写作COSC2536程序、辅导Java，c/c++编程语言

” 写作COSC2536程序、辅导Java，c/c++编程语言School of ScienceCOSC2536/2537 Security in Computing and InformationTechnologyAssignment 2Assessment Type: Individual assignment; no group work. Submit online via CanvasAssignmentsAssignment2.Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made viaannouncements/relevant discussion forums.Due date: Week 10, Friday the 14th May 2021 11:59pmDeadlines will not be advanced, but they may be Extended. Please check CanvasSyllabus or viaCanvasAssignmentsAssignment 2 for the most up to date information.As this is a major assignment in which you demonstrate your understanding, a university standard latepenalty of 10% per each working day applies for up to 5 working days late, unless special consideration hasbeen granted.Weighting: 50 marks (Contributes 50% of the total Grade)1. OverviewThe objective of Assignment 2 is to evaluate your knowledge on the topics covered mainly in Lecture 5 to 10. Topicsinclude Privacy-preserving computations based on RSA, ElGamal, and Paillier Cryptosystems; Digital Signature,Blockchain and Cryptocurrency, Digital Authentication Security Protocols, and Digital Authorization and IntrusionDetection. However, topics covered in Lecture 1 to 10 are required as a prerequisite. Assignment-2 will focus ondeveloping your abilities in the application of knowledge, critical analysis, and decision making. Assignment 2 containsseveral problems related to the topics mentioned above. You are required to prepare your answers and upload themas a single PDF or Word document in CANVAS. Only one question requires code submission in the CANVAS ifattempted, and the corresponding code should be uploaded as a ZIP file on the CANVAS. If you answer Q4(b), submitPDF and ZIP files separately.In this assignment, there are 5 (five) questions in total. Question 1 is about designing Privacy-Preserving SecureSystem. In this question, you are expected to apply your understanding of privacy-preserving computation in thecontext of electronic voting (E-Voting) based on the homomorphic property of Paillier Cryptosystems.Question 2 is about the application of Digital Signature Schemes. In this question, you are expected to demonstrateyour understanding of the RSA and ElGamal Digital signature schemes. You are required to show step-by-stepprocesses for both of the digital signature schemes addressing the sub-questions. Marks will be deducted if you failto show the detailed computation correctly, skip the computation steps, or do not provide explanations.Question 3 is about showing your understanding on RSA-based public key cryptography. In this question, you arerequired to analyze the given scenario based on the RSA-based public key cryptography and show detailed steps tocompromise it with numerical example. You are allowed to choose your own value. However, values should be,Page 2 of 15correct. Marks will be deducted if you fail to show the detail computation correctly, skip the computation steps, ordo not provide explanations with numerical values.Question 4 is on report writing on Blockchain or implementation of a blockchain-based system. Only for thisquestion, you can submit the solution individually or in a group. In the case of a group submission, the maximumnumber of group members can be 3 (three), and you can form the group with students of different classes. In thesolution PDF at the beginning of this questions answer, you must mention the names of group members with theirclass Names (in DAY- TIME format, e.g., MON-14:30 15:30). In this question, there are 2 (two) options: Q4(a) andQ4(b). You need to choose any 1 out of the two options. The first option Q4(a) is on report writing, and option Q4(b)is about the implementation of a Blockchain-based system. If you select Q4(a), you are expected to demonstrate yourunderstanding of the Blockchain and Privacy Preservation and write a well-organized report on a given topic. We arelooking for interesting and innovative system descriptions in the report. You are expected to address the itemsmentioned in the problem statement (at least). However, to secure good marks, you have to think out of the box. Thereport should be appended in the same document where you write the answers to other questions. Furtherinstructions are given in the question. If you select Q4(b), you are expected to implement a blockchain system for agiven scenario. You should describe detailed steps of implementation with necessary code segments.Additionally, you need to submit the code on the CANVAS as a separate ZIP file on the CANVAS. Please DO NOTinclude your solution PDF within the ZIP File.Question 5 is related to analyzing and designing the security of authentication protocols. Your answer should containthe necessary explanation and diagrams as stated in the problem statement. Marks will be deducted if you fail toprovide the explanation correctly and/or diagrams for all of the protocols.Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to startpreparing your answers immediately after Lecture-5 (in Week-5). At the end of each week, starting from Week-5 toWeek-10, you should be able to solve at least one question.If there are questions, you must ask via the relevant Canvas discussion forums in a general manner. Also, attendconsultation sessions when announced.Overall, you must follow the special instructions below: You must fulfil the requirements in the questions. Upload your solution as a single PDF or Word document in CANVAS. Also, upload codes as a separatesingle ZIP file in the CANVAS. Do not put the PDF within the ZIP file. For the questions that require implementation, you must implement the functionalities stated in thequestions. Any change in a user interface is acceptable if the functionality is there. In your report,you must show all of the steps with necessary code segments and screenshots for each question.2. Assessment CriteriaThis assessment will determine your ability to: Follow requirements provided in this document and in the lessons. Independently solve a problem by using cryptography and cryptanalysis concepts taught over the last sixweeks from fifth to tenth weeks of the Course. Meeting deadlines.,Page 3 of 153. Learning OutcomesThis assessment is relevant to the following Learning Outcomes:1. CLO 1: explain the functioning of security services in computing environments and the security issues innetworked applications.2. CLO 2: discuss various types of data integrity and confidentiality mechanisms including public keycryptography.3. CLO 3: describe basic system security mechanisms and protocols, such as those used in operating systems,file systems and computer networks.4. CLO 4: analyse the overarching importance of IT security in areas such as networking, databases, operatingsystems, and web systems.5. CLO 5: apply privacy principles in basic practical settings in IT environments.6. CLO 6: analyse and evaluate the security of computing and IT systems on a practical level and privacy relatedissues in computing.4. Assessment detailsPlease ensure that you have read Section 1 to 3 of this document before going further. Assessment details (i.e.question Q1 to Q5) are provided in the next page.,Page 4 of 15Q1. Privacy Preserving Secure Models (Marks: 6)Privacy Preserving Online Voting SystemRecently, several controversies have been observed in voting around the world. Even electronic voting can bemanipulated1. In an electronic voting system, the voting authority cannot be trusted completely as it can bebiased. Using a privacy-preserving online voting system removes controversy in the voting system. In thisprivacy-preserving online voting system, voters encrypt their votes in the voting booth before sending them tothe voting authority. A voting server records each encrypted vote and determines the voting result on behalfof the voting booth as the voting booth does not have enough computation power. The encrypted result issent to the voting authority, which determines the winner based on encrypted votes. The homomorphicproperty of the Paillier Cryptosystem allows the addition of encrypted numbers. Therefore, the PaillierCryptosystem can be used in developing a privacy-preserving online voting application.In this task, you need to design a privacy preserving online voting system as shown in Figure-1 using the Pailliercryptosystem. Suppose that a Group of students want to elect their club president.Your designed privacy-preserving voting application must fulfil the following requirements: Votes must be encrypted from Voting Booth using Paillier Cryptosystem before sending them to theVoting Server. A vote is an integer number which should be equivalent to a 12-bit binary string. The number of candidates should be three. For example, ALICE, BOB, and EVE. The number of voters can be maximum 16. Assume that four voters will vote for ALICE, two voters will vote for BOB, and two voters will vote forEVE. after counting the votes, the Voting Authority (VA) should find four votes for Alice, two votes forBOB, and two votes for EVE. The Voting Authority chooses p=157, q=127 and select g=8821. The private numbers chosen by 8 voters and their votes are as follows:VoterNo.Voters Private Number, r Vote for Voting message, m1 91 ALICE 000000000001 = 12 92 ALICE 000000000001 = 13 93 ALICE 000000000001 = 14 94 ALICE 000000000001 = 15 95 BOB 000000010000 = 166 96 BOB 000000010000 = 167 97 EVE 000100000000 = 2568 98 EVE 000100000000 = 256 The Voting Authority sets up Required public and private keys and makes the public-keys to all votingbooth before the vote starts.,Page 5 of 15Figure-1.2: Privacy-preserving voting systemShow detail step-by-step computations of the key generation, encryption, homomorphic computations, anddecryption processes for votes of 8 voters.