Task Part A :
1. The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today, a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have to be in 30 years to be considered strong?
2. How do NIST criteria for selection of DES and AES relate to Shanon's original standards of a good cryptographic system? What are the significant differences? How do these standards reflect a changed environment many years after Shannon wrote his standards? - 15 Marks
3. A program is written to compute the sum of the integers from 1 to 10. The programmer, well trained in reusability and maintainability, writes the program so that it computes the sum of the numbers from k to n. However, a team of security specialists scrutinizes the code. The team certifies that this program properly sets k to 1 and n to 10; therefore, the program is certified as being properly restricted in that it always operates on precisely the range 1 to 10.
(a) Explain different ways that this program can be sabotaged so that during execution it computes a different sum, for example, 3 to 20. -
(b) One means of limiting the effect of an untrusted program is confinement: controlling what processes have access to the untrusted program and what access the program has to other processes and data. Explain how confinement would apply to the above example. - 15 Marks 4. The distinction between a covert storage channel and a covert timing channel is not clear-cut. Every timing can be transformed into an equivalent storage channel. Explain how this transformation could be done. -
Part B :
1. Research the TJX data breach case on the web and answer the following questions.
a. Was the TJX break-in due to a single security weakness or multiple security weaknesses? Explain.
b. Suggest a set of measures which probably would have prevented the TJX data breach. Justify your answer.
c. Which of the CIA goals did TJX fail to achieve in this attack? Rationale This assessment task is based on the following topics discussed in the subject: the overview of Information security fundamentals, security threats, cryptography, malicious software and its countermeasures, operating system security and software security .
The assessment task is aligned with the following learning outcomes of the subject: On successful completion of this subject, students will be able to justify security goals and the importance of maintaining the secure computing environment against digital threats; be able to explain the fundamental concepts of cryptographic algorithms; be able to examine malicious activities that may affect the security of a computer program and justify the choice of various controls to mitigate threats.
Marking criteria Assessment criteria PART A : 60 marks Assessable Components HD 100% - 85% DI 84% - 75% CR 74% - 65% PS 64% - 50% FL 49% - 0 Q.1 (5 marks) - Correct length of symmetric session key along with detailed explanation. Correct length of symmetric key along with in depth explanation. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Correct length of symmetric key along with reasonable level of explanation. Very minor omissions only.
Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Correct length of symmetric key along with reasonable level of explanation; Minor omissions in the explanation.
Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Minor omissions. Correct length of symmetric key along with limited explanation.
Supporting reference/(s); writing style appropriate to assignment with proper in text citation. Some omissions. Major omissions or incorrect answers. Either no evidence of literature being consulted or cited references irrelevant to the assessment set. Major errors in referencing style. Possible marks 5.0 - 4.25 4.2 - 3.75 3.7 - 3.25 3.2 - 2.5 2.45 - 0 Q.2 (15 marks) - Relationship between NIST criteria for selection of DES and AES and Shanon's original standards. - Their significant differences. - How do these standards reflect a changed environment many years after Shannon wrote his standards?
Comprehensive knowledge and in depth explanation of the three assessable components. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Reasonable knowledge and in depth explanation of the three assessable components. Very minor omissions only.
Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Good knowledge of the three assessable components along with appropriate explanation. Some omissions.
Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Minor omissions. Addressed the three assessable components mostly correctly along with limited explanation.
Supporting reference/(s); writing style appropriate to assignment with proper in text citation. Some omissions. Major omissions or incorrect answers. Either no evidence of literature being consulted or cited references irrelevant to the assessment set. Major errors in referencing style. Possible marks 15.0 - 12.75 12.6 - 11.25 11.10 - 9.75 9.60 - 7.5 7.35 - 0 Q.3(a) (10 marks) - Listing of different ways that the program can be sabotaged so that during execution it computes a different sum.
