Chapter 9: Security, privacy and data

integrity: Answers to coursebook

questions and to Worksheet questions
Syllabus sections covered: 6.1 and 6.2

From the coursebook

Question 9.01
This is self-explanatory.

Task 9.01
1 To be secure, the password should contain upper and lower case characters, a number and a symbol.
2 There are 128 ASCII characters, of which 96 are graphic characters. The number of different passwords is
therefore 968, which is about 7 × 1015. In words this is about seven million billion.
3 If a password could be tested every second, the time taken to test every possibility in years would be this
value divided by 3600 then divided by 24 then divided by 365. The result is still a very large number. To
reduce the time to less than a year, the password would have to be tested every nanosecond. Clearly the
password is secure from this type of attack.

Question 9.02
The following would be the eight bytes that include the original seven, with the parity bit set for even parity and
byte 8 created from a parity bit for each column with even parity.
Byte 1 0 1 0 0 1 0 0 0
Byte 2 1 1 0 0 0 1 0 1
Byte 3 0 1 1 1 0 0 1 0
Byte 4 0 1 1 0 0 0 1 1
Byte 5 1 0 1 0 1 1 0 0
Byte 6 0 1 0 1 0 1 0 1
Byte 7 1 0 1 1 0 0 1 0
Byte 8 1 1 0 1 0 1 1 1

© Cambridge University Press 2019

 Question 9.03
The eight bytes have to be examined in the following matrix presentation:
0 1 0 0 1 0 0 0
1 1 0 0 0 1 0 1
1 1 1 1 0 0 0 1 x
0 1 1 0 0 0 1 1
0 1 0 0 1 0 1 0 x
0 1 0 1 0 1 0 1
0 1 1 1 0 0 1 0
0 1 1 1 0 0 1 0
✓✓✓✓✓✓✓✓

Each of the columns needs to be checked. For each of these, the parity is correct, assuming even parity. This
would indicate that the transmission has taken place with no error. However, checking the rows reveals that two
have odd parity (indicated by the x) while the remaining five data bytes and the last (parity) byte have even
parity. This would indicate that the process of setting the parity bits at the transmitting end has been in error.
b The only option is to ask for re-transmission of the data.

Exam-style Questions
1 a i Accuracy (1)
ii Validation concerns checking that the data is of the right type (1) and format (1), whereas verification
is checking data that has been input (1).
iii Any from the coursebook list (1) with a sensible example (1).
iv It is possible to enter data with the correct format and of the correct type (1) but it can still be
incorrect (1).
b 1 mark each for any of the following. (max 2)
Unauthorised access to a system (1) can be made more difficult by creating usernames and passwords (1),
strong passwords (1), biometric tests (1), security tokens (1).
1 mark each for any of the following. (max 2)
Unauthorised access to data once a user is logged in (1) can be controlled by only authorising certain
users (1) by setting access rights (1).
2 a i 1 mark each for any of the following. (max 3)
Accidental deletion (1), disk problem (1), system failure (1), location forgotten (1), storage device lost
(1), file deleted or corrupted because of
a virus (1).
ii 1 mark each for any of the following. (max 3)
Encryption (1) possibly when storing data but certainly when transmitting it, authorisation policy
controlling access to data (1), giving different users different access rights (1). Controlling access to
the system (1), by setting user IDs and passwords (1), using methods to authenticate users (1),
biometric methods (1).
Note that the question says ‘describe’, so three names of features would not be worth three marks.

