Coursework in Lieu of Exam – 2019/20 Module Code: SEC202 Page 2 of 3 Learning Objectives: The following learning objectives will be addressed: 1. Identify the issues involved with the design of secure systems and the complexity of cryptographic systems. 2. Critically analyse the need for protection mechanisms within different complex scenarios. 3. Analyze security issues for protection mechanisms within different scenarios, and identify appropriate security mechanisms to secure applications. Instructions: This course work is in the format of a “seen paper” where you are given some questions to answer in a limited time duration of 48 hours. There are four questions to complete and they carry equal marks. Each question is based from materials delivered throughout the module but you also have the opportunity to draw upon additional research. Note that, The coursework has been designed to take 4-5 hours on average. The answers should give a brief introduction of the problem mentioned in the question, demonstrate knowledge about the problem in the form of examples etc, do the required analysis or give rationale for the answers, and give references to support your arguments. If you are unfamiliar with referencing style, then a Google search using the term ‘Harvard referencing’ will help. Although you will be expected to make significant use of printed and online literature in researching and producing your materials, it is not acceptable for you to simply cut and paste material from other sources (small quotes are acceptable until and unless you go on analyse and discuss them but they must be clearly indicated as being quotes and the source must be referenced appropriately). Task: Please answer the following questions. Each question carries equal marks. Q1: Assume you want to encrypt a plaintext written in English. The techniques you have at hand are mono-alphabetic substitution cipher, Poly-alphabetic substitution cipher, Columnar transposition, Key-Word columnar transposition and Concealment. Describe and explain, which method would be the most effective in encrypting the message and why? Please give examples where appropriate. (500 Words) Q2: Assume you have an image to send over an un secure channel to your friend. You have decided to use AES for encrypting this image but you want to decide which block mode to use. Describe and explain, which mode of operation you would choose so that the encrypted image does not leak any information about the original message and why? How would you make sure that the chosen mode is protected against known-plaintext attack and chosen- plaintext attacks? Please give examples to support your answer. (500 words). Coursework in Lieu of Exam – 2019/20 Module Code: SEC202 Page 3 of 3 Q3: We know that the issue with secret key encryption is the distribution of key. Describe and explain how you could solve this problem by using Public key encryption. What do you think is the problem of using Public key encryption alone and consequently, how would you recommend an encryption method, using the best of Public/Secret key encryptions, for sending a message between the two users? Furthermore, which key agreement/distribution method do you think would be most optimal for this scheme in order to stop a man-in-the- middle attack. How would you protect the integrity of the message against active-attacks? Which method would you suggest that the users could use to authenticate each other? (500 Words) Q4: The 3G Universal Mobile Telecommunication Systems (UMTS) provides technological improvements over the 2G GSM networks. Furthermore, it also rectifies the security loopholes that were there in the GSM networks. Describe and explain, what security issues were there in the GSM networks which have been rectified in the UMTS. What additional security features have been included in UMTS due to technological enhancements? Note that, due to words limit, you are expected to give a brief of issues and their solutions correspondingly. (500 Words) Assessment details: For each of the questions, the following marking scheme will be applied: Introduction 10% Background Knowledge: 40% Analysis/Rationalization: 40% Referencing and Presentation: 10% Your answers will be assessed on the depth and breadth of your arguments, evidence of research, and overall quality of presentation. It will be expected to have an appropriate introduction and to be supported by references. Threshold Criteria (these are indicative only): To achieve a 3rdclass (40%+), all answers must demonstrate an understanding of the key steps to undertaking research and analysis of security related issues, encryption algorithms, protection mechanisms and propose some solutions. To achieve a 2.2 (50%+), all answers demonstrate a good understanding of the key steps to undertaking research and analysis of security related issues, encryption algorithms, protection mechanisms and propose some solutions. Some evidence of referencing. To achieve a 2.1 (60%+), all answers must demonstrate a very good understanding of the key steps to undertaking research and analysis of security related issues, encryption algorithms, protection mechanisms and propose some solutions giving rationale for your solutions. Evidence of referencing throughout. To achieve a 1st (70%+), all answers must demonstrate an excellent understanding of the key steps to undertaking research and analysis of security related issues, encryption algorithms, protection mechanisms and propose some solutions giving rationale for your solutions. It is expected that there would be a good use of references to support the accompanying commentary.
