IPSec 

a) Describe the process of the Diffie-Hellman Key Exchange protocol. What kind of attacks does it face? How to fix it to make it secure? (8 marks)

b) The Internet Security Protocol (IPSec) is widely used to secure the cloud network. IPSec can be implemented in a host-to-host transport mode as well as a network tunneling mode. Compare transport mode and tunnel mode.  (6 marks)

Somebody created a modified Kerberos protocol. The figure below shows the exchange between Client and Service Server of the modified protocol (other parts as discussed in lecture are not shown here).

a) Explain one attack that may be applied specifically against this modified Kerberos protocol exchange shown below. (4 marks)

b) Explain how to fix the security issue in the modified Kerberos protocol. Your solution must be justified and refer to details of the protocol. (6 marks)

c) Discuss a practical requirement for this fix to work. (3 marks)

This question is related to encryption modes.

a) Explain why choosing a proper encryption mode is very important even when using a symmetric block cipher that is secure, such as AES. (4 marks)

b) Describe a secure encryption mode that solves the problem and is efficient because it allows encrypting/decrypting blocks in parallel. (8 marks)

Below are questions on the Windows System Administration. 

a) What is needed for a user to become a data recovery agent?  (4 marks)

b) Why is it important to use Encrypting File System (EFS)?  (4 marks)

c) If a file with important information is encrypted under EFS, but the creator has left the company. Is it possible to recover the encrypted data? If so, how? If not, why?  (6 marks)

Design a two-factor

authentication system. Explain why it is securer than the traditional

password-based authentication.  

This question is about password security.

a) Explain why many services and organisations require users to include numbers and special characters in passwords. (3 marks)

b) Assuming all users would choose random bit-strings as passwords (i.e. random passwords randomly generated by a password safe), discuss whether the mandatory inclusion of numbers and special characters increases security or not. Marks will only be given for a correct discussion and not for yes/no answers. (4 marks)

c) Proof your point from b) mathematically under the following simple assumptions: passwords must be exactly 10 characters long where each character is encoded as 1 byte, all 256 possible character values are accepted in passwords, and the password policy is that one of these characters must be a digit (0-9). (5 marks) 

Where is an IPS commonly placed in a network?

What type of the

access control system uses predefined rules and does not have the concept of a

resource owner?

The AES uses a ____________ bit block size and a key size of __________ bits.

The Diffie-Hellman key exchange protocol is vulnerable to _________.