Cryptography Coursework

INM443 Cryptography

MSc in Cyber Security MSci in Computer Science with Cyber Security

Resit Coursework

Ethical Hacking Description Access the Cyber Security laboratory by following the instructions in the coursework manual file and act as an ethical hacker for a company. Note that an ethical hacker is an expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit.

You are challenged to identify flaws in a potential SQL database server by breaking its crypto components and retrieve an encrypted credit card secret code of an e- commerce company. The crypto algorithm used to encrypt the credit card secret code is the RSA, but with weak security parameters. More information on the scenario and the detail steps you need to follow consult the Coursework Manual file found in MOODLE. Output/Report Structure It is expected to document in detail your methodology and work plan to achieve your goals. Your submitted report should have the following structure and include the following information: 1. Network discovery In this section identify the system (e.g., IP addresses of the devices that exist in the network, services running, OS software installed etc.) you will attack. Create a map of the network in a diagram form with your findings.

[10 marks] 2. Breaking the system (2000-3000 words) In this section discuss your attacking methodology. For example, a) Perform a dictionary attack in the admin password to gain access to the SSH

server. Justify your answer. Clever solutions will earn full marks (e.g., in real- life environment your dictionary password/username files are very large.) [20 marks]

b) Cryptanalyze (by hand only) the encrypted email to gain useful information.

Provide details. Clever solutions will earn full marks (e.g., let’s assume you don’t have access to online resources.). Justify your answers.

[20 marks]

c) Brute force the admin account in the SQL server to access your database folder. Clever solutions will earn full marks (e.g., assume the database is huge).

[20 marks] d) Retrieve the credit card secret code from the accessed folder and calculate the

decryption RSA key (i.e., private key d). You will need the RSA encryption key (i.e., public key e) and you can calculate it using Shamir’s secret sharing scheme (more details are found in the Coursework Manual).

[20 marks]

e) Decrypt credit card’s secret code using the SageMath tool. Clever solutions will earn full marks (e.g., discuss in the report how would you decrypt the code if you didn’t had access to RSA tools). [10 marks] Justify your answers: In order to justify your finding in the coursework report take screenshots from your steps.

3. Concluding Remarks Conclude your work and describe what you have achieved. Grading Criteria Your mark will cover the coursework assessment component found in module specifications for INM443. The exact weighting of the current security assessment is 30% of the final mark.

Note that Marking follows the University Assessment and Feedback Policy: https://www.city.ac.uk/__data/assets/pdf_file/0009/365292/Assessment-and-Feedback-Policy-Senate- October-2016-2.pdf Submission Dates INM443 MSc students: The final report submission is due to the end of August (4pm, 12th of August). It is essential to upload a single report in MOODLE under INM443 MSc submission area. Working environment Instructions for your working environment are found in the coursework manual file under INM443 Cryptography MOODLE area. Cyber Security Laboratory Troubleshooting If you don’t have access to the Cyber Security Laboratory or for troubleshooting contact via email Warren Fernando ([email protected]) and Nikos Komninos ([email protected])