CP3404 Assignment
SP3, (2019)
Due by Friday January 24th, 2019 (no later than 5:00pm)
Aim: This assignment is designed to help you improve your critical thinking and problem-solving skills, as well as your information literacy skills (i.e. the ability to select and organise information and to communicate it effectively and ethically).
Requirements, Method of Submission, and Marking Criteria:
• Answer all the following questions in a single document. Each question should begin on a new page.
• For each of the rest three (3) questions, write a report of approximately 750 words in the structure of a scientific paper.
• Include your name on the first page. Include list of references for each question with proper in-text citations.
• For marking criteria of the rest 3 questions, see the included rubric.
• In your answer to question 4 (i.e., cryptanalysis), show all your work. Five (5) marks are assigned to the determination of the correct keyword, and five (5) marks to the determination of the complete plaintext (partial marks count).
• Upload your solution to the Assignment Box, located in the subject’s site. 1. Security Policy
The following incidents were reported in 2018 for XYZ Pte Ltd:
a. Some cables, switches and software were missing from the server room as it was not locked all the time.
b. A fire broke out in the administrative office and employees do not know the evacuation procedures.
c. Sharing of passwords is common among employees and some employees have not changed their passwords for the past 3 years.
d. A former sales manager has joined a competitor recently and the CEO suspects that the sales manager still has access to the customer database.
e. During a recent internal audit, it was found that some employees have installed pirated software on their laptop and desktop.
Use the Internet to locate security policies from two different organizations. After reading that information, recommend security policies for this organization. What restrictions should be enforced? What control and procedures should be in place?
Write a short (approximately 750 words) report on your research.
1
[5 marks]
2. Diffie-Hellman Research
How does Diffie-Hellman key exchange protocol work? Use the Internet to research this key- exchange protocol. Then visit the website dkerr.home.mindspring.com/Diffie_hellman _calc.html to see how values are created.
write a short report (approximately 750 words) on your research.
3. Hypertext Transport Protocol Secure (HTTPS)
[5 marks]
Hypertext Transport Protocol Secure (HTTPS) is becoming increasingly more popular as a security protocol for web traffic. Some sites automatically use HTTPS for all transactions (like Google), while others require that users must configure it in their settings. Some argue that HTTPS should be used on all web traffic. What are the advantages of HTTPS? What are its disadvantages? How is it different from HTTP? How must the server be set up for HTTPS transactions? How would it protect you using a public Wi-Fi connection at a local coffee shop? Should all Web traffic be required to use HTTPS? Why or why not?
Write a short (approximately 750 words) report on your research.
4. Cryptanalysis of Substitution Ciphers:
[5 marks]
In this question you learn a classical monoalphabetic (substitution) cryptographic system and are required to cryptanalysis a given cryptogram.
In substitution ciphers, a permutation of the alphabet is chosen as the cryptogram of original alphabet. That is, every letter of the plaintext substitutes by corresponding letter in the permuted alphabet. For example,
a b c d e fg h i j k l mn o p q r st u v w x y z c o d k sz rg e l u ya f m v p hin w t b j qx
Figure 1: a possible permutation of English alphabet
is one of such permutation, in which letters a, b, c, .. y, z from the plaintext are substituted by corresponding letters c, o, d, …. q, x respectively. Since remembering permutation is not easy, one may employ a keyword and use a table to generate the permuted alphabet. Let CRYPTOGRA-PHY be the keyword. The permuted alphabet can be obtained as follows.
• Choose a 6×5 table/matrix, i.e., a table with 6 rows and 5 columns.
• Write down the secret keyword in cells (1, 1), (1, 2),…., one letter in each cell, but skip repeated letters. Figure 2 shows how `CRYPTOGRAPHY’ (as a keyword) written down in the table.
• Write alphabet letters (in order) from the first available cell after keyword, but skip all letters that are already written in the table. You will come out with Table 3.
• The permuted alphabet, which will be used to generate the cryptogram, can be obtained by simply reading the content of Table 3 in columns order (see Figure 1).
