• Home
  • Textbooks
  • Invitation to Computer Science
  • Information Security

Invitation to Computer Science

G.Michael Schneider, Judith Gersting

Chapter 8

Information Security - all with Video Answers

Educators

Chapter Questions

03:02

Problem 1

The following are three possible logon scenarios. Explain why option (c) below is preferable in terms of system security.
a. Welcome to $X Y Z$ computing Enter username: jones Invalid username Enter username:
b. Welcome to $X y Z$ computing Enter username: smith Enter password: password Invalid access Enter username:
c. Enter username: smith Enter password: password Invalid access
Enter username: smith Enter password: FpQr56 Welcome to $X Y Z$ computing

Clayton Schubring
Clayton Schubring
Numerade Educator
04:59

Problem 2

Using the hash function described in Section 8.2.1, find the encrypted forms of the following passwords:
a. fido
b. blank
c. ti34pper

Prathan Jarupoonphol
Prathan Jarupoonphol
Numerade Educator
02:09

Problem 3

Consider a password hash function that works as follows on a system where the password must contain only letters :
Step 1. Take each letter in the password and replace it with a number representing its place in the alphabet.
Step 2. Take each number from Step 1, multiply it by 2 , and add 1.
Step 3. Combine the resulting numbers, separated by 0 s, into a single string. This string is the encrypted password.
a. Given the user password "user", what would this hashing algorithm produce as the final encrypted password?
b. Comment on this hashing algorithm in terms of the security it provides for user passwords.

Lauren Shelton
Lauren Shelton
Numerade Educator
00:44

Problem 4

The default passcode on a cell phone is usually 4 digits, each $0-9$.
a. How many different passcodes are possible?
b. If you can enter a 4-digit passcode in one second, about how long would it take you to try all possible passcodes?

Heather Zimmers
Heather Zimmers
Numerade Educator
01:49

Problem 5

Password characters on a certain system are limited to 26 uppercase letters [A ... Z], 26 lowercase letters $$[a \ldots z], 10$$ digits $$[0 \ldots 9]$$, and 3 special symbols $[\#, \$, \%]. Suppose a passwordcracking tool can generate and test $$10,000,000$$ character strings (potential passwords) per second. Could all possible passwords of length 10 or less be generated and tested in under 1 week's time? (Use a spreadsheet to help find the answer.)

Maxime Rossetti
Maxime Rossetti
Numerade Educator
01:28

Problem 6

Merriam-Webster's Collegiate Dictionary, 11th ed. (Merriam-Webster, Inc., 2003), contains over 225,000 entries. Using a password-cracking tool that can process 1.7 million words per second, how long would it take to test each word in the dictionary as a possible password?

Adam Conner
Adam Conner
Numerade Educator
02:10

Problem 7

A virus attacks a single user's computer and within one hour embeds itself in 50 email attachment files sent out to other users. By the end of the hour, $$10 \%$$ of these have been opened and have infected their host machines. If this process continues, how many machines will be infected at the end of 5 hours? Can you find a formula for the number of machines infected after n hours?

Ashley Volpe
Ashley Volpe
Numerade Educator
03:22

Problem 8

A certain individual has a Hilton account, a RitzCarlton account, and a Marriott International account. The following email message is sent to this individual. Point out clues that should alert this individual that he or she is the victim of a phishing attack.
We here at Marriott appreciate your loyalty as a customer. We want to make things more easy for you when you travel, so we have partnered with Hilton and Ritz-Carlton to create a unified rewards program. Now when you stay at any of these fine brand hotels, you will earn award points that can apply to a future stay at any of the three hotels. For you we will quick set this up, just click on the link below to get started:
wuw.Mariott.com

Chris Trentman
Chris Trentman
Numerade Educator
01:50

Problem 9

Read about one of the following. Decide whether there seems to be enough evidence to put it in the category of cyberwarfare:
a. Stuxnet
b. 2007 - Estonia
c. Titan Rain
d. Operation Hangover

