COSC2536/2537 Security in Computing and Information Technology

  1. Overview

The objective of Assignment 2 is to evaluate your knowledge on the topics covered mainly in Lecture 5 to 10. Topics include Privacy-preserving computations based on RSA, ElGamal, and Paillier Cryptosystems; Digital Signature, Blockchain and Cryptocurrency, Digital Authentication & Security Protocols, and Digital Authorization and Intrusion Detection. However, topics covered in Lecture 1 to 10 are required as a prerequisite. Assignment-2 will focus on developing your abilities in the application of knowledge, critical analysis, and decision making. Assignment 2 contains several problems related to the topics mentioned above. You are required to prepare your answers and upload them as a single PDF or Word document in CANVAS. Only one question requires code submission in the CANVAS if attempted, and the corresponding code should be uploaded as a ZIP file on the CANVAS.

In this assignment, there are 5 (five) questions in total. Question 1 is about designing Privacy-Preserving Secure System. In this question, you are expected to apply your understanding of privacy-preserving computation in the context of electronic voting (E-Voting) based on the homomorphic property of Paillier Cryptosystems.

Question 2 is about the application of Digital Signature Schemes. In this question, you are expected to demonstrate your understanding of the RSA and ElGamal digital signature schemes. You are required to show step-by-step processes for both of the digital signature schemes addressing the sub-questions. Marks will be deducted if you fail to show the detailed computation correctly, skip the computation steps, or do not provide explanations.

Question 3 is about showing your understanding on RSA-based public key cryptography. In this question, you are required to analyze the given scenario based on the RSA-based public key cryptography and show detailed steps to compromise it with numerical example. You are allowed to choose your own value. However, values should be correct. Marks will be deducted if you fail to show the detail computation correctly, skip the computation steps, or do not provide explanations with numerical values.

Question 4 is on report writing on Privacy-Preserving or Blockchain based systems on any of the provided topics. Only for this question, you can submit the solution individually or in a group. In the case of a group submission, the maximum number of group members can be 3 (three), and you can form the group with students of different classes. In the solution PDF at the beginning of this question’s answer, you must mention the names of group members with their class Names (in “DAY- TIME” format, e.g., MON-14:30 – 15:30). In this task, you are expected to demonstrate your understanding of the Blockchain or Privacy Preservation and write a well-organized report on a chosen topic. We are looking for interesting and innovative system descriptions in the report. You are expected to follow the suggested structure of the report. However, to secure good marks, you must think out of the box. The report should be appended in the same document where you write the answers to other questions. Further instructions are given in the question.

Question 5 is related to analyzing and designing the security of authentication protocols. Your answer should contain the necessary explanation and diagrams as stated in the problem statement. Marks will be deducted if you fail to provide the explanation correctly and/or diagrams for all of the protocols.

Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to start preparing your answers immediately after Lecture-5 (in Week-5). At the end of each week, starting from Week-5 to Week-10, you should be able to solve at least one question.

If there are questions, you must ask via the relevant Canvas discussion forums in a general manner. Also, attend consultation sessions when announced.

Overall, you must follow the special instructions below:

  • You must fulfil the requirements in the
  • Upload your solution as a single PDF or Word document in
  • Do not put the PDF within the ZIP
  1. Assessment Criteria

This assessment will determine your ability to:

  • Follow requirements provided in this document and in the lessons.
  • Independently solve a problem by using cryptography and cryptanalysis concepts taught over the last six weeks from fifth to tenth weeks of the
  • Meeting
  1. Learning Outcomes

This assessment is relevant to the following Learning Outcomes:

  1. CLO 1: explain the functioning of security services in computing environments and the security issues in networked
  2. CLO 2: discuss various types of data integrity and confidentiality mechanisms including public key
  3. CLO 3: describe basic system security mechanisms and protocols, such as those used in operating systems, file systems and computer
  4. CLO 4: analyse the overarching importance of IT security in areas such as networking, databases, operating systems, and web
  5. CLO 5: apply privacy principles in basic practical settings in IT
  6. CLO 6: analyse and evaluate the security of computing and IT systems on a practical level and privacy related issues in
  7. Assessment details

Please ensure that you have read Section 1 to 3 of this document before going further. Assessment details (i.e. question Q1 to Q5) are provided in the next page.

Q1. Privacy Preserving Secure Models (Marks: 6)

Privacy Preserving Online Voting System

Recently, several controversies have been observed in voting around the world. Even electronic voting can be manipulated1. In an electronic voting system, the voting authority cannot be trusted completely as it can be biased. Using a privacy-preserving online voting system removes controversy in the voting system. In this privacy- preserving online voting system, voters encrypt their votes in the voting booth before sending them to the voting authority. A voting server records each encrypted vote and determines the voting result on behalf of the voting booth as the voting booth does not have enough computation power. The encrypted result is sent to the voting authority, which determines the winner based on encrypted votes. The homomorphic property of the Pail lier Cryptosystem allows the addition of encrypted numbers. Therefore, the Paillier Cryptosystem can be used in developing a privacy-preserving online voting application.

