SlideShare a Scribd company logo

COSC2536/2537 Security in Computing and Information Technology Assignments

J
Johnsmith5188

Best COSC2536/2537 Security in Computing and Information Technology Assignments Help is now at essaycorp.Our professionals’ writers are here to help you with your information technology assignments.essaycorp assignment writing services are widespread across the US, UK, Australia, New Zealand, and other countries. Hurry up and get an exciting discount on your first order!

Education
1 of 13
Download to read offline
, Page 1 of 13 School of Science COSC2536/2537 Security in Computing and Information Technology Assignment 2 Assessment Type: Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment 2. Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via announcements/relevant discussion forums. Due date: Week 12, Sunday the 20th October 2019 11:59pm Deadlines will not be advanced, but they may be extended. Please check Canvas→Syllabus or via Canvas→Assignments→Assignment 2 for the most up to date information. As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per each working day applies for up to 5 working days late, unless special consideration has been granted. Weighting: 35 marks (Contributes 35% of the total Grade) 1. Overview The objective of Assignment 2 is evaluating your knowledge on the topics covered mainly in Lecture 5 to 10. Topics include Privacy-preserving computations based on RSA, ElGamal and Paillier Cryptosystems; Digital Signature, Blockchain and Cryptocurrency, Digital Authentication & Security Protocols, and Digital Authorization and Intrusion Detection. However, topics covered in Lecture 1 to 10 are required as prerequisite. Assignment-2 will focus on developing your abilities in application of knowledge, critical analysis and decision making. Assignment 2 contains several problems related to the topics mentioned above. You are required to prepare your answers and upload them as a single PDF or Word document in CANVAS. In this assignment, there are 5 (five) questions in total. Question 1 is on Privacy Preserving Online Voting System. The system uses privacy preserving computation technique for computing votes. The term privacy preserving computation is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. Recently, several controversies have been observed in the voting around the world. Using privacy preserving online voting system removes controversy in a voting system. In question Q1, you are expected to apply your understanding of privacy preserving computation in the context of electronic voting (E-Voting). Question 2 is about the application of Digital Signature Schemes. Question 2 has 3 (three) parts. In the first part, you are expected to demonstrate your understanding of the RSA Encryption algorithm based digital signature scheme for numeric message. In the second part, you are expected to demonstrate your understanding of the ElGamal Encryption algorithm based digital signature scheme for numeric message. In the third part, you are expected to demonstrate
, Page 2 of 13 your understanding of the RSA Encryption algorithm based digital signature scheme for text message. For part 1 to 3 of Question 2, values of required parameters are provided including the plaintext or message M and you should demonstrate the key generation, signing and verification processes with detail computations and brief explanations. Marks will be deducted if you fail to show the detail computation correctly, skip the computation steps, or do not provide explanations. Recently, many intruders have stolen highly sensitive files from various organizations and given them to Wikileaks for online publications. Many government agencies including CIA and FBI are among the victims as they didn’t share files in a secure manner. The objective of Question 3 is to demonstrate secure file sharing on a distributed file sharing platform like IPFS using openssl tool. Question 3 is related to OpenSSL and IPFS. In this question, you are expected to demonstrate required OpenSSL and IPFS commands for a given scenario. Additionally, you must provide screenshots of the outcomes for commands. Marks will be deducted if you fail to show the commands correctly, skip any command, or do not provide screenshots. Question 4 is on report writing on Blockchain or implementation of a secure system. In this question, there are 4 (four) options: Q4.1, Q4.2, Q4.3 and Q4.4. You need to choose any 1 among the three options. The first option Q4.1 is on report writing and the rest three options, Q4.2, Q4.3 and Q4.4, are about implementation. If you select Q4.1, you are expected to demonstrate your understanding of the Blockchain and cryptocurrency and choose a system where Blockchain Technology can be applied. Then, you should write a well-organized report on how the Blockchain Technology can impact your chosen system. We are looking for interesting and innovative system design in the report. The report should be appended in the same document where you write the answers for other questions. If you select Q4.2, you are expected to implement a simple blockchain system with a new idea. You are free to choose any system. If you select Q4.3, you are expected to implement a privacy preserving online voting system stated in Q1. If you select Q4.4, you are expected to implement a secure IPFS-based file sharing system stated in Q3. If you choose either Q4.2, Q4.3 or Q4.4, you should demonstrate your implementation to the lecturer or head tutor in Week-11. Additionally, you should upload the code and short documentation on CANVAS. Question 5 is related to analyzing the security of authentication protocols. Your answer should contain both diagram and explanation. Marks will be deducted if you fail to provide diagram and explanation correctly, skip the diagram, or do not provide explanations. Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to start preparing your answers immediately after Lecture-5 (in Week-5). At the end of each week starting from Week-5 to Week-10, you should be able to solve at least one question. If there are questions, you must ask via the relevant Canvas discussion forums in a general manner. Overall, you must follow the special instructions below: • You must use the values provided in the questions.
, Page 3 of 13 • Hand-written answers are not allowed and will not be assessed. Compose your answers using any word processing software (e.g. MS Word). • You are required to show all of the steps and intermediate results for each question. • Please DO NOT provide codes as an answer. Only codes will not be assessed. • Upload your solution as a single PDF or Word document in CANVAS. 2. Assessment Criteria This assessment will determine your ability to: • Follow requirements provided in this document and in the lessons. • Independently solve a problem by using cryptography and cryptanalysis concepts taught over the last six weeks from fifth to tenth weeks of the course. • Meeting deadlines. 3. Learning Outcomes This assessment is relevant to the following Learning Outcomes: • understand applications of privacy preserving computation techniques, digital signatures and data hiding techniques. • develop privacy preserving applications and libraries using any programming language of your choice. • understand the life cycle and design principles of Blockchain and Cryptocurrency applications. • analyze the strength and limitations of security protocols. • design new security mechanisms and protocols for any small and large-scale applications. • Implementing a simple secure system • Critically analyze and evaluate the security of computing and IT systems on a practical level and privacy related issues in computing. 4. Assessment details Please ensure that you have read Section 1 to 3 of this document before going further. Assessment details (i.e. question Q1 to Q6) are provided in the next page.
, Page 4 of 13 Q1. Privacy Preserving Online Voting System (Marks: 6) Recently, several controversies have been observed in the voting around the world. The voting authority cannot be trusted completely as it can be biased. Using privacy preserving online voting system removes controversy in voting system. In this privacy preserving online voting system, voters encrypt their votes in the voting booth before sending them to the voting authority. A voting server computes an encrypted result on behalf of the voting booth as the voting booth does not have enough computation power. The encrypted result is sent to the voting authority who determines the winner based on encrypted votes. Suppose there are 7 voters to vote for YES or NO to give their opinions. There is a voting authority (VA) who determines the winner. Design a secure voting prototype as shown in Figure-Q1 using Paillier cryptosystem where the votes must be encrypted from Voting Booth before sending them to the Voting Server. Figure-Q1: Secure voting system Assume, three voters will vote for YES and four voters will vote for NO. The Voting Authority should find three YESs and four NOs after counting the votes. The Voting Authority chooses p=89, q=53 and select g=8537. The private numbers chosen by 7 voters and their votes are as follows: Voter No. Voter’s Private Number, r Vote Voting message, m 1 71 YES 001000 = 8 2 72 YES 001000 = 8 3 73 YES 001000 = 8 4 74 NO 000001 = 1 5 75 NO 000001 = 1 6 76 NO 000001 = 1 7 77 NO 000001 = 1 Show the encryption, homomorphic computations and decryption processes.
