, Page 1 of 17 School of Science COSC2536/2537 Security in Computing and Information Technology Assignment 2 Assessment Type: Individual assignment; no group work. Submit online via Canvas→Assignments→Assignment 2. Marks awarded for meeting requirements as closely as possible. Clarifications/updates may be made via announcements/relevant discussion forums. Due date: Week 10, Friday the 2nd October 2020 11:59pm Deadlines will not be advanced, but they may be extended. Please check Canvas→Syllabus or via Canvas→Assignments→Assignment 2 for the most up to date information. As this is a major assignment in which you demonstrate your understanding, a university standard late penalty of 10% per each working day applies for up to 5 working days late, unless special consideration has been granted. Weighting: 45 marks (Contributes 45% of the total Grade) 1. Overview The objective of Assignment 2 is evaluating your knowledge on the topics covered mainly in Lecture 5 to 10. Topics include Privacy-preserving computations based on RSA, ElGamal and Paillier Cryptosystems; Digital Signature, Blockchain and Cryptocurrency, Digital Authentication & Security Protocols, and Digital Authorization and Intrusion Detection. However, topics covered in Lecture 1 to 10 are required as prerequisite. Assignment-2 will focus on developing your abilities in application of knowledge, critical analysis and decision making. Assignment 2 contains several problems related to the topics mentioned above. You are required to prepare your answers and upload them as a single PDF or Word document in CANVAS. Some of the questions require video demonstrations and code submission in the CANVAS. For a video demonstration, you are required to upload your video in the Youtube (private link) or any other platform and provide the link in the PDF document. The corresponding code should be uploaded as ZIP file on the CANVAS. In this assignment, there are 6 (six) questions in total. Question 1 is about designing Privacy Preserving System. The question has two options. You need to answer any 1 out of two options. In the first option, you are required to design a privacy-preserving revenue model using the homomorphic property of the Exponential ElGamal cryptosystems. In the second option, you are expected to apply your understanding of privacy preserving computation in the context of electronic voting (E-Voting) based on the homomorphic property of Paillier Cryptosystems. Question 2 is about the application of Digital Signature Schemes. In this question, you are expected to demonstrate your understanding of the RSA digital signature scheme and its security limitation. You are required to show step- by-step processes of how RSA digital signature can be forged. Marks will be deducted if you fail to show the detail computation correctly, skip the computation steps, or do not provide explanations. Question 3 is about showing your understanding on secure data hiding. In this question, there are 2 (two) options: Q3(a) and Q3(b). You need to choose any 1 out of the two options. In question Q3(a), you are required to , Page 2 of 17 implement an image steganography method based on LSB Image steganography algorithm. In question Q3(b), you are required to discuss embedding and extraction methods using Text steganography algorithm on HTML source. You should describe detail steps of the steganography with necessary screenshots. Question 4 is related to the implementation of a secure file sharing system based on the concept of public-key cryptosystem-based encryption-decryption and digital signature. You should use OpenSSL and IPFS commands to show step by step processes to perform the secure file sharing tasks. you are expected to provide screenshots of the outcomes for commands. Marks will be deducted if you fail to show the commands correctly, skip any command, or do not provide screenshots. Question 5 is on report writing on Blockchain or implementation of a blockchain-based system. Only for this question, you can submit the solution individually or in a group. In the case of a group submission, the maximum group members can be 3 (three), and you must mention the names of group members in the solution of this question. In this question, there are 2 (two) options: Q5(a) and Q5(b). You need to choose any 1 out of the two options. The first option Q5(a) is on report writing and the option, Q5(b) is about the implementation of a blockchain-based system. If you select Q5(a), you are expected to demonstrate your understanding of the Blockchain and write a well-organized report on a given topic. We are looking for interesting and innovative system design in the report. The report should be appended in the same document where you write the answers for other questions. Further instructions are given in the question. If you select Q5(b), you are expected to implement a blockchain system for a given scenario. You should describe detail steps of implementation with necessary code segments. Additionally, you need to provide a video demonstration and