1 / 13

COSC2536/2537 Security in Computing and Information Technology

If you are searching for Computer Science Assignment Help. EssayCorp Offer exceptional computer science assignment help and writing services at the best price. We providing top quality assignment help in AUS, UK, USA. 100 % Trusted & Secure. Book your Computer Science Assignment at 1 (205) 900-6105.<br>https://www.essaycorp.com.au/computer-science-assignment-help

william51
Download Presentation

COSC2536/2537 Security in Computing and Information Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. , School of Science COSC2536/2537 Security in Computing and Information Technology Assignment 2 Assessment Type:Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment 2. Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via announcements/relevant discussion forums. Due date:Week 12, Sunday the 20th October 2019 11:59pm Deadlines will not be advanced, but they may be extended. Please check Canvas→Syllabus or via Canvas→Assignments→Assignment 2 for the most up to date information. As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per each working day applies for up to 5 working days late, unless special consideration has been granted. Weighting: 35 marks (Contributes 35% of the total Grade) 1. Overview The objective of Assignment 2 is evaluating your knowledge on the topics covered mainly in Lecture 5 to 10. Topics include Privacy-preserving computations based on RSA, ElGamal and Paillier Cryptosystems; Digital Signature, Blockchain and Cryptocurrency, Digital Authentication & Security Protocols, and Digital Authorization and Intrusion Detection. However, topics covered in Lecture 1 to 10 are required as prerequisite. Assignment-2 will focus on developing your abilities in application of knowledge, critical analysis and decision making. Assignment 2 contains several problems related to the topics mentioned above. You are required to prepare your answers and upload them as a single PDF or Word document in CANVAS. In this assignment, there are 5 (five) questions in total. Question 1 is on Privacy Preserving Online Voting System. The system uses privacy preserving computation technique for computing votes. The term privacy preserving computation is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. Recently, several controversies have been observed in the voting around the world. Using privacy preserving online voting system removes controversy in a voting system. In question Q1, you are expected to apply your understanding of privacy preserving computation in the context of electronic voting (E-Voting). Question 2 is about the application of Digital Signature Schemes. Question 2 has 3(three) parts. In the first part, you are expected to demonstrate your understanding of the RSA Encryption algorithm based digital signature scheme for numeric message. In the second part, you are expected to demonstrate your understanding of the ElGamal Encryption algorithm based digital signature scheme for numeric message. In the third part, you are expected to demonstrate Page 1 of 13

  2. , your understanding of the RSA Encryption algorithm based digital signature scheme for text message. For part 1 to 3 of Question 2, values of required parameters are provided including the plaintext or message M and you should demonstrate the key generation, signing and verification processes with detail computations and brief explanations. Marks will be deducted if you fail to show the detail computation correctly, skip the computation steps, or do not provide explanations. Recently, many intruders have stolen highly sensitive files from various organizations and given them to Wikileaks for online publications. Many government agencies including CIA and FBI are among the victims as they didn’t share files in a secure manner. The objective of Question 3 is to demonstrate secure file sharing on a distributed file sharing platform like IPFS using openssl tool. Question 3 is related to OpenSSL and IPFS. In this question, you are expected to demonstrate required OpenSSL and IPFS commands for a given scenario. Additionally, you must provide screenshots of the outcomes for commands. Marks will be deducted if you fail to show the commands correctly, skip any command, or do not provide screenshots. Question 4 is on report writing on Blockchain or implementation of a secure system. In this question, there are 4 (four) options: Q4.1, Q4.2, Q4.3 and Q4.4. You need to choose any 1 among the three options. The first option Q4.1 is on report writing and the rest three options, Q4.2, Q4.3 and Q4.4, are about implementation. If you select Q4.1, you are expected to demonstrate your understanding of the Blockchain and cryptocurrency and choose a system where Blockchain Technology can be applied. Then, you should write a well-organized report on how the Blockchain Technology can impact your chosen system. We are looking for interesting and innovative system design in the report. The report should be appended in the same document where you write the answers for other questions. If you select Q4.2, you are expected to implement a simple blockchain system with a new idea. You are free to choose any system. If you select Q4.3, you are expected to implement a privacy preserving online voting system stated in Q1. If you select Q4.4, you are expected to implement a secure IPFS-based file sharing system stated in Q3. If you choose either Q4.2, Q4.3 or Q4.4, you should demonstrate your implementation to the lecturer or head tutor in Week-11. Additionally, you should upload the code and short documentation on CANVAS. Question 5 is related to analyzing the security of authentication protocols. Your answer should contain both diagram and explanation. Marks will be deducted if you fail to provide diagram and explanation correctly, skip the diagram, or do not provide explanations. Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to start preparing your answers immediately after Lecture-5 (in Week-5). At the end of each week starting from Week-5 to Week-10, you should be able to solve at least one question. If there are questions, you must ask via the relevant Canvas discussion forums in a general manner. Overall, you must follow the special instructions below: • You must use the values provided in the questions. Page 2 of 13