[Note: Refer to the Week 5 lecture and Workshop-5.][1. httpss://www.dw.com/en/democracy-in-danger-elections-are-easy-to-manipulate/a-45858161][If you are interested to implement a broader version of this system as the Capstone/Honours project, please contactthe Lecturer]Q2. Application of Digital Signature (Marks: 7)The working procedure of the digital signature is illustrated in Figure-3. It is recommended that you use theconcept of digital signature to Answer both Q2(a) and Q2(b).Figure-3: Overview of the Digital SignatureALICE BOB EVECandidates,Page 6 of 15(a) Digital signature for large text message (Marks: 3)Suppose Bob (the sender) wants to send a large text message M to Alice (the receiver). The text message Mis as follows (in bold and italic face):Blockchain gained notoriety and quickly became part of popular parlance during 2017s unprecedentedcryptocurrency boom. The technology builds on longstanding concepts and techniques in distributedtransaction processing and encryption. Software developers initially brought these ideas together in aremarkably innovative manner to support Bitcoins 2009 launch, giving rise to the first blockchainnetwork. Cryptocurrencies, many of which use the concepts Bitcoin introduced, continue to proliferateBefore sending the message, Bob generates a hash h(M) of the text message M using the MD5 hash algorithmand converts h(M) into integer message m. Then, he signs the m and sends it to Alice. When Alice receives thesigned message, she would like to verify that the message is indeed from Bob. To facilitate signing andverification, Bob generates public and private keys using RSA encryption algorithm and sends the public keyto Alice. Bob uses the following parameters:1st Prime number: p = 4306206740584812881232380456971236589332nd Prime number: q = 124566090654136987961913344431645866767Public key parameter: e=23In this task, you need to show how Alice generates digital signature for a large text message and Bob verifiesthe signature using RSA based digital signature scheme. To do this:i. Show how Alice would generate Public and Private keys.ii. Show how Alice would generate the digital signature for M.iii. Show how Bob would verify the digital Signature using Alices public-key.iv. Do you think that RSA based digital signature can be forged? Justify why or why not.[Note: Refer to the Week 6 Lecture and Workshop-6 and the Running Example of RSA Signature for TextMessage of Week-6 lecture notes.Use the following links:For generating MD5 hash: https://www.miraclesalad.com/webtools/md5.phpFor converting hexadecimal to decimal and vice versa: httpss://www.mobilefish.com/services/big_number/big_number.phpFor performing large integer operations (power mod, inverse mod, LCM, GCD, Multiplication): httpss://www.mobilefish.com/services/big_number_equation/big_number_equation.php ](b) ElGamal based digital signature scheme (Marks: 4)Recently, Charlie has developed a software for Alices Restaurant. Alice emails the payable amount (M) to hermanager Bob. To ensure the integrity and authenticity, Alice generates a digital signature for the aboveamount with ElGamal based digital signature scheme and sends the signed message to Bob via email.Alice chooses ElGamal public key (i.e., modulus p and generator g) and private-key (i.e., secret number x).Bob chooses a random number r. The equivalent decimal numbers as follows:In this task, you need to show how Alice generates digital signature and Bob verifiesthe payable amount usingElGamal based digital signature scheme. To do this:i. Show how Alice would generate Public and Private keys.ii. Show how Alice would generate the digital signature for M.M = 2300, p = 191447, g = 425, x = 1998, r = 2813,Page 7 of 15iii. Show how Bob would verify the digital signature using Alices public-key.iv. Does ElGamal Signature approach prevent cheating on digital signature? Justify why or why not.