Assignment 1 COMPSCI 316: Cyber Security This assignment is worth 100 marks. The weight of this assignment is 9.5% of the course. The deadline to submit this assignment is Monday, September 16, 23:59 hrs NZDT. In case of late submission, there is a 10% penalty for each extra day. No submission will be accepted as soon as we release the sample answers. The assignment must be submitted through Canvas. The only acceptable format is PDF. Question I. (25 marks) Data Breach. Identify an Aotearoa specific data breach and answer the following questions. 1. Share the URL reporting this data breach. [2 marks] 2. Discuss the impact of this data breach. You are expected to write down a paragraph to describe how many users got affected, the level of impact (explaining whether it was low, medium, or high), and financial or other loss. [5 marks] 3. Explain what information was released. [5 marks] 4. Describe what was the root cause of this data breach. [5 marks] 5. As a cyber security expert, what kind of security measures would you take in order to reduce the risk of similar data breaches in the future? The length of your explanation should be at least 2 sentences but not more than one paragraph. [8 marks] Question II. (25 marks) Crypto Fans. Consider you have to encrypt the following plaintext (in quotes) using Vigenère cipher. “thequickbrownfoxjumpsoverthelazydogthequickbrownfoxjumpsoverthelazydogthequickbrownfoxjumpsoverthelazydogthequickbrownfoxjumpsoverthelazydogthequickbrownfoxjumpsoverthelazydog” 1. Let us assume that the encryption key is the first two letters of your UPI. a. List down the frequency* of each letter in the ciphertext. [2 marks] b. List down the frequency* of top 10 bigrams in the ciphertext. [4 marks] 2. Let us assume that the encryption key is the first three letters of your UPI. a. List down the frequency* of each letter in the ciphertext. [2 marks] b. List down the frequency* of top 10 bigrams in the ciphertext. [4 marks] *The frequency table should be in descending order, i.e., from high frequency to low frequency. Let us assume that you are working with RSA, where p = 31 and q = 37. 3. We know that your RSA mod is: n = pq. Compute ϕ(n). [3 marks] 4. Compute your RSA encryption key e. [3 marks] 5. Compute your RSA decryption key d. [3 marks] 6. Imagine that the last three digits of your UPI represent the message. What is the ciphertext value if you encrypt this message using your RSA encryption key e? [4 marks] Question III. (22 marks) TOR Performance. Visit https://www.torproject.org/download in order to download and set up a TOR browser. We know that TOR enables anonymous communication. However, this anonymity comes at a cost in terms of performance degradation. To this end, you have to answer the following questions. 1. What was your IP address when you used TOR? [1 mark] 2. Run a speed test to calculate the time taken by the ping request (in ms) using TOR. Repeat this test three times and write down those three different readings. [1.5 marks] 3. Run a speed test to calculate the download speed (in Mbps) using TOR. Repeat this test three times and write down those three different readings. [1.5 marks] 4. Run a speed test to calculate the upload speed (in Mbps) using TOR. Repeat this test three times and write down those three different readings. [1.5 marks] 5. What was your IP address without using TOR? [1 mark] 6. Run a speed test to calculate the time taken by the ping request (in ms) without using TOR. Repeat this test three times and write down those three different readings. [1.5 marks] 7. Run a speed test to calculate the time taken by the download speed (in Mbps) without using TOR. Repeat this test three times and write down those three different readings. [1.5 marks] 8. Run a speed test to calculate the time taken by the upload speed (in Mbps) without using TOR. Repeat this test three times and write down those three different readings. [1.5 marks] 9. Compute the percentage overhead of the ping request when you used TOR compared to the case when you did not use TOR. To compute this, you can consider an average of three readings in each case. [2 marks] 10. Compute the percentage drop in the download speed when you used TOR compared to the case when you did not use TOR. To compute this, you can consider an average of three readings in each case. [2 marks] 11. Compute the percentage drop in the upload speed when you used TOR compared to the case when you did not use TOR. To compute this, you can consider an average of three readings in each case. [2 marks] Visit https://metrics.torproject.org/torperf.html to know the time to download files over TOR. You must choose both the start and end dates as follows. The end date can be any date between when you start your assignment and when you complete it. The start date should be the end date minus the number of days equal to the last three digits in your UPI. Let us assume that you complete this assignment on August 30 and the last three digits of your UPI are “012”. Then, your start date should be August 18, 2019 and the end date should be August 30, 2019. 12. In the given period (i.e., between your start and end dates that you must write down in your answer), what is the maximum time taken (in the whole dataset) to download a 5MB file? [5 marks] Question IV. (28 marks) Vulnerability Analysis. Visit https://cve.mitre.org/cve/search_cve_list.html and search a CVE ID that contains the last three digits in your UPI. In case there is no entry for that, you can increment your UPI by 1 and repeat the process unless you find a valid CVE ID. If you find multiple CVE IDs, you can choose one of them. For your CVE entry, which you must write down in your answer, you should be able to find its NVD entry, where you can find detailed information about the vulnerability. Next, you must answer the following questions, where the length of your answer should at least 2 sentences, but not more than one paragraph. 1. Explain the vulnerability in your own words. [5 marks] 2. Explain why confidentiality score is low, medium, or high. [4 marks] 3. Explain why integrity score is low, medium, or high. [4 marks] 4. Explain why availability score is low, medium, or high. [4 marks] 5. Consider that you are a cyber security consultant for an organisation that is using a product or service that can be exploited using the vulnerability in question. Discuss at least one alternative product or service that you can suggest to your organisation. [6 marks] 6. Can this vulnerability be identified using static analysis or dynamic analysis? Explain. [5 marks] Note. Sharing assignment solutions does not help learning. Consequently, our academic integrity policy does not permit sharing solutions or source code leading to solutions. Violation of this will result in your assignment submission attracting no marks, and you may face disciplinary actions in addition. Therefore, please do not share assignments, assignment solutions and/or source code leading to assignment solutions. Do not publish or make available your assignments or solutions in any form online, for you will be liable if someone copies your solution. Please come talk to us if you have any doubt over what is legit and what is not. Do not leave your computers, devices, and belongings unattended — you must secure these at all times to prevent anyone having access to your assignments or solutions. For more information, see our University’s Student Academic Conduct Statute.
