BCU
Faculty of
Computing, Engineering
and the Built Environment
Coursework Assessment Brief
Academic Year 2016-17
Module:
CMP5059 Data Capture
Technology UG2
Assessment Title: Authentication and Cryptography using RFID
Assessment Identifier: CWK002 Weighting: 70%
School: Computing, Telecommunications and Networks
Module Co-ordinator:
Kenny Awuson-David
Kenny.awuson-david@bcu.ac.uk
Hand in deadline date: See module Moodle page
Hand back date: See module Moodle page
Re-assessment hand in
deadline date:
31st July 2017 at 12:00 noon
Support available for
students required to
submit a re-assessment:
Timetabled revisions sessions will be arranged for the period
immediately preceding the hand in date
NOTE:
At the first assessment attempt, the full range of marks is
available. At the re-assessment attempt the mark is capped
and the maximum mark that can be achieved is 40%.
Assessment Summary CWK2 – Software Demonstration and Viva
Design and implementation of a middleware software
application written in VB.NET for a low frequency RFID
system used to authenticate and apply cryptographic
functions to protect computer files.
mailto:Kenny.awuson-david@bcu.ac.uk
IMPORTANT STATEMENTS
Standard Undergraduate Assessment Regulations
From the start of the 2014/15 academic year, your studies will be governed by version 5 of
the Standard Undergraduate Assessment Regulations (SUAR 5).
Under these regulations you are permitted two attempts at assessment for each module: a
first sit and re-assessment attempt.
This means that you will be required to withdraw from the course if, following the
reassessment attempt, you have not passed.
Cheating and Plagiarism
Both cheating and plagiarism are totally unacceptable and the University maintains a strict
policy against them. It is YOUR responsibility to be aware of this policy and to act
accordingly. Please refer to the Academic Registry Guidance at
https://icity.bcu.ac.uk/Academic-Registry/Information-for-Students/Assessment/Avoiding-
Allegations-of-Cheating
The basic principles are:
Don’t pass off anyone else’s work as your own, including work from “essay banks”.
This is plagiarism and is viewed extremely seriously by the University.
Don’t submit a piece of work in whole or in part that has already been submitted for
assessment elsewhere. This is called duplication and, like plagiarism, is viewed
extremely seriously by the University.
Always acknowledge all of the sources that you have used in your coursework
assignment or project.
If you are using the exact words of another person, always put them in quotation
marks.
Check that you know whether the coursework is to be produced individually or
whether you can work with others.
If you are doing group work, be sure about what you are supposed to do on your
own.
Never make up or falsify data to prove your point.
Never allow others to copy your work.
Never lend disks, memory sticks or copies of your coursework to any other student
in the University; this may lead you being accused of collusion.
By submitting coursework, either physically or electronically, you are confirming that it is
your own work (or, in the case of a group submission, that it is the result of joint work
undertaken by members of the group that you represent) and that you have read and
understand the University’s guidance on plagiarism and cheating.
Students should be aware that, at the discretion of the module co-ordinator, coursework
may be submitted to an electronic detection system in order to help ascertain if any
plagiarised material is present.
https://icity.bcu.ac.uk/Academic-Registry/Information-for-Students/Assessment/Avoiding-Allegations-of-Cheating
https://icity.bcu.ac.uk/Academic-Registry/Information-for-Students/Assessment/Avoiding-Allegations-of-Cheating
Electronic Submission of Work
Students should also be aware that it is their responsibility to ensure that work submitted in
electronic format can be opened on a faculty computer and to check that any electronic
submissions have been successfully uploaded. If it cannot be opened it will not be marked.
Any required file formats will be specified in the assignment brief and failure to comply with
these submission requirements will result in work not being marked.
Students must retain a copy of all electronic work they have submitted and resubmit if
requested.
Learning Outcomes to be Assessed:
1. Create and manage connections via serial ports.
2. Write programs to communicate with hardware devices using serial connections.
3. Design and implement non-trivial algorithms for problem solving.
4. Specify and select appropriate data structures, data carriers, track and traceability
solutions and specific security support techniques to meet particular application and
security needs.
5. Demonstrate understanding of how to accommodate vulnerability factors associated
with data carriers and data capture appliances and onward transfer of data.
Assessment Details:
Design and develop a host cryptography software application in VB.Net that will be used to
encrypt and decrypt jpeg image files for Windows based operating systems. The software
application must require login authentication using both traditional user login and
password, but also RFID enabled authentication. Encryption and decryption of files will be
applied using cryptographic keys protected and stored on RFID an RFID tag.
The software must allow a user to log-in using a traditional username and password. This
username and password must be verified by a corresponding username and password
MD5 hash stored on a RFID tag. Once login has been authenticated, the user will be able
to select files from their computer (or connected removable drives) to encrypt or decrypt
using AES encryption. The software must employ the CFB cipher-mode of AES
encryption.
The software must the user to initialise a new RFID tag for login and IV verification. The
initialise process will generate an MD5 hash of the username and password combines as
one string and store it into the first four blocks of the RFID tag.
