Assignment 1
Background
To complete this assignment, you will need to have completed reading of chapters one and two of the textbook and completed the slides/lectures Introductions and Overview and Cryptography I, II, and III.
Assignment Instructions
Reminder: All work turned in for this class must prepared in a form that I can open with Microsoft Word 2016. Do not copy the homework text into your answers; I already know what the questions are, and putting superfluous filler into your answers just makes more work for me.
For this assignment and any others that require research you must answer in your own words and cite your references correctly. A cut-and-paste answer will earn a zero for the entire assignment and may earn a course grade of F for plagiarism.
Parts of this assignment may require research. Be sure to attribute the words and ideas of others that you will use in your answers. Use quotation marks for direct quotations, and always include a citation, whether you quote or paraphrase. A cut-and-paste answer will earn a grade of zero for the assignment and may earn a course grade of F for plagiarism. If you have questions about this, please ask me.
Remember: No citations implies no research. No research implies no learning. No learning implies D-minus, at best!
Part 1: In each of the following scenarios, tell whether there is a violation of confidentiality, integrity, or availability, or some combination of the three. In addition, for each item, write a two- or three-sentence paragraph explaining why your answer is correct.
- Alex disables Barbara's router by logging in remotely with the manufacturer's default password.
- Mallory builds a WiFi jammer using plans she found on the Internet and jams wireless signals over a large part of her apartment building.
- Charlene uses a key logger to capture Darla's banking password.
- Eve rewrites the magnetic stripe on a gift card to change the amount from $10 to $100.
(Adapted from an exercise in Bishop, Matt, Introduction to Computer Security.)
Part 2: Distinguish among vulnerability, exploit, threat, risk, and control mechanism (called "countermeasure" in chapter one of the text) in five brief paragraphs. If you do any research outside the textbook, which you are encouraged to do, be sure to cite your sources. You can see how to do that in An Example of Proper Writing in the "Required Reading" section.
Part 3: Using the tool at http://www.fileformat.info/tool/hash.htm, compute the SHA-256 checksum of the MS-Word file that is your work on this assignment so far, or some similar file if you don't have that one available. Copy the calculated cryptographic hash into Windows Notepad or word processing document to save it temporarily. Now change one character from a capital to a lowercase letter or vice-versa in the original document, re-save, and recompute the the cryptographic hash. Paste the old and new cryptographic hashes into your homework document. Be sure to identify which one is before and which is after.
Using the information from the textbook, explain at least two uses for a cryptographic hash, and explain how the experiment you just performed confirms those uses.
Do some research and explain in a paragraph or so what a "hash collision" is. Be sure to cite your research.
Part 4: Explain in a couple of paragraphs how public key encryption can be used to implement a digital signature. Be sure you are very clear on when a private key is used and when a public key is used.
Part 5: Generally, a digital signature involves encrypting a cryptographic hash, or digest, generated from the message. Explain why we do we not encrypt the message itself. You can answer this question in one sentence.
Part 6: For each of the following scenarios below, tell what type of encryption is most appropriate and in a sentence or two explain the reasoning for your choice.
- Alice wants to send a confidential message to Bill, whom she has never met and who lives in a distant country.
- Charlie wants to be sure that no one but he can see the financial and medical records he has stored on his computer.
- David needs a way to check that large computer files stored on corporate servers have not been modified.
- Eddard uses a "cloud" backup service; he wants to be sure the operators of the service cannot read his files.
- Frank needs to send a message to George. The message need not be confidential, but George must be assured that it actually came from Frank.
Grading Rubric
This section describes how your assignment will be graded. Except in the case of plagiarism, cheating, or copying, you cannot lose more than 100 points.
This assignment is worth 100 points in the "Assignments" category of the course grading plan.
The Assignment as a Whole
Failure to follow instructions: Up to three points subtracted per part, 18 points for the entire assignment.
Grammar, spelling, and organization: Up to three points subtracted per part, 18 points for the entire assignment.
Incorrect citation or use of the works of others: Up to ten points subtracted per part, 60 points for the assignment as a whole. When you use the words or ideas of others, you need a citation in the text that ties to an entry in your "References" section. When you quote another's work, you need quotation marks. For an example, see An Example of Proper Writing in the "Required Reading" module.
Plagiarism, cheating, or copying another's work: A zero on the assignment and referral to the Student Conduct and Academic Integrity office for other penalties.
Late work: Late work will not be accepted by Desire2Learn and will be recorded as a zero.
The Assignment by Parts
| Part | Criteria | Points Available |
|---|---|---|
| 1 | Each part: -4 points, if the property violated is incorrect, explanation incorrect or incomplete, or not answered. | 16 |
| 2 | Each part -4 points if the explanation is incorrect, superficial, or not answered. | 16 |
| 3 | One or both cryptographic hashes are absent: -5 points. Two uses with explanation; -5 for use or explanation, incorrect, superficial, or absent. | 15 |
| 4 | Explanation of why entire message is not encrypted is incorrect, superficial, or absent: -15 | 15 |
| 5 | Explanation is incorrect, incomplete, or superficial; up to -13 points. | 13 |
| 6 | Each part: 5 points, if encryption type incorrect, explanation incorrect or incomplete, or not answered. | 25 |