Consider the balanced exponentiation algorithm (Algorithm 4), which is defined on page 11 of Nigel Smart’s article from Software Focus.
- Explain how the use of this algorithm provides some remedy against SPA attacks.
- To demonstrate this, use the algorithm to calculateg70+2s+w
and keep track of the square and multiply operations. Contrast with Algorithm 2 in the same article with the same exponent.
In this part of the assignment the student will reflect on the feedback for Part A and discuss
how did it help him/her to accomplish the tasks for the assignment Part B. In this part student
will write report discussing following two sections:
a) Crypto periods
A cryptographic key is a value (essentially a random string of bits) that serves as input to
an algorithm, which then transforms plain text into ciphertext (and vice versa for
decryption). One of the important characteristics that determines key strength is its
crypto period [1]. Or the length of time for which the key is authorised for use.
1. From current literature survey, critically analyse and discuss crypto periods for hash,
symmetric, and asymmetric algorithms. Find at least three sources for each of the
algorithms (select two algorithms from each category).
2. Draw a table to list the algorithms and the recommend time, and then calculate the
average of each.
3. Provide recommendation on the crypto periods for each selected algorithm.
b) Cryptographic Transport Protocol
Hypertext Transport Protocol Secure (HTTPS) is becoming increasingly more popular as a
security protocol for web traffic. Some sites automatically use HTTPS for all transactions
How can I using cryptographic hash function to design a cheating-proof online property auction system?
Q1. Designing Cryptographic Algorithm for Secure Vault (3 Marks) One day, three friends (Alice, Bob, and Laura) miraculously found huge number of ancient gold coins of equal size while bushwalking. They decided to equally divide those coins and bring them home. However, given that homes may not be safe to store the coins, they decided to put them in a strong vault in a bank. The vault has a digital keypad (see Figure-1.1) which is used to enter secret password for opening it. However, this keypad is very sophisticated and specially designed for the three friends. It can accept three secret keys one after another. Each secret key is an integer number of 5 digits. When the keypad is initialized each friend enters individual secret key without anyone knowing that number. Once all three friends enter their secret numbers, the sophisticated logic in the keypad performs a mathematical operation and generates a master key by using the three numbers (see Figure-1.2). It then stores the master key in the memory and deletes the individual secret keys. Once the digital keypad is initialized, they can come anytime but they must come all at the same time and enter the secret keys one after another. Similar to the initialization phase, keypad performs a mathematical operation and generates a new master key by using the three numbers. The new master key is then compared with old master key saved in the keypad. If they are same, the vault opens. Explain the algorithm with an example to design the sophisticated keypad for the excellent vault which has gold coins!
our have found two plaintext-ciphertext pairs which you know are from an affine
cipher based on the English alphabet. The pairs are (1,7) and (0,2).
(a) Find the equation of the cipher.
2 marks
(b) Use Maple and the resultant affine cipher to encrypt the sentence “My
student ID is xxx, and I am now working on Assignment 1a”, and verify the
result is correct by decryption (replace “xxx” with your real student ID, delete
the blank and punctuation, and capital and lower-case letter are the same).
2 marks
Analysis Describe a functional view of the proposed design including an assessment of the associated risks involved. Complement this with a use case showing how your framework works in a typical example. For each block of the above framework, describe the functional requirements associated with it. Risk assessment the purpose of the risk assessment is to identify threats and vulnerabilities related to your proposed framework solution. Describe the main architectural components of the system, followed by the participants, followed by the risk model used, the system overview, the technology required to design your system, the vulnerability and threat statements, the risk assessment, and the security policies. Finally, the following parts should be clarified: 1. What are the software required for graphic design, and site design? 2. What will your content management system (CMS) look like i.e. what are the candidate software package(s) that will be used to publish the content on the web?
Choose a fictitious or an actual organization. provide an overview of the current state of enterprise key management for the company.
Provide a high-level, top-layer network view (diagram) of the systems in the company. The diagram can be a bubble chart or Visio drawing of a simple network diagram with servers. Conduct independent research to identify a suitable network diagram.
