PGOehhDtKzN9P36V-17070722180
.docx
keyboard_arrow_up
School
California State University, Long Beach *
*We aren’t endorsed by this school
Course
BB4446
Subject
Information Systems
Date
Jun 3, 2024
Type
docx
Pages
2
Uploaded by harrietking413943
QCT College Mid Term Examination
Class/Section: Cybersecurity
Paper Type: Descriptive
Course: Information Security
Date: 04/02/2024 Faculty’s Name: Dr. Kashif Naseer
Max Marks: 30
Time Allowed:
3 hours
Total Pages: 1 Student’s Name: _________________________Student Email: ______________________
(USE CAPITAL LETTERS)
Question # 1:
Explain Playfair cipher and why this cipher is reasonably fast to use and requires no special equipment. (10)
Key Table Creation: A 5x5 grid of letters is filled with a keyword or phrase (duplicates removed), and the remaining spaces are filled with the rest of the letters of the alphabet. Typically, 'I' and 'J' are combined to fit into the 5x5 grid.
Message Preparation: The plaintext message is divided into digraphs (pairs of two letters). If there is an odd number of letters, a filler letter ('X' is commonly used) is added to the last letter to make a pair.
Encryption Rules:
o
If both letters are the same (or only one letter is left), add an 'X' after the first letter. Encrypt the new pair and continue with the next pair.
o
If the letters appear on the same row of your table, replace them with the letters immediately to their right respectively (wrapping around to the left side of the row if a letter in the original pair was on the right side of the row).
o
If the letters appear on the same column of your table, replace them with the letters immediately below respectively (wrapping around to the top side of the column if a letter in the original pair was at the bottom of the column).
o
If the letters are not on the same row or column, replace them with the letters on the same row respectively but at the other pair of corners of the rectangle defined by the original pair. The order is important for the encryption of the second letter.
Decryption: Decryption is the reverse process, using the same key grid.
Reasons for Efficiency and Simplicity:
No Special Equipment Needed: The Playfair cipher only requires a simple 5x5 grid that can be written out by hand, making it easy to use without the need for any specialized equipment.
Reasonably Fast: Encryption and decryption processes are relatively straightforward and can be performed manually at a reasonable speed, especially compared to the monoalphabetic ciphers that require more complex calculations for each letter.
Security: While not highly secure in modern terms, the Playfair cipher was reasonably secure at the time of its creation because it doesn't just replace one letter with another; it encrypts two letters at a time, which makes frequency analysis – a common way to break ciphers – more difficult.
Practicality: During the time it was used most, notably during war times, the simplicity of the Playfair cipher allowed messages to be encrypted and decrypted rapidly in the field by soldiers who may not have been specialized in cryptography.
Question # 2: Mark Zucker berg’s social media accounts were hacked in 2016, what happened in this attack and which techniques used by attackers, explain in detail. (10)
Page 1 of 2
Enrollment Number: ____________________________
In 2016, several of Mark Zuckerberg's social media accounts, including Twitter, LinkedIn, and Pinterest, were hacked by a group calling themselves OurMine Team. The attackers were able to gain access to these accounts and posted messages indicating they had hacked the accounts. Zuckerberg's Instagram account was also claimed to be hacked by the group, but there was no evidence to support that a breach had occurred on Instagram.
The breach was apparently made possible by a LinkedIn password dump that occurred around the same time. The hackers found Zuckerberg's password, "dadada," in this dump, which suggests that he reused his passwords across multiple platforms or that his password choice for other sites was predictable after his LinkedIn credentials were compromised. Following the incident, Zuckerberg's affected accounts were secured with a stronger password.
This breach highlighted the dangers of password reuse across multiple sites and the importance of unique and strong password practices. It also brought attention to the fact that even tech-savvy individuals and industry leaders are not immune to common cybersecurity pitfalls, such as reusing passwords, which significantly increases the risk of being hacked if one site experiences a data breach
Question # 3: Explain CIA Model in detail (10)
The CIA Model is a widely used benchmark for evaluation of information systems security, often referred to as the CIA triad. The acronym stands for Confidentiality, Integrity, and Availability, which
are the three main objectives of information security.
1. Confidentiality:
This component of the CIA triad ensures that sensitive information is accessed only by an authorized person and kept away from those not authorized to possess them.
To ensure confidentiality, organizations can implement security measures like data encryption, user IDs and passwords, two-factor authentication, biometric verification, and access control policies.
2. Integrity:
Integrity refers to maintaining the consistency, accuracy, and trustworthiness of data over its entire lifecycle. Data must not be altered in transit, and steps must be taken to ensure that data
cannot be altered by unauthorized people (for example, in a breach of confidentiality).
Measures to ensure integrity include file permissions and user access controls, version control, checksums, and cryptographic checksums to detect any changes in data.
3. Availability:
Availability ensures that data and resources are available to authorized users when they need them. This means that computing systems, security controls, and communication channels should be working properly.
To ensure availability, organizations implement hardware maintenance, software patching/upgrades, and network optimization. Redundancies, failover systems, and data backups are also critical to ensure that data can be accessed when needed.
The CIA triad is considered the cornerstone of any well-developed information security strategy and is used to identify problem areas in an organization's information systems and to suggest the types of countermeasures that should be implemented.
End of Question Paper
Page 2 of 2
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help