Assignment 5: Cyber Security Concepts
Course Name: COMP SCI 1500 - Cyber Security
Assessment Component: Individual Assessment
Due Date: Week 11, 23:59pm Monday 14 October 2024
Submission: Portable Document Format (.pdf) or Word document (.docx/.doc) on MyUni
The report of this assignment should be in A4-size page with Times New Roman or similar font, size 12. The first page of the report should include your full name and student ID.
How to Submit: The activity solution will be submitted via an upload facility created for this activity on Canvas.
Question 1 - Cryptography ( 8 marks)
1. Study the three encryption methods given below and their weaknesses.
2. Solve the following three exercises, in each case your task is to recover the plaintext.
• Mono-alphabetic substitution: You are given a ciphertext “ex1.enc” encrypted using the mono- alphabetic substitution method. Hint: the key is a mapping of 26 plaintext English characters to 26 ciphertext English characters.
• Poly-alphabetic shift (Vigenère cipher): You are given a ciphertext “ex2.enc” encrypted using the poly-alphabetic shift method. Hint: the key consists of 4 English characters, and the plaintext contains the name of the day of the week.
• Textbook RSA: You are given (1) Python3 script “textbook_rsa.py” which contains functions related to the Textbook RSA encryption scheme (2) RSA public key “rsa_key.pub” (3) Ciphertext “ex3.enc” encrypted using the given RSA public key. Hint: the plaintext consists of only 3 English characters.
3. Write a report on how you solved those exercises and the weaknesses you exploited. If you
cannot recover the plaintext, explain what method you have tried and why you couldn't recover them (for example, if it is infeasible due to computing resources). A report that contains only plaintexts without further explanation will not be marked.
4. Tips about how I would go about doing this activity: I would familiarize myself with frequency
analysis and cryptanalysis based on the validity of English words. Study the given Python script and write some scripts to check your understanding regarding the rsa_keygen(), rsa_encrypt() and rsa_decrypt() functions – you may need to use some of this code. Then, solve the exercises. Finally, explain how you tried to solve those exercises, what methods or techniques you used, plaintexts (and keys, if possible) that you recovered. Include the information in the report and submit to Canvas.
Please note that answers copied from online or without adequate explanation will not receive any points.
Question 2 - Common Vulnerability Scoring System ( 3 marks)
The Common Vulnerability Scoring System is a method of objectively scoring security vulnerabilities so that their severity can be assessed, understood and compared.
Read this explanation of CVSS -> https://www.first.org/cvss/specification-document
Given the following hypothetical vulnerability, apply the CVSS v.3.1 or v.4 scoring system to get a CVSS base score and CVSS base vector string. Referencing the description of the hypothetical vulnerability below, describe why you have chosen each of the fields in the vector string.
A remote vulnerability has been discovered in the BitMessage desktop messaging application which allows an unauthenticated person to delete a BitMessage message of their victim. The attacker can trigger this vulnerability by sending a BitMessage message to the victim containing the text 'deletemessage?message=2' where '2' is the message ID. When the desktop application receives this message any message matching the specified message ID is deleted. There is no indication to the victim that anything has happened and the application continues to operate, the victims message just disappears permanently.
Hint: You might want make use of this link to generate the base score and vector string-->
https://www.first.org/cvss/calculator/3.1
https://www.first.org/cvss/calculator/4.0
Question 3 - Risk Management (2 marks)
a) The risk of security incidents can be managed in one of four different ways. Risk can be mitigated, transferred, avoided or accepted. Describe what each of these strategies entail and describe how the risk is modified by applying each approach.
b) The NIST Cyber Security Management Framework segments security management activities into 5 functions:
Identify, Protect, Detect, Respond and Recover
Describe each of these functions, their purpose and describe an example of a security activity typically performed for each of these functions.
Question 4 - General Cybersecurity/Cryptography Knowledge (2 marks)
a) Authentication and authorization are often confused. What is the difference between the two?
b) What is the purpose of a firewall and how does it reduce the risk of a cyber-attack?
c) Describe the following concepts and their effect in terms of the C.I.A.triad.
• Message Authentication Code (MAC)
• Digital Signature
• Birthday Paradox
d) Can a traditional antivirus prevent zero-day attacks? Why or why not? In your answer consider how an antivirus signature works and how they are constructed.