Faculty of Science & Engineering COMP8260 – Advanced System and Network Security Assignment: I Total Marks: 30 (Weighting: 10%) Deadline: Friday (Week 5), 26th of August XXXXXXXXXX:00 pm). Note:...

1 answer below »
It is a Network system and security assignment.There is no specific page limit for the answers but try to answer in 6-8 pages.Might require using basic python for some answers.I will provide Lecture files for assistance.Please be careful about grammer.The professor is very strict about it.


Faculty of Science & Engineering COMP8260 – Advanced System and Network Security Assignment: I Total Marks: 30 (Weighting: 10%) Deadline: Friday (Week 5), 26th of August 2022 (05:00 pm). Note: Submit the assignment via Turnitin (Include Student Name and ID in assignment). Objectives This assignment has been designed to test your knowledge on the material covered in the first half of the unit: Introduction to cyber security, threats, attacks and security mechanisms, cryptography, security protocols, authentication and access control and web security. Note • Assumptions (if any) must be stated clearly in your answers. • There may not be one right answer for some of the questions. So, your explanations need to present your case clearly. The explanations you provide do not have to be long; conciseness is preferred to meandering. • It is recommended that you use Python for the programming components of the assignment. However, you are free to use another programming language provided the question/answer/solution can be seamlessly translated into an identical (structure or solution) problem in that language. 1 Question 1 (10 marks) Consider a scenario wherein an Android application developed by LanjaMar, an IT firm, has 5,000 users and this application uses PIN entry-based login mechanism. the application uses a technique to initially generate and assign a random 4-digit PIN to each user such that no two users have the same PIN. The user simply enters a PIN on the mobile-phone screen at the login prompt and the backend system authenticates the user using the correct PIN entered by the user. Furthermore, assume that you have been hired by LanjaMar as a security consultant to analyze the security of the app and its backend system. (a) Assume Alex is one of the users. What is the probability that an attacker, Eve, can guess Alex’s PIN in one try? (2 mark) (b) What is the probability that Eve can guess any user’s PIN in the first attempt? (1 marks) (c) How many attempts are needed by Eve to guess any user’s PIN with a probability at least 0.5? (2 marks) (d) You suggest to LanjaMar that the user should also enter a unique username. What issue does this mitigate? Does the use of a bank card in addition to entering a unique PIN offer a more robust authentication scheme? (3 marks) (e) Suppose that the developed Android application only lets users to turn on the Flashlight their phones into a rudimentary light source by displaying a blank white screen at maximum brightness. Android places limits on what an application can do and requires it to request additional permissions from the user on installation. The Flashlight requires the following permissions: storage, system tools (to prevent phone from sleeping), location (GPS), phone call state, and full network access. Identify one or more security principles relevant to the app and advice (requiring one or two sentence justification) LanjaMar on the security of the application. (2 marks) Question 2 (10 marks) Consider the Android app discussed in the previous question, and suppose that LanjaMar hired your in- credibly cool security consultancy startup to carry out a detailed security analysis on 100 users’ data for determining whether or not their authentication was breached. Jane was one of the users of the app. The result of the study showed that 90 out of a total of 100 users had been attacked. Jane was one of the 10 who did not have not been attacked. Suppose that your startup publish the study and made the stats public: “100 users participated in a study. 