代写COSC2536、代做Java编程设计、代写c/c++，Python语言

日期：2020-08-15 11:04

COSC2536/2537 Security in Computing and Information

Technology

Assignment 1

Assessment Type: Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment

1.

Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via

announcements/relevant discussion forums.

Due date: Week 4, Friday the 14th Aug 2020 11:59pm

Deadlines will not be advanced, but they may be extended. Please check Canvas→Syllabus or via

Canvas→Assignments→Assignment 1 for the most up to date information.

As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per

each working day applies for up to 5 working days late, unless special consideration has been granted.

Weighting: 15 marks (Contributes 15% of the total Grade)

1. Overview

The objective of Assignment 1 is evaluating your knowledge on the topics covered in Lecture 1-4. Topics include Basic

Cryptographic Techniques (symmetric-key cryptography, hash, and cryptanalysis), and Public-Key Cryptography (RSA,

ElGamal and Paillier cryptosystems). Assignment 1 will focus on developing your abilities in application of knowledge,

critical analysis and decision making. Assignment 1 contains several problems related to the topics mentioned above. You

are required to prepare the solutions and upload them as a single PDF or Word document in CANVAS.

In this assignment, there are 4 (four) questions in total. The first question Q1 is on designing a cryptographic algorithm

for a secure vault with a sophisticated digital keypad. In this question, a scenario is given that describes how a secret key

for the digital keypad is generated and the digital keypad works. You need to design an algorithm that satisfies the

requirements of the security of the digital keypad.

The second question Q2 is about designing an algorithm to perform cryptanalysis on a captured encrypted text. The term

Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages,

even if the cryptographic key is unknown. Therefore, you are expected to apply cryptanalysis in to obtain plaintext from

the given ciphertext in Q2.

The third question Q3 is about the designing a Secure Online Property Auction System using the hash algorithm. In Q3,

you are expected to design an Online Bidding System where an attacker cannot determine the bid values of participants

and the hash algorithm based bidding would work.

The fourth question Q4 is related to breaking the RSA Encryption algorithm. Only for this question, you can submit the

solution individually or in a group. In the case of a group submission, the maximum group members can be 3 (three),

and you must mention the names of group members in the solution of this question. In this question, you are expected

to design an algorithm that would perform prime factorization using the computational power of 10 computers and

determine the private-key d from the public-key (n, e). You should demonstrate the detail steps with explanations how

the RSA encryption algorithm can be broken. Marks will be deducted if you fail to show the detail computations correctly,

skip the computational steps, or do not provide explanations.

Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to start

preparing your answers immediately after the Lecture-1 (in Week-1). At the end of each week starting from Week-1 to

Week-4, you should be able to solve at least one question.

If there are questions, you must ask via the relevant Canvas discussion forums in a general manner.

Submission instructions are detailed in Section 2.

,

Page 2 of 8

2. Submission Instructions

Overall, you must follow the following special instructions:

? You must use the values provided in the questions.

? Hand-written answers are not allowed and will not be assessed. Compose your answers using any

word processing software (e.g. MS Word or Latex).

? You are required to show all of the steps and intermediate results for each question.

? Upload your solution as a single PDF or Word document in CANVAS.

3. Assessment Criteria

This assessment will determine your ability to:

? Follow requirements provided in this document and in the lessons.

? Independently solve a problem by using cryptography and cryptanalysis concepts taught over the first four weeks of the

course.

? Meeting deadlines.

4. Learning Outcomes

This assessment is relevant to the following Learning Outcomes:

1. CLO 1: explain the functioning of security services in computing environments and the security issues in

networked applications.

2. CLO 2: discuss various types of data integrity and confidentiality mechanisms including public key cryptography.

3. CLO 3: describe basic system security mechanisms and protocols, such as those used in operating systems, file

systems and computer networks.

5. Assessment details

Please ensure that you have read Section 1 to 3 of this document before going further. Assessment details (i.e. question

Q1 to Q4) are provided in the next page.

,

Page 3 of 8

Q1. Designing Cryptographic Algorithm for Secure Vault (3 Marks)

One day, three friends (Alice, Bob, and Laura) miraculously found huge number of ancient gold coins

of equal size while bushwalking. They decided to equally divide those coins and bring them home.

However, given that homes may not be safe to store the coins, they decided to put them in a strong

vault in a bank (see Figure-1.1).

Figure-1.1: A vault with digital keypad

Figure-1.2: Master Key generation at vault from three keys

The vault has a digital keypad (see Figure-1.1) which is used to enter secret password for opening it.

However, this keypad is very sophisticated and specially designed for the three friends. It can accept

three secret keys one after another. Each secret key is an integer number of 5 digits.

