Understanding the key concepts of data confidentiality, integrity and availability and select means by which these properties may be achieved in computer systems
|
Module Leader: |
Level: 4 |
||
|
Module Title: Introduction to Cyber Security, Maths and Cryptography |
Module Code: 55-408808-AF-202425 |
||
|
Assessment:
|
|||
|
001 Coursework |
|||
|
Individual Assessment |
Weighting: 50% |
Magnitude: Equivalent of 2500 words |
|
|
Submission Date: 29th April 2025 Submission Time: 15:00 |
Blackboard Submission: Yes (Both Sections) Turnitin Submission: Yes (Section A) |
Format: 2Word Documents |
|
|
Feedback Return: 21st May 2025 (TBC) |
Blackboard Feedback: Yes |
In-module retrieval available: No |
|
|
Learning Outcomes: The following module Learning Outcomes will be assessed through this coursework. Marking criteria to assess these are at the end of each section.
|
|||
Coursework: Overview
This coursework is comprised of two sections. Section A covers the learning outcomes related to Cyber Security, while Section B addresses learning outcomes related to Mathematics and Cryptography. You are required to complete both sections, which are equally weighted and have separate marking criteria.
What are you required to submit?
Section A: A single Microsoft Word document saved with the filename
“[First Name][Last Name][Student ID] Cyber.docx”.
E.g., “Andy Briggs 91919191 Cyber.docx”. This section should also be submitted separately to Turnitin.
Section B: A single Microsoft Word document saved with the filename
“[First Name][Last Name][Student ID] MC.docx”.
E.g., “Alex Corner 31415926 MC.docx”. The document for Section B should not exceed 6 pages. This does not need to be submitted to Turnitin.
Both of your documents should be uploaded to the submission point at the same time.
When and where do I submit?
When: 3pm Tuesday 29th April 2024
Where: The submission point on Blackboard under the Assessment link, labelled
001 Submitted (Word Count) – Submission Point.
How are grades determined?
You will be awarded a grade for each section of the coursework, and these will be averaged to produce an overall grade which will determine a Category and %. E.g., “Mid 2.2, 55”, as shown in the table for Section A: Marking Criteria. The % mark will be the assessment mark which is displayed on your Student Record.
Coursework Hints
- Read through this document carefully. There are two sections, each with its own assessment and marking criteria.
- Ask for help in IT sessions when needed and make use of drop-ins for the module.
Artificial Intelligence and Academic Integrity – AI & AI:
It is important you do not use AI tools to generate an assignment and submit it as if it were your own work. Our regulations state:
Contract cheating/concerns over authorship: This form of misconduct involves another person (or artificial intelligence) creating the assignment which you then submit as your own. Examples of this sort of misconduct include: buying an assignment from an `essay mill`/professional writer; submitting an assignment which you have downloaded from a file-sharing site; acquiring an essay from another student or family member and submitting it as your own; attempting to pass off work created by artificial intelligence as your own. These activities show a clear intention to deceive the marker and are treated as misconduct.
Further guidance on AI use is available on the SHU website.
Section A: Cyber Security
Section A Introduction
The 21st century has seen an unparalleled adoption of technology involving internetworked computers (the Internet). Computers are used in most aspects of our everyday life whether we are students, employees, employers, or private individuals. Security and privacy are very important as we not only have to protect our physical assets but also our data assets.
We are more reliant than ever on technology to control our home environments, music, memories, personal communications, and financial information. Remote working (especially now) is a must, requiring that we have secure communications with our schools, universities, and workplaces. Computer and network security work must address every level of a network or system (including physical, user-based, service-based, host-based, and network-based) to secure data, protect privacy and prevent criminal acts.
No single security component or method by itself can be expected to ensure complete protection for a network - or even an individual host computer. Instead, you need to assemble a group of methods that work in a coordinated fashion to provide protection against a variety of threats.
What are you required to submit?
Section A: A single Microsoft Word (.docx) document saved with the format:
“[Your first name][Your last name][Student ID] Cyber.docx”.