© Cambridge University Press 2019

 b i A disaster such as earthquake, fire or flood (1), which destroys the system or makes it completely non-
functional or inaccessible (1).
ii 1 mark each for any of the following. (max 2)
A risk assessment (1), which considers the effect on the organisation of having systems out of
commission (1), and the likelihood of a disaster occurring (1).
OR a choice of type of remote standby system (1), dependent on the urgency of the need to get back
into operational mode (1).
c 1 mark each for any of the following, for two measures and two descriptions. (max 4)
A firewall (1), to restrict what transmissions can enter (1) or leave the system (1), to check all
transmissions that have entered the system (1). Authentication of sender of email (1), by insisting on a
digital certificate (1), virus checker (1), used regularly (1), intrusion detection (1), auditing system use (1).
3 a i 1 mark each for any of the following. (max 5, provided there is detail given for both transmitter and
receiver)
The transmitting end must define parity to be even or odd (1), then for each individual byte (1) the
number of 1 bits in the 7-bit code is counted (1) and the parity bit is chosen so that the number of bits
in the byte is even or odd (1). At the receiving end the choice of parity defined must be known (1), the
bits in each individual byte are counted (1), and if for any byte the number of bits does not match the
defined parity (1) a re-transmission is requested (1).
ii 1 mark each for any of the following. (max 3)
At the transmitting end a block is defined as a certain number of bytes (1), each byte is treated as a
binary number (1), the binary numbers are added for the bytes in each individual block (1), and the
value obtained is added to the data transmitted for each block (1). At the receiving end the same
calculation is carried out for each block (1), and the value obtained is compared to the transmitted
one (1).
b If two errors occur these could effectively cancel each other out so the errors would not be detected (1).
The position of an error cannot be identified (1).
c Byte 1 0 1 0 1 0 0 1 1
Byte 2 1 0 1 1 0 0 0 1
Byte 3 1 1 0 1 0 0 0 0 *
Byte 4 1 0 0 1 1 1 0 0
Byte 5 1 0 1 1 0 0 1 0
Byte 6 1 0 1 1 0 0 0 1
Byte 7 1 0 1 1 0 0 0 1
Byte 8 0 0 0 1 0 1 0 0
*
The columns should be checked first. The fifth column, as indicated in the diagram, has an odd number of
1 bits, and all of the others have an even number. This suggests an error in transmission (1). The rows
should then be checked. The third row, as indicated in the diagram, has an odd number so is in error (1).
The bit at the intersection of the fifth column and the third row must be wrong (1). The receiver program
will change the 0 to a 1 (1).
4 This is Question 3 in 9608 Paper 13 June 2015. At the time of writing the published mark scheme is available
on the Cambridge International School Support Hub (requires registration). The Examiners Report for the June
2015 series is also available there and this may contain comments specific to this question.

© Cambridge University Press 2019

 The following are what the author of this chapter in the Teacher Resource would suggest as reasonable
answers with alternatives suggested where appropriate. Where a suggested answer includes bullet points,
each bullet point would be worth one mark up to the maximum mark allocation for the question.
a Firewall:
• is either hardware positioned between a computer system and a network or is software installed on a
computer system that receives incoming or outgoing network traffic
• monitors traffic to and from the computer system
• can allow or block traffic in accordance with a set of rules or criteria
• can help to minimise the opportunity for a hacker to gain unauthorised access to the system
• can help to prevent malware attacks by identifying suspect sources of incoming data or destinations
for outgoing data.
Authentication:
• checks the identity of someone attempting to access a system
• can use a username and password system
• could use biometrics, a security tag or both
• is a measure to limit the possibility of unauthorised access by a hacker.
b This can be answered by making statements about either integrity or security that do not directly apply to
the other term:
• Integrity is about the accuracy of the data.
• To be confident about integrity, the data must be up-to-date and uncorrupted during use.
• Security is concerned with the prevention of data loss either by accident or due to malicious action.
• Security is about ensuring that any data stored or transmitted can be retrieved or received exactly as
it was originally.
c i Detailed answers are not expected.
Validation:
Validation methods can be used to check that the data entered conforms to expectations. There are
many different methods:
• The data type can be checked.
• The length of an input character string can be checked.
• The format of the data can be checked.
• There can be a check that a value is in a defined range.
Verification:
Verification methods can be used to check that the data entered is what was intended. there are
many different methods:
• Double entry of a password with a check that the two entries are identical.
• Display of the entered data for physical checking.
• Use of a check digit, as in an ISBN or a bar code where the check digit is calculated from the data
and stored with it ready for the same calculation to be performed when the data is subsequently
read.

