Marking Scheme: Sri Lanka Institute of Advanced Technological Education
Marking Scheme: Sri Lanka Institute of Advanced Technological Education
SLIATE
SRI LANKA INSTITUTE OF ADVANCED TECHNOLOGICAL EDUCATION
(Established in the Ministry of Higher Education, vide in Act No. 29 of 1995)
Marking Scheme
Instructions for Candidates: No. of Questions: 05
Answer only 04 Questions No. of Pages : 04
Time: Two (02) hours
Integrity 01 mark
Availability 01 mark
HNDIT 2301 Operating system & Information Security (new) 2016 1st semester
2
Q2 i. There are two requirements for secure use of symmetric
encryption. Name them. (02 Marks)
a strong encryption algorithm 01 mark
a secret key known only to sender / receiver 01 mark
ii. state three components related to Symmetric Cipher Model with
a suitable diagram. (06 Marks)
• plaintext
• ciphertext
• cipher
• Security key
• encipher (encrypt)
• decipher (decrypt) 01x3
any 03 component 03 marks
03 marks
iv. Briefly explain any four from the following list. (08 Marks)
a) Brute Force Search
.
b) Substitution Ciphers
.
c) One-Time Pad
.
d) Rail Fence cipher
.
e) Product Ciphers
.
f). Steganography
Product Ciphers:
Using several ciphers together like:
– two substitutions make a more
complex substitution
– two transpositions make more
complex transposition
– but a substitution followed by a
transposition makes a new much
harder cipher
Or any relevant answer 02 marks
Steganography:
• This an alternative to method for
encryption
• Hide the message in image, sound or
video.
Or any relevant answer
02 marks
HNDIT 2301 Operating system & Information Security (new) 2016 1st semester
4
v. Convert following word “block” into cipher text using Cesar
Cipher algorithm as given below:
C = ( P + 3 ) mod ( 26 ) (05 Marks)
Plain P P + 3 ( P + 3 ) mod ( 26 ) Cipher
text text
b 2 5 5 E 01
mark
l 12 15 15 O 01
mark
o 15 18 18 R 01
mark
c 3 6 6 F 01
mark
k 11 14 14 N 01
mark
(25 Marks)
Asymmetric Encryption
Encryption : public key- 01 mark
decryption : private key- 01 mark
ii. Name four methods used for distribution of Public Keys (04 Marks)
– public announcement
– publicly available directory
– public-key authority
– public-key certificates
01mark for one method x 4
iii. Lahiru and Raj are two friends who has obtained public key
algorithms from a key distribution Centre. They both have
public keys known by everyone, and a private key known only
by him. mention which key they can use in following situations: (08 Marks)
a). Raj wants to encrypt the message using Asymmetric
Encryption, and send to Lahiru.
b). Raj wants to include digital signature for message.
c). Lahiru wants to decrypt the chipper text he received from
Raj using asymmetric encryption.
d). Lahiru wants to verify the digital signature of the message
he has received from Raj.
a). Raj wants to encrypt the message using
Asymmetric Encryption:
Lahiru’s public key 02
marks
b). Raj wants to include digital signature for
HNDIT 2301 Operating system & Information Security (new) 2016 1st semester
5
message
Raj’s private key 02
marks
c). Lahiru wants to decrypt the chipper text he
recived
Lahiru’s private key 02
marks
d). Lahiru wants to verify the digital signature
of the message he has recived.
Raj’s public key 02
marks
iv. Why message authentication is important? Give three reasons. (03 Marks)
message authentication is concerned with:
• protecting the integrity of a message
• validating identity of originator 01 mark
• non-repudiation of origin (dispute for one
resolution) reason
X3
v. Compare and contrast hash function and Message
Authentication Code (MAC). (06 Marks)
Hash function MAC
Assures integrity of Assures integrity of 01
information information mark
Not reversible Not reversible for 1
Does not need a key Needs a key point
to use X6
(25 Marks)
HNDIT 2301 Operating system & Information Security (new) 2016 1st semester
6
iii. A multi-level database is a specially designed database to (03 Marks)
enhance security of data. Give three factors that should be
considered in designing multi-level databases.
Efficiency
Flexibility
Simplicity
Trustworthiness
Any 3 : one mark for each x 3
(25 Marks)
Q5 Write short notes on any five topics from the following list. (05 Marks
X 5)
i. Limitations of firewalls
cannot protect from attacks bypassing it
eg sneaker net, utility modems, trusted organisations, trusted
services (eg SSL/SSH)
cannot protect against internal threats
eg disgruntled or colluding employees
cannot protect against transfer of all virus infected programs
or files
because of huge range of O/S & file types
or any relevant answer
05 marks
HNDIT 2301 Operating system & Information Security (new) 2016 1st semester
7
ii. Password Security
Password protection is one of the basic methods used for data
authentication. Password confirms whether a particular user is who
he/she really claims to be. But hackers and crackers have different
ways of capturing or guessing passwords and break the protection
provided by them. A good password usually has high work factors
hence difficult to crack. Users should be educated and aware of good
passwords and their characteristics to enhance password security.
v. Buffer Overflow
Buffer is a temporary data store used by the programmers to store
data within the software applications to enhance application
performance and avoid database over heads. The size of the buffer is
sometimes predefined and sometimes not. In some cases when the
buffer is not pre-defined, intruders or attackers can use the unused
buffers for malicious purposes. This is called buffer overflow attack.
HNDIT 2301 Operating system & Information Security (new) 2016 1st semester
8
or any relevant answer
05 marks
(25 Marks)
HNDIT 2301 Operating system & Information Security (new) 2016 1st semester
9