submit the code on the CANVAS. For a video demonstration, you are required to upload your video in the Youtube or any other platform and provide the link in the PDF document. The corresponding code should be uploaded as a ZIP file on the CANVAS. Question 6 is related to analyzing the security of authentication protocols. Your answer should contain necessary explanation. Marks will be deducted if you fail to provide the explanation correctly for all of the protocols. Develop this assignment in an iterative fashion (as opposed to completing it in one sitting). You should be able to start preparing your answers immediately after Lecture-5 (in Week-5). At the end of each week starting from Week- 5 to Week-10, you should be able to solve at least one question. If there are questions, you must ask via the relevant Canvas discussion forums in a general manner. Overall, you must follow the special instructions below: • You must fulfil the requirements in the questions. • For the questions that require implementation, you must implement the functionalities stated in the questions. Any change in a user interface is acceptable if the functionality is there. • In your solution, you must show all of the steps with necessary code segments and screenshots for each question. • Upload your solution as a single PDF or Word document in CANVAS. Also, upload codes as a single ZIP file in the CANVAS. • Do not put the PDF withing the ZIP file. 2. Assessment Criteria This assessment will determine your ability to: • Follow requirements provided in this document and in the lessons. • Independently solve a problem by using cryptography and cryptanalysis concepts taught over the last six weeks from fifth to tenth weeks of the course. , Page 3 of 17 • Meeting deadlines. 3. Learning Outcomes This assessment is relevant to the following Learning Outcomes: 1. CLO 1: explain the functioning of security services in computing environments and the security issues in networked applications. 2. CLO 2: discuss various types of data integrity and confidentiality mechanisms including public key cryptography. 3. CLO 3: describe basic system security mechanisms and protocols, such as those used in operating systems, file systems and computer networks. 4. CLO 4: analyse the overarching importance of IT security in areas such as networking, databases, operating systems, and web systems. 5. CLO 5: apply privacy principles in basic practical settings in IT environments. 6. CLO 6: analyse and evaluate the security of computing and IT systems on a practical level and privacy related issues in computing. 4. Assessment details Please ensure that you have read Section 1 to 3 of this document before going further. Assessment details (i.e. question Q1 to Q6) are provided in the next page. , Page 4 of 17 Q1. Privacy Preserving Secure Models (Marks: 8) You need to answer any 1 of the following questions: (a). Privacy Preserving Revenue Model Nowadays, many business organizations prefer outsourcing their business data (e.g. sales data) to cloud platforms. A cloud platform provides data storage and computation as services that are cost-effective for business organizations. For example, a business organization with multiple branches uses cloud platform for storing collected sales data from different branches and computing the sales revenue remotely. However, outsourcing sensitive sales data to the cloud introduces privacy risk for the business organization. Giving an example, the cloud service provider can collect sensitive sales data of business organization and reveal them to the competitor business organizations. In order to protect sensitive sales data from misuse, a privacy- preserving computation technique can be used. In a privacy-preserving computation technique, sales data can be encrypted at a branch before sending it to the cloud. The cloud can perform revenue calculations on encrypted sales data. The business owner can collect encrypted revenue from the cloud and decrypt to get the plaintext sales revenue. Figure-1.1: Privacy-preserving revenue model The homomorphic property of the Exponential ElGamal Cryptosystem allows multiplication of encrypted numbers. Therefore, the Exponential ElGamal Cryptosystem can be used in developing a privacy-preserving revenue calculation application. • In this task, you need to design a privacy-preserving revenue calculation application as shown in Figure-1.1 using the Exponential ElGamal Cryptosystem. Suppose that Alice owns two different shops where she sells mobile phones of a specific brand. With the help of a cloud server, Alice wants to know how much she earned by selling the mobile phones in both shops remotely in a privacy- preserving manner. An example of sales information is shown in Table-1: Your designed privacy-preserving revenue calculation application must fulfil the following requirements: • The number of shops should be two and named as Shop-1 and Shop-2. • Alice generates public and private keys using the parameters: a prime number p = 6451, a generator g , Page 5 of 17 = 