© Cambridge University Press 2019

 ii There are some sophisticated methods available, but the two that are easiest to describe are the
parity check and the checksum.
Parity checking involves the addition of a parity bit to a seven-bit code:
• Data is sent with either even or odd parity which is defined by the number of 1 bits in a byte.
• The parity is checked by the receiving device.
• A block parity check method is an extension of this simple approach.
The checksum is a value calculated by the sender from a block of data:
• The checksum is transmitted with the data.
• The receiver performs the same calculation on the received data to check if the checksum
calculated matches the one sent.
Cambridge International AS & A Level Computer Science 9608 paper 13 Q3 June 2015
5 This is question 8 in 9608 Paper 12 November 2015. At the time of writing the published mark scheme is
available on the Cambridge International School Support Hub (requires registration). The Examiners Report
for the November 2015 series is also available there and this may contain comments specific to this question.
The following are what the author of this chapter in the Teacher Resource would suggest as reasonable
answers with alternatives suggested where appropriate. Where a suggested answer includes bullet points,
each bullet point would be worth one mark up to the maximum mark allocation for the question.
Verification:
• Verification methods are used to check that the data entered is what was intended.
• If there is a documented source of the data being entered, verification can involve comparison of the
entered data with the source data.
• If data is being entered manually, options are:
• double entry of the input data with a check that the two entries are identical
• display of the entered data for physical checking.
• One technique appropriate for some types of data is the check digit, as used in an ISBN or a bar code
where the check digit is calculated from the data and stored with it, ready for the same calculation to be
performed when the data is subsequently read.
Validation:
• Validation methods are used to check that data entered conforms to an expected form.
• There are a number of alternatives for the method which might be combined, including:
• a length check for a character string
• a format check for a character string
• a type check for individual characters or a group of such
• a range check defining values that are acceptable
• a presence check when it is unacceptable for a datum not to be entered.
Both validation and verification are necessary to minimise the possibility of incorrect data being entered.
However, neither method ensures this. For example, if someone enters their age as 45 when it should be 54,
this error will not be recognised. A good answer would point this out.
Cambridge International AS & A Level Computer Science 9608 paper 12 Q8 November 2015

© Cambridge University Press 2019

 Worksheet 9.1: for testing basic understanding
1 a Data protection laws are primarily about data privacy.
b The laws concern data which is about a living individual.
c The data is held by a (data controller in an) organisation.
d Measures should be taken to ensure that the data has integrity.
e One aspect of this is that the data must be up-to-date.
f Measures should also be taken to ensure that the data is stored securely.

2 a Personal data: date of birth

Professional experience: singles released
Bookings organised: venue
Financial data: royalties paid
b Professional experience data and bookings organised data would not be subject to data protection
concerns because the pop star would wish to publicise upcoming bookings and singles released. Indeed,
this data would normally be available on a website for all to see.
c Personal data could have data protection concerns. The pop star might not want their age to be known.
They might wish address and telephone numbers to remain unknown to the general public.
Financial data would certainly be expected to remain private and unavailable to the public.
3 A False, B False, C True, D True, E False
Learners need to carefully consider the definition of terms and the implication of these definitions. Data
privacy, integrity and security are all desirable, but they all require appropriate measures to be in place.
However, there are no guarantees even if laws are introduced.
4 a Software and Hardware firewalls
b A firewall installed as software on the system being protected has the disadvantage that the data has to
enter the system before it can be checked. So, there is the potential for malware associated with the
transmission to enter the system before the problem is detected. It has the advantage that updates are
easily activated.
A hardware firewall is a separate custom-made device, which also includes software. The disadvantage of
this is that the system must be maintained and updated if required, so more technical support is required.
Also, if the device fails, the main system would either become unavailable or become vulnerable if it
continues in use with no firewall in operation.
5 a Read, edit, delete, rename, execute if executable, copy.
b If an owner does not wish any other user to use the file in any way, all access can be denied. The simplest
access to allow is read access. This normally allows the user to make a copy because they would normally
read the file through an editing program. The owner is likely to give themselves write access if the file is
to be used in conjunction with a program and is initially empty. Append access would be appropriate for a
file that is to be repeatedly used in association with the running of a program. Delete access should be
denied to both the owner and any other user if the file contains vitally important data. An executable file
is unlikely to be readable, so read access is unlikely unless that is the only way of granting copy access.
There are two points to note. The first is that the owner can normally change the access permissions. A
general user should not be able to do this because otherwise the access permissions become only
precautionary at best. The second is that access permissions can be given to directories or folders.