In this task, you need to design a privacy preserving online voting system as shown in Figure-1 using the Paillier cryptosystem. Suppose that a group of students want to elect their club president.

Your designed privacy-preserving voting application must fulfil the following requirements:

  • Votes must be encrypted from Voting Booth using Paillier Cryptosystem before sending them to the

Voting Server.

  • A vote is an integer number which should be equivalent to a 12-bit binary string.
  • The number of candidates should be For example, ALICE, BOB, and EVE.
  • There are 12 voters who will take part in the voting.
  • Assume that 5 voters will vote for ALICE, 4 voters will vote for BOB, and 3 voters will vote for EVE. after counting the votes, the Voting Authority (VA) should find 5 votes for Alice, 4 votes for BOB, and 3 votes for EVE.
  • The Voting Authority chooses p=211, q=71 and select g=7177.
  • The private numbers chosen by 12 voters and their votes are as follows:

Table-1: Votes of 12 voters

Voter No. Voter’s Private Number, r Vote for Voting message, m
1 r1=3 ALICE 000000000001 = 1
2 r2=5 ALICE 000000000001 = 1
3 r3=7 ALICE 000000000001 = 1
4 r4=11 ALICE 000000000001 = 1
5 r5=13 ALICE 000000000001 = 1
6 r6=17 BOB 000000010000 = 16
7 r7=19 BOB 000000010000 = 16
8 r8=23 BOB 000000010000 = 16
9 r9=29 BOB 000000010000 = 16
10 r10=31 EVE 000100000000 = 256
11 r11=37 EVE 000100000000 = 256
12 r12=41 EVE 000100000000 = 256
  • The Voting Authority sets up required public and private keys and makes the public-keys to all voting booth before the vote

Figure-1: Privacy-preserving voting system

Using the provided values of p, q, g, and Voter’s Private Numbers (values of r1, r2, …, r12 as shown in Table-1), show detail step-by-step computations of the key generation, encryption, homomorphic computations, and decryption processes for votes of 12 voters.

[Note: Refer to the Week 5 lecture and Workshop-5.]

[1. https://www.dw.com/en/democracy-in-danger-elections-are-easy-to-manipulate/a-45858161]

[If you are interested to implement a broader version of this system as the Capstone/Honours project, please contact the Lecturer]

Q2. Application of Digital Signature (Marks: 7)

The working procedure of the digital signature is illustrated in Figure-2. It is recommended that you use the concept of digital signature to answer both Q2(a) and Q2(b).

  • Digital signature for large text message (Marks: 3)

Assume that both Bob and Alice are connected to a free WiFi network. Suppose Bob (the sender) wants to send a large text message M to Alice (the receiver) using a message sharing application. As Bob and Alice are connected to free WiFi network, the communication is vulnerable to data modification attack performed by cyber attackers. In other words, a cyber attacker Trudy can capture a message M that is sent by Bob to Alice, modify M, and send modified message to Alice. Hence, Bob and Alice have decided to use digital signature to ensure the authenticity and integrity of the message.

Say, Bob (sender) has a text message M as follows (bold and italic faced text within two lines):                                                                                                                                                                            

Hi Alice,

As we are using publicly available free WiFi network, our communication may be intercepted by cyber attackers. Therefore, we need to learn and apply cryptography techniques in our future communications. For now, I am just using RSA digital signature. Please verify my message once you receive it. Let’s meet now at the RMIT library to discuss our study plan on cryptography.

Sincerely,

Bob                                                                                                                                                                           Before sending the message, Bob generates a hash h(M) of the text message M using the MD5 hash algorithm and converts h(M) into integer message m. Then, he signs h(M) and sends M and signed h(M) to Alice. When Alice receives the signed h(M), she would like to verify if they are indeed from Bob and the message M is not altered. To facilitate signing and verification, Bob generates public and private keys using RSA encryption algorithm and sends the public key to Alice. Bob uses the following parameters:

1st Prime number:        p = 645353605880701501120167331073

2nd Prime number:       q = 350784310265709643169455170929

Public key parameter: e = 19

In this task, you need to show how Bob generates digital signature for a large text message and Alice verifies the signature using RSA based digital signature scheme. To do this:

  1. Show how Bob would generate Public and Private
  2. Show how Bob would generate the digital signature for h(M).
  • Show how Alice would verify the digital signature using Bob’s public-key.
  1. Do you think that RSA based digital signature can be forged? Justify why or why

[Note: Refer to the Week 6 Lecture and Workshop-6 and the “Running Example of RSA Signature for Text

Message” of Week-6 lecture notes.

