,
School of Science
COSC2536/2537 Security in Computing and Information Technology
Assignment 1
Overview
The objective of Assignment 1 is evaluating your knowledge on the topics covered in Lecture 1-4. Topics include Basic Cryptographic Techniques, and Public-Key Cryptography (RSA, ElGamal and Paillier cryptosystems). Assignment 1 will focus on developing your abilities in application of knowledge, critical analysis and decision making. Assignment 1 contains several problems related to the topics mentioned above. You are required to prepare the solutions and upload them as a single PDF or Word document in CANVAS.
In this assignment, there are 5 (five) questions in total. The first question Q1 is on designing a cryptographic algorithm for a secure vault with a sophisticated digital keypad. In this question, a scenario is given that describes how a secret key for the digital keypad is generated and the digital keypad works. You need to design an algorithm that satisfies the requirements of the security of the digital keypad.
The second question Q2 is about designing an algorithm to perform cryptanalysis on a captured encrypted text. The term Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown. Therefore, you are expected to apply cryptanalysis in order to obtain plaintext from the given ciphertext in Q2.
The second question Q3 is about the designing a Secure Online Property Auction System using the hash algorithm. In Q2, you are expected to design an Online Bidding System where an attacker cannot determine the bid values of participants and the hash algorithm based bidding would work.
The fourth question Q4 is related to breaking the RSA Encryption algorithm. In this question, you are expected to perform prime factorization to break RSA private-key d from the public-key (n, e). You should demonstrate the detail steps with explanations how the RSA encryption algorithm can be broken. Marks will be deducted if you fail to show the detail computation correctly, skip the computation steps, or do not provide explanations.
The fifth question Q5 is about a real-life application of Public-Key cryptography. In this question, you are expected to show how RSA and ElGamal Public-Key Cryptography techniques can be used in secure smart door. You should demonstrate the detail steps with explanations how the RSA and ElGamal encryption and decryption work in the given context. Marks will be deducted if you fail to show the detail computation correctly, skip the computation steps, or do not provide explanations.
Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to start preparing your answers immediately after the Lecture-1 (in Week-1). At the end of each week starting from Week-1 to Week-4, you should be able to solve at least one question.
Assessment Type: Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment 1.
Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via announcements/relevant discussion forums.
Due date: Week 4, Friday the 26th Mar 2021 11:59pm
Deadlines will not be advanced, but they may be extended. Please check Canvas→Syllabus or via
Canvas→Assignments→Assignment 1 for the most up to date information.
As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per each working day applies for up to 5 working days late, unless special consideration has been granted.
Weighting: 35 marks (Contributes 35% of the total Grade)
Page 1 of 9
,
If there are questions, you must ask via the relevant Canvas discussion forums in a general manner.
Overall, you must follow the following special instructions:
• You must use the values provided in the questions.
• Hand-written answers are not allowed and will not be assessed. Compose your answers using any word processing software (e.g., MS Word).
• You are required to show all of the steps and intermediate results for each question.
• Please DO NOT provide codes as an answer. Only codes will not be assessed.
• Upload your solution as a single PDF or Word document in CANVAS.
Assessment Criteria
This assessment will determine your ability to:
• Follow requirements provided in this document and in the lessons.
• Independently solve a problem by using cryptography and cryptanalysis concepts taught over the first four weeks of the course.
• Meeting deadlines. Learning Outcomes
This assessment is relevant to the following Learning Outcomes:
1. CLO-1: explain the functioning of security services in computing environments and the security issues in networked applications.
2. CLO-2: discuss various types of data integrity and confidentiality mechanisms including public key cryptography.
3. CLO-3: describe basic system security mechanisms and protocols, such as those used in operating systems, file systems and computer networks.
Assessment details
Please ensure that you have read Section 1 to 3 of this document before going further. Assessment details (i.e. question Q1 to Q5) are provided in the next page.
Page 2 of 9
,
Q1. Designing Cryptographic Algorithm for Secure Nuclear Arsenal Control System (6 Marks)
A nuclear arsenal is a weapon, such as atomic bomb or hydrogen bomb, is made of nuclear energy and has a tremendous destructive power comes from the release of nuclear energy. If the nuclear bomb is activated accidently, it can cause many deaths. Therefore, a secure control system should be designed for authorized activation and deactivation of the nuclear arsenal.
