# IT Security questions

## Instructions

· Take this test during the week (with late submission Monday; a maximum of 10% penalty) **Work alone**. You may not confer with other class members, or anyone else, directly or by e-mail or otherwise, regarding the questions, issues or your answers. You may use your notes, OER, textbooks, and other published materials.

· It is scored based on 100 points for the test.

· When composing your answers, **be thorough**. Do not simply examine one alternative if two or more alternatives exist. However, choose only one as your answer giving reasons for your choice. The more complete your answer, the higher your score will be. Be sure to identify any assumptions you are making in developing your answers and describe how your answer would change if the assumptions were different. For multiple choice questions if you think there are two correct answers **choose the best one** and justify your answers. Please write justification in **your own words**, avoid cut and paste or merely copying the sentences from references. If you are describing methodology, please describe it in **sufficient details** so that by following it, anybody can reach the same result without **additional** help from you.

· While composing your answers, be VERY careful to cite your sources. Use only reputable sources. Personal blogs or the websites that are set up to sell are not reputable sources. Remember, failure to cite sources constitutes an academic integrity violation.

· For Parts I and II, when you are providing justification as I mentioned above reference is required. If you are giving reference of a book, I will need page number(s). I cannot go through the complete book to verify your reference. The page number gives me some indication that you have.

· Your answers should be contained in a Microsoft Word (or compatible format that can be opened by MSWord) document, uploaded to your assignments folder. If you use some other word processor, please make sure that the numbering does not change. I will return files (ungraded) in any other format if I cannot open them in one try. I may also check your part III answers with Turnitin.

______________________________________________________________________________

Part I (Each 4 Pts. Total 40.) Choose the best one. Please provide reason of your choice in a few sentences or reasons not choosing the other choices. Reason must be in **your own words**. Use guidelines for reference as given in the instructions.

1. To protect information, one must protect against possible virus threats True/False justify your answer

2. Which are the weaknesses of a shift cipher?

A. Natural language letter frequency makes them easy to decode.

B. The number of letters in the alphabet makes them easy to decode.

C. Once the shift is determined the message is decoded.

D. Once you have the code book you can decode the message instantly

E. A&B

F. A, B & C

G. A, B, C and D

H. A & C

No reason required

3. What is the basis of the modern cryptography? _________________

A. the laws of mathematics

B. manipulation of data

C. creating disguises for information

D. none of the above

Reason:

4. Historically, the primary and compelling reason for advances in cryptography has been _____________.

a. protecting business assets

b. the need for individual privacy

c. wars

d. keeping diplomatic conversations secret

Reason: _

5. A _______________ requires that the cipher alphabet changes throughout the encryption process.

a. monoalphabetic substitution cipher

b. polyalphabetic substitution cipher

c. quantum cipher

d. alphanumeric shift cipher

Reason: _

6. one of the Network threats is

A. buffer overflow

B. slowing the computer

C. denial of service

D. computer lock up

how it happens: _

7. Risk is __.

A. a weakness in the system

B. a circumstance that may cause loss or is possible danger

C. is a vulnerability that can be exploited

D. Nothing to worry about

Reason: _

8. The trustworthiness of a system is diminished because of.

a. demand for keys

b. confidence decrease

c. exposure to risks

d. bad weather

Reason: _

9. The _______ controls the action of the algorithm.

a. The receiver

b. the length of the plain text

c. cipher text

d. key

Reason: _

10. What has become a major web problem with respect to security?

a. mapping attacks

b. on-line surveys

c. user ignorance

d. scripting errors

Reason: _

______________________________________________________________________________Part II (6 points each, Total 30)

Q1a Complete the following Truth Table: F denotes false and T denotes true

A | B | C=A or B | D= A xor B | E= A and B |

F | F | |||

F | T | |||

T | T | |||

T | F |

Q1b In the following Θ denotes one of the following operators: ’**or**’, ‘**xor**’ or ‘**and**’.

Input1 Θ input2 = Result

where, input1 and, Inpuut2 are ‘A’ and ‘B’ and Result is one of C, D, or E from the above table.

Which operation will yield? (what is Θ?)

input1 Θ result = input 2

input2 Θ result = input 1

Please show proof for one, or disprove other two

Hint:

Check

Input1 OR result = Input2?

Input2 OR result = Input1? For results C, D and E, and inputs A and B

Repeat replacing OR with AND, and XOR

As soon as the given operator is not valid for an operation go to the next operator.

Q2 Using the English alphabet (i.e., mod 26 arithmetic) let plaintext = {p1, p2, pn} and corresponding cipher text = {c1, c2, cn}.

Suppose the encryption function is ci = pi + 6 (mod 26).

You receive the cipher text message ASAIOYZNKHKYZYINUUR

What is the decryption function, and the decrypted/recovered plaintext?

What type of cipher is this?

Show all your steps.

Q3 You are Alice. You have agreed with your friend Bob that you will use the Diffie-Hellman public-key algorithm to exchange secret keys. You and Bob have agreed to use the public base g = 9 and public modulus p = 817.

You have secretly picked the value SA = 23 You begin the session by sending Bob your calculated value of TA. Bob responds by sending you the value TB = 272.

What is the value of TA

What is the value of your shared secret key?

Can you guess Bob’s secret value SB and what it would be?

Show each and every step of your calculations, if you use Excel or any other method of mod calculation, include the spreadsheet or the steps in that method

(for mod calculation, the following identity may be useful

Mod ( X^n, p) = mod [mod(X,p)*mod(X^n-1, p), p]

mod(X*Y,p) = mod[mod(X,p)*mod(Y,p),p]

Q4 Bob believes that he has come up with a nifty hash function. He assigns a numeric value VChar to each letter in the alphabet equal to the letter’s position in the alphabet, i.e., VA = 1, VB = 2, …, VZ = 26. For a message, he calculates the hash value H = (VChar 1 x VChar 2 x VChar 3 …x VChar N) mod (26).

Bob uses this function to send a one-word message, **Koinonia **to his supervisor Bill, along with his calculated hash value for the message. Alice is able to intercept the message and generates an alternative message that has a hash value that collides with Bob’s original hash value.

Give definition and properties of the hash function.

Show a message that Alice may have used to spoof Bob’s message and demonstrate that its hash value collides with Bob’s original hash.

Q5 Consider the following plaintext message: **IT IS EXCITING TO KNOW THAT WE MAY HAVE FOUND THE MISSING MATTER IN THE UNIVERSE.**

0. (3 pts) If this message is sent unencrypted and successfully received, what is its entropy? And why?

0. (3 pts) If this message is encrypted with DES using a random 56-bit key, what is the encrypted message’s entropy? And why

______________________________________________________________________________

Part III

**Essay Question: Length: 800- 900 words. Use APA format for in-line citations and references. (30 pts.)**

Compare and contrast symmetric and asymmetric encryption algorithms.

· Your response should include a brief overview of the cryptographic basis for each type of algorithm, and a comparison of their strengths and vulnerabilities.

· Describe how a hacker might go about cracking a message encrypted with each type of algorithm.

· Suggest a specific application for each type of algorithm (symmetric and asymmetric) where the advantages clearly outweigh the disadvantages.

· Remember to address all points