, Page 5 of 13 [Hints: Refer to the lecture-5 Secure e-voting example. You need to represent the total number of votes by 6-bit string. The first 3 (three) bits should represent the votes for YES and the rests for NO. When adding a vote for YES, the system adds 001000, which is 8 in integer. Similarly, the system adds 000001 when voting for NO, which is 1 in the integer form.] Q2. Digital Signatures (Marks: 2+2+3 = 7) Suppose Bob and Alice, two business partners, use their smart phones to communicate with each other regarding their business decisions. Hence, their messages are very sensitive and require to be authenticated. Otherwise, an attacker, say one of their business rivals, may perform phone number porting fraud attack. In this attack, the attacker may use another SIM card to port Alice or Bob’s phone number for pretending as Alice or Bob, respectively. Therefore, BoB and Alice uses digital signature scheme in their smart phone to sign messages for ensuring authenticity. The working procedure of the digital signature is illustrated in FigureQ2. Bob (Sender) Message Signing with Bob’s private-key Signed Message Alice (Receiver) Verified Message Verification with Bob’s public-key Verification Answer Q2.1, Q2.2 and Q2.3 using the scenario mentioned above. Q2.1 [RSA Signature Scheme] (Marks: 2) Suppose Bob (the sender) wants to send a message m=123456 to Alice (the receiver). However, before sending the message he would like to sign the message. When Alice receives the signed message, she would like to verify that the message is indeed from Bob. To facilitate signing and verification Bob generates public and private keys using RSA encryption algorithm and sends the public key to Alice. Bob uses parameter p = 5563 and q = 3821, and chooses a suitable public key parameter e=9623. How would Bob sign message m=123456? How would Alice verify the signed message from Bob? [Hints: Refer to the lecture-6 and tutorial-6. You do not need to generate hash of the message m.] Q2.2 [ElGamal Signature Scheme] (Marks: 2) Suppose Bob (the sender) wants to send a message m=4567 to Alice (the receiver). However, before sending the message he would like sign the message. When Alice receives the signed message, she would like to verify that the message is indeed from Bob. To facilitate signing and verification Bob generates public and private keys using ElGamal encryption algorithm and sends the public key to Alice. Bob chooses p= 7331, g=3411, x=41. How would Bob sign message m=4567? How would Alice verify the signed message from Bob? [Hints: Refer to the lecture-6 and tutorial-6. You do not need to generate hash of the message m.]
Page 6 of 13 , Q2.3 [RSA Signature Scheme for Text Message] (Marks: 3) Suppose Bob (the sender) wants to send a large text message M to Alice (the receiver). You should download the text message file “Message.txt” from the CANVAS. The text message M is as follows: Cryptocurrencies continue to grow in price and size. Knowledge about Bitcoin, Litecoin, Ethereum, and others has spread through the entire world. Cryptocurrencies are providing such features and tools that simplify our lives. They are changing the way things work. Some people fear the changes. But changes are not always bad. Cryptocurrencies are modifying our lives, and the way industries develop. There’s no doubt that cryptocurrencies are disrupting and affecting the global economy in many ways. Before sending the message, Bob generates a hash h(M) of the text message M using MD5 hash algorithm, and converts h(M) into integer message m. Then, he signs the m and sends it to Alice. When Alice receives the signed message, she would like to verify that the message is indeed from Bob. To facilitate signing and verification Bob generates public and private keys using RSA encryption algorithm and sends the public key to Alice. Bob uses the following parameters: p = 278966591577398076867954212605012776073 q = 467207331195239613378791200749462989467 Bob chooses a suitable public key parameter e=41. How would Bob sign message M? How would Alice verify the signed message from Bob? [Hints: Refer to the “Running Example of RSA Signature for Text Message” of lecture-6. The document can be found here: https://rmit.instructure.com/courses/46189/files/3608593/download?wrap=1 Use the following links: For generating MD5 hash: http://www.miraclesalad.com/webtools/md5.php For converting hexadecimal to decimal: https://www.mobilefish.com/services/big_number/big_number.php ] Q3. OpenSSL and IPFS (Marks: 4) Assume that an owner of a particular file, say Alice, wants to share the file to her colleague, say Bob. In other words, Alice is the sender and Bob is the receiver. They use an IPFS based file repository and OpenSSL for providing security. Alice and Bob perform several operations using OpenSSL and IPFS to ensure secure file sharing. Throughout the processes, AES symmetric-key and RSA public-key encryption algorithms of OpenSSL are used. You should choose your own file (e.g. a text file with your student number and name) and AES encryption key (e.g. 123456789). The scenario is illustrated in the Figure-Q3 below. You are expected to show the required OpenSSL and IPFS commands sequentially for each step stated below. Please provide screenshot of the outcome for each command. The steps are stated as follows: I. Bob generates RSA public and private key pair for himself using OpenSSL. Bob sends his public key to Alice via email.
Page 7 of 13 , II. Alice selects a shared AES secret key (KAB = 123456789). Next, Alice encrypts the file with Alice and Bob’s shared AES secret key (KAB) using OpenSSL and generates a ciphertext file (say, the file name is “ciphertext.txt”). III. Alice uploads the encrypted file in the IPFS-based repository and receives a Unique Identifier (UI). IV. Alice encrypts KAB with Bob’s RSA public key using OpenSSL and gets a ciphertext file (say, the file name is “encrypte-key.txt”). V. Alice sends UI and “encrypted-key.txt” to Bob through email. VI. Upon receiving them, Bob decrypts “encrypte-key.txt” using OpenSSL with his RSA private-key and retrieves the shared AES secret key (KAB). VII. Bob uses Unique Identifier (UI) to download the file from IPFS-based repository with IPFS commands. VIII. Upon receiving the file from IPFS network, Bob decrypts the downloaded file from IPFS network using the shared AES secret key (KAB). [Hints: Use the commands of OpenSSL that are discussed in Lecture-2,4 and IPFS commands that are discussed in Lecture-7]. Figure Q3: IPFS based encrypted file sharing
Page 8 of 13 , Q4. Report Writing or Implementation (Marks: 15) Answer Any 1 from Q4.1, Q4.2, Q4.3 and Q4.4 Q4.1 [Writing Report on Blockchain] (Marks: 15) Choose a system where Blockchain Technology can be applied. Write a well-organized report on how the Blockchain Technology can impact your chosen system. You may consider the followings scenarios to prepare your report: • Blockchain based Financial System • Blockchain based Real Estate Management Systems • Blockchain based Healthcare • Blockchain based smart city • Blockchain based smart manufacturing • Blockchain based supply-chain • Blockchain based E-Commerce • Blockchain based IoT applications In this report, you expected to provide necessary background of the system you choose and the blockchain technology. Presenting an innovative scenario is highly appreciated. Most importantly, a detail system design should be presented. Q4.2 [Implementing a Blockchain System] (Marks: 15) In this question, you are expected to implement a blockchain system a scenario stated in Q4.1. You are allowed to use any programming language or scripting language such as Java, PHP, Python, JavaScript, etc. Your implementation must have a good graphical user interface (GUI). Upon completion of the implementation, you are expected to: I. Demonstrate your work to the lecturer or head tutor in Week-11 & 12 tutorials II. Create a short report containing the implementation details and user instructions III. Upload your code and report Q4.3 [Implementing a Privacy-preserving Online Voting System] (Marks: 15) In this question, you are expected to implement an online voting system using the concept of Paillier encryption scheme based privacy-preserving computation (refer to the scenario stated in Q1 of this assignment). You are allowed to use any programming language or scripting language such as Java, PHP, Python, JavaScript, etc. Your implementation must have a good graphical user interface (GUI). Upon completion of the implementation, you are expected to: I. Demonstrate your work to the lecturer or head tutor in Week-11 & 12 tutorials II. Create a report containing the implementation details and user instructions III. Upload your code and report Q4.4 [Implementing a Secure File Sharing System] (Marks: 15)
