BEng (Hons) Telecommunications. Examinations for / Semester 1

Transcription

1 BEng (Hons) Telecommunications Cohort: BTEL/14B/FT Examinations for / Semester 1 MODULE: Security in Telecommunications MODULE CODE: SECU4114 Duration: 3 Hours Instructions to Candidates: 1. Answer all questions. 2. Questions may be answered in any order but your answers must show the question number clearly. 3. Always start a new question on a fresh page. 4. All questions do not carry equal marks. 5. Total marks 100. This question paper contains 3 questions and 5 pages. Page 1 of 5

2 ANSWER ALL QUESTIONS QUESTION 1: (35 MARKS) In Cryptography, briefly describe the components of a basic cryptosystem. (12 marks) The basic intention of an attacker is to break a cryptosystem and to find the plaintext from the ciphertext. Describe any six (6) categories of attacks on cryptosystems. (12 marks) (c) There exist type of cipher where the order of the alphabets in the plaintext is rearranged to create the ciphertext, one such example is the Transposition Cipher. Explain the Transposition Cipher by making use of a sample plain text. (11 marks) Page 2 of 5

3 QUESTION 2: (35 MARKS) The dynamic nature of Web applications offers users unique experiences, but the technology that makes a Web site so interesting also has a dark side, thus creating vulnerabilities for Web applications. In this context, briefly explain the following Web vulnerabilities: 1. Cross-site scripting 2. SQL injection 3. Application buffer overflow 4. Authentication bypass. (4 X 3=12 marks) Show by means of a diagram the Secure Software Development Process. (5 marks) (c) Describe the four (4) protection levels in Privacy Enhancing Techniques. (4X3 marks) (d) List any six (6) specific benefits of including security in the Software development life cycle. (6 marks) Page 3 of 5

4 QUESTION 3: (30 MARKS) The following lines of codes gives an example of AES implementation using Java. You are required to implement the encrypt and decrypt methods of the AES class. (2X7 marks) public class AES private static SecretKeySpec secretkey; private static byte[] key; public static void setkey(string mykey) MessageDigest sha = null; try key = mykey.getbytes("utf-8"); sha = MessageDigest.getInstance("SHA-1"); key = sha.digest(key); key = Arrays.copyOf(key, 16); secretkey = new SecretKeySpec(key, "AES"); catch (NoSuchAlgorithmException e) e.printstacktrace(); catch (UnsupportedEncodingException e) e.printstacktrace(); public static String encrypt(string strtoencrypt, String secret) //TO BE IMPLEMENTED public static String decrypt(string strtodecrypt, String secret) //TO BE IMPLEMENTED Page 4 of 5

5 Low deployment costs make wireless networks attractive to users. However, the easy availability of inexpensive equipment also gives attackers the tools to launch attacks on the network. In this context, explain the following types of attacks: a. Parking Lot Attack b. Shared Key Authentication Flaw attack. (2 X 5 = 10 marks) (c) Briefly explain the Wireshark tool from Kali Linux and list down two (2) examples why people use Wireshark. (6 marks) ***END OF PAPER*** Page 5 of 5