MCQ From MTAs Of T215B From 2012 To 2017 Version_2

1. “We might want to keep certain information about ourselves, or certain things that we do, secret
from everyone else or selected others”. This form of privacy is known as_____________ ***
Anonymity , Confidentiality , Self-determination , Identity
2. Encryption provides mechanism for _______________which is ensuring that data has not been
tampered with ****
Eavesdropping, Integrity, Confidentiality, Authentication
3. In Caesar cipher, the encryption and decryption keys are said to be________________
Supplementary, Identical, Equivalent, Complementary
4. The truth table shown below is for the following operation

OR, NAND, AND, XOR

5. A number that has always more than two factors:1, itself and other factors is called______________
Prime number, Compound number., Real number., Complex number
6. ____________ indicates how well the biometric separates one individual from another. *
Distinctiveness, Performance, Circumvention, Collectability
7. WIMAX is the standard implementation of __________wireless networks.
IEEE 802.3, IEEE 802.11, IEEE 802.2 , IEEE 802.16
8. Using the Caesar cipher (single coding), what will be the decryption key if the encryption key used
was 3?
12 , 20 , 23 , 21
9. In ____________, encryption and decryption are performed using a single key or, two keys
that are so closely related to each other mathematically
Symmetric key system, Asymmetric key system, Antisymmetric key system, Public key system
10. The method of trying all possible combinations in a key space is known as_____________. **
Denial of service attack, Brute force attack., Quantum attack., IP sec attack.
11. When properly applied, the ______________ is the only known truly unbreakable cipher
Caesar cipher., One-time pad cipher., Vigenère cipher., Columnar transposition cipher.
12. An evaluation of _____________ requires us to consider whether the system will function
as expected (and as claimed) and are there effective safeguards in place to monitor its
performance.***
Convenience, Identity, Reliability, Acceptability
13. The strength of a cipher is measured by? *
The complexity of cipher algorithm, How long it takes to break it., The simplicity of cipher algorithm,
14. What key space is possible by encoding the letters (English letters) as blocks of 3 (or trigraph)? *
17576
15. The prime factorisation of the number 72 is: *
2x2x2x9, 2x2x2x2x3, 2x2x3x3x3 , 2x2x2x3x3
16. An important point to bear in mind when considering ________ is that it is not constant over time.
Convenience, Identity, Reliability, Acceptability
17. Privacy as ________: we might want some of our actions (even those done in public) not
to be traceable to us as specific individuals
Anonymity
18. The science of breaking codes and ciphers is _______ **
Cryptanalysis
19. In Columnar Transposition Cipher, if the keyword is “tuesday”, how many characters is its anagram? *
7
20. Figure below shows a simple transposition cipher, It uses a wooden pole (or staff) known
as a “scytale”, a strip of parchment or leather is wound around the pole so that it forms a
sleeve. The message is written in rows along the length of the sleeve, what is the key of
this transposition cipher? *
The diameter of scytale
21. One of the following is NOT correct in regards to transposition cipher. *****
A. The identity of the letters change but their positions remains the same
B. A transposition cipher is strong when there are long blocks of identical characters within
the string
C. Given text with normal language characteristics, a transposition cipher can be strong
against a brute force attack.
D. A and B
22. What would be the output of combining the 7-bit ASCII code for the letter ‘N)’1001110‘( ’
with the randomly generated coding data 1110001 using the XOR process?
0111111
23. In Cipher-block chaining (CBC), the __________ process used to combine the ciphertext
output from one block with the plaintext input of the following block is:
XOR
24. The branch of science concerned with the concealment of information
Cryptology
25. A plaintext of X-language that consists of 29 letters is encrypted using Caesar cipher, if
that ciphertext is decrypted using key of 20, what is the encryption key?
5 , 7 , 6 , non
26. To combat Brute force attack we need:
a weak association with the linguistic patterns in the plaintext, small key space , Complex encryption
algorithm , A and C
27. One of the following is a correct regarding Electronic Codebook (ECB) **
A) Each block uses different key based on the previous block output.
B) The encryption of each block is dependent from the other blocks.
