Hello, if you have any need, please feel free to consult us, this is my wechat: wx91due
EE5815 - Topics in Security Technology
Assignment 3
Electronic submission only on Canvas
Submission guidelines:
- Please prepare your assignment in “PDF” format.
- For observe the departmental rules for late submission (i.e. 10% deduction per day).
- 10 points for each question.
Security Management
1) Assume that you area manager responsible for the security of e-Banking systems in a bank. You heard that HongKong Monetary Authority (HKMA) had a guideline called the “Supervision of E-banking”
a) Google for the document, and give the URL showing where the above HKMA guideline fore-Banking can be found.
b) Read the HKMA guideline. Briefly describe at least three major technology-related controls relevant to e-banking that you need to consider in youre-Banking infrastructure.
[Hint: you only need to give a brief description (that is, a few lines) summarizing the main points. Please don’t simply copy pages of paragraphs from the HKMA document without understanding. ]
c) Your HK e-Banking system is using a Cisco firewall to protect the Internet perimeter and your IT colleagues are familiar with this firewall. Now, to strengthen the security, it is proposed to purchase for another firewall to set up another tier of internal firewall. Your IT colleagues proposed to purchase the same Cisco firewall and use itas an internal firewall. Would you approve this proposal? Why?
d) Goto the bank’s website of your account, is this website secure? Why? Identify the digital certificate from the website, and collect the following information: 1) Issue to, 2) Issue by, 3) Validity Period, and 4) Fingerprints.
e) Please collect the information in d) with the help of CityUGPT. Please notify the differences and analyze them
Public Key Systems
2) In the RSA cryptosystem, it is possible that M = C, that is the plaintext and the ciphertext are identical. For modulus N = 667, and encryption exponent e = 3, how many messages M would encrypt to itself? Please do not consider M = 0 or 1 in this question.
Technical Tools
3) Network packet sniffing.
a) Install Wireshark to your machine. Please show evidence (e.g. screen dump) that you have downloaded and installed this package into your personal computer.
b) Describe the purpose of this program. How do you start capturing the packets, and how do you use filters for just TCP packets?
c) Start capturing the packets. While packet collection is still running, attempt to access to your email.
Describe:
How you access to your email (e.g. using webmail, or pop3, etc)
Can your username and password be seen during the sniffing process?
During the sniffing process, can you observe other network protocols in addition to the protocol that you used for email access? If so, name two such protocols and briefly explain why they exist.
d) Compare the operations in b), c) and the operations you have done in the team-based learning class. Briefly describe the similarities and differences.
4) Install a mobile banking app to your iOS or Android device (if you don’t have these devices, do this exercise with a web browser connecting to an e-banking site).
a) Name the app or web environment you will use in this exercise.
b) Google for “web debugging proxy”. Pick one of such tools (e.g. “Fiddler Web Debugger”, “Burp Suite”, etc) and attempt to use it as a proxy to capture the list of URLs visited by your chosen mobile banking app.
Go to the login name, and arbitrary input values to attempt to login (You don’t really need to login with a valid username / password; a failed login is good enough. But please only try it once)
Show the list of URLs that will be involved in the login process. Are all requests to the bank protected by SSL?
c) Display the digital certificate of the BOCHK website, and elaborate what kind of encryption standards are being used in this certificate.
Sage Questions
5) ECC Question,please show your code and results in your answers.
a.) Define an elliptic curve over the finite field with suitable parameters where p should be a 11-bit prime.
b.) Encrypt the message M="2024EE5815" using ECC with the NIST's secp521 elliptic and decrypt back the plaintext.
6) RSA Question, please show your code and results in your answers.
a.) The RSA key ‘n’ is 4819. What are the factors (pand q) of ‘n’?
b.) Using (a),when e = 7, what are the corresponding public and the private keys?
c.) The RSA encrypted message ‘C’ is received by both Alice and Bob whose
private and public keys are ‘da, (ea, na)’ and ‘db, (eb, nb)’ respectively. If the original message before the encryption is ‘M’,who is the intended recipient of the message? [M=190, C=1912, (ea, na)=(31, 5293), da=2491, (eb, nb)=(31, 4891), db=3679]. Please show your detailed process of computing.
Hands-on Practice Question
7) In this exercise, you need to create a free account on Google Cloud Product and learn one tutorial on https://cloud.google.com/docs/tutorials to use Google Cloud to use function and products to realize some design on the website.
The followings are some instructions for this lab session.
Requirements:
a) Please notify which tutorial you read and what you have learned in Google Cloud,or
b) (10 points) You can also learn other products of cloud products. Please also introduce the content as shown in a).
c) (Bonus: 10 points) You can finish one tutorial with the help of guidance and generate certain outputs. Please show your results and introduce what you have learned in this process.