April 1999
SC223: COMPUTER SECURITY

QUESTION 1 (Compulsory)

Total Marks: 20 Marks

 Click here to access other questions

GRADE A
Sample student's solutions are indicated in green.
Return to Question 1

 
(a) Define the term cryptography. [2]
  • A process of devicing the encryption and decription algorithm
  • Encryption is a process of encoding messages to hide its actual meaning.
  • Decryption is a reverse process of changing encrypted messages to reveal its original meaning.

 
(b) Define the term cryptanalysis. [2]
  • It is a process or mechanism used to break a ciphertext to reveal its original meaning.
  • It can be achieved by looking at the letters frequency, repeated patterns, etc. of a given cipher.

 
(c) Assume a public key crytosystem based on multiplication by the key, modulo 31. User A has public key 28 and secret key 10. User B has public key 7 and secret key 9.
(i) Show the cipher text and decryption for authentication and secret transmission from A to B of message M =25. [3]
Public key of A = PA = 28   Public key of B = PB = 7
Secret Key of A = SA = 10  Secret Key of B = SB = 9

Ciphertext = (((M)PB)SA) mod n
                  = 25*7*10 mod 31
                  =14

Plaintext = (((C)PA)SB) mod n
               = 14*28*9 mod 31
               =25

 
(ii) Show how a cryptanalyst, who knows the encryption algorithm could compute the unknown secret keys of both A and B. [3]
Secret key of A : Key * 28 = 1 mod 31
                           Key = 10

Secret key of B : Key * 7 = 1 mod 31
                           Key = 9

 
(d) Describe three activities associated with risk analysis. [6]
Three activities associated with risk analysis are :
  • Sensitivity assessment
    To determine the actual value of data and the critical of the mission that is supported by the network and associated information processing assets.
  • Risk assessment
    To determine threats against network and vulnerability of the network.
  • Economic assessment
    To determine the expectancy of potential loss, y various threats execution scenarios.

 
(e) List four issues which must be addressed by a security plan. [4]
Issues which must be addressed by a security plan are :
  • Policy
    This indicate the goals of computer security effort.
  • Current state
    This indicate the status of the security at the time of the plan.
  • Timetable
    This indicate the different security function which are to be carried out and when.
  • Continuation attention
    This indicate a structure for upgrading the security plan periodically.