C) ECB is not practical when data involves long repetitive strings of 1s and 0s, such as a
picture data
D) Two similar blocks of plaintext will result in different blocks of ciphertext
28. One aspect of _________ is whether there are safeguards in place to ensure that someone else won‟t
be able to impersonate
Identity
29. The science of creating codes and ciphers is *
Cryptography
30. In the figure below, Output 1 represents the _______

Ciphertext
31. The prime factorisation of the number 48 is:
2x2x3x4, 2x2x2x3, 2x2x2x2x3, 2x2x2x2x3x5
32. Privacy as ________: we might consider some of our behavior private in that it is
„up to us‟ and no business of others (where those „others‟ may range from the
state to our employers) ***
Self-determination
33. A single encryption error in one block is cascaded through to the following blocks, this is
a drawback of: *
CBC
34. IPsec is one of the most commonly used protocols for securing communication
over___________
Virtual private network (VPN)
35. Quantum cryptography systems are designed for __________
key generation
36. To build strong ciphers, one of the following is required as desirable characteristic:
A very large key space and a weak association with the linguistic patterns in the plaintext.
37. When no paper ballots are used for voting, the voting system is called a/an “______________” system
E-Voting
38. ______________theme(s) provide a framework that can be used for analysing the technologies.
Convenience , Reliability, Acceptability , All
39. CCTV stands for ______________.
Closed Circuit Television
40. Encryption provides mechanisms for _____________ ensuring that the identities of people are correct.
authentication
41. A ______________ is an encryption technique usually used when the input bits
stream length is unpredictable or when the input buffering is limited.
Stream cipher
42. ____includes the protocols, policies, procedures and organisations that provide the public key services
Public Key Infrastructure
43. ______________capture images of fingerprints by using light-sensitive sensors to convert optical
patterns into electrical signals.
Optical Sensors
44. When paper ballots are used for voting but those are counted electronically, the voting system is called
a/an “______________” system.
E-Counting
45. ______________ is a/are characteristic(s) of a surveillance system.
Systematic , Purposeful , all
46. _____________encryption uses a key that is identical in length to the plaintext, and is used only once
one-time pad
47. ______________is a block encryption technique where the encryption of each block
is completely independent from the other blocks
Electronic Codebook
48. ______________ .indicates how easy it is to measure the biometric and translate it
into an electronic format.
Collectability
49. When a fingerprint is analyzed at the ______________ level attention is paid to the minutiae
local
50. ________________are the ones most commonly used by fingerprint recognition systems. **
Termination and bifurcation
51. One way to decouple from the linguistic patterns of the plaintext is to encrypt with a cipher that uses a
succession of different keys. An example of this is **
Vigenère cipher
52. Whether accomplished in hardware or software, encryption frequently involves an operation known as
the: **
XOR process
53. The quantum cryptography works by exploiting properties of _______ to distribute a secret key that
can then be used to encrypt messages in the traditional way.**
photons
54. One of the characteristics of biometrics against which it can be judged is________ where it indicates
how commonly the biometric is found in humans.
Universality
55. One of the characteristics of biometrics against which it can be judged is________ where
it indicates how well the biometric remains the same over time.
Permanence
 Short Answers From MTAs Of T215B From 2013 To 2017
1. Video surveillance sysm using closed circuit television (CCTV) has created a series of social, political and
technical dilemmas. Explain, briefly, two of these dilemmas.
• First, it is citizens in public spaces who are the objects of surveillance. Thi threatens to destroy the ‘public
privacy’ previously enjoyed by anonymous citizens in a public space.
• Second, citizens are in no position to agree to or reject surveillance. This limits the extent of the freedom of
citizens tgo about their lawful business without being observed and monitored. It also extends the capacity for
agencies and institutions to subject a section of the public realm to surveillance for their own purposes.
• Third, the development of surveillance systems has changed what can be gleaned from observations of
individuals. As well as recording the presence and recognizing individuals, surveillance systems now offer the
possibility of evaluating and making inferences about a person’s actions and intentions,
2. In Cryptography ‘codes’ and ‘ciphers’. What is the main difference between a code and a cipher?
Codes:
- A code replaces whole words, phrases or groups of symbols with alternatives (or code words).
- The purpose of creating a code is not always for secrecy.
- simply as an abbreviation
- used to provide an alternative way of communicating formation.
- A code is the output of an encoding process (the reverse is decoding) and generally relies on sets of
look-up tables (codebooks) for the conversion processes (2 marks)
Ciphers:
- A cipher is the output of an encryption process that either replaces data symbols with alternative
symbols, or rranges existing symbols.
