Alice encrypts her message with Bob’s public key and sends to Bob. Bob receives and
decrypts using his private key. Bob then send the same message back to Alice encrypted
using Alice’s public key.
Analyse the security of this communication protocol in terms of what assurance it
provides to Alice and to Bob and what attack it might be subject to.
a. Contrast in terms of security and efficiency the Diffie Hellman procedure for setting
up a secret session key with the approach in which Alice sends the session key to Bob
encrypted using Bob’s public key.
b. Compute 540mod 17 on paper, showing the steps.
c. Given 3amod 53 = 24 compute a. Explain your method.
The RSA procedure involves two prime numbers p, q from which N = pq is computed. A
public exponent e is chosen (often with the value 65537) and private exponent d
computed to satisfy: ed = 1 mod (p − 1)(q − 1).
a. Of these parameters p, q, N, e, d, which form the public and which the private key?
b. Use one of the websites supporting modular arithmetic to determine the private
exponent d for the case where p = 7437887, q = 3023981 and e = 65537. Use this to
encrypt the message ”Hello”. Explain your steps and show how to decrypt this
message. How would you encrypt a longer message?
c. Explain what is meant by a side channel, and describe the basis of a side channel
attack on RSA.
d. Explain how RSA is used for digital signatures.
a. A 64-bit block of ciphertext c is obtained by XOR’ing a 64-bit key K against the
64-bit plaintext message m . c = K ⊕ m.
Knowing the key K, how is m recovered from the ciphertext c?
b. If the operation was c = K&m (where & is bitwise AND), how would m be
c. Compute 167 ⊕ 118 (⊕ is XOR) where each of the numbers should be interpreted
as unsigned binary (without any 2’s complement). Give your answer as a decimal
number in the range [0,255].
d. A one time pad (OTP) is used to generate a random sequence of bytes to XOR with
a plaintext message. This system can be proved to be secure, but the equivalent
stream cipher based on a pseudo random number generator cannot be proved so.
Explain why there is a difference.
EECN750 – Network Security (2015-2016)
Page 3 of 5
a. Estimate the time it would take to brute force DES on a modern desktop computer.
Clearly state your assumptions about the machine and explain how you would
recognise that you had found the correct key.
b. Using the same machine, estimate how long it would take to brute force 512-bit RSA
by factorisation. State your assumptions about the factorisation algorithm.
a. Make a brief comparison between the overall system architecture of GSM and UMTS.
Provide a diagram of their respective architecture if required.
b. Explain the three aspects of security provision in GSM outlining their importance.
c. Explain how GSM improved the security aspects of the system compared with the
first generation phones.
d. Explain in bullet points the algorithms and parameters involved in security provision
a. Identify the drawbacks of security arrangements in GSM. Provide one specific
example of attacks caused by the drawbacks.
b. Outline the differences in security between the GSM and GPRS.
c. Discuss in bullet points how the security is improved in UMTS and future phone
d. Explain briefly the modified security mechanisms in UMTS and explain the role of
two security parameters.
a. Discuss briefly ways in which a hacker can identify the operating system running on a
remote machine then explain why this information is important for a potential attack.
b. A small branch office of a large company with around 20 staff is performing poorly
and there are rumours that around a third of the workers are to be made redundant.
One of the workers is fairly good with computers and decides to eavesdrop on the
network traffic between the manager’s office and the headquarters in the hope of
finding out what is being planned. All the computers in the branch office are on a
switched network and the uplink port of the switch is connected to the branch office
firewall router which connects to the main company headquarters. Staff including the
manager use company laptops and any laptop can connect to any network socket.
Outline a way in which this might be achieved giving details of any tools that may be
a. SYN scan, Connect scan, NULL scan, XMAS scan, FIN scan and UDP scan are all
Port Scanning techniques used to discover open ports on a target system. Describe any
two of these and state clearly how a port can be discovered to be open. Which one of
the above technique is stealthy? Give reasons for your answer.
b. What is a RootKit? Explain the purpose of this and give an example of software that
can be used to detect it.
EECN750 – Network Security (2015-2016)
Page 4 of 5
a. Explain how an NIDS processes data.
b. A switch can be used to copy incoming data from the Internet to a Firewall and direct
it to an NIDS. Unlike hubs, switches do not generally flood data. Explain how a Cisco
3560 switch can be configured to ensure that the NIDS gets the same copy of the data
that goes to the Firewall
c. What measures can be taken to ensure that an NIDS will not be visible to an attacker?
d. How does an Anomaly-Based NIDS differ from Signature-Based NIDS?
e. What is a Host-Based IDS (HIDS)? Where is this used?
a. Explain the functions and applications of a
i) Packet Filtering Firewall
ii) Stateful Firewall
iii) Proxy Firewall.
b. With the aid of a suitable example, explain how Dynamic Access Control Lists can be
used in Network Security.
a. Apart from Encryption and Authentication, describe other measures that can be
employed to enhance the security level in 802.11 based wireless networks and explain
why you may not use all the measures available.
b. What benefits does distributed client/server architecture of RADIUS provide?
c. Describe the steps involved in the process of Authentication when a wireless client
requests for connection to an Access Point in a system setup to use a RADIUS server.
d. EAP-FAST is one of the variation of the EAP protocols available in 802.1x based
authentication. How does it differ from LEAP?
a. There are many types of attacks that can be launched against a networked computer
system. Explain the operation of the following attacks:
i) Man In The Middle (MITM)
ii) Distributed Denial of Service (DDoS)
b. For each of the methods of attack in part a) above, briefly explain a possible counter
measure that can be used.
c. List two other types of attacks that are common and give a description of each.
EECN750 – Network Security (2015-2016)
Page 5 of 5
Consider this scenario. Then answer each of the following questions.
OS Foods is a small company of roughly 50 employees. You have three servers: a
domain controller, a file server, and a server that provides mail and FTP services to
internal and external employees. There are 30 Windows XP desktops shared by various
employees. The network is isolated from the Internet by a firewall. Wired local network
access is provided by a switched infrastructure. Wireless access is enabled by three
suitably-placed access points.
a. If this were your actual company, which assets would you deem most critical to
protect against possible attacks.
b. Select two of those assets, and identify the threats they face.
c. OS hardening is the process of eliminating common vulnerabilities by modifying the
basic configuration options of the system. List five steps that you could take to harden
an operating system.
Virtual Private Networks (VPNs) are commonly used to add an extra layer of security in
the transport of data over a shared network using protocols such as PPTP, L2TP and
a. State the layer of the OSI model at which the above protocols work
b. IPSec is an open standard suite which provides protocols to perform various
functions. Distinguish between the IPSec Authentication Header (AH) and
Encapsulating Payload (ESP)
c. A medium sized business wishes to network two sites using IPSec VPN over the
internet. The available bandwith is 100Mbs. Suggest the type of VPN that could be
setup to achieve this and state your choice of IPSec configuration giving reasons.
d. Is it possible to encrypt the entire Packet before transmission? Give reasons for your