Page 9 of 13 , In this question, you are expected to implement a secure file sharing system using the concept of the scenario stated in Q3 of this assignment. You are allowed to use any programming language or scripting language such as Java, PHP, Python, JavaScript, etc. Your implementation must have a good graphical user interface (GUI). Upon completion of the implementation, you are expected to: I. Demonstrate your work to the lecturer or head tutor in Week-11 & 12 tutorials II. Create a report containing the implementation details and user instructions III. Upload your code and report Q5. Analyzing Security of Authentication Protocol (Marks: 3) The following mutual authentication protocol is proposed based on a symmetric-key cryptography algorithm. We assume that the cryptography algorithm that is used here is secure. Given that the following protocol does not provide mutual authentication. Give two different attack scenarios where Trudy can convince Bob that she is Alice. Briefly explain each attack scenario performed by Trudy with proper diagram which on the protocol. “Alice”, RA RB,E(RA, KAB) E(RB, KAB) Alice Bob [Hints: You need to show two attack scenarios performed by Trudy with proper diagram on the protocol. Additionally, provide brief explanation of attacks to justify your answer. Refer to attack scenarios on mutual authentication protocols that were discussed during the Lecture-9 and Tutorial-9.] 5. Academic integrity and plagiarism (standard warning) Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas. You should take extreme care that you have: • Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly copied), summarized, paraphrased, discussed or mentioned in your assessment through the appropriate referencing methods, • Provided a reference list of the publication details so your reader can locate the source if necessary. This includes material taken from Internet sites.
Page 10 of 13 , If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own. RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of inappropriate behaviors, including: • Failure to properly document a source • Copyright material from the internet or databases • Collusion between students For further information on our policies and procedures, please refer to the University website. 6. Assessment declaration When you submit work electronically, you agree to the assessment declaration.
Page 11 of 13 , 7. Rubric/assessment criteria for marking All of the computations must be correct and only provided values must be used. Instructions must be followed. Criteria The characteristic or outcome that is being judged. Total Question 1 Privacy- Preserving Computation Step-by-step processes are shown with detail computations. All of the computations shown are correct. Step-by-step processes are shown with detail computations. Most of the computations are correct with few errors. Step-by-step processes are shown with detail computations. Most of the computations are incorrect with few correct computations. Step-by-step processes are shown with detail computations. But all of the calculations are wrong. Steps are not shown with detail computations. Or, Not answered. 6 Marks 6 Marks 4 Marks 2 Marks 1 Marks 0 Marks Question 2.1 Digital Signature using RSA Encryption Algorithm Step-by-step processes of both signing and verification are shown. All of the computations are shown correctly in detail. Step-by-step processes of both signing and verification are shown. Not all of the computations are shown correctly in detail. Step-by-step processes of signing are shown correctly. However, verification steps are not shown or incorrectly shown. Step-by-step processes of signing are shown that are partially correct/ completely wrong. Or, only Verification steps are correct. None of the steps are shown correctly. Or, Calculations are not shown in detail. Or, Not answered. 2 Marks 2 Marks 1.5 Marks 1 Marks 0.5 Marks 0 Marks Question 2.2 Digital Signature using ElGamal Encryption Algorithm Step-by-step processes of both signing and verification are shown. All of the computations are shown correctly in detail. Step-by-step processes of both signing and verification are shown. Not all of the computations are shown correctly in detail. Step-by-step processes of signing are shown correctly However, verification steps are not shown or incorrectly shown Step-by-step processes of signing are shown that are partially correct/ completely wrong Or Only Verification steps are correct None of the steps are shown correctly Or Calculations are not shown in detail Or Not answered 2 Marks 2 Marks 1.5 Marks 1 Marks 0.5 Marks 0 Marks
Page 12 of 13 , Question 2.3 Digital Signature using RSA Encryption Algorithm for large message Step-by-step processes of both signing and verification are shown All of the computations are shown correctly in detail Step-by-step processes of both signing and verification are shown Not all of the computations are shown correctly in detail Step-by-step processes of signing are shown correctly However, verification steps are not shown or incorrectly shown Step-by-step processes of signing are shown that are partially correct/ completely wrong Or Only Verification steps are correct None of the steps are shown correctly Or Calculations are not shown in detail Or Not answered 3 Marks 3 Marks 2 Marks 1 Marks 0.5 Marks 0 Marks Question 3 Secured file sharing using OpenSSL and IPFS Answer is correct All of the commands are correctly and sequentially presented with appropriate screenshots. Answer is correct but not structured All of the commands are correct. But, commands are not sequentially presented. Appropriate screenshots are provided. Answer is partially correct Some of the commands are correct. Commands are not sequentially presented. However, appropriate screenshots are provided for the correct commands. Only few commands are correct Sequence of the commands are not followed Or some of the commands are missing Or screenshots are insufficient/ missing Answer is not correct Or Not answered 4 Marks 4 Marks 3 Marks 2 Marks 1 Marks 0 Marks Question 4 Report writing or implementation The report/ implementation is extra ordinary Report The report is prepared fulfilling all of the requirements Implementation The implementation fulfills all of the requirements. The report/ implementation is good but not up to the mark. Report The report is prepared fulfilling all of the requirements. However, could have been better. Implementation The implementation is good. However, functionalities or user interface could have been better. The report/ implementation is average. Report The report is prepared fulfilling all of the requirements. However, the content is not enough to express the main theme of the given topic. Implementation The implementation is good. However, functionalities or user interface could have been better. The report/ implementation is below average. Report The report is NOT prepared fulfilling all of the requirements. The key topics are not well connected. Presentation is poor Implementation The implementation does not contain some of the key functionalities and user interface is not that good. The report/ implementation is poor. Report The report addresses only few of the requirements. The key topics are missing or not connected. Presentation is poor. Implementation The implementation contains only few of the key functionalities and user interface is not that good. The report/ implementation is very poor. Report None of the requirements are addressed correctly. The key concept is missing. Implementation The implementation does not contain key functionalities and user interface is not good. Not answered 15 Marks 15 Marks 12 Marks 10 Marks 8 Marks 6 Marks 4 Marks 0 Marks
Page 13 of 13 , Question 5 Analyzing authentication protocol for enhancing security Answers are correct Two attack scenarios on the given authentication protocol are presented with appropriate diagram and explanation. Answers are partially correct Only one attack scenario on the authentication protocol is presented with either appropriate diagram or explanation, and the diagram or explanation is missing / incorrect for the other attack scenario. Answers are partially correct Only one attack scenario on the authentication protocol is presented with either appropriate diagram or explanation, and diagram and explanation of other attack scenario is completely wrong. Or Either diagrams/ explanations are correct for both attack scenarios Or Any one from diagram and explanation is correct for both attack scenarios Answers are partially correct. Only one attack scenario on the authentication protocol is presented with either appropriate diagram or explanation, and diagram and explanation of other attack scenario is completely wrong/ missing. Answer is not correct Or Not answered 3 Marks 3 Marks 2.25 Marks 1.5 Marks 0.75 Marks 0 Marks