- The opation used to create a cipher is systematic (i.e. follows some set rules).
- A cipher is almost always created for reasons of secrecy. (2 marks)
3. State the characteristics that are required to build strong ciphers.
Two desirable characteristics are required to build strong ciphers:
- very large key space (2 marks)
- a weak association with the linguistic patterns in the plaintext. (2 marks)
4. In the context of Public key infrastructure, explain briefly the term “Certification authority”? What is its
role? Illustrate your explanations with examples?
A Certification Authority (CA) acts as a trusted third party with the role of issuing digital certificates that bind
individuals’ identities to their public keys. (2 marks)
Digital certificates are analogous to passports, and Certification Authorities are like Passport Authorities. (1 m)
There is a hierarchy of Certification Authorities, the most trusted and influential being the Root Certification
Authorities. Examples of Root Certification Authorities: VeriSign; Thawte (1 mark)
5. what does IPsec stands for? What are the services offered by IPsec?
IPsec stands for the Internet protocol security. IPsec is one of the most commonly used protocols for securing
communication over a virtual private network (VPN). The services IPsec provides are: (2 marks)
- Data encryption using either RC4, DES, 3DES or AES
- Client authentication using username and password, or username and token, or digital certificate
- Data integrity
- Protection against replay and traffic flow analysis. (2 marks)
6. Biometrics can be divided into two types. What are these types? Explain them, giving examples for each?
Biometrics can be divided into two types: (2 marks)
- Physiological biometrics
- Behavioral biometrics
Physiological biometrics does not normally change through a person’s life – at least, not after that person has
reached adulthood. For example, a fingerprint or an iris pattern. (1 mark )
Behavioral characteristics also do not normally change. They only change if someone makes a sustained effort
to change them. For example, gait or way of signing name. (1 mark)
7. The certification authority (CA) issues digital certificates that include many items.State three of its contents?
A digital certificate will typically include:
- A copy of the public key
- owner of the key: the owner’s name, etc.
- digital certificate: a serial number, expiry date, etc.
- Information about the CA itself: CA name, its own digital signature, etc.
8. explain briefly, the term “fingerprint”? What are its advantages and disadvantages?
Fingerprint: this has to do with the ridges and furrows on a fingertip so it is a physiological biometric.
Advantages:
- The ridge pattern on a fingertip stays the same throughout a person’s life (though it may become less
pronounced), unless the fingertip is damaged.
- It is also highly distinctive – even identical twins have somewhat different fingerprints.
- A fingerprint is easy to capture (3 marks)
Disadvantages:
- An estimated 5% of people are not able to provide a fingerprint that is usable for security purposes
(Maghiros et al., 2005, p. 19) due to injury or worn-down ridges on the fingertip.
- It is possible to lift a fingerprint off a surface and use it to produce a fake ‘finger’.
9. The various forms of privacy need to be weighed against a number of values. Explain briefly, four values.
- accountability for personal or official actions;
- the need for crime prevention and detection and for security generally: our desire to be able to engage
in our personal affairs without anyone knowing is always offset against our desire for criminals not to
have the same opportunity;
- efficiency, convenience and speed in access to goods or services: this relates particularly to services
accessed online, where access might depend on entering personal, identifying information;
- access to services that depend on fulfilling specific criteria such as being above an age limit or having a
disability, or being the genuine owner of a particular credit card;
- the need to monitor health risks, such as outbreaks of infectious diseases;
- Public and legal standards of behavior which might weigh against some personal choices.
10. In the context of data security, explain the difference between strong cipher and weak cipher?
Strong Ciphers take a long time to break, but they also tend to be more difficult to use. (2 marks)
Weak ciphers are quicker to break but are usually also quite easy to use. (2 marks)
11. One of the properties of Caesar cipher is that it uses a monoalphabetic substitution. Explain, this property.
- The key remains constant. For example, the plaintext letter ‘e’ will always be encrypted as the same
Ciphertext symbol. (2 marks)
- The Ciphertext inherits the linguistic patterns of the plaintext. (1 mark)
- The Ciphertext is susceptible to letter frequency and other linguistic analysis! (1 mark)
12. In the context of encryption, explain briefly the term “session key” with describing its advantages and
drawbacks.
