Part 2: Mathematics and Cryptography

Part 2: Mathematics and Cryptography

Answer Sheet 2324

You may readjust the table sizes, but you should only submit a maximum of 10 pages. Anything more than this will not be reviewed. Save this as

[First Name][Last Name][Student ID] M&C.docx.

You may delete this paragraph about filename and table sizes to get more space. The sizes of the table for each question suggest an appropriate upper limit on the amount of work to include.

Section A: Classical Ciphers

Section B: Modern Ciphers

You may want to make use of this symbol: .

Module Leader: Dr Alex Corner Level: 4

Module Title: Introduction to Cyber Security, Maths and Cryptography Module Code: 55-408808-AF-20234

Assessment: 1. 001 Coursework (50%)

2. 002 Written Examination (50%) (13th 25th May 2024, TBC)

001 Coursework

Individual Assessment Weighting: 50% Magnitude: Equivalent of 2500 words

Submission Date: 25th April 2024

Submission Time: 15:00 Blackboard Submission: Y

Turnitin Submission: Y (Sec A) Format: 2 Word Document

Feedback Return: 17th May 2024 Blackboard Feedback: Y In-module retrieval available: Y

Learning Outcomes:

The following module Learning Outcomes will be assessed through this coursework. Marking criteria to assess these are at the end of each section.

Understanding the key concepts of data confidentiality, integrity and availability and select means by which these properties may be achieved in computer systems.

Select and justify appropriate methods, algorithms and techniques contributing to the security of information systems and networks.

Demonstrate a comprehension of fundamental concepts in cyber security, maths and cryptography.

Coursework: Overview

This coursework is comprised of two sections. Section A covers the learning outcomes related to Cyber Security, while Section B addresses learning outcomes related to Mathematics and Cryptography. You are required to complete both sections, which are equally weighted and have separate marking criteria.

What are you required to submit?

Section A: A single Word document saved with the filename[First Name][Last Name][Student ID] Cyber.docx.

E.g., Andy Briggs 91919191 Cyber.docx. This should also be submitted to Turnitin.

Section B: A single word document saved with the filename[First Name][Last Name][Student ID] M&C.docx.

E.g., Alex Corner 31415926 M&C.docx. There is a template Word document provided (CSMC_CW-section-B_answer_sheet.docx) in the Assessment area of the Blackboard site. The document for Section B should not exceed 10 pages. This does not need to be submitted to Turnitin.

Both of the documents should be uploaded to the submission point at the same time.

When and where do I submit?

When: 3pm Thursday 25th April 2024

Where: The submission point on Blackboard under the Assessment link, labelled

001 Submitted (Word Count) Submission Point.

How are grades determined?

You will be awarded a grade for each section of the coursework, and these will be averaged to produce an overall grade which will be snapped a Grade 0-16 as shown in the table for REF _Ref161327124 h * MERGEFORMAT Section A: Marking Criteria. This will determine a Category, Grade, and %. E.g., Mid 2.2., 8, 55. The % mark will be the module mark which is displayed on your Student Record.

Coursework Hints

Read through this document carefully. There are two sections, each with its own assessment and marking criteria.

Ask for help in IT sessions when needed and make use of drop-ins for the module.

Section A: Cyber Security

Section A Introduction

The 21st century has seen an unparalleled adoption of technology involving internetworked computers (the Internet). Computers are used in most aspects of our everyday life whether we are students, employees, employers, or private individuals. Security and privacy are very important as we not only have to protect our physical assets but also our data assets.

We are more reliant than ever on technology to control our home environments, music, memories, personal communications, and financial information. Remote working (especially now) is a must, requiring that we have secure communications with our schools, universities, and workplaces. Computer and network security work must address every level of a network or system (including physical, user-based, service-based, host-based, and network-based) to secure data, protect privacy and prevent criminal acts.

No single security component or method by itself can be expected to ensure complete protection for a network - or even an individual host computer. Instead, you need to assemble a group of methods that work in a coordinated fashion to provide protection against a variety of threats.

What are you required to submit?

Section A: A single Word document saved with the filename[First Name][Last Name][Student ID] Cyber.docx.

E.g., Andy Briggs 91919191 Cyber.docx. This should also be submitted to Turnitin.

Section A Assignment Brief

You are asked to examine and re-engineer a small business/home office style network (Figure 1) to satisfy the key concepts underlying computer and network security: confidentiality, integrity, and availability.

Figure SEQ Figure * ARABIC 1

Figure 1 shows a small network comprising:

Two personal computers (PC1 and PC2), a laptop and a wireless router: Netgear N300 Wireless ADSL2+Modem Router DGN2200V4.