2
C
R
Y
P
T
O
G
A
H
Your Task:
Figure 2: Keyword
Figure 3: Table for permuting alphabet
C
R
Y
P
T
O
G
A
H
B
D
E
F
I
J
K
L
M
N
Q
S
U
V
W
X
Z
Cryptanalysis of an information system is the study of mathematical techniques for attempting to defeat information security services.
A cryptographic system is said to be breakable if a third party (i.e., cryptanalyst), without prior knowledge of the key, can systematically recover plaintext from corresponding ciphertext within an appropriate time frame.
In this question, you are required to determine the plaintext and the keyword associated to the given cryptogram. Note that brute force attack (i.e., searching all possible keys) in order to find the keyword is not efficient. However, letter frequency (see Figure 4) attack is an efficient tool for breaking substitution ciphers.
In the following you can find 10 cryptograms, where the breaks are genuine breaks between English words. You are required to decipher the cryptogram that matches with your Student-ID.
[10 marks]
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Figure 4: Letter frequency in English texts 3
Cryptogram for whom their Student-ID is XXXXXXX0
ij ticvs ij rat zgzra fthrxcs e.f. rat jwicrihj tjrievgjatm rat zgcjr jsjrtb qz bgvgrics fcswrqnciwas. fcswrqnciwas gh grj ticvs sticj ctjtbevtm ltcs bxfa jtfctr dcgrghn. rat dtvv uhqdh fitjic fgwatc, dagfa dij xjtm rq thfcswr bgvgrics qcmtcj, gj ih tkibwvt qz ragj nthtcirgqh. gh ragj jsjrtb faicifrtcj dtct rcihjzqcbtm xjghn i ltcs jgbwvt jxejrgrxrgqh.
Cryptogram for whom their Student-ID is XXXXXXX1
uosulmkgu fumucfjb bcm euul jrlpxjsup kl rfpuf sr kdwfrgu sbu mujxfkst clp uzzkjkuljt rz uaujsfrlkj cxjskrlm.
briuguf, lrs dxjb cssulskrl bcm euul wckp sr sbu pumkhl kmmxum.
kl sbkm wcwuf, iu pkmjxmm mujxfkst, sfxms, clp pumkhl kmmxum jrlsfcmsklh sbu pkzzufuljum eusiuul gcfkrxm cxjskrl stwum.
iu ikaa mbri sbcs wrrf pumkhl zrf cl uaujsfrlkj cxjskrl efucjbum sbu mujxfkst rz sbu mtmsud clp puhfcpum ksm wfcjskjcakst –lr dcssuf bri mujxfu uzzkjkuls cfu sbu exkapklh earjvm rz cl uaujsfrlkj cxjskrl. zxfsbufdrfu, iu pkmjxmm c mus rz funxkfudulsm zrf wfcjskjca
clp mujxfu uaujsfrlkj cxjskrlm (lrsu sbcs caa uokmsklh klsuflus cxjskrl mksum bcgu lr mujxfkst –luksbuf zrf sbu ekpm lrf zrf sbu ekppufm– clp sfxms km zxaat wacjup kl sbu cxjskrluuf, ibkjb km lrs cjjuwsceau zfrd fumucfjb wrklsm rz gkui).
Cryptogram for whom their Student-ID is XXXXXXX2
ghzncbpognh wcnosfognh fnascj hno nhiq jsfcsfq, p ocplgognhpi wcnosfognh prpghjo spasjlcnwwghr, txo pijn pxoeshogfpognh, ghosrcgoq, ascgzgptgigoq phl noesc bncs jwsfgzgf jsfxcgoq fnxhoscbspjxcsj. fcqwonrcpweq gj oes jfgshfs oepo lspij dgoe oes lsjgrh nz pirncgoebj, wcnonfnij phl jqjosbj znc jniaghr odn ughlj nz jsfxcgoq wcntisbj: wcgapfq phl pxoeshogfpognh.