A session key is a short symmetric key which is used by both parties (for instance, Alice and Bob) to encrypt
their secret messages. (1 mark)
Advantages of a Session Key:
- A session key is short.
- A session key imposes a much lower processing overhead than public key systems. (1.5 marks)
Drawbacks of a session key:
- Low resistance to attack
Session keys usually stay in service for a relatively short time (sometimes only a single transaction) before
being discarded. (1.5 marks)
13. In the context of Biometric, explain briefly, the term “Gait”? What are its advantages and what are the
disadvantages?
Gait: This is the way someone walks so it is a behavioral biometric. ( 1 mark)
Advantages:
- Can be captured at a distance.
- Can be captured without the subject’s knowledge. (1.5 marks)
Disadvantages:
- It is relatively difficult to capture, normally involving working on a video sequence.
- It is also computationally intensive and so not suitable for real-time authentication. (1.5 marks)
14. Transposition cipher suffers from some of weaknesses. Explain briefly, two of these weaknesses.
- The number of possible permutations to crack a transposition cipher depends on the content of the
message.
- A transposition cipher is incapable of encrypting a string of identical characters!
- A transposition cipher weak when there are long blocks of identical characters within the string →
Easier to break
15. Draw the block diagram for a Biometric security system with mentioning proper labelling for the elements of
the system. And determine the function of each block

- Sensors: Devices that capture the raw biometric data of users.

- Feature extractor: Takes the raw data from the sensors as an input, extracts from it the key features
and converts them into a digital representation called a template.
- The storage: It is a place to hold templates
- The matcher: Compares the template created from an input biometric sample (the template outputted
from the feature extractor) with a stored template.
- The decision maker: Decides whether the input template and the stored template match, based on the
similarity value from the matcher.
16. What are the characteristics of hash function? And what is the output of encrypting the hash function with
the sender’s private key?
- One way function
- Even a small alteration in the hash function’s input M should result in a completely different hash.
- It should be extremely difficult to find a different variable length string M’ ≠ M that would compute to
the same hash function H(M). (1 mark for each point)
- The output of encrypting the hash function with the sender’s private key is digital signature
17. Define block cipher and stream cipher?
Block cipher breaks the plaintext into equal-sized blocks, usually of 64 or 128 bits, and encrypts each block
separately to produce a ciphertext output exactly equal in length to the input. (1 mark)
Stream ciphers operate on very small segments of data – usually at the bit level (1 mark)
18. List one example of block cipher?
Example: ECB and CBC (0.5 mark)
19. List two advantages of stream cipher?
- can encrypt ‘on the fly’ one bit (or sometimes one byte) at a time
- Stream ciphers are generally faster than block ciphers, and are less complex to implement in hardware
(0.5 mark for each point)
20. List one condition that determines where to use stream cipher?
- The input stream length is unpredictable (such as in telecommunications).
- The input buffering is limited.
21. Privacy comes in many forms, relating to what it is that one wishes to keep private: list and describe four of
these forms?

- privacy as confidentiality: we might want to keep certain information about ourselves, or certain
things that we do, secret from everyone else or selected others;
- privacy as anonymity: we might want some of our actions (even those done in public) not to be
traceable to us as specific individuals;
- privacy of identity: the right to keep one’s identity unknown for any reason, including keeping one’s
individual identity separate from a public persona or official role;
- privacy as self-determination: we might consider some of our behaviour private in that it is ‘up to us’
and no business of others (where those ‘others’ may range from the state to our employers);
- privacy as freedom to be ‘left alone’, to go about our business without being checked on: this includes
freedom of expression, as we might wish to express views that the government, our employers, or our
neighbours might not like to hear;
- privacy as control of personal data: we might desire the right to control information about us – where
it is recorded, who sees it, who ensures that it is correct, and so on.
22. Define Substitution cipher and Transposition cipher, give an example for each one.
- Substitution cipher: The encryption process systematically manipulates a symbol (or a group of
symbols) in the plaintext to produce a different symbol (or group of symbols), which becomes the
ciphertext. Such as Caesar cipher…(any correct example)
- Transposition cipher: The encryption process ‘scrambles’ the order of the symbols of the plaintext in
some systematic way. Such as columnar transposition cipher…(any correct example)
23. Define the brute force attack
Brute force attack is the method of trying all possible combinations in a key space to break ciphertext. (3 m)
24. A key is used to encrypt a message, the key consists of 4 digits, each digit could be either one of 7 possible
characters, digits could be similar, how many attempts are needed to break the cipher text?