[Note: Refer to the Week 6 Lecture and Workshop-6.]Use the following links:For performing large integer operations (power mod, inverse mod, LCM, GCD, Multiplication): httpss://www.mobilefish.com/services/big_number_equation/big_number_equation.php ]Q3. Compromising Public Key Cryptography (Marks: 7)Assume that Jenny and Kelly are secretly communicating using an RSA-based public-key cryptosystem. Alex isan intelligent guy who is intercepting the communications between Jenny and Kelly. Say, Alex has intercepteda ciphertext C that Kelly created By encrypting a message M using Jennys public key and was being sent toJenny. As Alex does not know Jennys private key, he plans to do a trick to find out M. Alex challenges Jennythat he can decrypt the message M if Jenny agrees to encrypt another message (any message except C) usingher private key.You are expected to explain if it is possible for Alex to find M using the trick? Explain with a numerical examplefor each step.Q4. Secure systems – Report Writing or Implementation (Marks: 20)You need to answer any 1 of the following question in a group of maximum 3 (three) people. However, it isabsolutely fine if you want to do it individually.(a) Report Writing on Designing a Secure SystemBuying real estate involves many complex tasks from both buyer and seller points of view. The main tasks ofthe buyer involve searching for a suitable property, arranging finance, and verifying the property information.A seller has to ensure proper permits (e.g., land titling, building permit, approve building design, etc.) from thedesignated authority to sell real estate. The financial organization (e.g., bank) plays an important role byensuring the buyers financial solvency. A bank collects several personal documents of a buyer and verifies thembefore providing finance to a buyer. Overall, digital real estate purchasing and selling management involves thecollection of sensitive (i.e., personal) data of both buyer and seller. Also, purchasing and selling requiresapproval at different levels which creates avenues for the breach of privacy of collecting sensitive data andfraudulence (by providing fake documents or tampering information) from both buyer and seller point of view.Write a report on how the blockchain technology can be used to prevent document or information tamperingand the privacy of sensitive data of both buyers and sellers can be preserved in digital real estate purchasingand selling management systems.The report should be well structured having a proper introduction, main body, and concluding remarks. Youmust provide necessary diagrams based on your own thoughts as well as collected from different sources.The report must contain the followings (but not limited to):i. An overview of the traditional digital real estate purchasing and selling management systemswith one or more scenarios of possible privacy breach and data tampering.ii. Necessary diagrams for illustration whenever required.,Page 8 of 15iii. Briefly explain your understanding of privacy-preserving digital real estate purchasing and sellingmanagement systems with necessary diagrams with a brief summary of different privacypreservingtechniques that can be used in this scenario.iv. Briefly explain your understanding on the Blockchain technology and its usefulness in differentapplications.v. Explain with necessary diagrams how a privacy-preserving digital real estate purchasing andselling management systems can Be integrated with blockchain technology.vi. Explain how the integrity and traceability of data can be achieved using blockchain in yourspecified system.vii. Explain the challenges of using privacy-preserving techniques and blockchain technology indigital real estate purchasing and selling management systems.You must provide necessary references (at least 15) using APA referencing style including both research andonline articles. Articles can be searched in: Google, Google Scholar ( httpss://scholar.google.com/), IEEEXplore ( httpss://ieeexplore.ieee.org/Xplore/home.jsp), etc.Texts should be presented in IEEE Double-Column format with maximum 6 pages. For your convenience, a MSWord template for the report is provided in the Assignment-2 Home Page on CANVAS.