4599, and a private key x = 193. • Each shop is considered as sender and encrypts the number of mobile phones sold. • Each shop sends the price rate of mobile phones to cloud as plaintext. • The cloud server receives encrypted numbers of mobile phones sold and the unit prices from different shops and computes the total revenue. Finally, the cloud server sends the encrypted revenue to the owner, Alice. Only Alice should be able to decrypt Total earning. Table-1: Sales information of Shop-1 and Shop-2 Shops Shop-1 Shop-2 Phones sold 20 25 Price rate 50 30 Total Earning per shop 1000 750 Total Earning 1750 Show detail step-by-step computations of the key generation, encryption, homomorphic computations and decryption processes for the given details shown in Table-1. [Note: Refer to the lecture-5 and tutorial-5.] [If you are interested to implement a broader version of this system as the Capstone/Honours project, please contact the Lecturer] (b). Privacy Preserving Online Voting System Recently, several controversies have been observed in the voting around the world. Even electronic voting can be manipulated1. In an electronic voting system, the voting authority cannot be trusted completely as it can be biased. Using privacy preserving online voting system removes controversy in voting system. In this privacy preserving online voting system, voters encrypt their votes in the voting booth before sending them to the voting authority. A voting server records each encrypted vote and determines the voting result on behalf of the voting booth as the voting booth does not have enough computation power. The encrypted result is sent to the voting authority who determines the winner based on encrypted votes. The homomorphic property of the Paillier Cryptosystem allows addition of encrypted numbers. Therefore, the Paillier Cryptosystem can be used in developing a privacy-preserving online voting application. In this task, you need to design a privacy preserving online voting system as shown in Figure-1.2 using the Paillier cryptosystem. Suppose that a group of students want to elect their club president. Your designed privacy-preserving voting application must fulfil the following requirements: • Votes must be encrypted from Voting Booth using Paillier Cryptosystem before sending them to the Voting Server. • A vote is an integer number which should be equivalent to a 12-bit binary string. • The number of candidates should be three. For example, ALICE, BOB, and EVE. • The number of voters can be maximum 16. • Assume that four voters will vote for ALICE, three voters will vote for BOB, and three voters will vote for EVE. after counting the votes, the Voting Authority (VA) should find four votes for Alice, three votes for BOB, and three votes for EVE. • The Voting Authority chooses p=107, q=61 and select g=7019. , Page 6 of 17 • The private numbers chosen by 10 voters and their votes are as follows: Voter No. Voter’s Private Number, r Vote for Voting message, m 1 71 ALICE 000100000000 = 256 2 72 ALICE 000100000000 = 256 3 73 ALICE 000100000000 = 256 4 74 ALICE 000100000000 = 256 5 75 BOB 000000010000 = 16 6 76 BOB 000000010000 = 16 7 77 BOB 000000010000 = 16 8 78 EVE 000000000001 = 1 9 79 EVE 000000000001 = 1 10 80 EVE 000000000001 = 1 • The Voting Authority sets up required public and private keys and makes the public-keys to all voting booth before the vote starts. Figure-1.2: Privacy-preserving voting system Show detail step-by-step computations of the key generation, encryption, homomorphic computations, and decryption processes for votes of 10 voters. [Note: Refer to the lecture-5 and tutorial-5.] [1. https://www.dw.com/en/democracy-in-danger-elections-are-easy-to-manipulate/a-45858161] [If you are interested to implement a broader version of this system as the Capstone/Honours project, please contact the Lecturer] ALICE BOB EVE Candidates , Page 7 of 17 Q2. Forging Digital Signature (Marks: 4) The working procedure of the digital signature is illustrated in Figure-2.1. Figure-2.1: Overview of the Digital Signature Recently, Charlie has repaired Alice’s laptop. Alice creates a message for Bob as follows: Figure-2.2 (a): Message signed and sent by Alice to Bob Alice creates the hash of the above message and signs the hash with her RSA private key and sends the message and signed hash value to Bob via email. Charlie is a smart tech person who compromises Alice’s network and captures the email that is sent to Bob. Charlie modifies the content of the message, creates a hash of the message and generates a new signed hash value using Alice’s signature. In other words, Charlie modifies the content of the message, performs a cryptanalysis to identify Alice’s private key, and signs the hash of the message with the signature of Alice. Charlie sends the modified email to Bob. The modified message looks like the following: Figure-2.2 (b): Modified message created by Charlie with Alice’s digital signature Figure-2.2 (b): Forged Message (modified message) created by Charlie and sent to Bob Bob opens Alice’s