Total Marks: 50

Important: You must answer all questions. Don’t delete the questions. Your answers must be put below the corresponding question.

Your answers must be based on unit materials studied in workshops or labs. If an answer is not associated with unit materials, it will be considered incorrect. For an example, in one weekly DF task, you answered file infector instead of stealth virus. File infector will be considered wrong answer as it is not discussed in unit materials.

Part A

A.1 The following table shows a couple of encryption algorithms and their key sizes employed by TLS and WTLS:

 Algorithm TLS Key Size (bits) WTLS Key Size (bits) 3DES 168 40 IDEA 128 40 or 56

Explain why in these cases for the same algorithms WTLS uses shorter keys. Do you think WTLS is as secure as TLS? Justify your answer (3 marks).

A.2 Why counter encryption mode is a good choice for high-speed network? What must be ensured to make counter mode hard to break (3 marks)?

A.3 Using examples differentiate between point anomaly and contextual anomaly (3 marks).

A.4 Consider a commercial information system which supports data transmission between peer users and between servers and users on the Internet. The system administration team is concerned on data integrity in their servers. Name a specific access control model, which can be used to protect data integrity. Explain how the model works (3 marks).

A.5 Suppose, an LFSR has the following feedback polynomial function: 1 + X2  +  X3. Draw the LFSR and also find the bit stream period to determine whether the function is a primitive polynomial (4 marks).

A.6 The Hamming distance between two points, (x1, x2, K, xn) and (y1, y2, K, yn), is defined as:

that is, the number of coordinates where (x1, x2, K, xn) and (y1, y2, K, yn) differ. Given the following data items which are points in the 4-dimensional space, for each pair of data items, calculate the Hamming distance between them:

Which two data points represent the highest distance in terms of Hamming distance?  Which point is an anomaly? Draw a graph using hamming distances to justify your answer (4 marks).

A.7 See the question below. You must use while, read and awk command in your program. You must use global variable(s) to store data from the input file (5 marks).

Part B

Important: In this section, you are provided a number of questions as well as answers generated by ChatGPT. You need to identify whether the answers are correct. If not, you need to write the correct answer. If yes, you need to write the answer in your own words.

B.1 An attacker compromised a system of internal network from a remote place. Then, the compromised system has been used to redirect all packets destined to a web server. Identify the type of attacks launched by the attacker. Explain the attack scenario with figure (6 marks).

The scenario you’re describing sounds like a case of a Man-in-the-Middle (MitM) attack, more specifically a form of MitM attack known as a “DNS spoofing” attack. Here’s an explanation with a diagram:

The attacker first compromised a system on the internal network, gaining access to sensitive information and control over the compromised system. This initial compromise could have occurred through various means, such as exploiting software vulnerabilities or using social engineering techniques to trick a user into installing malicious software.

With control over the compromised system, the attacker proceeded to launch a DNS spoofing attack. This involved redirecting all packets destined for a particular web server to a server under the attacker’s control. The attacker manipulates the DNS resolution process to map the legitimate IP address of the web server to the IP address of their own malicious server.

Here’s a simplified representation of the attack scenario:

In the diagram, the compromised system within the internal network is manipulated by the attacker to redirect packets intended for the web server to the attacker’s malicious server. This manipulation intercepts and potentially alters the communication between the users and the legitimate web server, allowing the attacker to eavesdrop on sensitive information or perform other malicious activities.

It is crucial for organizations to implement strong security measures such as network segmentation, regular security audits, software patching, and user education to mitigate the risk of such attacks.

B.2 Suppose, you are the administrator of an information system where every registered user can access the public keys of any other users. Alice and Bob are registered users of the system. Now, as part of a business process, Alice wants to send sensitive data to Bob using a symmetric-key encryption scheme. However, Alice and Bob do not share any secret key currently. They do not have any secure physical channel which can be used to exchange secret keys safely without encryption. Given the constraints, is it possible for Alice and Bob to exchange sensitive data using a symmetric-key encryption? If possible, explain the key generation process using some values (6 marks).

In this scenario, if Alice and Bob do not share any secret key and there is no secure physical channel for key exchange, they cannot directly establish a symmetric key for secure communication. However, they can use an asymmetric encryption scheme to exchange the symmetric key securely. Here’s how they can achieve this:

1. Key Exchange:
• Alice generates a random symmetric key for the data encryption process.
• Alice retrieves Bob’s public key from the information system.
• Alice encrypts the symmetric key using Bob’s public key.
• Alice sends the encrypted symmetric key to Bob.
1. Data Encryption and Transmission:
• Alice uses the symmetric key to encrypt the sensitive data.
• Alice sends the encrypted data to Bob.
1. Data Decryption:
• Bob receives the encrypted symmetric key and uses his private key to decrypt it, obtaining the symmetric key.
• Bob uses the symmetric key to decrypt the sensitive data received from Alice.

This process allows Alice and Bob to securely exchange sensitive data using a combination of asymmetric and symmetric encryption. Asymmetric encryption ensures the secure exchange of the symmetric key, while symmetric encryption is used for efficient and secure data transmission.