The Square brackets and file extension are not part of the filename. The filename should look like this:
Andy Briggs 91919191 Cyber.docx
You must submit your file in docx (Microsoft Word) format.
Do not submit your work in PDF format. Your Section A docx file must be submitted to TurnItIn as well.
Section A Assignment Brief
You are asked to examine and re-engineer a small business/home office style network (Figure 1) to improve its security, while protecting the key concepts underlying computer and network security: confidentiality, integrity, and availability.
Figure 1
Figure 1 shows a small network comprising:
- Two desktop PCs (PC1 and PC2), a Laptop, and a Wireless Router: Netgear N300 Wireless DGN2200V4.
- PC1 is directly cabled to the Router using a CAT6 ethernet cable, while PC2 and the laptop are connected by wireless to the router.
- All the computers contain data (stored on the hard drives) as: lecture notes, lab work, as well as private and personal documents such as family photos etc.
- Two mobile phones (a Samsung J3 and an Apple iPhone 7) also connect to the internet using wireless technology
- A scanner and a printer are connected to PC1 and are shared by all users on the network.
- The premises are kept secure with an IP Camera system, consisting of a GAMUT 4-channel NVR (Network Video Recorder), connected wirelessly to four wireless IP cameras.
Using the network described here (and shown in Figure 1) as a basis, you are asked to:
- Identify/enumerate the various threats and risks in the devices and network shown in the diagram. To do this you will consider the security/threat landscape (these are collective terms that refer to the devices and security involved, and the threats that they are commonly subjected to).
- Recommend techniques to prevent or mitigate attacks on the network, or on the devices within the network. Identify the technology/configuration you wish to use, the device/s that it is intended to protect, and explain why you feel that this choice of technology/configuration is beneficial to this application. If you choose to replace a device with a different one, explain why, and explain the benefits you expect to see.
Section A Hints
- If no explicit information about the security configuration of a device is provided, assume that no security configuration has taken place on that device, and that any security features/settings on the device are not enabled.
- Search the internet for missing information, consult existing literature on the various aspects of the problem. You are not being asked to protect against every conceivable attack in the world, only to provide recommendations on how to secure the network to a good standard, using readily-available technologies.
- Do not always look for the least expensive way forward, if it will compromise security. While you should not attempt to build an entirely new network from scratch, you are free to replace/upgrade/add devices and/or software if you feel that doing so will improve security. Explain why you have done so, in each case.
- Remember to reference your sources using the APA7 standard.
Device Specifications (for reference):
|
Device |
Description/Technical Specs |
|
PC1 |
|
|
PC2 |
|
|
Laptop |
|
|
Netgear N300 ADSL2 DGN2200V4 Router |
|
|
Wireless CCTV (Gamut IP Network Video Recorder) |
To make additional security recommendations addressing this hardware, you may wish to conduct additional research into common security risks of IP CCTV systems and the means to mitigate these risks. |
|
Phone Handset 1 |
Samsung Galaxy J3 |
|
Phone Handset 2 |
Apple iPhone 7 |
|
Printer |
Brother HL-L3240CDW Colour Wired/Wireless LED Printer |
|
Scanner |
Brother ADS-4700W Wired/Wireless Scanner |
|
Wireless Access Point |
TP-Link AC1350 Wireless Gigabit Access Point |
Section A: Marking Criteria
|
Category |
Mark Range |
% |
Identify/enumerate the various threats and risks in the devices and network. (25% of Overall Assessment Grade) |
Recommend techniques to prevent or mitigate attacks on the devices within the network.(25% of Overall Assessment Grade) |
|
Exceptional 1st |
93-100 |
96 |
The security and threat landscape are well discussed with real life incidents stated. The need for the technologies is clearly identified and an insightful understanding of the technologies is shown, and is fully supported by reference to the wider literature. The material is professionally presented, with references. |