Recommended

Leader election approach a comparison and survey
Leader election approach a comparison and surveyLeader election approach a comparison and survey
Leader election approach a comparison and survey
Editor Jacotech
 
Numerical Method for Evaluating E-cash Security
Numerical Method for Evaluating E-cash SecurityNumerical Method for Evaluating E-cash Security
Numerical Method for Evaluating E-cash Security
TELKOMNIKA JOURNAL
 
7317ijcis01
7317ijcis017317ijcis01
7317ijcis01
ijcisjournal
 
Failure of A Mix Network
Failure of A Mix NetworkFailure of A Mix Network
Failure of A Mix Network
IJNSA Journal
 
Iaetsd efficient majority logic fault detection with
Iaetsd efficient majority logic fault detection withIaetsd efficient majority logic fault detection with
Iaetsd efficient majority logic fault detection with
Iaetsd Iaetsd
 
Assignment 4-it409-IT Security & Policies questions and answers
Assignment 4-it409-IT Security & Policies questions and answersAssignment 4-it409-IT Security & Policies questions and answers
Assignment 4-it409-IT Security & Policies questions and answers
Karthik Srinivasan
 
Paper id 24201469
Paper id 24201469Paper id 24201469
Paper id 24201469
IJRAT
 
29-Krishan Kumar
29-Krishan Kumar29-Krishan Kumar
29-Krishan Kumar
krishan8018
 

Recommended

Leader election approach a comparison and survey
Leader election approach a comparison and surveyLeader election approach a comparison and survey
Leader election approach a comparison and survey
Editor Jacotech
 
Numerical Method for Evaluating E-cash Security
Numerical Method for Evaluating E-cash SecurityNumerical Method for Evaluating E-cash Security
Numerical Method for Evaluating E-cash Security
TELKOMNIKA JOURNAL
 
7317ijcis01
7317ijcis017317ijcis01
7317ijcis01
ijcisjournal
 
Failure of A Mix Network
Failure of A Mix NetworkFailure of A Mix Network
Failure of A Mix Network
IJNSA Journal
 
Iaetsd efficient majority logic fault detection with
Iaetsd efficient majority logic fault detection withIaetsd efficient majority logic fault detection with
Iaetsd efficient majority logic fault detection with
Iaetsd Iaetsd
 
Assignment 4-it409-IT Security & Policies questions and answers
Assignment 4-it409-IT Security & Policies questions and answersAssignment 4-it409-IT Security & Policies questions and answers
Assignment 4-it409-IT Security & Policies questions and answers
Karthik Srinivasan
 
Paper id 24201469
Paper id 24201469Paper id 24201469
Paper id 24201469
IJRAT
 
29-Krishan Kumar
29-Krishan Kumar29-Krishan Kumar
29-Krishan Kumar
krishan8018
 
Online e voting
Online e votingOnline e voting
Online e voting
MerbinJose
 
InstructionsWork alone. You may not confer with other class me.docx
InstructionsWork alone. You may not confer with other class me.docxInstructionsWork alone. You may not confer with other class me.docx
InstructionsWork alone. You may not confer with other class me.docx
normanibarber20063
 
 risk-based approach of managing information systems is a holistic.docx
 risk-based approach of managing information systems is a holistic.docx risk-based approach of managing information systems is a holistic.docx
 risk-based approach of managing information systems is a holistic.docx
odiliagilby
 
Pg. 01Special Instructions (ProjectDeadline Tue.docx
Pg. 01Special Instructions (ProjectDeadline Tue.docxPg. 01Special Instructions (ProjectDeadline Tue.docx
Pg. 01Special Instructions (ProjectDeadline Tue.docx
karlhennesey
 
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docxDISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
elinoraudley582231
 
Intelligence Density
Intelligence DensityIntelligence Density
Intelligence Density
Ahmed Zyada
 
Info tec Information Systems homework help.docx
Info tec Information Systems homework help.docxInfo tec Information Systems homework help.docx
Info tec Information Systems homework help.docx
write4
 
AOA Week 01.ppt
AOA Week 01.pptAOA Week 01.ppt
AOA Week 01.ppt
INAM352782
 
IRJET-Impact of Manual VS Automatic Transfer Switching on Reliability of Powe...
IRJET-Impact of Manual VS Automatic Transfer Switching on Reliability of Powe...IRJET-Impact of Manual VS Automatic Transfer Switching on Reliability of Powe...
IRJET-Impact of Manual VS Automatic Transfer Switching on Reliability of Powe...
IRJET Journal
 
Strategic plan
Strategic planStrategic plan
Strategic plan
sarpedaniel
 
Acc 564 Exceptional Education / snaptutorial.com
Acc 564 Exceptional Education / snaptutorial.comAcc 564 Exceptional Education / snaptutorial.com
Acc 564 Exceptional Education / snaptutorial.com
Davis139
 
Acc 564 Enhance teaching / snaptutorial.com
Acc 564 Enhance teaching / snaptutorial.comAcc 564 Enhance teaching / snaptutorial.com
Acc 564 Enhance teaching / snaptutorial.com
HarrisGeorg44
 
Testing techniques
Testing techniquesTesting techniques
Testing techniques
RaginiRohatgi
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.com
amaranthbeg113
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.com
amaranthbeg53
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.com
amaranthbeg73
 
ACC 564 NERD Inspiring Innovation--acc564nerd.com
ACC 564 NERD Inspiring Innovation--acc564nerd.comACC 564 NERD Inspiring Innovation--acc564nerd.com
ACC 564 NERD Inspiring Innovation--acc564nerd.com
sachin10091
 
M150 A Fall2010 T01
M150 A Fall2010 T01M150 A Fall2010 T01
M150 A Fall2010 T01
abdalodainat
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.com
claric241
 
You need to analyze the features of three videoconferencing systems
You need to analyze the features of three videoconferencing systems You need to analyze the features of three videoconferencing systems
You need to analyze the features of three videoconferencing systems
walthamcoretta
 
