Assignment 1

Name: Zoha Sabih

Program: BSIT-7A

Enrolment: 02-235192-014

Instructor: Darakhshan Syed

Course: ITC-411 Cyber Security

Zoha Sabih (02-235192-014) BSIT-7A

BAHRIA UNIVERSITY
Karachi Campus
Department of Computer Science
Marks: 05

Submission Instructions:
• Please ensure that your name, your student ID number, Course teacher information,
Class, Semester ,University information are legibly written and clearly visible on the
front of your submission.(Please follow the title page template)
• Late submission under any circumstances is not allowed.

Assignment Tasks:

1. Bio-metric verification is a method to enforce either Confidentiality or

Integrity? Discuss.
Biometric verification falls under the umbrella of confidentiality. This is because
confidentiality deals with ensuring that only authorized personnel are able to access the
data. Biometric verification is a way to verify the identity of the authorized persons. On
the other hand, integrity has more to do with the data itself, rather than who is accessing
it. Through integrity, we can be certain that our data is exactly how we left it, just like the
links on a chain, the stream of information should be the same as how you left it last.

2. How can data confidentiality be compromised?

Any computer attack or malpractice that gives an unauthorized person leverage to access
your device or protected data compromises the confidentiality of your system. Having
weak passwords, not implementing two-factor authentication, leaving your device open
or unattended for an extended period of time, are all examples where the confidentiality
of your system can be easily compromised by a malicious person.
Some tactics hackers use to bypass the authorization process are:
• Backdoor.
• Brute force attack.
• Session replay.
• Fabrication (Masquerade).
Zoha Sabih (02-235192-014) BSIT-7A

• Interception.
• Traffic analysis.
• All passive attacks.

3. What measures can help to preserve data integrity?

Integrity of the data is said to exist when the information isn’t tampered with and is
exactly how the user left it last. Some steps we can take to maintain data integrity and
reliability are:
• Version Control: To ensure that the data is consistent and accurate,
implementing version control is recommended for tracking any and all intentional
changes.
• Maintaining Backups: In case of any data loss, or server crash, your data must
always have a remote backup to fall back onto so that no loss is recorded.
• Resilience: A server should always be capable of bouncing back from any loss or
unintended modification in data. This is called resilience.
• Network Security: Network security measures should be ensured since a large
amount of data is attacked upon over the network. Some examples of these are
active attacks like modification, spoofing, and tampering. It’s recommended to
implement network security measures like access control lists (ACLs).

4. Why do data breaches occur?

A data breach is the result of an insecure system. There can be many reasons for a data
breach, but almost all of them are due to many vulnerabilities and not preventing any
possible attacks or mitigating threats to the system’s security.
If accurate security measures like encrypting and decrypting the data over the network,
storing information in encrypted format, and constantly changing the encryption
algorithm are not followed, the attacker can easily access your data, resulting in a data
breach. Other safety measures like following CIAAA best practices and following the
ISO standard for a secure system are also recommended to prevent any breaches.
Zoha Sabih (02-235192-014) BSIT-7A

5. How can I help protect my personal information in the event of a data

breach?
Once your information is compromised, it’s almost impossible to undo that. The best
option for someone suffering from this situation is to change as much information as
possible. This includes passwords, emails, credit card information like their PIN, and
possibly adding two-factor authentication to all their channels so that they don’t suffer a
major loss other than having their information exploited.

6. What are companies doing about data breaches?

Since it’s almost impossible to undo a data breach unless the attackers demand ransom,
companies usually focus on the prevention of such disasters.
Some preventative measures that companies take to avoid data breaches are:
• Legacy Systems: Updating old, legacy systems that are more susceptible to being
compromised as compared to modern, secure systems.
• Better Security: The obvious solution is to have a more secure infrastructure that
won’t break down against malicious attacks. These include both specific and
pervasive security measures.
• Employee Training: Staff handling the data should also know the importance of
following good security practices to make sure that they don’t click on any
malicious links or accidentally download a virus which will eventually result in a
data breach.

7. Is Cryptanalyst a Intruder or Intelligence agents or both? Discuss.

I believe that a cryptanalyst plays a double role since they not only attack the system and
try to determine the plaintext behind the ciphertext that they receive, but also further their
findings to the cryptographers to help them improve the existing algorithm. Unlike a
normal intruder, cryptanalysts might already have some prior information about the data
including minor details like its format, whether it’s in plain English or there’s more
complexity to it and are also experienced professionals that study the nature of
Zoha Sabih (02-235192-014) BSIT-7A

cryptographic algorithms and how to either break or improve them. They can be attackers
when trying to figure out the algorithm and decrypt the ciphertext, and can be
intelligence agents when creating a report for the cryptographers to show them where
their algorithm is lacking and how to make it more secure against possible decryption
attempts.

8. Apply Ceasar Shift cipher technique, By using the given key shift the
letters of the provided message:

Plain text: I AM A STUDENT

Cipher text: L DP D VWXGHQW

Here, we’ve applied a shift of +3.

9. Give a real world example of authenticity.

A real world example of authenticity can be found in the world of e-commerce. Buying
an iPhone from the iPhone vendor or the iPhone original website gives us the assurance
that the product is genuine. If we buy from a third-party website there’s always the
possibility that we’re getting a fake product or a refurbished one even though both the
real and fake ones might look the same on the websites. In information security,
Zoha Sabih (02-235192-014) BSIT-7A

authenticity is knowing whether a transaction is genuine or not.

10. Strong security is often viewed as an impediment to efficient and user

friendly operation. Discuss.
That statement is valid for many cases. It depends on the implementation of the security
measures. A system’s security is always important but so is its usability. There can be
times when consumers will be irritated or tired of all they have to do to for good security
practices, and it’s not always efficient. For example, although adding 5 locks to our
house’s door will make it much more secure and difficult to break into, but it also makes
it 5 times more difficult and inefficient for us to go in and out of the house.
Security should always be a priority but a good system administrator and architect will
know how to construct an infrastructure where both the security isn’t compromised and
it’s easy to use for the intended audience as well. For example, banks only require you to
set a 4-digit PIN code against your debit card and still keep it extremely secure. That’s
because they use security mechanisms like cryptography to keep these codes safe on their
server. This makes both the consumer and the business happy and satisfied. Strong
security doesn’t always have to be an impediment to users, it just needs to be
implemented smartly.