4
Cryptogram for whom their Student-ID is XXXXXXX3
bqcu wcuhjlust, hctwrqecdwat jl rau xlu qz rcdklzqcbdrjqkl qz odrd jkrukouo rq bdvu rau odrd xlusull rq qwwqkukrl, nxr budkjkezxs rq suejrjbdru cuhujgucl. rau qkst luhcur wdcr qz dsbqlr dss bqouck hctwrqecdwajh ltlrubl, aqfuguc, jl rau vut –rau wdcdburuc radr lusuhrl rau wdcrjhxsdc rcdklzqcbdrjqk rq nu ubwsqtuo.
Cryptogram for whom their Student-ID is XXXXXXX4
muheus mblejko mhbudum wercjpu zre sbu muheuht rz mukmjsjcu jkzredlsjrk at wlesjsjrkjko js jksr mucuelg wlesm jk mxhb l flt sbls l mwuhjzjup kxdaue rz sbu wlesm dxms au hrdajkup jk repue sr euhrcue sbu rejojklg jkzredlsjrk. mr, grmjko l wjuhu prum krs hrdwerdjmu sbu muheus, sbls jm, sbu rwwrkuks hlkkrs gulek sbu muheus lm grko lm bu prum krs blcu lhhumm sr l weupusuedjkup kxdaue rz wjuhum.
Cryptogram for whom their Student-ID is XXXXXXX5
ik ixhrjqk jl ik umhbiknu cuhbikjlc gbufu ciks wqrukrjit axsufl lxacjr ajol zqf i
hqccqojrs rbir jl xlxitts igifouo rq rbu bjnbulr ajoouf.
rbu ixhrjqkuuf ihhuwrl ajol qk aubitz qz rbu luttuf qz rbu hqccqojrs iko ourufcjkul rbu gjkkuf ihhqfojkn rq rbu ixhrjqk fxtul.
jk fuhukr suifl, ludufit hqcwikjul bidu ucufnuo rbir qzzuf ixhrjqkjkn lufdjhul qduf i kurgqfv lxhb il uais iko qklitu.
rbulu rswul qz ixhrjqkl bidu nuqnfiwbjhit iodikrinul qduf rfiojrjqkit ixhrjqkl il luttufl iko axsufl kuuo
kqr au wbsljhitts wfulukr ir i hukrfit tqhirjqk oxfjkn rbu ixhrjqk wfqhuuojknl.
rbjl ittqgl zqf tifnuf iko cqfu utiaqfiru ixhrjqkl fuihbjkn ciks cqfu ajooufl rbik gil
wqlljatu gjrb rfiojrjqkit ixhrjqkl.
bqguduf, rbjl itlq wfqdjoul qwwqfrxkjrjul zqf rbu ixhrjqk wifrjhjwikrl rq hbuir.
5
Cryptogram for whom their Student-ID is XXXXXXX6
lqrb jtgdtr jbedhix jgbtctj ein gdsvrqxdevbhg jsjrtcj edt wjtn hi jqghtrs- qdhtirtn gdsvrqxdevbhg jsjrtcj. e rdhphea hcvatctirerhqi qz e jqghtrs- qdhtirtn gdsvrqxdevbhg jsjrtc fqwan hipqapt rbt gqigertierhqi qz e jtgdtr jbedhix jgbtct fhrb jhixat wjtd gdsvrqxdevbs. rbhj eddeixtctir hj wjweaas wieggtvrelat ej rbt gqqvtderhix jwlxdqwv cwjr zhdjr dtgqptd rbt gdsvrqxdevbhg uts.
Cryptogram for whom their Student-ID is XXXXXXX7
gdrvqpndavbr hj qbt jghtigt qbaq mtalj fhqb qbt mtjhni pz alnpdhqbcj, vdpqpgplj aim jrjqtcj zpd jplshin qfp uhimj pz jtgwdhqr vdpeltcj: vdhsagr aim awqbtiqhgaqhpi. cpdt vdtghjtlr, gdrvqpndavbr hj qbt wjt pz qdaijzpdcaqhpij pz maqa hiqtimtm qp caut qbt maqa wjtltjj qp pvvpitiqj, ewq ctaihinzwl qp ltnhqhcaqt dtgthstdj. qbwj gdrvqpndavbhg qtgbihywtj gai et avvlhtm qp vdpqtgq gpccwihgaqhpi gbaiitlj.
