INFORMATION &

NETWORKS SECURITY
Midterm Exam Solutions - Spring 2016
 QUESTION 1.A

Threat Consequences Threat Action (Attack)

 Unauthorized Disclosure  Exposure
 Threat to A circumstance or event whereby an entity gains access A threat action whereby sensitive data is
confidentiality to data for which the entity is not authorized. directly released to an unauthorized entity.
 Deception  Falsification
 Threat to A circumstance or event that may result in an A threat action whereby false data deceives
integrity authorized entity receiving false data and believing it to an authorized entity.
be true.
 Disruption  Corruption
 Threat to A circumstance or event that interrupts or prevents the A threat action that undesirably alters
integrity and correct operation of system services and functions. system operation by adversely modifying
availability system functions or data.
 Usurpation  Misuse
 Threat to A circumstance or event that results in control of A threat action that causes a system
integrity system services or functions by an unauthorized entity. component to perform a function or service
that is detrimental to system security.
 QUESTION 1.A

Type of viruses or worms affect the operating or database or network system.

 Destroyed (deleted) software
 Stolen (pirated) software
 Virus: code that attaches to another program and copies itself to other programs.
• Transient virus: life depends on life of its host
• Resident virus: locates inside memory
 Trojan Horse: malicious effect is hidden from user
 Logic bomb: triggered by an event
 Time bomb: triggered by a time or date
 Trapdoor(backdoor): feature that allows access to program other than through normal channels
 Worm: program that spreads copies of itself through a network
 Rabbit: virus/worm that self-replicates without bound
 Information leaks
 Zombie: Program which secretly takes over another networked computer then uses it to indirectly launch attacks.
QUESTION 1.B
 QUESTION 1.B

Shannon’s characteristics of good ciphers.

 Amount of secrecy should determine amount of labor appropriate for encryption and decryption.

 The set of keys and enciphering algorithm should be free from complexity.

 The implementation of the process should be as simple as possible.

 Errors in ciphering should not propagate and cause corruption of further information in the message.
one error should not throw off the entire process

 The size of the enciphered text should be no larger than the text of the original message.
 QUESTION 2.A

Choose p = 5 and q = 7
Compute n = p × q = 5 × 7 = 35
Compute 𝝋(n) = (p -1) × (q -1) = 4 × 6 = 24
Choose e such that 1 < e < 𝜑(n) & e and 𝜑(n) are coprime [ gcd( 𝝋(n), e ) = 1 ]. Let e = 7
Compute a value for d such that (d × e) % 𝜑(n) = 1. One solution is d = 31  [(31 × 7) % 24 = 1]
Public key is (e, n)  (7, 35)
Private key is (d, n)  (31, 35)
The encryption of m = 2 is c = ( 𝑚𝑒 mod n ) = 27 % 35 = 23
The decryption of c = 23 is m = ( 𝑐 𝑑 mod n ) = 23 𝟑𝟏 % 35 = 2
 QUESTION 2.B

Intermediate Ciphertext
A T T A C K A T 1 2 0 0 A M
DV DG DG DV FA FX DV DG AA XA VX VX DV DD

Substitution Table (GIVEN) Transposition Matrix ( Key = “PRIVACY” )

A D F G V X P R I V A C Y key
A 1 4 7 R E G 4 5 3 6 1 2 7 Sorted Order
D I M N T A B
D V D G D G D
F C D F H J K
V F A F X D V
G L O P Q S U
V V W X Y Z 0 D G A A X A V

X 2 3 5 6 8 9 X V X D V D D

Plaintext = “ATTACK AT 1200AM” Ciphertext = “DXXV GDAD DAAX DVDX VFGV GFAD DVVD”