message in his email and finds the message in Figure-2.2(b). Bob verifies Alice’s digital signature using Alice’s RSA public key and finds that the signature has been created by Alice. Hence, Bob trusts the message and pays $200 to Charlie. There are some assumptions as follows: • Charlie knows that Alice used RSA based digital signature to sign the message. • Charlie collects Alice’s RSA public key (i.e., modulus n and public exponent e) and finds the equivalent decimal numbers as follows: Hi Bob, Please pay $100 to Charlie. Thanks, Alice Hi Bob, Please pay $200 to Charlie. Thanks, Alice , Page 8 of 17 • Charlie knows that Alice uses MD5-Hash algorithm generate the hash of the message before signing it. In this task, you need to show how Charlie forges Alice's signature and change the payable amount. To do this: 1) Show how to determine p and q from n and compute the private-key d using prime factorization method. Use online prime factorization calculators to find p and q. 2) Show how Charlie would hash the forged or modified message as shown in Figure-2.2(b) and sign the hash using Alice’s private-key. Also, show how Bob would verify the signature using Alice’s public-key. 3) To prevent this signature forgery will ElGamal Signature approach offer a better and robust solution? Justify why or why not. [Note: Refer to the lecture-6 and tutorial-6.] Q3. Hiding Secret Message in Images (Marks: 3) You need to answer any 1 of the following question: (a) Image Data Hiding The XYZ Gallery preserves digital copies of different famous art works. Assume that Alice works as a painting expert for XYZ Gallery. Alice is sent two image files (see Figure-3) from two different sources that are the digital copies of the famous Mona Lisa, created by the Italian artist Leonardo da Vinci. As a painting expert, Alice’s job is to identify the digital copy of the original Mona Lisa from the received image files. After the verification, Alice wants to put a hidden message “Real Mona Lisa” inside the Figure-3(a) and another message “Fake Mona Lisa” within the Figure-3(b). (a) mona_lisa_real.png (b) mona_lisa_fake.png Figure-3: Image files for LSB Image Steganography: (a) real image, (b) fake image Assume that you are Alice’s friend and know secure data hiding technique very well. So, she asks you to develop a program that will hide a secret message in an image file using secure data hiding technique. Using LSB Image steganography technique, you need to develop the program that will take an image file as input, hide the corresponding secret message within the image file, and generate a stego key (SK). The n = 3585650403147635920968822644931356870369 e = 887 , Page 9 of 17 program should also be able to extract the secret message from an image if the appropriate stego key (SK) is provided. Use any programming language (ex: JAVA, Python, etc.) to perform this task. Upon completion of the implementation, you are expected to: I. Describe the implementation details and user instructions. II. Upload your code in the CANVAS. [Note: Refer to the lecture-8 and tutorial-8.] [If you are interested to implement a broader version of this system as the Capstone project, please contact the Lecturer] (b) Text Data Hiding using HTML File Alice writes articles and publishes on a popular website. Bad people copy texts of articles from the website and use them somewhere else without permission. To ensure the copyright of all articles, the website uses one of the text data hiding techniques for HTML source files. The website hides a secret code of each author in the HTML source of article page. It is assumed that the source code of a HTML file contains many color codes. The color code of a HTML source file is typically a 6 (six) character hexadecimal string. An example of the color code is given in RED color below: This is a funny text.
The website uses text data hiding methods to hide the bits of a secret code in the color codes of HTML source. Say, Alice has a secret code 101010. The recent article page that Alice has authored has the following HTML source: During World War II, invisible inks offered a
common form of invisible writing. With the
invisible ink, a seemingly innocent letter could
contain a very different message written between
the lines. Therefore, the document text can conceal a
hidden message through the use of null ciphers
(unencrypted message), which perfectly camouflage
the real message in an ordinary letter. Open-coded
messages in which are plain text passages, but they
are shown in only ordinary occurrence. The suspect
communication can be detected by mail filters while
“innocent” messages are allowed to flow through.
There is an example on one of the most significant
null cipher messages sent by a Nazi spy:
"Apparently neutral’s protest is thoroughly
discounted and ignored. Isman hard hit. Blockade
issue affects pretext for embargo on by-products,
ejecting suets and vegetable oils".
By extracting the second letter from each word, this
hidden message can be decoded as:
"Pershing sails from NY June 1".
