|
T. Andrew Yang Email: yang@uhcl.edu Web: https://sceweb.uhcl.edu/yang/ Tel.: (281) 283-3835 |
Last updated: 8/19/2024: first posted |
|
|
CSCI 5233 fall
2024 Note: Total: 100
points 1. (10 pts) Visit the class discussion group in the
Canvas. Post a message, in the forum ‘self-intro’, with your
full name as the subject line. In your post, briefly introduce yourself,
including your full name, your major, and one or two items that you most
desire to learn in this class. Throughout this class, you shall regularly participate
at the discussion group to find recent announcements, reminders, and
discussions.
2. Refer
to http://sceweb.uhcl.edu/yang/citing.htm
to refresh your memory about how to cite published information and give
credits to the original authors and/or sources. Use either direct
quotations or re-paraphrasing when answering each of the following questions.
Note: Not all information published on the web
are correct; not all information generated by ChatGPT are correct either. Discern the validity of the information you use by, for
example, comparing them with what you have learned from the textbooks and the
class discussions.
2.1.
(10 pts) What
are replay attacks? 2.2.
(10 pts) What
are man-in-the-middle attacks? 2.3.
(10 pts) Explain the relationship
between replay attacks and Denial of Service (DoS) attacks. Hint:
How would the hacker use replay attacks
to cause Denial of Service? 2.4.
(10
pts) Explain the differences between replay attacks and man-in-the-middle
attacks. Hint: They are different types of attacks. 3.
The context: In a cloud-based
document sharing system, the users may a document with a selected set of
other users.
Based on what you
have learned in class about security services, answer the following questions.
3.1.
(10 pts) Explain
what data integrity means in this context. 3.2.
(10 pts) Explain
what origin integrity means in this context. 3.3.
(10 pts) Explain
what availability means in this context. 3.4.
(10 pts) Explain
what confidentiality means in this context. 3.5.
(10 pts) Explain
what non-repudiability means in this context. Go to the Index Total: 100
points 1.
Review how the Euclid Algorithm works by entering
two integers, say 120 and 49, as the two input numbers using the online gcd
calculator at https://www.calculatorsoup.com/calculators/math/gcf-euclids-algorithm.php.
2.
(10 pts) Use the
Extended Euclidian Algorithm (EEA) to find the values of x and y for the
equation 120x + 49y = 1. Show the intermediate steps. NOTE: Always
verify the derived values to ensure that they’d satisfy the given
equation. When necessary, switch the values of x and y in order to get the
correct values. 3.
RSA key-pair generator 3.1.
(5 pts) Given two prime
numbers, p = 13 and q = 7. The first step of generating an RSA key-pair is to
calculate the values of n and totient(n). Show how the two values are
calculated. 3.2.
(5 pts) Given n and
totient(n), the public key (e) is selected, by making sure e < n and gcd(e,
totient(n)) = 1. Can the number 27 be selected as the public key of this key
pair? Justify your answer. 3.3.
(5 pts) Show the
first 10 numbers in the set of potential public keys. 3.4.
(10 pts) Let the public key e be 77. Solve ed mod totient(n) = 1 to
determine the private key d. Show the detailed steps. Hint: Use EEA to
solve ex + totient(n)y = 1 first. NOTE: Always verify the
derived private key by checking whether it would satisfy the original
equation. 3.5.
(5 pts) What is the RSA public key and what is the RSA private key? 4.
(10 pts) There exist
dependency relationships between security mechanisms. Those relationships are
part of the prerequisites of deploying a given technology. For
example, the digital certificates mechanism (e.g., X.509) depends on the
Digital Signatures mechanism. Explain why digital certificates depend
on digital signatures, and what are implied by such a dependency (with
respect to deploying digital certificates in a computer system). 5.
Suppose a
protocol is designed to enable secure transmission of a session key from a
user to another user (in order to establish a secure session between the
two). When Alice wants to
send a session key to Bob,
the key is to be encrypted with Bob’s public key, and the
encrypted key will then be decrypted by Bob using his private key. 5.1.
(10 pts)
What
security service(s) would be provided by this protocol. Justify your
answer. 5.2.
(10 pts)
Revise
the given protocol in order to provide confidentiality,
data integrity, and origin integrity. Show the detailed
steps of your revised protocol. Note: Clearly show which entity performs which
operation in the protocol. You may draw a diagram to illustrate the protocol. 6.
SSL/TLS Certificates: Suppose there exists an online company (C), and a
customer (A) has visited C’s online shopping site. To earn the
customers’ trust, C has a TLS certificate installed on its webserver. 6.1. (10 pts) Explain how C’s certificate would
be created. By whom? Draw diagrams if necessary to enhance your explanation. 6.2.
(10 pts) Explain
how C’s certificate would be verified by A’s browser. 6.3.
(10 pts) Suppose H has taken C’s certificate and manually changed
the subject information in C’s certificate from C to
H. Would this modification be detected by A during the certificate
verification process? Justify your answer. Go to the Index Research topic: The security of generative artificial intelligence:
A survey of the challenges and the benefits -
Investigate the current relationship between
cybersecurity and generative AI (or GAI) from two perspectives. a)
Frist of all, would GAI helps to enhance
cybersecurity? Why or why not? Any specific case studies or experiments? b)
Secondly, would the generative AI technologies
be the target of cyber threats? How? Any specific case studies or example
attacks? Note 1: This is an individual project. Note 2: Make sure you properly cite the work of
other researchers or professionals. Visit http://sce.uhcl.edu/yang/citing.htm
for more information about cited references. Warning: Missing or improper cited references in
your draft paper and/or the final report will result in poor score for your
research project. Do either quotations or re-paraphrasing properly in your
paper. Copying multiple sentences or paragraphs from publications or online
pages is NOT a proper way of citing others’ work. The goal of this project is for you to visit refereed
publications (as well as some relevant web sites) to perform a detailed
investigation of the research topic. The University Library has online databases
that could be used as a starting point of your literature search. Items to be submitted: The draft paper (including at least an abstract
& initial literature survey) The draft
paper should be 1-2 pages long (single-spaced), and contains the following
sections: o Research topic o Your name and an email address that you
check regularly (that is, at least once a day) o Class name o The abstract
of your paper, including a general description of the topic and what you plan
to accomplish in the final paper o Survey of related work: Discuss at
least three articles related to your chosen topic. o A tentative outline (agenda) of your
final report. That is, the sections/subsections that you plan to include in
the final paper. To submit the draft paper: a.
Create
a thread in the Canvas discussion board (with the subject line “Draft
paper: <your full name>”) and post your draft paper in that
thread. Check the syllabus for the due date. b.
In
addition, submit your abstract in Canvas’s assignments page. Online reviews of
others’ draft papers Review at least five draft papers posted by your
classmates. NOTE: This task should be completed within one week after
the draft paper’s due date. The final paper The final paper
should be 5-10 pages long (single-spaced), and include your findings
about the chosen topic. The following
is a suggested outline of your final report: Title Your name (and email address) An abstract (50-100 words) Introduction to the topic Significance of the chosen topic with respect to this course Survey of related work Implemented demonstrations, if applicable Your findings Future work: research ideas and projects related to the topic Conclusion Appendix (if any) To submit the draft paper: a.
Create
a thread in the Canvas discussion board (with the subject line “Draft
paper: <your full name>”) and post your draft paper in that
thread. Check the syllabus for the due date. b.
In
addition, submit your abstract in Canvas’s assignments page. Warning again: Missing or improper cited references in
your draft paper and/or the final report will result in poor score for your
research project. Go to the Index |
|
|