Figure-1.1: Nuclear Arsenal
Figure-1.2: Master Key generation at keypad from three keys
If the secure nuclear arsenal control system is designed to work based on a single key, the security of the system would be less secure. Hence, a combination of multiple keys provided by multiple authorized participants for creating a single master key would increase the security of the system.
Say, all three authorized participants (the President, Secretary of Defense, and Security Adviser) must provide the approval to confirm the activation and deactivation of the nuclear arsenal via a very sophisticated and specially designed secure control system. The secure control system has a digital keypad (see Figure-1.2) which is used to enter secret password for activating or deactivating the nuclear arsenal. The keypad accepts three secret keys one after another. Each secret key is an integer number of 5 digits.
Page 3 of 9
,
When the keypad is initialized each participant enters individual secret key without anyone knowing that number. Once all three participants enter their secret numbers, the sophisticated logic in the keypad performs a mathematical operation and generates a master key by using the three numbers (see Figure-1.2). It then stores the master key in the memory and deletes the individual secret keys.
Once the digital keypad is initialized, the three authorized participants must come all at the same time and enter the secret keys one after another. Similar to the initialization phase, keypad performs a mathematical operation and generates a new master key by using the three numbers. The new master key is then compared with old master key saved in the keypad. If they are same, the nuclear arsenal activates or deactivates.
Explain the algorithm with an example to design the sophisticated keypad for the secured nuclear arsenal control system. You need to choose appropriate 5-digit numbers to show all the steps (i.e., initialization of master key and key verification process) of the algorithm.
Q2. Cryptanalysis with Missing Encrypted Text [8 Marks]
In January 1917, British cryptographers deciphered a telegram from German Foreign Minister Arthur Zimmermann to the German Minister to Mexico, Heinrich von Eckhardt. In that telegram, Zimmermann offered United States territory to Mexico in return for joining the German cause. This message helped draw the United States into the war and thus changed the course of history. The ciphertext and decoded message of Zimmermann is shown in Figure-2.1. The challenge was the encrypted message had many missing ciphertext. In spite of missing encrypted text, the British cryptographic office known as “Room 40” decoded the Zimmermann Telegram and handed it over to the United States in late- February 1917.
(a) Encoded Message (b) Decoded Message
Figure-2.1: Zimmermann Telegram
In this task, you have to decrypt an encrypted message. However, here we have encrypted a long English message a bit differently. Every single alphabet in the message has been substituted by another unique alphabet. While the encrypted message was captured, some of the alphabets were missing. A missing encrypted alphabet is marked as ‘_’. The encrypted message is shown below:
NZQLI XSFIXSVH ZIV ZG LWWH DRGS ZFGSLIRGRVH LEVI GSV ZHGIZAVMVXZ EZXXRMV, DRGS IVORTRLFH OVZWVIH GVOORMT KZIRHSRLMVIH GSVB ZIV VMGRGOVW GL IVJFVHG Z WRUUVIVMG QZY YFG GSV UVWVIZO TLEVIMNVMG HZBRMT NLHG KVLKOV DLM’G SZEV Z XSLRXV. IVORTRLFH XLMXVIMH ZYLFG GSV ZHGIZAVMVXZ EZ_XRMV ZIRHV UILN RGH FHV LU ZYLIGVW UVGZO XVOOH RM GSV WVEVOLKNVMG KILXVHH, DSRXS RH XLNNLM HXRVMGR_RX KIZXGRXV GSZG HLNV XSIR_GRZMH URMW LYQVXGRLMZYOV. GSV HGLFHS XLFOW UIFHGIZGV LI WVOZB ZGGVNKGH GL RMLXFOZGV GSV XLFMGIB ZTZRMHG UFIGSVI XLE_W-19 LFGYIVZPH ZMW OLXPWL_MH ZH ZFGSLIRGRVH KIVKZIV GL HGZI_ GSV EZXXRMV ILOOLFG OZGVI GSRH NLMGS.
Page 4 of 9
,
Figure-2.2: English Alphabet Frequency Count
Using frequency analysis technique, you need to show step-by-step processes to Decipher and find out the actual message. Use the English alphabet frequency count as shown in Figure 2.2. Please note that no marks will be given if only plaintext is shown without detailed steps.
Q3. Designing Secure Online Car Auction System using Hash Algorithm [7 Marks]
Covid-19 has changed the way we conduct business these days. This is true for car auctions as well. Currently, most of the car auctions are being operated online as physical auction is prohibited. Large number of sellers and car dealers are opting for online auctions. Based on an article published, we would like to highlight few facts about the current practice in online auctions:
• “Online car auctions run like a traditional auction, with buyers registering and placing bids while watching videos and online condition report of cars.”