You are required to discuss the followings: i. Show how would the website hide bits of Alice’s secret code (101010) within color codes of the above HTML source file that would cause minimum distortion. Provide the screenshot of the Cover HTML page after hiding the secret code within the HTML file. ii. What is the stego-key (SK) in this case? iii. Also, show how a verifier would retrieve the secret code from the HTML source using the stego-key (SK). , Page 10 of 17 Q4. Implementation of a Secure File Sharing System for Exam Papers (Marks: 6) Implement a Secure File Sharing System for RMIT University Computer Science Discipline that will ensure sharing sensitive files among authorized users in a secure way. Figure-4: Overview of the file sharing system The implemented Secure File Sharing System should fulfil the following requirements: • The Secure File Sharing System uses public-key cryptography systems for secure communication. • The Secure File Sharing System should have two participants: examiner and reviewer. Each participant creates their own public and private key pair before any communication and publish the public-key for other users. Assume that files are stored in the IPFS-based repository and communication between IPFS repository and any other participant is secure. However, the sender of a message that is sent to the repository needs to be verified. • An examiner creates a file (say, an exam paper), signs the file using his/her private-key to create a digital signature for the file. Let us name this digital signature as DSE1. Next, the examiner stores the file and DSE1 to the IPFS repository for a reviewer’s approval. • A reviewer downloads the file from the IPFS repository and verifies the signature of the examiner. If the signature is verified, the reviewer reviews the file for approval. For the sake of simplicity, we assume that the reviewer approves it. Next, the reviewer signs the file with his/her private-key and creates a digital signature for the file. Let’s name this digital signature as DSR. Finally, the reviewer sends the approved file, along with the digital signature (DSR) of the reviewer, to the IPFS repository. • After receiving the notification from the reviewer, the examiner collects the file and the corresponding digital signature of the reviewer (i.e., DSR) for verifying the digital signature. If the verification is successful, the examiner uses the verified file for exam. An overview of the system is illustrated in Figure-4. You are required to show above steps using OpenSSL with proper commands and corresponding screenshots. Consider IPFS as the data repository and use IPFS “add” command to send file to the IPFS repository and “get” command to collect file from the IPFS repository. IPFS Repository , Page 11 of 17 [Note: Refer to the lecture-3, 4, and 6 and tutorial-3, 4, and 6.] [If you are interested to implement a broader version of this system as the Capstone/Honours project, please contact the Lecturer] Q5. Application of Blockchain Technology - Report Writing or Implementation (Marks: 20) You need to answer any 1 of the following question in a group of maximum 3 (three) people. However, it is absolutely fine if you want to do it individually. (a) Report Writing on Application of Blockchain Technology Write a report on how the blockchain technology can be used to manage pandemic such as COVID19. Please consider one or more of the followings (but not limited to) in your report: i. Explain how arrivals of passengers at the airport could be managed better with blockchain technology in a trustworthy and verifiable manner. ii. Explain how a comprehensive contact tracing can be realized where all state governments share data with each other. iii. Explain how blockchain can be effective for people in hotel quarantine. This should include people coming back to Australia from overseas trips, as well as workers serving residents in quarantine hotels. Also, consider people who are in quarantine but refusing covid-19 tests. iv. Explain how blockchain technology mitigate risks of doctors and nurses serving covid-19 patients at various hospitals. v. Explain how blockchain technology can track large gathering of people (e.g. 50 people being served at restaurants, 20 people attending religious services etc.) better to mitigate covid-19 risks and reduce community transmissions. For readability of the report, and to make it self-contained, you may consider the following in your report: i. Briefly explain your understanding on the Blockchain technology and its usefulness in different applications. ii. Explain with necessary diagrams how your system can be designed using blockchain technology. iii. Explain how the integrity and traceability of data can be achieved using blockchain in your specified system. iv. Explain the advantages and disadvantages of using blockchain technology in your specified system. v. Briefly discuss how existing security and privacy preserving approaches can be adopted for managing sensitive data on the blockchain. The report should be developed in a well-structured manner. You must provide necessary diagrams based on your own thoughts as well as collected from different sources. You must provide necessary references (at least 20) using APA referencing style including both research and online articles. Articles can be searched in: • Google, • Google Scholar (https://scholar.google.com/), • IEEEXplore (https://ieeexplore.ieee.org/Xplore/home.jsp), etc. , Page 