The information will not be changed unless absolutely necessary and any change will be clearly indicated by an approved correction included in the profile.
Overview
In this unit, you will learn techniques for securing information and communications against adversaries, in particular with regards to confidentiality, integrity and authentication. Informed by the history of cryptography, you will learn the cryptographic primitives that are used to secure information today such as symmetric key encryption, message authentication codes, public key cryptography and digital signatures. You will also study future issues in cryptography, including the challenges raised by quantum computing. While you will learn and use basic mathematics, this unit will focus on cryptographic concepts relevant to cyber security specialists, rather than the mathematical underpinnings of the algorithms. This practical treatment of cryptography will be highlighted in laboratory tasks, where you will use software to attack and secure information in various realistic scenarios.
Details
Pre-requisites or Co-requisites
Pre-requisite: COIT12202 Network Security Concepts
Important note: Students enrolled in a subsequent unit who failed their pre-requisite unit, should drop the subsequent unit before the census date or within 10 working days of Fail grade notification. Students who do not drop the unit in this timeframe cannot later drop the unit without academic and financial liability. See details in the Assessment Policy and Procedure (Higher Education Coursework).
Offerings For Term 1 - 2025
Attendance Requirements
All on-campus students are expected to attend scheduled classes - in some units, these classes are identified as a mandatory (pass/fail) component and attendance is compulsory. International students, on a student visa, must maintain a full time study load and meet both attendance and academic progress requirements in each study period (satisfactory attendance for International students is defined as maintaining at least an 80% attendance record).
Recommended Student Time Commitment
Each 6-credit Undergraduate unit at CQUniversity requires an overall time commitment of an average of 12.5 hours of study per week, making a total of 150 hours for the unit.
Class Timetable
Assessment Overview
Assessment Grading
This is a graded unit: your overall grade will be calculated from the marks or grades for each assessment task, based on the relative weightings shown in the table above. You must obtain an overall mark for the unit of at least 50%, or an overall grade of 'pass' in order to pass the unit. If any 'pass/fail' tasks are shown in the table above they must also be completed successfully ('pass' grade). You must also meet any minimum mark requirements specified for a particular assessment task, as detailed in the 'assessment task' section (note that in some instances, the minimum mark for a task may be greater than 50%). Consult the University's Grades and Results Policy for more details of interim results and final grades.
All University policies are available on the CQUniversity Policy site.
You may wish to view these policies:
- Grades and Results Policy
- Assessment Policy and Procedure (Higher Education Coursework)
- Review of Grade Procedure
- Student Academic Integrity Policy and Procedure
- Monitoring Academic Progress (MAP) Policy and Procedure - Domestic Students
- Monitoring Academic Progress (MAP) Policy and Procedure - International Students
- Student Refund and Credit Balance Policy and Procedure
- Student Feedback - Compliments and Complaints Policy and Procedure
- Information and Communications Technology Acceptable Use Policy and Procedure
This list is not an exhaustive list of all University policies. The full list of University policies are available on the CQUniversity Policy site.
Feedback, Recommendations and Responses
Every unit is reviewed for enhancement each year. At the most recent review, the following staff and student feedback items were identified and recommendations were made.
Feedback from Student evaluations
Tests are stressful due to level of difficulty, high stakes, and variety of topics covered in short time.
Reduce the weight of the tests in the unit, adding more focus on the practical activities in the project and journal.
Feedback from Student evaluations
The quality of the learning materials was appreciated, however the time needed to study the content covered is high.
Continue with the diverse set of learning materials, but incorporate more guidance on depth of understanding needed of each topic, e.g. via more quiz questions for self-assessment.
Feedback from Unit Coordinator reflection
Active use of GitHub and Teams for group work usually leads to higher quality project outcomes.
Demonstrate the benefits of GitHub and Teams for teamwork early in the term and allocate more marks to their use for the project.
- Discuss principles used to design secure cryptographic algorithms
- Explain the operation of attacks on cryptographic algorithms
- Compare the strengths and weaknesses of different cryptographic algorithms and their implementations
- Design secure information services using a variety of cryptographic algorithms.
The Australian Computer Society (ACS) recognises the Skills Framework for the Information Age (SFIA). SFIA is adopted by organisations, governments and individuals in many countries and provides a widely used and consistent definition of ICT skills. SFIA is increasingly being used when developing job descriptions and role profiles. ACS members can use the tool MySFIA to build a skills profile.
