微信客服:xiaoxionga100
微信客服:ITCS521
COSC2536/2537-COSC 2536程序代写案例-Assignment 1
时间:2022-03-18
Page 1 of 11
School of Science
COSC2536/2537 Security in Computing and Information
Technology
Assignment 1
Assessment Type: Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment
1.
Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via
announcements/relevant discussion forums.
Due date: Week 4, Friday the 25th Mar 2022 11:59pm
Deadlines will not be advanced, but they may be extended. Please check Canvas→Syllabus or via
Canvas→Assignments→Assignment 1 for the most up to date information.
As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per
each working day applies for up to 5 working days late, unless special consideration has been granted.
Weighting: 35 marks (Contributes 35% of the total Grade)
Overview
The objective of Assignment 1 is evaluating your knowledge on the topics covered in Lecture 1-4. Topics include Basic
Cryptographic Techniques, and Public-Key Cryptography (RSA, ElGamal and Paillier cryptosystems). Assignment 1 will
focus on developing your abilities in application of knowledge, critical analysis and decision making. Assignment 1 contains
several problems related to the topics mentioned above. You are required to prepare the solutions and upload them as a
single PDF or Word document in CANVAS.
In this assignment, there are 5 (five) questions in total. The first question Q1 is on designing a cryptographic algorithm
for a secure vault with a sophisticated digital keypad. In this question, a scenario is given that describes how a secret key
for the digital keypad is generated and the digital keypad works. You need to design an algorithm that satisfies the
requirements of the security of the digital keypad.
The second question Q2 is about designing an algorithm to perform cryptanalysis on a captured encrypted text. The term
Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages,
even if the cryptographic key is unknown. Therefore, you are expected to apply cryptanalysis in order to obtain plaintext
from the given ciphertext in Q2.
The second question Q3 is about the designing a Secure Online Property Auction System using the hash algorithm. In Q2,
you are expected to design an Online Bidding System where an attacker cannot determine the bid values of participants
and the hash algorithm based bidding would work.
The fourth question Q4 is related to breaking the RSA Encryption algorithm. In this question, you are expected to perform
prime factorization to break RSA private-key d from the public-key (n, e). You should demonstrate the detail steps with
explanations how the RSA encryption algorithm can be broken. Marks will be deducted if you fail to show the detail
computation correctly, skip the computation steps, or do not provide explanations.
The fifth question Q5 is about a real-life application of Public-Key cryptography. In this question, you are expected to show
how RSA and ElGamal Public-Key Cryptography techniques can be used in secure smart door. You should demonstrate
the detail steps with explanations how the RSA and ElGamal encryption and decryption work in the given context. Marks
will be deducted if you fail to show the detail computation correctly, skip the computation steps, or do not provide
explanations.
Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to start
preparing your answers immediately after the Lecture-1 (in Week-1). At the end of each week starting from Week-1 to
Week-4, you should be able to solve at least one question.
,
Page 2 of 11
If there are questions, you must ask via the relevant Canvas discussion forums in a general manner.
Overall, you must follow the following special instructions:
• You must use the values provided in the questions.
• Hand-written answers are not allowed and will not be assessed. Compose your answers using any
word processing software (e.g., MS Word).
• You are required to show all of the steps and intermediate results for each question.
• Please DO NOT provide codes as an answer. Only codes will not be assessed.
• Upload your solution as a single PDF or Word document in CANVAS.
Assessment Criteria
This assessment will determine your ability to:
• Follow requirements provided in this document and in the lessons.
• Independently solve a problem by using cryptography and cryptanalysis concepts taught over the first four weeks of the
course.
• Meeting deadlines.
Learning Outcomes
This assessment is relevant to the following Learning Outcomes:
1. CLO-1: explain the functioning of security services in computing environments and the security issues in
networked applications.
2. CLO-2: discuss various types of data integrity and confidentiality mechanisms including public key cryptography.
3. CLO-3: describe basic system security mechanisms and protocols, such as those used in operating systems, file
systems and computer networks.
Assessment details
Please ensure that you have read Section 1 to 3 of this document before going further. Assessment details (i.e. question
Q1 to Q5) are provided in the next page.
,
Page 3 of 11
Q1. Designing Cryptographic Algorithm for Secure Nuclear Arsenal Control
System (6 Marks)
Classified Information is material that a government body deems to be sensitive information that must
be protected. For example, national security agencies collect and store several sensitive information
regarding national security and mark them as classified before storing them. Access to the classified
information is restricted by law or regulation and can be disclosed to a group of people only having
necessary security clearance. As mishandling of the classified material can incur serious security
threats, a secure access mechanism is required.
Assume that a security agency wants to design a secure file access system to ensure that no classified
file be accessed by an employee of the agency without the clearance of the appropriate authority. For
example, John (an employee of the security agency with employee ID 500701) wants to access a
classified file that requires authorization from a group of people involving an Information Security
Manager, Information Security Director, and Chief Information Security Officer. Let’s assume, the group
is named as Oracle. To access a file (say, unique file number is 100503), John needs to send an
access request to the system for that file. The system generates a one-time security access key for
John to access the file and sends it to John. John can enter the access key to view the information of
the file. Once John accesses the file, the corresponding security access key is erased from the system
and cannot be used in the future.