12 of 17 Texts should be presented in IEEE Double-Column format with maximum 6 pages. For your convenience, a MS Word template for the report is provided in the Assignment-2 Home Page on CANVAS. [Note: Refer to the lecture-7 and tutorial-7.] (b) Implementation of a Blockchain-based Student Data Management System Implement a blockchain-based Student Data Management System that will ensure integrity and traceability of student academic data. The implemented blockchain-based Student Data Management System should fulfil the following requirements: • The student data management system should have two types of users: admin, and employer • Admins are responsible for adding or updating student records, while employer can see and verify student records. Say, student records include Student Number, Student Name, Date of Birth (DOB), Degree Name, Graduation Year, and CGPA. • Student data should be sent to the data server. The data server cluster (set of P2P computers) is a collection of three servers and maintains the same copy of the student data. Each data server maintains a Merkle tree of hash values of data. • Employers can verify if all of the data servers have the same copy of a particular student data. If all of the data servers have the same copy, the employer accepts the data. Otherwise, the data is rejected. Figure-5: Overview of the file sharing system An overview of the system is shown in Figure-5. , Page 13 of 17 You are allowed to use any programming language or scripting language such as Java, PHP, Python, JavaScript, etc. A good graphical user interface (GUI) is expected. However, you can also provide user friendly command- line user interface. Upon completion of the implementation, you are expected to: I. Create a report containing the implementation details and user instructions. II. Upload your code and report in the CANVAS. [Note: Refer to the lecture-8 and tutorial-8.] [If you are interested to implement a broader version of this system as the Capstone/Honours project, please contact the Lecturer] Q6. Designing a Secure Authentication Protocol for a One-to- One Secure Messaging Platform (Marks: 4) WhatsApp, the Facebook-owned messaging platform, has been compromised by security issues recently and conversations of multiple celebrities, including world’s richest man Zeff Bezos, have been leaked (see the link at the end of this question). Therefore, many celebrities are now looking for a one-to-one secure messaging platform. Figure-6: Overview of the secure mutual authentication and key establishment protocol Assume that David is a software engineer in XYZ IT Company. He has been assigned a task to design a secure mutual authentication and key establishment protocol for a new messaging software. In the software, two users (ex: Alice and Bob) needs to exchange messages to achieve mutual authentication and establish a secure session key (K) before the start of the conversation as shown in Figure-6. According to the given scenario, Alice and Bob should exchange three messages to achieve mutual authentication and establish the secure session key (K). Assume that Alice is the initiator of the communication. Alice sends “Message 1” to Bob and Bob replies with “Message 2”. David is thinking several protocols and analyzing their security strength. The prospective security protocols are as follows: a) In protocol-1, Message 1: E(“Alice”, K, RA, KAB), Message 2: RA, E(RB, KAB) b) In protocol-2, Message 1: “Alice”, E(K, RA, KAB), Message 2: RA, E(RB, K) c) In protocol-3, Message 1: “Alice”, E(K, RA, KAB), Message 2: RA, E(RB, KAB) d) In protocol-4, Message 1: “Alice”, RA, Message 2: E(K, RA, RB, KAB) In this task, you need to critically analyze the above protocols and clearly explain which protocol or protocols would be secured and why. Notations are summarized below: , Page 14 of 17 K : Session key RA : Nonce generated by Alice RB : Nonce generated by Bob KAB : Shared secret key between Alice and Bob E(“Message”, KAB) : Symmetric Encryption Function that encrypts “Message” using KAB [Note: Refer to the lecture-9 and tutorial-9.] Reference: https://www.forbes.com/sites/zakdoffman/2020/01/25/whatsapp-users-beware-this-stupidly-simple-new- hack-puts-you-at-riskheres-what-you-do/#3b1541a11d76 5. Academic integrity and plagiarism (standard warning) Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge and ideas. You should take extreme care that you have: • Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly copied), summarized, paraphrased, discussed or mentioned in your assessment through the appropriate referencing methods, • Provided a reference list of the publication details so your reader can locate the source if necessary. This includes material taken from Internet sites. If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own. RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of inappropriate behaviors, including: • Failure to properly document a source • Copyright material from the internet or databases • Collusion between students For further information on our policies and procedures, please refer to the University website. 