Use the following links:

For generating MD5 hash: http://www.miraclesalad.com/webtools/md5.php For converting hexadecimal to decimal and vice versa: https://www.mobilefish.com/services/big_number/big_number.php

For performing large integer operations (power mod, inverse mod, LCM, GCD, Multiplication):

https://www.mobilefish.com/services/big_number_equation/big_number_equation.php ]

(b)    ElGamal based digital signature scheme (Marks: 4)

Assume that “MegaSale.com” is a website that allows anyone to sell and buy products online. Jack is a registered seller of the website and wants to sell his laptop. Jenny is a customer who wants to by the computer being sold by Jack. Jenny sends signed offer to Jack. To generate the signed offer, Jenny uses ElGamal Digital Signature scheme. Hence, Jenny generates her ElGamal public-key and private-key. Then, the plaintext offer is signed by Jenny’s private-key and a signed offer is generated. The signed offer is sent to Jack who wants to verify it to

ensure integrity and authenticity of the signed offer. Jack collects Jenny’s ElGamal public-key and verify the signed offer. If the signed offer is verified, Jack accepts the offer from Jenny and make a deal.

Suppose, Jenny chooses ElGamal public key (i.e., modulus p and generator g) and private-key (i.e., secret number

  • Jenny chooses a random number k. Jenny’s plaintext offer is The equivalent decimal numbers as follows:

In this task, you need to show how Jenny generates digital signature and Jack verifies the signed offer amount using ElGamal based digital signature scheme. To do this:

  1. Show how Jenny would generate Public and Private
  2. Show how Jenny would generate the digital signature for M.
  • Show how Jack would verify the digital signature using Jenny’s public-key.
  1. Does ElGamal Signature approach prevent cheating on digital signature? Justify why or why not. [Note: Refer to the Week 6 Lecture and Workshop-6.]

Use the following links:

For performing large integer operations (power mod, inverse mod, LCM, GCD, Multiplication):

https://www.mobilefish.com/services/big_number_equation/big_number_equation.php ]

Q3. Compromising Public Key Cryptography (Marks: 7)

Assume that Alex is an IT expert who have recently repaired a few computers of Kelly’s office. Kelly creates an email for one of her partner John as follows:

Kelly signs the email with her RSA private key, encrypts the signed email with John’s RSA public key and sends

the plaintext email and encrypted signed email to John. John receives the email and decrypts it with his RSA private key to retrieve Kelly’s signed email. Next, John decrypts Kelly’s signed email with Kelly’s RSA public key to verify if it is sent by Kelly. John is a tricky person and does not want to pay Alex from his pocket. Hence, he wants to trick another partner Jenny to pay on his behalf. John encrypts Kelly’s signed email with Jenny’s RSA public key and sends both plaintext email and encrypted signed email to Jenny as if it were sent by Kelly. Once Jenny receives the encrypted email, she decrypts it with her RSA private key and find Kelly’s signed email. Jenny decrypts the signed email with Kelly’s RSA public key and compare with the plaintext email to verify if it is sent by Kelly or not.

Based on the above scenario, you are expected to discuss the followings:

  • Do you think that Jenny will verify that the message is from Kelly, not from John? Justify your answer.
  • If Kelly uses a symmetric key encryption scheme instead of RSA based public-key cryptography scheme, do you think that John could trick Jenny? Justify your

[Note: Refer to the Week 3, 4 & 6 Lectures and Workshops 3, 4 & 6.]

Q4. Report Writing on Secure or Privacy-Preserving Systems (Marks: 20)

In this task, you need to write a report on any 1 of the following topics in a group of maximum 3 (three) people.

However, it is absolutely fine if you want to do it individually.

The proposed topics are:

  • Designing a System for privacy-preserving post pandemic healthcare data management including COVID-19 contact traceability, COVID-19 records, and vaccination management
  • Designing a privacy-preserving cross-border COVID-19 vaccination certificate management systems
  • Designing a privacy-preserving remote worker management system
  • Designing a blockchain enabled tamperproof cross-border supply chain systems with end-to-end traceability
  • Designing a blockchain enabled cross-border COVID-19 vaccination certificate management systems

The report should be well structured having a proper significance of the system you have chosen based on the limitations of existing systems, aims and objectives of your system, detailed discussion of your selected systems, and concluding remarks. You must provide necessary diagrams based on your own thoughts as well as collected from different sources. Texts in the report should be presented in IEEE Double-Column format with maximum 6 pages. For your convenience, a MS Word template for the report is provided in the Assignment-2 Home Page on CANVAS. You must provide necessary references (at least 15) using APA referencing style including both research and online articles. Articles can be searched in:

  • Google,
  • Google Scholar (https://scholar.google.com/),
  • IEEEXplore (https://ieeexplore.ieee.org/Xplore/home.jsp),

