COM3501

Data Provided: None

DEPARTMENT OF COMPUTER SCIENCE Spring Semester 2013-2014

COMPUTER SECURITY AND FORENSICS 2 Hours

Answer THREE questions only.

All questions carry equal weight. Figures in square brackets indicate the
percentage of available marks allocated to each part of a question.

COM3501 1 TURN OVER

COM3501

1. a) Explain what is meant by the terms confidentiality, availability, and integrity when
applied in the context of computer and information security.
[15%]

b) Using an appropriate example, explain how these goals can be achieved by

applying authentication, access control and non-repudiation.
[15%]

c) (i) Alice and Bob wish to establish a shared session key, K, using Diffie-
Hellman key exchange, and then use this key to communicate over an
insecure network using strong symmetric encryption. Explain how another
party on the network, Eve, can exploit a protocol vulnerability to intercept the
secure communication between Alice and Bob.
[15%]

(ii) Show how including a trusted third party in the authentication can protect
against Eve’s attempts to intercept the secure communication between Alice
and Bob, and explain how including additional information in the messages
that are exchanged between Alice, the trusted third party, and Bob, can
further strengthen the protocol.
[30%]

d) Describe the main weakness in the Needham-Schroeder protocol, and explain

how this is overcome in the Kerberos system.
[25%]

COM3501 2 CONTINUED
 COM3501

2. a) List four properties of a hash function.

[10%]

b) Using an appropriate example, explain why each of these properties is important.

[20%]

c) The MD5 hashing algorithm takes an input m, and generates a 128 bit output h.
For a brute force attack that aims to obtain m from h, we can approximate the
probability of failure after i attempts to be

Pfailure ≈ e−i(i−1)/(2×128) .
Calculate the number of messages that would need to be generated before an
identical output h is produced, with a probability of more than 0.5? You may use
log e (2) × 2 = 1.177 , and you must show your working.
[20%]

d) Using diagrams to show the sequence of operations, explain how a hash chain is
constructed, and how it is used to invert a hash.
[30%]

e) What are the advantages of using a hash chain to invert a hash rather than a
brute force attack?
[10%]

f) Describe the difference between a rainbow table and a hash chain, and explain
why this difference results in more efficient use of resources.
[10%]

COM3501 3 TURN OVER

COM3501

3. a) Using the Vigenère and Hill ciphers as examples, explain the difference between
a stream cipher and a block cipher.
[15%]

⎛ 8 ⎞
b) If a message ‘hi’ is encoded as the numbers ⎜⎜ ⎟⎟ , what is the result of encrypting
⎝ 9 ⎠
⎛ 1 2 ⎞
this message to a new set of numbers with a Hill cipher using the key ⎜⎜ ⎟⎟ ?
⎝ 3 4 ⎠
[10%]

c) Compare and contrast symmetric and asymmetric encryption schemes.

[20%]

d) Given an RSA public key with public modulus, n = 15, and public exponent, k = 3,
what are the RSA encrypted values of the message ‘hi’ encoded as the integers
(8,9)?
[15%]

e) Using your answer to 3(d) as an example, explain the strengths of the RSA
cryptosystem, and highlight the main sources of potential vulnerability, making
sure that you cover the vulnerabilities associated with both mathematics and
implementation.
[40%]

COM3501 4 CONTINUED
 COM3501

4. a) Describe how a buffer overflow attack can be launched.

[10%]

b) The following code segment, written in the C programming language, takes an

input string provided on the command line and stored in the character array argv,
copies it into the character array buf, and displays buf on standard output.

#include <stdio.h>
int main( int argc, char *argv[]){
char buf[256];
strcpy(buf, argv[1]);
printf(“%s\n”,buf);
}

Explain how this code enables a buffer overflow attack, and show how this
vulnerability could be fixed.
[15%]

c) List the three utilities that were exploited by the Morris worm to establish a shell
on a target machine, and explain briefly how vulnerabilities in each utility were
exploited.
[15%]

d) What was the reason that the Morris worm was so effective, and what was the
lasting impact on the computing community?
[10%]

e) A simple model based on an ordinary differential equation can be used to

describe the spread of a computer virus within a network of hosts. Sketch a graph
showing how the number of infected hosts changes with time based on this
model, and explain why the graph has this particular shape.
[20%]

f) (i) Using a simple example, explain how SQL injection can be used to extract
information from a web service.
[10%]

(ii) Using the same example, explain why SQL is vulnerable to this type of
attack.
[10%]

(iii) Using the same example, describe how this type of attack can be prevented.
[10%]

END OF QUESTION PAPER

COM3501 5 TURN OVER