PC1 is directly wired to the Router using an RJ45 CAT6 ethernet cable, while PC2 and the laptop are connected by wireless/wifi to the router.

All the computers contain data (stored on the hard drives) as: lectures notes, labs, private and personal documents, family photos etc.

Two mobile phones (a Samsung J3 and an Apple iPhone 7) also connect to the internet using wireless technologyA scanner and a printer are connected to PC1 and are shared by all users on the network.

Using Figure 1 as a basis, you are asked to:

Identify/enumerate the various threats and risks in the devices and network. To do this you will consider the security/threat landscape (these are collective terms that refer to the devices and security involved, and the threats that they are commonly subjected to).

Recommend techniques to prevent or mitigate attacks on the devices within the network. Identify the technology/configuration you wish to use, the device/s that it is intended to protect, and explain why you feel that this choice of technology/configuration is beneficial to this application.

Section A Hints

If information about the security configuration of a device is not provided, assume that no security configuration has taken place.

The ADSL Filter effectively functions as a splitter, allowing a single phone line to the building to connect to a land-line telephone system, and to the data network itself. The Filter and land-line phones do not need to be configured as part of this assessment.

Search the internet for missing information, consult existing literature on the various aspects of the problem. You are not being asked to protect against every conceivable attack in the world, only to provide recommendations on how to secure the network to a good standard, using readily-available technologies.

Do not always look for the least expensive way forward, if it will compromise security. While you should not attempt to build an entirely new network from scratch, you are free to replace/upgrade/add devices and/or software if you feel that doing so will improve security. Explain why you have done so, in each case.

Remember to reference your sources using the APA7 standard.

Device Specifications (for reference):

Device Description/Technical Specs

PC1 Dell Optiplex 755

Intel Core2 Duo CPU E8400 @ 3.00GHz 2.99GHz

Operating System: Windows 7 Enterprise, SP1

Malware Protection: Norton Security Premium

Wireless 802.11 a/b/g PCI Adapter: Cisco Air-P12AG-E-K9

PC2 Intel(R) Core (TM) Duo CPU, E4500 @ 2.20GHz, 3 GB of RAM

Hard Drive capacity: 250 GB

Operating System: Windows 7- Home Premium, 32-bit

Malware Protection: Norton Security Premium

TP-Link TL-WN851N Wireless-N PCI adapter - uses 802.11n technology but is backwards compatible with the 802.11 b/g standard.

Laptop ACER Aspire 5750

Intel(R) CoreTM is-2410, 2.3GHz with turbo boost up to 2.9GHz, 8GB DDR3 Memory

Intel(R) HD Graphics 3000, up to 1760 MB Dynamic Video Memory

Hard drive capacity: 750 GB

ACER NplifyTM 802.1 b/g/n Wireless adapter

Operating System: Windows 10 Professional 64-bit OS, SP1

Malware Protection: Norton Security Premium

Netgear N300 ADSL2 DGN2200V4 Router IEEE 802.11 b/g/n 2.4GHz

Four (4) 10/100 Fast Ethernet Ports

One (1) ADSL2+ Port

One (1) USB 2.0 Port

Built-in ADSL2+ Modem

IPv6 Support (Internet Protocol Version 6)

Live Parental Controls Security

Wi-Fi Protected Access (WPA/WPA2PSK)

Intrusion detection and prevention (IDS)

Denial-of-service (DoS) attack prevention

. and many more - see manual for details

Wireless CCTV (Gamut 2MP HD-TVI) Some specifications can be found at Gamut 2MP HD-TVI 4 Bullet Camera CCTV System SpyCameraCCTV . To make additional security recommendations, you will need to conduct additional research into common security risks of IP CCTV systems and the means to mitigate these risks.

Phone Handset 1 Samsung Galaxy J3

Phone Handset 2 Apple iPhone 7

Section A: Marking CriteriaCategory Grade Mark

Range % Identify/enumerate the various threats and risks in the devices and network. (25% of Overall Grade) Recommend techniques to prevent or mitigate attacks on the devices within the network. (25% of Overall Grade)

Exceptional 1st 16 93-100 96 The security and threat landscape are well discussed with real life incidents stated. The need for the technologies is clearly identified and an insightful understanding of the technologies is shown, and is fully supported by reference to the wider literature. The material is professionally presented, with references. Proposed an exceptional real solution and/or provided novel (new) recommendations to protect a wide part of the network, with detailed investigation of the techniques and/or application, with evidence discussed and referenced.

