UNIVERSITI TUNKU ABDUL RAHMAN

FACULTY OF INFORMATION AND COMMUNICATION TECHNOLOGY

ECCN1223 CYBERSECURITY
FINAL ASSIGNMENT

Instructions:

1. This is a final assignment.

2. This assignment has FOUR questions: Please complete all FOUR questions.
3. Due dates: 20 May 2025 before 4 pm.
4. This assignment is worth 50% of the total marks.
5. Guidelines for the format of the documentation:
• Headings should be capitalized, boldface, and left-aligned.
• Linespacing should be justified with a single space.
• Document texts must be in Times New Roman size 12.
• Include a page number on each page.
• Spell-check and proofread your work.
• Provide your solution file in PDF.
6. Committing plagiarism will result in an automatic failing grade.
 2

Q1. (a) Encrypt the following message with the given key using Caesar Cipher.

M = I AM BETTER IN CYBERSECURITY.
K=5 (4 marks)

(b) Decrypt the following ciphertext with the given key Caesar Cipher.

C = VHFXULWB LV JRRG
K=3 (4 marks)
 3
(c) Encipher and decipher the following words using a Keyword Cipher with the
keyword WIRELESS.

(i) RESEARCH (2 marks)

(ii) PQTELJQP (2 marks)

(d) Encipher and decipher the following words using a Keyword Mixed Cipher with
the keyword PREFERENCE.

(i) UTAR MY CHOICE (2 marks)

 4
(ii) QYPK (2 marks)

(e) Encipher and decipher the following words using a keyword Transposed Cipher
with the keyword PUTRAJAYA.

(i) FICT MY FACULTY (2 marks)

(ii) OLJAU (2 marks)

 5

(f) Encipher and decipher the following words using an Interrupted Keyword
Cipher with the keyword WIRELESS.

(i) I WILL PASS THE MARK (3 marks)

(ii) PKOFI (2 marks)

[Total : 25 marks]
 6

Q2. (a) Distinguish between Denial-of-Service Attacks (DoS) and Distributed Denial-
of-Service Attacks (DDoS) and list out any two motivations behind the attacks.
(4 marks)

Aspect DoS Attack DDoS Attack

Source Single computer Multiple systems (botnet)
Traffic Limited, from one
Massive, from many sources
Load machine
Harder to detect due to distributed
Detection Easier to detect and block
origin
Complexity Less complex More complex, harder to mitigate

Two Motivations Behind DoS/DDoS Attacks:

1. Financial Gain: To extort ransom (e.g., DDoS-for-ransom).
2. Ideological Reasons: Hacktivism or protest against an organization or
government.

(b) Explain the THREE (3) key security concepts and their levels of impact.
(7 marks)
Confidentiality:
Confidentiality ensures that sensitive information is accessible only to
authorized individuals and is protected from unauthorized access.

Integrity:
Integrity guarantees that data is accurate, consistent, and unaltered unless
modified by authorized users.

Availability:
Availability ensures that authorized users have reliable and timely access to
data and systems when needed.
 7
(c) Draw and EXPLAIN the network security model. (6 marks)

Explanation:
• Sender and Receiver: The two endpoints communicating.
• Encryption & Decryption: Protect the data in transit from
unauthorized access.
• Transmission Medium: The channel through which the data is sent
(e.g., internet).
• Security Services: Include firewalls, authentication, and intrusion
detection systems to secure communication from attacks.
The model ensures confidentiality, integrity, and authentication during data
transfer.

(d) Briefly, discuss the following terms.

(i) Plaintext (1 mark)

The original readable message or data before encryption.

(ii) Key (1 mark)

A secret value used with an algorithm to encrypt or decrypt data.

(iii) Encryption algorithm (1 mark)

A set of rules that transforms plaintext into ciphertext to prevent
unauthorized access.

(iv) Decryption algorithm (1 mark)

A set of rules that converts ciphertext back into plaintext using a key.
 8
(e) Differentiate between substitution and transposition. (4 marks)

Substitution Transposition
Replaces characters with others Rearranges the positions of characters
HELLO → LOHEL (example of
A → D, B → E, etc.
rearrangement)
Simple but vulnerable to frequency Preserves original letters, changes their
analysis order
Example: Columnar Transposition
Example: Caesar Cipher
Cipher

[Total : 25 marks]

Q3. (a) In asymmetric encryption, list and EXPLAIN TWO (2) key pairs used for
encryption and decryption. (4 marks)

Asymmetric encryption uses two keys: Public Key and Private Key.
1. Public Key

• The public key is shared openly and can be distributed to anyone.

• It is used to encrypt data or to verify a digital signature.
• Data encrypted with the public key can only be decrypted using the
corresponding private key.

