User Account

All Pages

Difference between symmetric and asymmetric encryption

Assignment Help Other Subject
Reference no: EM133090338

CIS-4017-N System Administration and Security - Teesside University

Assignment - Cryptography basics, security analysis, design and implementation

Learning outcome 1: Communicate complex issues in cybersecurity and system administration to both specialist and non-specialist audiences.

Learning outcome 2: Evaluate, select and use effectively appropriate security and system administration tools.

Learning outcome 3: Demonstrate a comprehensive and critical understanding of concepts, theories and issues relating to cybersecurity and system administration.

Learning outcome 4: Research, evaluate and implement modern cybersecurity and cryptography techniques.

Learning outcome 5: Integrate and synthesise diverse knowledge, evidence, concepts, theory and practice in system administration, including security issues, to solve problems.

Learning outcome 6: Provide detailed arguments and present conclusions about system administration and security issues, including scenarios with limited or inaccurate information.

Learning outcome 7: Demonstrate an awareness of ethical conduct in systems administration and cybersecurity scenarios.

Part I Cryptography questions

Basic concept

1. Explain the difference between symmetric and asymmetric encryption. Describe a method of asymmetric encryption, and discuss the vulnerabilities of it.

Simple encryption and decryption

2. Decrypt OHW PHR XWC CC using the Caesar cipher (shift of 3).

RSA
3. Assume a public key for RSA encryption given by the pair (143,11). Find the private key corresponding to this pair.

4. Using the pair (143, 11), decode the encrypted message (111 4 88 57 116 67) assuming the letters were represented by ASCII values
(recall that the ASCII values are 65->A, 66->B, ... and 97->a, 98->b, ...)

Diffie-Hellman protocol

5. Describe in detail the Diffie-Hellman protocol for three parties Alice, Bob and Carol.

Part II Security analysis and design

Scenario I - Security models

MGB Ltd. is a company providing security solutions to public services. You are asked to help the MGB Ltd to design a security model for the national defence department - a part of an e-government project on secure information control in managing troops. Assume the armed forces be classified as: {army, navy, air force, marines}, the security levels are typed as: {high, low}.

Your tasks: You should produce a short report (around 500 words) to formalise a Bell Lapadula model to address the confidentiality properties for the specified scenario, and to discuss the strength and weakness of your model.

Hint: You need to describe the model (specify subjects, objects, possible operations - which can be flexible, design your own but need to show your understanding of specifying and applying the BLP model in a real case), the security lattice (a graph can be helpful), the policy and the security properties for the given scenario above.

Scenario II - Security Analysis and Solutions to Conference Management Systems

A conference manage system is a web-based management system which allows researchers submit research papers, the program committee (PC) members (reviewers) to browse papers and contribute reviews, scores and discussion, and release decisions (such as rejection or accept) via the Web. In one arrangement, the conference chair downloads and hosts the appropriate server software.

The system allows users to submit papers, enter reviews & scores and access reviews & scores associated with events (conferences or workshops) regarding to the role of the uses. A user is granted access to the system by providing a role (chair, reviewer, or author) along with a user-id and associated password. Permissible roles for each user are specified at the time a new event is added to the management system. Reviews & scores on papers are initially assigned by chairs (chairs assign papers to reviewers for reviewing, one reviewers can be assigned multiple papers, one paper can be allocated to multiple reviewers). Reviewing are done by reviewers. And a chair can perform any and/or all of these actions, but a chair's updates can only be changed by the chair. An author, in addition to learning about his or her reviews & grades on individual papers, is entitled to learn the acceptance statistics (but not other papers' reviews), and the conference program.

Threat model: The adversary is a user who desires to learn the reviews & scores, changes reviews & scores, or prevent others from learning or changing reviews & scores. The adversary has access to the management system and also can read, delete, and/or update network messages in transit. The adversary cannot physically access or run programs on a user's machine that is running a browser to access the management system. And the adversary can not physically access or run programs on the server hosting the management system.

Your tasks: You are asked to produce a report (1500-2000words) to provide contemplate descriptions of the above Web-based Conference Management System. You should address the following issues:

1. Demonstrate a broad understanding of the professional, ethical and legal compliance considerations around network security.
2. Analyse a range of security concepts, security models, principles and practice in an appropriate environment.
3. Evaluate potential secure infrastructures to meet an appropriate system requirement.
4. Select and justify appropriate security techniques to meet an appropriate system requirement.
5. Operate ethically in order to implement and test a secure infrastructure to meet an appropriate business requirement.
6. Communicate effectively and professionally in writing.

Hint: Assuming that the manager is not a technical person, craft your explanation in a way that can be explained to a layman and include figures where necessary. You could think about:
• Assets and security properties: what objects should be protected, what security properties might we expect the system to enforce? For each such security property, label it with one of: confidentiality, integrity, or availability?
• Vulnerability: explain the vulnerability in the system and use an attack tree/model to describe how an attack could be mounted. Restrict your consideration to the threat model provided.
• Protection: what cost-effective protections are available against the threats that you identify. Remember the focus is on software vulnerabilities.

