Question 1

Determine whether each of the following propositions is true (T) or false (F):

(a) Computer security is the protection of the integrity, availability, and confidentiality of information system resources.

(b) Confidentiality is the protection of assets from unauthorized change.

(c) Confidentiality, availability, and integrity do not influence each other and can be viewed in isolation.

(d) A communication link is an example of an asset.

(e) Threats are attacks carried out.

(f) Threat agent is another term for attacker.

(g) A countermeasure can be devised to recover from a particular type of attack.

(h) A circumstance or event that interrupts or prevents the correct operation of system services and functions is also called deception.

(i) Obstruction leads to usurpation.

(j) Hardware is the most vulnerable to attack and the least susceptible to automated controls.

Note: For each answer you get 1.5 mark if it is correct, −0.5 marks if it is wrong, and 0 marks otherwise. You can never get less than 0 marks in total

Question 2

(a) Use Euler’s theorem to calculate the multiplicative inverse of 8 in mod 35.

(b) Briefly describe 2 possible ways to attack an RSA ciphertext and briefly explain why they are not feasible

Question 3

(a) Describe the concept of a Merkel structure.

• State its purpose

• State the requirement for the compression function

• State its guarantee for the composed function

(b) Assume the following scheme to provide message authentication using public key cryptography:

• The sender computes the hash value h(m) of the message.

• The sender sends the message m and an encrypted version of the hash value {h(m)}pr to the receiver. (Here pr denotes the senders private key).

• The receiver uses the public key of the sender to decrypt {h}pr .

• The receiver computes h(m) and compares it to h.

(i) Describe a possible attack on message integrity assuming that h is preimage resistant but not weak collision resistant and briefly justify

why it works.

(ii) Describe a possible attack on message integrity assuming that h is preimage resistant and weak collision resistant but not strong collision resistant and briefly justify why it works

Question 4

Consider the following datasets A and B.

In addition assume a mechanism K which returns the average weight of the people in the database (and 0 if the database is empty). For example K(A) = 161.7. Finally, assume that a person always weights between 0 and 450 lb. Answer each of the following questions and briefly justify your answer.

(a) Are the two datasets A and B neighbouring datasets?

(b) What is the sensitivity K?

(c) Does K satisfy 0.01-differential privacy?