a.

A Hash function is a fundamental tool used in cryptography to ensure data integrity, secure
information, and facilitate efficient data management.
i. What is a Hash Function?
ii. Mention any Two(2) popular examples of Hash Functions.

b. Cryptography Algorithms are essential tools used in the field of cryptography to secure
information by transforming it into a format that is unreadable to unauthorized users.
i. Mention any Two(2) examples of Public Cryptography Algorithms
ii. What are Proprietary Cryptography Algorithms?

c. Malware may use stealthy tactics to escape or delay detection. Write a short note on the
stealthy
modes of the following malwares and give relevant example(s) of each.
i. Trojan Horse
ii. Backdoors
iii. Rootkits

d. You are a senior computer security engineer at WizSec Solutions, specializing in

cybersecurity
for large corporations. One of your clients, Globank Finance, a multinational financial institution,
aims to enhance remote access security due to rising cyberattacks on sensitive data. They are
considering a Remote Biometric Authentication system for both employees and customers.
Globank Finance's diverse user base includes worldwide employees and customers using
various devices. They plan to implement fingerprint and facial recognition for remote
authentication. As the lead engineer, you need to evaluate the feasibility and security of this
system.
i. What is Biometric Authentication?
ii. Gives reasons why Biometrics is not feasible for Remote Authentication

SOLUTION
a. Hash Functions
i. What is a Hash Function?
A hash function is a mathematical algorithm that takes an input (or message) of arbitrary size
and produces a fixed-size string of characters, called a hash value, hash code, or digest. Hash
functions are designed to be one-way functions, meaning it should be computationally
infeasible to reverse the process and determine the original input from the hash output. They
exhibit the avalanche effect, where even a small change in the input produces a dramatically
different hash value. Hash functions are deterministic, meaning the same input will always
produce the same hash output, and they should be collision-resistant, making it extremely
difficult to find two different inputs that produce the same hash value.

ii. Two Popular Examples of Hash Functions

1. SHA-256 (Secure Hash Algorithm 256-bit): Part of the SHA-2 family, SHA-256 produces a
256-bit (32-byte) hash value and is widely used in blockchain technology, digital certificates,
and password storage. It's considered cryptographically secure and is used in Bitcoin
mining.
2. MD5 (Message Digest 5): Produces a 128-bit (16-byte) hash value and was once widely
used for checksums and data integrity verification. However, MD5 is now considered
cryptographically broken due to collision vulnerabilities and is no longer recommended for
security-critical applications.

b. Cryptography Algorithms
i. Two Examples of Public Cryptography Algorithms
1. RSA (Rivest-Shamir-Adleman): An asymmetric encryption algorithm that uses a pair of
keys (public and private) for encryption and decryption. RSA is widely used for secure data
transmission, digital signatures, and key exchange protocols in SSL/TLS communications.
2. AES (Advanced Encryption Standard): A symmetric encryption algorithm that uses the
same key for both encryption and decryption. AES supports key sizes of 128, 192, and 256
bits and is the current standard for encrypting sensitive data in government and commercial
applications.

ii. What are Proprietary Cryptography Algorithms?

Proprietary cryptography algorithms are encryption methods developed by private companies or
organizations that are not publicly disclosed or standardized. These algorithms keep their
implementation details, mathematical foundations, and source code secret, relying on security
through obscurity. Examples include algorithms developed by specific vendors for their
products, such as certain hardware encryption chips or specialized security appliances. While
proprietary algorithms may offer some protection against casual attacks, they are generally
considered less secure than public algorithms because they haven't undergone extensive peer
review and cryptanalytic scrutiny. The cryptographic community typically favors open algorithms
that have been thoroughly tested and validated by researchers worldwide.

c. Stealthy Malware Modes

i. Trojan Horse
Stealthy Modes: Trojan horses employ deceptive tactics by masquerading as legitimate, useful
software while secretly containing malicious code. They often use social engineering to
convince users to voluntarily install them, appearing as games, utilities, or productivity software.
Advanced trojans use code obfuscation, polymorphic techniques, and anti-analysis methods to
evade detection by security software.

