USQ - CSC8419 Cryptography and Security Assignment 1 Solution

Verified

Added on Β 2024/05/20

|9
|1896
|177
Homework Assignment
AI Summary
This document presents a detailed solution to the CSC8419 Cryptography and Security assignment, covering essential aspects of the subject. The assignment delves into the CIA triad (Confidentiality, Integrity, Availability), secure system requirements, binary conversions, and key generation using AES. It also provides a step-by-step guide to generating digital certificates using OpenSSL, including creating certificate requests, private keys, and X.509 certificates. The solution includes relevant equations and examples to illustrate the concepts. The document concludes with a list of references used in the assignment.
Document Page
CSC8419
Assignment 1
Cryptography and Security
Student Name:
Student Number:
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Contents
Task 1: CIA................................................................................................................................2
Task 2: Secure system requirement............................................................................................3
Task 3.........................................................................................................................................4
Task 4.........................................................................................................................................5
Task 5: Using OpenSSL to generate Digital Certificates...........................................................7
References..................................................................................................................................8
List of Figures
Figure 1: CIA.............................................................................................................................2
1
Document Page
Task 1: CIA
CIA triad is also termed as Confidentiality, Integrity and Availability. Through this model,
the policies regarding the security of the organisation can be designed in an easy manner.
Sometimes this model is also termed as AIC triad so that the confusion with the Central
Intelligence Agency can be avoided (Rouse, 2014).
Figure 1: CIA
Source: (Armeda, 2010)
Confidentiality: Confidentiality of information means there is a need for protection of the
information from the unauthorised members and parties. All these things can be done by
taking the help of encryption.
Integrity: Under this category, there is the need of protecting the information from
modification of work from unauthorised parties. As the information is going to be worthy
only if it is correct. It is going to be costly if the information is tempered by an unauthorised
party.
Availability: The main aim of this category is to provide the information in accessible
condition to the authorised parties when they are need in the information. Denying of
information’s access becomes a very prominent attack now a day. So for that backup of the
data can be done so that the data access can be provided to authorised parties in an easy
manner (Chia, 2012).
2
Document Page
Task 2: Secure system requirement
While constructing secure system there is the requirement of several points so that the data
can travel from one place to another place in an easy manner. These things are discussed
below:
ο‚· There is the requirement of performing the mapping and auditing of the network on a
regular manner. Also, there is the need of understanding of entire network’s
infrastructure. This includes the configuration of routers, Ethernet cables, firewall,
switches and wireless access. Also while auditing there is the need of finding the security
vulnerability so that the increase performance, security and reliability of the network in an
easy manner.
ο‚· All the software and the firmware that is associated with the network’s components have
to be updated on regular basis. Also, there is a requirement of changing the default
passwords, review of insecure configuration and other security features that are not
required inside the network infrastructure.
ο‚· There is a requirement of implementing the physical security that is associated with the
network’s infrastructure. For that, there is a requirement of protecting the network from
virus, hackers, bots and local threats. Also, there is the requirement of implementing the
plans to stop the outsiders from entering (Geier, 2014).
ο‚· Encryption and authentication of the network have to be done in proper manner. There
are several cases in which hackers can easily bypass the MAC address filtering. All these
things can be solved by keeping the MAC address list in up to date manner (Warnagiris,
2011).
ο‚· Different type of the traffic can be split by taking the help of VLANs. Also, this thing is
going to be beneficial when it is configured for the dynamic assignment. All these things
can be implemented by taking the help of MAC address tagging. Alternative to this thing
can be done by taking the help of the 802.1X authentication (Geier, 2014).
3
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Task 3
a. The binary equivalent of the 12 is going to be 1100 which can be written as (11 00).
And row can be seen by first two binary number. Then the column can be represented by the
second two group binary number.
So 11 is going to be in the 3rd row and 00 is going to be first column. Therefore, the result is
