August
1999 QUESTION 2 Total Marks: 20 Marks |
Click here to access other
questions
SUGGESTED SOLUTIONS |
| (a) | External information theft and masquerading
are the two categories under which we can include computer attacks. (i) Explain each of these attacks. (ii) Identify, with the aid of suitable examples, the type of threat associated with each type of attack. |
[4] [2] |
| (i) External information theft involves an unauthorised individual stealing information from a computer system without exploiting any mechanisms; it is associated with disclosure threat. Masquerading involves a malicious intruder impersonating another user using some external mechanism; it is associated with disclosure, integrity or denial of service threats.
|
||
| (ii) An example of the former is a malicious individual glancing at a colleague's terminal; an example of the latter is a malicious intruder tapping information and playing it back at a later time.
|
||
| (b) | Explain briefly the logic bomb and trojan horse attack methods. | [4] |
| Logic bombs are
programs that remain dormant until some predetermined logical condition becomes true; they
may cause harm long after the malicious intruder has escaped. Trojan horses are malicious
programs that attack any programs that is used by many different users; they cause
widespread damage.
|
||
| (c) | (i) Explain the term cipher, and give one
example of a stream cipher. (ii) List one advantage and one disadvantage of stream cipher. |
[2] [2] |
| (i) Stream cipher is a cryptosystem, in which each character is encrypted and decrypted at a time. An example is a substitution cipher.
|
||
| (ii) Examples of advantages are: very efficient processing, as the cryptosystem encrypts and decrypts char; no propagation error or error diffusion; a disadvantage is it is easy to break the ciphertext or to cryptanalysis.
|
||
| (d) | Describe the encryption and decryption algorithms used by the RSA Implementation of public key protocol. | [6] |
|