At the time of creating a one-time security access key for a classified file, each member of Oracle
enters their own 6-digit integer secret code (e.g., 123456). The system generates a 6-digit integer
one-time pad. A security access key is generated by a key generation module with simple
cryptographic operation from John’s employee ID, the unique file number, Oracle members’ individual
6-digit secret codes, and the generated 6-digit integer one-time pad. The security access key for
the current request is sent to John. The system only stores the 6-digit integer one-time pad in the
system for the current request as follows:
Request Id Employee ID File to Access One-time Pad
R8101 500701 100503 987654
The illustration of the security access code generation is as follows:
Figure-1.1: One-time security access key generation process
,
Page 4 of 11
When an employee wants to access the file (with unique file number is 100503), the request is sent to
each member of Oracle. Then, each member enters their 6-digit secret code to the One-time Pad
Generation Module with simple cryptographic operation. The module takes unique file number,
employee ID, Oracle members’ individual 6-digit secret codes, and security access key for re-
generating the one-time pad. If the generated one-time pad matches to the one that is stored in
the system, an access to the file is granted to John. The re-generation process of the one-time pad
is shown as below:
Figure-1.2: One-time Pad generation process to check access
In this task, you need to design and explain the algorithms for both the One-time security
access key generation process and One-time Pad generation process of the secure file access
system to check access with numerical examples. Numbers shown in the diagrams are used
for illustration only. You need to choose your own appropriate 6-digit numbers to show all the
steps (i.e., One-time security access key generation and One-time Pad generation process) of
the algorithm.
[Note: Refer to the Week 2 Lecture and Lectorial, and Workshop-2 resources.]
Q2. Cryptanalysis with Missing Encrypted Text [8 Marks]
(a) Encoded Message (b) Decoded Message
Figure-2.1: Zimmermann Telegram
,
Page 5 of 11
In January 1917, British cryptographers deciphered a telegram from German Foreign Minister Arthur
Zimmermann to the German Minister to Mexico, Heinrich von Eckhardt. In that telegram, Zimmermann
offered United States territory to Mexico in return for joining the German cause. This message helped
draw the United States into the war and thus changed the course of history. The ciphertext and decoded
message of Zimmermann is shown in Figure-2.1. The challenge was the encrypted message had
many missing ciphertext. In spite of missing encrypted text, the British cryptographic office known as
“Room 40” decoded the Zimmermann Telegram and handed it over to the United States in late-
February 1917.
In this task, you have to decrypt an encrypted message. However, here we have encrypted a long
English message a bit differently. Every single alphabet in the message has been substituted by
another unique alphabet. The encrypted message is shown below:
XACTZBGKU ZVK XADDKXSGBI ZBL USAVGBI CAVK GBJAVCZSGAB SHZB KQKV YKJAVK,
XKCKBSGBI SHK GCTAVSZBXK AJ YASH LZSZ TVGQZXN ZBL LZSZ UKXRVGSN. BAP CAVK
SHZB KQKV GS GU XVGSGXZD SA TVASKXS XABJGLKBSGZD GBJAVCZSGAB ZBL KBURVK
YRUGBKUU XABSGBRGSN SHVARIH Z VAYRUS LZSZ TVASKXSGAB USVZSKIN. PK UHARDL
XAQKV SHK EKN XABXKTSU AJ LZSZ TVGQZXN ZBL LZSZ UKXRVGSN SA HKDT
LGJJKVKBSGZSK SHK SPA. SHK SKVCU LZSZ TVGQZXN ZBL LZSZ UKXRVGSN ZVK AJSKB
CGURBLKVUSAAL ZBL RUKL GBSKVXHZBIKZYDN. HAPKQKV, SHKN ZVK SPA UKTZVZSK
XABXKTSU SHZS PAVE GB SZBLKC SA EKKT LZSZ UZJK. LZSZ TVGQZXN JAXRUKU AB HAP
GBJAVCZSGAB GU HZBLDKL, USAVKL, ZBL RUKL. PHGDK LZSZ UKXRVGSN GU XABXKVBKL
PGSH TVASKXSGBI SHK ZUUKS AJ NARV AVIZBGMZSGAB.
Figure-2.2: English Alphabet Frequency Count
Using frequency analysis technique, you need to show step-by-step processes to Decipher
and find out the actual message. Use the English alphabet frequency count as shown in Figure
2.2. Please note that no marks will be given if only plaintext is shown without detailed steps.
[Note: Refer to the Week 1 Lecture and Lectorial, and Workshop-1 resources.]
Q3. Designing Secure Online Bidding System for an Online Freelancing Platform
using Hash Algorithm [7 Marks]
Online freelancing platforms connects businesses with freelancers, independent talent, and agencies
around the globe. Such platforms allow companies and freelancers work together to accomplish
different types of tasks including Information Technology (IT) projects, copywriting, research,
handyman jobs, and many more. The key benefit of the online freelancing platform is that it allows a
person or business advertising a task, taking quotations from interested freelancers from anywhere in
the world and select a freelancer. Hence, online freelancing platforms are getting popular day by day.