  3. , • Hand-written answers are not allowed and will not be assessed. Compose your answers using any word processing software (e.g. MS Word). • You are required to show all of the steps and intermediate results for each question. • Please DO NOT provide codes as an answer. Only codes will not be assessed. • Upload your solution as a single PDF or Word document in CANVAS. 2. Assessment Criteria This assessment will determine your ability to: • Follow requirements provided in this document and in the lessons. • Independently solve a problem by using cryptography and cryptanalysis concepts taught over the last six weeks from fifth to tenth weeks of the course. • Meeting deadlines. 3. Learning Outcomes This assessment is relevant to the following Learning Outcomes: • understand applications of privacy preserving computation techniques, digital signatures and data hiding techniques. • develop privacy preserving applications and libraries using any programming language of your choice. • understand the life cycle and design principles of Blockchain and Cryptocurrency applications. • analyze the strength and limitations of security protocols. • design new security mechanisms and protocols for any small and large-scale applications. • Implementing a simple secure system • Critically analyze and evaluate the security of computing and IT systems on a practical level and privacy related issues in computing. 4. Assessment details Please ensure that you have read Section 1 to 3 of this document before going further. Assessment details (i.e. question Q1 to Q6) are provided in the next page. Page 3 of 13

  4. , Q1. Privacy Preserving Online Voting System (Marks: 6) Recently, several controversies have been observed in the voting around the world. The voting authority cannot be trusted completely as it can be biased. Using privacy preserving online voting system removes controversy in voting system. In this privacy preserving online voting system, voters encrypt their votes in the voting booth before sending them to the voting authority. A voting server computes an encrypted result on behalf of the voting booth as the voting booth does not have enough computation power. The encrypted result is sent to the voting authority who determines the winner based on encrypted votes. Suppose there are 7 voters to vote for YES or NO to give their opinions. There is a voting authority (VA) who determines the winner. Design a secure voting prototype as shown in Figure-Q1 using Paillier cryptosystem where the votes must be encrypted from Voting Booth before sending them to the Voting Server. Figure-Q1: Secure voting system Assume, three voters will vote for YES and four voters will vote for NO. The Voting Authority should find three YESs and four NOs after counting the votes. The Voting Authority chooses p=89, q=53 and select g=8537. The private numbers chosen by 7 voters and their votes are as follows: Voter No. 1 2 3 4 5 6 7 Voter’s Private Number, r Vote Voting message, m 001000 = 8 001000 = 8 001000 = 8 000001 = 1 000001 = 1 000001 = 1 000001 = 1 71 72 73 74 75 76 77 YES YES YES NO NO NO NO Show the encryption, homomorphic computationsand decryption processes. Page 4 of 13

  5. , [Hints: Refer to the lecture-5 Secure e-voting example. You need to represent the total number of votes by 6-bit string. The first 3 (three) bits should represent the votes for YES and the rests for NO. When adding a vote for YES, the system adds 001000, which is 8 in integer. Similarly, the system adds 000001 when voting for NO, which is 1 in the integer form.] Q2. Digital Signatures (Marks: 2+2+3 = 7) Suppose Bob and Alice, two business partners, use their smart phones to communicate with each other regarding their business decisions. Hence, their messages are very sensitive and require to be authenticated. Otherwise, an attacker, say one of their business rivals, may perform phone number porting fraud attack. In this attack, the attacker may use another SIM card to port Alice or Bob’s phone number for pretending as Alice or Bob, respectively. Therefore, BoB and Alice uses digital signature scheme in their smart phone to sign messages for ensuring authenticity. The working procedure of the digital signature is illustrated in FigureQ2. Signing with Bob’s private-key Message Signed Message Bob (Sender) Verification Verification with Bob’s public-key Verified Message Alice (Receiver) Answer Q2.1, Q2.2 and Q2.3 using the scenario mentioned above. (Marks: 2) Q2.1 [RSA Signature Scheme] Suppose Bob (the sender) wants to send a message m=123456 to Alice (the receiver). However, before sending the message he would like to sign the message. When Alice receives the signed message, she would like to verify that the message is indeed from Bob. To facilitate signing and verification Bob generates public and private keys using RSA encryption algorithm and sends the public key to Alice. Bob uses parameter p = 5563 and q = 3821, and chooses a suitable public key parameter e=9623. How would Bob sign message m=123456? How would Alice verify the signed message from Bob? [Hints: Refer to the lecture-6 and tutorial-6. You do not need to generate hash of the message m.] (Marks: 2) Q2.2 [ElGamal Signature Scheme] Suppose Bob (the sender) wants to send a message m=4567 to Alice (the receiver). However, before sending the message he would like sign the message. When Alice receives the signed message, she would like to verify that the message is indeed from Bob. To facilitate signing and verification Bob generates public and private keys using ElGamal encryption algorithm and sends the public key to Alice. Bob chooses p=7331, g=3411, x=41. How would Bob sign message m=4567? How would Alice verify the signed message from Bob? [Hints: Refer to the lecture-6 and tutorial-6. You do not need to generate hash of the message m.] Page 5 of 13