Corporate law-law2001
Corporate law-law2001Corporate law-law2001
Corporate law-law2001
Johnsmith5188
 
Information for-prioritising-brand-decisions
Information for-prioritising-brand-decisionsInformation for-prioritising-brand-decisions
Information for-prioritising-brand-decisions
Johnsmith5188
 

More Related Content

Similar to COSC2536/2537 Security in Computing and Information Technology Assignments

InstructionsWork alone. You may not confer with other class me.docx
InstructionsWork alone. You may not confer with other class me.docxInstructionsWork alone. You may not confer with other class me.docx
InstructionsWork alone. You may not confer with other class me.docx
normanibarber20063
 
 risk-based approach of managing information systems is a holistic.docx
 risk-based approach of managing information systems is a holistic.docx risk-based approach of managing information systems is a holistic.docx
 risk-based approach of managing information systems is a holistic.docx
odiliagilby
 
Pg. 01Special Instructions (ProjectDeadline Tue.docx
Pg. 01Special Instructions (ProjectDeadline Tue.docxPg. 01Special Instructions (ProjectDeadline Tue.docx
Pg. 01Special Instructions (ProjectDeadline Tue.docx
karlhennesey
 
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docxDISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
elinoraudley582231
 
Info tec Information Systems homework help.docx
Info tec Information Systems homework help.docxInfo tec Information Systems homework help.docx
Info tec Information Systems homework help.docx
write4
 
You need to analyze the features of three videoconferencing systems
You need to analyze the features of three videoconferencing systems You need to analyze the features of three videoconferencing systems
You need to analyze the features of three videoconferencing systems
walthamcoretta
 

Similar to COSC2536/2537 Security in Computing and Information Technology Assignments (20)

Online e voting
Online e votingOnline e voting
Online e voting
 
InstructionsWork alone. You may not confer with other class me.docx
InstructionsWork alone. You may not confer with other class me.docxInstructionsWork alone. You may not confer with other class me.docx
InstructionsWork alone. You may not confer with other class me.docx
 
 risk-based approach of managing information systems is a holistic.docx
 risk-based approach of managing information systems is a holistic.docx risk-based approach of managing information systems is a holistic.docx
 risk-based approach of managing information systems is a holistic.docx
 
Pg. 01Special Instructions (ProjectDeadline Tue.docx
Pg. 01Special Instructions (ProjectDeadline Tue.docxPg. 01Special Instructions (ProjectDeadline Tue.docx
Pg. 01Special Instructions (ProjectDeadline Tue.docx
 
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docxDISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docx
 
Intelligence Density
Intelligence DensityIntelligence Density
Intelligence Density
 
Info tec Information Systems homework help.docx
Info tec Information Systems homework help.docxInfo tec Information Systems homework help.docx
Info tec Information Systems homework help.docx
 
AOA Week 01.ppt
AOA Week 01.pptAOA Week 01.ppt
AOA Week 01.ppt
 
IRJET-Impact of Manual VS Automatic Transfer Switching on Reliability of Powe...
IRJET-Impact of Manual VS Automatic Transfer Switching on Reliability of Powe...IRJET-Impact of Manual VS Automatic Transfer Switching on Reliability of Powe...
IRJET-Impact of Manual VS Automatic Transfer Switching on Reliability of Powe...
 
Strategic plan
Strategic planStrategic plan
Strategic plan
 
Acc 564 Exceptional Education / snaptutorial.com
Acc 564 Exceptional Education / snaptutorial.comAcc 564 Exceptional Education / snaptutorial.com
Acc 564 Exceptional Education / snaptutorial.com
 
Acc 564 Enhance teaching / snaptutorial.com
Acc 564 Enhance teaching / snaptutorial.comAcc 564 Enhance teaching / snaptutorial.com
Acc 564 Enhance teaching / snaptutorial.com
 
Testing techniques
Testing techniquesTesting techniques
Testing techniques
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.com
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.com
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.com
 
ACC 564 NERD Inspiring Innovation--acc564nerd.com
ACC 564 NERD Inspiring Innovation--acc564nerd.comACC 564 NERD Inspiring Innovation--acc564nerd.com
ACC 564 NERD Inspiring Innovation--acc564nerd.com
 
M150 A Fall2010 T01
M150 A Fall2010 T01M150 A Fall2010 T01
M150 A Fall2010 T01
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.com
 
You need to analyze the features of three videoconferencing systems
You need to analyze the features of three videoconferencing systems You need to analyze the features of three videoconferencing systems
You need to analyze the features of three videoconferencing systems
 

More from Johnsmith5188

More from Johnsmith5188 (9)

Corporate law-law2001
Corporate law-law2001Corporate law-law2001
Corporate law-law2001
 
Information for-prioritising-brand-decisions
Information for-prioritising-brand-decisionsInformation for-prioritising-brand-decisions
Information for-prioritising-brand-decisions
 
Article analysis
Article analysisArticle analysis
Article analysis
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp uk
 
Finance Assignment Help by EssayCorp Experts in Australia
Finance Assignment Help by EssayCorp Experts in AustraliaFinance Assignment Help by EssayCorp Experts in Australia
Finance Assignment Help by EssayCorp Experts in Australia
 
NIT1201 Introduction to Database System Assignment by USA Experts
NIT1201 Introduction to Database System Assignment by USA ExpertsNIT1201 Introduction to Database System Assignment by USA Experts
NIT1201 Introduction to Database System Assignment by USA Experts
 
Responsibility of the Nurse
Responsibility of the NurseResponsibility of the Nurse
Responsibility of the Nurse
 
Financial modeling & coding
Financial modeling & coding Financial modeling & coding
Financial modeling & coding
 
MATH2088/2988 Number Theory and Cryptography Assignments
MATH2088/2988 Number Theory and Cryptography AssignmentsMATH2088/2988 Number Theory and Cryptography Assignments
MATH2088/2988 Number Theory and Cryptography Assignments
 

Recently uploaded

Recently uploaded (20)

Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learning
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 

