CSC8419 - Cryptography and Security: Assignment 1
VerifiedAdded on Β 2024/05/20
|8
|2184
|78
AI Summary
Contribute Materials
Your contribution can guide someoneβs learning journey. Share your
documents today.
CSC8419 - CRYPTOGRAPHY AND
SECURITY
ASSIGNMENT 1
SECURITY
ASSIGNMENT 1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Contents
Task 1- CIA in context of computer security...............................................................................................2
Task 2- 5 general design decisions that have to be made while constructing secure systems......................3
Task 3..........................................................................................................................................................4
Task 4..........................................................................................................................................................4
Task 5- What are and How to do with the security and authentication of Websites?...................................6
Website authentication............................................................................................................................6
Authentication and Authorization are two different things......................................................................6
The process of Web authentication.........................................................................................................6
Web Authentication types........................................................................................................................6
Verification of the Users..........................................................................................................................6
Ways for more secure web authentication...............................................................................................6
References...................................................................................................................................................7
1
Task 1- CIA in context of computer security...............................................................................................2
Task 2- 5 general design decisions that have to be made while constructing secure systems......................3
Task 3..........................................................................................................................................................4
Task 4..........................................................................................................................................................4
Task 5- What are and How to do with the security and authentication of Websites?...................................6
Website authentication............................................................................................................................6
Authentication and Authorization are two different things......................................................................6
The process of Web authentication.........................................................................................................6
Web Authentication types........................................................................................................................6
Verification of the Users..........................................................................................................................6
Ways for more secure web authentication...............................................................................................6
References...................................................................................................................................................7
1
Task 1- CIA in context of computer security
The CIA in context for computer security stands for the three terms, namely confidentiality, integrity, and
availability. These are a triad model which is designed for every organization regarding computer
security. The computer security covers all the aspects of the information system assets such as hardware,
firmware, software, and information. Therefore, the confidentiality, integrity and the availability of all
these should be maintained.
Confidentiality
The confidentiality refers to the set of rules that puts restriction to the accessibility to the information
assets. It is basically hiding the information from the unauthorized people. It is the first step towards
security. It can be as simple as putting a password on the hardware equipment so that only the authorized
personnel can have access to it. use of strong passwords should be encouraged. The categorization of all
the assets according to the vulnerability should be done. The confidentiality can be ensured through
encryption, two-factor authentication of the passwords, biometric authentication, use of security tokens
and soft tokens etcetera. The biometric authentication is nowadays a most popular form of authentication.
The software and the data can be moved to a more secure system such as cloud. The authentication and
authorization can be improved using various techniques. Confidentiality using passwords can be achieved
using two-step authentication, OAuth authentication or even passwordless authentication.
Integrity
Integrity refers to addressing the concerns regarding the accuracy of the information. The consistency of
the information that is stored and communicated should be maintained. During the entire lifecycle of the
data, there should be no loss. The software data should not be altered during the whole cycle. Therefore,
to maintain integrity, the techniques such as cryptographic checksums on the data should be included. In
case of loss of data, there should be backups of the original data for maintaining the integrity. In case of
intervention which threatens security, the techniques should be developed to detect them. Such techniques
can involve electromagnetic radiations which increase the chances of knowing whether the data has been
intervened or not.
Availability
Availability is the third base towards the security. The availability can be assured by maintaining the
hardware. The hardware asset should undergo repairs timely. Also, the software should undergo upgrades
timely. The security risks regarding the hardware issues can be mitigated using techniques such as
redundancy, RAID, and failover. Also, the backups of the data should be stored in isolated place. The
extra security can be ensured using firewalls and proxy servers. The availability of not just data but also
the hardware and the software is very important as the hardware components are the one which stores the
data physically and the software is used to manage the data. The availability ensures that the data is
secure because in case sensitive data is erased, the security of the system can be compromised (Breithaupt
and Merkow 2018).