Scenario III- Design and Implementation of a Secure Network

This task involves designing and implementing an Internet-connected secure network for a medium-sized company requiring 500 machines named Smith Logistics, UK. They want to implement a secure network that uses Class C network address with multiple subnets - They have asked you for a price quote as well. But they want to see a packet tracer implementation and simulation results before they commit to purchasing anything.

You can use Packet tracer/Opnet/Omnet++ for the implementation and security measures. The implementation of the network should consist of core, distribution and access layer.
It should use a minimum of two routers at the distribution and a further 2-4 for the core layer. All router interfaces must be tested for the correct subnet operations.

Your tasks: You should write a report with the appropriate design and implementation solution (2500 words max, but flexible) documenting all that you have done, including how the network is set up. Use the tasks below as a guideline to write.

1. Using a drawing tool of your choice design the network. Draw a simple network diagram of your network.

Hints: Design the logical diagram. You can ignore the device location in a logical design. Use Visio or any drawing tool for the diagram. Don't forget to label the diagram core, access and distribution layer.

2. Design and Implement an IPv4 subnetting scheme. You can use any address in class c.

3. Hint: Test a small subsection of the network before implementing the full addressing scheme in packet tracer.

4. The report must describe the design and all of the decisions that you have made in the process of developing the design. This will include a discussion of the design model, Security, WAN protocol, Layer 2, 3 and wireless protocols that you have decided to use. Hint: Restrict your discussion to the main layer 1,2 and 3 protocols

5. Show the detailed cost of implementing your solution in a table format. You can try to show two different costs for the company to choose from.
Hints: Research on the costs of servers (hardware and software), switches, workstations, cables, etc.

6. Show all references used in the report, using appropriate referencing.
Hints: Harvard referencing can be used and make sure the format is fully followed

Attachment:- System Administration and Security.rar

Reference no: EM133090338

Questions Cloud

How many products would you have to sell : If the Retail Selling Price for a product is $15 and all of your expenses, including the Cost of Goods, are $10, how many products would you have to sell
Describe example of very poorly implemented database : Describe an example of a very poorly implemented database that you've encountered (or read about) that illustrates the potential for really messing things up.
Design patterns for the technological development : Three research objectives and three research questions about appropriate design patterns for the technological development of pharma warehouses
What is the likely future of unions : What is the likely future of Unions given today's highly complex, and dynamic gig economy? Please explain thoroughly.
Difference between symmetric and asymmetric encryption : Explain the difference between symmetric and asymmetric encryption. Describe a method of asymmetric encryption, and discuss the vulnerabilities
What is the present value index of the project : An inital investment of $170,000, and is expected to yield annual cash flows of $59,500. What is the present value index of the project
Positive and negative externality : Show real-life examples of both positive and negative externality (one example for each case will be good enough), and also explain the reason for your example.
Improve employees morale during pandemic : You have be contacted by a large grocery store chain to help improve employees morale during the pandemic.
Relationship between customers and merchants : How has information technology transformed the relationship between customers and merchants?

Reviews

Write a Review

Other Subject Questions & Answers

  Disadvantages of act-utilitarianism and virtue ethics

Compare the advantages and disadvantages of act-utilitarianism and virtue ethics. Which do you think is the better theory? How would you combine the two.

  Site admins and staff are also bidding for work

It is impossible to work in this site when you are ordinary person. This site's admins and staff are also bidding for work. Our registration is absolutely free.

  Find out your political ideology

First, you must visit and take the quiz to find out your political ideology at one or both of the following web-sites: Advocates for Self Government a libertarian web-site: www.theadvocates.org/quiz

  Psychological skills training program

How can a Pre-performance Routine and Relaxation be Applied to a psychological Skills Training program.

  What implications should be considered in your writing

Review "6. Nondiscrimination" in the AERA Code of Ethics. What implications should be considered in your scholarly writing and observations?

  Discuss knowledge and attitudes of selected qsen competency

In your post, also discuss the knowledge, skills, and attitudes of the selected QSEN competency or competencies. Refer to the QSEN website, and the activities.

  Reflect on your professional growth

Reflect and discuss how addressing the service/program gaps within your chosen municipality will benefit the community residing in the area.

  Assess the legalities of training

Evaluate whether you will use the plan as the sole weighting for promoting and determining the eligibility of employees for opportunity to move forward at work.

  Describe the difference between induction and deduction

Describe the difference between induction and deduction. Which approach to reasoning, in your opinion, is the "highest" form of homeland security analysis and why?

  Description of three benefits that are evident in the levy

Describe ways this group session has been effective in helping the members of the group. Description of three benefits that are evident in the Levy.

  Who describes differences between individuals better why

Debate" these questions for your two theorists. Who describes differences between individuals better? Why

  Discuss the ethical issues present

Discuss how you would address the problem if you were the manager, dissertation chair, doctoral research mentor, or supervisor of the person involved.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd