UNIVERSITY EXAMINATIONS: 2017/2018
EXAMINATION FOR THE DEGREE OF MASTER OF SCIENCE IN
DATA COMMUNICATIONS AND NETWORKING/ INFORMATION
SYSTEMS MANAGEMENT
MDC5201 MISM5204 INFORMATION SYSTEMS SECURITY
DATE: AUGUST, 2018 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.
QUESTION ONE [20 MARKS]
a) What is information systems security? Explain the THREE distinct aspects of this kind of
security. (4 Marks)
b) Discuss in detail the following types of vulnerabilities, giving examples and illustrating how
easy/ difficult it is to exploit them:
i) physical vulnerabilities
ii) media vulnerabilities
iii) communications vulnerabilities (9 Marks)
c) Explain how encryption can be used to protect the passwords in storage (3 Marks)
d) Discuss the strengths and weaknesses of using hand geometry for authentication (4 Marks)
QUESTION TWO [15 MARKS]
a) Many websites require that users register in order to access information or services. Suppose
that you register at such a website, but when you return later you’ve forgotten your
password. The website then asks you to enter your e-mail address, and if the address
matches any e-mail address in the website’s registration database, the corresponding
password is e-mailed to that address.
i) Discuss some security concerns with this approach to dealing with forgotten
passwords. (4 Marks)
ii) What can you conclude about the method used by the website to store and verify
passwords? (2 Marks)
b) Calculate the Hamming distance between A and B, given that dH(a,b) = (ai XOR bi )
(3 Marks)
c) Distinguish between symmetric and asymmetric key cryptosystems (2 Marks)
d) Apply the Keyword Mixed Alphabet cipher to decrypt the following ciphertext using the
keyword “PATHFINDER” (4 Marks)
WFPSSPTBHUOEJNOPEJPCCIKOTFQQSPJHOFPHYWPESIKOQENJPC
QUESTION THREE [15 MARKS]
a) Explain any FOUR characteristics of the one-time pad (4 Marks)
b) Assume that the binary combinations for the letters A-P are 0000 to 1111 respectively. Use
the one-time key provided to encrypt the following plaintext. Present the ciphertext in
binary. (5 Marks)
c) Explain the concept of ‘inference’ and how it is a security problem (3 Marks)
d) Describe any THREE types of inference attacks (3 Marks)
A = TGACCCGTTATGCTCGAGTTCGGTCAGAGCGTCATTGCGAGTAGTCGTTTGCTTTCTCAAACTCC
B = GAGCGATTAAGCGTGACAGCCCCAGGGAACCCACAAAACGTGATCGCAGTCCATCCGATCATACA
PLAINTEXT = HE COMES EVERY MIDDAY
KEY = BF HCHJF LIBEG MANGDH
QUESTION FOUR [15 MARKS]
a) Discuss the security requirements for a database (5 Marks)
b) The SQL security model implements discretionary access control (DAC) based on users,
actions and objects. Explain any TWO approaches used to provide row level security using
DAC (4 Marks)
c) The table below contains some confidential records of patients’ medical history. It is
necessary that the following controls should apply:
Managers should READ client records of their department
Managers should READ only the non-confidential columns
Managers have No WRITE access
The medical record analyst should have unrestricted READ and WRITE access.
Apply ONE of the DAC approaches explained in c) above to implement the solution. (6 Marks)