  6. , (Marks: 3) Q2.3 [RSA Signature Scheme for Text Message] Suppose Bob (the sender) wants to send a large text message Mto Alice (the receiver). You should download the text message file “Message.txt” from the CANVAS. The text message M is as follows: Cryptocurrencies continue to grow in price and size. Knowledge about Bitcoin, Litecoin, Ethereum, and others has spread through the entire world. Cryptocurrencies are providing such features and tools that simplify our lives. They are changing the way things work. Some people fear the changes. But changes are not always bad. Cryptocurrencies are modifying our lives, and the way industries develop. There’s no doubt that cryptocurrencies are disrupting and affecting the global economy in many ways. Before sending the message, Bob generates a hash h(M) of the text message M using MD5 hash algorithm, and converts h(M) into integer message m.Then, he signs the m and sends it to Alice. When Alice receives the signed message, she would like to verify that the message is indeed from Bob. To facilitate signing and verification Bob generates public and private keys using RSA encryption algorithm and sends the public key to Alice. Bob uses the following parameters: p = 278966591577398076867954212605012776073 q = 467207331195239613378791200749462989467 Bob chooses a suitable public key parameter e=41. How would Bob sign message M? How would Alice verify the signed message from Bob? [Hints: Refer to the “Running Example of RSA Signature for Text Message” of lecture-6. The document can be found here: https://rmit.instructure.com/courses/46189/files/3608593/download?wrap=1 Use the following links: For generating MD5 hash: http://www.miraclesalad.com/webtools/md5.php For converting hexadecimal to decimal: https://www.mobilefish.com/services/big_number/big_number.php ] Q3. OpenSSL and IPFS (Marks: 4) Assume that an owner of a particular file, say Alice, wants to share the file to her colleague, say Bob.In other words, Alice is the sender and Bob is the receiver. They use an IPFS based file repository and OpenSSL for providing security. Alice and Bob perform several operations using OpenSSL and IPFS to ensure secure file sharing. Throughout the processes, AES symmetric-key and RSA public-key encryption algorithms of OpenSSL are used. You should choose your own file (e.g. a text file with your student number and name) and AES encryption key (e.g. 123456789). The scenario is illustrated in the Figure-Q3 below. You are expected to show the required OpenSSL and IPFS commands sequentially for each step stated below. Please provide screenshot of the outcome for each command. The steps are stated as follows: I. Bob generates RSA public and private key pair for himself using OpenSSL. Bob sends his public key to Alice via email. Page 6 of 13

  7. , II. Alice selects a shared AESsecret key(KAB= 123456789). Next, Alice encrypts the file with Alice and Bob’s shared AESsecret key(KAB) using OpenSSL and generates a ciphertext file (say, the file name is “ciphertext.txt”). III. Alice uploads the encrypted file in the IPFS-based repository and receives a Unique Identifier(UI). IV. Alice encrypts KABwith Bob’s RSA public key using OpenSSL and gets a ciphertext file (say, the file name is “encrypte-key.txt”). V. Alice sends UI and “encrypted-key.txt” to Bob through email. VI. Upon receiving them, Bob decrypts “encrypte-key.txt” using OpenSSL with his RSA private-key and retrieves the shared AESsecret key(KAB). VII. Bob uses Unique Identifier(UI) to download the file from IPFS-based repository with IPFS commands. VIII. Upon receiving the file from IPFS network, Bob decrypts the downloaded file from IPFS network using the shared AESsecret key(KAB). [Hints: Use the commands of OpenSSL that are discussed in Lecture-2,4 and IPFS commands that are discussed in Lecture-7]. Figure Q3: IPFS based encrypted file sharing Page 7 of 13

