Please find the attached file which has all the 3 assignments. Please quote for all the 3 assignments. Thanks
==

CSC8419
Cryptography and security
Faculty of Health, Engineering and Sciences
Introductory book
Semester 1 2016
Published by
University of Southern Queensland
Toowoomba Queensland 4350 Australia http://www.usq.edu.au
© University of Southern Queensland, 2016.1.
Copyrighted materials reproduced herein are used under the provisions of the Copyright Act 1968 as amended, or as a result of application to the copyright owner.
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means electronic, mechanical, photocopying, recording or otherwise without prior permission.
Produced by Learning Resources Development and Support using the ICE Publishing System.
Table of contents
Page
Essential information 1
Introduction 2
Study schedule 5
Assessment 7
Weekly exercises 11



Essential information
The topics in the following list provide important information that will assist you with your study. You can access the information on your StudyDesk through the ‘Essential information (study materials)’ link
http://usqstudydesk.usq.edu.au/file.php/1/sitefiles/DeC/essential_info/essentialhandout.pdf . You will need your UConnect username and password to access the file. Please make sure you read this information carefully before commencing your study.
? Getting started
? Course specification
? Support
? UConnect
? Assignment submission
? Grading levels
? Course evaluation
? Residential schools
? Library
? Referencing APA
? Referencing Harvard AGPS
? Optional purchase of study materials
? USQ policies and procedures
Introduction
Welcome to this course Cryptography and Security. This course will give you a broad introduction to cryptography and its application to computer-network security services and mechanisms, such as confidentiality, digital signature, access control, and electronic payments. It also covers Analysis of software and hardware implementations of cryptographic algorithms and network-security protocols.
This course will enhance your theoretical and practical skills in understanding the cryptography and security terminologies and development techniques. You will be given the opportunity to study the methodologies for applying these fundamental concepts through the project with programming language.
The purpose of this course is to familiarize you with the technology of the security software development process and introduce you to apply the cryptography techniques for building real-world secure software systems.
Format of the course
The course consists of the lecture, several laboratory classes, and a semester long project. The lecture gives a broad overview of the subject. The project enables a more in-depth study of the selected sub-area. It involves software, hardware, or mixed implementation of cryptographic transformations. The laboratory classes make the student acquainted with practical features of selected commercial and public domain implementations of Internet security services. Homework assignments have a form of short programs in C/C++ or Java and analytical problems.
Course team
Examiner: Z. Zhang
Moderator: R. Addie
Course overview
There are five study modules. Each module provides learning objectives, followed by sections for further discussion or presentation on each topic/item. At the end of each module there is a list of online reading references.
This is a PG level course, covering most advanced technologies/material in the selected areas. The main study resources will be the textbook and online readings listed at the end of each module in addition to the lecture slides/powerpoint presentations to be included in the course home page. External students need to have Internet access in order to read the online papers/articles and to do the assignments/projects.
How to study this course
The purpose of the study modules is to outline the concepts/technologies to be covered. In order to fully understand this material, you will need to read the textbook and the corresponding readings listed at the end of each module.
The study modules have the following goals:
? to summarize concepts or techniques; ? to clarify certain points and concepts;
? to point you to the right references for particular technologies/concepts.
Approach the material as follows:
Step 1--- Read the appropriate chapters of text and sections of the study modules, updated lecture slides (to be provided on line) and online references.
Step 2 --- Perform the exercises/assignments. Do not wait untail the assignment due dates. The project need to be planned/started from the very beginning and they will take a few months to finish.
Study materials
? This Introductory materials
? The study modules
? Online reading materials
? Updated Lecture slide online
Software and laboratory requirements
Students will need OpenSSH and GPG installed on the Linux or Pretty Good Privacy (PGP) software on the Windows based systems in order to complete the secure communications exercises.
You may also need to install Apache PHP at home or access Apache PHP at USQ in order to do the web portal design project.
References
P. Pfleeger, “Security in Computing”, 3e, Prentice-Hall, 2003
P. J. Denning (ed), “Computers Under Attack --- Intruders, Worms, and Viruses”, AdditionWesley, 1990
Course home page
You will find a web page for this course from your StudyDesk at: http://usqstudydesk.usq.edu.au/
The course home page is your primary resort of getting support for this course. On the course webpage, there are you will find
? course materials and resources
? electronic discussion facilities or forums
? access to past examination papers if appropriate
There are an online assignment submission system on the course webpage. You will find that it is very convenient and secure to make submission of your all assessment items including assignment2 and final project report.
Study schedule
Week Module Activity/Reading Assessment
1 Module 1:Security and its history
2, 3,4 Module 2: Foundations of Computer Security
Reminder: E nd of week 4 is the last date to drop S1 courses with out academic or financial p enalty.
5 Module 3: Identification and Authentication
6,7 Module 4: Access control
8 Module 5: Security Models
Reminder: E nd of week 4 is the last date to drop S1 courses with out academic penalty.
9,10 Module 6: Cryptography
11,12,
13 Module 7: Key Establishment and Management

