Best COSC2536/2537 Security in Computing and Information Technology Assignments Help is now at essaycorp.Our professionals’ writers are here to help you with your information technology assignments.essaycorp assignment writing services are widespread across the US, UK, Australia, New Zealand, and other countries. Hurry up and get an exciting discount on your first order!
Leader election approach a comparison and surveyEditor Jacotech
This document summarizes and compares several leader election algorithms in distributed systems. It discusses the Bully algorithm and some modifications, including using two successors, dividing nodes into sets, and using max-heap and Fibonacci heap data structures. The algorithms are compared based on time complexity, number of messages required, and memory usage. The Fibonacci heap approach is identified as the most efficient with O(log n) time complexity and minimum message passing of log(n).
Security evaluations of electronic cash (e-cash) schemes usually produce an abstract result in
the form of a logical proof. This paper proposes a new method of security evaluation that produces a
quantitative result. The evaluation is done by analyzing the protocol in the scheme using the Markov chain
technique. This method calculates the probability of an attack that could be executed perfectly in the
scheme’s protocol. As proof of the effectiveness of our evaluation method, we evaluated the security of
Chaum’s untraceable electronic cash scheme. The result of our evaluation was compared to the evaluation
result from the pi-calculus method. Both methods produced comparable results; and thus, both could be
used as alternative methods for evaluating e-cash security.
Password authentication with smart card is one of the simplest and efficient authentication mechanisms to ensure secure communication over insecure network environments. Recently, Tsai et al. proposed an improved password authentication scheme for smart card. Their scheme is more secure than the other previous schemes. In this paper, we show Tsai et al.’s scheme is vulnerable to password guessing attack and has computational overhead. Furthermore, we propose an enhanced password authentication scheme to eliminate the security vulnerability and enhance the overhead. By presenting concrete analysis of security and performance, we show that the proposed scheme cannot only resist various well known attacks, but also is more efficient than the other related works, and thus is feasible for practical applications.
A mix network by Wikstrom fails in correctness, provable privacy and soundness. Its claimed advantages in security and efficiency are compromised. The analysis in this paper illustrates that although the first two failures may be fixed by modifying the shuffling protocol, the last one is too serious to fix at a tolerable cost. Especially, an attack is proposed to show how easily soundness of the shuffling scheme can be compromised. Moreover, the most surprising discovery in this paper is that it is formally illustrated that in practice it is impossible to fix soundness of the shuffling scheme by Wikstrom
This document discusses error correction codes used in computer memory. It begins by describing the two main types of computer memory: read-only memory (ROM) and random access memory (RAM). It then discusses error correction codes, which are used to protect memory from soft errors. Majority logic decoding is introduced as a simple decoding method for some error correction codes. However, majority logic decoding can be slow for large memory sizes. The document goes on to propose an accelerated majority logic decoding method for difference-set low density parity check codes that relies on the first few iterations of decoding to detect errors, improving decoding speed. It also discusses extending this approach to Euclidean geometry low density parity check codes.
Assignment 4-it409-IT Security & Policies questions and answersKarthik Srinivasan
This document provides instructions for Assignment 4 for the IT Security and Policies course. It states that the assignment is due on April 21, 2018 at 11:59 pm with a total of 4 marks. It provides instructions for submitting the assignment and warns that plagiarism will result in zero marks. The assignment contains 4 questions related to access control management, web application security flaws, cryptography, and security incident response times.
This document proposes an Android application that uses Huffman encoding to compress SMS messages. It summarizes that Huffman coding assigns shorter code words to more frequently used symbols, allowing SMS text to be compressed. The application requires installation on both the sender and receiver's phones to decompress messages. Testing showed the technique achieved up to 89% compression, reducing the size of example SMS texts. The summary provides an overview of the key points about using Huffman coding for SMS compression and the proposed mobile application.
This document discusses code obfuscation techniques for protecting software from reverse engineering. It begins with an abstract discussing the use of code obfuscation to protect proprietary algorithms and keys from extraction during reverse engineering. It then provides definitions of code obfuscation and discusses classifications of obfuscation techniques including layout, data, control, and preventive obfuscations. The document surveys various code obfuscation techniques from literature and evaluates them based on criteria like potency, resilience, cost, and resistance to static and dynamic attacks. It concludes with a discussion of empirical evaluation of obfuscation techniques.
Leader election approach a comparison and surveyEditor Jacotech
This document summarizes and compares several leader election algorithms in distributed systems. It discusses the Bully algorithm and some modifications, including using two successors, dividing nodes into sets, and using max-heap and Fibonacci heap data structures. The algorithms are compared based on time complexity, number of messages required, and memory usage. The Fibonacci heap approach is identified as the most efficient with O(log n) time complexity and minimum message passing of log(n).
Security evaluations of electronic cash (e-cash) schemes usually produce an abstract result in
the form of a logical proof. This paper proposes a new method of security evaluation that produces a
quantitative result. The evaluation is done by analyzing the protocol in the scheme using the Markov chain
technique. This method calculates the probability of an attack that could be executed perfectly in the
scheme’s protocol. As proof of the effectiveness of our evaluation method, we evaluated the security of
Chaum’s untraceable electronic cash scheme. The result of our evaluation was compared to the evaluation
result from the pi-calculus method. Both methods produced comparable results; and thus, both could be
used as alternative methods for evaluating e-cash security.
Password authentication with smart card is one of the simplest and efficient authentication mechanisms to ensure secure communication over insecure network environments. Recently, Tsai et al. proposed an improved password authentication scheme for smart card. Their scheme is more secure than the other previous schemes. In this paper, we show Tsai et al.’s scheme is vulnerable to password guessing attack and has computational overhead. Furthermore, we propose an enhanced password authentication scheme to eliminate the security vulnerability and enhance the overhead. By presenting concrete analysis of security and performance, we show that the proposed scheme cannot only resist various well known attacks, but also is more efficient than the other related works, and thus is feasible for practical applications.
A mix network by Wikstrom fails in correctness, provable privacy and soundness. Its claimed advantages in security and efficiency are compromised. The analysis in this paper illustrates that although the first two failures may be fixed by modifying the shuffling protocol, the last one is too serious to fix at a tolerable cost. Especially, an attack is proposed to show how easily soundness of the shuffling scheme can be compromised. Moreover, the most surprising discovery in this paper is that it is formally illustrated that in practice it is impossible to fix soundness of the shuffling scheme by Wikstrom
This document discusses error correction codes used in computer memory. It begins by describing the two main types of computer memory: read-only memory (ROM) and random access memory (RAM). It then discusses error correction codes, which are used to protect memory from soft errors. Majority logic decoding is introduced as a simple decoding method for some error correction codes. However, majority logic decoding can be slow for large memory sizes. The document goes on to propose an accelerated majority logic decoding method for difference-set low density parity check codes that relies on the first few iterations of decoding to detect errors, improving decoding speed. It also discusses extending this approach to Euclidean geometry low density parity check codes.
Assignment 4-it409-IT Security & Policies questions and answersKarthik Srinivasan
This document provides instructions for Assignment 4 for the IT Security and Policies course. It states that the assignment is due on April 21, 2018 at 11:59 pm with a total of 4 marks. It provides instructions for submitting the assignment and warns that plagiarism will result in zero marks. The assignment contains 4 questions related to access control management, web application security flaws, cryptography, and security incident response times.
This document proposes an Android application that uses Huffman encoding to compress SMS messages. It summarizes that Huffman coding assigns shorter code words to more frequently used symbols, allowing SMS text to be compressed. The application requires installation on both the sender and receiver's phones to decompress messages. Testing showed the technique achieved up to 89% compression, reducing the size of example SMS texts. The summary provides an overview of the key points about using Huffman coding for SMS compression and the proposed mobile application.
This document discusses code obfuscation techniques for protecting software from reverse engineering. It begins with an abstract discussing the use of code obfuscation to protect proprietary algorithms and keys from extraction during reverse engineering. It then provides definitions of code obfuscation and discusses classifications of obfuscation techniques including layout, data, control, and preventive obfuscations. The document surveys various code obfuscation techniques from literature and evaluates them based on criteria like potency, resilience, cost, and resistance to static and dynamic attacks. It concludes with a discussion of empirical evaluation of obfuscation techniques.
The purpose of this master‘s project is to develop an Online E-Voting prototype system
utilizing the Paillier Threshold Cryptosystem (PTC) web services and applying MESE processes
to it in an attempt to find possible solutions to further improve existing PTC web services.
Online voting (e-voting) would be more convenient, relatively secure and utilize fewer
resources. To be able to access e-voting system from a personal, business or even a public library
computer may be more convenient for many people needing to vote. This could potentially be a
solution for the low voter turnout at the polls. However, it is still questionable whether elections
can be conducted online or over the internet due to the high level of concern over security.
