Security
Security
5 Ed wants to send a message securely. Before sending the message, the software encrypts it
using a symmetric key.
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...................................................................................................................................... [2]
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...................................................................................................................................... [2]
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
.............................................................................................................................................. [2]
6 Encryption is used to provide security when messages are transferred over a communication link.
(a) (i) Explain the way in which asymmetric key cryptography is used to encrypt a message
being sent from one computer user to another over the Internet.
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
.................................................................................................................................... [4]
1 ........................................................................................................................................
...........................................................................................................................................
2 ........................................................................................................................................
...........................................................................................................................................
[2]
(b) (i) Explain the way in which Transport Layer Security (TLS) provides communication
security over a computer network.
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
..................................................................................................................................... [4]
(ii) State two situations where the use of TLS would be appropriate.
1 ........................................................................................................................................
...........................................................................................................................................
2 ........................................................................................................................................
...........................................................................................................................................
[2]
7 (a) A digital certificate and a digital signature are used to ensure that a message is not changed
during transmission.
A digital certificate contains the ...................................... key of the owner. A digital certificate
Before a private message is sent to the owner of the digital certificate, this key is used
which is then encrypted with the sender’s ...................................... key to obtain the digital
signature. [5]
1 ................................................................................................................................................
2 ................................................................................................................................................
[2]
Describe two methods that can be used to restrict the effect of malware.
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
............................................................................................................................................. [4]
(d) Identify the common logic circuit given by the truth table in part (a). Give the use of each
output.
Use of X ....................................................................................................................................
Use of Y ....................................................................................................................................
[3]
6 Anita is studying computer science and she is confused about some of the computer security
terminology as some of the words are similar.
Anita wants to know the similarities (features that are the same) and differences (features that are
different) between some of the terms.
(a) Give the similarities and differences between a public key and a private key.
Similarities ................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
Differences ................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
[4]
(b) Give the similarities and differences between a digital certificate and a digital signature.
Similarities ................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
Differences ................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
[4]
(c) Give the similarities and differences between phishing and pharming.
Similarities ................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
Differences ................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
[4]
7 Sam wants to send confidential data to an organisation. He has already received the organisation’s
digital certificate. The organisation has asked him to make sure that the message containing the
confidential data is encrypted and is sent with a digital signature.
(a) Explain the process the organisation followed to obtain its digital certificate.
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
............................................................................................................................................. [3]
(b) Identify two items included in the organisation’s digital certificate that will be used when
sending the message. Give a reason why each item is required.
Item 1 ........................................................................................................................................
Reason .....................................................................................................................................
...................................................................................................................................................
Item 2 ........................................................................................................................................
Reason .....................................................................................................................................
...................................................................................................................................................
[4]
(c) Identify two other items included in the organisation’s digital certificate.
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
............................................................................................................................................. [2]
(d) Explain how the digital signature for Sam’s message is produced.
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
............................................................................................................................................. [4]
(a) Martha and Joshua’s computers have already exchanged digital certificates.
1 ................................................................................................................................................
...................................................................................................................................................
2 ................................................................................................................................................
...................................................................................................................................................
3 ................................................................................................................................................
...................................................................................................................................................
[3]
(b) Joshua and Martha’s digital certificates are used to ensure that Martha’s message has not
been altered during transmission.
Explain how asymmetric encryption uses the contents of the digital certificates to ensure that
the message has not been altered during transmission.
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
............................................................................................................................................. [6]
8 Digital certificates are used in internet communications. A Certificate Authority (CA) is responsible
for issuing a digital certificate.
1 ................................................................................................................................................
2 ................................................................................................................................................
[2]
(b) The following paragraph describes how a digital signature is produced. Complete the
paragraph by inserting an appropriate term in each space.
................................................ .
[3]
1 (a) The following incomplete table shows descriptions relating to the security of data transmission.
Description Term
[3]
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
..................................................................................................................................... [2]
(ii) Describe how a digital signature is produced for transmission with the message.
