SEHS4515 Individual Assignment 2**4s2 Page 1 SEHS4515 Computer Security Individual Assignment Due: 19 April 2024 (Friday) 6:00pm Objectives • To let students apply computer security concepts in real-life settings. • To show students’ understanding of the requirements and technologies in computer security. Instructions • This assignment should be completed individually and neatly. • Plagiarism will be penalized severely. Marks will be deducted for assignments that are plagiarized in whole or in part, regardless of the sources. • Late submission is subject to mark deduction penalty. • Answer ALL questions. • Please state clearly your source of reference. • You can attach your reference materials. Submission • Submit your work in softcopy before the due date. • Save your work, or scan your handwritten work, into a PDF file. Use the file name yourname_StudentID.pdf and submit it via Blackboard. Grading Aspects • Marks are given to the accuracy of both steps and answer. Detailed steps should be provided. • No mark would be given if your work is not readable (especially for handwritten work) and/or the steps cannot be followed. • Late submission will have mark deduction of 20% per day late, including Sunday and public holiday. Late more than 4 days will not be accepted. SEHS4515 Individual Assignment 2**4s2 Page 2 Question 1 (25%) Read the following article about “Travel agencies’ customer databases being hacked”: https://www.pcpd.org.hk/english/enforcement/case_notes/casenotes_2.php?id=2018DB0 2&content_type=&content_nature=&msg_id2=545 (a) Analyze the possible threat(s), vulnerability(es) and risk(s) in the above case. (6%) (b) Compare the attack in the article with WannaCry attack. (6%) (c) What countermeasure(s) did the travel agency take? Briefly explain each of them. (7%) (d) Suppose the agency has approximately $413 million in annual revenue. There are two incidents of such attack per year and each attack causes 10% drop of the annual revenue. Perform a risk analysis and suggest an acceptable cost of mitigation service. (6%) Question 2 (25%) (a) Suppose you are designing the public and private keys for RSA public-key encryption. Given p=11 and q=23. (i) If the public key is e=13, what is private key d? (5%) (ii) A message m=7 is encrypted using the above RSA settings, what would be the cipher text c? (5%) (iii) A cipher text c=3 is decrypted using the above RSA settings, what would be the plain text m? (5%) (b) Calculate the multiplicative inverse of 31 mod 70 using the Extended Euclidean Algorithm. (5%) (c) Assume your HKID card number is made from the last six digits of your student ID number. For example, if student ID = 12345678S, then HKID = S345678(*). Calculate the check digital (*). (5%) SEHS4515 Individual Assignment 2**4s2 Page 3 Question 3 (20%) Multi-factor authentication (MFA) is a method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence an authentication mechanism. (a) What is the meaning of “separate pieces of evidence”? (5%) (b) Are username and password considered as two separate pieces of evidence? Justify your answer. (5%) (c) Perform a simple research from the Internet, what is the maximum number of factors used in MFA can you find? Briefly explain each factor. (10%) Question 4 (30%) There are 12 types of malware listed in this website: https://www.kaspersky.com/resource-center/threats/types-of-malware For each type of malware, find out the following information. (a) Their characteristics (12%) (b) The way they spread (6%) (c) The potential damages/negative effect they cause (12%) - End of Assignment -