InstructionsWork alone. You may not confer with other class me.docxnormanibarber20063
Instructions
Work alone. You may not confer with other class members, or anyone else, directly or by e-mail or otherwise, regarding the questions, issues, or your answers. You may use your notes, assigned readings, Library resources, other published materials, the LEO online class site for this course, and Internet sources, keeping in mind your responsibility to give proper attribution to sources of material you use in your responses.
The test is worth 25% of your grade for the course. It is scored on the basis of 100 points for the exam.
For the short answer section, bear in mind that a clear concise response that directly answers the question asked is always preferable to providing large volumes of potentially relevant information in the hope that the “right” answer will somehow be included. Please be sure to read each question carefully to be sure you know what is being asked so that you can answer the question completely.
When composing your answers to the essay questions, be thorough. Each essay asks you to consider multiple ideas and to actually address more than one subordinate questions, so make sure your answers are complete. Be sure to identify any assumptions you are making in developing your answers, and describe how your answer would change if the assumptions were different.
While composing your answers to the essay questions, be very careful to cite your sources. It is easy to get careless and forget to footnote a source. Remember, failure to cite sources constitutes an academic integrity violation. Use APA style for citations and references.
In preparing your exam for submission, please follow these instructions precisely:
1. Use this document as a template, i.e., fill in your answers in the indicated locations.
2. Modify the header to show your name.
3. Submit your completed exam as a Microsoft Word or RTF document via your LEO Assignment folder no later than 11:59 p.m. Eastern Standard Time on December 17, 2017. Late submissions may be subject to a grade penalty.
Please submit questions regarding the exam to your instructor at [email protected]. If questions submitted via email are generic, your instructor will post them in the Final Exam Q&A forum, without revealing their source.
Exam Questions
Part 1: True or False Questions. (10 questions at 1 point each)
1. T F
To have a Snort rule match on both inbound and outbound traffic, the rule should use the flow:to_server,from_client,established; option. Answer: _____
2. T F
Host-based IDS can be used to monitor compliance with corporate policies such as acceptable use of computer resources. Answer: _____
3. T F
An on-demand operational IDS model is not suitable if legally admissible data collection is required. Answer: _____
4. T F
Current criminal and civil procedure laws and rules of evidence do not apply to digital and electronic forms of evidence such as IDS logs. Answer: _____
5. T F
Snort unified output handling tools are used to off-.
risk-based approach of managing information systems is a holistic.docxodiliagilby
risk-based approach of managing information systems is a holistic activity that should be fully integrated into every aspect of the organization, from planning and system development lifecycle processes to security controls allocation and continuous monitoring. The selection and specification of security controls support effectiveness, efficiency, and constraints via appropriate laws, directives, policies, standards, and regulations.
The NIST Special Publication 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems provides a disciplined and structured process that integrates information security and risk management activities into the development lifecycle by identifying the following six steps:
• Step 1 – Use an impact analysis to categorize the system and the information it processes, stores, and transmits.
• Step 2 – Select the set of initial or baseline security controls for the system based on the security categorization. Tailor and supplement the set of baseline security controls according to the organizational assessment of the risk and the conditions of the operational environment. Develop a strategy for continuous monitoring to achieve security control effectiveness. Document all the controls in the security plan. Review and approve the security plan.
• Step 3 – Implement the security controls and describe how the security controls are employed within the system and its environment of operation.
• Step 4 – Assess the security controls using the appropriate procedures as documented in the assessment plan. This assessment determines whether the security controls have been implemented correctly and will effectively produce the intended outcome.
• Step 5 – Authorize information system operation if the estimated risk resulting from the operation is acceptable. The assessment considers risk to organizational assets and operations (including mission, functions, image, or reputation), individuals, and other organizations.
• Step 6 – Monitor the security controls on an ongoing basis. Monitoring includes assessing control effectiveness, documenting changes to the system or its environment of operation, conducting security impact analyses of these changes, and reporting the security state of the system to designated officials.
While the risk management framework is adaptable to most scenarios, it defaults to the traditional IT environment and requires customization to successfully address the unique characteristics of cloud-based services and solutions. The CRMF closely follows the original RMF approach. Table E.1 shows the aforementioned six steps listed in the right column, with each step grouped into one of the three main activities in the left column that collectively comprise the risk management process:
Table E.1 The six steps are mapped to each of the three activities comprising the CRMF.
Adopting the approach outlined by these steps enables organizations to systematically identify their common, hybrid ...
Pg. 01
Special Instructions
(
Project
Deadline: Tuesday 31/03/2020 @ 23:59
[Total Mark for this
Project
is
9
]
) (
IT Security and Policies
IT409
)
(
Instructions:
You must submit two separate copies
(one Word file and one PDF file)
using this Template
on Blackboard via the allocated folder. These files
must not be in compressed format
.
It is your responsibility to check and make sure that you have uploaded both the correct files.
Zero mark will be given if you try to bypass the SafeAssign (e.g. misspell words, remove spaces between words, hide characters, use different character sets or languages other than English or any kind of manipulation).
Email submission will not be accepted.
You are advised to make your work clear and well-presented. This includes filling your information on the cover page.
You must use this template, failing which will result in zero mark.
You MUST show all your work, and text
must not
be converted into an image, unless specified otherwise by the question.
Late submission will result in ZERO mark.
The work should be your own, copying from students or other resources will result in ZERO mark.
Use
Times New Roman
font for all your answers.
) (
Student Details:
Name:
###
CRN
:
###
ID:
###
Group : ###
)
College of Computing and Informatics
Special Instructions
To answer the questions effectively, please follow the below instructions:
· Each team might contain three students. Each student must conduct an interview with cybersecurity employee in the chosen company as individual, which mean each group should have three filled questionnaires.
· Use your analysis skills to analyze all data collected by your team.
· It is possible to measure the significance of collected data by countering the frequency of each item (i.e. if the item frequent three times, this mean it is very significant)
· You should answer the questions in this research activity as group.
______________________________________________________________________
(
Learning Outcome(s):
LO
1, LO2, LO3, LO4, LO5, LO6
) (
4
Marks
)Questionnaire Section 1.0: Introduction
In this era, the revolution of information technology is changing several aspects of enterprises’ practices. One of these changes is many enterprises make their systems available online. This most likely is encouraging cyber criminals to hack these systems. One of the approaches that help to mitigate cybersecurity risks is adopting of Information Security Policy (ISP). However, it is not known to what extent the enterprises in Saudi Arabia are adopting Information Security Policy in general, and in small and medium enterprises’ (SMEs) in particular. This research project aims to discover the success factors for the adoption of Information Security Policy in Saudi SMEs.
Section 2.0: Profile of Responding Manager or Owner
Please indicate
1. Your job role:
Owner
Chief Executiveofficer (CEO)
Manager
Other (Please specify):
2. Your gender:
Male
Female
3. How many y ...
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docxelinoraudley582231
DISCUSSION 1
The Internet of Things (IoT) is based upon emerging applications of technologies. A number of security researchers have expressed concerns that this blending of emerging technologies with the Internet will provide new opportunities for cyber criminals and terrorists.
Pick one of the emerging applications of technologies that belongs to the Internet of Things (see the readings and videos for this week) and research how it can be attacked by bad guys. Using the security criteria from the five pillars of information assurance, write a 250+ word analysis of the risks and vulnerabilities associated with your chosen technology. The five pillars are:
1 confidentiality
2 integrity
3 availability
4 authentication
5 nonrepudiation
Remember to cite your sources using APA format in-text citations and include an APA format reference list at the end of your response posting.
DISCUSSION 2
The International Telecommunications Union (2005) report described four categories of technologies which can be linked together to form an Internet of Things.
Enabling Technologies:
1. Tagging things: RFID and similar technologies
2. Feeling things: Sensor technologies
3. Thinking things: Smart technologies
4. Shrinking things: Nanotechnology
Choose one of these categories.
What are the leading technologies in your selected category?
How do they contribute to the Internet of Things?
What types of privacy or security concerns surround the technologies in your selected category?
Your initial posting should be 250+ words and be supported by citations and references in APA format.
Reference
International Telecommunications Union. (2005). ITU Internet reports 2005: The Internet of things [Executive Summary]. Retrieved from http://www.itu.int/osg/spu/publications/internetofthings/InternetofThings_summary.pdf
MATH233 Unit 1 Individual Project
To communicate most effectively, network administrators attempt to maximize bandwidth and throughput speeds to achieve high data transmission rates within the building’s CAT5e cables. These performance data transfer rates are given in multiples of unit bits per second (bps). In the table below, the school’s IT department estimates the network throughput that is required in the near future. The network manager has asked you to use these data to analyze the current traffic load and the network's overall capacity.