This unit contributes to the following workplace skills as defined by SFIA 9 (the SFIA code is included)
- Information Security (SCTY)
- Security Administration (SCAD)
- Specialist Advice (TECH)
- Information Assurance (INAS)
- Vulnerability Assessment (VUAS)
- Infrastructure Design (IFDN)
- Threat Intelligence (THIN)
- Infrastructure Operations (ITOP)
The National Initiative for Cybersecurity Education (NICE) Framework defines knowledge, skills and tasks needed to perform various cyber security roles. Developed by the National Institute of Standards and Technology (NIST), the NICE Framework is used by organisations to plan their workforce, including recruit into cyber security positions.
This unit helps prepare you for roles such as Systems Security Analyst, Network Operations Specialist and Systems Administrator, contributing to the following knowledge and skills:
- K0005 Knowledge of cyber threats and vulnerabilities.
- K0018 Knowledge of encryption algorithms
- K0019 Knowledge of cryptography and cryptographic key management concepts
- K0053 Knowledge of measures or indicators of system performance and availability.
- K0071 Knowledge of remote access technology concepts.
- K0075 Knowledge of security system design tools, methods, and techniques.
- K0201 Knowledge of symmetric key rotation techniques and concepts.
- K0318 Knowledge of operating system command-line tools.
- K0622 Knowledge of controls related to the use, processing, storage, and transmission of data.
- S0040 Skill in implementing, maintaining, and improving established network security practices.
- S0060 Skill in writing code in a currently supported programming language (e.g., Java, C++).
- S0077 Skill in securing network communications.
Alignment of Assessment Tasks to Learning Outcomes
| Assessment Tasks | Learning Outcomes | |||
|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |
| 1 - In-class Test(s) - 30% | ||||
| 2 - Written Assessment - 25% | ||||
| 3 - Project (applied) - 45% | ||||
Alignment of Graduate Attributes to Learning Outcomes
| Graduate Attributes | Learning Outcomes | |||
|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |
| 1 - Communication | ||||
| 2 - Problem Solving | ||||
| 3 - Critical Thinking | ||||
| 4 - Information Literacy | ||||
| 5 - Team Work | ||||
| 6 - Information Technology Competence | ||||
| 7 - Cross Cultural Competence | ||||
| 8 - Ethical practice | ||||
| 9 - Social Innovation | ||||
| 10 - Aboriginal and Torres Strait Islander Cultures | ||||
Textbooks
Cryptography and Network Security: Principles and Practice
7th Edition (2017)
Authors: William Stallings
Pearson
ISBN: 9781292158594
Binding: eBook
IT Resources
- CQUniversity Student Email
- Internet
- Unit Website (Moodle)
- Wireshark
- Zoom Video Conference Application
- Python
- Github.com Account
- Linux or Unix Operating System
- Microsoft Teams
All submissions for this unit must use the referencing style: Harvard (author-date)
For further information, see the Assessment Tasks.
s.d.gordon@cqu.edu.au
Module/Topic
Cryptography Concepts and Tools
Chapter
Cryptography and Network Security, 7th Ed, by William Stallings: Chapter 1
Events and Submissions/Topic
Module/Topic
Classical Ciphers
Chapter
Stallings: Chapter 3
Events and Submissions/Topic
Module/Topic
Encryption and Attacks
Chapter
Stallings: Chapter 4
Events and Submissions/Topic
Module/Topic
Block Ciphers in Practice
Chapter
Stallings: Chapter 4, 6 and 7
Events and Submissions/Topic
Test 1 (in tutorial class)
Draft Journal due Week 4 Friday 4 April 2025 11:59 PM AEST
Module/Topic
Public Key Crypto and RSA
Chapter
Stallings: Chapters 9 and 2
Events and Submissions/Topic
Module/Topic
Chapter
Events and Submissions/Topic
Module/Topic
Other Public-Key Cryptosystems
Chapter
Stallings: Chapter 10
Events and Submissions/Topic
Module/Topic
Security Protocols
Chapter
Online Readings
Events and Submissions/Topic
Module/Topic
Hash Functions and MACs
Chapter
Stallings: Chapter 11 and 12
Events and Submissions/Topic
Test 2 (in tutorial class)
Module/Topic
Authentication and Data Integrity
Chapter
Stallings: Chapter 13
Events and Submissions/Topic
Module/Topic
Quantum Computing and Cryptography
Chapter
Online Readings
Events and Submissions/Topic
Final Journal due Week 10 Friday 23 May 2025 11:59 PM AEST
Module/Topic
Project Presentations
Chapter
-
Events and Submissions/Topic
Project Presentations (in tutorial class)
Module/Topic
Cyber Security Career Planning
Chapter
Online Readings
Events and Submissions/Topic
Test 3 (in tutorial class)
Module/Topic
No class
Chapter
-
Events and Submissions/Topic
Project due Week 13 Monday 9 June 2025 11:59 PM AEST
Module/Topic
Chapter
Events and Submissions/Topic
Communicating with Staff
You should use your lecture and tutorial classes as the first point of contact with teaching staff. Ask your lecturer/tutor questions in class each week.