High 1st 15 85-92 89 Mid 1st14 78-84 81 Low 1st 13 70-77 74 High 2.1 12 67-69 68 The security and threat landscape are well discussed with real life incidents stated. The need for the technologies is clearly identified and an understanding of the technologies is shown. The material is professionally presented, with references. Proposed an insightful solution to protect a wide part of the network, with detailed investigation of the techniques and/or application, with evidence discussed and referenced.

Mid 2.1 11 64-66 65 Low 2.1 10 60-63 62 High 2.2 9 57-59 58 The security and threat landscape are well discussed with real life incidents stated and an understanding of the technologies shown. Proposed a solution with proper investigation of the techniques and/or application, with evidence discussed.

Mid 2.2 8 54-56 55 Low 2.2 7 50-53 52 High 3rd 6 47-49 48 The security and threat landscape are well discussed with an understanding of the technologies shown. Proposed a solution with proper investigation of the techniques and/or application.

Mid 3rd5 44-46 45 Low 3rd 4 40-43 40 Borderline Fail 3 30-39 35 The security and threat landscape are not well discussed. Proposed an incorrect solution without any discussion (or with incorrect discussion) on how the technique is used.

Mid Fail 2 20-29 25 Low Fail 1 6-19 10 Section B: Mathematics and Cryptography

Section B Introduction

Cryptology underpins many protocols in cyber security and, by having an awareness of the fundamental classical and modern techniques in Cryptography and Cryptanalysis, we allow ourselves a broader understanding of how weaknesses can be avoided. The mathematics inherent in these cryptological techniques further enables us to be systematic, clear, and precise about our understanding and presentation of data, numbers, and figures.

What are you required to submit?

Section B: A single Word document saved with the filename[First Name][Last Name][Student ID] M&C.docx.

E.g., Alex Corner 31415926 M&C.docx. There is a template Word document provided (CSMC_CW-section-B_answer_sheet.docx) in the Assessment area of the Blackboard site. The document for Section B should not exceed 10 pages.

Part 1: Classical Ciphers

Decrypt the following ciphertext using a Caesar cipher. You may use Excel to help you.

TDSLWWTYOFPETXPMPLAZPE

(10 marks including 1 mark for identifying the quotation.)

The following ciphertext has been obtained using a General Substitution cipher. Use an Excel spreadsheet to decrypt it. Explain all the steps of your working.

RSIUBZAWX JAWA MAFAHSUAM LC XARWAZ EDRP LC JSWHM JDW ZJS IDLCHN ZS EWADP RSMAX SWMLCDWN UASUHA MLM CSZ GDFA DRRAXX ZS RSIUBZAWX EARDBXA ZGAN JAWA TAJ LC CBIEAW DCM ZSS AKUACXLFA XSIA UASUHA USXZBHDZAM ZGDZ ZGAWA JSBHM CAFAW EA D CAAM TSW ISWA ZGDC GDHT D MSQAC RSIUBZAWX LC ZGA RSBCZWN DCM DXXBIAM ZGDZ SWMLCDWN UASUHA JSBHM CAFAW GDFA D CAAM TSW RSIUBZAWX XSIA ST ZGA OSFAWCIACZX DZZLZBMA ZSJDWM RWNUZSOWDUGN ZSMDN JAWA TSWIAM LC ZGDZ UAWLSM DCM ILWWSWX ZGA SHM DZZLZBMAX ZSJDWM RSIUBZAWX JGN JSBHM SWMLCDWN UASUHA CAAM ZS GDFA DRRAXX ZS OSSM RWNUZSOWDUGN LC DMMLZLSC ZS ZGA HLILZAM DFDLHDELHLZN ST RSIUBZAWX DCSZGAW UWSEHAI JLZG RWNUZSOWDUGN LC ZGSXA MDNX JDX ZGDZ RWNUZSOWDUGLR PANX GDM ZS EA MLXZWLEBZAM SFAW XARBWA RGDCCAHX XS ZGDZ ESZG UDWZLAX RSBHM XACM ACRWNUZAM ZWDTTLR SFAW LCXARBWA RGDCCAHX OSFAWCIACZX XSHFAM ZGDZ UWSEHAI EN MLXUDZRGLCO PAN RSBWLAWX JLZG XDZRGAHX GDCMRBTTAM ZS ZGALW JWLXZX OSFAWCIACZX RSBHM DTTSWM ZS XACM OBNX HLPA ZGAXA ZS ZGALW AIEDXXLAX SFAWXADX EBZ ZGA OWADZ IDXXAX ST SWMLCDWN UASUHA JSBHM CAFAW GDFA DRRAXX ZS UWDRZLRDH RWNUZSOWDUGN LT PANX GDM ZS EA MLXZWLEBZAM ZGLX JDN CS IDZZAW GSJ RGADU DCM USJAWTBH UAWXSCDH RSIUBZAWX ILOGZ XSIAMDN EARSIA NSB YBXZ RDCZ XACM ZGA PANX AHARZWSCLRDHHN JLZGSBZ ZGA WLXP ST LCZAWRAUZLSC

(40 marks including 3 marks for identifying the text and the connection to the letters KHK.)