COSC2536/2537 Security in Computing and Information Technology Assignments

  • 1. , Page 1 of 13 School of Science COSC2536/2537 Security in Computing and Information Technology Assignment 2 Assessment Type: Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment 2. Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via announcements/relevant discussion forums. Due date: Week 12, Sunday the 20th October 2019 11:59pm Deadlines will not be advanced, but they may be extended. Please check Canvas→Syllabus or via Canvas→Assignments→Assignment 2 for the most up to date information. As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per each working day applies for up to 5 working days late, unless special consideration has been granted. Weighting: 35 marks (Contributes 35% of the total Grade) 1. Overview The objective of Assignment 2 is evaluating your knowledge on the topics covered mainly in Lecture 5 to 10. Topics include Privacy-preserving computations based on RSA, ElGamal and Paillier Cryptosystems; Digital Signature, Blockchain and Cryptocurrency, Digital Authentication & Security Protocols, and Digital Authorization and Intrusion Detection. However, topics covered in Lecture 1 to 10 are required as prerequisite. Assignment-2 will focus on developing your abilities in application of knowledge, critical analysis and decision making. Assignment 2 contains several problems related to the topics mentioned above. You are required to prepare your answers and upload them as a single PDF or Word document in CANVAS. In this assignment, there are 5 (five) questions in total. Question 1 is on Privacy Preserving Online Voting System. The system uses privacy preserving computation technique for computing votes. The term privacy preserving computation is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private. Recently, several controversies have been observed in the voting around the world. Using privacy preserving online voting system removes controversy in a voting system. In question Q1, you are expected to apply your understanding of privacy preserving computation in the context of electronic voting (E-Voting). Question 2 is about the application of Digital Signature Schemes. Question 2 has 3 (three) parts. In the first part, you are expected to demonstrate your understanding of the RSA Encryption algorithm based digital signature scheme for numeric message. In the second part, you are expected to demonstrate your understanding of the ElGamal Encryption algorithm based digital signature scheme for numeric message. In the third part, you are expected to demonstrate
  • 2. , Page 2 of 13 your understanding of the RSA Encryption algorithm based digital signature scheme for text message. For part 1 to 3 of Question 2, values of required parameters are provided including the plaintext or message M and you should demonstrate the key generation, signing and verification processes with detail computations and brief explanations. Marks will be deducted if you fail to show the detail computation correctly, skip the computation steps, or do not provide explanations. Recently, many intruders have stolen highly sensitive files from various organizations and given them to Wikileaks for online publications. Many government agencies including CIA and FBI are among the victims as they didn’t share files in a secure manner. The objective of Question 3 is to demonstrate secure file sharing on a distributed file sharing platform like IPFS using openssl tool. Question 3 is related to OpenSSL and IPFS. In this question, you are expected to demonstrate required OpenSSL and IPFS commands for a given scenario. Additionally, you must provide screenshots of the outcomes for commands. Marks will be deducted if you fail to show the commands correctly, skip any command, or do not provide screenshots. Question 4 is on report writing on Blockchain or implementation of a secure system. In this question, there are 4 (four) options: Q4.1, Q4.2, Q4.3 and Q4.4. You need to choose any 1 among the three options. The first option Q4.1 is on report writing and the rest three options, Q4.2, Q4.3 and Q4.4, are about implementation. If you select Q4.1, you are expected to demonstrate your understanding of the Blockchain and cryptocurrency and choose a system where Blockchain Technology can be applied. Then, you should write a well-organized report on how the Blockchain Technology can impact your chosen system. We are looking for interesting and innovative system design in the report. The report should be appended in the same document where you write the answers for other questions. If you select Q4.2, you are expected to implement a simple blockchain system with a new idea. You are free to choose any system. If you select Q4.3, you are expected to implement a privacy preserving online voting system stated in Q1. If you select Q4.4, you are expected to implement a secure IPFS-based file sharing system stated in Q3. If you choose either Q4.2, Q4.3 or Q4.4, you should demonstrate your implementation to the lecturer or head tutor in Week-11. Additionally, you should upload the code and short documentation on CANVAS. Question 5 is related to analyzing the security of authentication protocols. Your answer should contain both diagram and explanation. Marks will be deducted if you fail to provide diagram and explanation correctly, skip the diagram, or do not provide explanations. Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to start preparing your answers immediately after Lecture-5 (in Week-5). At the end of each week starting from Week-5 to Week-10, you should be able to solve at least one question. If there are questions, you must ask via the relevant Canvas discussion forums in a general manner. Overall, you must follow the special instructions below: • You must use the values provided in the questions.
  • 3. , Page 3 of 13 • Hand-written answers are not allowed and will not be assessed. Compose your answers using any word processing software (e.g. MS Word). • You are required to show all of the steps and intermediate results for each question. • Please DO NOT provide codes as an answer. Only codes will not be assessed. • Upload your solution as a single PDF or Word document in CANVAS. 2. Assessment Criteria This assessment will determine your ability to: • Follow requirements provided in this document and in the lessons. • Independently solve a problem by using cryptography and cryptanalysis concepts taught over the last six weeks from fifth to tenth weeks of the course. • Meeting deadlines. 3. Learning Outcomes This assessment is relevant to the following Learning Outcomes: • understand applications of privacy preserving computation techniques, digital signatures and data hiding techniques. • develop privacy preserving applications and libraries using any programming language of your choice. • understand the life cycle and design principles of Blockchain and Cryptocurrency applications. • analyze the strength and limitations of security protocols. • design new security mechanisms and protocols for any small and large-scale applications. • Implementing a simple secure system • Critically analyze and evaluate the security of computing and IT systems on a practical level and privacy related issues in computing. 4. Assessment details Please ensure that you have read Section 1 to 3 of this document before going further. Assessment details (i.e. question Q1 to Q6) are provided in the next page.
  • 4. , Page 4 of 13 Q1. Privacy Preserving Online Voting System (Marks: 6) Recently, several controversies have been observed in the voting around the world. The voting authority cannot be trusted completely as it can be biased. Using privacy preserving online voting system removes controversy in voting system. In this privacy preserving online voting system, voters encrypt their votes in the voting booth before sending them to the voting authority. A voting server computes an encrypted result on behalf of the voting booth as the voting booth does not have enough computation power. The encrypted result is sent to the voting authority who determines the winner based on encrypted votes. Suppose there are 7 voters to vote for YES or NO to give their opinions. There is a voting authority (VA) who determines the winner. Design a secure voting prototype as shown in Figure-Q1 using Paillier cryptosystem where the votes must be encrypted from Voting Booth before sending them to the Voting Server. Figure-Q1: Secure voting system Assume, three voters will vote for YES and four voters will vote for NO. The Voting Authority should find three YESs and four NOs after counting the votes. The Voting Authority chooses p=89, q=53 and select g=8537. The private numbers chosen by 7 voters and their votes are as follows: Voter No. Voter’s Private Number, r Vote Voting message, m 1 71 YES 001000 = 8 2 72 YES 001000 = 8 3 73 YES 001000 = 8 4 74 NO 000001 = 1 5 75 NO 000001 = 1 6 76 NO 000001 = 1 7 77 NO 000001 = 1 Show the encryption, homomorphic computations and decryption processes.
