DEDAN KIMATHI UNIVERSITY OF TECHNOLOGY

UNIVERSITY EXAMINATIONS 2022/2023 ACADEMIC YEAR.

THIRD YEAR SEMESTER TWO EXAMINATION FOR THE DEGREE OF

BACHELOR SCIENCE IN BUSINESS INFORMATION TECHNOLOGY (BBIT)

CIT 3211: COMPUTER SECURITY AND CRYPTOGRAPHY

DATE: 11TH APRIL 2023 TIME: 2-4 PM.

INSTRUCTIONS:
Answer Question ONE and Any Other Two Questions.
Every question should begin on a FRESH page and should be well labeled and registration
number should be written on every page

QUESTION ONE: COMPULSORRY (30 MARKS)

a) Describe three types of message concealment techniques. (3 marks)

b) Discuss four methods applied in intrusion detection. (4 marks)
c) Given the extensive use of the Internet by many people with very little technical expertise, a
number of security concerns have been raised related to areas like: data integrity,
confidentiality, denial of service and user authentication. Under each of these categories,
mention two possible types of threats, the damage that they might cause and possible
counter-measures that could be implemented. (8 marks)
d) A password system requires that the user chooses a password which comprises of 3 lower
case letters followed by 3 digits.

i) How many different possible passwords are there? (3

marks)
ii) A hacker has an automated program that can try 10,000 passwords per minute. On
average, how long would it take the hacker to find a particular user’s password? Give
your answer to the nearest hour. (2 marks)
iii) It is decided to make the password more secure by adding another digit onto the end
so that a password now comprises 3 letters followed by 4 digits. If the hacker can still
test 10,000 passwords per minute, how long will it take him to find the users
password. (3 marks)
e) Encrypt the message We are all together Using a double transposition cipher with 4 rows
and 4 columns using the row permutation (1, 2,3,4)-  (2, 4, 1, 3) and column permutation
(1,2,3,4)- (3,2,1,4). (4 Marks)

Page 1 of 2
f) Authorization defines activities to be permitted or prohibited within the system. Explain what
should be contained in an authorization policy. (6 marks)

QUESTION TWO ( 20 MARKS)

a) Explain how public key cryptography may be used for identification. (6 marks)
b) Users Alice and Bob use the Diffie-hellman key exchange technique with common
prime=431 and primitive root alpha =9
i) If user Alice has a primitive key Xa=11 what is the public key? (2 marks)
ii) If user Bob has a private key Xb=7 what is the public key. (2 marks)
iii) What is the shared private key? (6 marks)
c) Describe Julius Caesar cipher algorithm and show how the following cipher can be
represented in plain text.
“Duh brx uhdgb iru wkh uljruv ri wkh mre pdunhw? Brx duh vxud! " . (4 marks)

QUESTION THREE (20 MARKS)

a) Compare and contrast policy, standards and practices as used in computer security. (6 Marks)
b) Computer security practitioners must understand the dangers that are brought about by the
internet and some of the steps they must take to ensure the goals of security are achieved on a
network. This is especially critical where the business is being transacted online.
Required:
i) Describe using an appropriate diagram the application level gateway configuration on
a network? (8
marks)
ii) Explain any six good characteristics of an IDS using an appropriate example. (6
marks)

QUESTION 4 (20 MARKS)

a) Explain how access control lists are used to represent access control matrices. Describe the
environments in which they are widely used and their advantages and disadvantages.
(6 marks)
b) Describe the goals of system audit and explain two mechanisms (using an appropriate
example) of knowing that a system has been violated. (4 Marks)
c) People, process and technology are all essential practices of controls in information security.
Using an appropriate example of your choice, explain how each practice is essential.
(6 marks)
c) There are three main concerns with the use of passwords for authentication. Explain these
concerns. (4 marks)

Page 2 of 2