- Explanation for each. Multiple (more than three) possible ways have been listed along with in depth explanation. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Multiple (minimum three) possible ways have been listed along with in depth explanation. Very minor omissions only. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Multiple possible (minimum three) ways have been listed along with explanation.
Some omissions. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Minor omissions. At least two ways have been listed correctly along with limited explanation. Supporting reference/(s); writing style appropriate to assignment with proper in text citation. Some omissions. Major omissions or incorrect answers. Either no evidence of literature being consulted or cited references irrelevant to the assessment set. Major errors in referencing style. Possible marks 10.0 - 8.5 8.4 - 7.5 7.4 - 6.4 6.4 - 5 4.9 - 0 Q.3(b) (15 marks) - Understanding of the concept of confinement.
- Explanation of how confinement would apply to the given example. Demonstrated clear understanding of the concept of confinement; comprehensive knowledge and in depth explanation of how this concept can be applied to the given example. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Demonstrated clear understanding of the concept of confinement; comprehensive knowledge and in depth explanation of how this concept can be applied to the given example. Minor omissions only. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Demonstrated clear understanding of the concept of confinement; good explanation of how this concept can be applied to the given example. Some omissions. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Minor omissions. Mostly correct explanation of how the concept of confinement can be applied to the given example. Some omissions.
Supporting reference/(s); writing style appropriate to assignment with proper in text citation. Some omissions. Major omissions or incorrect answers. Either no evidence of literature being consulted or cited references irrelevant to the assessment set. Major errors in referencing style. Possible marks 15.0 - 12.75 12.6 - 11.25 11.10 - 9.75 9.60 - 7.5 7.35 - 0 Q.4
- Understanding of the concept of covert storage channel. - Understanding of the concept of covert timing.
- Detailed explanation of how timing can be transformed into an equivalent storage channel. Comprehensive knowledge of covert storage channel and covert timing; in depth explanation of how timing can be transformed into an equivalent storage channel.
Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Comprehensive knowledge of covert storage channel and covert timing; in depth explanation of how timing can be transformed into an equivalent storage channel. Minor omissions only. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Good knowledge of covert storage channel and covert timing;correct explanation of how timing can be transformed into an equivalent storage channel. Some omissions.
Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Minor omissions. Mostly correct explanation of how timing can be transformed into an equivalent storage channel. Some omissions. Supporting reference/(s); writing style appropriate to assignment with proper in text citation.
Some omissions. Major omissions or incorrect answers. Either no evidence of literature being consulted or cited references irrelevant to the assessment set. Major errors in referencing style. Possible marks 15.0 - 12.75 12.6 - 11.25 7.4 - 6.4 9.60 - 7.5 7.35 - 0 PART B: 20 marks Q.1 (20 marks) - Was the TJX break-in due to a single security weakness or multiple security weaknesses? Explain.
- Suggest a set of measures which probably would have prevented the TJX data breach. Justify your answer. - Which of the CIA goals did TJX fail to achieve in this attack? Evidence of high level of research. Comprehensive knowledge and in depth explanation of the three assessable components.
Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Evidence of high level of research. Reasonable knowledge and in depth explanation of the three assessable components. Very minor omissions only. Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Reasonable level of research. Good knowledge of the three assessable components along with appropriate explanation. Some omissions.
Supporting reference/(s); fluent writing style appropriate to assignment with proper in text citation. Minor omissions. Addressed the three assessable components mostly correctly along with limited explanation.
Supporting reference/(s); writing style appropriate to assignment with proper in text citation. Some omissions. Major omissions or incorrect answers. Either no evidence of literature being consulted or cited references irrelevant to the assessment set. Major errors in referencing style. Possible marks 20.0 - 17 16.9 - 15 14.9 - 13 12.9 - 10 9.4 - 0 Presentation Submit the assignment in ONE word or pdf file on EASTS. Please do not submit *.zip or *.rar or multiple files. Follow the referencing guidelines for APA 6 as specified in Referencing Guides.