6. Assessment declaration When you submit work electronically, you agree to the assessment declaration. , Page 15 of 17 7. Rubric/assessment criteria for marking All of the computations must be correct and only provided values must be used. Instructions must be followed. Criteria The characteristic or outcome that is being judged. Total Question 1 Privacy Preserving Secure Models Step-by-step processes are shown with detail computations. All of the computations shown are correct. Step-by-step processes are shown with detail computations. Most of the computations are correct with few errors. Step-by-step processes are shown with detail computations. Most of the computations are incorrect with few correct computations. Step-by-step processes are not shown with detail computations. All of the calculations are wrong. Not answered. 8 Marks 8 Marks 6 Marks 4 Marks 2 Marks 0 Marks Question 2 Forging Digital Signature Step-by-step processes are shown with required explanation. All of the computations are shown correctly in detail. Effectiveness of ElGamal Signature is well justified. Step-by-step processes are shown with required explanation. Not all of the computations are shown correctly in detail. Effectiveness of ElGamal Signature is NOT well justified. Steps that are shown partially correct and explanations are not up to the mark. Or, Steps are not shown correctly. Effectiveness of ElGamal Signature is NOT well justified or justification is NOT provided. Steps that are shown are not correct. Or, The answer is incomplete. Not answered. 4 Marks 4 Marks 3 Marks 2 Marks 1 Marks 0 Marks Question 3 Hiding Secret Message Steps of Data Hiding and extraction are described as per the requirements. Stego-Key is provided. Or, Steps of Implementation is described properly. Code works fine. Code is provided in the CANVAS. Steps of Data Hiding and extraction are described as per the requirements. Stego-Key is not provided. Steps of Implementation is described properly. Code works fine. Code is not provided in the CANVAS. Steps of either Data Hiding or extraction are described as per the requirements. Stego- Key is provided. Steps of Implementation is described properly. Code is provided in the CANVAS. But, code does not works. Steps of either Data Hiding or extraction are described as per the requirements. Stego-Key is not provided. Steps of Implementation is not described properly. Code is provided in the CANVAS. But, code does not works. Or, code is not provided. Not answered 3 Marks 3 Marks 2 Marks 1.5 Marks 1 Marks 0 Marks , Page 16 of 17 Question 4 Implementation of a Secure File Sharing System for Exam Papers OpenSSL and IPFS Commands 6 Marks Answer is correct All of the commands are correctly and sequentially presented with appropriate screenshots 4 Marks. Answer is correct but not structured All of the commands are correct. But commands are not sequentially presented. Appropriate screenshots are provided. 3 Marks Answer is partially correct Some of the commands are correct. Commands are not sequentially presented. However, appropriate screenshots are provided for the correct commands. 2 Marks Only few commands are correct Sequence of the commands are not followed Or some of the commands are missing Or screenshots are insufficient/ missing 1 Marks Answer is not correct Or Not answered 0 Marks Question 5(a) Report Writing Report Writing on Application of Blockchain Technology The report is prepared fulfilling all of the requirements The report is prepared fulfilling all of the requirements. However, could have been better. The report is prepared fulfilling all of the requirements. However, the content is not enough to express the main theme of the given topic. The report is NOT prepared fulfilling all of the requirements. The key topics are not well connected. Presentation is poor The report addresses only few of the requirements. The key topics are missing or not connected. Presentation is poor. None of the requirements are addressed correctly. The key concept is missing. Not answered 20 Marks 20 Marks 16 Marks 12 Marks 8 Marks 6 Marks 4 Marks 0 Marks Question 5(b) Implementation of a Blockchain- based Student Data Management System Implementation Implementation is described with proper screenshots. Video demonstration is provided. Code is provided in the CANVAS. Implementation is described with proper screenshots. Video demonstration is provided but not up to the mark. Code is provided in the CANVAS. Implementation is described with proper screenshots. However, functionalities or user interface could have been better. Description is not provided with proper screenshots. Video demonstration is provided but not up to the mark. Code is provided in the CANVAS. The implementation does not fulfil all the requirements. Description is not provided with proper screenshots. Video demonstration is provided but not up to the mark. Code is provided in the CANVAS. The implementation does not fulfil all the requirements. Description is not provided with proper screenshots. Video demonstration is NOT provided. Code is provided Only a few requirements are fulfilled. Descriptions and implementation is not adequate. None of the video demonstration and code is provided. Not answered , Page 17 of 17 in the CANVAS. 20 Marks 16 Marks 12 Marks 8 Marks 6 Marks 4 Marks 0 Marks Question 5 Designing a Secure Authentication Protocol for a One-to-One Secure Messaging Platform Analysis on all of the scenarios in the given authentication protocols is presented clearly. Analysis on 3 scenarios in the given authentication protocols is presented clearly. Analysis on 2 scenarios in the given authentication protocol is presented clearly Analysis on only 1 scenario in the given authentication protocol is presented clearly Not answered 4 Marks 4 Marks 3 Marks 2 Marks 1 Marks 0 Marks 欢迎咨询51作业君