• “Another method involves buyers sending off bids, similar to eBay, and the time allotted for the auction is extended by five minutes every time a bid is entered.”
Obviously, there are many issues with online auction, but one of the critical issues is trust – the way online bidding process is conducted. We want to make sure the online bidding process is trustworthy, and nobody can cheat to win.
Figure-3: Cryptographic Hash Function based Online Car Auction
Design a cheating-proof online car auction system using cryptographic hash function with the following requirements:
• A bidder can only bid with a hash value.
• The bidder can bid only once.
• Guessing the plaintext bid amount should be difficult.
Show step-by-step process with concrete examples.
[Will you be able to build a website for online bidding for you second assignment?]
https://www.manheim.com.au/passenger-vehicles/landing/Online-Auction-Only
[If you are interested to implement a broader version of this system as the Capstone project, please contact the Lecturer]
Page 5 of 9
,
Q4. Breaking RSA Key (6 Marks)
Recently, researchers have successfully decrypted the RSA ciphertext using one of the RSA cryptanalysis techniques, called prime factorization, without knowing the private key. Say, Trudy is an intelligent hacker who knows RSA encryption algorithm and prime factorization very well. Hence, she has been hired by someone who wants to know the secret message between Alice and Bob. Trudy uses her understanding on the prime factorization-based RSA cryptanalysis techniques for retrieving Alice and Bob’s secret message.
As you know from Lecture-3 and Tutorial-3, the public-key component (n) of the RSA cryptosystems is an integer that has two prime numbers. Assume that Bob’s RSA public-key is published as: n = 4599788129 and e = 3919. Trudy wants to find the private-key (d) for the above RSA public-key.
You need to perform the followings:
a) Show step by-step process how Trudy can find the private-key (i.e., RSA key breaking) using
prime factorization.
b) Show how the secret message (M) can be computed from the captured ciphertext C =
700100670.
c) HowcouldTrudytakeadvantageofmultiplecomputerstoperformtheintegerfactorizationtasks mentioned above for breaking RSA faster? Explain with detailed steps.
[https://www.quintessencelabs.com/blog/breaking-rsa-encryption-update-state-art/]
[If you are interested to implement a broader version of this system as the Capstone project, please contact the Lecturer]
Q5. Application of Public-Key Cryptography (Marks: 4+4 = 8)
Figure-5: Partial list of first 10000 Prime Numbers
Say, Alice wants to design a smart door lock for you using Public-Key Cryptography Algorithm. The smart door lock requires initialization of a pair of keys (public-key and private-key) with a Public-Key Cryptography Algorithm. Parameters of both public and private keys need to be saved in the smart door lock at the time of configuration. The algorithm is designed in a way that would allow you to save the key parameters at the time of configuration which can be changed later by you. At the time of locking the door, you need to enter a secret message (M) which will be saved in the smart door lock unless the door is opened. The smart door lock would generate a ciphertext (C) and send it to your mobile phone as an SMS. The smart door lock requires you to enter C at the time of opening the door.
Page 6 of 9
,
The smart door lock would decrypt C and generate a plaintext M’. If the generated M’ matches with the
stored M, then the door will be unlocked. An overview of the process in shown in Figure-5.
Assume that public and private keys will be generated using either RSA or ElGamal Public-Key Cryptography Algorithm. Also assume that you would use your student number as the secret message M. For example, if your student number is “S123456”, the secret message is: M = 123456.
Answer the following questions:
a) Consider that the smart door lock is using RSA Public-Key Cryptography Algorithm. With proper description, show detailed steps of key generation, generation of ciphertext C (i.e., encryption process), and generation of the plaintext M’ (i.e., decryption process). Use parameters: p = 8377 and q = 6673.
i. Choose a small public key parameter (e = 937) and show detailed steps to compute your public-key and private-key?
ii. How would the smart door lock encrypt message M =
iii. How would the smart door lock decrypt C?
b) ConsiderthatthesmartdoorlockisusingElGamalPublic-KeyCryptographyAlgorithm.With proper description, show detailed steps of key generation, generation of ciphertext C (i.e., encryption process), and generation of the plaintext M’ (i.e., decryption process). Use parameters: p = 7719799, g = 2686, and x = 7718.
i. Show detailed steps to compute your public-key and private-key?
ii. The smart door lock chooses a random number r = 21445. How would the smart door lock encrypt message M =
C?
iii. How would the smart door lock decrypt the encrypted message C?