Estimates given in the table below suggest that your network throughput can transfer Gigabits (Gb) of data in seconds for each user.
For each question, be sure to show all your work details for full credit.Round all numerical answers to three decimal places.
1. Research and define the concepts of maximum theoretical throughput, channel capacity, and bandwidth. Next, explain the difference between CAT5e and CAT6 Ethernet cables. What specific speeds can each of these cables handle? Listing credible cited resources, please answer these below.
2. In the table below, based on the first letter of your last name, pleas.
Intelligence Density (ID) is a framework that measures the productivity and quality of knowledge work outputs from decision support systems. It assesses four key areas: the quality of the system's model in terms of accuracy, explainability, and response time; the engineering dimensions such as flexibility, scalability, and ease of use; the quality of available resources like tolerance for noise and complexity; and logistical constraints regarding independence from experts and development speed. The document provides examples of how ID could be applied to evaluate different systems based on these criteria.
Info tec Information Systems homework help.docxwrite4
This document provides a series of multiple choice questions about information security topics such as computer crimes, authentication, encryption, and digital signatures. It also includes two essay questions about using public/private key pairs for encryption and signatures, and how a new data storage company called SecureStore could satisfy their requirements for securely transmitting and backing up customer data while keeping costs low.
The document discusses problem solving in computer science and algorithms. It defines an algorithm as a clearly defined set of steps to solve a problem. Key characteristics of algorithms are that they are unambiguous, have well-defined inputs and outputs, terminate in a finite number of steps, and are independent of programming languages. Examples of algorithms that find the largest number among three inputs and calculate a factorial are provided. The document also discusses sorting problems and examples of problems solved by algorithms like the human genome project, internet routing, and electronic commerce.
IRJET-Impact of Manual VS Automatic Transfer Switching on Reliability of Powe...IRJET Journal
The document describes a proposed e-learning system that uses cryptography and data mining techniques to provide security and personalized recommendations. Elliptic curve cryptography is used to authenticate users and encrypt data for security. A decision tree algorithm classifies learner information and course content to recommend additional courses tailored to each learner's interests and behavior. The system aims to address security and privacy issues in e-learning while enhancing the learning experience through targeted content filtering and recommendations.
Daniel Sarpe created a strategic plan to become a Network Security Specialist. His plan was to earn an AAS in Network Security from Germanna Community College, then transfer to the University of Mary Washington to earn a bachelor's degree in Information Assurance. Key courses in his education included Introduction to LANs, Introduction to WANs, Network and Internet Security, and Programming. The average salary for a security specialist in 2008 was between $85,000 and $112,000.
This document provides details for the ACC 564 Entire Course, including discussion questions, assignments, quizzes and exams for each week. It lists the topics that will be covered each week such as information needs for accounting information systems, attacks on systems, securing data, and fraud prevention. It also provides sample exam questions at the end to demonstrate the type of material covered in the assessments.
Please check the details below
ACC 564 Week 1 DQ 1 Value of Information and DQ 2 AIS
ACC 564 Week 2 DQ 1 Evaluation of Documentation Tools and DQ 2 David Miller
ACC 564 Week 2 Assignment 1 Information Needs for the AIS (2 Papers)
ACC 564 Week 3 DQ 1 Attacks and DQ 2 Revamping the Sarbanes-Oxley Act (SOX)
The document discusses various software testing techniques including black box testing, white box testing, and grey box testing. It provides details on specific techniques such as equivalence partitioning, boundary value analysis, statement coverage, condition coverage, function coverage, and cyclomatic complexity. The objective is to understand these techniques so they can be used effectively to test applications and find defects.
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline
Cst 630 Education is Power/newtonhelp.comamaranthbeg73
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR).
You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report]
This document provides details for the ACC 564 entire online course, including discussion questions, assignments, quizzes and exams for each week. It lists the topics that will be covered each week such as information needs for accounting information systems, attacks on systems, fraud detection, and databases. It also includes 50 multiple choice questions that make up the final exam for the course which covers topics like data flow diagrams, internal controls, risk assessment, and auditing.
This document provides instructions for a tutor-marked assignment (TMA) assessing understanding of units 1, 2, 6, and 7 from an M150 Data, Computing, and Information course. It consists of 5 questions worth a total of 100 marks. The document provides details for each question, including what units they assess and examples of what should be included in responses. It also provides context for questions, such as describing flowcharts and formulas to use. Students are instructed to write their solutions in a single word document with their name and identification and submit it electronically by the deadline.
FOR MORE CLASSES VISIT
www.cst630rank.com
Project 1 Step 1: Conduct a Security Analysis Baseline In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR). You
You need to analyze the features of three videoconferencing systems walthamcoretta
You need to analyze the features of three videoconferencing systems and provide an overview of each system. After you complete the overview of the systems, you'll recommend a system which best meets the business functionality and security requirements. You will also prepare a set of high level executive briefing slides to give the CEO and CIO an overview of your study. Your study and recommendation will be critical to the company's success.
Cybersecurity professionals are frequently required to assess the security, risk applications, and systems for business communications before they can be added to an organization's network. CISOs need to assess risks posed to the organization and develop new security measures or adjust current measures to address these risks appropriately. These evaluations involve comparing competing applications or systems against the organization's baseline to determine the best balance between business needs and the security and risk appetite of the organization.
Videoconferencing and collaboration systems vary in cost, configuration, functionality, use, and collaboration capability. These systems are trusted to facilitate sensitive and proprietary discussions through their use of encrypted communication channels. Yet these systems have vulnerabilities and are prone to threats and attacks ranging from phishing, credential compromise, and even malware insertion. Therefore, analysis of possible threats, attacks, and vulnerabilities inherent in these systems is critical in developing defense and protection strategies for voice and video data at all endpoints and during transit.
In this project, you will create a proposal for a secure videoconferencing system, which will include an executive summary, briefing/slide presentation, and lab report. The details can be found in the final step of the project.
There are six steps to the project, and the project as a whole should take about two weeks to complete. Begin with the workplace scenario and then continue to Step 1.
Deliverables
Proposal for Secure Videoconferencing, Slides to Support Executive Briefing, Lab Report
Step 1: Develop Functional Requirements for Videoconferencing
The first step in your proposal for a secure videoconferencing system is to develop a set of functional requirements for videoconferencing that you believe the media company will need based on its geographic dispersion and business needs.
In developing those requirements, research three videoconferencing solutions such as Skype, GotoMeeting, Polycom, and Cisco Webex and explain their capabilities, advantages, and disadvantages. Identify costs as well as implementation and support requirements.
The functional requirements and the three possible solutions will be a section of your Proposal for Secure Videoconferencing. In the next step, you will review the challenges of implementing those solutions.
Step 2: Discuss Implementation Challenges
In the previous step, you outlined the requirements ...
Students will be presented with three case studies on directors' and officers' duties incorporating legal issues taken from Modules 3 and 4 up to and including Topic 4.1. Students are to answer either a single question or a series of questions about each of these case studiesin approximately 2 500 - 3 000 wordsin total and submit their written responses via Turnitin on Blackboard
Information for-prioritising-brand-decisionsJohnsmith5188
This document provides instructions for Assignment 3 which is worth 45% of the unit total. Students must individually write a 3000 word report from the perspective of a telecommunications provider on prioritizing image and brand decisions. The report must include an introduction outlining the structure and significance of branding, research objectives and required information to meet those objectives, a description of the recommended research design and methodology, and a conclusion. Marks will be awarded based on meeting the structural requirements and demonstrating an understanding of applying research to inform brand decision making.
More Related Content
Similar to COSC2536/2537 Security in Computing and Information Technology Assignments
The purpose of this master‘s project is to develop an Online E-Voting prototype system
utilizing the Paillier Threshold Cryptosystem (PTC) web services and applying MESE processes
to it in an attempt to find possible solutions to further improve existing PTC web services.
Online voting (e-voting) would be more convenient, relatively secure and utilize fewer
resources. To be able to access e-voting system from a personal, business or even a public library
computer may be more convenient for many people needing to vote. This could potentially be a
solution for the low voter turnout at the polls. However, it is still questionable whether elections
can be conducted online or over the internet due to the high level of concern over security.
InstructionsWork alone. You may not confer with other class me.docxnormanibarber20063
Instructions
Work alone. You may not confer with other class members, or anyone else, directly or by e-mail or otherwise, regarding the questions, issues, or your answers. You may use your notes, assigned readings, Library resources, other published materials, the LEO online class site for this course, and Internet sources, keeping in mind your responsibility to give proper attribution to sources of material you use in your responses.