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
..................................................................................................................................... [3]
5 (a) Wiktor is an employee of a travel agent. He uses asymmetric encryption to send confidential
information to his manager.
data. When Wiktor sends a message to his manager, the message is encrypted into
key, and when Wiktor receives the message, it is decrypted into …………………………….
(b) When customers pay for their travel booking online, a secure connection is established using
Secure Socket Layer (SSL).
a secure connection.
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
............................................................................................................................................. [6]
(c) The manager is concerned about the threat of malware to the company computer systems.
Name two types of malware. State what the company should do to help prevent the effect of
the malware.
Prevention ................................................................................................................................
...................................................................................................................................................
Prevention ................................................................................................................................
...................................................................................................................................................
[4]
5 Sanjeet is a member of the public, and he wants to send a private message to a government
department.
(a) Explain how asymmetric encryption is used to ensure that the message remains private.
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
............................................................................................................................................. [2]
(b) When the government department replies to Sanjeet, it needs to send a verified message.
Explain how asymmetric encryption can be used to ensure that it is a verified message.
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
............................................................................................................................................. [2]
(c)
(i) Describe two vulnerabilities that malware can exploit in computer systems.
1 ........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
2 .........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
[4]
(ii) Identify one method that can be used to restrict the effect of malware.
...........................................................................................................................................
..................................................................................................................................... [1]
© UCLES 2019 9608/32/M/J/19
12
Put a tick ( ) in each row to identify the computer architecture associated with each statement.
Architecture
Statement
SIMD MIMD SISD
6 (a) The following table shows descriptions and terms relating to data transmission security.
Description Term
The result of encryption that is transmitted to the
A
recipient. .................................
The type of cryptography used where different keys are
B
used; one for encryption and one for decryption. .................................
.........................................................................................
.........................................................................................
C Digital certificate
.........................................................................................
.........................................................................................
.........................................................................................
.........................................................................................
D Private key
.........................................................................................
.........................................................................................
[4]
(b) The sequence of steps 1 to 7 describes what happens when setting up a secure connection
using Secure Socket Layer (SSL).
If the browser trusts the certificate, it creates, encrypts and sends the server a
A
B Server sends the browser an acknowledgement, encrypted with the session key.
C Server sends a copy of its SSL Certificate and its public key.
D Server decrypts the symmetric session key using its private key.
2. ……………
4. ……………
5. ……………
6. ……………
7. Server and browser now encrypt all transmitted data with the session key.
[3]
(a) The company is concerned that malware might disrupt their business.
Description Term
Redirection to a bogus website that appears to be
A
legitimate to gain confidential data. .................................
B
.................................
.........................................................................................
C ......................................................................................... Spyware
.........................................................................................
.........................................................................................
D ......................................................................................... Worm
.........................................................................................
[4]
(ii) A member of staff is using the Internet to carry out research. They are worried about the
threat from terms A and B.
Term A ...............................................................................................................................
...........................................................................................................................................
Term B ...............................................................................................................................
...........................................................................................................................................
[2]
(b) A customer downloads a new educational software package from the company.
• the software has come from the company (is authentic) and
• no one has altered it.
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...............................................................................................................................................[4]
5 Katarina works for a company specialising in the sale of computer parts and accessories. She
works in the London office and her colleague Lucy works in the Hong Kong office. Katarina emails
confidential information to Lucy so that only Lucy can read the information.
(a) Explain how public and private keys are used to ensure that only Lucy has a readable copy of
the confidential information.
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...............................................................................................................................................[4]
(b) Julio is buying items from the online shop. He already has an account with the shop.
Explain how the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) helps to
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...............................................................................................................................................[3]
(c) The manager of the company is concerned about the threat of malware.
1 ................................................................................................................................................
...................................................................................................................................................
2 ................................................................................................................................................
...................................................................................................................................................
3 ................................................................................................................................................
...................................................................................................................................................
[3]
© UCLES 2018 9608/32/M/J/18 [Turn over
8
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...................................................................................................................................... [3]
(b) A handshake process has to take place before any exchange of data using the TLS protocol.
The handshake process establishes details about how the exchange of data will occur. Digital
certificates and keys are used.