90 had been attacked.” Consider that another attacker Eve came to know that Jane was one of the remaining 10 who was not subject to these attacks. A few days later, there is a data breach disclosing the names of 99 participants each with a flag against their names indicating whether they had been attacked or not. In other words, a flag against a name necessarily means that your credentials were compromised. Fortunately for Jane, her name did not appear in the data breach list (the data entry person forgot to enter her name). (a) Explain how Eve can find out if Jane has been attacked or not. (2 mark) 2 (b) Suppose instead of publishing the true count (i.e., a), the study applied differential privacy on the number of people who were subject to attack as follow by publishing a′ = 90 + Lap(1), where Lap(·) denotes a Laplace random variable of mean 0 and scale 1. Using the numpy.random.laplace(0, 1) from the Python library numpy, show 10 sample outputs of a′ (i.e., differential private true count). (4 marks) (c) Noting that the number 100 represents the number of users of this application whose details were examined and made available in the public domain. Explain how does the above mechanism protect Jane’s privacy even after the data breach? (4 marks) Question 3 (10 marks) Reasoning about the code. (a) In the lecture slides on Kerberos, explain why is there a need for B needs to check if the time stamp tA is fresh, i.e., it lies within a small time interval around B′s local time, when B is already checking if time stamp tA is within the validity period l? (2 mark) (b) Explain how and why the following codes (in Figure 1a and 1b) yield different results? (2 mark) (a) (b) Figure 1: Example of Off-by-One-Error (OBOE). (c) Consider the following C code. (4 mark) void OutputZero (char s[], char sep, int n){ int j = 0; int k; 3 while ( s[j] != sep ){ j++; } for ( k = j+1; k < n; k++ ){ s[k] = ’0’; } s[k] = ’\0’; } (d) is the above code memory safe? if yes, prove it by writing the precondition and invariants. if not, describe the modifications required and prove that the modified code is memory safe. (2 mark) assessment for all questions in this assignment not only content but also presentation will affect your mark. you may lose marks if there are considerable problems with the presentation, particularly with clarity. this means that your answers to each question should be a coherent statement. you should ensure that spelling and grammar mistakes of your submission are kept to a minimum. • clarity: – ambiguous or poorly worded answers will receive a grade no more than a pass for the individual question. • correctness of approach taken and answer obtained: – incorrect answers with the correct logic or approach will not be necessarily penalised. – correct answers with incorrect logic or approach will receive no more than pass for the individual question. – incorrect answers with no explanation of the approach taken or with the incorrect approach will receive a fail grade for the individual question. the questions will be marked individually, the marks totalled, and a final grade assigned that is no more than indicated by the total marks, and no more than allowed by the standards specified above and in the unit outline. submission the assignment will be submitted via turitin, and it will be marked and returned online. there are no hardcopy submissions for written assignments. ensure you submit the correct file. the submission process shows you a complete preview of your entire assignment after you have uploaded it but before you have submitted it. carefully check through every single page to ensure everything is there and the correct version has been uploaded, and only then press confirm. 4 multiple submissions may be possible via turnitin prior to the final due date and time of an assessment task and originality reports may be made available to students to view and check their levels of similarity prior to making a final submission. students are encouraged to use these reports to ensure that they do not breach the academic honesty policy through high levels of similarity checks. late submission and special considerations. from 1 july 2022, students enrolled in session based units with written assessments will have the following late penalty applied. please refer to https://students.mq.edu.au/study/assessment-exams/assessments for further information. unless a spe- cial considerations request has been submitted and approved, a 5% penalty (of the total possible mark) will be applied each day a written assessment is not submitted, up until the 7th day (including weekends). after the 7th day, a grade of ’0’ will be awarded even if the assessment is submitted. submission time for all written assessments is set at 11:55 pm. a 1-hour grace period is provided to students who experience a technical concern. plagiarism to prepare this assignment, please refer to “how to do literature review?” document provided on comp8260’s ilearn page. please avoid presenting someone else work as your work. when you use a source other than yourself to write a paper, you must cite that source. sources available on the internet must also be cited, including the web address of the site. if you take an original source and modify it to turn in as your own work, you are also guilty of plagiarism (with possible penalty of f grade). you need to write your own words and phrases that express your own ideas. you should be well aware of the university’s plagiarism policy1. 