Overview
In this unit, you will learn techniques for securing information and communications against adversaries, in particular with regards to confidentiality, integrity and authentication. Informed by the history of cryptography, you will learn the cryptographic primitives that are used to secure information today such as symmetric key encryption, message authentication codes, public key cryptography and digital signatures. You will also study future issues in cryptography, including the challenges raised by quantum computing. While you will learn and use basic mathematics, this unit will focus on cryptographic concepts relevant to cyber security specialists, rather than the mathematical underpinnings of the algorithms. This practical treatment of cryptography will be highlighted in laboratory tasks, where you will use software to attack and secure information in various realistic scenarios.
Details
Pre-requisites or Co-requisites
Pre-requisite: COIT12202 Network Security Concepts
Important note: Students enrolled in a subsequent unit who failed their pre-requisite unit, should drop the subsequent unit before the census date or within 10 working days of Fail grade notification. Students who do not drop the unit in this timeframe cannot later drop the unit without academic and financial liability. See details in the Assessment Policy and Procedure (Higher Education Coursework).
Offerings For Term 1 - 2022
Attendance Requirements
All on-campus students are expected to attend scheduled classes – in some units, these classes are identified as a mandatory (pass/fail) component and attendance is compulsory. International students, on a student visa, must maintain a full time study load and meet both attendance and academic progress requirements in each study period (satisfactory attendance for International students is defined as maintaining at least an 80% attendance record).
Recommended Student Time Commitment
Each 6-credit Undergraduate unit at CQUniversity requires an overall time commitment of an average of 12.5 hours of study per week, making a total of 150 hours for the unit.
Class Timetable
Assessment Overview
Assessment Grading
This is a graded unit: your overall grade will be calculated from the marks or grades for each assessment task, based on the relative weightings shown in the table above. You must obtain an overall mark for the unit of at least 50%, or an overall grade of ‘pass’ in order to pass the unit. If any ‘pass/fail’ tasks are shown in the table above they must also be completed successfully (‘pass’ grade). You must also meet any minimum mark requirements specified for a particular assessment task, as detailed in the ‘assessment task’ section (note that in some instances, the minimum mark for a task may be greater than 50%). Consult the University’s Grades and Results Policy for more details of interim results and final grades.
All University policies are available on the CQUniversity Policy site.
You may wish to view these policies:
- Grades and Results Policy
- Assessment Policy and Procedure (Higher Education Coursework)
- Review of Grade Procedure
- Student Academic Integrity Policy and Procedure
- Monitoring Academic Progress (MAP) Policy and Procedure – Domestic Students
- Monitoring Academic Progress (MAP) Policy and Procedure – International Students
- Student Refund and Credit Balance Policy and Procedure
- Student Feedback – Compliments and Complaints Policy and Procedure
- Information and Communications Technology Acceptable Use Policy and Procedure
This list is not an exhaustive list of all University policies. The full list of University policies are available on the CQUniversity Policy site.
Feedback, Recommendations and Responses
Every unit is reviewed for enhancement each year. At the most recent review, the following staff and student feedback items were identified and recommendations were made.
Feedback from Student feedback
Regular tests are difficult and stressful (due to limited time and questions that have not been seen before)
Adjust the number of questions and/or time limit in tests, and include unassessed practice tests early in the term so students can see the style of questions.
Feedback from Student feedback and reflection of Unit Coordinator
Security project was very time consuming, due to using a new language and having many features to implement
Restructure the project to cover more design tasks (and less Python implementation), as well as reduce the variety of features required (but increase the depth of those features).
- Discuss principles used to design secure cryptographic algorithms
- Explain the operation of attacks on cryptographic algorithms
- Compare the strengths and weaknesses of different cryptographic algorithms and their implementations
- Design secure information services using a variety of cryptographic algorithms.
The Australian Computer Society (ACS) recognises the Skills Framework for the Information Age (SFIA). SFIA is adopted by organisations, governments and individuals in many countries and provides a widely used and consistent definition of ICT skills. SFIA is increasingly being used when developing job descriptions and role profiles. ACS members can use the tool MySFIA to build a skills profile.