Vysakh M
Vysakh M
Numerade Educator

Problem 10

Risk analysis is one way to monitor security in an organization. Risk analysis can be a time-consuming process; it involves a number of steps, some of which require "educated guessing." Nevertheless, the process alone raises awareness of security issues even if no immediate actions are taken as a result. The steps are:
i. Identify assets (infrastructure, people, hardware, software, reputation, etc.).
For the rest of this list, we'll concentrate on a single asset.
ii. Determine vulnerability (what event or events might happen to the asset. For example, the building could catch fire, the website could be hacked, etc.).
For the rest of this list, we'll concentrate on a single asset vulnerable to a single event.
iii. Estimate the probability per year of this event (based on past data, expert estimates, etc.).
Take current security measure into account.
iv. Estimate the expected cost if this event occurs (cost to repair or replace, cost of lost business, etc.).
v. Compute risk exposure $=$ cost estimate $\times$ probability estimate.
vi. Identify any additional security measure $X$ that would help protect against this event, determine what it would cost, and do a calculation of the risk exposure with the additional security measure $X$ in place.
vii. Do a cost-benefit analysis:
(Risk exposure without $X$ - Risk exposure with $X$ )
- Cost of $X$
You have a small web-based business that uses a single server to manage your webpage and your customer information. Over the past four years, your website has been hacked and taken down twice. You estimate that the cost of this event is $$\$ 600$$ to clean the server and reload the webpage and $$\$ 12,000$$ in lost business while the server is down.
a. You could purchase a backup server for a cost of $$\$ 3,000$$, which you estimate would reduce the probability per year of losing your website to 0.2 . Would this be a cost-effective security measure?
b. What if you reevaluate the probability per year with the backup server to be 0.3. Does this change your answer?

Check back soon!
02:27

Problem 11

Using a Caesar cipher with $s=5$, decode the received message RTAJ TZY FY IFBS.

Prathan Jarupoonphol
Prathan Jarupoonphol
Numerade Educator
02:27

Problem 12

The centurion who was supposed to inform you of swas killed en route, but you have received the message MXX SMGX UE PUHUPQP in a Caesar cipher. Find the value of $s$ and decode the message.

Prathan Jarupoonphol
Prathan Jarupoonphol
Numerade Educator
01:10

Problem 13

You receive a message that was encoded using a block encoding scheme with the encoding matrix
$$
M=\left[\begin{array}{ll}
3 & 2 \\
7 & 5
\end{array}\right]
$$
a. Verify by computing $M^{\prime} \times M$ that $M^{\prime}=\left[\begin{array}{cc}5 & 24 \\ 19 & 3\end{array}\right]$ (Remember to wrap around if a value is $>25$.)
b. Decode the ciphertext message MXOSHI.

Madysn Cardinal
Madysn Cardinal
Numerade Educator

Problem 14

The DES algorithm combines two bit strings by applying the XOR operator on each pair of corresponding bits. Compute the 6-bit string that results from $100111 \oplus 110101$.

Check back soon!
02:01

Problem 15

To decode a message encrypted using DES requires finding the key from among the $2^{\text {ss }}$ possible 56-bit binary keys. Although you might find the key early on, the worst case is that you have to test all $2^{56}$ possible DES keys.
a. How long would this take using the gaming $P C$ described in the Special Interest Box "The Tortoise and the Hare" in Chapter 3 ? Assume that a single key can be tested in one floating-point operation.
b. How long would this take using the Chinese Tianhe-2 supercomputer described in the Special Interest Box "The Tortoise and the Hare" in Chapter 3 ? Assume that a single key can be tested in one floating-point operation.

Bryan Lynn
Bryan Lynn
Numerade Educator
02:15

Problem 16

Using the RSA encryption algorithm, pick $p=11$ and $q=7$. Find a set of encryption/decryption keys $e$ and $d$.

James Kiss
James Kiss
Numerade Educator
02:15

Problem 17

Using the RSA encryption algorithm, let $p=3$ and $q=5$. Then $n=15$ and $m=8$. Let $e=11$.
a. Compute d.
b. Find the code for 3 .
c. Decode your answer to Part (b) to retrieve the 3.

James Kiss
James Kiss
Numerade Educator
02:01

Problem 18

If a message is encrypted using AES with a key length of 256 bits, the brute force approach to decryption involves generating each of the $2^{256}$ possible keys in turn until one is found that decodes the encrypted message. Quantum computing was discussed in Chapter 5. Using a quantum computer, how many qubits are required to represent all $2^{56}$ possible keys simultaneously?

Bryan Lynn
Bryan Lynn
Numerade Educator