Assessment item 2
Security fundamentals
Task
This assessment aims to develop, and gauge student understanding of the key topics covered so far by answering the following questions. Answering these questions will help you build some understanding for the next assessment item as well as for the entire subject. It is expected that answers to the assignment questions be succinct (i.e. precise and concise) with all sources of information fully referenced as per APA referencing style. You have to reference the text book and any additional material you have used in your answers.
Answers MUST be written in your own words. If an answer contains more than 10% direct quote (referenced or unreferenced), 0 marks will be awarded for this question. One or two sentence answers will be too short and only receive low marks. Answers longer than 1.5 pages (12 point font, single line spacing) may incur a penalty if too much non-relevant information is stated. For mathematical questions it is expected that you show intermediate steps of your working. Just stating the correct solution will result in low marks, on the other hand if the working is correct and you only made minor mistakes, you will still be awarded marks, even though the final answer is wrong.
Question 1 [5 Marks]
Automated Teller Machines (ATM) are designed so that users will provide a personal identification number (PIN) and a card to access their bank accounts. Give examples of confidentiality, integrity and availability requirements associated in such a system and describe the degree of importance for each requirement.
Question 2 [5 Marks]
A thief broke into an Automated Teller Machine (ATM) using a screwdriver and was able to jam the card reader as well as breaking five keys from the keypad. The thief had to halt the process of break-in and hide, as a customer approached to use the ATM. The customer was able to successfully enter their ATM card, punch in the 4 digit PIN and was able to draw out some cash. Since the card reader was jammed, the customer was however not able to withdraw the ATM card and drove off to seek some help. In the meantime, the thief came back and decided to try to discover the customer’s PIN so that he can steal money from the customer. You are required to calculate the maximum number of PINs that the thief may have to enter before correctly discovering the customer’s PIN?
Question 3 [5 Marks]
Thinking about bio-metric authentication, list three reasons why people may be reluctant to use bio-metrics. Describe various ways of how to counter those objections.
Question 4 [5 Marks]
In bio-metric authentication, false positive and false negative rates can be tuned according to the requirement, and they are often complementary i.e. raising one lowers the other. Describe two circumstances where false negatives are significantly more serious than false positives.
Question 5 [10 Marks]
Transposition is one known method of encrypting the text. What can be one way that a piece of cipher text can be determined quickly if it was likely a result of a transposition? Utilising some of the decryption techniques (substitution and others) covered in the subject so far, you are required to decipher (find the plain text) the cipher text that will be provided to you closer to the assessment due date via the subject site. In order to present your solution, you need to demonstrate and explain the steps taken to decipher this text
QUESTION 5 – CIPHER :
Jack is a successful lawyer who runs a law firm that deals with sensitive cases. In 2017, after the widely known ransomware attacks, their data was compromised. As a protective measure, he requested that all employees must encrypt their messages to each other. Employees generally exchange instructions or case updates with messages that are no longer than thirty characters each. For the purpose of hiding the meaning of the messages, they were told to encrypt them using Caesar cipher substitution then using another substitution where the key is 567. Once the message is processed through the aforementioned methods, they added an extra layer of security by encrypting the message with One Time Pad that increments by one each time it’s used but remains less or equals to 15 for encryption and decryption. For one particular message between two employees, that key was:
7,15,12,6,8,9,4,2,1,13,12,5,3,1,8,15,6,4,8,12,8,10,9,14,6,11,13,2,4,6
When the receiver received the message, he/she received the following ciphertext: LC DOMX IZY XVHP XMJQSH AANW FIHABRT
What is the plaintext?
Presentation
• Students must ensure that all tasks/questions are identified clearly with headings.
• Answers to the questions must be in your own words and should be precise but complete and informative. No marks will be awarded for any answer containing more than 10% direct quotes (referenced or un referenced).
• APA reference style must be used throughout the document with the bibliography at the end of the document. In-text citations should also follow APA style. APA referencing guide can be accessed via the following link. This also forms a part of the marking rubric. http://student.csu.edu.au/study/referencing-at-csu
Please note: Assessment MUST be submitted as ONE MS Word file via TURNITIN. Please do not submit *.zip or *.rar or multiple files. Assessments are marked and feedback is attached using a MS Word based tool. Reports that are submitted in PDF format will be re-formatted to Word format in order to be marked. Allowances will not be made for any loss of information, diagrams or images as a result of the re-formatting.