This unit contributes to the following workplace skills as defined by SFIA 7 (the SFIA code is included)
- Information Security (SCTY)
- Security Administration (SCAD)
- Specialist Advice (TECH)
Alignment of Assessment Tasks to Learning Outcomes
| Assessment Tasks | Learning Outcomes | |||
|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |
| 1 - In-class Test(s) - 40% | ||||
| 2 - Written Assessment - 20% | ||||
| 3 - Project (applied) - 40% | ||||
Alignment of Graduate Attributes to Learning Outcomes
| Graduate Attributes | Learning Outcomes | |||
|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |
| 1 - Communication | ||||
| 2 - Problem Solving | ||||
| 3 - Critical Thinking | ||||
| 4 - Information Literacy | ||||
| 5 - Team Work | ||||
| 6 - Information Technology Competence | ||||
| 7 - Cross Cultural Competence | ||||
| 8 - Ethical practice | ||||
| 9 - Social Innovation | ||||
| 10 - Aboriginal and Torres Strait Islander Cultures | ||||
Alignment of Assessment Tasks to Graduate Attributes
| Assessment Tasks | Graduate Attributes | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | |
| 1 - In-class Test(s) - 40% | ||||||||||
| 2 - Written Assessment - 20% | ||||||||||
| 3 - Project (applied) - 40% | ||||||||||
Textbooks
Cryptography and Network Security: Principles and Practice
7th Edition (2017)
Authors: William Stallings
Pearson
ISBN: 9781292158594
Binding: eBook
Additional Textbook Information
An eBook of "Cryptography and Network Security" is satisfactory and normally available from the publisher, Pearson, at a significantly lower cost than a hardcopy. However, paper copies are still available if this is how you prefer to study. New edition copies can be purchased at the CQUni Bookshop here: http://bookshop.cqu.edu.au. Older editions may also be suitable if you already have access to them. If you are not sure about purchasing the textbook, contact the Unit Coordinator.
IT Resources
- CQUniversity Student Email
- Internet
- Unit Website (Moodle)
- Wireshark
- Zoom Video Conference Application
- Python
- Github.com Account
- Linux or Unix Operating System
- Microsoft Teams
All submissions for this unit must use the referencing style: Harvard (author-date)
For further information, see the Assessment Tasks.
s.d.gordon@cqu.edu.au
Module/Topic
Cryptography Concepts and Tools
Chapter
Cryptography and Network Security, 7th Ed, by William Stallings: Chapter 1
Events and Submissions/Topic
Module/Topic
Classical Ciphers
Chapter
Stallings: Chapter 3
Events and Submissions/Topic
Module/Topic
Classical Ciphers
Chapter
Stallings: Chapter 3
Events and Submissions/Topic
Test 1
Module/Topic
Encryption and Attacks
Chapter
Stallings: Chapter 4
Events and Submissions/Topic
Module/Topic
DES and AES
Chapter
Stallings: Chpaters 4 and 6
Events and Submissions/Topic
Test 2
Module/Topic
Chapter
Events and Submissions/Topic
Module/Topic
Modes of Operation
Chapter
Stallings: Chapter 7
Events and Submissions/Topic
Module/Topic
Public Key Cryptography
Chapter
Stallings: Chapters 9 and 2
Events and Submissions/Topic
Test 3
Module/Topic
RSA
Chapter
Stallings: Chapter 9
Events and Submissions/Topic
Module/Topic
Other Public-Key Cryptosystems
Chapter
Stallings: Chapter 10
Events and Submissions/Topic
Test 4
Module/Topic
Hash Functions and MACs
Chapter
Stallings: Chapters 11 and 12
Events and Submissions/Topic
Module/Topic
Authentication and Data Integrity
Chapter
Stallings: Chapter 13
Events and Submissions/Topic
Module/Topic
Quantum Computing and Cryptography
Chapter
Online Readings
Events and Submissions/Topic
Test 5
Journal Due: Week 12 Monday (30 May 2022) 11:45 pm AEST
Module/Topic
Chapter
Events and Submissions/Topic
Module/Topic
Chapter
Events and Submissions/Topic
1 In-class Test(s)
You will undertake five (5) in-class tests on Moodle throughout the term. Each test will cover topics from the weeks leading up to that test. Each test will consist of multiple choice questions, short answer questions and/or calculations. Some questions may require the use of software. There will be multiple independent questions in each test. All tests are individual assessment.