The report must contain the followings (but not limited to):

  1. Based on the topic you have chosen, give overview of the existing systems with one or more scenarios to illustrate the requirement of the privacy preserving techniques or blockchain (i.e., significance). Use necessary
  2. Discuss some of the existing systems that have already been introduced to address the requirements (i.e., background).
  • Describe what limitations will be addressed in your proposed system (i.e., aims) and what new features to be included in your proposed system (i.e., objectives).
  1. Describe your proposed systems in detail (i.e., system overview) with necessary diagrams
  2. Discuss how your proposed system will benefit Australia and other countries technologically, economically, and socially (i.e., benefits).
  3. Discuss the strength and limitations of your proposed system compared to existing systems. (i.e.,

advantages and limitations)

  • Providing a concluding statement on your proposed systems (i.e., conclusion) [Note: Refer to the Week 7 lecture and Workshop-7.]

Q5. Designing a Secure Authentication Protocol for a One-to-One Secure Messaging Platform (Marks: 10)

  • Analysing the security strength of authentication protocols (Marks: 5)

Assume that you have been hired to design a secure mutual authentication and key establishment protocol for

a new messaging software. In the software, two users (ex: Alice and Bob) needs to exchange messages using timestamp (T) and public-key cryptography based mutual authentication protocol to achieve mutual authentication and establish a secure session key (K) before the start of the conversation as shown in Figure-3. According to the given scenario, Alice and Bob should exchange two messages to achieve mutual authentication and establish the secure session key (K). As the mutual authentication protocol involves timestamp (T), the replay attack can be ignored. Assume that Alice is the initiator of the communication. Alice sends “Message 1” to Bob and Bob always replies with “[T+1]Bob.

Figure-3: Overview of the secure mutual authentication and key establishment protocol

You have options to choose from several protocols and analyzing their security strength. The prospective security protocols are as follows:

  1. In protocol-1, Message 1: {[T, K]Alice}Bob
  2. In protocol-2, Message 1: {“Alice”, [T, K]Alice}Bob
  • In protocol-3, Message 1: “Alice”, {[T, K]Alice}Bob
  1. In protocol-4, Message 1: T, “Alice”, {[K]Alice}Bob
  2. In protocol-5, Message 1: “Alice”, {[T]Alice}Bob and let K = h(T)

In this task, you need to critically analyze the above protocols and clearly explain which protocol or protocols would be secured and why. Notations are summarized below:

K                                  : Session key

T                                  : Timestamp

T+1                              : Timestamp is increased by 1

h(T)                              : Hash of timestamp T

{“Message”}Bob           : Encryption Function that encrypts “Message” using Bob’s public Key

[“Message”]Alice          : Encryption Function that encrypts “Message” using Alice’s private Key which is also

known as signed “Message” by Alice

[Note: Refer to the Week 9 lecture and Workshop 9.]

(b)   Attacking an authentication protocol (Marks: 2.5)

Assume that Alice and Bob are using the following authentication protocol (requires only three messages to achieve mutual authentication as shown in Figure-4) for their chat application to establish a session key (K) for each communication.

Figure-4: Authentication protocol being used by Alice and Bob

Let, the session key (K) is defined as: K =A*B mod N. Alice is acting as the initiator of the communication. Trudy is a member of the network who can see the communication between Alice and Bob and perform an attack. In this task, you need to discuss the following:

  • How can Trudy perform an attack on the above authentication protocol such that both Alice and Bob authenticate each other, and the session key K is disclosed to Trudy? You must provide necessary diagram of the attack
  • Is the attack that you have discussed in response to the above question beneficial to Trudy? Justify your

[Note: Refer to the Week 9 lecture and Workshop 9.]

  1. Academic integrity and plagiarism (standard warning)

Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas. You should take extreme care that you have:

  • Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly copied), summarized, paraphrased, discussed or mentioned in your assessment through the appropriate referencing methods,
  • Provided a reference list of the publication details so your reader can locate the source if This includes

material taken from Internet sites.

If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own.

RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of inappropriate behaviors, including:

  • Failure to properly document a source
  • Copyright material from the internet or databases
  • Collusion between students

For further information on our policies and procedures, please refer to the University website.

  1. Assessment declaration

When you submit work electronically, you agree to the assessment declaration.

Expert's Answer

Chat with our Experts

Want to contact us directly? No Problem. We are always here for you

Professional

Online Tutoring Services

17,148

Orders Delivered

4.9/5

5 Star Rating

748

PhD Experts

 

Amazing Features

Plagiarism Free

Top Quality

Best Price

On-Time Delivery

100% Money Back

24 x 7 Support

Ask a New Question
*
*
*
*
*

TOP

Connect on WHATSAPP: +61-416-195006, Uninterrupted Access 24x7, 100% Confidential

X