SEHS4515 Individual Assignment 2324s2 Page 1
SEHS4515 Computer Security
Individual Assignment
Due: 19 April 2024 (Friday) 6:00pm
Objectives
• To let students apply computer security concepts in real-life settings.
• To show students’ understanding of the requirements and technologies in
computer security.
Instructions
• This assignment should be completed individually and neatly.
• Plagiarism will be penalized severely. Marks will be deducted for assignments
that are plagiarized in whole or in part, regardless of the sources.
• Late submission is subject to mark deduction penalty.
• Answer ALL questions.
• Please state clearly your source of reference.
• You can attach your reference materials.
Submission
• Submit your work in softcopy before the due date.
• Save your work, or scan your handwritten work, into a PDF file. Use the file
name yourname_StudentID.pdf and submit it via Blackboard.
Grading Aspects
• Marks are given to the accuracy of both steps and answer. Detailed steps should
be provided.
• No mark would be given if your work is not readable (especially for handwritten
work) and/or the steps cannot be followed.
• Late submission will have mark deduction of 20% per day late, including Sunday
and public holiday. Late more than 4 days will not be accepted.
SEHS4515 Individual Assignment 2324s2 Page 2
Question 1 (25%)
Read the following article about “Travel agencies’ customer databases being hacked”:
https://www.pcpd.org.hk/english/enforcement/case_notes/casenotes_2.php?id=2018DB0
2&content_type=&content_nature=&msg_id2=545
(a) Analyze the possible threat(s), vulnerability(es) and risk(s) in the above case. (6%)
(b) Compare the attack in the article with WannaCry attack. (6%)
(c) What countermeasure(s) did the travel agency take? Briefly explain each of them.
(7%)
(d) Suppose the agency has approximately $413 million in annual revenue. There are two
incidents of such attack per year and each attack causes 10% drop of the annual
revenue. Perform a risk analysis and suggest an acceptable cost of mitigation service.
(6%)
Question 2 (25%)
(a) Suppose you are designing the public and private keys for RSA public-key encryption.
Given p=11 and q=23.
(i) If the public key is e=13, what is private key d? (5%)
(ii) A message m=7 is encrypted using the above RSA settings, what would be the
cipher text c? (5%)
(iii) A cipher text c=3 is decrypted using the above RSA settings, what would be the
plain text m? (5%)
(b) Calculate the multiplicative inverse of 31 mod 70 using the Extended Euclidean
Algorithm. (5%)
(c) Assume your HKID card number is made from the last six digits of your student ID
number. For example, if student ID = 12345678S, then HKID = S345678(*).
Calculate the check digital (*). (5%)
SEHS4515 Individual Assignment 2324s2 Page 3
Question 3 (20%)
Multi-factor authentication (MFA) is a method of computer access control in which a
user is granted access only after successfully presenting several separate pieces of
evidence an authentication mechanism.
(a) What is the meaning of “separate pieces of evidence”? (5%)
(b) Are username and password considered as two separate pieces of evidence? Justify
your answer. (5%)
(c) Perform a simple research from the Internet, what is the maximum number of factors
used in MFA can you find? Briefly explain each factor. (10%)
Question 4 (30%)
There are 12 types of malware listed in this website:
https://www.kaspersky.com/resource-center/threats/types-of-malware
For each type of malware, find out the following information.
(a) Their characteristics (12%)
(b) The way they spread (6%)
(c) The potential damages/negative effect they cause (12%)
- End of Assignment -
请加QQ:99515681 邮箱:99515681@qq.com WX:codinghelp