微信客服:xiaoxionga100
微信客服:ITCS521
RTINMAS 2022-23-无代写
时间:2022-12-08
MARTINMAS 2022-23 EXAMINATION DIET
SCHOOL OF COMPUTER SCIENCE
MODULE CODE:
CS4203
MODULE TITLE:
Computer Security (sample paper)
EXAM DURATION: 3 hours
EXAM INSTRUCTIONS a. Answer all three questions
b. Each question carries 20 marks
This assessment consists of exam-style questions and you should answer as you
would in an exam. You cannot copy or paraphrase text or material from other sources
and present this as your own work. Your exam answers should be entirely your own
work without unacknowledged input from others. If you are in any doubt, you should
clearly acknowledge the origin of any material, text passages or ideas presented (e.g.
through references). You must not co-operate with any other person when completing
the exam, which must be entirely your own work. You must not share any information
about the exam with another person (e.g. another student) or act on any
such information you may receive. Any attempt to do so will be dealt with under the
University's Policy for Good Academic Practice and may result in severe sanctions.
You must submit your completed assessment on MMS within 3 hours of you
downloading the exam. Assuming you have revised the module contents beforehand,
answering the questions should take no more than three hours.
Page 2 of 3
1. Cryptography and key management
(a) Briefly explain the goals of Diffie-Hellman key exchange. What is the
session key, and why is it used for symmetric encryption? [5 marks]
(b) Explain how Diffie-Hellman key exchange operates mathematically. (You
need not present any actual calculations.) Explain how the algorithm meets
the goals you outlined in 1(a), and explain what it is that makes the system
hard for an attacker to crack. [7 marks]
(c) “The challenge in cryptography is always in the key management.” Discuss
this statement in the context of distributing and storing public-private
keypairs. Use examples from Internet of Things systems to illustrate your
argument. [8 marks]
[Total marks 20]
2. Security in cloud computing
(a) Virtual architecture lets us create virtual machines and networks onto
which we can install both application services and security-based services.
(i) Describe three services that you might deploy to secure the
application services, explaining carefully what each one does and the
sorts of attacks it protects against. [6 marks]
(ii) Tunnels and VPNs are popular mechanisms for controlling access to
distributed systems. Explain briefly how an IPSec tunnel operates.
Explain the limits of the security that it provides. [6 marks]
(b) What is a zero-trust architecture? What extra security does it provide for a
system administrator? What might be the extra challenges involved in
deploying and managing such an architecture? [8 marks]
[Total marks 20]
3. Authentication
(a) Passwords are used everywhere to permit or deny access to systems.
(i) Explain why passwords are a poor way to authenticate individual
users, from a social and a technical perspective. [4 marks]
(ii) Explain how two-factor authentication (2FA) addresses some (or all?)
of the weaknesses you have outlined in 3(a)(i). [4 marks]
(b) Biometric authentication is often proposed as a replacement for passwords.
Choose one possible approach to biometrics, explain briefly how it works,
and discuss what extra hazards it introduces when used in a distributed
environment. [6 marks]
(c) What is a replay attack? Explain how one might make such an attack on a
password-protected system. How do secure network protocols protect
against such attacks? How does 2FA help in preventing them? [6 marks]
Page 3 of 3
[Total marks 20]
*** END OF PAPER ***
SCHOOL OF COMPUTER SCIENCE
MODULE CODE:
CS4203
MODULE TITLE:
Computer Security (sample paper)
EXAM DURATION: 3 hours
EXAM INSTRUCTIONS a. Answer all three questions
b. Each question carries 20 marks
This assessment consists of exam-style questions and you should answer as you
would in an exam. You cannot copy or paraphrase text or material from other sources
and present this as your own work. Your exam answers should be entirely your own
work without unacknowledged input from others. If you are in any doubt, you should
clearly acknowledge the origin of any material, text passages or ideas presented (e.g.
through references). You must not co-operate with any other person when completing
the exam, which must be entirely your own work. You must not share any information
about the exam with another person (e.g. another student) or act on any
such information you may receive. Any attempt to do so will be dealt with under the
University's Policy for Good Academic Practice and may result in severe sanctions.
You must submit your completed assessment on MMS within 3 hours of you
downloading the exam. Assuming you have revised the module contents beforehand,
answering the questions should take no more than three hours.
Page 2 of 3
1. Cryptography and key management
(a) Briefly explain the goals of Diffie-Hellman key exchange. What is the
session key, and why is it used for symmetric encryption? [5 marks]
(b) Explain how Diffie-Hellman key exchange operates mathematically. (You
need not present any actual calculations.) Explain how the algorithm meets
the goals you outlined in 1(a), and explain what it is that makes the system
hard for an attacker to crack. [7 marks]
(c) “The challenge in cryptography is always in the key management.” Discuss
this statement in the context of distributing and storing public-private
keypairs. Use examples from Internet of Things systems to illustrate your
argument. [8 marks]
[Total marks 20]
2. Security in cloud computing
(a) Virtual architecture lets us create virtual machines and networks onto
which we can install both application services and security-based services.
(i) Describe three services that you might deploy to secure the
application services, explaining carefully what each one does and the
sorts of attacks it protects against. [6 marks]
(ii) Tunnels and VPNs are popular mechanisms for controlling access to
distributed systems. Explain briefly how an IPSec tunnel operates.
Explain the limits of the security that it provides. [6 marks]
(b) What is a zero-trust architecture? What extra security does it provide for a
system administrator? What might be the extra challenges involved in
deploying and managing such an architecture? [8 marks]
[Total marks 20]
3. Authentication
(a) Passwords are used everywhere to permit or deny access to systems.
(i) Explain why passwords are a poor way to authenticate individual
users, from a social and a technical perspective. [4 marks]
(ii) Explain how two-factor authentication (2FA) addresses some (or all?)
of the weaknesses you have outlined in 3(a)(i). [4 marks]
(b) Biometric authentication is often proposed as a replacement for passwords.
Choose one possible approach to biometrics, explain briefly how it works,
and discuss what extra hazards it introduces when used in a distributed
environment. [6 marks]
(c) What is a replay attack? Explain how one might make such an attack on a
password-protected system. How do secure network protocols protect
against such attacks? How does 2FA help in preventing them? [6 marks]
Page 3 of 3
[Total marks 20]
*** END OF PAPER ***