2
The CIA in context for computer security stands for the three terms, namely confidentiality, integrity, and
availability. These are a triad model which is designed for every organization regarding computer
security. The computer security covers all the aspects of the information system assets such as hardware,
firmware, software, and information. Therefore, the confidentiality, integrity and the availability of all
these should be maintained.
Confidentiality
The confidentiality refers to the set of rules that puts restriction to the accessibility to the information
assets. It is basically hiding the information from the unauthorized people. It is the first step towards
security. It can be as simple as putting a password on the hardware equipment so that only the authorized
personnel can have access to it. use of strong passwords should be encouraged. The categorization of all
the assets according to the vulnerability should be done. The confidentiality can be ensured through
encryption, two-factor authentication of the passwords, biometric authentication, use of security tokens
and soft tokens etcetera. The biometric authentication is nowadays a most popular form of authentication.
The software and the data can be moved to a more secure system such as cloud. The authentication and
authorization can be improved using various techniques. Confidentiality using passwords can be achieved
using two-step authentication, OAuth authentication or even passwordless authentication.
Integrity
Integrity refers to addressing the concerns regarding the accuracy of the information. The consistency of
the information that is stored and communicated should be maintained. During the entire lifecycle of the
data, there should be no loss. The software data should not be altered during the whole cycle. Therefore,
to maintain integrity, the techniques such as cryptographic checksums on the data should be included. In
case of loss of data, there should be backups of the original data for maintaining the integrity. In case of
intervention which threatens security, the techniques should be developed to detect them. Such techniques
can involve electromagnetic radiations which increase the chances of knowing whether the data has been
intervened or not.
Availability
Availability is the third base towards the security. The availability can be assured by maintaining the
hardware. The hardware asset should undergo repairs timely. Also, the software should undergo upgrades
timely. The security risks regarding the hardware issues can be mitigated using techniques such as
redundancy, RAID, and failover. Also, the backups of the data should be stored in isolated place. The
extra security can be ensured using firewalls and proxy servers. The availability of not just data but also
the hardware and the software is very important as the hardware components are the one which stores the
data physically and the software is used to manage the data. The availability ensures that the data is
secure because in case sensitive data is erased, the security of the system can be compromised (Breithaupt
and Merkow 2018).
2
Task 2- 5 general design decisions that have to be made while
constructing secure systems
The design of the system is the most important thing in the process of security. This is the first step where
we can apply the techniques as a first step towards maintaining the security of the system. The five
general design designs that are to be pondered upon while the construction of the security systems is:
ο· What are the things that you would need to control in your current system; will they be the users,
data or the operations? User management, data management,and asset management are the
different areas where the system is vulnerable as per the security issues. In the management of the
users, certain user privileges have to be granted according to the accounts. The data in the system
can be stored from different sources. All the sources may not be reliable and can pose threat to
the system. The operations performed should ensure data integrity to curb the security issues.
ο· What is the working of the system on the man-machine scale? There is a man-machine scale
where on the left end, it is man oriented and the tasks are specific and complex and to the right of
the scale, more generic mechanisms are present which are machine oriented. So, we have to
choose what orientation we want for the system.
ο· According to the scale, we have to make a decision that whether we want our system to be simple
and specific or complex but feature-rich environment. It is often observed that the simple
environment pushes for higher assurance but when you opt for the feature-rich environment, you
cannot get a higher assurance level. The decision has to make because if you choose for the
feature-rich environment, the security experts must be hired for that because feature-rich
environments can mean more functionalities which could, in turn, open ways for the attackers to
intrude into the system and cause harm.
ο· We have to choose between the centralized and decentralized control. For a security central
policy, the same control has to be enforced. But to increase the efficiency, if we are taking
different components, we have to ensure that the enforcement and definition of the policies are
carried out well and the security is maintained.
ο· The last decision is based on the use of a lower layer to prevent the attackers from disrupting the
protection of the system. Thus the system parts which do not pose any threat to security after
malfunctioning lies outside the perimeter. Thus the categorization of the components need to be
done and the security measures of the system have to be decided. Also, the layer has to construct
with utmost security to add to the security of the system(Chatterjee, Gupta and De, 2013).