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
.............................................................................................................................................. [3]
(c) Give two applications where it would be appropriate to use the TLS protocol.
1 ...............................................................................................................................................
...................................................................................................................................................
2 ...............................................................................................................................................
...................................................................................................................................................
[2]
(c) Anna has to send an email to Bob containing confidential information. Bob and Anna have
never sent emails to each other before.
The first step is for Anna to request that Bob sends her one of his keys.
(ii) Explain how Anna can be sure that it is Bob who has sent the key.
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
.......................................................................................................................................[2]
The following incomplete table shows the sequence of actions between Anna and Bob to
communicate the confidential information.
The person
performing the What that person does
action
Bob
..........................................................................................................
Anna
..........................................................................................................
..........................................................................................................
Bob
..........................................................................................................
[4]
2 The following incomplete table shows descriptions and terms relating to malware.
Description Term
(i) Malicious code is installed on a personal computer
so that the user is misdirected to a fraudulent web ...................................... [1]
site without their knowledge.
(ii) An attempt to acquire sensitive information, often
for malicious reasons, by trying to deceive the user ...................................... [1]
through the contents of an email.
(iii)
.................................................................................
.................................................................................
.................................................................................
Worm
.................................................................................
.................................................................................
................................................................................. [2]
(b) State two vulnerabilities that the malware in part (a)(i) or part (a)(ii) can exploit.
Vulnerability 1 ...........................................................................................................................
...................................................................................................................................................
Vulnerability 2 ...........................................................................................................................
...................................................................................................................................................
[2]
(c) Digital certificates are used in internet communications. A Certificate Authority (CA) is
responsible for issuing a digital certificate.
1 ........................................................................................................................................
2 ........................................................................................................................................
3 ........................................................................................................................................
[3]
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
.......................................................................................................................................[3]
(iii) Give the reason for including a digital signature in the digital certificate.
...........................................................................................................................................
.......................................................................................................................................[1]
S
Q
(a) Write the Boolean algebraic expression corresponding to this logic circuit:
S = ........................................................................................................................................[4]
Description Term
Malware that attaches itself to another program.
(b) Ben wants to send a highly confidential email to Mariah so that only she can read it. Plain text
and cipher text will be used in this communication.
...........................................................................................................................................
...................................................................................................................................... [2]
(ii) Explain how the use of asymmetric key cryptography ensures that only Mariah can read
the email.
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...................................................................................................................................... [4]
Process Y contains instructions that result in the execution of a loop, a very large number of
times. All instructions within the loop are in Page 1.
The loop contains a call to a procedure whose instructions are all in Page 3.
All page frames are currently in use. Page 1 is the page that has been in memory for the
shortest time.
(iii) Explain what happens to Page 1 and Page 3, each time the loop is executed.
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...................................................................................................................................... [3]
...................................................................................................................................... [1]
4 Both clients and servers use the Secure Socket Layer (SSL) protocol and its successor, the
Transport Layer Security (TLS) protocol.
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...................................................................................................................................... [2]
...................................................................................................................................... [1]
...................................................................................................................................... [1]
(iv) Identify two problems that the SSL and TLS protocols can help to overcome.
1 ........................................................................................................................................
2 ................................................................................................................................... [2]
© UCLES 2016 9608/32/O/N/16
9
(b) Before any application data is transferred between the client and the server, a handshake
process takes place. Part of this process is to agree the security parameters to be used.
1 ................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
2 ................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
.............................................................................................................................................. [4]
(c) Name two applications of computer systems where it would be appropriate to use the SSL or
TLS protocol. These applications should be different from the ones you named in part (a)(ii)
and part (a)(iii).
1 ................................................................................................................................................
...................................................................................................................................................
2 ................................................................................................................................................
.............................................................................................................................................. [2]
2 Digital certificates are used in Internet communications. A Certificate Authority (CA) is responsible
for issuing digital certificates.
1 ................................................................................................................................................
2 ................................................................................................................................................
