Description
INM443 Cryptography
MSc in Cyber Security
MSci in Computer Science with Cyber Security
Ethical Hacking (Term 1)
Description
The scope of this coursework is to sharpen your computing skills and practice
security in computing/communication systems.
In term 1, you play the role of ethical hacker. Note that an ethical hacker is an
expert who attacks a security system on behalf of its owners, seeking
vulnerabilities that a malicious hacker could exploit.
You are challenged to identify flaws in an ecommerce company’s network device,
e.g. an SQL server, which contains customers private data. In particular, you will
need to break SQL server’s crypto components and retrieve customer’s
encrypted credit card secret code (3-digit) of an e-commerce company. The
crypto algorithm used in the encryption of the credit card secret code is RSA
with weak security components. A weak password is also applied to the
administrator account (admin). More information at the Coursework Manual file
in MOODLE.
Output/Report Structure
It is expected to document in detail your methodology and work plan to achieve
your goals. Your submitted report should have the following structure and
include the following information (use screenshots to justify your work):
TERM 1: Report Structure/Contents
- Work Plan (Team Work)
In this section identify the network system you will attack (i.e., OS software
installed, IP addresses). In addition, discover your environment by creating a
map diagram/figure of the computer network found in the company.
[10 marks]
- Breaking the system (2000-3000 words)
In this section identify potential methodologies of attacking the system. As an
example,
- a) Perform a dictionary attack in the admin password to gain access to the SSH
server. Justify your answer.
Clever solutions will earn full marks. Note that in real-life environment
your dictionary or username files are very large.
[20 marks]
- b) Cryptanalyze (by hand) the encrypted email which you will find in your
mailbox to gain useful information. Provide details.
Clever solutions will earn full marks. Consider you don’t have access to
online resources.) [20 marks]
- c) Brute force the admin account password in the SQL server to access the
database. Clever solutions will earn full marks. How would you approach
the brute force if the database is too large? [20 marks]
- d) Retrieve customer’s credit card secret code from the accessed database and
find the RSA private key d.
RSA public key e must be calculated using Shamir’s secret sharing scheme in
a 4 members group (see Table 1 – Coursework Manual pdf file). This part can
be a group/team effort. [20 marks]
- e) Decrypt the secret code using the SageMath tool (more in tutorials).
Clever solutions will earn full marks – Discuss in the report how would you
decrypt the code if you didn’t had access to RSA tools.
Justify your answers.
[10 marks]
- Concluding Remarks
Conclude your work and summarise what you have achieved/what went wrong
(if any) in this coursework.
Grading Criteria
Your mark will cover the coursework assessment component found in module
specifications for INM443. The exact weighting of the current security
assessment report is shown below:
- INM443 Cryptography module (coursework: 30%)
Note that Coursework Report Marking follows the University Assessment and
Feedback Policy:
https://www.city.ac.uk/__data/assets/pdf_file/0009/365292/Assessment-and-Feedback-Policy-Senate-
October-2016-2.pdf
Submission Dates
INM443 MSc/MSci students: The final report submission is due to the 8th of
December (17:00). It is essential to upload a single report in MOODLE under
“Submission Coursework” area.
Working environment
Instructions on your working environment will be given in tutorials/labs of
Cryptography (INM443).
Reviews
There are no reviews yet.