When the keypad is initialized each friend enters individual secret key without anyone knowing that

number. Once all three friends enter their secret numbers, the sophisticated logic in the keypad

performs a mathematical operation and generates a master key by using the three numbers (see

Figure-1.2). It then stores the master key in the memory and deletes the individual secret keys.

Digital Keypad

,

Page 4 of 8

Once the digital keypad is initialized, they can come anytime but they must come all at the same time

and enter the secret keys one after another. Similar to the initialization phase, keypad performs a

mathematical operation and generates a new master key by using the three numbers. The new master

key is then compared with old master key saved in the keypad. If they are same, the vault opens.

Explain the algorithm with an example to design the sophisticated keypad for the excellent

vault which has gold coins!

[Note: If you are interested to implement a broader version of this system as a Capstone project, please

contact the Lecturer]

Q2. Designing Algorithm for Cryptanalysis with Missing Encrypted Text (3 Marks)

On January 16, 1917, British code breakers intercepted an encrypted message from Zimmermann

intended for Heinrich von Eckardt, the German ambassador to Mexico. The challenge was, the

encrypted message had many missing ciphertext. The ciphertext and decoded message of

Zimmermann is shown in Figure-2. In spite of missing encrypted text, the British cryptographic office

known as “Room 40” decoded the Zimmermann Telegram and handed it over to the United States in

late-February 1917.

(a) Encoded Message (b) Decoded Message

Figure-2: Zimmermann Telegram

In this task, you have to decrypt an encrypted message. However, here we have encrypted a long

English message a bit differently. Every single alphabet in the message has been substituted by

another unique alphabet. While the encrypted message was captured, some of the alphabets were

missing. A missing encrypted alphabet is marked as ‘_’. The encrypted message is shown below:

EFA OBE_HA FBK OA_D IBNGDN BHH JBM G_ EFA JGKEBDRA BDJ _ BP SDBOHA EC

BKRAIEBGD LFAEFAI BDMEFGDN FBK OAAD NBGDAJ CI DCE. _ FCL G HCDN QCI EFGK LBI

EC ADJ. FCL G HC_N QCI TABRA. FCL LG_H G FBGH EFA JBM LFAD G IAESID EC EFA OCKCP

CQ PM QBPGHM. P_ JABI G FCTA EC KAA MCS.

You need to perform the followings:

a) Decipher and find out the actual message. Show step-by-step processes.

b) Provide the decryption algorithm (in pseudocode or actual code in any programming language).

,

Page 5 of 8

Q3. Designing Secure Online Property Auction System using Hash Algorithm

(4 Marks)

Covid-19 has changed the way we conduct business these days. This is true for property auctions as

well. The Prime minister of Australia recently announced a ban on in-person auctions and open-forinspections.

Large number of sellers and property agents are opting for online auctions. Based on an

article published (URL: https://www.domain.com.au/news/saturday-auctions-how-will-they-work-now-they-are-allonline-944545/),

we would like to highlight few facts about the current practice in online auctions:

? “Online auctions run like a mix between a live stream and a traditional auction, with buyers

registering and placing bids while watching the video as if they were there.”

? “Another method involves buyers sending off bids, similar to eBay, and the time allotted for the

auction is extended by five minutes every time a bid is entered.”

Obviously, there are many issues with online auction, but one of the critical issues is trust – the way

online bidding process is conducted. We want to make sure the online bidding process is trustworthy,

and nobody can cheat to win.

Figure-3: Cryptographic Hash Function based Online Bidding Application

Design a cheating-proof online property auction system using cryptographic hash function with the

following requirements:

? A bidder can only bid with the hash value of the bid amount.

? The bidder can bid only once.

? Guessing the plaintext bid amount should be difficult.

Show step-by-step process with concrete examples.

[Note: If you are interested to implement a broader version of this system as a Capstone project, please

contact the Lecturer]

,

Page 6 of 8

Q4. Breaking RSA Key Faster with Multiple Servers (5 Marks)

[Note: Only for this question, you can submit the solution individually or in a group. In the case of a

group submission, the maximum group members can be 3 (three), and you must mention the names of

group members in the solution of this question.]

It has been found that a quantum computer with 4099 perfectly stable qubits could break the RSA-

2048 encryption in 10 seconds, while a classic computer of present days requires 300 trillion years. It

means, the powerful computers make the RSA cryptosystem vulnerable.

RSA cryptosystem is mainly built on the concept of prime numbers. The public-key component (n) of

RSA cryptosystem is an integer that is the product of two prime numbers. Hence, prime factorization

is a technique that can be used for breaking RSA private-key (d).

