Block Cipher 

Question:

1. Let temp_block denote a Sage variable that contains the output of the first application of function fK (f_K in the Sage example code) while encrypting with Simplified DES.  Using subroutines from the example sage Code, write sage code to recover the input block passed to Simplifed DES Decrypt.  Meaning reverse the first steps in Simplified DES Encrypt. You may assume that you have the first round key in a variable K1.
2. Using subroutines from the Sage example code for Simplified DES, write a function to compute Simplified DES Decrypt.

Topics:

1. Traditional Block Cipher Structure
2. The Data Encryption Standard – DES and Strengths
3. Block Cipher Design Principles
4. Multiple Encryption and Triple DES
5. Electronic Codebook
6. Cipher Modes and Format-Preserving Encryption

Chapter 7: Block Cipher Operations

 Chapter 4: Block Ciphers and the Data Encryption Standard  

Text book

 Stallings, Williams. Cryptography and Network Security. Pearson, 2017. 

Please use the following link for sage tool:

 http://sagecell.sagemath.org 

Related power point presentations are attached.

Consider a Feistel cipher composed of sixteen rounds with a block length of 128 bits and a key length of 128 bits. Suppose that, for a given k, the key scheduling algorithm determines values for the first eight round keys, k1, k2, ……. k8, and then sets

k9 = k8, k10=k7, k11=k6, …. , k16=k1

Suppose you have a cipher-text c. Explain how, with access to an encryption oracle, you can decrypt c and determine m using just a single oracle query. 

This shows that such a cipher is vulnerable to a chosen plain-text attack. (An encryption oracle can be thought of as a device that, when given a plain-text, returns the corresponding cipher-text. The internal details of the device are not known to you and you cannot break open the device. You can only gain information from the oracle by making queries to it and observing its responses.)

Provide answer as a discussion with 2 references.

You are investigating a case involving an employee who is allegedly sending inappropriate photos via e-mail in attachments that have been compressed with a zip utility. As you examine the employee’s hard disk drive, you will find a file named orkty.zip, which you suspect is a graphic file. When you try to open the file in an image viewer, a message is displayed indicating that the file is corrupt. Write a 2-3 page report explaining how to recover the file, orkty.zip, for further investigation.

Project 1: Cybersecurity for OPEN Data Initiatives

Scenario:

A federal agency has asked your cybersecurity consulting firm to provide it with a research report that examines the issues of usefulness and security in regards to Open Data. The report is intended for a group of executives at the agency who are currently involved in converting paper-based data sets to digital formats for distribution via digital government websites. This report is particularly important as the agency head has received inquiries from Congressional staff members who are conveying concerns that various elected officials have about potential issues with the integrity and authenticity of downloaded data. The agency’s executives were also surveyed and they provided the following security-related items in a list of concerns for the planned conversion to an Open Data delivery method:

a. Confidentiality / Privacy (ensuring proper redaction)

b. Data integrity

c. Data authenticity

d. Availability (reliability) of the Open Data service (website, network infrastructure)

e. Non-repudiation of data sets

Research:

1. Read / Review the weekly readings. Pay special attention to EO 13800 and the Federal Cybersecurity Risk Determination Report and Action Plan.

2. Research the federal government’s OPEN Data mandate. Here are some sources that you may find useful:

a. Open Data Policy-Managing Information as an Asset – OMB Memorandum M-13-13 (PDF file is in the week 2 readings). This Memorandum includes significant discussion of security issues and policy solutions including references to FIPS 199 and NIST SP-800-53)

b. U.S. Open Data Action Plan (see file us_open_data_action_plan.pdf in week 2 readings).

c. https://www.data.gov

d.  https://www.data.gov/privacy-policy#data_policy   

e. Guidance for Providing and Using Administrative Data for Statistical Purposes – OMB Memorandum M-14-06 (PDF file is in the week 2 readings). This Memorandum includes discussion of privacy and security issues arising from the use of information collected for statistical purposes (e.g. the Census, employment, economic data, etc.).

3. Research how government information, e.g. OPEN Data, is used by businesses and the general public. Here are some sources to get you started:

a. 7 Ways Companies Are Using the Government’s Open Data http://mashable.com/2013/05/30/7-ways-government-open-data/   

b. Government open data proves a treasure trove for savvy businesses http://www.computerworld.com/article/2488683/business-intelligence-government-open-data-proves-a-treasure-trove-for-savvy-businesses.html 

c. Open data: Unlocking innovation and performance with liquid information http://www.mckinsey.com/insights/business_technology/open_data_unlocking_innovation_and_performance_with_liquid_information 

4. Research the issues that can arise when businesses depend upon the confidentiality, integrity, availability, authenticity, and non-repudiation of government provided Open Data. Suggested sources include:

a. Authenticating Digital Government Information http://scholarship.richmond.edu/cgi/viewcontent.cgi?article=1954&context=law-faculty-publications

b. Legal and Institutional Challenges for Opening Data Across Public Sectors http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=iih&AN=97430297&site=eds-live&scope=site 

c. Risk Analysis to Overcome Barriers to Open Data http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=poh&AN=93550378&site=eds-live&scope=site 

d. Reconciling Contradictions of Open Data Regarding Transparency, Privacy, Security and Trust http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=iih&AN=97430299&site=eds-live&scope=site 

5. Find five or more best practice recommendations for ensuring the security (confidentiality, integrity, availability, authenticity, non-repudiation) of information provided by the federal government through its OPEN Data initiative.  N.B. For the purposes of this assignment, you may treat “licensing” concerns as an “availability” issue.

Write:

Write a five to seven page research report which includes a summary of your research. You should focus upon clarity and conciseness more than length when determining what content to include in your paper. At a minimum, your summary must include the following:

1. An introduction or overview of OPEN Data which provides definitions and addresses the laws, regulations, and policies which require federal agencies to identify and publish datasets and information collections. Discuss the role of the executive branch’s Open Data / Open Government policies in making data available via Data.Gov. This introduction should be suitable for an executive audience.

2. A separate section in which you discuss the value (benefits) of Open Data. This section should provide several specific examples of how government provided Open Data is being used by businesses and the general public. 

3. A separate section in which you address security issues (confidentiality, integrity, availability, authenticity, and non-repudiation) which can impact the availability and usefulness of Open Data. Discuss how these issues are currently being addressed by the federal government. Provide examples of issues and mitigations or solutions.

4. A section in which you address best practice recommendations for ensuring the confidentiality, integrity, availability, authenticity, and non-repudiation of Open Data. Your recommendations should address use of the NIST Cybersecurity Framework and security & privacy controls from NIST SP 800-53.

5. A separate section in which you summarize your research and recommendations.

Submit For Grading 

Submit your white paper in MS Word format (.docx or .doc file) using the OPEN Data Assignment in your assignment folder. (Attach the file.)

Additional Information

1. Consult the grading rubric for specific content and formatting requirements for this assignment.

2. Your 5- to 7-page research report should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings and page breaks to organize your paper. 

3. Your paper should use standard terms and definitions for cybersecurity. See Course Resources > Cybersecurity Concepts Review for recommended resources.

4. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Basic_Paper_Template(APA_6ed,DEC2018).docx.  

5. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count. 

6. You should write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.  

7. You must credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.). 

To examine a cloud environment, you must have the latest knowledge on cloud encryption. Conduct online research, and write a two-page report about current vendors and services for encrypting data stored in the cloud. List the ven- dors, their products, and what type of cloud service level each tool is intended for, such as PaaS, IaaS, or SaaS.

Please do not use books or journals as references. Check for grammatical errors.