UNIVERSITI TEKNIKAL MALAYSIA

MELAKA

FINAL ASSESSMENT

ASSIGNMENT

SEMESTER II

SESSION 2019/2020

FAKULTI TEKNOLOGI MAKLUMAT DAN

KOMUNIKASI INTERNET TECHNOLOGY

(BITS 2513)

Dr.Nor Azman Bin Mat Ariff

Student Name Matric Number

Zainalabedin A. H. Baraka B031710427
QUESTION 1 (10 MARKS)
Suppose you were offered the opportunity to use a public cloud system where all computation
processes are done on a cloud server and all your devices use remote desktop software to access
the server. Would you choose to use the cloud services or to keep the computational processes
on your current devices? Explain.

The reason that I would choose cloud services is because of all the benefits it offers. If we
looked at it from a security aspect. It can help with preventing data loss, and it has the ability to
recover fast after any bugs or errors. What is great about cloud services that it always multiple
users at the same time, which saves most companies a lot of time. Its infrastructure saves us a
lot of money by reducing the amount of equipment that is needed. At the end, the reason that I
would go with the cloud services is how safe our data would be in there and it doesn’t matter if
our devices got damaged because its in a safe place

QUESTION 2 (15 MARKS)

Huffman compression reduces the average code length used to represent the symbols of an
alphabet. Symbols of the source alphabet which occur frequently are assigned with short length
codes. The general strategy is to allow the code length to vary from character to character and to
ensure that the frequently occurring character have shorter codes. Given is a set of symbols with
a list of relative probabilities of occurrence within a message.

I T c e g h l n o r t y
1 1 1 3 1 1 1 3 2 1 2 1

Do a step by step work in constructing a Huffman binary tree and get the resultant
codewords.
 QUESTION 3 (12 MARKS)
Search the Web and find examples of IoT devices that you think are exciting, or inappropriate.
Give TWO (2) examples for both categories and explain why each device is falls under that
category.

The two examples of exciting category are: -

1. Elderly Care Monitoring: The schematic diagram of the whole system is shown in Figure
1. The whole system consists of a main board and several information acquisitions
boards. The main control board is the core of the hardware system, while the information
acquisition boards are the basis. The information acquisition boards are installed around
the room at the right places. The voice, infrared, and pulse data are then collected directly
by these information acquisition boards and some of the living status of the elderly, such
 as whether he/she is absent or is sleep abnormally, can then be obtained easily. The living
status whether the elderly falls down is obtained through video analysis by the main
board. When all these living conditions are obtained, they are then uploaded to the server
through Ethernet. Relatives can view the real-time status and historical status of the
elderly with his/her mobile phone through a special installed app on it. On the other hand,
when something unexpected occurs and is detected by the system, a short message will
be sent automatically to the relatives through a GPRS (general packet radio service)
module installed on the system.
2. Security systems - Using IOT solutions can protect the critical assets. IOT solutions
allows security alerts to be delivered on the mobile devices. IOT enabled devices can be
installed in the organizations, in the homes of people and provide security in many ways.
This falls in the category of exciting as: Whenever anyone will break into the house when
the system will be on, the alarm will be triggered and alerts will be given on the mobile
devices.

The two examples of inappropriate category are: -

1. Vehicle automation: The vehicles are enabled with IOT devices to which can even drive
the car without a driver. This falls in the category of inappropriate as: Hackers can take
control of the vehicle by which they can steal the data, identity of the user and can even
drive the vehicle.
2. Entire home automation: things should be associated with IOT in the house. This falls in
the category of inappropriate as: People start to depend on technology a lot then and
hackers exploiting the personal data is also not safe.

QUESTION 4 (7 MARKS)
a. Assume the following SQL command is used to validate user login requests: $sql_query =
"select * from users where user='$user' and password='$pass'" . Manipulate the SQL
statement and implement SQL injection that will allow the attacker to pass through the
login screen. Briefly explain your SQL injection statement.

 The given query is $sql_query ="select * from users where user='$user' and
password='$pass'"
 Assume $user includes username "Customer"
o We can give Customer or “=” input to $user for sql injection attack
 Assume $pass includes password "123"
 Now the SQL statement becomes:
o $sql_query ="select * from users where user='User' or "=" and password='123'
 First, it will become false in the above statement and clause, but because the statement is
given or in the user='Customer' it will become true and that row will be chosen. Thus,
allowing the attacker to pass through the login screen.

QUESTION 5 (6 MARKS)
There are TWO (2) type of keys involved in encryption, which are symmetric and asymmetric
 keys. State and describe the keys.

 Symmetrical Encryption
This is the simplest kind of encryption that involves only one secret key to cipher and decipher
information. Symmetrical encryption is an old and best-known technique. It uses a secret key
that can either be a number, a word or a string of random letters. It is a blended with the plain
text of a message to change the content in a particular way. The sender and the recipient should
know the secret key that is used to encrypt and decrypt all the messages. Blowfish, AES, RC4,
DES, RC5, and RC6 are examples of symmetric encryption. The most widely used symmetric
algorithm is AES-128, AES-192, and AES-256.
The main disadvantage of the symmetric key encryption is that all parties involved have to
exchange the key used to encrypt the data before they can decrypt it.

 Asymmetrical Encryption:
Asymmetrical encryption is also known as public key cryptography, which is a relatively new
method, compared to symmetric encryption. Asymmetric encryption uses two keys to encrypt a
plain text. Secret keys are exchanged over the Internet or a large network. It ensures that
malicious persons do not misuse the keys. It is important to note that anyone with a secret key
can decrypt the message and this is why asymmetrical encryption uses two related keys to
boosting security. A public key is made freely available to anyone who might want to send you a
message. The second private key is kept a secret so that you can only know.
A message that is encrypted using a public key can only be decrypted using a private key, while
also, a message encrypted using a private key can be decrypted using a public key. Security of
the public key is not required because it is publicly available and can be passed over the internet.
Asymmetric key has a far better power in ensuring the security of information transmitted during
communication.
Asymmetric encryption is mostly used in day-to-day communication channels, especially over
the Internet. Popular asymmetric key encryption algorithm includes EIGamal, RSA, DSA,
Elliptic curve techniques, PKCS.