Prime factorization or integer factorization of a number is breaking a number down into the set of prime

numbers which multiply together to result in the original number. This is also known as prime

decomposition. Assume a number ‘77’ has two prime factors. That is, ‘77’ is a product of two prime

numbers: 7 and 11 (i.e., 77 = 7 X 11).

…………………………………………………………………………….

…………………………………………………………………………….

…………………………………………………………………………….

Figure-4: Partial list of first 10000 Prime Numbers

,

Page 7 of 8

However, a simple method to find the prime factors is to take a list of prime numbers, and start dividing

a number by each prime number starting from ‘2’ in the prime number’s list. For example, first 10 prime

numbers are: 2, 3, 5, 7, 11, 13, 17, 19, 23, 29. Now, to find out the prime factors of ‘77’, you should

divide ‘77’ by each prime number in the above list as follows unless you get another prime number as

a quotient:

77 / 2 = Quotient is NOT a prime number

77 / 3 = Quotient is NOT a prime number

77 / 5 = Quotient is NOT a prime number

77 / 7 = 11 (Quotient is a prime number)

Hence, 7 and 11 are two prime factors of 77.

As you know from Lecture-3 and Tutorial-3, the public-key component (n) of the RSA cryptosystems is

an integer that has two prime numbers. Assume that you have found the RSA public-key as: n =

10772542097 and e = 95177. You want to find the private-key (d) for the above RSA public-key.

Say, you have the list of first 10000 prime numbers as partially shown in Figure-4. A complete list of

first 10000 prime numbers can be found in the URL: https://primes.utm.edu/lists/small/10000.txt.

Assume that you have 10 computers. How can you take advantage of the 10 computers and perform

the integer factorization tasks mentioned above to break RSA faster? Explain your algorithm and show

detail steps. Please note that we are not interested in any established approach found in textbooks to

find prime factors. A simple brute-force method should do the work.

[https://www.quintessencelabs.com/blog/breaking-rsa-encryption-update-state-art/]

6. Academic integrity and plagiarism (standard warning)

Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing

your own insights, knowledge, and ideas. You should take extreme care that you have:

? Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly

copied), summarized, paraphrased, discussed, or mentioned in your assessment through the appropriate

referencing methods,

? Provided a reference list of the publication details so your reader can locate the source if necessary. This

includes material taken from Internet sites.

If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and

ideas of another person without appropriate referencing, as if they were your own.

RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of inappropriate

behaviors, including:

? Failure to properly document a source

? Copyright material from the internet or databases

? Collusion between students

For further information on our policies and procedures, please refer to the University website.

7. Assessment declaration

When you submit work electronically, you agree to the assessment declaration.

,

Page 8 of 8

8. Rubric/assessment criteria for marking

All of the computations must be correct and only provided values must be used. Instructions must be followed.

Criteria

The characteristic

or outcome that is

being judged. Total

Question 1

Designing

Cryptographic

Algorithm

The answer is correct and

the explanation is up to the

mark

3 Marks

The answer is correct,

but the explanation is not

up to the mark

2 Marks

The answer is partially correct and the

explanation is not up to the mark

1 Marks

The question is attempted with

the correct approach but the

answer is not correct.

0.5 Marks

Not answered.

0 Marks

3 Marks

Question 2

Designing

Algorithm for

Cryptanalysis

Plaintext is correct

Steps are shown in a systematic way and

algorithm is presented well.

3 Marks

Plaintext is correct

Steps are shown in a systematic way, but

algorithm is not presented well or

somewhat incorrect.

2 Marks

Plaintext is partially correct

Or

Plaintext is correct. Steps are not shown

in a systematic way and algorithm is not

presented.

1 Marks

Not answered

0 Marks

3 Marks

Question 3

Cryptographic

Hash Algorithm

The answer is correct, and

the explanation is up to the

mark

4 Marks

The answer is correct,

but the explanation is not

up to the mark

3 Marks

The answer is partially correct, and the

explanation is not up to the mark

2 Marks

The question is attempted but

the answer is not correct.

1 Marks

Not answered

0 Marks

4 Marks

Question 4

Breaking RSA

Encryption

algorithm

Step-by-step processes of

private-key computation

are shown with a

distributed algorithm.

All of the computations are

shown correctly in detail

5 Marks

Step-by-step processes

of private-key

computation are shown

with a distributed

algorithm.

Not all of the

computations are shown

correctly in detail

4 Marks

Step-by-step processes of private-key

computation are shown correctly and

distributed algorithm is not convincing

or somewhat incorrect.

However, private-key computation steps

are not shown or incorrectly shown

2 Mark

Step-by-step processes of

private-key computation are

shown that are partially

correct/ completely wrong.

Distributed algorithm is not

discussed.

1 Marks

Not answered

0 Marks

5 Marks