Cryptogram for whom their Student-ID is XXXXXXX8
qyt ovtbsqhojse mhksmisjqsptk oz qyt ojt-qhat vsm ysit etm qo qyt mtiteovatjq oz gojmhqhojseer ktgwbt kqbtsa ghvytbk dyhgy sbt sfet qo btqshj qyt vokhqhit gysbsgqtbhkqhgk oz ojt-qhat vsmk dyhet siohmhjp aokq oz qythb jtpsqhit skvtgqk. qyt veshjqtlq hk tjgbrvqtm hj awgy qyt ksat dsr sk qyt ojt-qhat vsm, fwq dhqy mtqtbahjhkqhgseer ptjtbsqtm vktwmo-bsjmoa ktcwtjgtk.
Cryptogram for whom their Student-ID is XXXXXXX9
pj wpcshghwpisj pcu iqs gq-wcujuis, mxtucj qc jurrucj bheas cuwxlhpsu mhlj, cuzxju sq wpt zqc qc lurhouc eqqlj, gqrrxlu sq pzzugs sau jussrubuis wchgu qc nxjs lhjpoqd sau pxgshqi qxsgqbu prr sqeusauc. zxcsaucbqcu, sau pxgshqiuuc bheas mu mhpjul qc gqccxws pil gpi jurugshourt mrqgv mhlj, pmxju mhlluc hizqcbpshqi qc
pdpcl sau pxgshqi sq jqbuqiu qsauc sapi sau ruehshbpsu dhiiuc.
hi pllhshqi, pi qxsjhluc iqs wchot sq sau pxgshqi bheas pssubws sq lhjcxws sau pxgshqi wcqsqgqr hi jqbu bpiiuc.
6
CP3404 Assignment Rubric
Criteria
Title 5%
Exemplary
(9, 10)
– Informative and summative in an excellent way
– contains most keywords – Intriguing and thought- provoking in an excellent way
– Excellent summary of
Good (7, 8)
Satisfactory Limited
Very Limited
(0, 1)
– Too long or too short – Hardly informative or summative
– Contains no keyword – Hardly intriguing and thought-provoking
– No or very limited abstract
– Inappropriate structure and format, according to the genre/text type and task requirements, with no/limited attention to word length limit, and use of sections, paragraphs and/or links
– Demonstrates little mastery of the material in the topic area, and shows no ability to synthesise and abstract knowledge
– Unsatisfactory progression of topics – Unclear explanation for all concepts
– No referencing or very limited use of references
(5, 6)
– Too long or too short
– Partially informative or summative
– Partially intriguing and thought-provoking
– Satisfactory summary of contents containing some of problem statement, approach, and result
– Largely appropriate structure and format, according to the genre/text type and task requirements, including attention to word length limit, and use of sections, paragraphs and/or links
– Identifies and explains key issues in a routine IT related situations.
– Demonstrates moderate mastery of the material in the topic area, and shows moderate ability to synthesise and abstract knowledge
– Satisfactory progression of topics
– A largely conventional academic writing style, including the use of appropriate terminology and unbiased language
– Mostly adheres to IEEE/APA/Harvard referencing conventions in in-text citation, presentation of tables/figures and reference list, with some errors
(2, 3, 4)
Abstract contents containing 10% problem statement,
Structure 15%
approach, and result
– Highly appropriate structure and professional format, according to the genre/text type and task requirements, including clear attention to word length limit, and effective use of sections, paragraphs and/or links
– Identifies, explains and prioritises key issues in a complex IT related situations, drawing upon relevant theory and real or hypothetical examples.
Content
35% – Demonstrates clear
Exhibits aspects of exemplary (left) and satisfactory (right)
Exhibits aspects of satisfactory (left) and very limited (right)
Readability 25%
mastery of the material in the topic area, and shows excellent ability to synthesise and abstract knowledge
– Excellent progression of topics
– A highly conventional academic writing style, including the use of appropriate terminology and unbiased language
– Adheres to IEEE/APA/Harvard referencing conventions in
Referencing in-text citation, 10% presentation of
tables/figures and reference list, with next- to-no errors