Each test will be time limited, typically allowing you between 15 and 30 minutes to complete the test. Test time limits, topics, and open/close times can be found on Moodle.
The tests must be taken during your allocated timeslot: either the tutorial or, in special cases, a designated time negotiated in advance with the Unit Coordinator. The test will open shortly after the start of your time slot, and will close after the time limit has been reached. You will be allowed only a single attempt at each test, with the score for that attempt counting towards your grade.
Tests will be held during the weeks: 3, 5, 7, 9 and 12. Tests will be supervised. Tests will be open book. You are not allowed to communicate with anyone (including other students or people online) while the test is open.
You will not be allowed to take a test at any time outside of your allocated timeslot, unless an Assessment Extension Request is approved. The test will close at the same time for all students in your timeslot. If you arrive late for the timeslot, you will not be granted extra time. Changes to test times can only be granted with approval by the Unit Coordinator.
For those in online tutorials, you will need access to a webcam, speakers and microphone (e.g. headset).
You are assumed to have a working computer and Internet connection during term, and especially during times when attempting a test. Technical problems, such as a computer crash or loss of Internet connection, will not usually be a reason for an extra attempt or extension. You are expected to prepare your computer before the test starts. If problems outside of your control occur during a test, report immediately to your tutor, who may either extend the time or allow you to undertake the test at another time (with the Unit Coordinator's approval).
See the task description.
One week after the test
In most cases, test answers will be automatically marked, with marks awarded based on the correctness of the answer within the context of topics covered in unit. Questions may be worth different marks, with the marks indicated in the test. If test answers are manually marked (e.g. explanation style questions), then marks will be awarded based on the correctness and clarity of the answer.
As results and solutions may be released shortly after the due date, late submissions are not accepted. Making no attempts before the due date will result in a score of 0.
- Discuss principles used to design secure cryptographic algorithms
- Explain the operation of attacks on cryptographic algorithms
- Compare the strengths and weaknesses of different cryptographic algorithms and their implementations
- Design secure information services using a variety of cryptographic algorithms.
- Communication
- Problem Solving
- Critical Thinking
- Information Literacy
- Information Technology Competence
2 Written Assessment
You will maintain a journal throughout the unit that captures your workings, insights and reflections on each topic. For example, as you learn about a new cipher, your will record your own workings and examples in the journal, you will compare the cipher design to others, and you will explore possible attacks on that cipher (and/or explain why some attacks are unsuccessful).
The journal is expected to be maintained each week. Examples of content that may be included are:
- Photos of manual (paper) calculations for simple classical ciphers
- Diagrams illustrating attacks on ciphers, with explanation of why they are (not) successful
- Code segments that you used in testing a modern cipher
- Explanations of difficulties you had in understanding a cipher and/or its relation to others
- Links to and short summaries of websites/papers/software on ciphers and their attacks
- Challenges encountered and insights gained from implementing and applying ciphers, i.e. in the Security Project
You will be required to maintain your journal such that there is evidence of regular contributions. Your journal must be created on your private GitHub repository named "coit13240". The Unit Coordinator must be added as a collaborator.
Week 12 Monday (30 May 2022) 11:45 pm AEST
Two weeks after deadline
The journal is an individual assessment worth 20% of the unit assessment. Your journal will be assessed on:
- Quality of contributions: 10 out of 20. E.g. the entries are clear, correct and demonstrate understanding of the topics covered, including progressive learning/improvement over the weeks.
- Novel insights: 5 out of 20. E.g. you provide insights or explanations that go beyond what is covered in the unit material.
- Regular, relevant, professional contributions: 5 out of 20. E.g. there are entries each week (as opposed to all added at the end of term), and those entries are relevant to the current topics in the unit. The journal must be maintained in a private GitHub repository shared only with the Unit Coordinator. The journal should use basic Markdown formatting; using just plaintext or upload a Word document to GitHub is insufficient.
- Discuss principles used to design secure cryptographic algorithms
- Explain the operation of attacks on cryptographic algorithms
- Communication
- Problem Solving
- Critical Thinking
- Information Literacy
- Information Technology Competence
3 Project (applied)
This project involves you developing and applying a set of cryptographic tools, as well as analysing security issues and attacks. There are three topics, covering attacks, performance issues, and security protocols. Each topic (question) has several parts. You need to complete all questions and parts.