3
constructing secure systems
The design of the system is the most important thing in the process of security. This is the first step where
we can apply the techniques as a first step towards maintaining the security of the system. The five
general design designs that are to be pondered upon while the construction of the security systems is:
ο· What are the things that you would need to control in your current system; will they be the users,
data or the operations? User management, data management,and asset management are the
different areas where the system is vulnerable as per the security issues. In the management of the
users, certain user privileges have to be granted according to the accounts. The data in the system
can be stored from different sources. All the sources may not be reliable and can pose threat to
the system. The operations performed should ensure data integrity to curb the security issues.
ο· What is the working of the system on the man-machine scale? There is a man-machine scale
where on the left end, it is man oriented and the tasks are specific and complex and to the right of
the scale, more generic mechanisms are present which are machine oriented. So, we have to
choose what orientation we want for the system.
ο· According to the scale, we have to make a decision that whether we want our system to be simple
and specific or complex but feature-rich environment. It is often observed that the simple
environment pushes for higher assurance but when you opt for the feature-rich environment, you
cannot get a higher assurance level. The decision has to make because if you choose for the
feature-rich environment, the security experts must be hired for that because feature-rich
environments can mean more functionalities which could, in turn, open ways for the attackers to
intrude into the system and cause harm.
ο· We have to choose between the centralized and decentralized control. For a security central
policy, the same control has to be enforced. But to increase the efficiency, if we are taking
different components, we have to ensure that the enforcement and definition of the policies are
carried out well and the security is maintained.
ο· The last decision is based on the use of a lower layer to prevent the attackers from disrupting the
protection of the system. Thus the system parts which do not pose any threat to security after
malfunctioning lies outside the perimeter. Thus the categorization of the components need to be
done and the security measures of the system have to be decided. Also, the layer has to construct
with utmost security to add to the security of the system(Chatterjee, Gupta and De, 2013).
3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Task 3
a. Binary of 12ο (11 00).
The binary form can be paired in two sets, first, two numbers represent rows and the last two numbers
contain columns.
So, 11 is the 3rd row and 00 is the 1st column.
Thus the result is 0111 which in decimal is equivalent to 7.
b. Binary of 7ο (01 11).
So, 01 is the 2nd row and 11 is the 3rdcolumn.
Thus the result is 1011 which in decimal is equivalent to 11.
c. Binary of 2ο (0010):
00 is the 1st row and 10 is the 3rdcolumn. Thus the result is 1111which in decimal is equivalent to 15.
Task 4
The cipher key produces the result w[0] =2b7e1516, w[1] =28aed2a6, w [2] =abf71588 and
w [3] =09cf4f3c. for the evaluation of w [4], the following algorithm is used:
π€[π] = π€[π β ππ] πππ ππ’ππ΅π¦π‘ππ (Rotword (π€[π β 1])) πππ π πππ[π/ππ] (Forπ is not
divisible by 4)
Nk= Number which contains the 32-bit words which comprise the Cipher Key. In this case, it is 4.
π= Number of wthe ord and divisible by 4.
Rotword () = Cyclic permutation by 8 bytes.
For example, if the word is (a3 a2 a1 a0), after applying Rotword, the result will be (a2 a1 a0 a3)
according to the algorithm.
SubBytes () = It is the substitution of every 8 bytes by the equivalent 8 bytes proposed in the S-BOX
mentioned in the paper.
The formula for Rcon is [i/Nk].
For evaluation of w [4], the value of w [3], i.e., 09cf4f3c is stored in temp. After applying RotWord (), the
result is cf 4f 3c 09.
The SubWord () will be the substitution from the S-Box which will be 8a 84 eb 01.
For case 1,
Rcon [1] = (RC [i], β00β, β00β, β00β) which will be equal to (01 00 00 00).
XOR of SubWord () with Rcon, the result will be 8b 84 eb 01.
w [i-Nk] = 2b 7e 15 16
4
a. Binary of 12ο (11 00).
