Quiz Report

Submission
Department Professor Year Student no. Division Name
date
Information Sung-woon
3 22330104 1 Hao 2024.03.19
Security Lee
■ Question

 1 Explain what ‘confidentiality’ is, (2) Give an example of when confidentiality

may not be provided, and (3) Write what is a typical way to provide
confidentiality.
 2. Which of the three information security goals cannot be ensured by the use
of cryptographiy?
 3. Choose what are not threats to integrity.
(a) DoS (b) modification (c) replaying (d) snooping
(e) Repudiation (f) Sniping (g) Spooping
(h) Traffic analysis
 4. (1) Explain what passive attacks are, and (2) pick all things that belong to
the passive attack in the above question.
 5. (1) Which of the above attacks can be carried out by an insider, and (2)
describe the attack.
 6. (1) Which of the above attacks is an attacker disguises as a legitimate user
or system, and (2) what are the way to prevent it?
 7. Which of the following security mechanisms cannot be provided by the use
of cryptographic algorithms or cryptographic protocols?
(1) Encryption (2) Data integrity (hash function)
(3) Digital signature (4) Authentication exchange
(5) Traffic padding (6) Routing control
(7) Notarization (8) Access control
 8. Choose two security mechanisms above whose main purpose is to provide
the non-repudiation.
 9. In each of the following cases, what security mechanisms apply?
(1) The bank requires the customer's signature upon withdrawal of the
deposit.
(2) Students enter their student number and password in tup system to check
their grades.
 10. Alice and Bob promise the following word dictionary in advance and use
it to send a message containing secret information. When the usage method
is the same as the previous example, find the secret information hidden in the
following message.
Articles: a(0), the(1)
Verbs: give(0000), like(0001),…, see(0101), play(0110), …
Noun: friend (00000),…, book(00101), …, doctor(10001),
student(10011), … , house(10100), …
Message: A student sees a book. A doctor sees a house.
■ Answer
 (1) This means that only authorized users can view (see, read) the real contents of the data
The confidentiality is guaranteed when unauthorized persons cannot view the contents of the data.
Confidentiality is required in the process of transmitting information over network as well as information
stored on the computer.
 (2) The result of the three information security goals cannot be ensured by the use of cryptographiy are
availability and integrity because Cryptography primarily focuses on securing data by encoding it in such
a way that only authorized parties can access it. However, ensuring availability involves factors such as
system uptime, reliability, and protection against denial-of-service attacks, which are not directly
addressed by cryptographic methods. Therefore, while cryptography can protect the confidentiality and
integrity of data, it doesn't directly ensure that systems will always be accessible and operational
 (3) Choose what are not threats to integrity.
(a) DoS (d) snooping (e) Repudiation
 (4) (1) Attacks that aim for an attacker only to gain information and do not modify data or harm the
system Difficult to detect as there are no changes to the system
Attacks that threaten confidentiality are included
Can be prevented by data encryption
(2) Snooping
Traffic analysis
 (5) snooping. An insider at a company installs monitoring software on the company's internal network.
When other colleagues access the system to work or log into their online accounts, this software
records all activities without their knowledge. The attacker can gather information such as usernames,
passwords, and other sensitive data transmitted over the network. They can then use this information to
carry out fraudulent activities or infiltrate the system, causing harm to the company. In this scenario, the
attacker employs a "snooping" attack to obtain information they are not authorized to access
 (6) The attack where an attacker disguises as a legitimate user or system is called "spoofing." Ways to
prevent spoofing attacks include: 1. *Strong Authentication:* Implement strong authentication
mechanisms such as multi-factor authentication (MFA) to verify the identity of users and systems. 2.
*Network Segmentation:* Segregate network segments to prevent attackers from easily accessing
sensitive systems or data. 3. *Packet Filtering:* Use packet-filtering firewalls to inspect and filter
incoming and outgoing traffic based on source and destination addresses. 4. *Digital Signatures:* Use
digital signatures to verify the authenticity and integrity of data transmitted between systems. 5.
*Security Awareness Training:* Educate users and employees about the risks of spoofing attacks and
how to recognize suspicious emails or requests. 6. *Update and Patch Systems:* Keep systems and
software up to date with the latest security patches to mitigate vulnerabilities that attackers may exploit
for spoofing. These measures collectively help mitigate the risk of spoofing attacks and enhance overall
security posture.
 (7) The security mechanism that cannot be provided by the use of cryptographic algorithms or
cryptographic protocols is (Access control).
Access control involves defining and enforcing policies that determine who is allowed to access
resources or perform actions within a system. While cryptographic algorithms and protocols can
facilitate secure communication, encryption, data integrity, digital signatures, authentication exchange,
traffic padding, routing control, and notarization primarily focus on securing data and communications,
but they do not directly control access to resources. Access control mechanisms typically involve user
authentication, authorization, and permissions management, which may complement cryptographic
techniques but are distinct in their implementation and functionality.
 (8) Non-repudiation providing proof of origin (sender)
If the sender denies sending the message, the recipient of the data can prove the sender's identity Non-
repudiation providing proof of delivery (receiver)
If the recipient denies receiving the message, the sender of the data can prove the recipient's identity
 (9) (1) *The bank requires the customer's signature upon withdrawal of the deposit:
Security Mechanism: Digital Signature
Explanation: The customer's signature serves as a form of digital signature, verifying the authenticity of
the withdrawal request. It ensures that the transaction is authorized by the legitimate account holder and
helps prevent unauthorized access to funds.
(2) *Students enter their student number and password in the system to check their grades:
Security Mechanism: Authentication
Explanation: Students entering their student number and password authenticate their identity to the
system. Authentication verifies that the users are who they claim to be before granting them access to
their grades. This helps ensure that only authorized individuals can view sensitive academic information.
 (10) To decode the secret message, we need to interpret the message based on the provided word
dictionary:
Articles: -
"a" is represented as 0 –
"the" is represented as 1
Verbs: -
"give" is represented as 0000
"like" is represented as 0001
"see" is represented as 0101
"play" is represented as 0110
Nouns:
"friend" is represented as 00000
"book" is represented as 00101
"doctor" is represented as 10001
"student" is represented as 10011
"house" is represented as 10100
Now, let's decode the message: 10100 0001 00101 0110 10001
This translates to: "house the book play doctor"
So, the secret information hidden in the message is: "Bob likes to play doctor."