Intro Book 2017 S1 PDF

Preview

Summary

Download Intro Book 2017 S1 PDF

Description

CSC8419 Cryptography and security Faculty of Health, Engineering and Sciences

Introductory book Semester 1 2017

Published by University of Southern Queensland Toowoomba Queensland 4350 Australia http://www.usq.edu.au © University of Southern Queensland, 2017.1.

Copyrighted materials reproduced herein are used under the provisions of the Copyright Act 1968 as amended, or as a result of application to the copyright owner. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means electronic, mechanical, photocopying, recording or otherwise without prior permission. Produced by Learning Resources Development and Support using the ICE Publishing System.

Table of contents Page

Essential information

1

Introduction

2

Study schedule

5

Assessment

7

Weekly exercises

11

CSC8419 – Cryptography and security

1

Essential information The topics in the following list provide important information that will assist you with your study. You can access the information on your StudyDesk through the ‘Essential information (study materials)’ link . You will need your UConnect username and password to access the file. Please make sure you read this information carefully before commencing your study. ●

Getting started

●

Course specification

●

Support

●

UConnect

●

Assignment submission

●

Grading levels

●

Course evaluation

●

Residential schools

●

Library

●

Referencing APA

●

Referencing Harvard AGPS

●

Optional purchase of study materials

●

USQ policies and procedures

© University of Southern Queensland

2

CSC8419 – Cryptography and security

Introduction Welcome to this course Cryptography and Security. This course will give you a broad introduction to cryptography and its application to computer-network security services and mechanisms, such as confidentiality, digital signature, access control, and electronic payments. It also covers Analysis of software and hardware implementations of cryptographic algorithms and network-security protocols. This course will enhance your theoretical and practical skills in understanding the cryptography and security terminologies and development techniques. You will be given the opportunity to study the methodologies for applying these fundamental concepts through the project with programming language. The purpose of this course is to familiarize you with the technology of the security software development process and introduce you to apply the cryptography techniques for building real-world secure software systems.

Format of the course The course consists of the lecture, several laboratory classes, and a semester long project. The lecture gives a broad overview of the subject. The project enables a more in-depth study of the selected sub-area. It involves software, hardware, or mixed implementation of cryptographic transformations. The laboratory classes make the student acquainted with practical features of selected commercial and public domain implementations of Internet security services.

Course team Examiner:

Z. Zhang

Moderator:

R. Addie

Course overview There are five study modules. Each module provides learning objectives, followed by sections for further discussion or presentation on each topic/item. At the end of each module there is a list of online reading references. This is a PG level course, covering most advanced technologies/material in the selected areas. The main study resources will be the textbook and online readings listed at the end of each module in addition to the lecture slides/powerpoint presentations to be included in the course home page. External students need to have Internet access in order to read the online papers/articles and to do the assignments/projects.

© University of Southern Queensland

CSC8419 – Cryptography and security

3

How to study this course The purpose of the study modules is to outline the concepts/technologies to be covered. In order to fully understand this material, you will need to read the textbook and the corresponding readings listed at the end of each module. The study modules have the following goals: ●

to summarize concepts or techniques;

●

to clarify certain points and concepts;

●

to point you to the right references for particular technologies/concepts.

Approach the material as follows: Step 1--- Read the appropriate chapters of text and sections of the study modules, updated lecture slides (to be provided on line) and online references. Step 2 --- Perform the exercises/assignments. Do not wait untail the assignment due dates. The project need to be planned/started from the very beginning and they will take a few months to finish. Study materials ●

This Introductory materials

●

The study modules

●

Online reading materials

●

Updated Lecture slide online

Software and laboratory requirements Students will need OpenSSL and GPG installed on the Linux or Pretty Good Privacy (PGP) software on the Windows based systems in order to complete the secure communications exercises.

References P. Pfleeger, “Security in Computing”, 3e, Prentice-Hall, 2003 P. J. Denning (ed), “Computers Under Attack --- Intruders, Worms, and Viruses”, AdditionWesley, 1990

© University of Southern Queensland

4

CSC8419 – Cryptography and security

Course home page You will find a web page for this course from your StudyDesk at: http://usqstudydesk.usq.edu.au/ The course home page is your primary resort of getting support for this course. On the course webpage, there are you will find ●

course materials and resources

●

electronic discussion facilities or forums

●

access to past examination papers if appropriate

There are an online assignment submission system on the course webpage. You will find that it is very convenient and secure to make submission of your all assessment items including assignments and/or final project report.