Number of attempts = 7^4 = 2401 (2 marks)
25. Does the complexity of cipher algorithm affect the strength of cipher, explain?
Complexity of cipher algorithm does not affect the strength of cipher, the length of key is the key point, the
longer key the more time needed to break the ciphertext, and so the time needed to break the key define the
strength of cipher. (3 marks)
26. What is the difference between Public Key and Private Key in the Asymmetric key system?
- One of the keys is made public – Public Key: perhaps post it on a website or send it out in an email
message to all contacts
- The other key is kept private – Private Key: unpublished key should remain secret
27. Explain how asymmetric systems is used for key exchange:
- One of the parties, for instance, Alice generates the session key
- Alice uses the second party’s public key, for instance, Bob’s public key is to encrypt the session key
- Alice sends the encrypted session key to Bob
- Bob decrypts the encrypted session key using his own private key
- Both parties (Alice and Bob) share the same symmetric session key
- The session key is used for encrypting their messages.
28. List 2 advantages and 2 disadvantages of Biometric security system? (6 marks)
Biometric security system main advantage:
- People automatically have their identity token with them.
- A biometric cannot be forgotten or left behind.
Biometric security system main drawback:
- Many biometrics are not secret and so can be imitated.
- It is very difficult – if not impossible – for someone to change their biometric when it has been
compromised.
29. An examples of biometric that’s used is Voice, answer the following:
Why could it be generally classified as a behavioral biometric? (2 marks)
It is classified as a behavioral biometric as it relates to how people speak.
Why is it also be considered as a physiological biometric? (3 marks)
Voice can also be considered as a physiological biometric if it is the frequency components of the voice that
are measured, as these relate to the vocal tract.
30. List one advantage of voice recognition? (2 mark)
Voice recognition is usable at a significant distance
List 4 disadvantages of voice recognition (7 marks)
- Humans recognise voices much more readily than electronic equipment can.
- Can be affected by health conditions such as sore throat which can render a voice hard for a human to
recognise, hence, it can make it impossible for electronic equipment to recognize
- Close relatives may have voices that are so similar that identification is difficult for electronic
equipment.
- Background noise is a problem for these systems.
A subject’s voice can be pre-recorded without their knowledge and used to fool the recognition system
31. What are Quantum cryptography systems designed for and why? (3 marks)
- Quantum cryptography systems are designed for key generation rather than for the direct encryption
of data (1mark)
Computers are becoming ever faster and more powerful -> Encryption methods that were once thought to be
secure can become vulnerable because of faster processing speeds -> if some day someone discovered a fast
and simple method for factoring large primes, one possible solution is quantum cryptography (2 marks)
32. What is a photon and what are the possible polarities of photon? ( 3 marks)
- Photon is the smallest possible measurement of light, and can be characterised by its polarity of spin.
(2 marks)
- The polarity of a photon can be in any direction: north/south, east/west, or any angle between (1
mark)
33. Define Asymmetric key system? (1 mark)
Asymmetric key system is the system that uses two keys, one for encryption and one for decryption. Both keys
are mathematically related to each other but in a very complex way.
34. Define the following: numbers factorization, prime factorisation, prime number, and compound number?
- With the exception of the number 1, all numbers can be decomposed into two or more numbers that
multiply together to make the number. The process of decomposing a number in this way is called
factorisation.
- A factorisation is said to be a “prime factorisation” when all the factors are prime numbers.
- Prime numbers are characterized by the uniqueness of their factorization. A Prime number has only
two factors: 1 and itself
A compound number has always more than two factors: 1, itself, and other factor(s)
35. Explain how the collision resistant properties of a hash function provide assurances about the integrity of
the message?
- Alice could attach the hash to her message {M,H(M)}
- Encrypt her message and the digest both together using Bob‟s publick key :{M,H(M)} KB
- On receipt, Bob uses his private key to decrypt the bound message and hash : {{M, H(M)} KB } K’B =
M,H(M)
- He would then recalculate the hash.
- If the recalculated hash matches the received hash, the message has not been altered.