Some of the prominent online freelancing platforms are Upwork, Freelancer, Fiverr, and Airtasker. Face
to face meeting between businesses and customers are required in this platform which makes it most
suitable in the current pandemic situation.
,
Page 6 of 11
Online freelancing platforms inherits some features of traditional bidding applications where people
bid for a task without seeing other bidders bid amount and the bidder with the lowest asking price wins
the bid and assigned the task. Let’s name this bidding mechanism as blind bidding mechanism.
Assume that “GetExarts.com” is an online freelancing platform that adopts the above blind bidding
mechanism (see Fig. 3 for the illustration). The bidding mechanism strictly considers the following rules:
• A bidder cannot see the bid amounts of other bidders and can submit their bid only once.
• To ensure the blindness of the bid amount, a bidder must submit the bid amount as a hash
value. The hash of the bid amount is generated using SHA-256 hash algorithm.
• Once the bidding period is over, the system will ask the bidder to send their respective bid
amount in cleartext and match with the previously stored hash value. The bidder with the lowest
bid amount wins the bid.
Figure-3: Cryptographic Hash Function based Online Bidding Mechanism
In this task, you need to design a hash based blind bidding mechanism for the online freelancing
platform “GetExarts.com”. You are expected to do the followings:
a) Describe the hash based blind bidding mechanism with appropriate example that shows
numerical and hash values. Use any online SHA-256 hash generation calculator to get hash
values. [3 marks]
b) Describe with proper example (with numbers and hash values) if a smart bidder can cheat the
designed system and retrieve the plaintext bid amounts of other bidders from the hashed bid
amounts. [2 marks]
c) If you think that your designed system (according to the response of (a)) can be cheated,
describe a method that would prevent the cheating. [2 marks]
[Note: Refer to the Week 2 Lecture and Lectorial, and Workshop-2 resources.]
https://www.upwork.com/
https://www.freelancer.com/
https://www.airtasker.com/
[If you are interested to implement a broader version of this system as the Capstone project, please contact the Lecturer]
Q4. Breaking RSA Key (6 Marks)
Assume that you have been hired to analyse the security vulnerability of the XYZ Chatting application.
From the digital certificate, you have found that the XYZ Chatting Application uses RSA based public-
,
Page 7 of 11
key cryptography schemes to encrypt a secret message ‘M’. Although RSA is a popular cryptography
mechanism, researchers have successfully decrypted the RSA ciphertext using one of the RSA
cryptanalysis techniques, called prime factorization, without knowing the private key.
From the public-key of the chatting application, you have found that the chatting application uses very
large public key parameter: n = 5399937593. You guys know RSA encryption algorithm and prime
factorization very well. Now, you need to leverage your knowledge and understanding on the prime
factorization-based RSA cryptanalysis techniques for retrieving Alice and Bob’s secret message. You
need to use the concept of prime factorization to find out the prime numbers, the private key (d), and
the secret message (M).
You need to perform the followings:
a) Say, you have the list of first 10000 prime numbers which can be found in the URL:
https://primes.utm.edu/lists/small/10000.txt. Show step by-step process how to use prime
factorization effectively to find out two prime numbers (p and q) from the public key (n =
5399937593 and e = 3203) and the private-key (d) (i.e., RSA key breaking).
b) Show how the plaintext secret message (M) can be computed if you have captured a ciphertext
C = 2826893841.
c) Verify that the plaintext secret message is correct.
d) Would you be able to find the private-key (d) faster if you have 5 computers? Justify your answer
in your own words.
[Note: Refer to the Week 3 Lecture and Lectorial, and Workshop-3 resources.]
[https://www.quintessencelabs.com/blog/breaking-rsa-encryption-update-state-art/]
[If you are interested to implement a broader version of this system as the Capstone project, please contact the Lecturer]
Q5. Application of Public-Key Cryptography (Marks: 4+4 = 8)
Figure-4.1: User Registration Process
Figure-4.2: User Login Process
,
Page 8 of 11
Say, Tom wants to design a mobile based login system for his teams document sharing web application
using Public-Key Cryptography Algorithm. The login system works as follows:
1) If a user is using the web application for the first time, a user will register to the website with their
account ID denoted as M (which is an integer number, such as 1234567).
2) The web application has pre-configured public and private keys that are securely stored in the
server of the web application.
3) The web application generates a secret text (C) by encrypting M with the web application’s public
key and sends it to the user’s mobile phone as an SMS. The user needs to enter C at the time
of each login. Hence, the user should safely store the value C.
4) At the time of login, the user is asked to enter their account ID (M) and received secret text (C).
5) Once the web application received M and C, it computes a parameter M’ by decrypting C with
the private key.
6) The user is logged in if M = M’.
An overview of the process in shown in Figure-4.1 and Figure-4.2.
Assume that public and private keys will be generated using either RSA or ElGamal Public-Key
Cryptography Algorithm. Also assume that you would use your student number as the account ID M.
For example, if your student number is “S123456”, the account ID is M = 123456.