going to be (0111) that is going to be equivalent to the 7 in decimal.
b. The binary equivalent of the 7 is going to be 0111 which can be group as (01 11).
And row can be seen by first two binary number. Then the column can be represented by the
second two group binary number.
So 01 is going to be in the 2nd row and 11 is going to be third column. Therefore, the result is
going to be (1011) that is going to be equivalent to the 11 in decimal.
c. The binary equivalent of the 2 is going to be 0010 which can be written as (00 10).
And row can be seen by first two binary number. Then the column can be represented from
the second two group binary number.
So 00 is going to be in the 1st row and 10 is going to be third column. Therefore, the result is
going to be (1111) that is going to be equivalent to the 15 in decimal.
4
Document Page
Task 4
As i is not going to be divided by 4 therefore
𝑀[𝑖] = 𝑀[𝑖 βˆ’ π‘π‘˜] 𝑋𝑂𝑅 𝑆𝑒𝑏𝐡𝑦𝑑𝑒𝑠(Rotword (𝑀[𝑖 βˆ’ 1])) 𝑋𝑂𝑅 π‘…π‘π‘œπ‘›[𝑖/π‘π‘˜]
Where,
π‘π‘˜ is going to be number of 32 bit words which is going to be comprise of Cipher key. In
the given case it is given as 4.
i is going to be word number which is going to be divisible by 4.
SubBytes () is going to be the substitute after every 8 bytes that is going to be equivalent to
the 8 bytes inside S-box which is proposed by the paper.
Rotword () is going to be a cyclic permutation of 8 bytes. This thing can be understood by
taking the help of example [a3 a2 a1 a0]. The Rotword of the example is going to be [a2 a1
a0 a3].
Rcon: This thing is going to be generated according to the round which is as follow:
As in this case the round is taken as 1, therefore the Rcon[1] is going to be as follow:
Rcon[1]= 01 00 00 00
So according to the question for i =4 and Nk=4
𝑀[4] = 𝑀[0] 𝑋𝑂𝑅 𝑆𝑒𝑏𝐡𝑦𝑑𝑒𝑠(Rotword (𝑀[3]) 𝑋𝑂𝑅 π‘…π‘π‘œπ‘›[1]
x[1] = Rotword (w[3]) = cf 4f 3c 09
y[1] = subWord(x[1]) = 8a 84 eb 01
Rcon [1] = 01 00 00 00
z[1] = y[1] XOR Rcon(1)= 8b 84 eb 01
W[4] = w[0] XOR z[1] = 2b 7e 15 16 XOR 8b 84 eb 01 = a0 fa fe 17
5
Document Page
In addition to evaluate the keys that are not divisible by 4 following equation can be used
which is discussed below:
Value of i which is not divisible by 4:
𝑀[𝑖] = 𝑀[𝑖 βˆ’ π‘π‘˜] 𝑋𝑂𝑅 𝑀[𝑖 βˆ’ 1]
In this,
Nk is going to be 32-bit number which is going to comprises of Cipher Key. In this question
this value is taken as 4.
i is going to be the word’s number which is going to be indivisible by 4.
So when Nk=4 and i=5,6,7 the solution is going to be:
W [5] = W [1] XOR W [4] = a0 fa fe 17 XOR 28 ae d2 a6 = 88 54 2c b1
W [6] = W [2] XOR W [5] = ab f7 15 88 XOR 88 54 2c b1 = 23 a3 39 39
W [7] = W [3] XOR W [6] = 09 cf 4f 3c XOR 23 a3 39 39 = 2a 6c 76 05
6
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Task 5: Using OpenSSL to generate Digital Certificates.
By using OpenSSL for generating a digital certificate for the user follow the following steps
below:
I. Make a certificate request file also called CSR for the user. Create an initial password
and set it to xyz. The give it a proper subject
opensslreq-passoutpass:xyz -subj "/C=AU/ST=IL/L=SYDNEY/O=USQUniversity/
OU=USQ Student Uconnect/CN=/emailAddress=abcdxyz@umail.usq.edu.au" -new
>abcdxyz
II. Make a private or personal key without assigning a password to it
opensslrsa -passinpass:xyz -in privkey.pem -out abcdxyz
III. Make new X.509 certificate for a new user (this is the public certificate), sign it
digitally using private or personal key, and then verify it using private key of
Certificate Authority. This command line will make the valid certificate for 365 days
OpenSSL x509 -req -in abcdxyz.cert.csr -out abcdxyz.cert -signkeyabcdxyz.key -CA
xyz.ca.cert -CAkeyxyz.ca.key -CAcreateserial -days 365
IV. This is Optional step: Make a public key with DER-encoded version. This is the file
which does not have the private key, it only has a public key. This file can be shared
and also it does not want protection via password
openssl x509 -in abcdxyz.cert -out abcdxyz.cert.der -outform DER
V. Now make a file with PKCS#12-encod. This command is used to create the password
for P12 to default (Figueiredo, 2017).
openssl pkcs12 -passoutpass:default -export -in abcdxyz.cert -out abcdxyz.cert.p12 -
inkeyabcdxyz.key.
7
Document Page
References
ο‚· Armeda, D 2010. The Mission of Security Awareness, viewed 2 Apr. 2018.
<https://blog.sucuri.net/2010/06/the-mission-of-security-awareness.html>.
ο‚· Chia, T 2012. Confidentiality, Integrity, Availability: The three components of the CIA
Triad, viewed 2 Apr. 2018, <https://security.blogoverflow.com/2012/08/confidentiality-
integrity-availability-the-three-components-of-the-cia-triad/>.
ο‚· Figueiredo, R. 2017. Using OpenSSL to Create Certificates - The Blinking Caret. viewed
2 Apr. 2018, <https://www.blinkingcaret.com/2017/02/01/using-openssl-to-create-
certificates/>.
ο‚· Geier, E 2014. 8 ways to improve wired network security, viewed 2 Apr. 2018,
<https://www.networkworld.com/article/2175048/wireless/8-ways-to-improve-wired-
network-security.html>.
ο‚· Rouse, M 2014. What is confidentiality, integrity, and availability (CIA triad), viewed 2
Apr. 2018, <http://whatis.techtarget.com/definition/Confidentiality-integrity-and-
availability-CIA>.
ο‚· Warnagiris, G 2011. β€˜Building Security Into Closed Network Design’, viewed 2 Apr.
2018 <https://resources.sei.cmu.edu/asset_files/presentation/2011_017_101_57167.pdf>.
8
chevron_up_icon
1 out of 9
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]