Computer Crime Test: Questions and Instructions

•Take this test during the week. Work alone. You may not confer with other class members, or anyone else, directly or by e-mail or otherwise, regarding the questions, issues or your answers. You may use your notes, textbooks, other published materials, and the Internet. Avoid using blogs and dotcom sites.

•It is scored based on 100 points for the test (25% of the total grade).

•When composing your answers, be thorough. The more complete your answer, the higher your score will be. Be sure to identify any assumptions you are making in developing your answers and describe how your answer would change if the assumptions were different. For multiple choice questions if you think there are two correct answers choose the best one and justify your answer with reference.  Please do not reproduce or just rearrange the words in the question as an answer but try to give some deeper logical reason. Use the spell check and other methods of writing correct and good English. If your answer seem to be not in your own words there will be deduction

•While composing your answers, especially for the conclusions or the facts please support your answers with a reference, carefully cite your sources.  If citing books include page numbers. I expect you to first get the answers from the session notes, OER and then other sources. If you are citing lessons, cite as (Session n). The session lectures are not developed 100% by me, so please avoid citing me as the author. Remember, failure to cite sources constitutes an academic integrity violation. Even you find answers on the Internet or from previous students, formulate answers in your own words. I may not be able to spot the copy all the time but if I do you will get 0.

Please provide reason as asked of your choice in a few sentences, in your own words and/or reasons not choosing the other choices. Restating the problem in your own words does not constitute as the reason. Sometimes defining the terms may give you a clue to the reason.

1. How one should not report computer crime?

a.Telephone 

b.E-mail

c.Tell management in person

d.Tell the IT department in person

Reason: Why you did not select other options

2. The encryption algorithm is no longer considered computationally secure.

a.DES

b.RSA

c.AES

d.Diffie-Hellman?

Reason: Why did you choose?

3. Which of the following are the reason for the difficulties in prosecutions of computer-related crimes? (a, b, c or d)

Instructions

1. The area of litigation is extremely technical and difficult to understand.

2. Most of the crimes do not fall under any of the current laws

3. The laws themselves are relatively new and untested.

4. The technology is very dynamic, and the tactics of the perpetrators are constantly changing.

a.1 and 2

b.1, 2 and 3

c.1, 2 and 4

d.1, 3 and 4

4. What is authentication?

a.The act of binding an entity to a representation of identity

b.The act of ensuring that information is being sent securely

c,The act of ensuring that the receiver of information actually received it

d.The act of binding a computer system to a network

Reason: Why it is important?

5. Which is not considered the misuse of information?

a.The untimely release of secret information

b.The deletion of information from a system

c.The illegal sale of information to rival companies

d.The misrepresentation of information
 

6. How does a client machine find the web address associated with a particular URL?

a.It uses translation software in the interpreter.

b.It sends a message to the nearest domain name server.

c.It uses hashing to translate the address.

d.It sends a message to the URL server.
 

7. What defines the strength of a cryptographic method?

a Number of shifts

b. Need for a code book

c. Complexity of the algorithm

d. Length of time needed to crack it

Reason: Why does it define the strength?

8 What is the most important benefit of asymmetrical encryption? 

a.It speeds up the encryption process.

b.It makes e-mail easier to encode.

c.Only the sender knows to whom the information is going.

d.Encryption key can be transmitted openly and only the receiver can decrypt the information

Reason: Contrast with symmetrical encryption

9 What piece of legislation allows computer records documenting criminal activity to be used in court?

a.National Infrastructure Protection Act

b.Federal Computer Documents Rule 703(a)

c.Digital Signature Bill

d.Federal Rules of Evidence 803(6)

10. Which part(s) of CAIN is realized through the use of message digest functions and hashes?

a. Confidentiality

b. Authenticity

c. Integrity

d. Non-repudiation

How it is realized?

Q2.1Suppose we use key pair K1, K2 (public key and private key) for encryption and key pair K3, K4 (public key and private key) for the digital signature

A.K1 and K2 are the same as K3 and K4

B.K1 and K2 are different than K3 and K4

Q2. 2 Suppose your spy colleague wanted to send you messages that you could be sure came from him (and not an enemy trying to pretend to be him). Your colleague personally tells you: “Whenever I send you a message, the last thing in the message will be a number. That number will be a count of the number of letter E’s in the message. If you get a message, and the number at the end is NOT an accurate count of the number of letter E’s, then that message is from an imposter.”

a.[2 pts] This number, put at the end of each message, is an example of what cryptographic item?

b.[2 pts] Does it have the characteristic of being one-way i.e. can you deduce the original message?

c.[4 pts] Is it collision resistant? Why?

d.[7 pts] Can you suggest some other way to indicate that message is from the sender without resorting to encryption?

An enterprising group of entrepreneurs is starting a new data storage and retrieval business, SecureStore, Inc. For a fee, the new company will accept digitalized data (text and images, multimedia), and store it on hard drives until needed by the customer. Customer data will be transmitted to and from SecureStore over the Internet.  SecureStore guarantees that the confidentiality and integrity of the data will be maintained.

SecureStore also envisions certain information assurance requirements for their internal operations. Company employees will need to exchange confidential email and will need a mechanism for verifying the integrity and originator of some email messages. Also, SecureStore intends a daily backup of all customer data to a remote facility via a leased line. They wish to do so as economically as possible, while ensuring the data’s confidentiality and integrity.

Describe briefly how they would satisfy Secure Store’s requirements as stated above. How would a successful candidate respond?

1. First, list the requirements derived from the above statements (note the highlighted words); list each requirement.  Keep in mind that this business will be operating in the real world, which means please pay attention to economics. [5 points]

2, How would you satisfy the above requirements? [15 points]