Answer the following questions:
a) Consider that the web application is using RSA Public-Key Cryptography Algorithm. With
proper description, show detailed steps of key generation, generation of secret text C (i.e.,
encryption process), and generation of the M’ (i.e., decryption process). Use parameters: p =
3217 and q = 3041 to perform the following:
i. Choose a small public key parameter (e = 773) and show detailed steps to compute the
web application’s public-key and private-key?
ii. How would the web application encrypt account ID M =‘S’> and produce the secret text C?
iii. How would the web application decrypt C to produce M’ ?
b) Consider that the web application is using ElGamal Public-Key Cryptography Algorithm. With
proper description, show detailed steps of key generation, generation of secret text C (i.e.,
encryption process), and generation of the M’ (i.e., decryption process). Use parameters: p =
8902967, g = 3707, and x = 7841.
i. Show detailed steps to compute your public-key and private-key?
iv. The web application chooses a random number r = 16889. How would the web
application encrypt account ID M = and produce the
secret text C?
v. How would the web application decrypt C to produce M’ ?
[Note: Refer to the Week 3 & 4 Lecture and Lectorial, and Workshop 3 & 4 resources.]
Academic integrity and plagiarism (standard warning)
Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while
developing your own insights, knowledge and ideas. You should take extreme care that you have:
• Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly
copied), summarized, paraphrased, discussed or mentioned in your assessment through the appropriate
referencing methods,
• Provided a reference list of the publication details so your reader can locate the source if necessary. This
includes material taken from Internet sites.
,
Page 9 of 11
If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off
the work and ideas of another person without appropriate referencing, as if they were your own.
RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of
inappropriate behaviors, including:
• Failure to properly document a source
• Copyright material from the internet or databases
• Collusion between students
For further information on our policies and procedures, please refer to the University website.
Assessment declaration
When you submit work electronically, you agree to the assessment declaration.
,
Page 10 of 11
Rubric/assessment criteria for marking
All of the computations must be correct and only provided values must be used. Instructions must be followed.
Criteria
The characteristic
or outcome that is
being judged. Total
Question 1
Designing
Cryptographic
Algorithm
The answer is correct and
the explanation is up to the
mark
6 Marks
The answer is correct,
but the explanation is not
up to the mark
4 Marks
The answer is partially correct and the
explanation is not up to the mark
2 Marks
The question is attempted but
the answer is not correct.
1 Marks
Not answered.
0 Marks
6 Marks
Question 2
Cryptanalysis
Plaintext is correct
Steps are shown in a systematic way and
algorithm is presented.
8 Marks
Plaintext is correct
Steps are shown in a systematic way, but
algorithm is not presented or incorrect.
4 Marks
Plaintext is partially correct
Or
Plaintext is correct. Steps are not shown
in a systematic way and algorithm is not
presented.
1 Marks
Not answered
0 Marks
8 Marks
Question 3
Cryptographic
Hash Algorithm
The answer is correct, and
the explanation is up to the
mark
7 Marks
The answer is correct,
but the explanation is not
up to the mark
5 Marks
The answer is partially correct, and the
explanation is not up to the mark
3 Marks
The question is attempted but
the answer is not correct.
1 Marks
Not answered
0 Marks
7 Marks
Question 4
Breaking RSA
Encryption
algorithm
Step-by-step processes of
finding secret key and
decryption are shown
correctly. The explanation
of breaking RSA is up to
the mark.
6 Marks
Step-by-step processes of finding
secret key and decryption are
shown correctly but the
explanation of breaking RSA is
not up to the mark.
OR,
Step-by-step processes of finding
secret key and decryption are not
shown correctly but the
explanation of breaking RSA is up
to the mark.
4 Marks
Step-by-step processes of
finding secret key and
decryption are shown but not
all of the computations are
shown correctly or step-by-
step processes are not
shown as required.
The explanation of breaking
RSA is not up to the mark.
2 Marks
The process of finding secret
key is partially correct and
detailed steps are not provided.
Decryption process is partially
correct or not described as per
the requirement.
The explanation of breaking
RSA is partially correct.
1 Marks
None of the steps are shown
correctly
Or
Not answered
0 Marks
6 Marks
,
Page 11 of 11
Question 5(a)
Encryption with
RSA Cryptography
Step-by-step processes of
both encryption and
decryption are shown
All of the computations are
shown correctly in detail
4 Marks
Step-by-step processes
of both encryption and
decryption are shown
Not all of the
computations are shown
correctly in detail
3 Marks
Step-by-step processes of encryption
are shown correctly
However, decryption steps are not
shown or incorrectly shown
2 Mark
Step-by-step processes of
encryption are shown that are
partially correct/ completely
wrong
Or
Only decryption steps are
correct
1 Marks
None of the steps are shown
correctly
Or
Calculations are not shown in
detail
Or
Not answered
0 Marks
4 Marks
Question 5(b)
Encryption with
ElGamal
Cryptography
Step-by-step processes of
both encryption and
decryption are shown
All of the computations are
shown correctly in detail
4 Marks
Step-by-step processes
of both encryption and
decryption are shown
Not all of the
computations are shown
correctly in detail
3 Marks
Step-by-step processes of encryption
are shown correctly
However, decryption steps are not
shown or incorrectly shown
2 Mark
Step-by-step processes of
encryption are shown that are
partially correct/ completely
wrong
Or
Only decryption steps are
correct
1 Marks
None of the steps are shown
correctly/
Calculations are not shown in
detail/
Not answered
0 Marks
4 Marks
School of Science
COSC2536/2537 Security in Computing and Information
Technology
Assignment 1
Assessment Type: Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment
1.
Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via
announcements/relevant discussion forums.
Due date: Week 4, Friday the 25th Mar 2022 11:59pm
Deadlines will not be advanced, but they may be extended. Please check Canvas→Syllabus or via
Canvas→Assignments→Assignment 1 for the most up to date information.
As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per
each working day applies for up to 5 working days late, unless special consideration has been granted.
Weighting: 35 marks (Contributes 35% of the total Grade)
Overview
The objective of Assignment 1 is evaluating your knowledge on the topics covered in Lecture 1-4. Topics include Basic
Cryptographic Techniques, and Public-Key Cryptography (RSA, ElGamal and Paillier cryptosystems). Assignment 1 will
focus on developing your abilities in application of knowledge, critical analysis and decision making. Assignment 1 contains
several problems related to the topics mentioned above. You are required to prepare the solutions and upload them as a
single PDF or Word document in CANVAS.
In this assignment, there are 5 (five) questions in total. The first question Q1 is on designing a cryptographic algorithm
for a secure vault with a sophisticated digital keypad. In this question, a scenario is given that describes how a secret key
for the digital keypad is generated and the digital keypad works. You need to design an algorithm that satisfies the
requirements of the security of the digital keypad.
The second question Q2 is about designing an algorithm to perform cryptanalysis on a captured encrypted text. The term
Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages,
even if the cryptographic key is unknown. Therefore, you are expected to apply cryptanalysis in order to obtain plaintext
from the given ciphertext in Q2.
The second question Q3 is about the designing a Secure Online Property Auction System using the hash algorithm. In Q2,
you are expected to design an Online Bidding System where an attacker cannot determine the bid values of participants
and the hash algorithm based bidding would work.
The fourth question Q4 is related to breaking the RSA Encryption algorithm. In this question, you are expected to perform
prime factorization to break RSA private-key d from the public-key (n, e). You should demonstrate the detail steps with
explanations how the RSA encryption algorithm can be broken. Marks will be deducted if you fail to show the detail
computation correctly, skip the computation steps, or do not provide explanations.
The fifth question Q5 is about a real-life application of Public-Key cryptography. In this question, you are expected to show
how RSA and ElGamal Public-Key Cryptography techniques can be used in secure smart door. You should demonstrate
the detail steps with explanations how the RSA and ElGamal encryption and decryption work in the given context. Marks
will be deducted if you fail to show the detail computation correctly, skip the computation steps, or do not provide
explanations.
Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to start
preparing your answers immediately after the Lecture-1 (in Week-1). At the end of each week starting from Week-1 to
Week-4, you should be able to solve at least one question.
,
Page 2 of 11
If there are questions, you must ask via the relevant Canvas discussion forums in a general manner.
Overall, you must follow the following special instructions:
• You must use the values provided in the questions.
• Hand-written answers are not allowed and will not be assessed. Compose your answers using any
word processing software (e.g., MS Word).
• You are required to show all of the steps and intermediate results for each question.
• Please DO NOT provide codes as an answer. Only codes will not be assessed.
• Upload your solution as a single PDF or Word document in CANVAS.
Assessment Criteria
This assessment will determine your ability to:
• Follow requirements provided in this document and in the lessons.
• Independently solve a problem by using cryptography and cryptanalysis concepts taught over the first four weeks of the
course.
• Meeting deadlines.
Learning Outcomes
This assessment is relevant to the following Learning Outcomes:
1. CLO-1: explain the functioning of security services in computing environments and the security issues in
networked applications.
2. CLO-2: discuss various types of data integrity and confidentiality mechanisms including public key cryptography.
3. CLO-3: describe basic system security mechanisms and protocols, such as those used in operating systems, file
systems and computer networks.
Assessment details
Please ensure that you have read Section 1 to 3 of this document before going further. Assessment details (i.e. question
Q1 to Q5) are provided in the next page.
,
Page 3 of 11
Q1. Designing Cryptographic Algorithm for Secure Nuclear Arsenal Control
System (6 Marks)
Classified Information is material that a government body deems to be sensitive information that must
be protected. For example, national security agencies collect and store several sensitive information
regarding national security and mark them as classified before storing them. Access to the classified
information is restricted by law or regulation and can be disclosed to a group of people only having
necessary security clearance. As mishandling of the classified material can incur serious security
threats, a secure access mechanism is required.
Assume that a security agency wants to design a secure file access system to ensure that no classified
file be accessed by an employee of the agency without the clearance of the appropriate authority. For
example, John (an employee of the security agency with employee ID 500701) wants to access a
classified file that requires authorization from a group of people involving an Information Security
Manager, Information Security Director, and Chief Information Security Officer. Let’s assume, the group
is named as Oracle. To access a file (say, unique file number is 100503), John needs to send an
access request to the system for that file. The system generates a one-time security access key for
John to access the file and sends it to John. John can enter the access key to view the information of
the file. Once John accesses the file, the corresponding security access key is erased from the system
and cannot be used in the future.
