MN502 Assessment Title Recent Attacks and Cryptography

Prepared by: Dr Wanod Kumar Moderated by: Dr Ammar Alazab July, 2020
Assessment Details and Submission Guidelines
Trimester T2 2020
Unit Code MN502
Unit Title Overview of Network Security
Assessment Type Assignment-1: Individual Assessment
Assessment Title Recent Attacks and Cryptography
Purpose of the
assessment (with
ULO Mapping)
Students should be able to demonstrate their achievements in the following unit
learning outcome:
 Analyse and discuss common emerging threats, attacks, mitigation and
countermeasures in networked information systems
Weight Total Weight of the Assignment 1 is 15%.
 Assignment 1-Part A: 5%
 Assignment 1-Part B: 10%
Total Marks  Assignment 1-Part A: 20 Marks
 Assignment 1-Part B: 40 Marks
Word limit  Assignment 1-Part A: 600 Words
 Assignment 1-Part B: 1200 Words
Due Date  Assignment 1-Part A: Tuesday 04/08/2020 (Week 3)
 Assignment 1-Part B: Tuesday 01/09/2020 (Week 7)
Submission
Guidelines
 All work must be submitted on Moodle by the due date along with a
completed Assignment Cover Page.
 The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body)
font and 2.54 cm margins on all four sides of your page with appropriate
section headings.
 Reference sources must be cited in the text of the report and listed
appropriately at the end in a reference list using IEEE referencing style.
Extension  If an extension of time to submit work is required, a Special Consideration
Application must be submitted directly on AMS. You must submit this
application three working days prior to the due date of the assignment.
Further information is available at:
https://www.mit.edu.au/about-us/governance/institute-rules-policies-andplans/policies-procedures-and-guidelines/assessment-policy
Academic
Misconduct
 Academic Misconduct is a serious offence. Depending on the seriousness of
the case, penalties can vary from a written warning or zero marks to
exclusion from the course or rescinding the degree. Students should make
themselves familiar with the full policy and procedure available at:
http://www.mit.edu.au/about-mit/institute-publications/policiesprocedures-and-guidelines/Plagiarism-Academic-Misconduct-PolicyProcedure. For further information, please refer to the Academic Integrity
Section in your Unit Description.
MN502 Overview of Network Security Page 2 of 4
Prepared by: Dr Wanod Kumar Moderated by: Dr Ammar Alazab July, 2020
Assignment Description
Assignment 1 is divided into two parts. Part A focuses on the recent attacks and security
principles. Part B is about cryptoperiods and cryptographic transport protocol.
Part A: Recent Attacks and Security Principles
One area that has been especially frequent target of attacks is the information technology
(IT). A seemingly endless array of attacks is directed at individuals, schools, businesses, and
governments through desktop computers, laptops, and smartphones [1]. In this part of the
assignment, select any two of the recent attacks (which happened in the years 2019-2020)
from the Information is Beautiful World’s Biggest Data Breaches website
https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breacheshacks/.. Carry out an in-depth literature review about these two attacks. Your discussion must
address the following points with proper in-text citations.
1. Identify and discuss the main reasons for these attacks being successful.
2. Report the importance of key terms in the information security: asset, threat, threat
actor, vulnerability, attack vector, attack surface in the context of these two attacks.
3. Analyse how could these attacks have been prevented if the five fundamental
security principles- layering, limiting, diversity, obscurity, and simplicity- had been
applied?
Part B: Cryptoperiods and Cryptographic Transport Protocol
In this part of the assignment the student will reflect on the feedback for Part A and discuss
how did it help him/her to accomplish the tasks for the assignment Part B. In this part student
will write report discussing following two sections:
a) Cryptoperiods
A cryptographic key is a value (essentially a random string of bits) that serves as input to
an algorithm, which then transforms plain text into ciphertext (and vice versa for
decryption). One of the important characteristics that determines key strength is its
cryptoperiod [1]. Or the length of time for which the key is authorised for use.
1. From current literature survey, critically analyse and discuss cryptoperiods for hash,
symmetric, and asymmetric algorithms. Find at least three sources for each of the
algorithms (select two algorithms from each category).
2. Draw a table to list the algorithms and the recommend time, and then calculate the
average of each.