- This is only true if the hash function is “Collision resistant”.
36. Explain how Columnar Transposition Cipher works
- The sender and receiver agree on a codeword (1 Mark) and a way to reorder the letters in the keyword
into an anagram (1 Mark).
- The plaintext is entered into each of the columns (with the keyword at the top) a letter at a time
working across the rows. (filling the rows: 2 Marks)
- Any empty places in a row can be padded with redundant letters (the „x‟ for example). (1 Mark)
- The columns are then reordered according to the keyword anagram. (2 Marks)
The ciphertext is given by reading back the letters from the reordered matrix. (1 Mark)
37. To break the Caesar cipher using brute force attack, how many attempts are needed?
Number of attempts are 26 (4 Marks).
Note: 25 is also an acceptable answer (since 0 is not a valid key)
38. What are the drawbacks of a Public key systems
- The keys are long in order to provide the required resistance to cryptanalysis
- This imposes a processing overhead (processing is more complicated)
- The time needed for encryption/decryption increases (compared with symmetric systems).
39. What is a photon and what are the possible polarities of photon?
- Photon is the smallest possible measurement of light (4 Marks), and can be characterised by its
polarity of spin.
- The polarity of a photon can be in any direction: north/south, east/west, or any angle between. (4
Marks: Most probably the students will give 4 polarities)
Note: If the students provided a drawing of these polarities, a full mark can be awarded. (out of 4 marks)
40. Brute force attack is used to break a cipher by trying every combination of the key, if the key is supposed to
be a six letters word “active”, how many different attempts by brute force attack to break the cipher text
provided that each letter in the word “active” appears only once, show your answer in details? (10 marks)

The first letter can appear in any of the six positions; the second in any of the 5 remaining positions; the third
in any of the four remaining positions; and so on. This gives a total possible number of combinations of 6! = 6 ×
5 × 4 × 3 × 2 × 1 = 720
41. In fingerprint, attention is paid to the ridge lines individually to identify the point where a ridge line is
discontinuous; The discontinuity points are called minutiae.
A. Turning a raw fingerprint image into a set of minutiae usually requires three main stages of processing,
list and define them? (9 marks)
- Binarisation is a process of converting the grayscale raw fingerprint image into a black and white, or
binary, image
- Thinning reduces the width of each ridge to one pixel
- Minutiae detection consists in running an image window that is 3 × 3 pixels through the thinned
fingerprint image and checking the black pixels within the window
B. Which of the grid patterns in Figure below show minutiae? If they do, identify the minutia type in each
case (justify your answer). (12 marks)

- The pixel at the centre of Figure (a) has two of its eight neighbouring pixels black, and they are situated
at opposite sides of it. This is therefore an intermediate ridge point and not a minutia.
- The pixel at the centre of Figure (b) has only one of its eight neighbouring pixels black. This is therefore
a minutia: a termination.
- The pixel at the centre of Figure (c) has three of its eight neighbouring pixels black, and one of them is
situated at an opposite side from the other two. This is therefore a minutia: a bifurcation.
42. What is the difference between Public Key and Private Key in the Asymmetric key system? (3 marks)
- One of the keys is made public – Public Key: perhaps post it on a website or send it out in an email
message to all contacts
- The other key is kept private – Private Key: unpublished key should remain secret
43. List two advantages of stream cipher? (2 marks)
- can encrypt ‘on the fly’ one bit (or sometimes one byte) at a time
- Stream ciphers are generally faster than block ciphers, and are less complex to implement in hardware
44. Brute force attack was used to break a message written in X-language that’s consists of 29 characters, how
many attempts are needed to break the message?
Number of attempts are 29 (2 marks)
45. List 4 services that IPsec provides?
- Data encryption using either RC4, DES, 3DES or AES
- Client authentication using username and password, or username and token, or digital certificate
- Data integrity
- Protection against replay and traffic flow analysis.
46. List 4 services that IPsec provides?
- Data encryption using either RC4, DES, 3DES or AES
- Client authentication using username and password, or username and token, or digital certificate
- Data integrity
- Protection against replay and traffic flow analysis.
47. One of the issues of symmetric key systems is the secure key distribution; explain how the symmetric systems
distribute the private key over insecure channel using the Double-locking protocol?
