April 2000
SC223 : COMPUTER SECURITY

QUESTION 1 (Compulsory)

Total Marks: 30 Marks

• Question 2
• Question 3
• Question 4
• Question 5
• Cover Page

Click to access
SUGGESTED SOLUTIONS
for Question 1

(a)Describe an attack to crack passwords based on dictionary words.[3 marks ]

(b)Describe the three kinds of interception of messages that encryption aims to prevent. [3 marks ]

(c)Suppose that a given document requires digital signatures from two different people.
(i)One method is to make two copies of the document and sign each.What is the disadvantage of this method?[1 mark ]
(ii)Another method is for one party to sign,and for the second party to sign the
resulting signed document.What is the disadvantage of this method?
[1 mark ]
(iii)Describe a better method than both of these,and explain how it avoids the
disadvantages of each of the above methods.[4 marks ]

(d)Copyrights,patents,and trade secrets are three different methods of legally
protecting information.
(i)What do copyrights protect,and why are they inappropriate for protecting an
algorithm?[2 marks ]
(ii)What do patents protect,and why are they inappropriate for protecting object code?[2 marks ]
(iii)What do trade secrets protect,and why are they inappropriate for protecting a user interface?[2 marks ]

(e)What are the main security issues when running applets off the web?[2 marks ]

(f)Of the three biometric devices hand-prints,eystroke patterns,and voice patterns,
(i)which is the most secure?[1 mark ]
(ii)which is the most acceptable to users?[1 mark ]
(iii)which is the most common?[1 mark ]

(g)Briefly explain:
(i)two procedures of use for improving PC security;[2 marks ]
(ii)two measures for protecting against software vulnerabilities.[2 marks ]

(h)Explain the difference between confidentiality services and non-repudiation services provided by a network,and describe the two kinds of non-repudiation service.
[3 marks ]