T215B
Communication and Information Technologies (II)
Final Examination
Version 1 – Answer Key
Spring – 2012/2013
Day and Date
(3) Hours / Time Allowed: / ( ) / Number of Exam Pages:
(Including this cover sheet)
Instructions:
Part I: Short Questions & Problems (50 marks)
This part consists of 12 questions carrying a WEIGHT OF 5 marks each. You must answer ONLY 10 of these questions. You are advised to dedicate approximately 90 minutes to this part
1) In implementing an electronic voting system, the privacy of the ballot and the issue of “prying” is crucial in democratic elections. List three of such issues.
• So who would supply the voting computers?
• Who would program and maintain them?
• How would we check they are programmed fairly and without errors?
• What would we do if they break down during an election? How can they be kept secure and how can we be sure they have not been compromised?
• How can we check they have provided the correct result? Will people be prepared to use them?
2) The ability to intrude into an individual’s life using information found solely online is unprecedented and is a relatively recent phenomenon. What has changed in the recent years to make this happen?
• The rise of Web 2.0. Companies such as MySpace, Facebook, blogging sites, YouTube and Friends Reunited began to emerge.
• This new wave differs from the first-generation Web 1.0 companies (Amazon, eBay and Egg) by being driven primarily by user generated content.
• This means that the bulk of the content that makes up a Web 2.0 website is contributed by its individual users rather than the company itself.
3) Mention five of the UK government’s large-scale electronic databases.
• electoral registers
• birth
• marriage and death registers
• planning applications
• National Health Service
4) In your study of fingerprints, you have met the term minutia. What is minutia? Mention three types of minutia.
• Minutia is the point where a ridge line is discontinuous.
• Many types of minutiae can be identified from fingerprints, but the most common ones are termination, bifurcation, lake, independent ridge, island or point, spur and crossover.
5) When money changes hands over public communication networks, such as the internet, it is important that the communication can be kept private. This can be achieved with the use of different protocols. Mention three of them.
• Internet Protocol Security (IPsec)
• Transport Layer Security (TLS)
• and Secure Sockets Layer (SSL)
6) Electronic funds transfer (EFT) is a generic term that is used to describe financial transactions carried out by computer-based systems. This includes a wide variety of possible transactions. Mention three of them.
• use of payment cards (debit or credit card) to purchase goods or services
• authorisation of the electronic payment of bills using an online bank
• direct debit payments from customers’ accounts to service providers such as utility companies
• payment of salaries by an employer into an employee’s account
• transfer of funds to and from accounts in different countries.
7) Why payment card PINs are often just four decimal numbers long, whereas passwords for other purposes are often required to be longer?
A four-digit PIN is relatively easy to remember. A PIN is normally used as ‘something you know’ accompanied by ‘something you have’ – a payment card. A password is often used in isolation as ‘something you know’. Two-factor authentication is inherently stronger than single-factor authentication, so a short PIN is adequate. Also, when entering a PIN we are normally restricted to perhaps three attempts before the account is blocked by the bank.
8) From your study of “Money in Plastic”, what threats to SDA card security could arise that would be unlikely to arise with DDA?
· The signed data that was written into an SDA memory by an issuing bank doesn’t change with time, so there is a danger it could be captured ‘wholesale’ and used to create cloned cards by writing it into other smart cards.
· Captured data could alternatively be used to create fake magnetic stripe cards usable in some countries or regions where they continue to be accepted.
· A DDA card could not be used in this way because the DDA process requires a valid card response to a unique challenge sent by the terminal.
· To create a valid response to such a challenge requires the use of the card’s private key which is stored in a secure memory location.
9) You have studied some methods and strategies that are employed by those with malicious or criminal intent. One of these methods is “Phishing”. Briefly describe this method.
Phishing: is where potential victims are lured into following links to fake websites where they are encouraged to reveal personal details or information such as passwords, PINs or security codes, which fraudsters subsequently use.
10) A tuning fork has a frequency of 384 Hz. Find the wavelength of this sound, given that the speed of sound is 340 metres per second.
Using λ = v/f = the wavelength in metres is 340÷384 = 0.885 metre.
11) The process of analogue-to-digital conversion involves in most cases of two basic stages: sampling, and quantisation. Give a brief explanation of each stage.
• Sampling: to measure the instantaneous amplitude of the analogue sound signal at regular intervals. This results in a set of voltage levels which represent the sound signal’s level at the instants the samples were taken.
• Quantisation: to divide the maximum voltage range of the analogue sound signal into a number of discrete voltage bands (usually each band has the same size, but this may not always be the case). Each band is now represented by a number. So as the sound samples come along, each is assimilated into a voltage band and therefore given the number which represents this band. The result is a string of numbers at regular intervals, where each number represents a particular voltage level of the sound signal at one instant.
12) As long as the sound stays in a digital form, any sort of processing of the sound is simply a matter of ‘number crunching’. “Echo” and “Chorus” are two kinds of such processes. Give a brief definition of each.
Echo is the process whereby a delayed version of the sound is added to the un-delayed sound. Chorus is an effect only heard with music, and occurs when a number of similar instruments or voices play/sing the same tune together.
Part III: Long Questions & Problems (50 marks)
This part consists of 7 parts carrying different WEIGHTS that are shown in front of each one. You must answer all the problems. You are advised to dedicate approximately 90 minutes to this part
13) What is the period, frequency, amplitude and the peak-to-peak amplitude of the pressure variation represented by the graph below? Consider that each square in the vertical direction represents one unit. (4 marks)
Period = 1 second. Frequency = 1/1 = 1 Hz.