  • 5. , Page 5 of 13 [Hints: Refer to the lecture-5 Secure e-voting example. You need to represent the total number of votes by 6-bit string. The first 3 (three) bits should represent the votes for YES and the rests for NO. When adding a vote for YES, the system adds 001000, which is 8 in integer. Similarly, the system adds 000001 when voting for NO, which is 1 in the integer form.] Q2. Digital Signatures (Marks: 2+2+3 = 7) Suppose Bob and Alice, two business partners, use their smart phones to communicate with each other regarding their business decisions. Hence, their messages are very sensitive and require to be authenticated. Otherwise, an attacker, say one of their business rivals, may perform phone number porting fraud attack. In this attack, the attacker may use another SIM card to port Alice or Bob’s phone number for pretending as Alice or Bob, respectively. Therefore, BoB and Alice uses digital signature scheme in their smart phone to sign messages for ensuring authenticity. The working procedure of the digital signature is illustrated in FigureQ2. Bob (Sender) Message Signing with Bob’s private-key Signed Message Alice (Receiver) Verified Message Verification with Bob’s public-key Verification Answer Q2.1, Q2.2 and Q2.3 using the scenario mentioned above. Q2.1 [RSA Signature Scheme] (Marks: 2) Suppose Bob (the sender) wants to send a message m=123456 to Alice (the receiver). However, before sending the message he would like to sign the message. When Alice receives the signed message, she would like to verify that the message is indeed from Bob. To facilitate signing and verification Bob generates public and private keys using RSA encryption algorithm and sends the public key to Alice. Bob uses parameter p = 5563 and q = 3821, and chooses a suitable public key parameter e=9623. How would Bob sign message m=123456? How would Alice verify the signed message from Bob? [Hints: Refer to the lecture-6 and tutorial-6. You do not need to generate hash of the message m.] Q2.2 [ElGamal Signature Scheme] (Marks: 2) Suppose Bob (the sender) wants to send a message m=4567 to Alice (the receiver). However, before sending the message he would like sign the message. When Alice receives the signed message, she would like to verify that the message is indeed from Bob. To facilitate signing and verification Bob generates public and private keys using ElGamal encryption algorithm and sends the public key to Alice. Bob chooses p= 7331, g=3411, x=41. How would Bob sign message m=4567? How would Alice verify the signed message from Bob? [Hints: Refer to the lecture-6 and tutorial-6. You do not need to generate hash of the message m.]
  • 6. Page 6 of 13 , Q2.3 [RSA Signature Scheme for Text Message] (Marks: 3) Suppose Bob (the sender) wants to send a large text message M to Alice (the receiver). You should download the text message file “Message.txt” from the CANVAS. The text message M is as follows: Cryptocurrencies continue to grow in price and size. Knowledge about Bitcoin, Litecoin, Ethereum, and others has spread through the entire world. Cryptocurrencies are providing such features and tools that simplify our lives. They are changing the way things work. Some people fear the changes. But changes are not always bad. Cryptocurrencies are modifying our lives, and the way industries develop. There’s no doubt that cryptocurrencies are disrupting and affecting the global economy in many ways. Before sending the message, Bob generates a hash h(M) of the text message M using MD5 hash algorithm, and converts h(M) into integer message m. Then, he signs the m and sends it to Alice. When Alice receives the signed message, she would like to verify that the message is indeed from Bob. To facilitate signing and verification Bob generates public and private keys using RSA encryption algorithm and sends the public key to Alice. Bob uses the following parameters: p = 278966591577398076867954212605012776073 q = 467207331195239613378791200749462989467 Bob chooses a suitable public key parameter e=41. How would Bob sign message M? How would Alice verify the signed message from Bob? [Hints: Refer to the “Running Example of RSA Signature for Text Message” of lecture-6. The document can be found here: https://rmit.instructure.com/courses/46189/files/3608593/download?wrap=1 Use the following links: For generating MD5 hash: http://www.miraclesalad.com/webtools/md5.php For converting hexadecimal to decimal: https://www.mobilefish.com/services/big_number/big_number.php ] Q3. OpenSSL and IPFS (Marks: 4) Assume that an owner of a particular file, say Alice, wants to share the file to her colleague, say Bob. In other words, Alice is the sender and Bob is the receiver. They use an IPFS based file repository and OpenSSL for providing security. Alice and Bob perform several operations using OpenSSL and IPFS to ensure secure file sharing. Throughout the processes, AES symmetric-key and RSA public-key encryption algorithms of OpenSSL are used. You should choose your own file (e.g. a text file with your student number and name) and AES encryption key (e.g. 123456789). The scenario is illustrated in the Figure-Q3 below. You are expected to show the required OpenSSL and IPFS commands sequentially for each step stated below. Please provide screenshot of the outcome for each command. The steps are stated as follows: I. Bob generates RSA public and private key pair for himself using OpenSSL. Bob sends his public key to Alice via email.
  • 7. Page 7 of 13 , II. Alice selects a shared AES secret key (KAB = 123456789). Next, Alice encrypts the file with Alice and Bob’s shared AES secret key (KAB) using OpenSSL and generates a ciphertext file (say, the file name is “ciphertext.txt”). III. Alice uploads the encrypted file in the IPFS-based repository and receives a Unique Identifier (UI). IV. Alice encrypts KAB with Bob’s RSA public key using OpenSSL and gets a ciphertext file (say, the file name is “encrypte-key.txt”). V. Alice sends UI and “encrypted-key.txt” to Bob through email. VI. Upon receiving them, Bob decrypts “encrypte-key.txt” using OpenSSL with his RSA private-key and retrieves the shared AES secret key (KAB). VII. Bob uses Unique Identifier (UI) to download the file from IPFS-based repository with IPFS commands. VIII. Upon receiving the file from IPFS network, Bob decrypts the downloaded file from IPFS network using the shared AES secret key (KAB). [Hints: Use the commands of OpenSSL that are discussed in Lecture-2,4 and IPFS commands that are discussed in Lecture-7]. Figure Q3: IPFS based encrypted file sharing
  • 8. Page 8 of 13 , Q4. Report Writing or Implementation (Marks: 15) Answer Any 1 from Q4.1, Q4.2, Q4.3 and Q4.4 Q4.1 [Writing Report on Blockchain] (Marks: 15) Choose a system where Blockchain Technology can be applied. Write a well-organized report on how the Blockchain Technology can impact your chosen system. You may consider the followings scenarios to prepare your report: • Blockchain based Financial System • Blockchain based Real Estate Management Systems • Blockchain based Healthcare • Blockchain based smart city • Blockchain based smart manufacturing • Blockchain based supply-chain • Blockchain based E-Commerce • Blockchain based IoT applications In this report, you expected to provide necessary background of the system you choose and the blockchain technology. Presenting an innovative scenario is highly appreciated. Most importantly, a detail system design should be presented. Q4.2 [Implementing a Blockchain System] (Marks: 15) In this question, you are expected to implement a blockchain system a scenario stated in Q4.1. You are allowed to use any programming language or scripting language such as Java, PHP, Python, JavaScript, etc. Your implementation must have a good graphical user interface (GUI). Upon completion of the implementation, you are expected to: I. Demonstrate your work to the lecturer or head tutor in Week-11 & 12 tutorials II. Create a short report containing the implementation details and user instructions III. Upload your code and report Q4.3 [Implementing a Privacy-preserving Online Voting System] (Marks: 15) In this question, you are expected to implement an online voting system using the concept of Paillier encryption scheme based privacy-preserving computation (refer to the scenario stated in Q1 of this assignment). You are allowed to use any programming language or scripting language such as Java, PHP, Python, JavaScript, etc. Your implementation must have a good graphical user interface (GUI). Upon completion of the implementation, you are expected to: I. Demonstrate your work to the lecturer or head tutor in Week-11 & 12 tutorials II. Create a report containing the implementation details and user instructions III. Upload your code and report Q4.4 [Implementing a Secure File Sharing System] (Marks: 15)
