网络安全代写 | COMPSCI 316 (Cyber Security) Assignment 2

这个作业是回答网络安全相关的问题，如：加密界面，SSL安全等
COMPSCI 316 (Cyber Security) Assignment 2

1. Investigate and briefly explain (in one to two paragraphs) if your
email account has S/MIME or PGP enabled. [3 marks]
2. Explain in one to two paragraphs (step-by-step) how can you send
and receive an S/MIME or PGP protected email from your email
account. [3 marks]
3. Suppose you are sending your name in the body of the email message.
Assume that each character of your name is represented using 8-bit
ASCII. What is the radix-64 conversion of this message using this 8-
bit ASCII system? Explain in a paragraph why radix-64 conversion is
used by Multipurpose Internet Mail Extensions (MIME). Can radix-64
be used as an encryption scheme? Justify your answer. [9 marks]
B. SSL and TLS [25 marks]
1. SSL/TLS certificate
(a) Share the URL of a website that is protected by SSL/TLS. [1 mark]
(b) Go to, and check the certificate
of the URL. Share a screenshot of the output. [2 marks]
(c) Explain the “SSL certificate” or “TLS certificate” heading of the
output in minimum one paragraph and maximum two paragraphs. [7
marks]
(d) Find the chain of trust in the output. Under which heading you
see the chain of trust? Explain in a paragraph how it is established by
taking your output as an example. [5 marks]
(e) Can an attacker be able to launch an attack on the SSL-based
authentication by modifying the root signature? By taking the output
as an example, justify your answer. [5 marks]
2. Suppose you have been asked to review a version of SSL “Record
Protocol” in which lossy compression is used after MAC generation. Do you
see any issue with this version of the protocol? Justify your answer. [5
marks]
C. IP Security and IPSec [35 Marks]
1. Suppose you have an IPv4 packet with n bytes length, where n is the
last six digits of your UoA-ID. Assume that this packet is to be sent through
a network having 1500 bytes MTU.
(a) How many minimum fragments must be created from the IP
packet? [2 marks]
(b) What would be the value of “flag” and “offset” fields of the first
fragment? Justify your answer. [4 marks]
(c) What would be the value of “flag”, “offset”, and “length” fields
of the last fragment? Justify your answer. [5 marks]
(d) What is a security issue with IPv4 fragmentation? Explain in
one paragraph. [4 marks]
2. Go to the website that can generate a random MAC address.
(a) What MAC address have you generated? [1 mark]
(b) Convert this MAC address to an IPv6 address. Tell us the IPv6
address, and also how did you get it. [4 marks]
(c) Let’s call the IPv6 address generated from this random MAC
address as RIPv6 and the IPv6 address generated from the MAC
address of your PC/laptop as YIPv6. Which of the IPv6 addresses can
provide protection against spoofing? Which can provide better privacy?
Justify your answer. [5 marks]
3. Suppose you have been hired as a security consultant in a large
organisation ABC.org, which has offices in three different countries: New
Zealand, USA, and the UK. This organisation wishes to use a VPN (Virtual
Private Network) for internal employees. This organisation has decided to
use IPSec-powered VPN. This organisation has decided to use IPSec-
powered VPN. This organisation also uses NAT (Network Address
Translation) and multiple network firewalls.
(a) Suggest whether the tunnel mode or the transport mode is better
for the organisation’s VPN. Justify your answer. [3 marks]
(b) Suggest whether the AH or ESP protocol is better for the
organisation’s VPN. Justify your answer. [3 marks]
(c) Explain how the IPSec gateway, NAT router, and personal firewall
must be arranged to provide efficient and effective functioning of the
organisation. [4 marks]
D. Wireless Security [10 marks]
1. Assume that 64bit WEP is used for providing confidentiality. Suppose
your name is the paraphrase for generating the shared base key (that is
computed using this website), and the
initialization vector IV is IV=BADBAD (in hex). What would be the input to
the RC4 algorithm used in WEP? [2 marks]
2. In a version of WEP, the live daily temperature of a city is used as IV.
What are the possible security implications of this scheme? Justify your
answer. [3 marks]
3. Which wireless security protocol our university is using? Explain how you
are authenticated to university’s WiFi (UoA-WiFi). [5 marks]
E. DOS, Firewall, IDS [15 marks]
1. Suppose a system uses a buffer of n bytes to store TCP connections,
where n is the last three digits of your UoA-ID. Assume that each
incomplete TCP connection request needs 2 bytes of buffer. Also, an
incomplete connection request is timed out after 5 milliseconds. If TCP
connection requests are sent in a constant rate, how many minimum
incomplete TCP connection requests must be sent per milliseconds to the
system to launch a DoS attack? [9 marks]
2. Suppose the above system is connected to a firewall that can detect the
number of incomplete TCP connections in the system at any point in time.
Briefly discuss (in one paragraph) a firewall rule that can mitigate the above
DoS attack. [3 marks]
3. Can intrusion detection mitigate DDoS attacks? Justify your answer. [3
marks]