The University of Adelaide 阿德莱德大学
COMP SCI 1500 - Cyber Security
Question 1 – Cryptography
1. Study the three encryption methods given below and their weaknesses.
2. Solve the following three exercises, in each case your task is to recover the plaintext.
• Mono-alphabetic substitution: You are given a ciphertext “ex1.enc” encrypted using the mono-
alphabetic substitution method. Hint: the key is a mapping of 26 plaintext English characters to
26 ciphertext English characters.
• Poly-alphabetic shift (Vigenère cipher): You are given a ciphertext “ex2.enc” encrypted using
the poly-alphabetic shift method. Hint: the key consists of 4 English characters, and the
plaintext contains the name of the day of the week.
• Textbook RSA: You are given (1) Python3 script “textbook_rsa.py” which contains functions
related to the Textbook RSA encryption scheme (2) RSA public key “rsa_key.pub” (3)
Ciphertext “ex3.enc” encrypted using the given RSA public key. Hint: the plaintext consists of
only 3 English characters.
3. Write a report on how you solved those exercises and the weaknesses you exploited. If you
cannot recover the plaintext, explain what method you have tried and why you couldn't recover
them (for example, if it is infeasible due to computing resources). A report that contains only
plaintexts without further explanation will not be marked.
4. Tips about how I would go about doing this activity: I would familiarize myself with frequency
analysis and cryptanalysis based on the validity of English words. Study the given Python script
and write some scripts to check your understanding regarding the rsa_keygen(), rsa_encrypt()
and rsa_decrypt() functions – you may need to use some of this code. Then, solve the exercises.
Finally, explain how you tried to solve those exercises, what methods or techniques you used,
plaintexts (and keys, if possible) that you recovered. Include the information in the report and
submit to Canvas.
Question 2 - Common Vulnerability Scoring System
The Common Vulnerability Scoring System is a method of objectively scoring security vulnerabilities so
that their severity can be assessed, understood and compared.
Read this explanation of CVSS -> https://www.first.org/cvss/specification-document
Given the following hypothetical vulnerability, apply the CVSS v.3.1 or v.4 scoring system to get a CVSS
base score and CVSS base vector string. Referencing the description of the hypothetical vulnerability
below, describe why you have chosen each of the fields in the vector string.
A remote vulnerability has been discovered in the BitMessage desktop messaging application
which allows an unauthenticated person to delete a BitMessage message of their victim. The
attacker can trigger this vulnerability by sending a BitMessage message to the victim
containing the text 'deletemessage?message=2' where '2' is the message ID. When the
desktop application receives this message any message matching the specified message ID is
deleted. There is no indication to the victim that anything has happened and the application
continues to operate, the victims message just disappears permanently.
Hint: You might want make use of this link to generate the base score and vector string-->
https://www.first.org/cvss/calculator/3.1
https://www.first.org/cvss/calculator/4.0
Question 3 - Risk Management
a) The risk of security incidents can be managed in one of four different ways. Risk can be mitigated,
transferred, avoided or accepted. Describe what each of these strategies entail and describe how the
risk is modified by applying each approach.
b) The NIST Cyber Security Management Framework segments security management activities into 5
functions: Identify, Protect, Detect, Respond and Recover
Describe each of these functions, their purpose and describe an example of a security activity typically
performed for each of these functions.
咨询 Alpha 小助手,获取更多课业帮助