Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

The following scenario provides the background for all questions in this exam pa

ID: 3907472 • Letter: T

Question

The following scenario provides the background for all questions in this exam paper. You are the Network Architect for a major International Relief Agency; your role is to design the network architectures used by yourAgency in its day to day operation, and to design and implement ad-hoc network capability that will be used at disaster locations in times of crisis. You are typically based in Australia but in times of international crisis, you may be required to lead an implementation and operational team at or near the site of a disaster. You were the lead network architect for an earthquake early-warning detection system used in Asia and South America; a major earthquake, above M8, has struck a remote part ofthe Pacific Coast of Chile and it appears that the early-warning detection system did not provide any advance notice. While your ReliefAgency is attempting to understand why the early-warning detection system apparently failed, it is also attempting to mount a relief operation and it is also experiencing a significant cyber-attack that is causing significant interruption to its warehousing systems and to the operational communication systems to partner Agencies in Chile. Partner ReliefAgencies in Chile and other parts of the world are attempting to deliver supplies, rescue equipment and rebuild a communications environment, but they are also experiencing cyber-attacks in Chile.

Question

Consider the requirements for information security of operations and personal information during the relief activities in response to the Chilean earthquake. It is possible that unfriendly foreign agents may target relief workers and attempt to intercept and compromise their personal information, the Agency’s instructions to them and possibly undertake cybercrime attacks against financial and banking transactions.

a) List and describe the common cryptography tools and techniques used to protect network traffic at different layers of the ISO stack, describe their weaknesses and what mitigation is available

b) Consider the scenario where Relief Agency workers are in Chile responding to the earthquake aftermath. There is no Relief Agency network available but there is public WiFi and some LTE phone connectivity. Describe the most secure method for connecting your mobile device to the home network in Australia, listing the cryptographic tools you could use and how you would use them

Explanation / Answer

a) List and describe the common cryptography tools and techniques used to protect network traffic at different layers of the ISO stack, describe their weaknesses and what mitigation is available

Symmetric encryption.

Strengths: Fast, simple, theoretically stronger if the key is secure.

Weaknesses: Scales poorly, keys must be exchanged therefore vulnerable.

Example: One time pads are perfectly secure but 50% of your traffic is keys and they can be intercepted.

Asymmetric encryption.

Strengths: Scalable, the private key is never distributed and therefore is more secure.

Weaknesses: Very slow to generate fresh strong keys, very slow to encrypt, theoretically weaker as they cannot approximate one time pads.

Example: RSA encryption can be broken in polynomial time on a quantum computer. Elliptic Curve is reportedly fragile for some popular curves.

DES (Data Encryption Standard) - The DES algorithm, other than its short key (which can be brute-forced quite easily), is known to be secure. Triple-DES was developed to overcome this limitation [Solution to DES]. The DES algorithm suffers from Simple Relations in its keys. In DES, the simple relationship is of a complementary nature. This means that the complementary relationship between keys results in a complementary relationship between the resulting ciphertexts. This vulnerability reduces the algorithm strength by one bit. Other relationships are existent for some other specific keys as well. With regards to weak keys, DES has at least four of them. When encrypting using one of these weak keys, all sixteen rounds will be using the same sub-keys, making the algorithm as strong as a single round. Therefore, use of these keys must be avoided. In addition to these four keys, there are twelve more weak keys by which two rounds are running using the same sub-keys. In addition to these weak keys, DES also has keys that are defined as weak1 and keys that are defined as semi-weak2 . All these keys should be avoided so as not to harm the strength of the implementation when using the algorithm.

RC2 - RC2 is an algorithm for which little cryptanalysis is available. However, it is known to have two weaknesses. First, RC2 is vulnerable to differential attacks. An implementation with r mixing rounds (including the accompanying mashing rounds) will require at most 24r chosen plaintexts for a differential cryptanalysis attack. Commonly, the RC2 runs with 16 mixing rounds, making this attack less feasible than it may seem. Second, the algorithm is vulnerable to a differential related-key attack requiring only 234 chosen plaintexts and one related-key query. Best Solution is RC6

RC4 - The RC4 algorithm was not reviewed publicly to the extent of the others. The main weakness in this algorithm is that due to a weak key-mixing phase, 1/256 of the keys belong to a class of weak keys. These keys are detectable. After detection of a key belonging to this class, it is fairly easy to reveal 16 bits of the key with a 13.8% probability. In any implementation of this algorithm, a test to assure these keys are not used must be performed. Best Solution is RC6

b) Describe the most secure method for connecting your mobile device to the home network in Australia, listing the cryptographic tools you could use and how you would use them

We can connect mobile devices to home networks in australia using a Virtual Private Networks

Virtual Private Networks - A virtual private network (VPN) is a technology that creates a safe and encrypted connection over a less secure network, such as the internet. VPN technology was developed as a way to allow remote users and branch offices to securely access corporate applications and other resources. To ensure safety, data travels through secure tunnels and VPN users must use authentication methods -- including passwords, tokens and other unique identification methods -- to gain access to the VPN.

VPN protocols

There are several different protocols used to secure and encrypt users and corporate data:

Please let me know in case of any clarifications required. Thanks!

Related Questions

The following restriction digestions were set up: In tube 1: 3 µL PCR, 6 µL wate
Question #3164725
The following restrictions apply: 1) One thread will print \"hello \", one threa
Question #3591686
The following results are for independent random samples taken from two populati
Question #3125358
The following results were obtained for the \'Determination of some Thermodynami
Question #539008
The following results were obtained for the determination of calcium in a NIST l
Question #789583
The following results were obtained from a multiple regression analysis of super
Question #3390630
The following results were obtained from a replica-plating experiment Complete m
Question #273790
The following results were obtained from tests carried out on 11 bricks manufact
Question #3156711
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
The following scenario provides the background for all questions in this exam pa
Next
The following scenario will be the subject of the next two questions There is a

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.