Assignment 1
COMPSCI 316: Cyber Security
This assignment is worth ​100 marks​. The weight of this assignment is ​9.5%​ of the course.
The deadline to submit this assignment is ​Monday, September 16, 23:59 hrs NZDT​. In
case of late submission, there is a 10% penalty for each extra day. No submission will be
accepted as soon as we release the sample answers. The assignment must be submitted
through ​Canvas​. The only acceptable format is ​PDF​.


Question I. (25 marks) Data Breach. ​Identify an ​Aotearoa​ specific data breach and answer
the following questions.
1. Share the URL reporting this data breach. [2 marks]
2. Discuss the impact of this data breach. You are expected to write down a paragraph
to describe how many users got affected, the level of impact (explaining whether it
was low, medium, or high), and financial or other loss. [5 marks]
3. Explain what information was released. [5 marks]
4. Describe what was the root cause of this data breach. [5 marks]
5. As a cyber security expert, what kind of security measures would you take in order to
reduce the risk of similar data breaches in the future? The length of your explanation
should be at least 2 sentences but not more than one paragraph. [8 marks]

Question II. (25 marks) Crypto Fans.​ Consider you have to encrypt the following plaintext
(in quotes) using Vigenère cipher.
“thequickbrownfoxjumpsoverthelazydogthequickbrownfoxjumpsoverthelazydogthequickbrow
nfoxjumpsoverthelazydogthequickbrownfoxjumpsoverthelazydogthequickbrownfoxjumpsover
thelazydog”
1. Let us assume that the encryption key is the first ​two letters​ of your UPI.
a. List down the frequency* of each letter in the ciphertext. [2 marks]
b. List down the frequency* of top 10 bigrams in the ciphertext. [4 marks]
2. Let us assume that the encryption key is the first ​three letters​ of your UPI.
a. List down the frequency* of each letter in the ciphertext. [2 marks]
b. List down the frequency* of top 10 bigrams in the ciphertext. [4 marks]
*The frequency table should be in descending order, i.e., from high frequency to low
frequency.

Let us assume that you are working with RSA, where p = 31 and q = 37.
3. We know that your RSA mod is: n = pq. Compute ϕ(n). [3 marks]
4. Compute your RSA encryption key e. [3 marks]
5. Compute your RSA decryption key d. [3 marks]
6. Imagine that the ​last three digits of your UPI​ represent the message. What is the
ciphertext value if you encrypt this message using your RSA encryption key e? [4
marks]

Question III. (22 marks) TOR Performance.​ Visit ​https://www.torproject.org/download​ in
order to download and set up a TOR browser. We know that TOR enables anonymous
communication. However, this anonymity comes at a cost in terms of performance
degradation. To this end, you have to answer the following questions.
1. What was your ​IP address when you used TOR​? [1 mark]
2. Run a speed test to calculate the time taken by the ​ping request (in ms) using TOR​.
Repeat this test three times and write down those three different readings. [1.5
marks]
3. Run a speed test to calculate the ​download speed (in Mbps) using TOR​. Repeat this
test three times and write down those three different readings. [1.5 marks]
4. Run a speed test to calculate the ​upload speed (in Mbps) using TOR​. Repeat this
test three times and write down those three different readings. [1.5 marks]
5. What was your ​IP address without using TOR​? [1 mark]
6. Run a speed test to calculate the time taken by the ​ping request (in ms) without using
TOR​. Repeat this test three times and write down those three different readings. [1.5
marks]
7. Run a speed test to calculate the time taken by the ​download speed (in Mbps)
without using TOR​. Repeat this test three times and write down those three different
readings. [1.5 marks]
8. Run a speed test to calculate the time taken by the ​upload speed (in Mbps) without
using TOR​. Repeat this test three times and write down those three different
readings. [1.5 marks]
9. Compute the ​percentage overhead of the ping request​ when you used TOR
compared to the case when you did not use TOR. To compute this, you can consider
an average of three readings in each case. [2 marks]
10. Compute the ​percentage drop in the download speed​ when you used TOR compared
to the case when you did not use TOR. To compute this, you can consider an
average of three readings in each case. [2 marks]
11. Compute the ​percentage drop in the upload speed​ when you used TOR compared to
the case when you did not use TOR. To compute this, you can consider an average
of three readings in each case. [2 marks]

Visit ​https://metrics.torproject.org/torperf.html​ to know the time to download files over TOR.
You must choose both the start and end dates as follows.

The end date can be any date between when you start your assignment and when you
complete it. The start date should be the end date minus the number of days equal to the
last three digits in your UPI. Let us assume that you complete this assignment on August 30
and the last three digits of your UPI are “012”. Then, your start date should be August 18,
2019 and the end date should be August 30, 2019.

12. In the given period (i.e., between ​your start and end dates that you must write down
in your answer​), what is the maximum time taken (in the whole dataset) to download
a ​5MB file​? [5 marks]

Question IV. (28 marks) Vulnerability Analysis. ​Visit
https://cve.mitre.org/cve/search_cve_list.html​ and search a CVE ID that contains the last
three digits in your UPI. In case there is no entry for that, you can increment your UPI by 1
and repeat the process unless you find a valid CVE ID. If you find multiple CVE IDs, you can
choose one of them. For ​your CVE entry, which you must write down in your answer​, you
should be able to find its NVD entry, where you can find detailed information about the
vulnerability. Next, you must answer the following questions, where the length of your
answer should at least 2 sentences, but not more than one paragraph.
1. Explain the vulnerability in ​your own words​. [5 marks]
2. Explain why ​confidentiality score​ is low, medium, or high. [4 marks]
3. Explain why ​integrity score​ is low, medium, or high. [4 marks]
4. Explain why ​availability score​ is low, medium, or high. [4 marks]
5. Consider that you are a cyber security consultant for an organisation that is using a
product or service that can be exploited using the vulnerability in question. Discuss at
least one ​alternative product or service​ that you can suggest to your organisation. [6
marks]
6. Can this vulnerability be identified using ​static analysis or dynamic analysis​? Explain.
[5 marks]


Note. ​Sharing assignment solutions does not help learning​. Consequently, our academic
integrity policy does not permit sharing solutions or source code leading to solutions.
Violation of this will result in your assignment submission attracting no marks, and you may
face disciplinary actions in addition. Therefore, please do not share assignments,
assignment solutions and/or source code leading to assignment solutions. Do not publish or
make available your assignments or solutions in any form online, for you will be liable if
someone copies your solution. Please come talk to us if you have any doubt over what is
legit and what is not.

Do not leave your computers, devices, and belongings unattended — you must secure these
at all times to prevent anyone having access to your assignments or solutions.

For more information, see our University’s ​Student Academic Conduct Statute​.