Security In Computing And Information Technology Assignment

Assignment Task

Learning Outcomes

This assessment relates to the following learning outcomes of the course:

CLO1: Explain the functioning of security services in computing environments and the security issues in networked applications.

CLO2: Discuss and implement various types of data integrity and confidentiality mechanisms including cryptography.

CLO3: Describe basic system security mechanisms and protocols, such as those used in operating systems, file systems and computer networks.

Q1. Designing Cryptographic Algorithm for Secure System

Classified Information is material that a government body deems to be sensitive information that must be protected. For example, national security agencies collect and store sensitive information regarding national security and mark them as classified before storing them. Access to classified information is restricted by law or regulation and can be disclosed to a group of people only with the necessary security clearance. As mishandling of the classified material can incur serious security threats, a secure access mechanism is required.

Assume that a security agency wants to design a secure file access system to ensure that no classified file is accessed by an employee of the agency without the clearance of the appropriate authority. For example, John (an employee of the security agency with employee ID 500701) wants to access a classified file that requires authorization from a group of people involving an Information Security Manager, Information Security Director, and Chief Information Security Officer. Let us assume the group is named Oracle. To access a file (say, the unique file number is 100503), John needs to send an access request to the system for that file. The system generates a one-time security access key for John to access the file and sends it to John. John can enter the access key to view the information on the file. Once John accesses the file, the corresponding security access key is erased from the system and cannot be used in the future.

At the time of creating a one-time security access key for a classified file, each member of Oracle enters their own 6-digit integer secret code (e.g., 123456). The system generates a 6-digit integer one-time pad. A security access key is generated by a key generation module with simple cryptographic operation from John’s employee ID, the unique file number, Oracle members’ individual 6-digit secret codes, and the generated 6-digit integer one-time pad. The security access key for the current request is sent to John. The system only stores the 6-digit integer one-time pad in the system for the current request as follows:

When an employee wants to access the file (with unique file number is 100503), the request is sent to each member of Oracle. Then, each member enters their 6-digit secret code to the One-time Pad Generation Module with simple cryptographic operation. The module takes unique file number, employee ID, Oracle members’ individual 6-digit secret codes, and security access key for regenerating the one-time pad. If the generated one-time pad matches to the one that is stored in the system, an access to the file is granted to John. The re-generation process of the one-time pad is shown as below:

In this task, you need to design and explain the algorithms for both the One-time security access key generation process and One-time Pad generation process of the secure file access system to check access with numerical examples. The numbers shown in the diagrams are used for illustration only. You need to choose your own appropriate 6-digit numbers to show all the steps (i.e., the One-time security access key generation and One-time Pad generation process) of the algorithm

Q2. Cryptanalysis with Missing Encrypted Text

In January 1917, British cryptographers deciphered a telegram from German Foreign Minister Arthur Zimmermann to the German Minister to Mexico, Heinrich von Eckhardt. In that telegram, Zimmermann offered United States territory to Mexico in return for joining the German cause. This message helped draw the United States into the war and thus changed the course of history. The ciphertext and decoded message of Zimmermann is shown in Figure-2.1:

The challenge was the encrypted message had many missing ciphertext. In spite of missing encrypted text, the British cryptographic office known as “Room 40” decoded the Zimmermann Telegram and handed it over to the United States in late- February 1917.

In this task, you have to decrypt an encrypted message. However, here we have encrypted a long English message a bit differently. Every single alphabet in the message has been substituted by another unique alphabet. The encrypted message is shown below:

Q3. Breaking the RSA Key

Assume that you have been hired to analyse the security vulnerability of the XYZ Chatting application. From the digital certificate, you have found that the XYZ Chatting Application uses RSAbased public-key cryptography schemes to encrypt a secret message, ‘M’. Although RSA is a popular cryptography mechanism, researchers have successfully decrypted the RSA ciphertext using one of the RSA cryptanalysis techniques, prime factorization, without knowing the private key.

From the public key of the chatting application, you have found that the chatting application uses a very large public key parameter: n = 5399937593. You have been taught about the RSA encryption algorithm and prime factorization. Now, you need to leverage your knowledge and understanding of the prime factorization-based RSA cryptanalysis techniques for retrieving Alice and Bob’s secret message. You need to use the concept of prime factorization to find out the prime numbers, the private key (d), and the secret message (M).