The binary form can be paired in two sets, first, two numbers represent rows and the last two numbers
contain columns.
So, 11 is the 3rd row and 00 is the 1st column.
Thus the result is 0111 which in decimal is equivalent to 7.
b. Binary of 7ο (01 11).
So, 01 is the 2nd row and 11 is the 3rdcolumn.
Thus the result is 1011 which in decimal is equivalent to 11.
c. Binary of 2ο (0010):
00 is the 1st row and 10 is the 3rdcolumn. Thus the result is 1111which in decimal is equivalent to 15.
Task 4
The cipher key produces the result w[0] =2b7e1516, w[1] =28aed2a6, w [2] =abf71588 and
w [3] =09cf4f3c. for the evaluation of w [4], the following algorithm is used:
π€[π] = π€[π β ππ] πππ ππ’ππ΅π¦π‘ππ (Rotword (π€[π β 1])) πππ π πππ[π/ππ] (Forπ is not
divisible by 4)
Nk= Number which contains the 32-bit words which comprise the Cipher Key. In this case, it is 4.
π= Number of wthe ord and divisible by 4.
Rotword () = Cyclic permutation by 8 bytes.
For example, if the word is (a3 a2 a1 a0), after applying Rotword, the result will be (a2 a1 a0 a3)
according to the algorithm.
SubBytes () = It is the substitution of every 8 bytes by the equivalent 8 bytes proposed in the S-BOX
mentioned in the paper.
The formula for Rcon is [i/Nk].
For evaluation of w [4], the value of w [3], i.e., 09cf4f3c is stored in temp. After applying RotWord (), the
result is cf 4f 3c 09.
The SubWord () will be the substitution from the S-Box which will be 8a 84 eb 01.
For case 1,
Rcon [1] = (RC [i], β00β, β00β, β00β) which will be equal to (01 00 00 00).
XOR of SubWord () with Rcon, the result will be 8b 84 eb 01.
w [i-Nk] = 2b 7e 15 16
4
w [i]= temp XOR w [i-Nk] that is 09cf4f3c XOR 2b 7e 15 16 which is equal to a0 fa fe 17.
i temp Rotword () SubWord () Rcon (i/Nk) SubWord ()
XOR Rcon
w [i-Nk] Temp XOR
w [i-Nk]
4 09cf4f3c cf 4f 3c 09 8a 84 eb 01 01 00 00 00 8b 84 eb 01 2b 7e 15 16 a0 fa fe 17
5 a0 fafe 17 28 ae d2 a6 88 54 2c b1
6 88 54 2c b1 ab f7 15 88 23 a3 39 39
7 23 a3 39 39 09 cf 4f 3c 2a 6c 76 05
5
i temp Rotword () SubWord () Rcon (i/Nk) SubWord ()
XOR Rcon
w [i-Nk] Temp XOR
w [i-Nk]
4 09cf4f3c cf 4f 3c 09 8a 84 eb 01 01 00 00 00 8b 84 eb 01 2b 7e 15 16 a0 fa fe 17
5 a0 fafe 17 28 ae d2 a6 88 54 2c b1
6 88 54 2c b1 ab f7 15 88 23 a3 39 39
7 23 a3 39 39 09 cf 4f 3c 2a 6c 76 05
5
Task 5- What are and How to do with the security and
authentication of Websites?
Website authentication
The authentication of the website is the process of identification of the user or a machine on the
websitethe same they claim themselves to be. An example of the authentication can be when the user
enters the password for authorization to the website.
Website Authentication is very important. There are two main reasons for this. Firstly, much sensitive
information is stored on the network. From account and credit card details to personal details, everything
is stored. Secondly, the unauthorized users are restricted access to the websites by the authentication
techniques. Otherwise, anyone would have fetched personal information which would have resulted in a
chaos.
Authentication and Authorization are two different things
Authentication is based on who you are. It is the verification of the user and the machine.