- Alice encrypts the message with her key and sends it to Bob
- Bob encrypts the message he received with his key and sends it to Alice
- Alice decrypts the message she received with her key and sends it to Bob
- Bob decrypts the message he received with his key and reads the message
48. Detecting singularities from a raw fingerprint image usually starts with producing a ridge orientation image.
Give a definition for “a ridge orientation image” and provide a simple illustrative drawing. Then, explain
how singularities are detected from a ridge orientation image and provide an example.
A ridge orientation image is a simplified version of the fingerprint image that has short lines with appropriate
slopes instead of ridge lines. (2 Marks)
 To detect singularities, the ridge orientation of each point of the ridge orientation image is compared with the
ridge orientations of its neighbouring points. (1.5 Marks)
Example:
Where the ridge orientation of a point is significantly different from the ridge orientations of some of its
neighbouring points → the point is a singularity. (1.5 Marks
49. For many years, the e-voting system in the Netherlands has met the public acceptability. However, the
public lose confidence in the acceptability of the e-voting computers when a Dutch TV news program in the
autumn of 2006 questioned the security and reliability of the machines used in the country‟s elections. Give
5 reasons for this loss of confidence.
- The machines were very old and insecure.
- Computer scientists demonstrated it was possible to re-program the computer to swap votes between
parties.
- Computer scientists demonstrated it was possible inflate the number of votes recorded in favour of
the hypothetical Fraud party.
- the warehouse housing 400 of the e-voting machines in Rotterdam had very little physical security.
- The machines were vulnerable to re-programming.
- When the voting machines were regularly returned to the factory for maintenance, their
transportation was not subject to any special security.
- The keys used to unlock the machines were all the same – one key would open all 8000 e-voting
machines.
- The computers were only tested one every four years and the tests reports were confidential
- The computer scientists demonstrated it was possible with the aid of some elementary wireless
scanning equipment to remotely read how individual voters were casting their votes
50. TLS/SSL is used in the majority of web browsers and forms the basis of the HTTPS protocol. What does
TLS/SSL stand for? Mention two security services provided by TLS/SSL and three main actions that occur
during a TLS/SSL handshake process.
TLS/SSL: Transport Layer Security/ Secure Sockets Layer (2 Marks)
The services TLS/SSL provides are: (2 x 1 Marks)
- Data encryption,
- Client authentication (using username and password or username and token, or digital certificate),
- Server authentication,
- Data integrity.
During a Handshake process: (3 x 1 Marks)
- The server and client agree on the methods for encryption, data compression.
- The server and client exchange random data which will be used for the session key generation.
- The server also sends its certificate to the browser.
- The browser checks the certificate‟s authentication and extracts the server‟s public key.
- The browser generates a symmetric session key, encrypts it with the server‟s public key and sends it to
the server.
51. Two basic approaches to block encryption are CBC and ECB. Draw two drawings to explain the main idea of
each of these block encryption approaches. Then, give one drawback of each approach.

(2.5 Marks: deduct 0.5 Mark if any of the following components is missing: Key, link, xor process, encryption
or IV, input and output blocks)
 (1.5 Marks: deduct 0.5 Mark if any of the following components is missing: Key, encryption, input and output
blocks)
Drawbacks of ECB:
- Two similar blocks of plaintext will result in similar blocks of ciphertext (1.5 Mark)
Drawbacks of CBC:
- A single encryption error in one block is cascaded through to the following blocks.
Any error or loss of data in the previous block prevents that block and all following blocks from being
decrypted
52. Give a definition for each of the following terms: Decryption, Substitution cipher, transposition cipher,
encryption key, symmetric key.
Decryption: A process that reverses the process of encryption by transforming ciphertext back into plaintext
(1.5 Marks)
Substitution Cipher: An encryption process that systematically manipulate a symbol (or a group of symbols) in
the plaintext to produce a different symbol (or group of symbols), which becomes the ciphertext. (1.5 Marks)
Transposition cipher: An encryption process that „scrambles‟ the order of the symbols of the plaintext in some
systematic way. (1.5 Marks)
Encryption Key: In any encryption process, when altering a “variable” produces different outcome (ciphertext)
this “variable” is called a Key. (1.5 Marks)
Symmetric Key: A single key that is involved in the encryption and decryption processes is called a symmetric
Key. (1 Mark)
Encryption: is a process by which information is changed in some systematic way so as to hide its content from
everyone except its intended recipient (2 Marks).