You need to perform the following:

a) Say you have the list of the first 10,000 prime numbers, Show how to use prime factorization effectively to find two prime numbers (p and q) from the public key (n = 5399937593 and e = 3203). Also, show how to compute the private key (d) (i.e., RSA key breaking). You are allowed to use an online tool to perform prime factorization.

b) Show how the plaintext secret message (M) can be computed if you have captured a ciphertext C = 2826893841.

c) Verify that the plaintext secret message is correct.

d) Would you be able to find the private key faster if you had 5 computers?

Q4. Dating app hashing issue

A popular dating app uses a unique algorithm to match users based on their preferences and activities within the app. Part of this matching algorithm involves hashing user profiles to find potential matches quickly. The hash function is designed to map user profiles to categories that describe their interests and preferences. These categories are then used to recommend potential matches to users.

As the app has grown in popularity, the development team has noticed an increasing number of hash collisions. This means that diverse user profiles are being categorised similarly, leading to inappropriate matches that do not align with users' expressed preferences. The frequent collisions are diluting the quality of matches and affecting user satisfaction. As such, the profiling system is in need of a revamp.

As a cyber analyst, you are tasked with analysing and resolving this issue. Your analysis should include the following:

a) propose a new hash function or a method to handle collisions that could improve match accuracy. Justify your choice based on algorithmic efficiency and accuracy.

b) suggest improvements to the profiling system that might reduce dependency on hashing or mitigate the effects of collisions.

Q5. Application of public-key cryptography

Taylor wants to develop a security system for her video streaming service that leverages public cryptography to protect user accounts. The system operates as follows:

1. When a user joins the service for the first time, they need to register their user ID, denoted as U (an integer such as 9876543).

2. The streaming service has pre-configured public and private keys stored securely on the server.

3. The service generates a secret code (S) by encrypting U using the service's public key and sends it to the user’s email. The user must enter S each time they log in and should keep S secure.

4. During login, the user inputs their user ID (U) and the received secret code (S).

5. Upon receiving U and S, the streaming service computes a parameter U' by decrypting S using the private key.

6. The user is granted access if U equals U'.

Taylor's video streaming service uses the Public-Key Cryptography Algorithm to secure user accounts. Assume you would use your membership number as the user ID U. For example, if your membership number is "M654321,” the user ID is U = 654321.

Answer the following questions:

a) Suppose the streaming service is using the RSA Public-Key Cryptography Algorithm. With a clear description, demonstrate the detailed steps of key generation, secret code S generation (i.e., encryption process), and generation of U' (i.e., decryption process). Use parameters: p = 2357 and q = 2551 to perform the following:

i. Select a small public key parameter (e = 65537) and show detailed steps to compute the streaming service’s public-key and private-key.

ii. How would the streaming service encrypt user ID U = to produce the secret code S?

iii. How would the streaming service decrypt S to produce U'? Page 10 of 11

b) Suppose the streaming service is using the ElGamal Public-Key Cryptography Algorithm. With a proper description, demonstrate the detailed steps of key generation, secret code S generation (i.e., encryption process), and generation of U' (i.e., decryption process). Use parameters: p = 9347529, g = 5678, and x = 4321.

i. Show detailed steps to compute your public key and private key.

ii. The streaming service chooses a random number r = 12345. How would the streaming service encrypt user ID U = to produce the secret code S?

iii. How would the streaming service decrypt S to produce U'?

This IT and Computer Science has been solved by our PhD Experts at My Uni Paper. Our Assignment Writing Experts are efficient in providing a fresh solution to this question. We are serving more than 10000+ Students in Australia, the UK, and the US by helping them to score HD in their academics. Our Experts are well-trained to follow all marking rubrics and referencing styles.

Be it a used or new solution, the quality of the work submitted by our assignment experts remains unhampered. You may continue to expect the same or even better quality with the used and new assignment solution files respectively. There’s one thing to be noticed you could choose one between the two and acquire an HD either way. You could choose a new assignment solution file to get yourself an exclusive, plagiarism (with free Turnitin file), expert quality assignment or order an old solution file that was considered worthy of the highest distinction.