  • 9. Page 9 of 13 , In this question, you are expected to implement a secure file sharing system using the concept of the scenario stated in Q3 of this assignment. You are allowed to use any programming language or scripting language such as Java, PHP, Python, JavaScript, etc. Your implementation must have a good graphical user interface (GUI). Upon completion of the implementation, you are expected to: I. Demonstrate your work to the lecturer or head tutor in Week-11 & 12 tutorials II. Create a report containing the implementation details and user instructions III. Upload your code and report Q5. Analyzing Security of Authentication Protocol (Marks: 3) The following mutual authentication protocol is proposed based on a symmetric-key cryptography algorithm. We assume that the cryptography algorithm that is used here is secure. Given that the following protocol does not provide mutual authentication. Give two different attack scenarios where Trudy can convince Bob that she is Alice. Briefly explain each attack scenario performed by Trudy with proper diagram which on the protocol. “Alice”, RA RB,E(RA, KAB) E(RB, KAB) Alice Bob [Hints: You need to show two attack scenarios performed by Trudy with proper diagram on the protocol. Additionally, provide brief explanation of attacks to justify your answer. Refer to attack scenarios on mutual authentication protocols that were discussed during the Lecture-9 and Tutorial-9.] 5. Academic integrity and plagiarism (standard warning) Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas. You should take extreme care that you have: • Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly copied), summarized, paraphrased, discussed or mentioned in your assessment through the appropriate referencing methods, • Provided a reference list of the publication details so your reader can locate the source if necessary. This includes material taken from Internet sites.
  • 10. Page 10 of 13 , If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own. RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of inappropriate behaviors, including: • Failure to properly document a source • Copyright material from the internet or databases • Collusion between students For further information on our policies and procedures, please refer to the University website. 6. Assessment declaration When you submit work electronically, you agree to the assessment declaration.
  • 11. Page 11 of 13 , 7. Rubric/assessment criteria for marking All of the computations must be correct and only provided values must be used. Instructions must be followed. Criteria The characteristic or outcome that is being judged. Total Question 1 Privacy- Preserving Computation Step-by-step processes are shown with detail computations. All of the computations shown are correct. Step-by-step processes are shown with detail computations. Most of the computations are correct with few errors. Step-by-step processes are shown with detail computations. Most of the computations are incorrect with few correct computations. Step-by-step processes are shown with detail computations. But all of the calculations are wrong. Steps are not shown with detail computations. Or, Not answered. 6 Marks 6 Marks 4 Marks 2 Marks 1 Marks 0 Marks Question 2.1 Digital Signature using RSA Encryption Algorithm Step-by-step processes of both signing and verification are shown. All of the computations are shown correctly in detail. Step-by-step processes of both signing and verification are shown. Not all of the computations are shown correctly in detail. Step-by-step processes of signing are shown correctly. However, verification steps are not shown or incorrectly shown. Step-by-step processes of signing are shown that are partially correct/ completely wrong. Or, only Verification steps are correct. None of the steps are shown correctly. Or, Calculations are not shown in detail. Or, Not answered. 2 Marks 2 Marks 1.5 Marks 1 Marks 0.5 Marks 0 Marks Question 2.2 Digital Signature using ElGamal Encryption Algorithm Step-by-step processes of both signing and verification are shown. All of the computations are shown correctly in detail. Step-by-step processes of both signing and verification are shown. Not all of the computations are shown correctly in detail. Step-by-step processes of signing are shown correctly However, verification steps are not shown or incorrectly shown Step-by-step processes of signing are shown that are partially correct/ completely wrong Or Only Verification steps are correct None of the steps are shown correctly Or Calculations are not shown in detail Or Not answered 2 Marks 2 Marks 1.5 Marks 1 Marks 0.5 Marks 0 Marks
  • 12. Page 12 of 13 , Question 2.3 Digital Signature using RSA Encryption Algorithm for large message Step-by-step processes of both signing and verification are shown All of the computations are shown correctly in detail Step-by-step processes of both signing and verification are shown Not all of the computations are shown correctly in detail Step-by-step processes of signing are shown correctly However, verification steps are not shown or incorrectly shown Step-by-step processes of signing are shown that are partially correct/ completely wrong Or Only Verification steps are correct None of the steps are shown correctly Or Calculations are not shown in detail Or Not answered 3 Marks 3 Marks 2 Marks 1 Marks 0.5 Marks 0 Marks Question 3 Secured file sharing using OpenSSL and IPFS Answer is correct All of the commands are correctly and sequentially presented with appropriate screenshots. Answer is correct but not structured All of the commands are correct. But, commands are not sequentially presented. Appropriate screenshots are provided. Answer is partially correct Some of the commands are correct. Commands are not sequentially presented. However, appropriate screenshots are provided for the correct commands. Only few commands are correct Sequence of the commands are not followed Or some of the commands are missing Or screenshots are insufficient/ missing Answer is not correct Or Not answered 4 Marks 4 Marks 3 Marks 2 Marks 1 Marks 0 Marks Question 4 Report writing or implementation The report/ implementation is extra ordinary Report The report is prepared fulfilling all of the requirements Implementation The implementation fulfills all of the requirements. The report/ implementation is good but not up to the mark. Report The report is prepared fulfilling all of the requirements. However, could have been better. Implementation The implementation is good. However, functionalities or user interface could have been better. The report/ implementation is average. Report The report is prepared fulfilling all of the requirements. However, the content is not enough to express the main theme of the given topic. Implementation The implementation is good. However, functionalities or user interface could have been better. The report/ implementation is below average. Report The report is NOT prepared fulfilling all of the requirements. The key topics are not well connected. Presentation is poor Implementation The implementation does not contain some of the key functionalities and user interface is not that good. The report/ implementation is poor. Report The report addresses only few of the requirements. The key topics are missing or not connected. Presentation is poor. Implementation The implementation contains only few of the key functionalities and user interface is not that good. The report/ implementation is very poor. Report None of the requirements are addressed correctly. The key concept is missing. Implementation The implementation does not contain key functionalities and user interface is not good. Not answered 15 Marks 15 Marks 12 Marks 10 Marks 8 Marks 6 Marks 4 Marks 0 Marks
  • 13. Page 13 of 13 , Question 5 Analyzing authentication protocol for enhancing security Answers are correct Two attack scenarios on the given authentication protocol are presented with appropriate diagram and explanation. Answers are partially correct Only one attack scenario on the authentication protocol is presented with either appropriate diagram or explanation, and the diagram or explanation is missing / incorrect for the other attack scenario. Answers are partially correct Only one attack scenario on the authentication protocol is presented with either appropriate diagram or explanation, and diagram and explanation of other attack scenario is completely wrong. Or Either diagrams/ explanations are correct for both attack scenarios Or Any one from diagram and explanation is correct for both attack scenarios Answers are partially correct. Only one attack scenario on the authentication protocol is presented with either appropriate diagram or explanation, and diagram and explanation of other attack scenario is completely wrong/ missing. Answer is not correct Or Not answered 3 Marks 3 Marks 2.25 Marks 1.5 Marks 0.75 Marks 0 Marks