1please refer to https://students.mq.edu.au/study/assessment-exams/academic-integrity 5 https://students.mq.edu.au/study/assessment-exams/academic-integrity n;="" k++="" ){="" s[k]="’0’;" }="" s[k]="’\0’;" }="" (d)="" is="" the="" above="" code="" memory="" safe?="" if="" yes,="" prove="" it="" by="" writing="" the="" precondition="" and="" invariants.="" if="" not,="" describe="" the="" modifications="" required="" and="" prove="" that="" the="" modified="" code="" is="" memory="" safe.="" (2="" mark)="" assessment="" for="" all="" questions="" in="" this="" assignment="" not="" only="" content="" but="" also="" presentation="" will="" affect="" your="" mark.="" you="" may="" lose="" marks="" if="" there="" are="" considerable="" problems="" with="" the="" presentation,="" particularly="" with="" clarity.="" this="" means="" that="" your="" answers="" to="" each="" question="" should="" be="" a="" coherent="" statement.="" you="" should="" ensure="" that="" spelling="" and="" grammar="" mistakes="" of="" your="" submission="" are="" kept="" to="" a="" minimum.="" •="" clarity:="" –="" ambiguous="" or="" poorly="" worded="" answers="" will="" receive="" a="" grade="" no="" more="" than="" a="" pass="" for="" the="" individual="" question.="" •="" correctness="" of="" approach="" taken="" and="" answer="" obtained:="" –="" incorrect="" answers="" with="" the="" correct="" logic="" or="" approach="" will="" not="" be="" necessarily="" penalised.="" –="" correct="" answers="" with="" incorrect="" logic="" or="" approach="" will="" receive="" no="" more="" than="" pass="" for="" the="" individual="" question.="" –="" incorrect="" answers="" with="" no="" explanation="" of="" the="" approach="" taken="" or="" with="" the="" incorrect="" approach="" will="" receive="" a="" fail="" grade="" for="" the="" individual="" question.="" the="" questions="" will="" be="" marked="" individually,="" the="" marks="" totalled,="" and="" a="" final="" grade="" assigned="" that="" is="" no="" more="" than="" indicated="" by="" the="" total="" marks,="" and="" no="" more="" than="" allowed="" by="" the="" standards="" specified="" above="" and="" in="" the="" unit="" outline.="" submission="" the="" assignment="" will="" be="" submitted="" via="" turitin,="" and="" it="" will="" be="" marked="" and="" returned="" online.="" there="" are="" no="" hardcopy="" submissions="" for="" written="" assignments.="" ensure="" you="" submit="" the="" correct="" file.="" the="" submission="" process="" shows="" you="" a="" complete="" preview="" of="" your="" entire="" assignment="" after="" you="" have="" uploaded="" it="" but="" before="" you="" have="" submitted="" it.="" carefully="" check="" through="" every="" single="" page="" to="" ensure="" everything="" is="" there="" and="" the="" correct="" version="" has="" been="" uploaded,="" and="" only="" then="" press="" confirm.="" 4="" multiple="" submissions="" may="" be="" possible="" via="" turnitin="" prior="" to="" the="" final="" due="" date="" and="" time="" of="" an="" assessment="" task="" and="" originality="" reports="" may="" be="" made="" available="" to="" students="" to="" view="" and="" check="" their="" levels="" of="" similarity="" prior="" to="" making="" a="" final="" submission.="" students="" are="" encouraged="" to="" use="" these="" reports="" to="" ensure="" that="" they="" do="" not="" breach="" the="" academic="" honesty="" policy="" through="" high="" levels="" of="" similarity="" checks.="" late="" submission="" and="" special="" considerations.="" from="" 1="" july="" 2022,="" students="" enrolled="" in="" session="" based="" units="" with="" written="" assessments="" will="" have="" the="" following="" late="" penalty="" applied.="" please="" refer="" to="" https://students.mq.edu.au/study/assessment-exams/assessments="" for="" further="" information.="" unless="" a="" spe-="" cial="" considerations="" request="" has="" been="" submitted="" and="" approved,="" a="" 5%="" penalty="" (of="" the="" total="" possible="" mark)="" will="" be="" applied="" each="" day="" a="" written="" assessment="" is="" not="" submitted,="" up="" until="" the="" 7th="" day="" (including="" weekends).