When a file is encrypted using the AESCryptoServiceProvider in VB.NET, a random 16
byte initialisation vector (IV) is automatically generated. The IV (Initialisation Vector) has
to be specified along with the cryptographic encryption key in order to encrypt/decrypt a
file. To avoid having to specify the IV’s and the cryptographic pass-key every time a file is
to be decrypted, the 16-byte IV must also be stored in the RFID tag.
When a file is to be encrypted, the user must select a cryptographic pass-key (a string
value); the automatically generated IV must be stored in the RFID tag. When this file is to
be decrypted, the user must enter the valid pass-key and the corresponding IV must be
read out of the tag in order to complete the file decryption.
The 16-bit IV for the encrypted file must be stored in the next four blocks of the tag. The
diagram below shows the memory structure of the RFID tag and location where the login
credential MD5 hash and IV are stored respectively.
5 BYTE SERIAL NUMBER
MD5 Hash of
username and
password
IV of encrypted file
0
1
2
3
4
5
6
7
8
.
.
.
63
62
61
60
Data blocks
The core functionality of you software must include:
Establish and manage a serial communications link in order to communicate with
the RFID reader.
Allowing to user to initialise a RFID tag by storing the MD5 hash of the username
and password (combined).
Verify the username login credentials by comparing the entered username and
password at the log-in stage with the username and password MD5 hash stored in
the RFID tag.
Once successfully logged in:
o the user must be able to select a saved jpeg file on the host computer and
encrypt it using AES encryption; CFB cipher-mode AES encryption must be
employed. The encrypted file must be saved to a drive on the host
computer. The automatically generated IV must be saved to the RFID tag,
o the user must be able to select a saved decrypted jpeg file on a drive of the
host computer and decrypt it saving the decrypted file to back to the
MD5 of Username
and Password
M
D
5
o
f U
se
rn
a
m
e
a
n
d
P
a
ssw
o
rd
MD5 of Username
and Password
Do
MD5
hashes
match?
YES
N
O
Login successful,
enable
cryptography
features
Login Failed
computer. In order to successfully complete the decryption process, the
associated IV must be read from the RFID tag.
Once any cryptographic operations are complete, the user must be able to log-off
and automatically close the serial port connection used to communicate with the
RFID reader.
Advanced functionality may include:
the saving of multiple IV’s for the encryption/decryption of multiple files
storing a record of IV’s and associated filenames if encrypted files on the RFID tag
Resources Provided
Visual Basic.NET
FEIG ID RW02 RFID Desktop Reader
FEIG ID RW02 RFID Emulator
FEIG ID RW02 RFID Communication Protocol
Hitag1 Transponder(s)
Software Demonstration and Viva Marking Scheme
Category Description
Max
Mark
Awarded
Mark
Graphical User Interface
Basic single form interface 1
Multiple form interface 3
Data-type validation (for strings) 4
Reduction of erroneous data by minimising textual input 2
Serial Port Communication Configuration
Established serial port communication link via search and
select from machine available ports
4
Correct port configurations used 4
Closed port(s) on exit 2
Data Processing and Validation
BCC checksum algorithm successfully implemented 4
GetSerialNumber byte array constructed in compliance to
the FEIG RW02 frame protocol
3
WriteBlocks byte array constructed in compliance to the
FEIG RW02 frame protocol
3
ReadBlocks byte array constructed in compliance to the
FEIG RW02 frame protocol
3
The RFID tag is able to be initialised with username and
password credentials.
4
Cryptographic Keys can be stored in the RFID tag 4
External files can be accessed and encrypted and saved
using credentials saved on the tag
3
External encrypted files can be decrypted and saved
using credentials saved on the tag
3
Data IO (Communication)
FEIG RW02 protocol frame successfully transmitted using
Comm.Write()
3
FEIG RW02 protocol frame successfully received using
Comm.Read()
3
FEIG RW02 reader response read in and processed
based on Status byte value
4
Hitag 1 transponder Serial Number extracted, converted
and displayed on GUI
4
Block data from Hitag 1 transponder extracted, converted
and displayed
4
Understanding – Discussion and defence
15
Additional Work
20
Total 0
Revised 5/6/14 added option for ‘Re-Assessment’
Submission Details:
2.1 Software Application
The student MUST take full responsibility for the following:
ALL software files must be uploaded to the module Moodle page by the submission dates
published on the Module Moodle page.
ALL software files must be uploaded in a compressed .zip file; DO NOT upload raw data
files or files compresses using .7z or .rar format.
ALL software files the form part of the VB.NET solution must be included in the uploaded
.zip file; the.sln file itself will not be acceptable.
Ensure that the entire project can be successfully opened and loaded from the .zip file to be
uploaded to Moodle; missing files or files referring to other drive locations cannot be opened
and thus marked.
All submissions MUST be uploaded to the module Moodle page by the specifies deadline
(or as per Support Summary statement, where applicable).
Workload:
This assignment requires typically 30 hours to complete.
Feedback:
Feedback will be provided during viva sessions; schedules will be published on the module
Moodle page.