Use the Vigenre cipher with keyword ALPHABET to encrypt your surname and first names (12 letters in all), e.g., `John Smith becomes plaintext `smithjohnsmi.

The following ciphertext has been obtained using a Vigenre cipher. You are provided with a table of interval values and possible key sizes. Determine an appropriate key size and use an Excel spreadsheet to decrypt the ciphertext. Explain all of your steps and provide evidence such as suitable Excel screenshots.

sequence interval 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

AAPX 162 X X X X MJZQ 143 X X KMOJ 135 X X X X WDLW 36 X X X X X X BMZQ 252 X X X X X X X X YOIG 171 X X SLAMFVHERZHGHSBLPENPVDTNECHRVTNYQSYLJJZRUBSRUWWPRYPIOHRLTHUUIYWKMKAJITOLCPBTQPECGSHZXMIWQUALLBYNVZPPOMWJAMRQHPUBYIXTRJZWYRMGSDJPKTQKSXSQAQGLIROENVCZMBXSHYVAMTNLTJDNZTIMGCBLAWZWITSLYKMONKIDGKDVMTELPUAAPXDKEYEABAXIQRDXYOKHRUICFEHTTUXPTFWAQHSAEDUATWMJKEDKZPAIJVWPUOHVWHWQAXPLZMJZQTQWSABSBYCQOBKAFXTWLYHBBTVWNUAHBXFVIPGBVZGJEXJSAZWYHZCAWKNZTUPMNVUZBXRAASLYOUBSQQTCAAPXSMGPVOPBRTNWPFQYMDJGHTVPYQUZBMZQYOIGSMPDDJKANUXPJWDLMJZQZLOAUBHKIACLPAMGXQKYDPBZXFBXSHOHUXYQQPWDLWKJBMNDHKMOJTSAPAUBLNVMYIKYUTYQSYWDLWKDIROFKTXNYMVDFELVVJALZZLYWFNAIZILYWONLMYJLYWOFJPJVAJCKJKVJSPVARXBIXVYOIGLQRRWDPATSKMPQPHZMNVXZDOJQXSKIEKAKMOJTSAPAUBHKKSXSQAMKHWREUKSTXIKSXPQUQVFBMZQOUMMBWVVVLYWFNAIDHBMWKYTIDVWULBSMBAHJZQOJKSYWWJBUJBAPHJWMHUTIZUYVUIZBICVKUWIUWWTWAZQWJASQWDLEHWTHCHLSIVNVKXROAUTNTEYGIHVRJFGFUOPWGXEMEKPLTXHWQXXJPKTYQSYVBVZFFVCLSLSQVFBMZQOAPXXMGZQPHKMXUYDWXLUTIMWPFQYMTLIMYVPIWMMMEGHOKZHUXMYJWULMMMMYMAJBBTVSQLHSMZNBMXDPLUXXAERHOHBIWMWPQPOWPJDICWDLAHQCXTRJVNLJKYCLPFXKTJPPPOSIZXEIWOXLPBSLSEKAYIKJIWZIYVUFZVMNDPPWGXBINKJVTHLGGZQPLUITZECBYYGIYWKCDLOGBXCRLEHLBHRMIEWDLZXVCMCHILVMXQREKWAQMXCWPZKBTWNUTZVAZCVMAIGHNLQGHWRGHJPMGHMWZQPOMLDAXPPQZMKXIWERASQFNVEEHIHVRTNXSHXLVXKQXDRBAMEJXVZFAZABSOXSHXLAMPVSHQYYGIYWKCDLOQVUZSMOATQLYPEERBWZBAIGJSNLDXSBMYJPOMNSIYEKKYQSJLIIWNHKMNWRZIEUNHWUEELKUNKTUGZPIBVBHIXTRJZWOJZEYLJZMVZZINKWUVXQQRZUZLZMTCWPFNFXMTOVLSDFBHNVWFUAWZBAIGJKKDMOJZMELOJCKWMREOUUMVJAWLUUMWKYPINRITCGNKEELJNXTWBMPVPVAAFZILNAFEANKLTVGUWPSBSYRKUMXQAIEKEZQLIWRPEUZMGIQRRWDLSXDQRLGRHVVJWZPUOVUXXMGFUAJPTSVIWVQJPTXXVTYWAMVTCVTHNVZKJOMDWAYMWRIMWDLYQOFBINRJCMKXIXTRJIMMBMIYWSVXXTXPPZEAPGTXVTRNHKJZIMYWWUKXNAENRITWGTKGFUNLVVJQRMXOPVXXALZZACMKFVHTWEZCGWMEWLOAQVYWIISAJBBSQXTDHICLNVIDVYVVMFKXDWKIMITAXARJLLETVKPQKBOAKWVVHUZBHGMXCDJZUBYBIOEUZWFJXLJVEJIERMEYVPOMVTAXLQZKMEFGMXSKZMWGGXSLORMRIQWEUEICMNWRAUKITXRQWLPWQWKGIVCLAYBHYPIEUWUAYJZSQEQZQGJAWNRITCGNKEELKUAMTTECJAAMEJXVZFAZABSORPWSVZDX

