COSC2536/2537 Security in Computing and Information
Security in Computing and Information
Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: THEend8_
COSC2536/2537 Security in Computing and Information
Technology
Assignment 1
Assessment Type: Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment
1.
Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via
announcements/relevant discussion forums.
Due date: Week 4, Friday the 25th Mar 2022 11:59pm
Deadlines will not be advanced, but they may be extended. Please check Canvas→Syllabus or via
Canvas→Assignments→Assignment 1 for the most up to date information.
As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per
each working day applies for up to 5 working days late, unless special consideration has been granted.
Weighting: 35 marks (Contributes 35% of the total Grade)
Overview
The objective of Assignment 1 is evaluating your knowledge on the topics covered in Lecture 1-4. Topics include Basic
Cryptographic Techniques, and Public-Key Cryptography (RSA, ElGamal and Paillier cryptosystems). Assignment 1 will
focus on developing your abilities in application of knowledge, critical analysis and decision making. Assignment 1 contains
several problems related to the topics mentioned above. You are required to prepare the solutions and upload them as a
single PDF or Word document in CANVAS.
In this assignment, there are 5 (five) questions in total. The first question Q1 is on designing a cryptographic algorithm
for a secure vault with a sophisticated digital keypad. In this question, a scenario is given that describes how a secret key
for the digital keypad is generated and the digital keypad works. You need to design an algorithm that satisfies the
requirements of the security of the digital keypad.
The second question Q2 is about designing an algorithm to perform cryptanalysis on a captured encrypted text. The term
Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages,
even if the cryptographic key is unknown. Therefore, you are expected to apply cryptanalysis in order to obtain plaintext
from the given ciphertext in Q2.
The second question Q3 is about the designing a Secure Online Property Auction System using the hash algorithm. In Q2,
you are expected to design an Online Bidding System where an attacker cannot determine the bid values of participants
and the hash algorithm based bidding would work.
The fourth question Q4 is related to breaking the RSA Encryption algorithm. In this question, you are expected to perform
prime factorization to break RSA private-key d from the public-key (n, e). You should demonstrate the detail steps with
explanations how the RSA encryption algorithm can be broken. Marks will be deducted if you fail to show the detail
computation correctly, skip the computation steps, or do not provide explanations.
The fifth question Q5 is about a real-life application of Public-Key cryptography. In this question, you are expected to show
how RSA and ElGamal Public-Key Cryptography techniques can be used in secure smart door. You should demonstrate
the detail steps with explanations how the RSA and ElGamal encryption and decryption work in the given context. Marks
will be deducted if you fail to show the detail computation correctly, skip the computation steps, or do not provide
explanations.
Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to start
preparing your answers immediately after the Lecture-1 (in Week-1). At the end of each week starting from Week-1 to
Week-4, you should be able to solve at least one question.
,
Page 2 of 11
If there are questions, you must ask via the relevant Canvas discussion forums in a general manner.
Overall, you must follow the following special instructions:
• You must use the values provided in the questions.
• Hand-written answers are not allowed and will not be assessed. Compose your answers using any
word processing software (e.g., MS Word).
• You are required to show all of the steps and intermediate results for each question.
• Please DO NOT provide codes as an answer. Only codes will not be assessed.
• Upload your solution as a single PDF or Word document in CANVAS.
Assessment Criteria
This assessment will determine your ability to:
• Follow requirements provided in this document and in the lessons.
• Independently solve a problem by using cryptography and cryptanalysis concepts taught over the first four weeks of the
course.
• Meeting deadlines.
Learning Outcomes
This assessment is relevant to the following Learning Outcomes:
1. CLO-1: explain the functioning of security services in computing environments and the security issues in
networked applications.
2. CLO-2: discuss various types of data integrity and confidentiality mechanisms including public key cryptography.
3. CLO-3: describe basic system security mechanisms and protocols, such as those used in operating systems, file
systems and computer networks.
Assessment details
Please ensure that you have read Section 1 to 3 of this document before going further. Assessment details (i.e. question
Q1 to Q5) are provided in the next page.
,
Page 3 of 11
Q1. Designing Cryptographic Algorithm for Secure Nuclear Arsenal Control
System (6 Marks)
Classified Information is material that a government body deems to be sensitive information that must
be protected. For example, national security agencies collect and store several sensitive information
regarding national security and mark them as classified before storing them. Access to the classified
information is restricted by law or regulation and can be disclosed to a group of people only having
necessary security clearance. As mishandling of the classified material can incur serious security
threats, a secure access mechanism is required.
Assume that a security agency wants to design a secure file access system to ensure that no classified
file be accessed by an employee of the agency without the clearance of the appropriate authority. For
example, John (an employee of the security agency with employee ID 500701) wants to access a
classified file that requires authorization from a group of people involving an Information Security
Manager, Information Security Director, and Chief Information Security Officer. Let’s assume, the group
is named as Oracle. To access a file (say, unique file number is 100503), John needs to send an
access request to the system for that file. The system generates a one-time security access key for
John to access the file and sends it to John. John can enter the access key to view the information of
the file. Once John accesses the file, the corresponding security access key is erased from the system
and cannot be used in the future.
