SCHOOL OF COMPUTING AND ENGINEERING SCIENCES

BACHELOR OF INFORMATICS AND COMPUTER SCIENCE

ICS 3201: CRYPTOGRAPHY AND INFORMATION SECURITY
END OF SEMESTER EXAM
Date: 5th December 2022 Time: 2 Hours
Instructions:
1. This Examination consists of FIVE questions
2. Answer Question ONE (COMPULSORY) and any other TWO questions.

Question 1 (30 Marks)

a) A major issue when using symmetric key techniques is the establishment of pairwise keys.
How many keys would you need for a network with 25 entities? (3 Marks)
b) Attack methods on cryptographic schemes aim to systematically recover the plaintext from
the ciphertext, or even more drastically, to deduce the decryption key. Distinguish between
a chosen‐plaintext attack and an adaptive chosen‐plaintext attack. (4 Marks)
c) We can use several models for evaluating cryptographic security including unconditional
security, complexity‐theoretic security, computational security, provable security and ad hoc
security. Explain unconditional security and computational security. (4 Marks)
d) Briefly discuss how cryptography achieves the goals of confidentiality, authentication,
integrity and nonrepudiation. Also explain what each of the concepts imply. (8 Marks)
e) The input to S‐box 1 is 100011. What is the output? (Use the S‐box 1 table provided).
(2 Marks)

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 14 04 13 01 02 15 11 08 03 10 06 12 05 09 00 07
1 00 15 07 04 14 02 13 10 03 06 12 11 09 05 03 08
2 04 01 14 08 13 06 02 11 15 12 09 07 03 10 05 00
3 15 12 08 02 04 09 01 07 05 11 03 14 10 00 06 13

f) Two desired properties of a block cipher are the avalanche effect and the completeness.
Explain the avalanche effect. (2 Marks)
g) Using trivial (insecure) examples for the parameter values, explain the RSA procedure.
(7 Marks)

Question 2 (15 Marks)

Using example values for the parameters, explain the Diffie Hellman Key Exchange Algorithm.
 (15 Marks)

Question 3 (15 Marks)

Penetration Testing allows for the exploitation of vulnerabilities in an organization’s network. It

helps determine which vulnerabilities are exploitable and the degree of information exposure or
network control that the organization could expect an attacker to achieve after successfully
exploiting a vulnerability. A broad workflow during penetration testing involves the phases Pre‐
Attack Phase (Passive Reconnaissance and Active Reconnaissance), the Attack Phase (Penetrating
the perimeter, acquiring the target, Privilege escalation, execution) and the Post‐Attack Phase.
Briefly discuss each of the phases. Mention any example tools you may use in each phase and what
they would help you achieve.

Question 4 (15 Marks)

Briefly explain each of the following network attacks.

ARP Cache Poisoning Attack

TCP SYN Flooding Attack

ICMP Redirect Attack

TCP Session Hijacking Attack

IP Fragmentation Attack

Question 5 (15 Marks)

A cryptographic hash function must satisfy three criteria: preimage resistance (one‐way property),
second preimage resistance (weak collision), and collision resistance (strong collision). Explain
each of these criteria.