Crypto-Systems & Data Protection (ES94N-15, 3rd attempt): Cryptosystem Report
Crypto-Systems & Data Protection (ES94N-15, 3rd attempt)
1 Context
You have been hired as a security consultant by a government agency. They need a robust and secure communication system to protect sensitive information exchanged between their field agents and headquarters. Your task is to propose a cryptosystem that meets their security requirements, described as follows:
· Confidentiality: The cryptosystem should ensure the confidentiality of sensitive information during transmission, preventing unauthorized access.
· Integrity: The system should provide mechanisms to verify the integrity of the transmitted data and detect any tampering or modifications.
· Authentication: Strong authentication mechanisms should be implemented to ensure the identity verification of field agents and prevent unauthorized access.
· Key Management: Secure generation, distribution, and storage of encryption keys should be incorporated into the cryptosystem.
· Robustness: The system should be resistant to attacks such as brute-force attacks, known-plaintext attacks, and chosen-plaintext attacks.
· Usability: The cryptosystem should be user-friendly, enabling field agents to easily encrypt and decrypt messages without compromising security.
· Scalability: The system should be capable of accommodating a growing number of field agents while maintaining its security and performance.
Your task is to propose a solution that addresses the security requirements outlined by the agency, and present your solution in a report format. Your report should provide a comprehensive cryptographic solution tailored to the specific needs of the government agency's secure communication scenario. It should demonstrate a deep understanding of cryptographic principles and the ability to communicate these concepts effectively. More detailed requirements are outlined below:
Section 1:
(LO 1: Apply cryptographic techniques to achieve desired information assurance objectives) 25%
· Identify and present the security requirements.
· Describe cryptographic techniques that can be applied to meet the agency's confidentiality, integrity, and authentication requirements.
· Explain how these cryptographic techniques can be integrated into a communication system to achieve the desired objectives.
Section 2:
(LO 2: Articulate the properties of different cryptographic primitives, techniques, and algorithms to a non-specialist audience) 25%
· Illustrate how each cryptographic primitive and technique contributes to ensuring data confidentiality, integrity, and authentication in the proposed communication system.
· Justify your cryptographic choices to help non-technical decision-makers grasp the significance of these in securing sensitive communications.
Section 3:
(LO 3: Critically analyse the cryptographic needs of the government agency's secure communication scenario) 25%
· Analyse the specific cryptographic requirements posed by the government agency's secure communication scenario, considering factors such as the sensitivity of the information exchanged, potential threats, and the need for real-time communication.
· Identify potential vulnerabilities and attack vectors that could compromise the security of the communication system.
Section 4:
(LO 4: Critically evaluate competing cryptographic solutions for the government agency's secure communication, recommending the most appropriate) 25%
· Evaluate different cryptographic solutions for securing communication between field agents and headquarters, taking into account their strengths and weaknesses.
· Recommend the most appropriate cryptographic solution based on the analysis, considering the agency's confidentiality, integrity, authentication, key management, robustness, usability, and scalability requirements.
Deliverables
A detailed report outlining the design and evaluation of your cryptosystem based on the provided scenario. Provide a clear description of the cryptographic techniques, algorithms, and protocols selected. Explain the key generation and management processes. Include diagrams demonstrating the communication, as well as the encryption, decryption, and authentication procedures. Structure the report in a well-organized manner, ensuring clarity and coherence in the presentation of information. Use appropriate headings, subheadings, and paragraphs to structure the report.
Note: The components of a cryptosystem and their functionalities can vary depending on the specific design and choices. You are encouraged to include diagrams to enhance the clarity and effectiveness of your proposal as well as to convey the selected cryptographic concepts and system design more effectively.