3 ............................................................................................................................................[3]
1 A user starts an application for a digital certificate using their computer. On this computer
a key pair is generated. This key pair consists of a public key and an associated private
key.
2 The user submits the application to the CA. The generated ........ (i) ........ key and
other application data are sent. The key and data are encrypted using
the CA’s ........ (ii) ........ key.
3 The CA creates a digital document containing all necessary data items and signs it using
the CA’s ........ (iii) ........ key.
In the above method there are three missing words. Each missing word is either ‘public’ or
‘private’.
(i) ...........................................................................................................................................
Justification ........................................................................................................................
.......................................................................................................................................[2]
(ii) ...........................................................................................................................................
Justification ........................................................................................................................
.......................................................................................................................................[2]
(iii) ...........................................................................................................................................
Justification ........................................................................................................................
.......................................................................................................................................[2]
Beena’s email program decrypts the encrypted message using her private key.
.......................................................................................................................................[1]
(ii) Explain how Beena can be sure that she has received a message that is authentic (not
corrupted or tampered with) and that it came from Alexa.
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
.......................................................................................................................................[2]
(iii) Name two uses where encrypted message digests are advisable.
1 ........................................................................................................................................
2 ....................................................................................................................................[2]
2 Digital certificates are used in Internet communications. A Certificate Authority (CA) is responsible
for issuing digital certificates.
1 ................................................................................................................................................
2 ................................................................................................................................................
3 ............................................................................................................................................[3]
1 A user starts an application for a digital certificate using their computer. On this computer
a key pair is generated. This key pair consists of a public key and an associated private
key.
2 The user submits the application to the CA. The generated ........ (i) ........ key and
other application data are sent. The key and data are encrypted using
the CA’s ........ (ii) ........ key.
3 The CA creates a digital document containing all necessary data items and signs it using
the CA’s ........ (iii) ........ key.
In the above method there are three missing words. Each missing word is either ‘public’ or
‘private’.
(i) ...........................................................................................................................................
Justification ........................................................................................................................
.......................................................................................................................................[2]
(ii) ...........................................................................................................................................
Justification ........................................................................................................................
.......................................................................................................................................[2]
(iii) ...........................................................................................................................................
Justification ........................................................................................................................
.......................................................................................................................................[2]
Beena’s email program decrypts the encrypted message using her private key.
.......................................................................................................................................[1]
(ii) Explain how Beena can be sure that she has received a message that is authentic (not
corrupted or tampered with) and that it came from Alexa.
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
.......................................................................................................................................[2]
(iii) Name two uses where encrypted message digests are advisable.
1 ........................................................................................................................................
2 ....................................................................................................................................[2]
3 The incomplete table below shows descriptions and terms relating to malware.
Description Term
........................................................................................
C ........................................................................................ Worm
........................................................................................
........................................................................................
D ........................................................................................ Spam
........................................................................................
[4]
Term .....................
Problem ....................................................................................................................................
...................................................................................................................................................
Solution .....................................................................................................................................
...............................................................................................................................................[2]
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...............................................................................................................................................[2]
(d) Bill, a manager of a company, sent an email with very sensitive information to a work
colleague, Alison. However, Bill also accidentally sent it to everybody in the company.
Describe the method used that ensured only Alison was able to read the original contents of
the email.
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...............................................................................................................................................[4]
2 The incomplete table below shows descriptions and terms relating to malware.
Description Term
..................................................................................................
..................................................................................................
C .................................................................................................. Pharming
..................................................................................................
..................................................................................................
..................................................................................................
..................................................................................................
D .................................................................................................. Phishing
..................................................................................................
..................................................................................................
[4]
Problem ....................................................................................................................................
...................................................................................................................................................
Solution .....................................................................................................................................
...............................................................................................................................................[2]
Encryption .................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...................................................................................................................................................
...............................................................................................................................................[2]
(i) State what should be part of the download to provide proof that the software is authentic.
.......................................................................................................................................[1]
(ii) Describe the process for ensuring that the software is both authentic and has not been
altered.
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
...........................................................................................................................................
.......................................................................................................................................[4]