At the time of creating a one-time security access key for a classified file, each member of Oracle
enters their own 6-digit integer secret code (e.g., 123456). The system generates a 6-digit integer
one-time pad. A security access key is generated by a key generation module with simple
cryptographic operation from John’s employee ID, the unique file number, Oracle members’ individual
6-digit secret codes, and the generated 6-digit integer one-time pad. The security access key for
the current request is sent to John. The system only stores the 6-digit integer one-time pad in the
system for the current request as follows:
Request Id Employee ID File to Access One-time Pad
R8101 500701 100503 987654
The illustration of the security access code generation is as follows:
Figure-1.1: One-time security access key generation process
,
Page 4 of 11
When an employee wants to access the file (with unique file number is 100503), the request is sent to
each member of Oracle. Then, each member enters their 6-digit secret code to the One-time Pad
Generation Module with simple cryptographic operation. The module takes unique file number,
employee ID, Oracle members’ individual 6-digit secret codes, and security access key for re-
generating the one-time pad. If the generated one-time pad matches to the one that is stored in
the system, an access to the file is granted to John. The re-generation process of the one-time pad
is shown as below:
Figure-1.2: One-time Pad generation process to check access
In this task, you need to design and explain the algorithms for both the One-time security
access key generation process and One-time Pad generation process of the secure file access
system to check access with numerical examples. Numbers shown in the diagrams are used
for illustration only. You need to choose your own appropriate 6-digit numbers to show all the
steps (i.e., One-time security access key generation and One-time Pad generation process) of
the algorithm.
[Note: Refer to the Week 2 Lecture and Lectorial, and Workshop-2 resources.]
Q2. Cryptanalysis with Missing Encrypted Text [8 Marks]
(a) Encoded Message (b) Decoded Message
Figure-2.1: Zimmermann Telegram
,
Page 5 of 11
In January 1917, British cryptographers deciphered a telegram from German Foreign Minister Arthur
Zimmermann to the German Minister to Mexico, Heinrich von Eckhardt. In that telegram, Zimmermann
offered United States territory to Mexico in return for joining the German cause. This message helped
draw the United States into the war and thus changed the course of history. The ciphertext and decoded
message of Zimmermann is shown in Figure-2.1. The challenge was the encrypted message had
many missing ciphertext. In spite of missing encrypted text, the British cryptographic office known as
“Room 40” decoded the Zimmermann Telegram and handed it over to the United States in late-
February 1917.
In this task, you have to decrypt an encrypted message. However, here we have encrypted a long
English message a bit differently. Every single alphabet in the message has been substituted by
another unique alphabet. The encrypted message is shown below:
XACTZBGKU ZVK XADDKXSGBI ZBL USAVGBI CAVK GBJAVCZSGAB SHZB KQKV YKJAVK,
XKCKBSGBI SHK GCTAVSZBXK AJ YASH LZSZ TVGQZXN ZBL LZSZ UKXRVGSN. BAP CAVK
SHZB KQKV GS GU XVGSGXZD SA TVASKXS XABJGLKBSGZD GBJAVCZSGAB ZBL KBURVK
YRUGBKUU XABSGBRGSN SHVARIH Z VAYRUS LZSZ TVASKXSGAB USVZSKIN. PK UHARDL
XAQKV SHK EKN XABXKTSU AJ LZSZ TVGQZXN ZBL LZSZ UKXRVGSN SA HKDT
LGJJKVKBSGZSK SHK SPA. SHK SKVCU LZSZ TVGQZXN ZBL LZSZ UKXRVGSN ZVK AJSKB
CGURBLKVUSAAL ZBL RUKL GBSKVXHZBIKZYDN. HAPKQKV, SHKN ZVK SPA UKTZVZSK
XABXKTSU SHZS PAVE GB SZBLKC SA EKKT LZSZ UZJK. LZSZ TVGQZXN JAXRUKU AB HAP
GBJAVCZSGAB GU HZBLDKL, USAVKL, ZBL RUKL. PHGDK LZSZ UKXRVGSN GU XABXKVBKL
PGSH TVASKXSGBI SHK ZUUKS AJ NARV AVIZBGMZSGAB.
Figure-2.2: English Alphabet Frequency Count
Using frequency analysis technique, you need to show step-by-step processes to Decipher
and find out the actual message. Use the English alphabet frequency count as shown in Figure
2.2. Please note that no marks will be given if only plaintext is shown without detailed steps.
[Note: Refer to the Week 1 Lecture and Lectorial, and Workshop-1 resources.]
Q3. Designing Secure Online Bidding System for an Online Freelancing Platform
using Hash Algorithm [7 Marks]
Online freelancing platforms connects businesses with freelancers, independent talent, and agencies
around the globe. Such platforms allow companies and freelancers work together to accomplish
different types of tasks including Information Technology (IT) projects, copywriting, research,
handyman jobs, and many more. The key benefit of the online freelancing platform is that it allows a
person or business advertising a task, taking quotations from interested freelancers from anywhere in
the world and select a freelancer. Hence, online freelancing platforms are getting popular day by day.
Some of the prominent online freelancing platforms are Upwork, Freelancer, Fiverr, and Airtasker. Face
to face meeting between businesses and customers are required in this platform which makes it most
suitable in the current pandemic situation.
,