CM2025

BSc EXAMINATION

COMPUTER SCIENCE

Computer Security

Release date: Wednesday 4 October 2023 at 12:00 midday British Summer Time

Submission date: Thursday 5 October 2023 by 12:00 midday British Summer Time

Time allowed: 4 hours to submit

INSTRUCTIONS TO CANDIDATES:
Part A of this assessment consists of a set of TEN Multiple Choice Questions (MCQs).
You should attempt to answer ALL the questions in Part A. The maximum mark for Part A
is 40.
Candidates must answer TWO out of the THREE questions in Part B. The maximum mark
for Part B is 60.
Part A and Part B will be completed online together on the Inspera exam platform. You
may choose to access either part first upon entering the test area but must complete both
parts within 4 hours of doing so.

You may use any calculator for any appropriate calculations, but you may not use
computer software to obtain solutions. Credit will only be given if all workings are shown.

Do not write your name anywhere in your answers.

© University of London 2023

Page 1 of 8
PART A

Candidates should answer the TEN Multiple Choice Questions (MCQs) quiz, Question 1 in
Part A of the test area.

Page 2 of 8
PART B

Candidates should answer any TWO questions from Part B.

Question 1

(a) Answer the following questions:

I. Define what an exploit is in the context of computer security.
(2 marks)

II. Define what a Zero-day vulnerability is in the context of computer security.

(2 marks)

III. Explain how an exploit might be used to leverage unauthorised access to a

user.
(2 marks)

(b) In the context of network security, what are Ransomware and Rootkit attacks? Explain
how they attack their victims.
(6 marks)

(c) Imagine that you work for a hospital ensuring that patient’s data is secure. Give an
example of each type of consideration for this system.
I. Confidentiality
(2 marks)
II. Integrity
(2 marks)
III. Availability
(2 marks)

(d) Explain how does a proxy firewall work?

(4 marks)

(e) One of the secure solutions to store passwords in a database is storing their hashed
value instead of plain text. However, it is possible to find out which users have the same
passwords by checking the hashed values. Propose a solution to avoid this problem while
still using cryptographic hash functions. Explain how the passwords should be stored using
your proposed solution and how they should be checked.
(4 marks)

Page 3 of 8
(f) Assume we have a list of transactions. Explain how we can propose a solution using
cryptographic hash functions to prevent others tampering with transactions.
(4 marks)

Page 4 of 8
Question 2

(a) Based on the RSA algorithm, answer the following questions:

I. Explain why one-way functions are important in cryptography. Describe the one-
way function which is used in RSA.
(4 marks)

II. Bob uses RSA and chooses the pair (N=55, e=7) as his public key. Using this
public key, encrypt the message M=16. Show your work step-by-step.
(4 marks)

III. For the question in part a, II, define a value for the private key d. Then explain
how one can use d to decrypt a message. Show your work step-by-step.
(4 marks)

IV. Using your defined private key in part a, III, decrypt the encrypted message in
part a, II. Show your work step-by-step.
(4 marks)

(b) Many encryption techniques rely on a combination of private and public keys.
I. Describe the differences between a private key and a public key.
(2 marks)
II. Describe how private and public keys are used for the purpose of authentication.
(2 marks)

(c) Using the Vigenere cypher algorithm, encrypt the message

“COMPUTERSECURITYEXAM”. Consider your first name as the key. Show your work
step-by-step. Then, explain how we can decrypt an encrypted message by this method.
You can use the following table.
(10 marks)

Page 5 of 8
Page 6 of 8
Question 3

(a) In the context of blockchain technology, answer the following questions. Assume
each transaction contains the following information:
Sender Public key: The public key of the person who sends the money

Recipient Public key: The public key of the person who wants to receive the money

amount: The amount of the money which should be transferred by the transaction

digital signature: The hash of the previous fields signed by the private key of the sender

Transaction ID: The hash of all the previous fields

I. Explain (using a scenario or an example) why do we need at least another field

in transactions to represent the timestamp?
(3 marks)

II. Explain why do we need to the “sender public key”, to be recorded for each
transaction?
(3 marks)

III. We know that blockchains use peer to peer networks to store and distribute
transactions and blocks. Assume, Bob creates a transaction. In his transaction,
Bob wants to give $2 to Alice. To do so, Bob creates the transaction (based on
the given fields) and distributes it over the network by sending the transactions to
his neighbours. As soon as they receive the transaction, they verify and check it.
If the transaction passes all the conditions successfully, they will send it to other
neighbours and so on. Now, assume there is a malicious node in the network. As
soon as it receives the transaction, it replaces its own public address with the
recipient’s public address. Finally, it sends the tampered transaction to the
neighbours. Explain how neighbours would distinguish that this is a tampered
transaction.
(4 marks)

IV. Consider the scenario in the previous question, this time the malicious node does
not change the recipient public key, instead it only changes the amount of the
transactions, recalculates the transaction ID and replaces it with the previous one.
Explain how neighbour nodes would distinguish that this is a tampered
transaction.
(4 marks)

V. Assume Eve is a user in our blockchain and has $2. She creates 2 transactions.
In one of them, she gives $2 to Bob and in another one she gives $2 to Alice.
Then she sends simultaneously the two transactions to her neighbours (suppose

Page 7 of 8
 she sends the first transaction to half of his neighbours and also she sends the
second transaction to the second half, so no neighbour receives both at the same
time). In fact, Eve tries to double spend her money. Explain if her neighbours can
distinguish this problem? Why? In a real blockchain how is this problem detected
and if a user really tries to do this, what would happen to the transactions?
(5 marks)

(b) What is the 51% attack? How does it work?

(3 marks)

(c) Explain how does each block in a blockchain connect to its previous block.
(4 marks)

(d) In a blockchain such as Bitcoin, explain what the puzzle is, that miners try to solve?
(4 marks)

END OF PAPER

Page 8 of 8