At the time of creating a one-time security access key for a classified file, each member of Oracle
enters their own 6-digit integer secret code (e.g., 123456). The system generates a 6-digit integer
one-time pad. A security access key is generated by a key generation module with simple
cryptographic operation from John’s employee ID, the unique file number, Oracle members’ individual
6-digit secret codes, and the generated 6-digit integer one-time pad. The security access key for
the current request is sent to John. The system only stores the 6-digit integer one-time pad in the
system for the current request as follows:
Request Id Employee ID File to Access One-time Pad
R8101 500701 100503 987654
The illustration of the security access code generation is as follows:
Figure-1.1: One-time security access key generation process
,
Page 4 of 11
When an employee wants to access the file (with unique file number is 100503), the request is sent to
each member of Oracle. Then, each member enters their 6-digit secret code to the One-time Pad
Generation Module with simple cryptographic operation. The module takes unique file number,
employee ID, Oracle members’ individual 6-digit secret codes, and security access key for re-
generating the one-time pad. If the generated one-time pad matches to the one that is stored in
the system, an access to the file is granted to John. The re-generation process of the one-time pad
is shown as below:
Figure-1.2: One-time Pad generation process to check access
In this task, you need to design and explain the algorithms for both the One-time security
access key generation process and One-time Pad generation process of the secure file access
system to check access with numerical examples. Numbers shown in the diagrams are used
for illustration only. You need to choose your own appropriate 6-digit numbers to show all the
steps (i.e., One-time security access key generation and One-time Pad generation process) of
the algorithm.
[Note: Refer to the Week 2 Lecture and Lectorial, and Workshop-2 resources.]
Q2. Cryptanalysis with Missing Encrypted Text [8 Marks]
(a) Encoded Message (b) Decoded Message
Figure-2.1: Zimmermann Telegram
,
Page 5 of 11
In January 1917, British cryptographers deciphered a telegram from German Foreign Minister Arthur
Zimmermann to the German Minister to Mexico, Heinrich von Eckhardt. In that telegram, Zimmermann
offered United States territory to Mexico in return for joining the German cause. This message helped
draw the United States into the war and thus changed the course of history. The ciphertext and decoded
message of Zimmermann is shown in Figure-2.1. The challenge was the encrypted message had
many missing ciphertext. In spite of missing encrypted text, the British cryptographic office known as
“Room 40” decoded the Zimmermann Telegram and handed it over to the United States in late-
February 1917.
In this task, you have to decrypt an encrypted message. However, here we have encrypted a long
English message a bit differently. Every single alphabet in the message has been substituted by
another unique alphabet. The encrypted message is shown below:
XACTZBGKU ZVK XADDKXSGBI ZBL USAVGBI CAVK GBJAVCZSGAB SHZB KQKV YKJAVK,
XKCKBSGBI SHK GCTAVSZBXK AJ YASH LZSZ TVGQZXN ZBL LZSZ UKXRVGSN. BAP CAVK
SHZB KQKV GS GU XVGSGXZD SA TVASKXS XABJGLKBSGZD GBJAVCZSGAB ZBL KBURVK
YRUGBKUU XABSGBRGSN SHVARIH Z VAYRUS LZSZ TVASKXSGAB USVZSKIN. PK UHARDL
XAQKV SHK EKN XABXKTSU AJ LZSZ TVGQZXN ZBL LZSZ UKXRVGSN SA HKDT
LGJJKVKBSGZSK SHK SPA. SHK SKVCU LZSZ TVGQZXN ZBL LZSZ UKXRVGSN ZVK AJSKB
CGURBLKVUSAAL ZBL RUKL GBSKVXHZBIKZYDN. HAPKQKV, SHKN ZVK SPA UKTZVZSK
XABXKTSU SHZS PAVE GB SZBLKC SA EKKT LZSZ UZJK. LZSZ TVGQZXN JAXRUKU AB HAP
GBJAVCZSGAB GU HZBLDKL, USAVKL, ZBL RUKL. PHGDK LZSZ UKXRVGSN GU XABXKVBKL
PGSH TVASKXSGBI SHK ZUUKS AJ NARV AVIZBGMZSGAB.
Figure-2.2: English Alphabet Frequency Count
Using frequency analysis technique, you need to show step-by-step processes to Decipher
and find out the actual message. Use the English alphabet frequency count as shown in Figure
2.2. Please note that no marks will be given if only plaintext is shown without detailed steps.
[Note: Refer to the Week 1 Lecture and Lectorial, and Workshop-1 resources.]
Q3. Designing Secure Online Bidding System for an Online Freelancing Platform
using Hash Algorithm [7 Marks]
Online freelancing platforms connects businesses with freelancers, independent talent, and agencies
around the globe. Such platforms allow companies and freelancers work together to accomplish
different types of tasks including Information Technology (IT) projects, copywriting, research,
handyman jobs, and many more. The key benefit of the online freelancing platform is that it allows a
person or business advertising a task, taking quotations from interested freelancers from anywhere in
the world and select a freelancer. Hence, online freelancing platforms are getting popular day by day.
Some of the prominent online freelancing platforms are Upwork, Freelancer, Fiverr, and Airtasker. Face
to face meeting between businesses and customers are required in this platform which makes it most
suitable in the current pandemic situation.
