University of Sussex
Introduction to Computer Security – G6077
Weighting: 50% of marks for the module
Please note that the resit assignment is simply to a repeat the original assignment.
Submission deadline: Check deadline on Sussex direct. e-submission to Canvas
You must work on this assignment on your own. The standard Informatics rules for collusion, plagiarism and lateness apply. Any cases of potential misconduct discovered will be reported and investigated.
Key points:
1) All questions must be answered. There are no optional questions.
2) You must use template file to answer your questions.
3) Task 5 will be assessed from screen shots and video that you will record.
Important! All the codes for tasks 4 and 5 need to be on GitHub. Repository link will be requested if needed. In case of disagreement for marks of tasks 4 and 5 marks, code from GitHub will be the only trusted resource. Student must not modify or access repository after the deadline date. If GitHub is NOT used for task 5 or if it has been modified after the deadline, original marks will stay.
4) To ensure anonymous marking, you must NOT mention your name in the coursework.
5) After downloading template file, you will rename it by your student number.
Task 1 [5 marks]
Compare Remote Administration Tools and Botnets for its differences.
Task 2 [5 marks]
You will need to use the DVDSwap application for this task, which is available on Canvas. There are a number of files and folders in the project.
You will need to find the part, which is required to complete the task. You are not required to fix errors to run the application.
In the module, you have studied different issues and challenges about protecting information assets like passwords. Describe weaknesses of how password mechanism is implemented in DVDSwap application. Suggest improvements to overcome these weaknesses.
Task 3 [5 marks]
Perform the encryption and decryption using the RSA algorithm:
a) p=13; q=31, e=19; m=2
Task 4 [15 marks]
Suppose you work as a junior cyber security expert in a security organisation. Your manager has forwarded you the encrypted message below and has asked you to carry out an analysis.
PBFPVYFBQXZTYFPBFEQJHDXXQVAPTPQJKTOYQWIPBVWLXTOXBTFXQWAXBVCXQWAXFQJVWLEQNTOZQGGQLFXQWAKVWLXQWAEBIPBFXFQVXGTVJVWLBTPQWAEBFPBFHCVLXBQUFEVWLXGDPEQVPQGVPPBFTIXPFHXZHVFAGFOTHFEFBQUFTDHZBQPOTHXTYFTODXQHFTDPTOGHFQPBQWAQJJTODXQHFOQPWTBDHHIXQVAPBFZQHCFWPFHPBFIPBQWKFABVYYDZBOTHPBQPQJTQOTOGHFQAPBFEQJHDXXQVAVXEBQPEFZBVFOJIWFFACFCCFHQWAUVWFLQHGFXVAFXQHFUFHILTTAVWAFFAWTEVOITDHFHFQAITIXPFHXAFQHEFZQWGFLVWPTOFFA
• Implement your own algorithm that perform single character frequency analysis [7 marks]
• At-least 8 words have been decrypted. You can use any method or tool to decrypt the ciphertext [4 marks]
• Algorithm is structured well [4 marks]
Task 5
Read the scenario below and attempt the questions at the end based on this scenario.
Scenario
A famous Pizza Restaurant in Brighton wants to implement an IT solution to increase their sale by working efficiently and managing orders easily. They plan to start a take-away delivery service. An IT consultant has recommended that the system would work like this:
A waiter enters orders (and customer details if for a new customer) on a PC while taking the orders over the phone.
The orders are displayed on a touchscreen in the kitchen where the chef can see at a glance what to do next.
As each order is finished, the chef clears it from the list. It is then displayed on a third screen for the delivery driver. The driver clears orders as they are loaded for delivery.
Customer and order data will be used for promotional and for management information.
Owner wants that customers should register themselves by using the web interface of the application. But he is worried for client data safety due to GDPR. A secure system will give him more confidence.
Owner has requested to have a feature which allows him to display highest order.
• Implement a secure registration and login feature for customers. [15 marks]
• Allow customers to modify their passwords securely. [15 marks]
• Use bullet points to list your reasons why the features implemented in (i) and (ii) are secure. [5 marks]
• In this part of the question, you will demonstrate a deeper, wider and beyond understanding of the subject boundary.
Improve registration and login feature from at least three different aspects. Improvement must make application more secure against an attack or a vulnerability. It should be significant, and the student should have explored itself to get a wider understanding of the topic. For example, data passed between client and server is encrypted (https) and unit testing methodology for secure development of application.
For each of the three improvements, you will need to provide three reasons how the application is more secure and what attack or vulnerability it provides security against.
[30 marks,10 marks for each deeper part – implementation 7 marks reasons/attacks 3 marks].
Task 6) Documentation [5 marks]
i) Using template correctly [1 mark]
ii) Recording video of task 5 explaining all aspects [2 marks]
[It should be uploaded to one drive and its link will be provided in the report] If video is not provided task 5 can not be assessed.
iii) Self-assessment form [2 marks]
Evidence and marking scheme list
Self-assessment marks/
Mark your own effort.
Task 1/5marks
Five significance differences are listed. [1 mark for each]
Task 2/5marks
Five important weaknesses and five improvements.
[1/2 mark for each]
Task 3/5marks
All the steps shown, and correct values are given.
[1 mark for correct answer while 4 for the steps]
Task 4 / 15 marks
• Implement your own algorithm that perform single or other levels of frequency analysis [5 marks]
• Algorithm works [2 marks]
• At-least 8 words have been used [4 marks]
• Algorithm is structured well [4 marks]
Task 5 /
I = 15 marks
II= 15marks
III 5marks
IV= 30 marks
•
• Registration Form [1mark]
• Registration Check [1 mark]
• Database table [1 mark]
• Screenshot of table before and after successful user registration
• Login form and check scripts [3 marks]
• Test screen shot of login
• Security. It will be checked from your screenshots of code [9 marks]
• Updating password
• Updating password form and check. [4 marks]
• Test screen shots of updating password before and after.
• Security. It will be checked from your screenshots of code
[11 marks]
• Reasons of i and ii are secure.
• Reasons for (i) 3 marks
• Reasons for (ii) 2 marks
• Deeper understanding and beyond
For any area to be consider for marking in this section, it needs to make
• application secure
• must be significant
• student should have extended the boundary of knowledge beyond.
Task 6 / 5marks
Total self-assessed marks