Contents Task 1: CIA................................................................................................................................2 Task 2: Secure system requirement............................................................................................3 Task 3.........................................................................................................................................4 Task 4.........................................................................................................................................5 Task 5: Using OpenSSL to generate Digital Certificates...........................................................7 References..................................................................................................................................8 List of Figures Figure 1: CIA.............................................................................................................................2 1
Task 1: CIA CIA triad is also termed as Confidentiality, Integrity and Availability. Through this model, the policies regarding the security of the organisation can be designed in an easy manner. Sometimes this model is also termed as AIC triad so that the confusion with the Central Intelligence Agency can be avoided (Rouse, 2014). Figure1: CIA Source: (Armeda, 2010) Confidentiality: Confidentiality of information means there is a need for protection of the information from the unauthorised members and parties. All these things can be done by taking the help of encryption. Integrity:Underthiscategory,thereistheneedofprotectingtheinformationfrom modification of work from unauthorised parties. As the information is going to be worthy only if it is correct. It is going to be costly if the information is tempered by an unauthorised party. Availability: The main aim of this category is to provide the information in accessible condition to the authorised parties when they are need in the information. Denying of informationβs access becomes a very prominent attack now a day. So for that backup of the data can be done so that the data access can be provided to authorised parties in an easy manner (Chia, 2012). 2
Task 2: Secure system requirement While constructing secure system there is the requirement of several points so that the data can travel from one place to another place in an easy manner. These things are discussed below: ο·There is the requirement of performing the mapping and auditing of the network on a regularmanner.Also,thereistheneedofunderstandingofentirenetworkβs infrastructure.Thisincludestheconfigurationof routers,Ethernetcables,firewall, switches and wireless access. Also while auditing there is the need of finding the security vulnerability so that the increase performance, security and reliability of the network in an easy manner. ο·All the software and the firmware that is associated with the networkβs components have to be updated on regular basis. Also, there is a requirement of changing the default passwords, review of insecure configuration and other security features that are not required inside the network infrastructure. ο·There is a requirement of implementing the physical security that is associated with the networkβs infrastructure. For that, there is a requirement of protecting the network from virus, hackers, bots and local threats. Also, there is the requirement of implementing the plans to stop the outsiders from entering (Geier, 2014). ο·Encryption and authentication of the network have to be done in proper manner. There are several cases in which hackers can easily bypass the MAC address filtering. All these things can be solved by keeping the MAC address list in up to date manner (Warnagiris, 2011). ο·Different type of the traffic can be split by taking the help of VLANs. Also, this thing is going to be beneficial when it is configured for the dynamic assignment. All these things can be implemented by taking the help of MAC address tagging. Alternative to this thing can be done by taking the help of the 802.1X authentication (Geier, 2014). 3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Task 3 a. The binary equivalent of the 12 is going to be 1100 which can be written as (11 00). And row can be seen by first two binary number. Then the column can be represented by the second two group binary number. So 11 is going to be in the 3rdrow and 00 is going to be first column. Therefore, the result is going to be (0111) that is going to be equivalent to the 7 in decimal. b. The binary equivalent of the 7 is going to be 0111 which can be group as (01 11). And row can be seen by first two binary number. Then the column can be represented by the second two group binary number. So 01 is going to be in the 2ndrow and 11 is going to be third column. Therefore, the result is going to be (1011) that is going to be equivalent to the 11 in decimal. c. The binary equivalent of the 2 is going to be 0010 which can be written as (00 10). And row can be seen by first two binary number. Then the column can be represented from the second two group binary number. So 00 is going to be in the 1strow and 10 is going to be third column. Therefore, the result is going to be (1111) that is going to be equivalent to the 15 in decimal. 4