The test is worth 25% of your grade for the course. It is scored on the basis of 100 points for the exam.
For the short answer section, bear in mind that a clear concise response that directly answers the question asked is always preferable to providing large volumes of potentially relevant information in the hope that the “right” answer will somehow be included. Please be sure to read each question carefully to be sure you know what is being asked so that you can answer the question completely.
When composing your answers to the essay questions, be thorough. Each essay asks you to consider multiple ideas and to actually address more than one subordinate questions, so make sure your answers are complete. Be sure to identify any assumptions you are making in developing your answers, and describe how your answer would change if the assumptions were different.
While composing your answers to the essay questions, be very careful to cite your sources. It is easy to get careless and forget to footnote a source. Remember, failure to cite sources constitutes an academic integrity violation. Use APA style for citations and references.
In preparing your exam for submission, please follow these instructions precisely:
1. Use this document as a template, i.e., fill in your answers in the indicated locations.
2. Modify the header to show your name.
3. Submit your completed exam as a Microsoft Word or RTF document via your LEO Assignment folder no later than 11:59 p.m. Eastern Standard Time on December 17, 2017. Late submissions may be subject to a grade penalty.
Please submit questions regarding the exam to your instructor at [email protected]. If questions submitted via email are generic, your instructor will post them in the Final Exam Q&A forum, without revealing their source.
Exam Questions
Part 1: True or False Questions. (10 questions at 1 point each)
1. T F
To have a Snort rule match on both inbound and outbound traffic, the rule should use the flow:to_server,from_client,established; option. Answer: _____
2. T F
Host-based IDS can be used to monitor compliance with corporate policies such as acceptable use of computer resources. Answer: _____
3. T F
An on-demand operational IDS model is not suitable if legally admissible data collection is required. Answer: _____
4. T F
Current criminal and civil procedure laws and rules of evidence do not apply to digital and electronic forms of evidence such as IDS logs. Answer: _____
5. T F
Snort unified output handling tools are used to off-.
risk-based approach of managing information systems is a holistic.docxodiliagilby
risk-based approach of managing information systems is a holistic activity that should be fully integrated into every aspect of the organization, from planning and system development lifecycle processes to security controls allocation and continuous monitoring. The selection and specification of security controls support effectiveness, efficiency, and constraints via appropriate laws, directives, policies, standards, and regulations.
The NIST Special Publication 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems provides a disciplined and structured process that integrates information security and risk management activities into the development lifecycle by identifying the following six steps:
• Step 1 – Use an impact analysis to categorize the system and the information it processes, stores, and transmits.
• Step 2 – Select the set of initial or baseline security controls for the system based on the security categorization. Tailor and supplement the set of baseline security controls according to the organizational assessment of the risk and the conditions of the operational environment. Develop a strategy for continuous monitoring to achieve security control effectiveness. Document all the controls in the security plan. Review and approve the security plan.
• Step 3 – Implement the security controls and describe how the security controls are employed within the system and its environment of operation.
• Step 4 – Assess the security controls using the appropriate procedures as documented in the assessment plan. This assessment determines whether the security controls have been implemented correctly and will effectively produce the intended outcome.
• Step 5 – Authorize information system operation if the estimated risk resulting from the operation is acceptable. The assessment considers risk to organizational assets and operations (including mission, functions, image, or reputation), individuals, and other organizations.
• Step 6 – Monitor the security controls on an ongoing basis. Monitoring includes assessing control effectiveness, documenting changes to the system or its environment of operation, conducting security impact analyses of these changes, and reporting the security state of the system to designated officials.
While the risk management framework is adaptable to most scenarios, it defaults to the traditional IT environment and requires customization to successfully address the unique characteristics of cloud-based services and solutions. The CRMF closely follows the original RMF approach. Table E.1 shows the aforementioned six steps listed in the right column, with each step grouped into one of the three main activities in the left column that collectively comprise the risk management process:
Table E.1 The six steps are mapped to each of the three activities comprising the CRMF.
Adopting the approach outlined by these steps enables organizations to systematically identify their common, hybrid ...
Pg. 01
Special Instructions
(
Project
Deadline: Tuesday 31/03/2020 @ 23:59
[Total Mark for this
Project
is
9
]
) (
IT Security and Policies
IT409
)
(
Instructions:
You must submit two separate copies
(one Word file and one PDF file)
using this Template
on Blackboard via the allocated folder. These files
must not be in compressed format
.
It is your responsibility to check and make sure that you have uploaded both the correct files.
Zero mark will be given if you try to bypass the SafeAssign (e.g. misspell words, remove spaces between words, hide characters, use different character sets or languages other than English or any kind of manipulation).
Email submission will not be accepted.
You are advised to make your work clear and well-presented. This includes filling your information on the cover page.
You must use this template, failing which will result in zero mark.
You MUST show all your work, and text
must not
be converted into an image, unless specified otherwise by the question.
Late submission will result in ZERO mark.
The work should be your own, copying from students or other resources will result in ZERO mark.
Use
Times New Roman
font for all your answers.
) (
Student Details:
Name:
###
CRN
:
###
ID:
###
Group : ###
)
College of Computing and Informatics
Special Instructions
To answer the questions effectively, please follow the below instructions:
· Each team might contain three students. Each student must conduct an interview with cybersecurity employee in the chosen company as individual, which mean each group should have three filled questionnaires.
· Use your analysis skills to analyze all data collected by your team.
· It is possible to measure the significance of collected data by countering the frequency of each item (i.e. if the item frequent three times, this mean it is very significant)
· You should answer the questions in this research activity as group.
______________________________________________________________________
(
Learning Outcome(s):
LO
1, LO2, LO3, LO4, LO5, LO6
) (
4
Marks
)Questionnaire Section 1.0: Introduction
In this era, the revolution of information technology is changing several aspects of enterprises’ practices. One of these changes is many enterprises make their systems available online. This most likely is encouraging cyber criminals to hack these systems. One of the approaches that help to mitigate cybersecurity risks is adopting of Information Security Policy (ISP). However, it is not known to what extent the enterprises in Saudi Arabia are adopting Information Security Policy in general, and in small and medium enterprises’ (SMEs) in particular. This research project aims to discover the success factors for the adoption of Information Security Policy in Saudi SMEs.
Section 2.0: Profile of Responding Manager or Owner
Please indicate
1. Your job role:
Owner
Chief Executiveofficer (CEO)
Manager
Other (Please specify):
2. Your gender:
Male
Female
3. How many y ...
DISCUSSION 1The Internet of Things (IoT) is based upon emerging .docxelinoraudley582231
DISCUSSION 1
The Internet of Things (IoT) is based upon emerging applications of technologies. A number of security researchers have expressed concerns that this blending of emerging technologies with the Internet will provide new opportunities for cyber criminals and terrorists.
Pick one of the emerging applications of technologies that belongs to the Internet of Things (see the readings and videos for this week) and research how it can be attacked by bad guys. Using the security criteria from the five pillars of information assurance, write a 250+ word analysis of the risks and vulnerabilities associated with your chosen technology. The five pillars are:
1 confidentiality
2 integrity
3 availability
4 authentication
5 nonrepudiation
Remember to cite your sources using APA format in-text citations and include an APA format reference list at the end of your response posting.
DISCUSSION 2
The International Telecommunications Union (2005) report described four categories of technologies which can be linked together to form an Internet of Things.
Enabling Technologies:
1. Tagging things: RFID and similar technologies
2. Feeling things: Sensor technologies
3. Thinking things: Smart technologies
4. Shrinking things: Nanotechnology
Choose one of these categories.
What are the leading technologies in your selected category?
How do they contribute to the Internet of Things?
What types of privacy or security concerns surround the technologies in your selected category?
Your initial posting should be 250+ words and be supported by citations and references in APA format.
Reference
International Telecommunications Union. (2005). ITU Internet reports 2005: The Internet of things [Executive Summary]. Retrieved from http://www.itu.int/osg/spu/publications/internetofthings/InternetofThings_summary.pdf
MATH233 Unit 1 Individual Project
To communicate most effectively, network administrators attempt to maximize bandwidth and throughput speeds to achieve high data transmission rates within the building’s CAT5e cables. These performance data transfer rates are given in multiples of unit bits per second (bps). In the table below, the school’s IT department estimates the network throughput that is required in the near future. The network manager has asked you to use these data to analyze the current traffic load and the network's overall capacity.
Estimates given in the table below suggest that your network throughput can transfer Gigabits (Gb) of data in seconds for each user.
For each question, be sure to show all your work details for full credit.Round all numerical answers to three decimal places.