Academic integrity and plagiarism (standard warning)
Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas. You should take extreme care that you have:
• Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly copied), summarized, paraphrased, discussed or mentioned in your assessment through the appropriate referencing methods,
• Provided a reference list of the publication details so your reader can locate the source if necessary. This includes material taken from Internet sites.
If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own.
RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of inappropriate behaviors, including:
• Failure to properly document a source
• Copyright material from the internet or databases
• Collusion between students
For further information on our policies and procedures, please refer to the University website. Assessment declaration
When you submit work electronically, you agree to the assessment declaration.
Page 7 of 9
,
Rubric/assessment criteria for marking
All of the computations must be correct and only provided values must be used. Instructions must be followed.
Criteria
The characteristic or outcome that is being judged.
Total
Question 1
Designing Cryptographic Algorithm
The answer is correct and the explanation is up to the mark
6 Marks
The answer is correct, but the explanation is not up to the mark
4 Marks
The answer is partially correct and the explanation is not up to the mark
2 Marks
The question is attempted but the answer is not correct.
1 Marks
Not answered.
0 Marks
6 Marks
Question 2
Cryptanalysis
Plaintext is correct
Steps are shown in a systematic way and algorithm is presented.
8 Marks
Plaintext is correct
Steps are shown in a systematic way, but algorithm is not presented or incorrect.
4 Marks
Plaintext is partially correct
Or
Plaintext is correct. Steps are not shown in a systematic way and algorithm is not presented.
1 Marks
Not answered
0 Marks
8 Marks
Question 3
Cryptographic Hash Algorithm
The answer is correct, and the explanation is up to the mark
7 Marks
The answer is correct, but the explanation is not up to the mark
5 Marks
The answer is partially correct, and the explanation is not up to the mark
3 Marks
The question is attempted but the answer is not correct.
1 Marks
Not answered
0 Marks
7 Marks
Question 4
Breaking RSA Encryption algorithm
Step-by-step processes of finding secret key and decryption are shown correctly. The explanation of using multiple computers for breaking RSA is up to the mark.
6 Marks
Step-by-step processes of finding secret key and decryption are shown correctly but the explanation of using multiple computers for breaking RSA is not up to the mark.
OR,
Step-by-step processes of finding secret key and decryption are not shown correctly but the explanation of using multiple computers for breaking RSA is up to the mark.
4 Marks
Step-by-step processes of finding secret key and decryption are shown but not all of the computations are shown correctly or step-by- step processes are not shown as required.
The explanation of using multiple computers for breaking RSA is not up to the mark.
2 Marks
The process of finding secret key is partially correct and detailed steps are not provided. Decryption process is partially correct or not described as per the requirement.
The explanation of using multiple computers for breaking RSA is partially correct.
1 Marks
None of the steps are shown correctly
Or
Not answered
0 Marks
6 Marks
Page 8 of 9
,
Question 5(a)
Encryption with RSA Cryptography
Step-by-step processes of both encryption and decryption are shown
All of the computations are shown correctly in detail
4 Marks
Step-by-step processes of both encryption and decryption are shown
Not all of the computations are shown correctly in detail
3 Marks
Step-by-step processes of encryption are shown correctly
However, decryption steps are not shown or incorrectly shown
2 Mark
Step-by-step processes of encryption are shown that are partially correct/ completely wrong
Or
Only decryption steps are correct
1 Marks
None of the steps are shown correctly
Or
Calculations are not shown in detail
Or
Not answered
0 Marks
4 Marks
Question 5(b)
Encryption with ElGamal Cryptography
Step-by-step processes of both encryption and decryption are shown
All of the computations are shown correctly in detail
4 Marks
Step-by-step processes of both encryption and decryption are shown
Not all of the computations are shown correctly in detail
3 Marks
Step-by-step processes of encryption are shown correctly
However, decryption steps are not shown or incorrectly shown
2 Mark
Step-by-step processes of encryption are shown that are partially correct/ completely wrong
Or
Only decryption steps are correct
1 Marks
None of the steps are shown
correctly/
Calculations are not shown in detail/
Not answered
0 Marks
4 Marks
Page 9 of 9