protection mechanism.

15) There are two basic methods for creating a cipher: substitution cipher and transposition
cipher. What is the major difference between these two methods?
• Substitution cipher takes a symbol (or a group of symbols) in the plaintext and
manipulate it in a systematic way to produce a different symbol (or group of
symbols), which becomes the ciphertext. The substituted symbols in the
ciphertext appear in exactly the same order as the original versions in the
plaintext.
• Transposition cipher ‘scrambles’ the order of the symbols in some systematic
way. The symbols remain unchanged between plaintext and ciphertext, but the
ordering of those symbols changes.

16) What will be the output of the XOR process if the 7-bit ASCII code for N (1001110) is
combined with the randomly generated coding data 0101010?

ASCII code 1 0 0 1 1 1 0
Random data 0 1 0 1 0 1 0
Output 1 1 0 0 1 0 0

17) One of the basic approaches to block encryption is the cipher-block chaining (CBC)
mode. Explain briefly this approach. Use diagrams to explain your idea.
 In CBC mode an XOR process is used to combine the ciphertext output from one block
with the plaintext input of the following block. Using this method, every ciphertext block
is dependent on the ciphertext output from the preceding block as well as its own
plaintext input, so encryption of identical input blocks will produce different results. CBC
mode requires an additional extra input, known as an initialisation vector (IV), to the first

Spring 2012/2013 4 MTA – V 2

 block. An implication of this is that any error or loss of data in the previous block
prevents that block (and therefore all following blocks) from being decrypted. Another
drawback is that a single encryption error in one block is cascaded through to the
following blocks.

18) Mention five kinds of biometrics that can be used in security systems.
• Face, Fingerprint, Iris pattern, Voice, DNA, Gait (the way someone walks),
Signature (the way someone signs their name), Typing pattern (the way someone
logs in to their computer), Personal odour

19) A fingerprint is characterized by the ridge configurations. What are the ridge
configurations? At what levels these configurations can be analysed at?
• The ridge configurations: the way the ridge lines and the valleys between them are
arranged. The configuration of the ridge lines can be analysed at three different levels:
global, local and micro levels

20) You have studied two main sensor types for fingerprints scanning: optical and solid state.
Discuss the solid-state sensor by explaining the main idea behind its technology and how
it functions.
 Solid-state sensors were originally designed with the aim of reducing the physical
size and cost of the sensors.
 The idea was to build an all-in-one silicon chip with a two-dimensional sensory array
placed directly on the chip.
 When providing a fingerprint image, users touch the sensing surface of the chip
directly.
 Instead of converting optical patterns to electrical signals, solid-state sensors convert
thermal, capacitive, piezoelectric or electric field information to electrical signals.
 Capacitive sensors are the most common type employed, because of their simplicity
and low cost.

Spring 2012/2013 5 MTA – V 2

Part III: Long Questions & Problems (48 marks)
This part consists of 4 questions/problems carrying different WEIGHTS that are shown in front of
each one. You must answer all the problems. You are advised to dedicate approximately 50 minutes to
this part.

21) You have studied in Block 4 the “Dutch machines” as one of the case studies that
discusses the acceptability of an electronic voting system. In 2006, a Dutch TV news
programme has questioned the security and reliability of these machines in the country’s
elections. Why did the Dutch government, electorate and media lose confidence in the
acceptability of the voting system in the wake of this programme? (Mention only four
reasons.) (12 marks)
• The machines were very old and insecure.
• Computer scientists from the campaign group managed to borrow a voting
computer from a local council and demonstrated it was possible to re-program the
computer to swap votes between parties and to inflate the number of votes
recorded in favour of the hypothetical Fraud party.
• The programme makers also claimed that, although access to the computers was
needed to perpetrate such fraud, the warehouse housing 400 of these machines
had very little physical security.
• In addition the 8000 voting machines used nationwide were regularly returned to
the factory for maintenance and the transportation of the machines was not subject
to any special security.
• The keys used to unlock the machines were all the same – one key would open all
8000.
• The security company responsible for testing the computers, allegedly only tested
one every four years and their reports on these tests were confidential; that is,
there is no public access to the reports.
• The computer scientists demonstrated it was possible with the aid of some
rudimentary wireless scanning equipment to remotely read how individual voters
were casting their votes. The computers leaked radio signals that could be picked
up by a scanner 25 metres away.

22) Write out the ciphertext resulting from encrypting the letter ‘s’ using the Caesar cipher
with a key of 12, using mathematical notation and evaluate the result. Use the grid shown
below to translate between alphabetic symbols and numerical values. (12 Marks)

s = 18. So when the key is 12, the calculation becomes: 18 + 12 mod 26.

Spring 2012/2013 6 MTA – V 2

 But 18 + 12 = 30, which is outside the range 0 to 25. Deducting 26 from 30 leaves 4 so: 18 + 12 ≡ 4 mod
26. The numerical value 4 represents the letter ‘e’, so the result of encrypting the plaintext letter ‘s’ with a
key of 12 is the ciphertext letter E.

23) Assume that the sender and the receiver have agreed to use a columnar transposition
cipher to encrypt their messages. Further, say that they agreed to use the codeword
“Tuesday”, and agreed that the transposition is to reverse the order of the letters of the
codeword and then swap pairs of letters, starting at the right-hand end. What will be the
ciphertext for the message: “Communication and information”? Detail your work.
(12 marks)

Stage 1 Stage 2 Stage 3

T U E S D A Y Y A D S E U T Y D A E S T U
c o m m u n i i n u m m o c i u n m m c o
c a t i o n a a n o i t a c a o n t i c a
n d i n f o r r o f n i d n r f o i n n d
m a t i o n x x n o i t a m x o n t i m a

24) Two of the biometrics that can be used in security systems are the Fingerprint and the
Typing pattern. Give a brief explanation of each one. (12 Marks)

• Fingerprint: this has to do with the ridges and furrows on a fingertip so is a

physiological biometric.
• The ridge pattern on a fingertip stays the same throughout a person’s life (though it may
become less pronounced), unless the fingertip is damaged.
• It is also highly distinctive – even identical twins have somewhat different fingerprints.
• However, an estimated 5% of people are not able to provide a fingerprint that is usable
for security purposes (Maghiros et al., 2005, p. 19) due to injury or worn-down ridges on
the fingertip.
• A fingerprint is easy to capture, though its acceptance for security purposes by the
general public may be influenced by its associations with criminality.
Another problem is that it is possible to lift a fingerprint off a surface and use it to
produce a fake ‘finger’.

• Typing pattern (The way someone logs in to their computer): This is the way the keys
are pressed – the pressure with which each key is tapped, the intervals between key taps,
and so on – so is a behavioural biometric.
• It has the potential to replace signatures for computer-based activities, but study of this
biometric is still developing.
• Unlike the production of a signature, its capture does not require the subject’s
cooperation, as the computer can be set up to capture it automatically at login.

Spring 2012/2013 7 MTA – V 2