1. Research and define the concepts of maximum theoretical throughput, channel capacity, and bandwidth. Next, explain the difference between CAT5e and CAT6 Ethernet cables. What specific speeds can each of these cables handle? Listing credible cited resources, please answer these below.
2. In the table below, based on the first letter of your last name, pleas.
Intelligence Density (ID) is a framework that measures the productivity and quality of knowledge work outputs from decision support systems. It assesses four key areas: the quality of the system's model in terms of accuracy, explainability, and response time; the engineering dimensions such as flexibility, scalability, and ease of use; the quality of available resources like tolerance for noise and complexity; and logistical constraints regarding independence from experts and development speed. The document provides examples of how ID could be applied to evaluate different systems based on these criteria.
Info tec Information Systems homework help.docxwrite4
This document provides a series of multiple choice questions about information security topics such as computer crimes, authentication, encryption, and digital signatures. It also includes two essay questions about using public/private key pairs for encryption and signatures, and how a new data storage company called SecureStore could satisfy their requirements for securely transmitting and backing up customer data while keeping costs low.
The document discusses problem solving in computer science and algorithms. It defines an algorithm as a clearly defined set of steps to solve a problem. Key characteristics of algorithms are that they are unambiguous, have well-defined inputs and outputs, terminate in a finite number of steps, and are independent of programming languages. Examples of algorithms that find the largest number among three inputs and calculate a factorial are provided. The document also discusses sorting problems and examples of problems solved by algorithms like the human genome project, internet routing, and electronic commerce.
IRJET-Impact of Manual VS Automatic Transfer Switching on Reliability of Powe...IRJET Journal
The document describes a proposed e-learning system that uses cryptography and data mining techniques to provide security and personalized recommendations. Elliptic curve cryptography is used to authenticate users and encrypt data for security. A decision tree algorithm classifies learner information and course content to recommend additional courses tailored to each learner's interests and behavior. The system aims to address security and privacy issues in e-learning while enhancing the learning experience through targeted content filtering and recommendations.
Daniel Sarpe created a strategic plan to become a Network Security Specialist. His plan was to earn an AAS in Network Security from Germanna Community College, then transfer to the University of Mary Washington to earn a bachelor's degree in Information Assurance. Key courses in his education included Introduction to LANs, Introduction to WANs, Network and Internet Security, and Programming. The average salary for a security specialist in 2008 was between $85,000 and $112,000.
This document provides details for the ACC 564 Entire Course, including discussion questions, assignments, quizzes and exams for each week. It lists the topics that will be covered each week such as information needs for accounting information systems, attacks on systems, securing data, and fraud prevention. It also provides sample exam questions at the end to demonstrate the type of material covered in the assessments.
Please check the details below
ACC 564 Week 1 DQ 1 Value of Information and DQ 2 AIS
ACC 564 Week 2 DQ 1 Evaluation of Documentation Tools and DQ 2 David Miller
ACC 564 Week 2 Assignment 1 Information Needs for the AIS (2 Papers)
ACC 564 Week 3 DQ 1 Attacks and DQ 2 Revamping the Sarbanes-Oxley Act (SOX)
The document discusses various software testing techniques including black box testing, white box testing, and grey box testing. It provides details on specific techniques such as equivalence partitioning, boundary value analysis, statement coverage, condition coverage, function coverage, and cyclomatic complexity. The objective is to understand these techniques so they can be used effectively to test applications and find defects.
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline
Cst 630 Education is Power/newtonhelp.comamaranthbeg73
For more course tutorials visit
www.newtonhelp.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR).
You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report]
This document provides details for the ACC 564 entire online course, including discussion questions, assignments, quizzes and exams for each week. It lists the topics that will be covered each week such as information needs for accounting information systems, attacks on systems, fraud detection, and databases. It also includes 50 multiple choice questions that make up the final exam for the course which covers topics like data flow diagrams, internal controls, risk assessment, and auditing.
This document provides instructions for a tutor-marked assignment (TMA) assessing understanding of units 1, 2, 6, and 7 from an M150 Data, Computing, and Information course. It consists of 5 questions worth a total of 100 marks. The document provides details for each question, including what units they assess and examples of what should be included in responses. It also provides context for questions, such as describing flowcharts and formulas to use. Students are instructed to write their solutions in a single word document with their name and identification and submit it electronically by the deadline.
FOR MORE CLASSES VISIT
www.cst630rank.com
Project 1 Step 1: Conduct a Security Analysis Baseline In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR). You
You need to analyze the features of three videoconferencing systems walthamcoretta
You need to analyze the features of three videoconferencing systems and provide an overview of each system. After you complete the overview of the systems, you'll recommend a system which best meets the business functionality and security requirements. You will also prepare a set of high level executive briefing slides to give the CEO and CIO an overview of your study. Your study and recommendation will be critical to the company's success.
Cybersecurity professionals are frequently required to assess the security, risk applications, and systems for business communications before they can be added to an organization's network. CISOs need to assess risks posed to the organization and develop new security measures or adjust current measures to address these risks appropriately. These evaluations involve comparing competing applications or systems against the organization's baseline to determine the best balance between business needs and the security and risk appetite of the organization.
Videoconferencing and collaboration systems vary in cost, configuration, functionality, use, and collaboration capability. These systems are trusted to facilitate sensitive and proprietary discussions through their use of encrypted communication channels. Yet these systems have vulnerabilities and are prone to threats and attacks ranging from phishing, credential compromise, and even malware insertion. Therefore, analysis of possible threats, attacks, and vulnerabilities inherent in these systems is critical in developing defense and protection strategies for voice and video data at all endpoints and during transit.
In this project, you will create a proposal for a secure videoconferencing system, which will include an executive summary, briefing/slide presentation, and lab report. The details can be found in the final step of the project.
There are six steps to the project, and the project as a whole should take about two weeks to complete. Begin with the workplace scenario and then continue to Step 1.
Deliverables
Proposal for Secure Videoconferencing, Slides to Support Executive Briefing, Lab Report
Step 1: Develop Functional Requirements for Videoconferencing
The first step in your proposal for a secure videoconferencing system is to develop a set of functional requirements for videoconferencing that you believe the media company will need based on its geographic dispersion and business needs.
In developing those requirements, research three videoconferencing solutions such as Skype, GotoMeeting, Polycom, and Cisco Webex and explain their capabilities, advantages, and disadvantages. Identify costs as well as implementation and support requirements.
The functional requirements and the three possible solutions will be a section of your Proposal for Secure Videoconferencing. In the next step, you will review the challenges of implementing those solutions.
Step 2: Discuss Implementation Challenges
In the previous step, you outlined the requirements ...
Similar to COSC2536/2537 Security in Computing and Information Technology Assignments (20)
Students will be presented with three case studies on directors' and officers' duties incorporating legal issues taken from Modules 3 and 4 up to and including Topic 4.1. Students are to answer either a single question or a series of questions about each of these case studiesin approximately 2 500 - 3 000 wordsin total and submit their written responses via Turnitin on Blackboard
Information for-prioritising-brand-decisionsJohnsmith5188
This document provides instructions for Assignment 3 which is worth 45% of the unit total. Students must individually write a 3000 word report from the perspective of a telecommunications provider on prioritizing image and brand decisions. The report must include an introduction outlining the structure and significance of branding, research objectives and required information to meet those objectives, a description of the recommended research design and methodology, and a conclusion. Marks will be awarded based on meeting the structural requirements and demonstrating an understanding of applying research to inform brand decision making.
The reason for composing anarticle analysis is to exhibit that you have perused, comprehended, and can apply grant in the business field, and to show your basic reasoning capacities. Ordinarily, an article analysis completes three things: Summarizes an article's primary concerns. If you wish to secure top grades in any English assignment or project then connect to us at www.essaycorp.com.au anytime anywhere. We will provide you authentic quality content and that too within your budget. Avail special 20% discounts on every assignment booking with us.
Network topology is the topological structure of a system and might be portrayed physically or sensibly. It is an utilization of chart hypothesis wherein conveying gadgets are demonstrated as hubs and the associations between the gadgets are displayed as connections or lines between the hubs.
Finance Assignment Help by EssayCorp Experts in AustraliaJohnsmith5188
Finance assignments assist students with understanding resource the board, inspecting, assessment and influence the executives and accordingly, the creation of cost-based choices. Understudies regularly need money task tests for contextual investigations and reports, which are the most widely recognized among account assignments.
NIT1201 Introduction to Database System Assignment by USA ExpertsJohnsmith5188
The objective of this assignment is for you to put into practice the many different skills that you are learning in this unit into a single cohesive database project.