="" after="" the="" 7th="" day,="" a="" grade="" of="" ’0’="" will="" be="" awarded="" even="" if="" the="" assessment="" is="" submitted.="" submission="" time="" for="" all="" written="" assessments="" is="" set="" at="" 11:55="" pm.="" a="" 1-hour="" grace="" period="" is="" provided="" to="" students="" who="" experience="" a="" technical="" concern.="" plagiarism="" to="" prepare="" this="" assignment,="" please="" refer="" to="" “how="" to="" do="" literature="" review?”="" document="" provided="" on="" comp8260’s="" ilearn="" page.="" please="" avoid="" presenting="" someone="" else="" work="" as="" your="" work.="" when="" you="" use="" a="" source="" other="" than="" yourself="" to="" write="" a="" paper,="" you="" must="" cite="" that="" source.="" sources="" available="" on="" the="" internet="" must="" also="" be="" cited,="" including="" the="" web="" address="" of="" the="" site.="" if="" you="" take="" an="" original="" source="" and="" modify="" it="" to="" turn="" in="" as="" your="" own="" work,="" you="" are="" also="" guilty="" of="" plagiarism="" (with="" possible="" penalty="" of="" f="" grade).="" you="" need="" to="" write="" your="" own="" words="" and="" phrases="" that="" express="" your="" own="" ideas.="" you="" should="" be="" well="" aware="" of="" the="" university’s="" plagiarism="" policy1.="" 1please="" refer="" to="" https://students.mq.edu.au/study/assessment-exams/academic-integrity="" 5="">
Answered 1 days AfterAug 16, 2022

Answer To: Faculty of Science & Engineering COMP8260 – Advanced System and Network Security Assignment: I Total...

Aditi answered on Aug 17 2022
71 Votes
COMP8260 Advanced System and Network Security
Assignment 1
https://www.coursehero.com/file/72067813/Assignment-1-Sachet-Bimali-45849285pdf/
    A.1.
        
a. Assume Alex is one of the users. What is the probability that an attacker, Eve, can guess Alex’s PIN in one try?
If Eve were e
ver to grab the personal identification number (PIN), she would, in principle, be able to figure it out on the very first try. There are a variety of methods that may be used to steal the PIN number, one of which is to place a tiny camera in such a location that it records when ALEX inputs the code. The illicit tactics of skimming credit card and bank numbers will be the primary emphasis of this discussion. This skimming may be accomplished by the installation of tiny cameras, and the data from the magnetic strip can be read by an attacker or hacker through the use of ghost terminals. An attacker who has created a clone of a debit or credit card has the ability to get the PIN for the original card. EVE has a probability of 33.33 percent of successfully figuring out ALEX's PIN if she employs any of the aforementioned methods.
b. What is the probability that Eve can guess any user’s PIN in the first attempt?
After three attempts, EVE has a good chance of figuring out the PIN of any user. A variety of different strategies may be used to attempt to guess the PIN. The illicit tactics of skimming bank or credit card numbers will be the primary emphasis of this discussion. This skimming may be accomplished by the installation of tiny cameras, and the data from the magnetic strip can be read by the attacker or hacker through the use of ghost terminals. An attacker may access a debit or credit card's personal identification number (PIN) if a clone of the original card is created. You simply need to guess correctly three times out of every four attempts (33.33%) in order to successfully guess a user's PIN.
c. How many attempts are needed by Eve to guess any user’s PIN with a probability at least 0.5?
If EVE is only given one chance to guess the password, the likelihood is equal to 10 multiplied by -4, which is a very low probability.
If the likelihood is fifty percent, then EVE has a possibility of correctly guessing the PIN with a probability equal to fifty percent multiplied by four. In other words, she has a one in four chance of getting it right.
It is up to the user to select how they will make use of the PIN; a user can opt to hide the PIN with their hand. It is feasible for the persons who are observing to get the PIN by employing shoulder surfers or hidden cameras to get the information.
d. You suggest to LanjaMar that the user should also enter a unique username. What issue does this mitigate? Does the use of a bank card in addition to entering a unique PIN offer a more robust authentication scheme?
Because it makes...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here