QUESTION 1
(a)Make a distinction between passive and active attacks.
(b)Provide two reasons why it is very important to organise security awareness programs for users.
(c)Give explanation how symmetric cryptography provides
i. confidentiality
ii. authentication.
(d)What are the two sorts of operations used by symmetric cryptography?
(e)Give explanation for Kerchoff's principle.
(f)Which cryptanalytic attack is approximately theoretically feasible?
(g)State the four conditions that have to be satisfied for the one-time pad algorithm to provide unconditional security.
(h)Why is it that the one-time-pad algorithm gives unconditional security?
QUESTION 2
(a)Explain the two probable configurations for 3DES.
(b)What is the main drawback of 3DES?
(c)Why are mainly modern symmetric algorithm block ciphers?
(d)Give explanation for four weaknesses of symmetric cryptography.
(e)Presume that Alice have to send bulk data to a remote user Bob. Illustrate how Alice would use both symmetric and asymmetric cryptography to achieve both security and efficiency in terms of encryption time.
QUESTION 3
(a)Which PKI (Public Key Infrastructure) model is characteristically favored by business organization?
(b)Provide one possible use of the "extensions" ground of an X.509 certificate.
(c)Consumers in a PKI can obtain digital certificates of users they want to communicate with. Which protocol is typically used to interact with the directory server to obtain certificate(s)?
(d)Estimate the RSA public and private keys given the values of p and q as follows: p = 17; q = 11. Show details of workings. Choose e = 7.
(e)What is meant by Certificate Revocation? When would a certificate have to be cancelled?
(f)Alice and Bob are communing.
i. Give details how Alice and Bob can communicate such that all their communication can be authenticated and can be verified for integrity. Confidentiality is not required.
ii. Alter your answer such that now it also provides replay attack detection.
QUESTION 4:
(a)Regard the following authentication options:
A. Using password.
B. Using pin and fingerprint
Which option A or B gives stronger security and why?
(b)Provide one example of a strong password. Why should passwords be strong?
(c)In quantum cryptography, light is polarized before transmission. If a wave of light is polarized first by 00 followed by 450 and finally by 900, what is the intensity of the light after each polarization i.e. after 00, after 450 and after the final 900. Presume intensity of incident light is Io
(d)How can network datagrams (packets) be protected at the network layer?
(e)Does SSL protect against eavesdropping? Does SSL protect against traffic analysis? Give good reason for your answer.
(f)Name or provide three SSL protocol from the SSL protocol stack.
QUESTION 5
(a)Confer three security issues related to cellular networks.
(b)Briefly portray three different types of attack that can be undertaken on the cellular network infrastructure.
(c)What is the WAP protocol?
(d)What was the underlying principle following developing WAP2 protocol stack in regard to the existing WAP1 protocol stack?
(e)Draw the protocol stack for WAP2.