,
Page 6 of 11
Online freelancing platforms inherits some features of traditional bidding applications where people
bid for a task without seeing other bidders bid amount and the bidder with the lowest asking price wins
the bid and assigned the task. Let’s name this bidding mechanism as blind bidding mechanism.
Assume that “GetExarts.com” is an online freelancing platform that adopts the above blind bidding
mechanism (see Fig. 3 for the illustration). The bidding mechanism strictly considers the following rules:
• A bidder cannot see the bid amounts of other bidders and can submit their bid only once.
• To ensure the blindness of the bid amount, a bidder must submit the bid amount as a hash
value. The hash of the bid amount is generated using SHA-256 hash algorithm.
• Once the bidding period is over, the system will ask the bidder to send their respective bid
amount in cleartext and match with the previously stored hash value. The bidder with the lowest
bid amount wins the bid.
Figure-3: Cryptographic Hash Function based Online Bidding Mechanism
In this task, you need to design a hash based blind bidding mechanism for the online freelancing
platform “GetExarts.com”. You are expected to do the followings:
a) Describe the hash based blind bidding mechanism with appropriate example that shows
numerical and hash values. Use any online SHA-256 hash generation calculator to get hash
values. [3 marks]
b) Describe with proper example (with numbers and hash values) if a smart bidder can cheat the
designed system and retrieve the plaintext bid amounts of other bidders from the hashed bid
amounts. [2 marks]
c) If you think that your designed system (according to the response of (a)) can be cheated,
describe a method that would prevent the cheating. [2 marks]
[Note: Refer to the Week 2 Lecture and Lectorial, and Workshop-2 resources.]
https://www.upwork.com/
https://www.freelancer.com/
https://www.airtasker.com/
[If you are interested to implement a broader version of this system as the Capstone project, please contact the Lecturer]
Q4. Breaking RSA Key (6 Marks)
Assume that you have been hired to analyse the security vulnerability of the XYZ Chatting application.
From the digital certificate, you have found that the XYZ Chatting Application uses RSA based public-
,
Page 7 of 11
key cryptography schemes to encrypt a secret message ‘M’. Although RSA is a popular cryptography
mechanism, researchers have successfully decrypted the RSA ciphertext using one of the RSA
cryptanalysis techniques, called prime factorization, without knowing the private key.
From the public-key of the chatting application, you have found that the chatting application uses very
large public key parameter: n = 5399937593. You guys know RSA encryption algorithm and prime
factorization very well. Now, you need to leverage your knowledge and understanding on the prime
factorization-based RSA cryptanalysis techniques for retrieving Alice and Bob’s secret message. You
need to use the concept of prime factorization to find out the prime numbers, the private key (d), and
the secret message (M).
You need to perform the followings:
a) Say, you have the list of first 10000 prime numbers which can be found in the URL:
https://primes.utm.edu/lists/small/10000.txt. Show step by-step process how to use prime
factorization effectively to find out two prime numbers (p and q) from the public key (n =
5399937593 and e = 3203) and the private-key (d) (i.e., RSA key breaking).
b) Show how the plaintext secret message (M) can be computed if you have captured a ciphertext
C = 2826893841.
c) Verify that the plaintext secret message is correct.
d) Would you be able to find the private-key (d) faster if you have 5 computers? Justify your answer
in your own words.
[Note: Refer to the Week 3 Lecture and Lectorial, and Workshop-3 resources.]
[https://www.quintessencelabs.com/blog/breaking-rsa-encryption-update-state-art/]
[If you are interested to implement a broader version of this system as the Capstone project, please contact the Lecturer]
Q5. Application of Public-Key Cryptography (Marks: 4+4 = 8)
Figure-4.1: User Registration Process
Figure-4.2: User Login Process
,
Page 8 of 11
Say, Tom wants to design a mobile based login system for his teams document sharing web application
using Public-Key Cryptography Algorithm. The login system works as follows:
1) If a user is using the web application for the first time, a user will register to the website with their
account ID denoted as M (which is an integer number, such as 1234567).
2) The web application has pre-configured public and private keys that are securely stored in the
server of the web application.
3) The web application generates a secret text (C) by encrypting M with the web application’s public
key and sends it to the user’s mobile phone as an SMS. The user needs to enter C at the time
of each login. Hence, the user should safely store the value C.
4) At the time of login, the user is asked to enter their account ID (M) and received secret text (C).
5) Once the web application received M and C, it computes a parameter M’ by decrypting C with
the private key.
6) The user is logged in if M = M’.
An overview of the process in shown in Figure-4.1 and Figure-4.2.
Assume that public and private keys will be generated using either RSA or ElGamal Public-Key
Cryptography Algorithm. Also assume that you would use your student number as the account ID M.
For example, if your student number is “S123456”, the account ID is M = 123456.
