Question 1: Which cryptography for a company in expansion? (20 points)
A successful financial company based in the North East is about to open a second office in the south of the country. The CEO decides to introduce “security” to the digital communications amongst staff but is unsure whether to use symmetric or public-key cryptography.
You are hired by the CEO to write a short report (1000 words max) advising the company.
Question 2: Keccak (15 points)
Write a short report on the SHA-3 (a.k.a Keccak), its strengths and weaknesses. (750 words max).
Question 3: Prof. McMenteur’s claim (15 points)
Geology professor Peter McMenteur gets interested in Lamport’s authentication scheme. After a brief study of this, he claims that the scheme works even if the hash function is substituted by a function that is only easy to compute and hard to invert (i.e., a hash function without the property of collision resistance).
Question 4: Design and Implementation of a Secure Server Network (50 points)
This task involves designing and implementing an Internet-connected secure server network for a medium sized company named BETA Enterprise, UK. They want to implement a secure network that uses Class C network address with two subnets in total – server subnet and one LAN subnet and has approached you. They have asked you for a price quote as well. But they want to see a virtual machine implementation and simulation results before they commit to purchase anything.
You can use Virtual Machines as in the figure below for the implementation and the security attacks. The server network should consist of one server, i.e. Windows 2008/2012 or Linux (Ubuntu or others). It
- 1 -Teesside University School of Computing, Media and the Arts should be connected to one workstation (at the least), i.e. Windows Server to Windows client or Linux Server to Linux client. The workstation denotes a different LAN.
Write a report with the appropriate details (2500 words max, but flexible) documenting all that you have done including how the servers are setup, how they are tested and how the attacks are done to them along with countermeasures. Use the tasks below as a guideline to write.
Please do the following tasks:
- Using the Virtual Machines, configure the ANY ONE physical server namely Windows 2008/2012 or Ubuntu (or other Linux servers), with the following: (1) DNS server (2) DHCP server (3) Web server (4) Email server (5) FTP server. Use a client computer to test the five servers to see if it works properly. Capture the appropriate screen shots or illustrate that through commands and output screens. Draw a simple network or workflow diagram of your network (25 marks)
- DNS Server: Show that the (or similar) domain name is configured and that the clients could join it. Create some users and login into the domain. Test what was implemented.
- DHCP Server: Show the dynamic IP address assignment with an address pool along with the evidence of clients receiving dynamic IP.
- Web server: Configure IIS and Apache with web address betaenterprise.com (or similar) can be accessed from the web client. Test the webserver with a sample webpage being accessed from the client.
- Email Server: Make sure you have an email client that could send and receive emails through the SMTP server that is configured with email address like (or similar).
- FTP Server: You can show how files could be uploaded and downloaded to and from the FTP server using the FTP client tools or through command prompt.
- Implement at least five security attacks on these servers through Kali Linux or other independent tools and suggest countermeasures to stop them. Illustrate the attacks through commands or using GUI tools. Capture the attacks through screen shots or graphs or tables. (10 marks)
- Show the detailed cost of implementing your solution, in a table format. You can try to show two different costs for the company to choose from. HINTS: Research on the costs of servers (hardware and software), switches, workstations, cables, etc. (10 marks)
- Show all references used in the report, using appropriate referencing. HINTS: Harvard referencing can be used and make sure the format is fully followed. (5 marks)