[Note: Refer to the Week 7 lecture and Workshop-7.](b) Implementation of a Blockchain-based digital real estatepurchasing and selling management system[Note: You should attempt this task if you have prior programming skills. Otherwise, answer Q5(a).]Implement a blockchain-based digital real estate purchasing and selling management systems that will ensureintegrity and traceability of data. The implemented blockchain-based digital real estate purchasing and sellingmanagement systems should fulfil the following requirements: The system should have four types of users: seller, authority, Buyer, and bank. A seller can a create a permit application with the following information: property address,owner/vendor details, building design (in this case just upload a PDF file with name design.pdf), andseller licence number (e.g., L1001). Upon the submission of the permit application, informationmentioned above should be stored in the Blockchain and the seller will receive a permit application ID. An authority can either approves or disapproves a permit application. The decision should be stored inthe blockchain along with the property address which can be verified later. A buyer can send a loan application to a bank with his/her personal details (e.g., full name, date of birth(DOB), current address, contact number, employer name, annual income, address of the propertyintended to purchase, and loan amount). Upon the submission of the loan application, informationmentioned above should be stored in the blockchain and the buyer will receive a loan application ID. A bank either approves or disapproves a loan application by verifying the status of the permit of theproperty. The decision should be stored in the blockchain along with the buyers full name, currentaddress, contact number, and Date of birth which can be verified later by a seller.,Page 9 of 15 The seller can verify the loan application status of a buyer before the deal. If the status of the loanapplication of a buyer is approved, the seller makes the deal. Otherwise, the deal is cancelled. Thebuyer can see the deal status.You are allowed to use any programming language or scripting language such as Java, PHP, Python, JavaScript,etc. A good graphical user interface (GUI) is expected. However, you can also provide user friendly commandlineuser interface. Upon completion of the implementation, you are expected to:I. Create a report containing the implementation details and user instructions.II. Upload your code and report in the CANVAS.[Note: Refer to the Week 8 Lecture and Workshop 8.][If you are interested to implement a broader version of this system as the Capstone/Honours project, please contact theLecturer]Q5. Designing a Secure Authentication Protocol for a One-to-OneSecure Messaging Platform (Marks: 10)(a) Analysing the security strength of authentication protocols(Marks: 7.5)Assume that you have been hired to design a secure mutual authentication and key establishment protocol fora new messaging software. In the software, two users (ex: Alice and Bob) needs to exchange messages using apublic-key cryptography based authentication protocol to achieve mutual authentication and establish asecure session key (K) before the start of the conversation as shown in Figure-6. According to the given scenario,Alice and Bob should exchange three Messages to achieve mutual authentication and establish the securesession key (K). Assume that Alice is the initiator of the communication. Alice sends Message 1 to Bob andBob replies with Message 2.Figure-6: Overview of the secure mutual authentication and key establishment protocolYou have options to choose from several protocols and analyzing their security strength. The prospectivesecurity protocols are as follows:,Page 10 of 15i. In protocol-1, Message 1: {Alice, K, RA}Bob, Message 2: RA,RBii. In protocol-2, Message 1: Alice, {K, RA}Bob, Message 2: RA, {RB}Aliceiii. In protocol-3, Message 1: Alice, {K}Bob, [RA]Alice, Message 2: RA, [RB]Bobiv. In protocol-4, Message 1: RA, {Alice, K}Bob, [RA]Alice, Message 2: [RA]Bob, {RB}Alicev. In protocol-5, Message 1: {Alice, K, RA, RB}Bob, Message 2: RA, {RB}AliceIn this task, you need to critically analyze the above protocols and clearly explain which protocol or protocolswould be secured and why. Notations are summarized below:K : Session keyRA : Nonce generated by AliceRB : Nonce generated by Bob{Message}Alice : Encryption Function that encrypts Message using Alices public Key[Message]Alice : Encryption Function that encrypts Message using Alices private Key which is alsoknown as signed Message by Alice[Note: Refer to the Week 9 lecture and Workshop 9.](b) Designing a secure authentication protocol (Marks:2.5)Assume that Alice and Bob want you to design a secure two-message authentication protocol (requires onlytwo messages to achieve mutual authentication as shown in Figure-7) for their chat application that will providemutual authentication and establish a session key (K) for each communication. While designing theauthentication protocol, you should remember that public-keys of both sender (e.g., Alice) and receiver (e.g.,Bob) are known to everyone