Some questions/parts will require you to investigate beyond what is covered in the unit lecture/tutors. You may need to read and summarise research papers, standards, technical reports and websites. Some questions/parts will require you to write software to complete a task. Your software must be implemented in Python. While examples of Python will be used during the unit, you may be required to learn advanced features to complete the software.
The project will be individual work. Aspects of the project, especially the software, may be discussed in class and on Microsoft Teams. The Unit Coordinator will facilitate/moderate discussion about the project.
You will be required to use GitHub to track your software development and document your project. Therefore you will need an account on GitHub. The use of an online collaborative software tracking tool will allow regular feedback on your progress, and sharing of code when appropriate. The details of using GitHub repositories and sharing code will be specified on Moodle. While your software and documentation will be stored on GitHub, you will still be required to submit files on Moodle when the assessment is due (e.g. export a Zip of the repository and upload to Moodle). This is necessary so that a permanent record of your contribution is available in Moodle (in case the online platform is not available in the future).
Review/Exam Week Monday (6 June 2022) 11:45 pm AEST
Certification of Grades day
Each question/part will be marked based on the quality and technical depth of the answer. A detailed marking guide, with weights for each question, will be provided on Moodle.
Discussion style questions (e.g. explain, discuss, compare) will be marked on correctness, quality and depth. To achieve full marks in such questions, your answer will need to give significant technical depth to demonstrate excellent understanding of the issue. This may require you to research information not covered in the lecture or tutorial material.
Several tasks require you to design, implement and test features in Python. For these tasks, you will mainly be marked on your submitted code, however you also receive some marks for a brief explanation and demonstration of operation (e.g. test results). Submitting code that does not work (or not submitting any code) will usually result in 0 marks for that part, irrespective of the explanation and test results.
The primary criteria for assessing the code is functionality. That is, does it correctly do what it is supposed to do? Clarity of the code is also important, i.e. is the operation and code structure clear and easy to follow? Preference is for clarity over efficiency (e.g. run-time efficiency, coding efficiency). The provided demonstration and helper code is an example of clarity over efficiency (e.g. you will see code segments that are repeated for the purpose of clarity; it would have been more efficient to move the code into a separate function, but probably at the expense of clarity).
- Compare the strengths and weaknesses of different cryptographic algorithms and their implementations
- Design secure information services using a variety of cryptographic algorithms.
- Communication
- Problem Solving
- Critical Thinking
- Information Literacy
- Team Work
- Information Technology Competence
- Ethical practice
As a CQUniversity student you are expected to act honestly in all aspects of your academic work.
Any assessable work undertaken or submitted for review or assessment must be your own work. Assessable work is any type of work you do to meet the assessment requirements in the unit, including draft work submitted for review and feedback and final work to be assessed.
When you use the ideas, words or data of others in your assessment, you must thoroughly and clearly acknowledge the source of this information by using the correct referencing style for your unit. Using others’ work without proper acknowledgement may be considered a form of intellectual dishonesty.
Participating honestly, respectfully, responsibly, and fairly in your university study ensures the CQUniversity qualification you earn will be valued as a true indication of your individual academic achievement and will continue to receive the respect and recognition it deserves.
As a student, you are responsible for reading and following CQUniversity’s policies, including the Student Academic Integrity Policy and Procedure. This policy sets out CQUniversity’s expectations of you to act with integrity, examples of academic integrity breaches to avoid, the processes used to address alleged breaches of academic integrity, and potential penalties.
What is a breach of academic integrity?
A breach of academic integrity includes but is not limited to plagiarism, self-plagiarism, collusion, cheating, contract cheating, and academic misconduct. The Student Academic Integrity Policy and Procedure defines what these terms mean and gives examples.
Why is academic integrity important?
A breach of academic integrity may result in one or more penalties, including suspension or even expulsion from the University. It can also have negative implications for student visas and future enrolment at CQUniversity or elsewhere. Students who engage in contract cheating also risk being blackmailed by contract cheating services.
Where can I get assistance?
For academic advice and guidance, the Academic Learning Centre (ALC) can support you in becoming confident in completing assessments with integrity and of high standard.
What can you do to act with integrity?