Dr Patricia Benner has presented the idea that it is the obligation of the medical caretakers to grow better help and comprehension of the patient with the progression of time and this is conceivable through great instructive base. Benner has proposed the aptitude that an individual can pick up information without learning the hypothesis and the other related ideas. Further, there will be arrangements for advancement of information and this is conceivable in the event of applied controls of nursing and drug.
This document outlines 5 tasks for a project on simulation and forecasting problems. Task 1 involves simulating revenues and NPVs of a 5-year project to determine the probability of NPV being negative. Task 2 involves simulating stock prices over 250 days to compute percentiles and option prices. Task 3 modifies the stock price simulation code to incorporate GARCH volatility. Task 4 compares the forecast accuracy of EWMA, AR(2), and AR(4) models on index and stock data. Task 5 uses a rolling window to generate GMVP portfolio weights based on multivariate EWMA covariance forecasts and compares to an equal weighted portfolio.
MATH2088/2988 Number Theory and Cryptography AssignmentsJohnsmith5188
Get the best MATH2088/2988 Number Theory and Cryptography Assignments from top notch experts at Essaycrop at very affordable prices. We have a team of topmost experts who will provide you exceptional Math assignment writing servces.For more information mail us at Contact@essaycorp.com or
Visit https://www.essaycorp.com/Math_Assignment
How to Manage Reception Report in Odoo 17Celine George
A business may deal with both sales and purchases occasionally. They buy things from vendors and then sell them to their customers. Such dealings can be confusing at times. Because multiple clients may inquire about the same product at the same time, after purchasing those products, customers must be assigned to them. Odoo has a tool called Reception Report that can be used to complete this assignment. By enabling this, a reception report comes automatically after confirming a receipt, from which we can assign products to orders.
Creative Restart 2024: Mike Martin - Finding a way around “no”Taste
Ideas that are good for business and good for the world that we live in, are what I’m passionate about.
Some ideas take a year to make, some take 8 years. I want to share two projects that best illustrate this and why it is never good to stop at “no”.
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptHenry Hollis
The History of NZ 1870-1900.
Making of a Nation.
From the NZ Wars to Liberals,
Richard Seddon, George Grey,
Social Laboratory, New Zealand,
Confiscations, Kotahitanga, Kingitanga, Parliament, Suffrage, Repudiation, Economic Change, Agriculture, Gold Mining, Timber, Flax, Sheep, Dairying,
COSC2536/2537 Security in Computing and Information Technology Assignments
1. ,
Page 1 of 13
School of Science
COSC2536/2537 Security in Computing and Information
Technology
Assignment 2
Assessment Type: Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment
2.
Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via
announcements/relevant discussion forums.
Due date: Week 12, Sunday the 20th October 2019 11:59pm
Deadlines will not be advanced, but they may be extended. Please check Canvas→Syllabus or via
Canvas→Assignments→Assignment 2 for the most up to date information.
As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per
each working day applies for up to 5 working days late, unless special consideration has been granted.
Weighting: 35 marks (Contributes 35% of the total Grade)
1. Overview
The objective of Assignment 2 is evaluating your knowledge on the topics covered mainly in Lecture 5 to 10. Topics
include Privacy-preserving computations based on RSA, ElGamal and Paillier Cryptosystems; Digital Signature,
Blockchain and Cryptocurrency, Digital Authentication & Security Protocols, and Digital Authorization and Intrusion
Detection. However, topics covered in Lecture 1 to 10 are required as prerequisite. Assignment-2 will focus
on developing your abilities in application of knowledge, critical analysis and decision making. Assignment 2 contains
several problems related to the topics mentioned above. You are required to prepare your answers and upload them
as a single PDF or Word document in CANVAS.
In this assignment, there are 5 (five) questions in total. Question 1 is on Privacy Preserving Online Voting System.
The system uses privacy preserving computation technique for computing votes. The term privacy preserving
computation is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function
over their inputs while keeping those inputs private. Recently, several controversies have been observed in the
voting around the world. Using privacy preserving online voting system removes controversy in a voting system. In
question Q1, you are expected to apply your understanding of privacy preserving computation in the context of
electronic voting (E-Voting).
Question 2 is about the application of Digital Signature Schemes. Question 2 has 3 (three) parts. In the first part, you
are expected to demonstrate your understanding of the RSA Encryption algorithm based digital signature scheme for
numeric message. In the second part, you are expected to demonstrate your understanding of the ElGamal
Encryption algorithm based digital signature scheme for numeric message. In the third part, you are expected to
demonstrate
2. ,
Page 2 of 13
your understanding of the RSA Encryption algorithm based digital signature scheme for text message. For part 1 to 3
of Question 2, values of required parameters are provided including the plaintext or message M and you should
demonstrate the key generation, signing and verification processes with detail computations and brief explanations.
Marks will be deducted if you fail to show the detail computation correctly, skip the computation steps, or do not
provide explanations.
Recently, many intruders have stolen highly sensitive files from various organizations and given them to Wikileaks
for online publications. Many government agencies including CIA and FBI are among the victims as they didn’t share
files in a secure manner. The objective of Question 3 is to demonstrate secure file sharing on a distributed file
sharing platform like IPFS using openssl tool. Question 3 is related to OpenSSL and IPFS. In this question, you are
expected to demonstrate required OpenSSL and IPFS commands for a given scenario. Additionally, you must provide
screenshots of the outcomes for commands. Marks will be deducted if you fail to show the commands
correctly, skip any command, or do not provide screenshots.
Question 4 is on report writing on Blockchain or implementation of a secure system. In this question, there are 4
(four) options: Q4.1, Q4.2, Q4.3 and Q4.4. You need to choose any 1 among the three options. The first option Q4.1
is on report writing and the rest three options, Q4.2, Q4.3 and Q4.4, are about implementation. If you select Q4.1,
you are expected to demonstrate your understanding of the Blockchain and cryptocurrency and choose a system
where Blockchain Technology can be applied. Then, you should write a well-organized report on how the Blockchain
Technology can impact your chosen system. We are looking for interesting and innovative system design in the
report. The report should be appended in the same document where you write the answers for other questions. If
you select Q4.2, you are expected to implement a simple blockchain system with a new idea. You are free to choose
any system. If you select Q4.3, you are expected to implement a privacy preserving online voting system stated in
Q1. If you select Q4.4, you are expected to implement a secure IPFS-based file sharing system stated in Q3. If you
choose either Q4.2, Q4.3 or Q4.4, you should demonstrate your implementation to the lecturer or head tutor in
Week-11. Additionally, you should upload the code and short documentation on CANVAS.
Question 5 is related to analyzing the security of authentication protocols. Your answer should contain both
diagram and explanation. Marks will be deducted if you fail to provide diagram and explanation correctly, skip the
diagram, or do not provide explanations.
Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to
start preparing your answers immediately after Lecture-5 (in Week-5). At the end of each week starting from Week-5
to Week-10, you should be able to solve at least one question.
If there are questions, you must ask via the relevant Canvas discussion forums in a general manner.
Overall, you must follow the special instructions below:
• You must use the values provided in the questions.
3. ,
Page 3 of 13
• Hand-written answers are not allowed and will not be assessed. Compose your answers using any word
processing software (e.g. MS Word).
• You are required to show all of the steps and intermediate results for each question.
• Please DO NOT provide codes as an answer. Only codes will not be assessed.
• Upload your solution as a single PDF or Word document in CANVAS.
2. Assessment Criteria
This assessment will determine your ability to:
• Follow requirements provided in this document and in the lessons.
• Independently solve a problem by using cryptography and cryptanalysis concepts taught over the last six
weeks from fifth to tenth weeks of the course.
• Meeting deadlines.
3. Learning Outcomes
This assessment is relevant to the following Learning Outcomes:
• understand applications of privacy preserving computation techniques, digital signatures and data
hiding techniques.
• develop privacy preserving applications and libraries using any programming language of your choice.
• understand the life cycle and design principles of Blockchain and Cryptocurrency applications.
• analyze the strength and limitations of security protocols.
• design new security mechanisms and protocols for any small and large-scale applications.
• Implementing a simple secure system
• Critically analyze and evaluate the security of computing and IT systems on a practical level and privacy
related issues in computing.
4. Assessment details
Please ensure that you have read Section 1 to 3 of this document before going further. Assessment details
(i.e. question Q1 to Q6) are provided in the next page.
4. ,
Page 4 of 13
Q1. Privacy Preserving Online Voting System (Marks: 6)
Recently, several controversies have been observed in the voting around the world. The voting
authority cannot be trusted completely as it can be biased. Using privacy preserving online voting
system removes controversy in voting system. In this privacy preserving online voting system, voters encrypt
their votes in the voting booth before sending them to the voting authority. A voting server computes an
encrypted result on behalf of the voting booth as the voting booth does not have enough computation power.
