INTE2625 Introduction to Cyber Security

Assessment 1: Industry-focused security report and reflection

Due date: Friday, 19th  May 2023 23:59 (Melbourne time)

Weighting: 40%

Word limit: Report: 10– 15 pages (+/-10%); Reflection: 400 words (+/-10%)

Assessment type: Report / Reflection

Group or individual assessment: Individual

Overview

During this course, you’ve learned about two types of encryptions (AES and RSA) that provide     confidentiality and how to create and/or verify digital signatures. In this assessment, you’ll use the GPG package and Kali Linux to work through three sets of tasks in the following areas: symmetric encryption, public key encryption and digital signatures. You’ll follow the detailed instructions and document your work in a report. After completing the report, you’ll write a short reflection to           demonstrate your understanding of the concepts and value proposition of these concepts to real- world applications.

Purpose

Ensuring the confidentiality of information is vital to business communications for many reasons,  including competitive advantage, privacy, remote user authentications and data integrity. In this    environment, encryption skills are an important asset. In this assessment, you’ll demonstrate your ability to use encryption algorithms to generate keys, safeguard files, distribute encryption keys    securely and create digital signatures using these tools.

What do you need to deliver?

•    1 x Report (10– 15 pages with screenshots)

•    1 x Reflection (400 words)

Tools

•    Kali Linux

•    Lab manual

Course learning outcomes

This assessment is linked to the following course learning outcomes:

Marking criteria

This assessment will measure your ability to:

Part 1: Report (30 points)

•    Respond to prompts and complete tasks accurately (13 points)

•    Describe details of task execution clearly (12 points)

•    Explain key functions in data encryption (5 points)

Part 2: Reflection (10 points)

•    Demonstrate understanding of cyber security hygiene concepts (5 points)

•    Communicate ideas clearly and reference appropriately (5 points)

Assessment details

To complete this assessment, you’ll need to use Kali Linux (refer to Week 1 for more information if required). Each step in Part 1 must be included in your report, along with screenshots documenting your work and the results.

Part 1: Report

Divide the report into three sections:

Symmetric encryption

1.   Encrypt a file of your choosing (text or binary) using the AES algorithm.

2.   Decrypt the encrypted file.

3.   Explain the following: If you encrypt a file using symmetric encryption and want someone else to decrypt it, how could you safely share the passphrase?

Public key encryption

1.   Generate keys of three different sizes (800, 2048, 4096) (for RSA encryption scheme and include these keys in the report.

2.   Check the key files and estimate the number of decimal digits of the keys and write your estimates.

3.   Encrypt your file (used in section one) using three keys and record your results and note the observation.

4.   Explain why GPG encryption and decryption are quite fast.

5.   Create a new file of close to 1 GB and encrypt and decrypt it and note the time taken.      Comment on the reason why this much time has been taken. Calculate how long it would take to do the encryption/decryption of a data file of 10 GB.

6.   Export your public key and discuss the reason why your exported key should be in ASCII format.

7.   Encrypt a new file and output the cipher text in ASCII format. Explain when you need cipher text in ASCII format.

NOTE: You’ll need a second account to complete the remaining tasks in this section.

8.   Create a second account and name this account “Alice” .

9.   Email your public key to Alice.

10. As Alice, import your public key into a key ring.

11. As Alice, encrypt your file (used in section one) using the public key and send it back to your original account.

12. Decrypt the encrypted file.

Digital signatures

1.   Sign a file using your private key.

2.   Send the public key to Alice.

3.  As Alice, verify the signed file.

Part 2: Reflection

•   After completing the tasks in Part 1, reflect on your use of encryption and the role of cryptography by carrying out the following:

o Compare the difference between symmetric encryption, public key encryption and signing based on the experiments.

o Discuss the role of cryptography in securing the communication of confidential documents.

Recommended length and structure

Please use headers to clearly identify Part 1 (Report) and Part 2 (Reflection). Please structure this assessment as follows:

•    Part 1: Report (10– 15 pages with screenshots)

o  symmetric encryption

o  public key encryption

o  digital signature

•    Part 2: Reflection (400 words)

Required references

Part 1

Part 1 doesn’t require referencing, but you may wish to refer to websites or manuals as you work through your tasks.

Part 2

Please cite at least two sources in Part 2. You may use your course textbook or other books, journals, websites or news articles accessed within or outside of the course.

Referencing guidelines

UseHarvardreferencing style for this assessment. If you are using secondary sources, include these as a reference list in your report.

You must acknowledge all the sources of information you have used in your assessments.           Refer to theRMIT Easy Citereferencing tool to see examples and tips on how to reference in the appropriate style. You can also refer to theLibrary referencing pagefor other tools such as          EndNote, referencing tutorials and referencing guides for printing.

Submission instructions

The assessment will be submitted in Canvas as an MS Word upload.

Academic integrity and plagiarism

Academic integrity is about the honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge, and ideas.

You should take extreme care that you have:

•    acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e., directly copied), summarised, paraphrased, discussed, or mentioned in your    assessment through the appropriate referencing methods

•    provided a reference list and /or bibliography of the publication details so your reader can locate the source if necessary. This includes material used from Internet sites.

If you don’t acknowledge the sources of your material, you may be accused of plagiarism because   you have passed off the work and ideas of another person without appropriate referencing, as if they were your own.

RMIT University treats plagiarism as a very serious offence constituting misconduct.

Plagiarism covers a variety of inappropriate behaviours, including:

•    failure to properly document a source

•    copyright material from the internet or databases

•    collusion between students.

For further information on our policies and procedures, please refer to theUniversity website.

Assessment declaration

When you submit work electronically, you agree to theassessment declaration.