UNIVERSITY OF LONDON
FOR EXTERNAL AND INTERNAL STUDENTS
(WESTERN ZONE)
BSc EXAMINATION 2004
Computing and Information Systems
Computer Science
CIS326 Computer Security
Date: June 2004
Duration: 2 hours 15 minutes
Answer all questions in section A (48 marks) and two questions (26 marks each)
from section B.
Electronic calculators may be used. The make and model should be specified on the
script. The calculator must not be programmed prior to the examination. Calculators
which display graphics, text or algebraic equations are not allowed.
This examination paper must not be removed from the
examination room
CIS326
Western and Internal Version
1
Section A
You must answer all 8 questions in this section. There are 6 marks for each question
1.
2.
Three aspects of security are prevention, detection and reaction. Write a paragraph
explaining why methods used for the prevention of, detection of and reaction to, theft of
physical property, may not be appropriate when the crime involves the theft of digital
information.
[6]
a)
A password system is used to provide authentication and access control.
Define the terms:
i.
Authentication
ii.
Access Control
[1]
b)
What does it mean to say that an attacker performs:
i.
An intelligent search for a user’s password?
ii.
A dictionary search for a user’s password?
iii.
An exhaustive search for a user’s password?
[2]
c)
For each type of attack listed in part b) give an example of a situation when this type of
attack would be the most likely to succeed.
[3]
3.
4.
A password system requires that the user chooses a password which comprises 3 lower
case letters (any of a...z) followed by 3 digits (any of 0..9).
a)
How many different possible passwords are there?
[2]
b)
A hacker has an automated program that can try 10,000 passwords per minute. On
average, how long would it take the hacker to find a particular user’s password? Give
your answer to the nearest hour.
[3]
c)
It is decided to make the password more secure by adding another digit onto the end so
that a password now comprises 3 letters followed by 4 digits. If the hacker can still test
10,000 passwords per minute, how long will it take him to find the users password now?
[1]
a)
In a public key cryptosystem, you do not need to keep the encryption key secret. Why is
it essential to keep the encryption key secret in a symmetric key cryptosystem?
[1]
b)
In a symmetric cryptosystem, what do the terms blocksize and keyspace mean?
[2]
c)
Why would a symmetric cryptosystem be insecure if the blocksize is not large enough?
[1]
d)
Triple DES and Rijndael are two widely used symmetric key cryptosystems. State one
advantage and one disadvantage of Rijndael when compared to Triple DES.
[2]
CIS326
Western and Internal Version
2
5.
6.
a)
Explain why the efficiency of certain algorithms, such as factorization and
exponentiation, are of paramount importance when studying cryptographic protocols.
[2]
b)
Give an example of a cryptographic application when it is desirable to use an inefficient
algorithm.
[1]
c)
A particular implementation takes 8s to perform a multiplication of two numbers of size
100. Showing your working, calculate how long it will take to perform a multiplication
of two numbers of size 50 using the same implementation.
[3]
a)
State the discrete logarithm problem.
[2]
b)
Describe the key generation process for the El Gamel public key cryptosystem.
[4]
7.
8.
PGP combines public and symmetric key cryptography to provide confidentiality as
follows:
1. Alice creates a message m
2. Alice generates a random session key k
3. Alice encrypts the session key using Bob’s public key and public key
cryptosystem to obtain k’
4. Alice encrypts the message m using a symmetric cryptosystem with session key
k to obtain ciphertext c
5. Alice sends Bob the values of k’ and c.
a)
List the steps that Bob must take to recover the message m.
[4]
b)
Why does PGP use both public and symmetric key cryptography and not just one or the
other?
[2]
a)
What is the purpose of a key escrow protocol?
[1]
b)
What does it mean to say that a key escrow protocol is “t of n” ?
[1]
c)
Describe how keys can be generated for a 3 of 3 key escrow protocol.
[2]
d)
In a 2 of 2 key escrow scheme, the two keyholders have keys
X = 10011101 and Y = 11011000 respectively.
What is the value of the key K which has been divided into the two pieces X and Y?.
[1]
e)
Why might an “n of n” key escrow protocol not be practical in some situations?
[1]
End of Section A
CIS326
Western and Internal Version
3
Section B
Answer two questions from this section. There are 26 marks for each question.