  8. , Q4. Report Writing or Implementation (Marks: 15) Answer Any 1 from Q4.1, Q4.2, Q4.3 and Q4.4 Q4.1 [Writing Report on Blockchain] Choose a system where Blockchain Technology can be applied. Write a well-organizedreport on how the Blockchain Technology can impact your chosen system. You may consider the followings scenarios to prepare your report: • Blockchain based Financial System • Blockchain based Real Estate Management Systems • Blockchain based Healthcare • Blockchain based smart city • Blockchain based smart manufacturing • Blockchain based supply-chain • Blockchain based E-Commerce • Blockchain based IoT applications In this report, you expected to provide necessary background of the system you choose and the blockchain (Marks: 15) technology. Presenting an innovative scenario is highly appreciated. Most importantly, a detail system design should be presented. Q4.2 [Implementing a Blockchain System] (Marks: 15) In this question, you are expected to implement a blockchain system a scenario stated in Q4.1. You are allowed touse any programming language or scripting language such as Java, PHP, Python, JavaScript, etc. Your implementation must have a good graphical user interface (GUI).Upon completion of the implementation, you are expected to: Demonstrate your work to the lecturer or head tutor in Week-11 & 12 tutorials I. Create a short report containing the implementation details and userinstructions II. Upload your code and report III. Q4.3 [Implementing a Privacy-preserving Online Voting System] (Marks: 15) In this question, you are expected to implement an online voting system using the concept of Paillier encryption scheme based privacy-preserving computation (refer to the scenario stated in Q1 of this assignment). You are allowed touse any programming language or scripting language such as Java, PHP, Python, JavaScript, etc. Your implementation must have a good graphical user interface (GUI).Upon completion of the implementation, you are expected to: Demonstrate your work to the lecturer or head tutor in Week-11 & 12 tutorials I. Create a report containing the implementation details and user instructions II. Upload your code and report III. Q4.4 [Implementing a Secure File Sharing System] (Marks: 15) Page 8 of 13

  9. , In this question, you are expected to implement a secure file sharing system using the concept of the scenario stated in Q3 of this assignment. You are allowed touse any programming language or scripting language such as Java, PHP, Python, JavaScript, etc. Your implementation must have a good graphical user interface (GUI). Upon completion of the implementation, you are expected to: Demonstrate your work to the lecturer or head tutorin Week-11 & 12 tutorials I. Create a report containing the implementation details and user instructions II. Upload your code and report III. Q5. Analyzing Security of Authentication Protocol (Marks: 3) The following mutual authentication protocol is proposed based on a symmetric-key cryptography algorithm. We assume that the cryptography algorithm that is used here is secure. Given that the following protocol does not provide mutual authentication. Give two different attack scenarios where Trudy can convince Bob that she is Alice. Briefly explain each attack scenario performed by Trudywith proper diagram which on the protocol. “Alice”, RA RB,E(RA, KAB) E(RB, KAB) Alice Bob [Hints: You need to show two attack scenarios performed by Trudywith proper diagram on the protocol. Additionally, provide brief explanation of attacks to justify your answer. Refer to attack scenarios on mutual authentication protocols that were discussed during the Lecture-9 and Tutorial-9.] 5. Academic integrity and plagiarism (standard warning) Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas. You should take extreme care that you have: • Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly copied), summarized, paraphrased, discussed or mentioned in your assessment through the appropriate referencing methods, • Provided a reference list of the publication details so your reader can locate the source if necessary. This includes material taken from Internet sites. Page 9 of 13

  10. , If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own. RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of inappropriate behaviors, including: • Failure to properly document a source • Copyright material from the internet or databases • Collusion between students For further information on our policies and procedures, please refer to the University website. 6. Assessment declaration When you submit work electronically, you agree to the assessment declaration. Page 10 of 13