Examples:

Zeus Banking Trojan: Disguised as legitimate financial software or delivered through

infected email attachments, it steals banking credentials and financial information.
Emotet: Initially spread through malicious email attachments appearing as invoices or
documents, it acts as a loader for other malware while appearing to be legitimate business
correspondence.

ii. Backdoors
Stealthy Modes: Backdoors maintain persistent, covert access to systems by creating hidden
entry points that bypass normal authentication mechanisms. They often use encrypted
communication channels, operate during low-activity periods, and mimic legitimate network
traffic to avoid detection. Some backdoors integrate with legitimate system processes or use
legitimate remote access tools to blend in with normal operations.

Examples:

Gh0st RAT: Uses custom encryption and hides its presence by injecting into legitimate
processes, allowing remote attackers to control infected systems while appearing as normal
system activity.
Carbanak: Used by the APT group of the same name, it establishes backdoors in financial
institutions' networks, using legitimate administrative tools and mimicking normal network
traffic to steal hundreds of millions of dollars.

iii. Rootkits
Stealthy Modes: Rootkits operate at the deepest levels of the operating system, often at the
kernel level, to hide their presence and activities from both users and security software. They
intercept and modify system calls, hide files and processes, and can even operate below the
operating system level in firmware or hardware. They use techniques like direct kernel object
manipulation (DKOM) and hooking to remain undetected.

Examples:

Stuxnet: Contains rootkit components that hide its presence at the driver level, making it
nearly impossible to detect while it targets industrial control systems.
 Sony BMG Rootkit: Installed automatically when users played certain audio CDs, it hid
deep in the system to prevent removal while monitoring user activities and creating security
vulnerabilities.

d. Remote Biometric Authentication Analysis

i. What is Biometric Authentication?
Biometric authentication is a security verification method that uses unique biological or
behavioral characteristics to confirm an individual's identity. This authentication approach relies
on measurable physical traits such as fingerprints, facial features, iris patterns, voice patterns,
or behavioral characteristics like typing patterns or gait recognition. Biometric systems capture
these characteristics, create digital templates, and compare them against stored reference
templates to grant or deny access. The technology offers the advantage of being inherently tied
to the individual, making it difficult to forge, steal, or share compared to traditional passwords or
tokens.

ii. Reasons Why Biometrics is Not Feasible for Remote

Authentication
1. Vulnerability to Spoofing and Presentation Attacks Remote biometric systems cannot
effectively detect fake biometric samples such as high-resolution photographs for facial
recognition, silicone fingerprints, or recorded voice samples. Without physical presence
verification and liveness detection capabilities, attackers can easily bypass authentication using
readily available biometric data from social media or previous breaches.

2. Device Dependency and Quality Variations The effectiveness of biometric authentication

heavily depends on the quality and consistency of capture devices. Globank's diverse user
base would use various smartphones, tablets, and computers with different camera resolutions,
sensor qualities, and lighting conditions. This variation leads to inconsistent authentication
results, high false rejection rates for legitimate users, and potential security gaps when the
system compensates by lowering security thresholds.

3. Privacy and Data Protection Concerns Biometric data transmission over networks creates
significant privacy risks, as this information cannot be changed if compromised. Unlike
passwords, fingerprints and facial features are permanent identifiers that, once stolen, cannot
be reset. Remote transmission increases the risk of interception, and storing biometric
templates creates attractive targets for cybercriminals.

4. Environmental and Contextual Limitations Remote environments cannot be controlled for

optimal biometric capture. Factors such as lighting conditions, background noise, user
positioning, and environmental interference can significantly impact authentication accuracy.
Additionally, users may have temporary or permanent changes to their biometric characteristics
(injuries, aging, medical conditions) that affect system reliability.

5. Lack of Multi-Factor Integration Remote biometric authentication alone provides only

single-factor authentication, which is insufficient for high-security financial applications. The
absence of additional factors like physical tokens or location verification creates security
vulnerabilities that sophisticated attackers can exploit.

Recommendation: For Globank Finance, a more secure approach would involve implementing
a robust multi-factor authentication system combining something the user knows
(password/PIN), something they have (mobile device/token), and contextual factors (location,
device fingerprinting) rather than relying solely on remote biometric authentication.