in the network. Therefore, it important to ensure anonymity of the communicatingusers in the authentication protocol. For your information, if an authentication protocol provides anonymitythen an attacker cannot identify the person who is communicating. In other words, a message in theauthentication protocol providing anonymity does not reveal users identity.Figure-7: Overview of the two-message secure mutual authentication and key establishment protocolIn this task, you need to explain the followings with diagrams:i. Show a two-message authentication protocol that will achieve mutual authentication for twocommunicating users (say, Alice and Bob).ii. Assume Trudy is a passive attacker who can only watch messages between Alice and Bob. Trudy cannotperform any replay or Man-in-the-Middle (MiM) attack. Now, analyse critically if your protocol ensure,Page 11 of 15anonymity or not from Trudy. If your protocol does not provide anonymity, what changes are requiredto your protocol to ensure anonymity?[Note: Refer to the Week 9 lecture and Workshop 9.],Page 12 of 155. Academic integrity and plagiarism (standard warning)Academic integrity is about honest presentation of your academic work. It means acknowledging the work of otherswhile developing your own insights, knowledge and ideas. You should take extreme care that you have: Acknowledged words, data, Diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directlycopied), summarized, paraphrased, discussed or mentioned in your assessment through the appropriatereferencing methods, Provided a reference list of the publication details so your reader can locate the source if necessary. This includesmaterial taken from Internet sites.If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passedoff the work and ideas of another person without appropriate referencing, as if they were your own.RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety ofinappropriate behaviors, including: Failure to properly document a source Copyright material from the internet or databases Collusion between studentsFor further information on our policies and procedures, please refer to the University website.6. Assessment declarationWhen you submit work electronically, you agree to the assessment declaration.,Page 13 of 157. Rubric/assessment criteria for markingAll of the computations must be correct and only provided values must be used. Instructions must be followed.CriteriaThe characteristic or outcome that is being judged.TotalQuestion 1PrivacyPreservingSecure ModelsStep-by-step processes are shownwith detail computations.All of the computations shown arecorrect.Step-by-step processesare shown with detailcomputations.Most of the computationsare correct with fewerrors.Step-by-step processes are shownwith detail computations.Most of the computations areincorrect with few correctcomputations.Step-by-step processes Are not shown with detailcomputations.All of the calculations are wrong.Not answered. 6Marks6 Marks 4 Marks 2 Marks 1 Marks 0 MarksQuestion 2(a)Digital signaturefor large textmessageStep-by-step processes are shownwith required explanation.All of the computations are showncorrectly in detail.Security strength of RSA Signature iswell justified.Step-by-step processesare shown with requiredexplanation.Not all of thecomputations are showncorrectly in detail.Security strength of RSASignature is NOT welljustified.Steps that are shown partiallycorrect and explanations are not upto the mark.Or,Steps are not Shown correctly.Security strength of RSA Signatureis INCORRECTLY justified orjustification is NOT provided.Steps that are shown are not correct.Or,The answer is incomplete.Not answered. 3Marks3 Marks 2 Marks 1 Marks 0.5 Marks 0 MarksQuestion 2(b)ElGamal baseddigital signatureschemeStep-by-step processes are shownwith required explanation.All of the computations are showncorrectly in detail.Security strength of ElGamalSignature is well justified.Step-by-step processesare shown with requiredexplanation.Not all of thecomputations are showncorrectly in detail.Security strength ofElGamal Signature isNOT well justified.Steps that are shown partiallycorrect and explanations are not upto the mark.Or,Steps are not shown correctly.Security strength of ElGamalSignature is INCORRECTLYjustified, or justification is NOTprovided.Steps that are shown are not correct.Or,The answer is incomplete.Not answered. 4Marks4 Marks 3 Marks 2 Marks 1 Marks 0 Marks,Page 14 of 15Question 3CompromisingPublic KeyCryptographySteps of compromising Public KeyCryptography for the given scenario isup to the mark.Numerical example is shown for each\r”