Proposed an exceptional real solution and/or provided novel (new) recommendations to protect a wide part of the network, with detailed investigation of the techniques and/or application, with evidence discussed and referenced. |
|
High 1st |
85-92 |
89 |
||
|
Mid 1st |
78-84 |
81 |
||
|
Low 1st |
70-77 |
74 |
||
|
High 2.1 |
67-69 |
68 |
The security and threat landscape are well discussed with real life incidents stated. The need for the technologies is clearly identified and an understanding of the technologies is shown. The material is professionally presented, with references. |
Proposed an insightful solution to protect a wide part of the network, with detailed investigation of the techniques and/or application, with evidence discussed and referenced. |
|
Mid 2.1 |
64-66 |
65 |
||
|
Low 2.1 |
60-63 |
62 |
||
|
High 2.2 |
57-59 |
58 |
The security and threat landscape are well discussed with real life incidents stated and an understanding of the technologies shown. |
Proposed a solution with proper investigation of the techniques and/or application, with evidence discussed. |
|
Mid 2.2 |
54-56 |
55 |
||
|
Low 2.2 |
50-53 |
52 |
||
|
High 3rd |
47-49 |
48 |
The security and threat landscape are discussed with some understanding of the technologies shown. |
Proposed a solution with some investigation of the techniques and/or application |
|
Mid 3rd |
44-46 |
45 |
||
|
Low 3rd |
40-43 |
40 |
Regardless of writing quality, the work did not base enumeration and identification of risks present on the network described above. |
Regardless of writing quality, the work did not base discussion and implementation of the fixes on the network described above. |
|
Borderline Fail |
30-39 |
35 |
The security and threat landscape are not well discussed |
Proposed an unsuitable solution without any discussion (or with incorrect discussion) on how the technique is used, |
|
Mid Fail |
20-29 |
25 |
||
|
Low Fail |
6-19 |
10 |
Section B: Cryptography
Section B Introduction
Cryptology underpins many protocols in cyber security and, by having an awareness of the fundamental classical and modern techniques in Cryptography and Cryptanalysis, we allow ourselves a broader understanding of how weaknesses can be avoided. The mathematics inherent in these cryptological techniques further enables us to be systematic, clear, and precise about our understanding and presentation of data, numbers, and figures.
What are you required to submit?
Section B: A single Microsoft Word document saved with the filename
“[First Name][Last Name][Student ID] MC.docx”.
E.g., “Alex Corner 31415926 MC.docx”. The document for Section B should not exceed 6 pages. This does not need to be submitted to Turnitin.
Questions:
Question 1: In each of the following parts you will be provided with a ciphertext, along with an indication of what type of cipher was used to encrypt it. Use your knowledge of cryptography and cryptanalysis techniques in order to decrypt the given ciphertext and provide the original plaintext. Provide explanations throughout – see the guidance at the end of this section.
a) The following ciphertext was encrypted using a simple transposition cipher. Decrypt it.
CRUYHTAROPYESCRTMTEAISNCYTGAHBEIAMCDPRY
b) The following ciphertext was encrypted using a substitution cipher. The key phrase to generate the key alphabet is based on a famous cryptographer’s name.
i) Decrypt the ciphertext below and provide the key alphabet.
ii) Identify the source of the plaintext.
iii) Identify the link between the key alphabet and the source of the plaintext.
FKNSH PNENBRS ZNEURBCYH ZIZBHTZ KRDH AHHU WYVWVZHP BKRB YHSI VUSI VU LVUDHUBNVURS HULYIWBNVU MCULBNVUZ VY VU VUH-FRI MCULBNVUZ UVUH KRZ XCNBH ZCLLHHPHP NU WYVDNPNUE BKH LVUDHUNHULH VM ZIZBHTZ ARZHP VU TVYH LVTWSHG TRBKHTRBNLRS WYVASHTZ ZCLK RZ MRLBVYNUE R ZNEUNMNLRUB YHRZVU MVY NUBHYHZB NU ZIZBHTZ FKVZH ZHLCYNBI NZ ARZHP VUSI VU VUH-FRI MCULBNVUZ NZ BKRB BKH HGNZBHULH VM ZCLK MCULBNVUZ ZHHTZ RZZCYHP FKNSH BKH LVTWSHGNBI VM MRLBVYNUE RUP BKH TVZB HMMNLNHUB MRLBVYNUE RSEVYNBKT RYH ZBNSS VWHU XCHZBNVUZ VM EYHRB NUBHYHZB BKNZ NZ UVB RU NZZCH VM WCYHSI RLRPHTNL NUBHYHZB HZWHLNRSSI NU SNEKB VM BKH SRYEH UCTAHY VM CUAYHRQRASH LYIWBVEYRWKNL ZIZBHTZ BKRB FHYH ZCAZHXCHUBSI AYVQHU
Note: Little credit will be given for a correctly decrypted ciphertext without providing evidence to demonstrate understanding of the cryptanalysis process, e.g., frequency analysis, identifying common letters or words, intermediate steps, etc.
