Q1. An affine cipher scheme (or algorithm) is the form - C(x) → (αx+β) MOD 26, where x is the numerical equivalent of the given plaintext letter, and α and β are (appropriately chosen) integers. The numerical equivalents of the letters are as follows:
a) Let α=5 and β=7, encrypt the message "Deakin School of IT"
Q2. What are the core components of a PKI? Briefly describe each component.
Q3. Explain the problems with key management and how it affects symmetric cryptography.
Consider the following threats of Web security and describe how each is encountered by a particular feature of SSL.
a. Brute Force Cryptanalytic Attack an exhaustive search of the key space for a conventional encryption algorithms.
b. Man-in-Middle attack: An attacker interposes during key exchange, acting as client to the server and as the server to the client.
c. SYN Flooding: An attacker sends TCP SYN message to request connection but does not respond to the final message to establish the connection fully. The attack TCP module typically leaves the "half-open connection" around for a few minutes. Repeated SYN messages can clog the TCP module.
What is port forwarding? What are the different types of port forwarding supported by SSH?
In IEEE 802.11, open system authentication simply consist of two communications. An authentication is requested by the client, which contains station ID (typically MAC address). This followed by an authentication response from the AP/router containing a success or failure message. An example of when a failure may occur is if the client's MAC address is explicitly excluded in AP/router configuration.
a) What are the benefits of this authentication scheme?
Assume you have found a USB memory stick in your work parking area. What threats might this pose to your work computer should you just plug the memory stick in and examine its contents? In particular, consider whether each of the malware propagation mechanism we study in chapter 10 of our text book could use such memory stick for transport. What steps could you take to mitigate these threats and safely determine the contents of the memory stick?
Assume you receive an e-mail that appears to come from your bank, with your bank logo in it and with the following contents:
"Dear customer, our records show that your Internet Banking access has been blocked due to too many logging attempts with invalid information such as incorrect access number, password, or security number. We urge you to restore your account access immediately and avoid permanent closure of your account, by clicking on this link to restore your account. Thank you from your customer service team."
What form of attack is this e-mail attempting? What is the most likely mechanism used to distributed e-mail? How should respond to such e-mails?
Q9. Write a comprehensive report (800 - 1000 words) on the following topic:
a) Bug Bunty and its programme.
[In your report at least you should highlight the following points:
- What is bug bounty?
- What is the benefit for an IT company to join in bug bounty program?
- Why people participate in bug bounties?
- Will you plan to participate? If your answer is yes or no then explain.
- List (minimum ten) common targets of bug bounties.
- Name some sector/company so far not interested in bug bounty. Why they are not interested in joining Bug Bounty programme?