The encrypted result is sent to the voting authority who determines the winner based on encrypted votes.
Suppose there are 7 voters to vote for YES or NO to give their opinions. There is a voting authority (VA) who
determines the winner. Design a secure voting prototype as shown in Figure-Q1 using Paillier cryptosystem
where the votes must be encrypted from Voting Booth before sending them to the Voting Server.
Figure-Q1: Secure voting system
Assume, three voters will vote for YES and four voters will vote for NO. The Voting Authority should find
three YESs and four NOs after counting the votes. The Voting Authority chooses p=89, q=53 and
select g=8537. The private numbers chosen by 7 voters and their votes are as follows:
Voter
No.
Voter’s Private Number, r Vote Voting message,
m
1 71 YES 001000 = 8
2 72 YES 001000 = 8
3 73 YES 001000 = 8
4 74 NO 000001 = 1
5 75 NO 000001 = 1
6 76 NO 000001 = 1
7 77 NO 000001 = 1
Show the encryption, homomorphic computations and decryption processes.
5. ,
Page 5 of 13
[Hints: Refer to the lecture-5 Secure e-voting example. You need to represent the total number of votes by
6-bit string. The first 3 (three) bits should represent the votes for YES and the rests for NO. When adding a
vote for YES, the system adds 001000, which is 8 in integer. Similarly, the system adds 000001 when voting
for NO, which is 1 in the integer form.]
Q2. Digital Signatures (Marks: 2+2+3 = 7)
Suppose Bob and Alice, two business partners, use their smart phones to communicate with each
other regarding their business decisions. Hence, their messages are very sensitive and require to be
authenticated. Otherwise, an attacker, say one of their business rivals, may perform phone number porting
fraud attack. In this attack, the attacker may use another SIM card to port Alice or Bob’s phone number for
pretending as Alice or Bob, respectively. Therefore, BoB and Alice uses digital signature scheme in their
smart phone to sign messages for ensuring authenticity. The working procedure of the digital signature is
illustrated in FigureQ2.
Bob
(Sender)
Message Signing with Bob’s
private-key
Signed Message
Alice
(Receiver)
Verified
Message
Verification with
Bob’s public-key
Verification
Answer Q2.1, Q2.2 and Q2.3 using the scenario mentioned above.
Q2.1 [RSA Signature Scheme] (Marks: 2)
Suppose Bob (the sender) wants to send a message m=123456 to Alice (the receiver). However,
before sending the message he would like to sign the message. When Alice receives the signed message, she
would like to verify that the message is indeed from Bob. To facilitate signing and verification Bob generates
public and private keys using RSA encryption algorithm and sends the public key to Alice. Bob uses
parameter p =
5563 and q = 3821, and chooses a suitable public key parameter e=9623. How would Bob sign
message
m=123456? How would Alice verify the signed message from Bob?
[Hints: Refer to the lecture-6 and tutorial-6. You do not need to generate hash of the message m.]
Q2.2 [ElGamal Signature Scheme] (Marks: 2)
Suppose Bob (the sender) wants to send a message m=4567 to Alice (the receiver). However, before sending
the message he would like sign the message. When Alice receives the signed message, she would like to
verify that the message is indeed from Bob. To facilitate signing and verification Bob generates public and
private keys using ElGamal encryption algorithm and sends the public key to Alice. Bob chooses p= 7331,
g=3411, x=41. How would Bob sign message m=4567? How would Alice verify the signed message from Bob?
[Hints: Refer to the lecture-6 and tutorial-6. You do not need to generate hash of the message m.]
6. Page 6 of 13
,
Q2.3 [RSA Signature Scheme for Text Message] (Marks: 3)
Suppose Bob (the sender) wants to send a large text message M to Alice (the receiver). You should download
the text message file “Message.txt” from the CANVAS. The text message M is as follows:
Cryptocurrencies continue to grow in price and size. Knowledge about Bitcoin, Litecoin, Ethereum,
and others has spread through the entire world. Cryptocurrencies are providing such features and tools
that simplify our lives. They are changing the way things work. Some people fear the changes. But changes
are not always bad. Cryptocurrencies are modifying our lives, and the way industries develop. There’s no
doubt that cryptocurrencies are disrupting and affecting the global economy in many ways.
Before sending the message, Bob generates a hash h(M) of the text message M using MD5 hash algorithm,
and converts h(M) into integer message m. Then, he signs the m and sends it to Alice. When Alice receives
the signed message, she would like to verify that the message is indeed from Bob. To facilitate
signing and verification Bob generates public and private keys using RSA encryption algorithm and sends the
public key to Alice. Bob uses the following parameters:
p = 278966591577398076867954212605012776073
q = 467207331195239613378791200749462989467
Bob chooses a suitable public key parameter e=41. How would Bob sign message M? How would Alice verify
the signed message from Bob?
[Hints: Refer to the “Running Example of RSA Signature for Text Message” of lecture-6. The document can be
found here:
https://rmit.instructure.com/courses/46189/files/3608593/download?wrap=1
Use the following links:
For generating MD5 hash: http://www.miraclesalad.com/webtools/md5.php
For converting hexadecimal to decimal:
https://www.mobilefish.com/services/big_number/big_number.php ]
Q3. OpenSSL and IPFS (Marks: 4)
Assume that an owner of a particular file, say Alice, wants to share the file to her colleague, say Bob. In other
words, Alice is the sender and Bob is the receiver. They use an IPFS based file repository and OpenSSL for
providing security. Alice and Bob perform several operations using OpenSSL and IPFS to ensure secure file
sharing. Throughout the processes, AES symmetric-key and RSA public-key encryption algorithms of
OpenSSL are used. You should choose your own file (e.g. a text file with your student number and name)
and AES encryption key (e.g. 123456789).
The scenario is illustrated in the Figure-Q3 below. You are expected to show the required OpenSSL and IPFS
commands sequentially for each step stated below. Please provide screenshot of the outcome for
each command.
The steps are stated as follows:
I. Bob generates RSA public and private key pair for himself using OpenSSL. Bob sends his public key to
Alice via email.
7. Page 7 of 13
,
II. Alice selects a shared AES secret key (KAB = 123456789). Next, Alice encrypts the file with Alice and
Bob’s shared AES secret key (KAB) using OpenSSL and generates a ciphertext file (say, the file name is
“ciphertext.txt”).
III. Alice uploads the encrypted file in the IPFS-based repository and receives a Unique Identifier (UI).
IV. Alice encrypts KAB with Bob’s RSA public key using OpenSSL and gets a ciphertext file (say, the file
name is “encrypte-key.txt”).
V. Alice sends UI and “encrypted-key.txt” to Bob through email.
VI. Upon receiving them, Bob decrypts “encrypte-key.txt” using OpenSSL with his RSA private-key and
retrieves the shared AES secret key (KAB).
VII. Bob uses Unique Identifier (UI) to download the file from IPFS-based repository with IPFS commands.
VIII. Upon receiving the file from IPFS network, Bob decrypts the downloaded file from IPFS network using
the shared AES secret key (KAB).
[Hints: Use the commands of OpenSSL that are discussed in Lecture-2,4 and IPFS commands that
are
discussed in Lecture-7].
Figure Q3: IPFS based encrypted file sharing
8. Page 8 of 13
,
Q4. Report Writing or Implementation (Marks: 15)
Answer Any 1 from Q4.1, Q4.2, Q4.3 and Q4.4
Q4.1 [Writing Report on Blockchain] (Marks: 15)
Choose a system where Blockchain Technology can be applied. Write a well-organized report on how the
Blockchain Technology can impact your chosen system. You may consider the followings scenarios to
prepare your report:
• Blockchain based Financial System
• Blockchain based Real Estate Management Systems
• Blockchain based Healthcare
• Blockchain based smart city
• Blockchain based smart manufacturing
• Blockchain based supply-chain
• Blockchain based E-Commerce
• Blockchain based IoT applications
In this report, you expected to provide necessary background of the system you choose and the blockchain
technology. Presenting an innovative scenario is highly appreciated. Most importantly, a detail system design
should be presented.