3. Provide recommendation on the cryptoperiods for each selected algorithm.
b) Cryptographic Transport Protocol
Hypertext Transport Protocol Secure (HTTPS) is becoming increasingly more popular as a
security protocol for web traffic. Some sites automatically use HTTPS for all transactions
MN502 Overview of Network Security Page 3 of 4
Prepared by: Dr Wanod Kumar Moderated by: Dr Ammar Alazab July, 2020
(like Google), while others require that users must configure it in their settings [1]. Use
Library/Internet resources to research HTTPS. Based on your research address following:
1. Explain the advantages and disadvantages of HTTPS. How is it different from HTTP?
2. Discuss the server configuration for HTTPS transactions.
3. How does this algorithm protect a guest user communicating over a public Wi-Fi
connection? Should all Web traffic be required to use HTTPS? Why or why not?
Justify your recommendation.
[1] M. Ciampa, Security+ Guide to Network Security Fundamentals, 6th ed. Cengage, 2018.
References
Must consider at least eight (three for part A and five for part B) current references from
journal/conference papers and books. Must follow IEEE referencing style.
Assignment Instructions:
 Do not use Wikipedia as a source or a reference
 Make sure you properly reference any diagrams/ graphics used in the assignment.
Marking Criteria for the Assignment 1-Part A
Assignment 1 –
Part A
Description of the section Marks
Recent Attacks
and Security
Principles
Select any two of the recent attacks (which happened in the
years 2019-2020) and address following points with proper
in-text citations.
 Identify and discuss main reasons for these attacks
being successful. [6 Marks]
 Report the importance of key terms in the information
security: asset, threat, threat actor, vulnerability,
attack vector, attack surface in the context of these
two attacks. [6 Marks]
 Analyse how could these attacks have been prevented
if the five fundamental security principles- layering,
limiting, diversity, obscurity, and simplicity- had been
applied? [6 Marks]
18
References References in the IEEE style. 2
Assignment 1 – Part A Total Marks 20
MN502 Overview of Network Security Page 4 of 4
Prepared by: Dr Wanod Kumar Moderated by: Dr Ammar Alazab July, 2020
Marking Criteria for the Assignment 1-Part B
Assignment 1 –
Part B
Description of the section Marks
Feedback and
Reflection
Reflect on the feedback for Part A and discuss how did it
help you to accomplish the assignment Part B tasks. [5
Marks]
5
Cryptoperiods  From current literature survey, critically analyse and
discuss cryptoperiods for hash, symmetric, and
asymmetric algorithms. Find at least three sources for
each of the algorithms (select two algorithms from
each category). [5 Marks]
 Draw a table to list the algorithms and the recommend
time, and then calculate the average of each. [5 Marks]
 Provide recommendation on the cryptoperiods for
each selected algorithm. [5 Marks]
15
Cryptographic
Transport
Protocol
 Explain the advantages and disadvantages of HTTPS.
How is it different from HTTP? [5 Marks]
 Discuss the server configuration for HTTPS
transactions. [5 Marks]
 How does this algorithm protect a guest user
communicating over a public Wi-Fi connection? Should
all Web traffic be required to use HTTPS? Why or why
not? Justify your recommendation. [5 Marks]
15
References References in the IEEE style. 5
Assignment 1 – Part B Total Marks 40
Example Marking Rubric for Assignment
Grade
Mark
HD
80% +
D
70%-79%
CR
60%-69%
P
50%-59%
Fail
<50%
Excellent Very Good Good Satisfactory Unsatisfactory
Assignment 1-
Part A
A very detailed
and very clear
discussion
Very clear
discussion
Generally good
discussion
Brief discussion
Poor discussion
with irrelevant
information
Assignment 1-
Part B
All sections
discussed are
pertinent and
covered in depth.
Demonstrated the
ability to think
critically and make
good use of the
source material.
Sections
presented are
relevant and
soundly
analysed.
Sections
presented are
generally
relevant and
analysed.
Sections
presented are
somewhat
relevance and
briefly discussed.
Sections
presented are
not relevant to
the assignment
topic.
References
Clear styles with
excellent source of
references.
Clear
referencing
style
Generally good
referencing style
Unclear
referencing style
Lacks
consistency with
many errors.
MLA citation