Authorization is a set of permissions which are granted after the authentication which will allow the user
to take the authorized actions or view the authorized content. It is basically granting user permissions and
user right checking.
The process of Web authentication
1) The credentials are entered by the end user.
2) The credentials are then sent for authentication to the server.
3) Authentication algorithms work and match finding is done.
4) The user is authenticated and the access is granted.
Web Authentication types
1) Login Authentication on website
2) The single sign-on authentication
3) IPsec authentication
Verification of the Users
1) Authentication based on the password
2) Authentication based on the email
3) Two-factor authentication
4) Biometric
Ways for more secure web authentication
The ways such as using an HTTPs domain, creating secret questions, creating screen passwords,
alternatives to go password-less and preventing trail login attempts can lead to a secure web
authentication.
Additional resources can be the use of OAuth and Passwordless login system(@Pay | Mobile Giving
Technology, 2018).
6
authentication of Websites?
Website authentication
The authentication of the website is the process of identification of the user or a machine on the
websitethe same they claim themselves to be. An example of the authentication can be when the user
enters the password for authorization to the website.
Website Authentication is very important. There are two main reasons for this. Firstly, much sensitive
information is stored on the network. From account and credit card details to personal details, everything
is stored. Secondly, the unauthorized users are restricted access to the websites by the authentication
techniques. Otherwise, anyone would have fetched personal information which would have resulted in a
chaos.
Authentication and Authorization are two different things
Authentication is based on who you are. It is the verification of the user and the machine.
Authorization is a set of permissions which are granted after the authentication which will allow the user
to take the authorized actions or view the authorized content. It is basically granting user permissions and
user right checking.
The process of Web authentication
1) The credentials are entered by the end user.
2) The credentials are then sent for authentication to the server.
3) Authentication algorithms work and match finding is done.
4) The user is authenticated and the access is granted.
Web Authentication types
1) Login Authentication on website
2) The single sign-on authentication
3) IPsec authentication
Verification of the Users
1) Authentication based on the password
2) Authentication based on the email
3) Two-factor authentication
4) Biometric
Ways for more secure web authentication
The ways such as using an HTTPs domain, creating secret questions, creating screen passwords,
alternatives to go password-less and preventing trail login attempts can lead to a secure web
authentication.
Additional resources can be the use of OAuth and Passwordless login system(@Pay | Mobile Giving
Technology, 2018).
6
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
References
ο· Breithaupt, J and Merkow, M 2018, Principle 2: The Three Security Goals Are Confidentiality,
Integrity, and Availability | Information Security Principles of Success | Pearson IT
Certification,viewed 29 March2018, <http://www.pearsonitcertification.com/articles/article.aspx?
p=2218577&seqNum=3>
ο· Chatterjee, K, Gupta, D and De, A 2013, βA framework for development of secure
softwareβ, CSI Transactions on ICT, 1(2), pp.143-157, https://doi.org/10.1007/s40012-013-
0010-8
ο· Mobile Giving Technology 2018, Website Authentication Guide: Understanding the
Fundamentals,viewed 29 March2018, <https://www.atpay.com/website-authentication/>
7
ο· Breithaupt, J and Merkow, M 2018, Principle 2: The Three Security Goals Are Confidentiality,
Integrity, and Availability | Information Security Principles of Success | Pearson IT
Certification,viewed 29 March2018, <http://www.pearsonitcertification.com/articles/article.aspx?
p=2218577&seqNum=3>
ο· Chatterjee, K, Gupta, D and De, A 2013, βA framework for development of secure
softwareβ, CSI Transactions on ICT, 1(2), pp.143-157, https://doi.org/10.1007/s40012-013-
0010-8
ο· Mobile Giving Technology 2018, Website Authentication Guide: Understanding the
Fundamentals,viewed 29 March2018, <https://www.atpay.com/website-authentication/>
7
1 out of 8
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
Β +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Β© 2024 Β | Β Zucol Services PVT LTD Β | Β All rights reserved.