© University of Southern Queensland

CSC8419 – Cryptography and security

5

Study schedule Week

Module

1

Module 1:Security and its history

2, 3,4

Module 2: Foundations of Computer Security

Activity/Reading

Assessment

Reminder: End of week 4 is the last date to drop S1 courses without academic or financial penalty. 5

Module 3: Identification and Authentication

6,7

Module 4: Access control

8

Module 5: Security Models

Reminder: End of week 4 is the last date to drop S1 courses without academic penalty. 9,10

Module 6: Cryptography

11,12, 13

Module 7: Key Establishment and Management

© University of Southern Queensland

6

CSC8419 – Cryptography and security

© University of Southern Queensland

CSC8419 – Cryptography and security

7

Assessment The course will be assessed as follows: Assessment

Weighting (%)

Due Date

1

16

April 05, 2017

2

24

May 10, 2017

3

60

June 14, 2017

All assignments are a compulsory part of the assessment.

© University of Southern Queensland

8

CSC8419 – Cryptography and security

Assignment 1 (16 marks) Instructions ●

The submission file must be in the format of PDF.

●

Submission of the PDF file must be made via the online submission system on the course webpage.

Task 1 (3 marks) What is the C.I.A.of security? Use examples to contrast security threats and attacks? Task 2 (3 marks) List 5 general design decisions that have to be made when constructing secure systems.. Task 3 (8 marks) The smallest possible value for the modulus n for which the RSA algorithm works are p =11, q =3 . Use the most simplest example of RSA to do encryption. We would let A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 Thus the plaintext message “HELLOWORD” would be represented by the set of integers

{9, 6, 13,13, 16, 24,16, 19, 13,5 } . Using the table above, please find ciphertext integers. Task 4 (2 marks) Select a topic from the following list for your assignment 3, which is a reading research project. Write an objective of this reading research project (not more than 30 words) 1. Compare and Contrast the OpenSSL and GNU OpenGPG. 2. Understanding the Kerberos System and its Authentication Protocols 3. Generating Digital Certificates using OpenSSL 4. On the security and authentication of Web sites

© University of Southern Queensland

CSC8419 – Cryptography and security

9

Assignment 2 (24 marks) Instruction: ●

Submission file must be in PDF format, and all the steps of generating the required must be given in your assignment, including the OpenSSL commands or command lines.

●

The secret key must be included in your submission.

●

All information about your CSR and the certificate (Subject Name, Issuer Name, Signature Algorithm and Validate Period and Public Key) must be list out in your submission.

Task 1 ( 7 marks) Use OpenSSL toolkit to generate your RSA key pairs: private key and a public key. Store your private key safe and email your public key to the lecturer. (The public key must be in the format of PEM; and the public key must be in the attachment, Subject of your email must be something like CSC8418 Ass2 00611111 – Public Key ) Task 2 (7 marks) Download a cipher document and a cipher secret, which will be available on the course webpage. Then decrypt the cipher secret to obtain a secret key, and use the secret key to decrypt the cipher document. ( The secret key has been encrypted using your public key while the encrypted document has been encrypted by use of the secret key) Task 3 (7 marks) Generate a Certificate Sign Request (CSR), email it to the lecturer. Then download the certificate issued by the lecturer from the course webpage . (Information of the certificate such as Subject Name, Issuer Name, Signature Algorithm and Validate Period and Public Key can be extract out from the certificate) Task 4 (3 marks) Based on the topic you have chosen in Ass 1, write a scientific report of 2-3 pages. You need to find at least relevant articles from Books, Journals in the Library, or articles on the Internet to read, then summarise and write a concise report in your own words. In this draft version, you may only write all the statement sentences in each section. A scientific report usually cover the following sections: Abstract a. Introduction b. …Sections relevant to your c. Conclusion References

© University of Southern Queensland

10

CSC8419 – Cryptography and security

Assignment 3 (60 marks) Instructions: ●

Submission must be in the format of PDF, and be made via the online submission system.

●

The final report is an expanded version of your report in assignment 2. The final report must be 10-15 pages in length. The whole structure may not be too much different or slightly changed, but the contents must contain much more information and/or knowledge related with your selected topic.

●

The assignment will assess your research skill. You should develop a deep understanding through extensive reading, and then be able to formulate your own view on the topic and organize your presentation in a logical way.

Marking criteria for assignment 3: Criteria

Marks/100

Extensive Readings & Literature reviews.

50–64

A deep understanding shown in the report in addition to requirements for ‘C’.

65–74

Having a logical and clear presentation, in addition to the requirements for ‘B’.

75–84

All the requirements of ‘A’ with additional originality & innovation.

85–100

© University of Southern Queensland...