Q4.2 [Implementing a Blockchain System] (Marks: 15)
In this question, you are expected to implement a blockchain system a scenario stated in Q4.1. You
are allowed to use any programming language or scripting language such as Java, PHP, Python, JavaScript,
etc. Your implementation must have a good graphical user interface (GUI). Upon completion of
the implementation, you are expected to:
I. Demonstrate your work to the lecturer or head tutor in Week-11 & 12 tutorials
II. Create a short report containing the implementation details and user instructions
III. Upload your code and report
Q4.3 [Implementing a Privacy-preserving Online Voting System] (Marks: 15)
In this question, you are expected to implement an online voting system using the concept of
Paillier encryption scheme based privacy-preserving computation (refer to the scenario stated in Q1 of
this assignment). You are allowed to use any programming language or scripting language such as
Java, PHP, Python, JavaScript, etc. Your implementation must have a good graphical user interface
(GUI). Upon completion of the implementation, you are expected to:
I. Demonstrate your work to the lecturer or head tutor in Week-11 & 12 tutorials
II. Create a report containing the implementation details and user instructions
III. Upload your code and report
Q4.4 [Implementing a Secure File Sharing System] (Marks: 15)
9. Page 9 of 13
,
In this question, you are expected to implement a secure file sharing system using the concept of the
scenario stated in Q3 of this assignment. You are allowed to use any programming language or scripting
language such as Java, PHP, Python, JavaScript, etc. Your implementation must have a good graphical user
interface (GUI). Upon completion of the implementation, you are expected to:
I. Demonstrate your work to the lecturer or head tutor in Week-11 & 12 tutorials
II. Create a report containing the implementation details and user instructions
III. Upload your code and report
Q5. Analyzing Security of Authentication Protocol (Marks: 3)
The following mutual authentication protocol is proposed based on a symmetric-key cryptography algorithm.
We assume that the cryptography algorithm that is used here is secure. Given that the following protocol
does not provide mutual authentication. Give two different attack scenarios where Trudy can convince Bob
that she is Alice. Briefly explain each attack scenario performed by Trudy with proper diagram which
on the
protocol.
“Alice”, RA
RB,E(RA, KAB)
E(RB, KAB)
Alice
Bob
[Hints: You need to show two attack scenarios performed by Trudy with proper diagram on the protocol.
Additionally, provide brief explanation of attacks to justify your answer. Refer to attack scenarios on mutual
authentication protocols that were discussed during the Lecture-9 and Tutorial-9.]
5. Academic integrity and plagiarism (standard warning)
Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others
while developing your own insights, knowledge and ideas. You should take extreme care that you have:
• Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly
copied), summarized, paraphrased, discussed or mentioned in your assessment through the appropriate
referencing methods,
• Provided a reference list of the publication details so your reader can locate the source if necessary. This includes
material taken from Internet sites.
10. Page 10 of 13
,
If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed
off the work and ideas of another person without appropriate referencing, as if they were your own.
RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of
inappropriate behaviors, including:
• Failure to properly document a source
• Copyright material from the internet or databases
• Collusion between students
For further information on our policies and procedures, please refer to the University website.
6. Assessment declaration
When you submit work electronically, you agree to the assessment declaration.
11. Page 11 of 13
,
7. Rubric/assessment criteria for marking
All of the computations must be correct and only provided values must be used. Instructions must be followed.
Criteria
The characteristic
or outcome that is
being judged. Total
Question 1
Privacy-
Preserving
Computation
Step-by-step
processes are shown
with detail
computations.
All of the
computations shown
are correct.
Step-by-step processes are
shown with detail
computations.
Most of the computations are
correct with few errors.
Step-by-step processes are shown
with detail computations.
Most of the computations are
incorrect with few correct
computations.
Step-by-step processes are shown
with detail computations.
But all of the calculations are wrong.
Steps are not shown with detail
computations.
Or,
Not answered.
6 Marks
6 Marks 4 Marks 2 Marks 1 Marks 0 Marks
Question 2.1
Digital Signature
using RSA
Encryption
Algorithm
Step-by-step
processes of both
signing and
verification are
shown.
All of the
computations are
shown correctly in
detail.
Step-by-step processes of
both signing and verification
are shown.
Not all of the computations are
shown correctly in detail.
Step-by-step processes of signing
are shown correctly.
However, verification steps are not
shown or incorrectly shown.
Step-by-step processes of signing are
shown that are partially correct/
completely wrong.
Or, only Verification steps are correct.
None of the steps are shown
correctly.
Or,
Calculations are not shown in
detail.
Or,
Not answered.
2 Marks
2 Marks 1.5 Marks 1 Marks 0.5 Marks 0 Marks
Question 2.2
Digital Signature
using ElGamal
Encryption
Algorithm
Step-by-step
processes of both
signing and
verification are
shown.
All of the
computations are
shown correctly in
detail.
Step-by-step processes of
both signing and verification
are shown.
Not all of the computations are
shown correctly in detail.
Step-by-step processes of signing
are shown correctly
However, verification steps are not
shown or incorrectly shown
Step-by-step processes of signing are
shown that are partially correct/
completely wrong
Or
Only Verification steps are correct
None of the steps are shown
correctly
Or
Calculations are not shown in
detail
Or
Not answered
2 Marks
2 Marks 1.5 Marks 1 Marks 0.5 Marks 0 Marks
12. Page 12 of 13
,
Question 2.3
Digital Signature
using RSA
Encryption
Algorithm for large
message
Step-by-step
processes of both
signing and
verification are
shown
All of the
computations are
shown correctly in
detail
Step-by-step processes of
both signing and verification
are shown
Not all of the computations are
shown correctly in detail
Step-by-step processes of signing
are shown correctly
However, verification steps are not
shown or incorrectly shown
Step-by-step processes of signing are
shown that are partially correct/
completely wrong
Or
Only Verification steps are correct
None of the steps are shown
correctly
Or
Calculations are not shown in
detail
Or
Not answered
3 Marks
3 Marks 2 Marks 1 Marks 0.5 Marks 0 Marks
Question 3
Secured file
sharing using
OpenSSL and
IPFS
Answer is correct
All of the commands
are correctly and
sequentially
presented with
appropriate
screenshots.
Answer is correct but not
structured
All of the commands are
correct. But, commands are
not sequentially presented.
Appropriate screenshots are
provided.
Answer is partially correct
Some of the commands are correct.
Commands are not sequentially
presented.
However, appropriate screenshots are
provided for the correct commands.
Only few commands are correct
Sequence of the commands are
not followed
Or some of the commands are
missing
Or screenshots are insufficient/
missing
Answer is not correct
Or
Not answered
4 Marks
4 Marks 3 Marks 2 Marks 1 Marks 0 Marks
Question 4
Report writing or
implementation
The report/
implementation is
extra ordinary
Report
The report is
prepared fulfilling
all of the
requirements
Implementation
The
implementation
fulfills all of the
requirements.
The report/
implementation is
good but not up to
the mark.
Report
The report is
prepared fulfilling
all of the
requirements.
However, could
have been better.
Implementation
The
implementation is
good. However,
functionalities or
user interface
could have been
better.
The report/
implementation is
average.
Report
The report is
prepared fulfilling all
of the requirements.
However, the
content is not
enough to express
the main theme of
the given topic.
Implementation
The implementation
is good. However,
functionalities or
user interface could
have been better.
The report/
implementation is
below average.
Report
The report is NOT
prepared fulfilling all
of the requirements.
The key topics are
not well connected.
Presentation is poor
Implementation The
implementation does
not contain some of
the key functionalities
and
user interface is not
that good.
The report/
implementation is
poor.
Report The report
addresses only few
of the requirements.
The key topics are
missing or not
connected.
Presentation is poor.
Implementation
The implementation
contains only few of
the key
functionalities and
user interface is not
that good.
The report/
implementation is
very poor.
Report None of
the requirements
are addressed
correctly. The key
concept is
missing.
Implementation
The
implementation
does not contain
key functionalities
and user
interface is not
good.
Not answered 15 Marks
15 Marks 12 Marks 10 Marks 8 Marks 6 Marks 4 Marks 0 Marks
13. Page 13 of 13
,
Question 5
Analyzing
authentication
protocol for
enhancing security
Answers are
correct
Two attack
scenarios on the
given
authentication
protocol are
presented with
appropriate
diagram and
explanation.
Answers are partially
correct
Only one attack scenario
on the authentication
protocol is presented with
either appropriate diagram
or explanation, and the
diagram or explanation is
missing / incorrect for the
other attack scenario.
Answers are partially correct
Only one attack scenario on the authentication
protocol is presented with either appropriate
diagram or explanation, and diagram and
explanation of other attack scenario is
completely wrong.
Or
Either diagrams/ explanations are correct for
both attack scenarios
Or
Any one from diagram and explanation is
correct for both attack scenarios
Answers are partially correct.
Only one attack scenario on the
authentication protocol is
presented with either appropriate
diagram or explanation, and
diagram and explanation of other
attack scenario is completely
wrong/ missing.
Answer is not correct
Or
Not answered
3 Marks
3 Marks 2.25 Marks 1.5 Marks 0.75 Marks 0 Marks