Answer the following questions:
a) Consider that the web application is using RSA Public-Key Cryptography Algorithm. With
proper description, show detailed steps of key generation, generation of secret text C (i.e.,
encryption process), and generation of the M’ (i.e., decryption process). Use parameters: p =
3217 and q = 3041 to perform the following:
i. Choose a small public key parameter (e = 773) and show detailed steps to compute the
web application’s public-key and private-key?
ii. How would the web application encrypt account ID M =
iii. How would the web application decrypt C to produce M’ ?
b) Consider that the web application is using ElGamal Public-Key Cryptography Algorithm. With
proper description, show detailed steps of key generation, generation of secret text C (i.e.,
encryption process), and generation of the M’ (i.e., decryption process). Use parameters: p =
8902967, g = 3707, and x = 7841.
i. Show detailed steps to compute your public-key and private-key?
iv. The web application chooses a random number r = 16889. How would the web
application encrypt account ID M =
secret text C?
v. How would the web application decrypt C to produce M’ ?
[Note: Refer to the Week 3 & 4 Lecture and Lectorial, and Workshop 3 & 4 resources.]
Academic integrity and plagiarism (standard warning)
Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while
developing your own insights, knowledge and ideas. You should take extreme care that you have:
• Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly
copied), summarized, paraphrased, discussed or mentioned in your assessment through the appropriate
referencing methods,
• Provided a reference list of the publication details so your reader can locate the source if necessary. This
includes material taken from Internet sites.
,
Page 9 of 11
If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off
the work and ideas of another person without appropriate referencing, as if they were your own.
RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of
inappropriate behaviors, including:
• Failure to properly document a source
• Copyright material from the internet or databases
• Collusion between students
For further information on our policies and procedures, please refer to the University website.
Assessment declaration
When you submit work electronically, you agree to the assessment declaration.
,
Page 10 of 11
Rubric/assessment criteria for marking
All of the computations must be correct and only provided values must be used. Instructions must be followed.
Criteria
The characteristic
or outcome that is
being judged. Total
Question 1
Designing
Cryptographic
Algorithm
The answer is correct and
the explanation is up to the
mark
6 Marks
The answer is correct,
but the explanation is not
up to the mark
4 Marks
The answer is partially correct and the
explanation is not up to the mark
2 Marks
The question is attempted but
the answer is not correct.
1 Marks
Not answered.
0 Marks
6 Marks
Question 2
Cryptanalysis
Plaintext is correct
Steps are shown in a systematic way and
algorithm is presented.
8 Marks
Plaintext is correct
Steps are shown in a systematic way, but
algorithm is not presented or incorrect.
4 Marks
Plaintext is partially correct
Or
Plaintext is correct. Steps are not shown
in a systematic way and algorithm is not
presented.
1 Marks
Not answered
0 Marks
8 Marks
Question 3
Cryptographic
Hash Algorithm
The answer is correct, and
the explanation is up to the
mark
7 Marks
The answer is correct,
but the explanation is not
up to the mark
5 Marks
The answer is partially correct, and the
explanation is not up to the mark
3 Marks
The question is attempted but
the answer is not correct.
1 Marks
Not answered
0 Marks
7 Marks
Question 4
Breaking RSA
Encryption
algorithm
Step-by-step processes of
finding secret key and
decryption are shown
correctly. The explanation
of breaking RSA is up to
the mark.
6 Marks
Step-by-step processes of finding
secret key and decryption are
shown correctly but the
explanation of breaking RSA is
not up to the mark.
OR,
Step-by-step processes of finding
secret key and decryption are not
shown correctly but the
explanation of breaking RSA is up
to the mark.
4 Marks
Step-by-step processes of
finding secret key and
decryption are shown but not
all of the computations are
shown correctly or step-by-
step processes are not
shown as required.
The explanation of breaking
RSA is not up to the mark.
2 Marks
The process of finding secret
key is partially correct and
detailed steps are not provided.
Decryption process is partially
correct or not described as per
the requirement.
The explanation of breaking
RSA is partially correct.
1 Marks
None of the steps are shown
correctly
Or
Not answered
0 Marks
6 Marks
,
Page 11 of 11
Question 5(a)
Encryption with
RSA Cryptography
Step-by-step processes of
both encryption and
decryption are shown
All of the computations are
shown correctly in detail
4 Marks
Step-by-step processes
of both encryption and
decryption are shown
Not all of the
computations are shown
correctly in detail
3 Marks
Step-by-step processes of encryption
are shown correctly
However, decryption steps are not
shown or incorrectly shown
2 Mark
Step-by-step processes of
encryption are shown that are
partially correct/ completely
wrong
Or
Only decryption steps are
correct
1 Marks
None of the steps are shown
correctly
Or
Calculations are not shown in
detail
Or
Not answered
0 Marks
4 Marks
Question 5(b)
Encryption with
ElGamal
Cryptography
Step-by-step processes of
both encryption and
decryption are shown
All of the computations are
shown correctly in detail
4 Marks
Step-by-step processes
of both encryption and
decryption are shown
Not all of the
computations are shown
correctly in detail
3 Marks
Step-by-step processes of encryption
are shown correctly
However, decryption steps are not
shown or incorrectly shown
2 Mark
Step-by-step processes of
encryption are shown that are
partially correct/ completely
wrong
Or
Only decryption steps are
correct
1 Marks
None of the steps are shown
correctly/
Calculations are not shown in
detail/
Not answered
0 Marks
4 Marks