Identify data at rest, data in use, and data in motion as it could apply to your organization. Start by focusing on where data are stored and how data are accessed.
identify areas where insecure handling may be a concern for your organization.
Incorporate this information in your key management plan.
Step 2: Identify key management gaps, risk, solutions, and challenges
Identify gaps in key management, in each of the key management areas within Superior Health Care.
Identify crypto attacks and other risks to the cryptographic systems posed by these gaps.
Propose solutions organizations may use to address these gaps and identify necessary components of these solutions.
Convert the decimal number -5to a 6-bit signed integer using twos complement notation
The main task is to conduct a penetration test of a network. You will be required
to write a report of your penetration test results. The assignment network will
contain several host machines and on the machines, there will be flags (text
strings) that you will need to identify. Each flag starts with the characters FLAG.
For each of the flags you locate you should write up the process that you used to
access and find the flag. Note that some flags are encrypted, and you will need to
decrypt them.
Your task is to use OpenSSL to perform a set of cryptographic operations. When performing
cryptographic operations you must be very careful, as a small mistake (such as a typo) may
mean the result is an insecure system. Read the instructions carefully, understand the examples,
and where possible, test your approach (e.g. if you encrypt a file, test it by decrypting it and
comparing the original to the decrypted). It is recommended you use virtue to perform the
operations.
Perform the following steps:
(a) For all the following steps, record the command(s) you used in a file called
[student]-commands. Bash. This file should be a Bash shell script, containing only
commands that can be executed and optionally comments (starting with # character).
(b) Generate your own RSA 2048-bit key pair. Use the public exponent of 65537. Save
your key pair as [student]-keypair.
(c) Extract your public key and save it as [student]-pubkeeper.
(d) Create a text file called [studentID]-message.txt and include your student ID and
full name inside the file. This file is referred to as the message or plaintext.
(e) Sign your message file using SHA256, saving the signature as [student]-
signature. In.
(f) Generate a 128-bit random value using OpenSSL. This value will be used as a secret
key. Store the key as a 32 hex digit string in a file [student]-key.txt.
(g) Encrypt your message file using AES-128-CBC and the key generated in step (f). Use
an IV of all 0’s (that is, 32 hex 0’s). Save the ciphertext as [student]-
cyphertext.
(h) Encrypt your [studentID]-key.txt file using RSA so that only the Unit Coordinator
can view the contents. Save the encrypted key as [student]-secretkey.bin
Objectives
This assignment has been designed to test your knowledge of number theory, abstract algebra, and public-key
cryptography.
Notes
• Assumptions (if any) must be stated clearly in your answers.
• There may not be one right answer for some of the questions. So, your explanations need to present
your case clearly. The explanations you provide do not have to be long; conciseness is preferred to
meandering.
• It is recommended that you use Pari/GP for the numerical components of the assignment. However, you
are free to use another programming language (such as Java) provided the question/answer/solution
can be naturally translated into a similar problem in that programming language.
You work for a company that has just expanded by buying one of its competitors. There are now over
1000 office workers in your organisation. The CIO has decided that it is time to implement a Security
Operations Centre for your organisation as much of the assets that belong to the organisation are
digital. The CIO has asked that you investigate existing solutions for a Security Information and Event
Management (SIEM) system, a vulnerability management system, an endpoint security system and a
network security system.
Task
Write a short article that describes the necessity and essential properties of each of the following
security systems.
• Security Information and Event Management (SIEM)
• Vulnerability management
• Endpoint security
• Network security
For each security system, you should briefly describe three possible solutions currently available on the
market and recommend one.
While there is funding for this project, you must not mis-spend the organisations budget. The CIO needs
to know your priority list for which system should be implemented from first to last. You need to
present your reasons why your order of implementation is important.
Note that the CIO does not want to read marketing material. He wants to see your analysis and opinion
on the appropriate tools to use. You must give a reasoned argument for your recommendations.