Assessment
The course will be assessed as follows:
Assessment Weighting (%) Due Date
1 16 April 06, 2016
2 24 May 11, 2016
3 50 June 15, 2016
All assignments are a compulsory part of the assessment.
Assignment 1
Task 1: What is the C.I.A.of security? Use examples to contrast security threats and attacks?
Task 2: Given p=7 and q=11 and ??n?=?p-1?×?q-1? , check if or not the inverse of 19 mod f(n) exists, and demonstrate your result.
Task 3: The smallest possible value for the modulus n for which the RSA algorithm works are p=11,q=3 . Use the most simplest example of RSA to do encryption. We would let
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
Thus the plaintext message “HELLOWORD” would be represented by the set of integers
{9,6,13,13,16,24,16,19,13,5} . Using the table above, please find ciphertext integers.
Task 4: Select a topic from the following list for your assignment 3, which is a reading project.
1. Compare and Contrast the OpenSSL and GNU OpenGPG.
2. Understanding the Kerberos System and its Authentication Protocols
3. Generating Digital Certificates using OpenSSL
4. On the security and authentication of Web sites
Assignment 2
Task 1: Generate your RSA private key and a public key. Store your private key safe and send your public key to the lecturer.
Task 2: Upon the acknowledge of your public key, Request a secret document from the lecturer. The secret document has been encrypted by use of your public key.
Task 3: Generate a Certificate Sign Request (CSR) and obtain certificate from the lecturer.
Task 4: Based on the topic you have chosen in Ass 1, write a scientific report of 2-3 pages. You need to find at least relevant articles from Books, Journals in the Library, or articles on the Internet to read, then summarise and write a concise report in your own words. In this draft version, you may only write all the statement sentences in each section.
A scientific report usually cover the following sections:
Abstract
a. Introduction
b. …Sections relevant to your
c. Conclusion
References
Assignment 3
The final report is an expended version of your report in assignment 2. The final report must be 10-15 pages in length. The whole structure may not be too much different or slightly changed, but the contents must contain much more information and/or knowledge related with your selected topic.
The assignment will assess your research skill. You should develop a deep understanding through extensive reading, and then be able to formulate your own view on the topic and organize your presentation in a logical way.
Marking criteria for assignment 3:
Criteria Marks/100
Extensive Readings & Literature reviews. 50 – 64
A deep understanding shown in the report in addition to requirements for ‘C’. 65 – 74
Having a logical and clear presentation, in addition to the requirements for ‘B’. 75 – 84
All the requirements of ‘A’ with additional originality & innovation. 85–100

Weekly exercises
Assume that you are only allowed to use 26 characters from the alphabet to construct passwords.
How many different passwords are possible if a password is at most n , for n=4,8,10, characters long and there is no distinction between upper case and low
case characters?
How many different passwords are possible if a password is at most n , for n=4,8,10, characters long and passwords are case sensitive?
For Unix system, check the on-line document for security-relevant commands. Find your own entry in /etc/passwd and check the permission setting on your files and directories
In your assessment, what are the strong and weak points of Unix system? Write a short report on this topic (1000 words).
E-mail is a very popular communication method at present, what ideas do you have to secure your e-mail system?
Evaluation criteria are designed to help security-unaware users meet specific security requirements. Are protection profiles the right solution for this problem?
Write a protection profile for firewalls.
KryptoKnight was developed by IBM as an alternative to Kerberos. Give a short description of the KryptoKnight protocol and discuss its advantages and disadvantages, compared to Kerberos.
Define a secuirty policy that meets your expectations on web secuirty and construct a model for your policy.
For IPSec and SSL, the nodes running the protocol are assumed to be secure; which additional security mechanisms do you need at these nodes to make this assumption true?
Write a short report about intrusion detection to protect your computer or system.
Design and implement a signature scheme and multi-signature scheme.
What are differences between DAC, MAC and RBAC? Explain the differences with an example.