© Cambridge University Press 2019

 The owner should investigate how access permissions at that level affect access to files inside the
directory before applying them.
c Answers will vary.
6 a A hardware firewall A
b A security token B
c A software firewall C
d A user account B
e A password B
f A digital certificate A
g A biometric test B
7 A True, B True, C False, D False, E True, F False
This is mainly concerned with the meaning of terms and the context in which they are used. Data security has
to consider unauthorised actions by individuals and problems caused by system failure. However, it is also
important to remember that a legitimate user of data can cause data loss by inadvertently deleting or
overwriting a file or by just forgetting where a file was stored or what it was named.
8

Note the assumption that the date has the day recorded before the month. Also note that when validation
checks are incorporated into software, they can be sophisticated and may give sensible reasons for not
accepting the data. It is very difficult to make the checks fool-proof. However, even if the validation check
covers every incorrect possibility, it cannot ensure that the data is correct. In the examples here, if the user
enters the wrong date, it will not be detected by the validation check.
9 0 1 0 1 0 0 1 1

1 0 1 1 0 0 0 1

1 1 0 1 0 0 0 0

1 0 0 1 1 1 0 0

1 0 1 1 0 0 1 0

1 0 1 1 0 0 0 1

1 0 1 1 0 0 0 1

0 0 0 1 0 1 0 0
In this method, the transmitting end creates the matrix from the original seven bytes containing the data.
The data is transmitted bit by bit. Then, the program at the receiving end recreates the matrix and checks that
all rows and all columns match even parity. With just one error, the position of the wrong bit can be identified
as illustrated by the example in this question. Note that, because each row and column contains eight bits,
you can count 1s or 0s.

© Cambridge University Press 2019

 Worksheet 9.2: more challenging questions
1 0 1 1 p 0 p p

2
0 1 1 0 0 1 1

3 a 0 1 0 0 0 1 1

This has bits 1, 3, 5 and 7 as 1, 0, 0 and 0, so the first parity bit indicates an error.
It has bits 2, 3, 6 and 7 as 1, 0, 1 and 0, so no error here.
It has bits 4, 5, 6 and 7 as 0, 0, 1 and 0, so the third parity bit also indicates an error.
If bit 5 is changed to 1 instead of 0, we have the code:
0 1 1 0 0 1 1

This has bits 1, 3, 5 and 7 as 1, 0, 1 and 0, so now no error here

Then it still has bits 2, 3, 6 and 7 as 1, 0, 1 and 0, so still no error here.
Then it has bits 4, 5, 6 and 7 as 0, 1, 1 and 0, so now no error here.
Clearly, bit 5 had been transmitted incorrectly.
b 0 0 1 0 0 1 1

Parity bit 1 shows no error.

Parity bit 2 shows an error with three bits set to 1 in the four covered by this parity bit.
Parity bit 3 also shows an error.
c The correct code for b:
0 0 0 0 0 1 1

So again, the error is in the bit at position 5, which has been switched during transmission.
In the first example, parity bits at positions 1 and 4 showed an error. In the second example, it was parity
bits at positions 2 and 3.
The bit position that is incorrect is the one equal to the sum of the parity bit positions showing an error:
1 + 4 = 5 and 2 + 3 = 5

© Cambridge University Press 2019