Cryptography: the science of creating codes and ciphers. (1Mark)
Cryptanalysis: the science of breaking codes and ciphers. (1 Mark)
A Cipher: is the output of an encryption process that either replaces data symbols with alternative symbols, or
rearranges existing symbols (1 Mark).
A Code: is the output of an encoding process (the reverse is decoding) and generally relies on sets of look-up
tables (codebooks) for the conversion processes. (1 Mark)
Difference: A cipher is almost always created for reasons of secrecy while a code is used simply as an
abbreviation (1 Mark)
53. Explain what is the role of the matcher and the decision maker? Emphasize the difference between them.
- Matcher: compares the template created from an input biometric sample with a stored template and
outputs a similarity value (1.5 Marks)
- Decision Maker: decides whether the input template and the stored template match (1.5 Marks)
Difference: The matcher does not make any decision it only outputs a similarity value, the decision maker
analyzes the similarity value to make a decision. (1.5 Marks)
54. A Certification Authority (CA) acts as a trusted third party with the role of issuing digital certificates. What is
a digital certificate? What kind of information does it contain (at least three elements)? Mention one
common use of digital certificates.
A digital certificate binds an individual’s identity to his/her/its public keys. It is analogous to a passport. (1.5
Marks)

A digital certificate will typically include: (3 x 1.5 Marks = 4.5 Marks)

- A copy of the public key
- Information about the owner of the key: the owner’s name, etc.
- Information about the digital certificate: a serial number, expiry date, etc.
- Information about the CA itself: CA name, its own digital signature, etc.
Digital certificates are commonly used for web authentication. (1 Mark)
55. Fingerprint sensors are classified into two major categories: Optical Sensors and Solid State Sensors. What is
the main technical idea behind each category? Draw a comparison table showing three major differences
between them.
Optical sensors: capture images of fingerprints by using light-sensitive sensors to convert optical patterns into electrical
signals. (one main idea is enough: 2 Marks)
“They work by shining light on to the fingertip, which is placed on the transparent sensing surface of the sensor. They
then detect the light reflected back on to the light- sensitive sensors.” (This can also be considered as a main idea)
Solid State sensors: The idea was to build an all-in-one silicon chip with a two-dimensional sensory array placed directly
on the chip. (one main idea is enough: 2 Marks)
Optical Solid State
Big size Low size
Expensive Cheap
High Resolution Low resolution
Cannot be integrated in devices such as Can be integrated in devices such as
computer or mobile phone computer or mobile phone
56. The following pictures show four different grid patterns extracted from a fingerprint image at the last stage
of minutiae detection. Use a 3x3 pixels image window to detect the type of minutia in each grid
(termination, bifurcation, an intermediate ridge point, or not a minutia). (6 Marks)

A b c d
a: intermediate ridge point c: bifurcation
b: Not a minutia d: termination
(1.5 Mark each)
57. Brute force attack is used to break a columnar transposition cipher by trying every combination of the key.
Based on that, answer the following:
a) If a key is supposed to be eight letters word “mustache”, how many different attempts by brute force
attack to break the cipher text provided that each letter in the word “mustache” appears only once, show
your answer in details? (5 marks)
The first letter can appear in any of the 8 positions; the second in any of the 7 remaining positions; the third in
any of the 6 remaining positions; and so on. This gives a total possible number of combinations of 8! = 8 x 7 x 6
× 5 × 4 × 3 × 2 × 1 = 40320
b) Consider the previous case in part (a) but each letter has the probability to appear more than once, how
many different attempts by brute force attack are needed to break the key? (5 marks)
The first position can be any of the 8 letters; the second position can be any of the 8 letters as well, and so on.
This gives a total possible number of combinations of 8^8 = 16777216
c) a fast computer was used to break the previous word in part (b), the speed of processor was 2 MIPS
(million instructions per second), if each attempt needs 60 instructions, what is the time needed to break
the word. (Consider the worst case, i.e. the last attempt is the successful one), express your answer in
second and minutes? (6 marks)
Total number of instructions = 16777216x 60 = 1006632960 instructions (2.5 marks)
Time = 1006632960 / (2x10^6) = 503.3 s (2.5 marks)