Amplitude = 7 units è peak-to-peak amplitude = 14 units.
14) The architecture of biometric systems consists of five different components. One of these components is the feature extractor. Explain the function of this component. (8 marks)
• Feature extractor:
• Takes the raw data from the sensors as an input, extracts from it the key features and converts them into a digital representation called a template.
• can be seen as a form of non-reversible compression
• It significantly reduces the complexity of the original biometric sample, decreases the resources required to store and process the biometric and prevents the original biometric data from being reconstructed from the template.
• Some systems further process the templates by incorporating encryption so that the data is better protected.
15) You have studied two main sensor types for fingerprints scanning: optical and solid state. Discuss the solid-state sensor by explaining the main idea behind its technology and how it functions. (8 marks)
· Solid-state sensors were originally designed with the aim of reducing the physical size and cost of the sensors.
· The idea was to build an all-in-one silicon chip with a two-dimensional sensory array placed directly on the chip.
· When providing a fingerprint image, users touch the sensing surface of the chip directly.
· Instead of converting optical patterns to electrical signals, solid-state sensors convert thermal, capacitive, piezoelectric or electric field information to electrical signals.
· Capacitive sensors are the most common type employed, because of their simplicity and low cost.
16) Two fingerprint images are to be matched using the minutiae-based matching methods. Assume there are only 10 minutiae in each image. After the images are translated and superimposed, 10 minutiae pairs are identified and their differences are evaluated. Table below shows the differences of the minutiae pairs. (8 marks)
Table 1. Differences of the minutiae pairs
Pair number / 1 / 2 / 3 / 4 / 5 / 6 / 7 / 8 / 9 / 10Difference / 0.12 / 0.01 / 0.03 / 0.02 / 0.00 / 0.02 / 0.04 / 0.03 / 0.01 / 0.04
(a) Assume the threshold is set to 80%, which means that the two fingerprints will be considered as a match only if the differences of at least 8 out of the 10 pairs are at or below the acceptable difference. Also assume the acceptable difference is set to 0.05. Will the two fingerprints be considered a match?
(b) If the threshold is now raised to 90% and the acceptable difference is lowered to 0.03, what happens to the match result?
(a) The two fingerprints will be considered a match because only pair number 1 is greater than the acceptable difference (0.05) and the differences of the other nine pairs are within the acceptable level. è Thus 90% are acceptable, which is over the 80% threshold.
(b) After the threshold is raised and the acceptable difference is lowered, the two fingerprints are no longer considered a match. This is because pairs number 1, 7 and 10 are not within the acceptable difference (0.03) and so the differences of only 7 out of 10 pairs are within the acceptable level.
è This is 70%, which is below the new 90% threshold.
17) How many bytes are needed to store a single video frame with a RGB24 colour model, and a frame size of 1600 × 1200 pixels? (Express your answer in bytes rather than in kilobytes or megabytes.) At 24 frames per second what is the data rate that will have to be handled by the video player software? (Express your answer in megabytes per second.) (6 marks)
The RGB24 colour model allocates 24 bits, or 3 bytes, to determine the colour of each pixel. There are 1600×1200 pixels per frame giving a total of: 3×1600×1200 = 5 760 000 bytes.
In 1 second, 24 frames will be processed. The number of bytes per second is therefore:
24×5 760 000 = 138 240 000 bytes per second = 138.24 megabytes per second.
18) From your study of “Money in Plastic”, you there are several EMV chip and PIN variants. One of them is the DDA (Dynamic Data Authentication). Describe this kind of cards. (8 marks)
• A DDA transaction involves not only static data as stored on an SDA card, but also dynamic data used in a challenge–response interaction.
• The integrated circuit chip on a DDA card includes a co-processor that can carry out cryptographic processes on the card.
• The card uses this capability to respond to a challenge initiated by the terminal.
• The challenge is in the form of a message sent by the terminal to the card.
• The message incorporates unpredictable data (such as that derived from the particular transaction being undertaken).
• The card responds to the challenge it receives by returning the challenge data to the terminal encrypted with its own private key.
• If the decrypted response received from the card matches the terminal’s original copy of the challenge data, the card is (dynamically) authenticated to the terminal.
• The DDA card authentication process allows a card to be authenticated offline.
• However, a bank will still periodically force transactions to be completed online to allow it to monitor and control account activity as needed.
• By monitoring account activity, a bank can also institute other risk management policies.
• Aspects of account activity that may give rise to concern include unusual changes in the frequency, amount and locations of transactions.
19) The basic function of a microphone is to convert the variations in air pressure that form sound waves into equivalent variations in electrical voltage. There are three main ways of doing this; one of them is by using “electromagnetic induction.” Explain this method and use schematic diagram to explain your idea. (8 marks)
• Electromagnetic induction is a physical effect whereby if an electrical conductor is moved in a magnetic field, it has an electrical voltage induced in it.
• A microphone that uses electromagnetic induction is called a moving-coil or dynamic microphone.
• The diaphragm is a lightweight and flexibly suspended membrane.
• When sound waves reach the diaphragm, they cause it to vibrate in sympathy with the pressure variations.
• Due to electromagnetic induction, this induces a similar voltage variation across the ends of the coil which is suspended in a strong magnetic field, and to which the diaphragm is attached.
• The small induced voltage can then be amplified to produce a more usable electrical signal.
Spring 2012/2013 1 Final Exam