1.
a)
In a University department, there is an administrator (Mrs A), three lecturers (Dr B, Dr C
and Dr E)) and a Head of Department (Prof H). Three documents concerning the
department are salary.doc, timetable.doc and marks.doc.
The Head of Department has permission to read all of the documents and has write access
to salary.doc. The administrator has read and write access to timetable.doc and read
access to salary.doc. The lecturers each have read access to timetable.doc and write and
read access to marks.doc.
Information regarding the permissions each staff member has regarding the documents is
to be stored in an access control table indexed by subjects and objects.
i.
List the subjects, objects and operations, which will be used in the access
control table.
[3]
ii.
Explain how you could use a group to simplify the access control table.
[1]
iii.
Represent the information given as an access control table.
[4]
b)
A protection ring is a particular example of access control. When is it appropriate to use
a protection ring model?
[1]
c)
In a secret society, documents are classified as top-secret, secret, confidential or
unclassified. Draw a protection ring to illustrate these security levels.
[2]
d)
Explain how a graph can be used to represent security levels.
[4]
e)
Draw a graph to represent the security levels of the protection ring model discussed in
part b).
[2]
f)
In an organization, documents are either unclassified (U) or confidential (C) or secret (S),
with an ordering given by
U<C<S
A staff member can work for the national group {n} or the international {i} group, or for
both groups {n,i}. Security levels are represented by a pair (X,Y) where X is one of U,C
or S and Y is one of the sets {n}, {i} or {n,i}. A security level (X1, Y1) dominates another
(X2, Y2) if
X2 <= X1 and Y2 is a subset of Y1
i.
How many security levels are there?
[1]
ii.
Draw a graph of the security levels.
[4]
iii.
Which security levels are dominated by (C,{n,i}) and (S,{i})?
[2]
iv.
State with justification whether or not the graph is a lattice.
[2]
CIS326
Western and Internal Version
4
2.
3.
4.
a)
Describe the Diffie-Hellman Key Exchange protocol giving a justification for the security
of the protocol.
[4]
b)
Alice and Bob wish to exchange a session key using the Diffie Hellman key exchange
protocol. They have agreed to use prime modulus p = 19 and generator g = 2. Alice
chooses secret number a = 5 and Bob chooses secret number b = 8. What is the value of
the session key that they generate?
[4]
c)
Describe how cryptanalyst Charles could perform a man-in-the-middle attack and trick
Alice and Bob into exchanging keys with himself instead of each other. Illustrate your
answer assuming that Charles is using the secret number c = 3.
[10]
d)
Name and describe a key exchange protocol, which does not rely on public key
cryptography but uses instead a trusted third party or server.
[8]
a)
Describe the RSA (Rivest Shamir and Adelman) public key cryptosystem. Your answer
should include
i.
The generation of public and private keys
ii.
The encryption algorithm
iii.
The decryption algorithm
iv.
The basis for the security of RSA
[12]
b)
Bob has public RSA key (n = 77, e = 7)
Show that Bob’s private key is (d = 43)
[5]
c)
Alice wants to send the message m = 13 to Bob. She encrypts the message using Bob’s
public key. What is the value of the ciphertext that Alice sends to Bob?
[3]
d)
David has also sent an encrypted message to Bob. The ciphertext value that Bob receives
from David is 17. Showing all your working, use Bobs key to decrypt this ciphertext and
recover the value of David’s message.
[6]
a)
Name four essential properties for a cryptographic hash function, explaining for each why
it is essential.
[6]
b)
Give a brief overview of the Secure Hash Algorithm SHA-1.
[4]
c)
How certain are we that SHA-1 has the 4 required properties of a cryptographic hash
function?
[1]
d)
Alice and Bob are using a public key cryptosystem and both have their own public and
private key pairs. Describe how they can use the public key system in conjunction with
SHA-1 to produce and verify digital signatures.
[8]
e)
A cryptanalyst Charles wants to send Bob a false message purporting to be from Alice.
How can Charles use his own RSA keys to try and trick Bob?
[6]
f)
What could Alice and Bob do to prevent this type of attack?
[1]
End of Section B
CIS326
Western and Internal Version
5