  11. , 7. Rubric/assessment criteria for marking All of the computations must be correct and only provided values must be used. Instructions must be followed. Criteria The characteristic or outcome that is being judged. Total Step-by-step processes are shown with detail computations. Step-by-step processes are shown with detail computations. Step-by-step processes are shown with detail computations. Step-by-step processes are shown with detail computations. Steps are not shown with detail computations. 6 Marks Question 1 Privacy- Preserving Computation Most of the computations are incorrect with few correct computations. But all of the calculations are wrong. Or, Most of the computations are correct with few errors. All of the computations shown are correct. Not answered. 6 Marks 4 Marks 2 Marks 1 Marks 0 Marks Step-by-step processes of both signing and verification are shown. Step-by-step processes of both signing and verification are shown. Step-by-step processes of signing are shown correctly. Step-by-step processes of signing are shown that are partially correct/ completely wrong. Or, only Verification steps are correct. None of the steps are shown correctly. Or, Calculations are not shown in detail. Or, Not answered. 2 Marks Question 2.1 Digital Signature using RSA Encryption Algorithm However, verification steps are not shown or incorrectly shown. Not all of the computations are shown correctly in detail. All of the computations are shown correctly in detail. 2 Marks 1.5 Marks 1 Marks 0.5 Marks 0 Marks Step-by-step processes of both signing and verification are shown. Step-by-step processes of both signing and verification are shown. Step-by-step processes of signing are shown correctly Step-by-step processes of signing are shown that are partially correct/ completely wrong Or Only Verification steps are correct None of the steps are shown correctly Or Calculations are not shown in detail Or Not answered 2 Marks Question 2.2 Digital Signature using ElGamal Encryption Algorithm However, verification steps are not shown or incorrectly shown Not all of the computations are shown correctly in detail. All of the computations are shown correctly in detail. 2 Marks 1.5 Marks 1 Marks 0.5 Marks 0 Marks Page 11 of 13

  12. , Step-by-step processes of both signing and verification are shown All of the computations are shown correctly in detail Step-by-step processes of both signing and verification are shown Not all of the computations are shown correctly in detail Step-by-step processes of signing are shown correctly However, verification steps are not shown or incorrectly shown Step-by-step processes of signing are shown that are partially correct/ completely wrong Or Only Verification steps are correct None of the steps are shown correctly Or Calculations are not shown in detail Or Not answered 3 Marks Question 2.3 Digital Signature using RSA Encryption Algorithm for large message 3 Marks 2 Marks 1 Marks 0.5 Marks 0 Marks Answer is correct All of the commands are correctly and sequentially presented with appropriate screenshots. Answer is correct but not structured All of the commands are correct. But, commands are not sequentially presented. Appropriate screenshots are provided. Answer is partially correct Some of the commands are correct. Commands are not sequentially presented. However, appropriate screenshots are provided for the correct commands. Only few commands are correct Sequence of the commands are not followed Or some of the commands are missing Or screenshots are insufficient/ missing Answer is not correct Or Not answered 4 Marks Question 3 Secured file sharing using OpenSSL and IPFS 4 Marks 3 Marks 2 Marks 1 Marks 0 Marks The report/ implementation is extra ordinary Report The report is prepared fulfilling all of the requirements Implementation The implementation fulfills all of the requirements. The report/ implementation is good but not up to the mark. Report The report is prepared fulfilling all of the requirements. However, could have been better. Implementation The implementation is good. However, functionalities or user interface could have been better. The report/ implementation is average. Report The report is prepared fulfilling all of the requirements. However, the content is not enough to express the main theme of the given topic. Implementation The implementation is good. However, functionalities or user interface could have been better. The report/ implementation is below average. Report The report is NOT prepared fulfilling all of the requirements. The key topics are not well connected. Presentation is poor Implementation The implementation does not contain some of the key functionalities and user interface is not that good. The report/ implementation is poor. Report The report addresses only few of the requirements. The key topics are missing or not connected. Presentation is poor. Implementation The implementation contains only few of the key functionalities and user interface is not that good. The report/ implementation is very poor. Report None of the requirements are addressed correctly. The key concept is missing. Implementation The implementation does not contain key functionalities and user interface is not good. Not answered 15 Marks Question 4 Report writing or implementation 15 Marks 12 Marks 10 Marks 8 Marks 6 Marks 4 Marks 0 Marks Page 12 of 13

  13. , Answers are correct Two attack scenarios on the given authentication protocol are presented with appropriate diagram and explanation. Answers are partially correct Only one attack scenario on the authentication protocol is presented with either appropriate diagram or explanation, and the diagram or explanation is missing / incorrect for the other attack scenario. Answers are partially correct Only one attack scenario on the authentication protocol is presented with either appropriate diagram or explanation, and diagram and explanation of other attack scenario is completely wrong. Or Either diagrams/ explanations are correct for both attack scenarios Or Any one from diagram and explanation is correct for both attack scenarios Answers are partially correct. Only one attack scenario on the authentication protocol is presented with either appropriate diagram or explanation, and diagram and explanation of other attack scenario is completely wrong/ missing. Answer is not correct Or Not answered 3 Marks Question 5 Analyzing authentication protocol for enhancing security 3 Marks 2.25 Marks 1.5 Marks 0.75 Marks 0 Marks Page 13 of 13

More Related