Question 2:
The following ciphertext has been obtained using a Vigenère cipher. You are provided with a table of interval values and possible key sizes.
a) By completing the Kasiski table below, determine an appropriate key size to use for the decryption. Provide at least one example of how the potential key sizes were found from the interval values.
b) Use the Excel spreadsheet from the tutorial to aid your decryption of the ciphertext. Explain your steps and provide evidence such as suitable Excel screenshots, e.g., of frequency analysis.
c) Identify the source of the plaintext and explain what the link is between the plaintext and the key.
|
sequence |
interval |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
|
MIPU |
30 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
QFBE |
120 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
IVTU |
220 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EXAX |
20 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
XAXW |
532 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
WXKG |
330 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
HVGNKGZMAHRYEGBQSGOUTVJYXAZWJHDEPRPFKBIVTUGHKPKQHONJXKHLMQFBEKSZKYVVMSGFZTUJEQCUGVGMIPUHCFDCWTGBHIUIGVIVHBKKW
OAESMIPUJWGTJIVNPOHMLUKLXICUDZHLYSNLCZVSVDWXPTPKTCUVVXMHARWQNDEXAXCTQFBEKFNMRUBKKTEXAXWTSSGEIMOTAEUWYTLTHGYIC
APJEMVTROCBSGFXHVMRPSFPLWXMFKMOUTKSHVMTTIVTUEUHSZKVLRYGKRNZCUUPGLBVIKMGWWVCGXCJHCXHVSKTAIWRHCKEEEWICBIXXYKXRN
SWUPTGXLQICBWGFPFXANOBLHDWMHKGYSWWVMKIPOJOWTUEMTUUFZGGVEWTZRSDUDSPXFQYIQKPJXAXQKOFHPCVXTBEEILIVWXKGUIGDICITL
RUBSUTJITKANSFPPKXUBQNCDKPJGETGSSRWWRXVHLLWUXGRXBHLKFFRGJEKXRNSDUDSEUECIOIVTFJFHPKHVDCEMGXREDSURVRMHDGZZFDDTN
MCXGSFJIMMRDGWZXGVWUXAGIGHPMIKTEKQWWXQIGLYXSBRLZRVKCGGWQVCCXGAUIFDVVHMHKGYSXHVSYGCZKCUZVHVHKVIHHGJJHKNXWJD
IVXKTLYOQWXFRLMFKBSHSKSFTIKGSFJIMMRKGBOJTRFEXDUFSYTEYGMPGWBHSLWXKQNOGETTSFXAXWHLRRPMAGYWGLCVWVTNGPZBPLWXKGTH
SUURGXWCYWUQEISUECSZSJPCVXFCJWSVXEGKXYYSRDJKSFTROCBDCUYLXPZFOLCZRZIPUJWGTFRERJOAWWTUWHESZWCQHZRWBTORIDALWXK
QSOMQDKLTOCZVSUTJSNKAKGHRELVLNCGBOWIRGDXPRSUDACCTGBSOMQDKIOXLXSOOXQIMAYZOBDIKEVDRUCYSARGX
Note: Little credit will be given for a correctly decrypted ciphertext without providing evidence to demonstrate understanding of the cryptanalysis process, e.g., example calculations to determine possible key lengths, completed Kasiski table, frequency analysis, etc.
Question 3: Using an Excel spreadsheet from the tutorial classes, encrypt 16 letters (using ASCII) from your surname and first name (e.g., Alex Corner would be CornerAlexCorne) to produce a ciphertext in hexadecimal. Do this by applying the first round of AES (Rijndael) as far as the Shift Row stage. Use the following key:
|
7F |
68 |
6D |
2D |
|
23 |
6D |
1D |
98 |
|
1D |
C5 |
09 |
5B |
|
7A |
CC |
6B |
85 |
Explain all of your steps with supporting evidence (e.g., appropriate Excel screenshots) and provide the encrypted value at the end of each stage. I.e., after Add Key, after Byte Sub, and finally after Shift Row.
Assessment Criteria
The following gives an indication of what standard of work would be awarded a grade in each grade boundary. In reality, a piece of work might match some of the description for one grade with elements from other grades, and a grade will be arrived at by considering the balance. For example, a piece of work that mostly matches the description for ‘Upper Second’, with one or two aspects matching those described under ‘First’ might attract a grade high in the 2.1 range.
|
Category |
Mark Range |
% |
Identify/select appropriate cryptographic techniques and demonstrate understanding of these in order to solve the given cryptographic problems. (50% of Overall Grade) |
|
Exceptional 1st |
93-100 |
96 |
Strong evidence of cryptographic methods and techniques correctly selected and applied, and explanations that are complete, correct, and communicated clearly. |
|
High 1st |
85-92 |
89 |
|
|
Mid 1st |
78-84 |
81 |
|
|
Low 1st |
70-77 |
74 |
|
|
High 2.1 |
67-69 |
68 |
Good evidence of understanding of cryptographic methods and techniques taught in the module, and explanations that are mostly complete, correct, and communicated clearly. |
|
Mid 2.1 |
64-66 |
65 |
|
|
Low 2.1 |
60-63 |
62 |
|
|
High 2.2 |
57-59 |
58 |
A good attempt to apply cryptographic methods and techniques correctly to provide explanations that are often correct, and well-communicated. |
|
Mid 2.2 |
54-56 |
55 |
|
|
Low 2.2 |
50-53 |
52 |
|
|
High 3rd |
47-49 |
48 |
Attempts to apply cryptographic methods and techniques to obtain solutions with some success. |
|
Mid 3rd |
44-46 |
45 |
|
|
Low 3rd |
40-43 |
40 |
|
|
Borderline Fail |
30-39 |
35 |
Work fails to meet most of the requirements for third class. Work that meets some of the description of third class but is still inadequate may attract a grade high in the fail range. |
|
Mid Fail |
20-29 |
25 |
|
|
Low Fail |
6-19 |
10 |
Section B Guidance:
- When working in an Excel spreadsheet you will find it useful to take screenshots of your working, to show how you have proceeded through encryption/decryption. Only include relevant parts of the screen. E.g., in the Vigenère section you may want to just show a small section of the frequencies when explaining how you found each of the shift values. So (if using Windows) just use the Snipping Tool, shortcut Windows-Shift-S, to capture the relevant part.
- Your work should be readable, meaning that you should explain each step in your working. I’m looking to see your ability to apply the methods we have learnt, along with your ability to explain relevant parts of your working. Some parts may be repetitive and, in these cases, you may want to use phrases such as “Similar to the previous step, we can see from the screenshot that this shift is…”.
Things to consider in your explanations:
- Little credit will be given for correctly deciphered ciphertexts without providing some suitable evidence of the cryptanalysis process; see the assessment criteria.
- Think about how you can be sure that your working is correct:
- What have you done to check your solutions?
- Have you used any technology/websites? If so, what?
- Did anything go wrong along the way? Can you comment on this?
- Where requested, use the spreadsheets that you created in the tutorials. Provide screenshots of key steps in your cryptanalysis or encryption, but don’t give a screenshot for every single detail.
- If you are unsure how to present or word something, then ask.