B.3 Suppose, a network consists of four different nodes (A, B, C and D). How many keys do they have to generate such that A, B and C can communicate with D in a bidirectional secure way using the DES algorithm? How many keys do they have to generate such that every pair of nodes can communicate in a bidirectional secure way using the same algorithm? How many keys do they need to generate for both scenarios while using 3DES algorithm (5 marks)?

To achieve bidirectional secure communication between specific nodes in a network using the Data Encryption Standard (DES) algorithm, the following number of keys need to be generated:

1. For A, B, and C to communicate bidirectionally with D using the DES algorithm:
• A needs 1 key to communicate with D securely.
• B needs 1 key to communicate with D securely.
• C needs 1 key to communicate with D securely.

Therefore, in this scenario, A, B, and C each need to generate 1 key to communicate bidirectionally with D, resulting in a total of 3 keys.

1. For every pair of nodes (A, B, C, and D) to communicate bidirectionally with each other using the DES algorithm:
• A needs 3 keys to communicate with every other node securely (B, C, and D).
• B needs 3 keys to communicate with every other node securely (A, C, and D).
• C needs 3 keys to communicate with every other node securely (A, B, and D).
• D needs 3 keys to communicate with every other node securely (A, B, and C).

Therefore, in this scenario, a total of 12 keys need to be generated for bidirectional secure communication between every pair of nodes.

Regarding the Triple Data Encryption Standard (3DES) algorithm, the key generation requirements differ:

1. For A, B, and C to communicate bidirectionally with D using the 3DES algorithm:
• A needs 1 key to communicate with D securely.
• B needs 1 key to communicate with D securely.
• C needs 1 key to communicate with D securely.

Therefore, in this scenario, A, B, and C each need to generate 1 key to communicate bidirectionally with D, resulting in a total of 3 keys.

1. For every pair of nodes (A, B, C, and D) to communicate bidirectionally with each other using the 3DES algorithm:
• A needs 3 keys to communicate with every other node securely (B, C, and D).
• B needs 3 keys to communicate with every other node securely (A, C, and D).
• C needs 3 keys to communicate with every other node securely (A, B, and D).
• D needs 3 keys to communicate with every other node securely (A, B, and C).

Therefore, in this scenario, a total of 12 keys need to be generated for bidirectional secure communication between every pair of nodes.

B.4 Consider an application based on wireless communications, which requires a session key of length 15 (that is, 15 bits). For the key to be robust against any brute-force attack, it is required that the session key does not contain any repeating patterns. The following is a linear feedback shift register (LFSR) of length 4. Answer the following questions: Given the initial bits x1=1, x2=1, x3=0, and x4=1, can a session key that meets the above security requirement be produced by this LFSR? If so, write the first 15 bits of the output stream of the above LFSR. If not, find the period of the output stream (5 marks).

In an LFSR, the output sequence repeats after a certain number of clock cycles, known as the period. To determine whether the provided LFSR can produce a session key that meets the security requirement of not containing any repeating patterns, we need to examine its output.

Given the initial state (x1=1, x2=1, x3=0, x4=1), let’s first write down the steps of the LFSR based on the feedback polynomial.

The provided LFSR of length 4 can be represented by the feedback polynomial:

x4+x3+1

Using the initial state x1=1, x2=1, x3=0, x4=1, we generate the following sequence:

1. 1101 (Initial State)
2. 1011
3. 0110
4. 1100
5. 1001
6. 0011
7. 0111
8. 1110
9. 1101
10. 1011
11. 0110
12. 1100
13. 1001
14. 0011
15. 0111

The first 15 bits of the output stream of the LFSR are 110110011110110.

We observe that the sequence doesn’t repeat within the first 15 bits, and it does not contain any repeating patterns. Therefore, a session key that meets the security requirement can be produced by this LFSR.

B.5 Alice and Bob want to exchange a secret key using Diffie-Hellman key exchange mechanism. They agreed on the prime field, q = 11 and root, α = 2. Alice chooses random secret key, XA = 9 whereas Bob selects,  XB = 4. Compute the public keys and shared session key generated in the key exchange procedure (3 marks).

To compute the public keys and shared session key in the Diffie-Hellman key exchange mechanism, we can use the following steps:

1. Agreed Parameters:
• Prime field (q) = 11
• Primitive root (α) = 2
• Alice’s secret key (XA) = 9
• Bob’s secret key (XB) = 4
1. Compute the Public Keys:
• Alice’s public key (YA) = α^XA mod q
• Bob’s public key (YB) = α^XB mod q

Let’s calculate these values:

1. Compute the Shared Session Key:
• Alice computes K = YB^XA mod q
• Bob computes K = YA^XB mod q

Let’s calculate these values:

Therefore, in this Diffie-Hellman key exchange:

• Alice’s public key (YA) = 7
• Bob’s public key (YB) = 5
• The shared session key computed by Alice (K) = 4
• The shared session key computed by Bob (K) = 9.

End of Exam
_________________________________________________________________________