Task 4 Asiis not going to be divided by 4 therefore π€[π] =π€[πβππ]πππ ππ’ππ΅π¦π‘ππ (Rotword (π€[πβ 1]))πππ π πππ[π/ππ] Where, ππis going to be number of 32 bit words which is going to be comprise of Cipher key. In the given case it is given as 4. iis going to be word number which is going to be divisible by 4. SubBytes () is going to be the substitute after every 8 bytes that is going to be equivalent to the 8 bytes inside S-box which is proposed by the paper. Rotword () is going to be a cyclic permutation of 8 bytes. This thing can be understood by taking the help of example [a3 a2 a1 a0]. The Rotword of the example is going to be [a2 a1 a0 a3]. Rcon: This thing is going to be generated according to the round which is as follow: As in this case the round is taken as 1, therefore the Rcon[1] is going to be as follow: Rcon[1]= 01 00 00 00 So according to the question fori=4 and Nk=4 π€[4] =π€[0]πππ ππ’ππ΅π¦π‘ππ (Rotword (π€[3])πππ π πππ[1] x[1] = Rotword (w[3]) = cf 4f 3c 09 y[1] = subWord(x[1]) = 8a 84 eb 01 Rcon [1] = 01 00 00 00 z[1] = y[1] XOR Rcon(1)= 8b 84 eb 01 W[4] = w[0] XOR z[1] = 2b 7e 15 16 XOR 8b 84 eb 01 =a0 fa fe 17 5
In addition to evaluate the keys that are not divisible by 4 following equation can be used which is discussed below: Value ofiwhich is not divisible by 4: π€[π] =π€[πβππ]πππ π€[πβ 1] In this, Nk is going to be 32-bit number which is going to comprises of Cipher Key. In this question this value is taken as 4. iis going to be the wordβs number which is going to be indivisible by 4. So when Nk=4 and i=5,6,7 the solution is going to be: W [5] = W [1] XOR W [4] = a0 fa fe 17 XOR 28 ae d2 a6 =88 54 2c b1 W [6] = W [2] XOR W [5] = ab f7 15 88 XOR 88 54 2c b1 =23 a3 39 39 W [7] = W [3] XOR W [6] = 09 cf 4f 3c XOR 23 a3 39 39 =2a 6c 76 05 6
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Task 5: Using OpenSSL to generate Digital Certificates. By using OpenSSL for generating a digital certificate for the user follow the following steps below: I.Make a certificate request file also called CSR for the user. Create an initial password and set it to xyz. The give it a proper subject opensslreq-passoutpass:xyz-subj"/C=AU/ST=IL/L=SYDNEY/O=USQUniversity/ OU=USQ Student Uconnect/CN=/emailAddress=abcdxyz@umail.usq.edu.au"-new >abcdxyz II.Make a private or personal key without assigning a password to it opensslrsa -passinpass:xyz-in privkey.pem -out abcdxyz III.Make new X.509 certificate for a new user (this is the public certificate), sign it digitally using private or personal key, and then verify it using private key of Certificate Authority. This command line will make the valid certificate for 365 days OpenSSL x509 -req -in abcdxyz.cert.csr -out abcdxyz.cert -signkeyabcdxyz.key -CA xyz.ca.cert -CAkeyxyz.ca.key -CAcreateserial -days 365 IV.This is Optional step:Make a public key with DER-encoded version. This is the file which does not have the private key, it only has a public key. This file can be shared and also it does not want protection via password openssl x509 -in abcdxyz.cert -out abcdxyz.cert.der -outform DER V.Now make a file with PKCS#12-encod. This command is used to create the password for P12 to default (Figueiredo, 2017). openssl pkcs12 -passoutpass:default -export -in abcdxyz.cert -out abcdxyz.cert.p12 - inkeyabcdxyz.key. 7
References ο·Armeda, D 2010.The Mission of Security Awareness, viewed 2 Apr. 2018. <https://blog.sucuri.net/2010/06/the-mission-of-security-awareness.html>. ο·Chia, T 2012.Confidentiality, Integrity, Availability: The three components of the CIA Triad,viewed 2 Apr. 2018, <https://security.blogoverflow.com/2012/08/confidentiality- integrity-availability-the-three-components-of-the-cia-triad/>. ο·Figueiredo, R. 2017.Using OpenSSL to Create Certificates - The Blinking Caret. viewed 2 Apr. 2018, <https://www.blinkingcaret.com/2017/02/01/using-openssl-to-create- certificates/>. ο·Geier, E 2014.8 ways to improve wired network security, viewed 2 Apr. 2018, <https://www.networkworld.com/article/2175048/wireless/8-ways-to-improve-wired- network-security.html>. ο·Rouse, M 2014.What is confidentiality, integrity, and availability (CIA triad),viewed 2 Apr. 2018, <http://whatis.techtarget.com/definition/Confidentiality-integrity-and- availability-CIA>. ο·Warnagiris, G 2011. βBuilding Security Into Closed Network Designβ, viewed 2 Apr. 2018 <https://resources.sei.cmu.edu/asset_files/presentation/2011_017_101_57167.pdf>. 8