(10 marks for part a) and 40 marks for part b) including 3 for identifying the original plaintext and 3 for its connection to the keyword.)

Part 2: Modern Ciphers

Upper case ASCII letters A-Z are represented by the denary numbers 65-90; lower case ASCII letters a to z are represented by the denary numbers 97-122. The decimal value is converted to an 8-bit binary string and to encrypt any letter its 8-bit binary representation is combined with an 8-bit secret key using bitwise XOR.

A 3-letter word has been encrypted one letter at a time. The encrypted word is fgq. If the secret key is 00100010, then what was the original plaintext message.

(15 marks)

Using an Excel spreadsheet encrypt 16 letters (using ASCII) from your surname and first name (e.g., Alex Corner would be CornerAlexCorne) to produce a ciphertext in hexadecimal, by applying the first round of AES (Rijndael) as far as the Shift Row stage. Use the following key K=W0, W1, W2, W3:

7E 1B 60 8B

2A EC F1 37

59 5F BC 19

D4 0A EE CF

Explain all of your steps with supporting evidence (e.g., appropriate Excel screenshots) and provide the encrypted value at the end of each stage. I.e., after Add Key, after Byte Sub, and finally after Shift Row. Do not attempt the Mix Columns stage.

(35 marks)

Use the RSA cipher to decrypt the word TfG. The public key is N=221, e=5. Decrypt a single letter at a time. You may use an Excel spreadsheet but for full marks you must explain each step of your calculation.

(30 marks)

Alices RSA public key [N; e] is stored in binary as

[1111010011000111; 00001011].

Eve wants to find Alices private key by factorising N.

What are the prime factors of N and what is Alices private key?

What is the maximum number of ASCII letters that can be encrypted in one go and sent to Alice (assuming the message has no padding)? Explain your answer.

Alice decides to change the e value in her public key. Which of the following choices are not allowed? 3, 17, 19, 23, 31, 35, 45, 65. Explain your answer.

(20 marks)

Section B Hints

When working in an Excel spreadsheet you will find it useful to take screenshots of your working, to show how you have proceeded through encryption/decryption. Only include relevant parts of the screen. E.g., in the Vigenre section you may want to just show a small section of the frequencies when explaining how you found each of the shift values. So (if using Windows) just use the Snipping Tool, shortcut Windows-Shift-S, to capture the relevant part.

Your work should be readable, meaning that you should explain each step in your working. Im looking to see your ability to apply the methods we have learnt, along with your ability to explain relevant parts of your working. Some parts may be repetitive and, in these cases, you may want to use phrases such as Similar to the previous step, we can see from the screenshot that this shift is.

If you are unsure how to present or word something, then ask.

Word has an in-built equation editor, which you can use to make symbolic expressions more readable. E.g., instead of x^3 mod n we can instead have x3 (mod n). A shortcut to enter equation mode is to press Alt and =. Certain symbols also have shortcuts. E.g., is entered by typing oplus in the equation editor, before pressing space. Ask if you are unsure on how to enter a symbol, or use Detexify to draw and identify the symbol you are looking for.

Section B: Marking Criteria

Each of the questions in Section B has a number of marks displayed below it. For some questions, there are specific criteria to include in your explanation and working. There are a total of 200 marks available for Section B. Your mark out of 200 will translate to a Mark Range, which will then decide a Category, Grade, and %. (See the range of these in REF _Ref161327124 h * MERGEFORMAT Section A: Marking Criteria.)