2. Private Key

• The private key is kept secret by the owner and must be securely
stored.
• It is used to decrypt data encrypted with the public key, or to create
a digital signature.
• Data signed with the private key can be verified by anyone using
the corresponding public key.

(b) Alice and Bob have generated a public and private key pair. They do not know
each other’s keys yet. They want to exchange messages in M over the network.

(i) What is the procedure to exchange the message confidentiality, if only

passive attacks need to be considered? (2 marks)
• Alice encrypts the message using Bob’s public key.
• The message is sent over the network.
• Bob receives and decrypts it using his private key.
 9

(ii) What is the main threat if active attacks are possible over a network?
(2 marks)

Message Modification:
• The attacker intercepts the message, alters its content, and forwards
the modified message.

• This can lead to false information, corrupted data, or fraudulent

transactions.

(iii) Suggest TWO (2) ways to ensure public keys’ authenticity to avoid the
risk of active attacks. (2 marks)

• A fingerprint of the public key is shared over a separate, secure

channel

• The receiver compares the received fingerprint to the fingerprint of

the public key they just received.

(c) The virus has FOUR (4) phases. Briefly described the phases of the virus.
(4 marks)

Dormant Phase – The virus is idle and doesn’t perform any actions
yet.
Propagation Phase – The virus copies itself to other programs or
systems.
Triggering Phase – A condition is met to activate the payload.

Execution Phase – The payload is carried out, like deleting files or

displaying messages.
 10

Q3. (Continued)

(d) There are FOUR (4) potential types of attacks in network security. Briefly
explain the types of attacks. (4 marks)

• Passive Attack: Attacker secretly listens to data without changing it.

• Active Attack: Attacker alters or disrupts data or communication.

• Denial of Service (DoS): Attacker overwhelms a system to make it

unavailable.

• Masquerade Attack: Attacker pretends to be someone else to gain access.

(e) A firewall is designed to prevent unauthorized electronic access to a network

computer system. List out the TWO (2) types of firewalls. (2 marks)

1. Packet Filtering Firewall

2. Application-Level Gateway

(f) Ms. Ruwaida designs a new security model using an IoT application in her
hospital. After a few months, she suspects attacks on the application. As a
security manager, what kind of BLOCKCHAIN technology would you suggest
to prevent these attacks? (5 marks)

Suggested Technology: Private Permissioned Blockchain

Reason:

• It restricts access to trusted participants only (like hospital staff and

authorized devices).

• Provides better control, privacy, and security for sensitive healthcare data.

• Helps detect and prevent unauthorized tampering or attacks by maintaining a

transparent, immutable record of all transactions

[Total : 25 marks]
 11

Q4. (a) Give SIX (6) reasons to conduct computer forensics. (6 marks)

1. Investigate Cybercrimes – To find evidence of hacking, fraud, or

unauthorized access.
2. Recover Lost Data – To retrieve accidentally deleted or corrupted files.
3. Legal Evidence – To collect and preserve digital evidence for court cases.
4. Identify Security Breaches – To determine how and when a security incident
occurred.
5. Prevent Future Attacks – To analyse attack methods and improve security
measures.
6. Internal Investigations – To investigate employee misconduct or policy
violations.

(b) Describe FOUR (4) types of evidence in computer forensics. (8 marks)

Digital Documents and Files:

• Emails, text files, documents, images, and spreadsheets stored on devices.

Logs and Audit Trails:

• Records of system activity, user actions, and network connections.

Multimedia Evidence:

• Audio, video, and photos captured or stored on digital devices.

Metadata:

• Data about data, such as timestamps, file creation/modification details, and

access history.
 12
(c) If evidence is used in court proceedings or actions that could be challenged
legally, the evidence must meet certain standards. Identify these THREE (3)
standards of evidence. (6 marks)

• Authenticity – Proof that the evidence is genuine and has not been altered.

• Integrity – Assurance that the evidence has been preserved without

tampering.

• Admissibility – The evidence must be relevant and legally acceptable in

court.

(d) Assume you are a Police Forensic Investigator investigating a homicide case.
You receive a desktop computer as one of the pieces of evidence. You suspect
some of the files in the computer had been deleted. Have the files really been
deleted? Justify your answer. (5 marks)

When files are “deleted” from a computer, they are often not completely
removed immediately. Instead, the system usually just marks the space
occupied by those files as available for new data, but the actual file data
remains on the storage until overwritten.

So, the files may still be recoverable using forensic tools because:

• Deleted files are often just hidden from the user interface.
• The data remains physically on the disk until new data overwrites it.
• Forensic recovery software can scan the disk to find and restore these
files.

[Total : 25 marks]