Outside of class times, you are encouraged to ask questions in Microsoft Teams. A link to the unit Teams site is available in the "Learning Community" tile on Moodle. You may post a question at anytime in the Teams General channel. All staff and students can see posts in the General channel, so avoid posting personal information (such as phone numbers or your assessment solutions). The teaching team will try to respond to Teams posts as soon as possible, often within an hour during work days and with an aim of within 24 hours. While response times by staff over weekends may be longer (and may not be until Monday morning), other students may respond to your question as well.
Avoid using private chat to contact staff members in Teams. Instead, post in the General channel so all staff and students can see and potentially respond to your question, and so the answer can be shared with all students. If you have a private matter that you do not want to share with others, then contact the Unit Coordinator via email. However if you ask questions about the unit content via email, then response may take longer than if using Teams, and the staff may choose to reply via Teams (so all students see the answer).
GitHub Account
You are expected to use GitHub for your journal and project. You will need to create an account (if you do not already have one) and use GitHub Classroom. Instructions for doing so will be provided on Moodle.
GitHub is a website that may be hosted overseas (including the United States). In setting up an account and using for your journal and project, you will be transferring personal information to GitHub. While there is some risk in transferring your personal information to an external party and overseas, we believe the benefits to you far outweigh the risk. You will gain experience using a tool widely used in industry, you will have access to tools for version control, backup, and collaboration on your resources, and will have artefacts to show to potential employers. If you have concerns with using GitHub, please contact the Unit Coordinator to discuss options (such as setting up your own Git server).
Cloud Servers
You are required to use cloud servers for your project. You will need to create an account in at least one cloud service provider (e.g., Microsoft Azure, Amazon AWS, Google Cloud Platform, DigitalOcean, Linode). Instructions for doing so will be provided on Moodle.
You may be required to pay for usage of the cloud service. The cost will vary depending on the approach chosen, but the project should be possible to complete with a cost not exceeding $AU30 per student. There may be no-cost options (e.g., using a 12-month free account in Azure or AWS).
The cloud servers may be hosted overseas (including the United States). In setting up an account on a cloud service provider and using for your project, you will be transferring personal information to that provider. While there is some risk in transferring your personal information to external party and overseas, we believe the benefits to you far outweigh the risk. You will gain experience using tools widely used in industry, you will be able to collaborate in your project group at any time (e.g., not limited to in a campus lab), and you will gain experience testing live network and security services. If you have concerns about the cost of or using cloud services, please contact the Unit Coordinator to discuss options.
1 In-class Test(s)
You will undertake three (3) in-class tests on Moodle throughout the term. Each test will cover topics from the weeks leading up to that test, and may include questions similar to earlier tests. Each test will consist of multiple-choice questions, short or long answer questions and/or calculations. Some questions may require the use of software and online systems (e.g. GitHub). There will be multiple independent questions in each test. All tests are individual assessment.
Each test will be time limited, typically allowing you between 30 and 60 minutes to complete the test. Some tests may be longer. Test time limits, topics, and open/close times can be found on Moodle.
The tests must be taken during your allocated timeslot, which by default is your tutorial class. In special cases, a different timeslot may be negotiated in advance with the Unit Coordinator. The test will open shortly after the start of your timeslot and will close after the time limit has been reached. You will be allowed only a single attempt at each test, with the score for that attempt counting towards your grade.
Tests will be held during the weeks: 4, 8 and 12. Tests will be supervised. Tests will be open book. You are not allowed to communicate with anyone (including other students or people online) while the test is open.
You will not be allowed to take a test at any time outside of your allocated timeslot, unless an Assessment Extension Request is approved. The test will close at the same time for all students in your timeslot. If you arrive late for the timeslot, you will not be granted extra time. Changes to test times can only be granted with approval by the Unit Coordinator.
For those in online tutorials, you will need access to a webcam, speakers and microphone (e.g., headset), and be prepared to share your entire desktop and have your webcam on for the duration of the test.
You are assumed to have a working computer and Internet connection during term, and especially during times when attempting a test. Technical problems, such as a computer crash or loss of Internet connection, will not usually be a reason for an extra attempt or extension. You are expected to prepare your computer before the test starts. If problems outside of your control occur during a test, report immediately to your tutor, who may either extend the time or allow you to undertake the test at another time (with the Unit Coordinator's approval).
See the task description.
One week after the test
Test 1 is worth 6%, Test 2 is worth 8% and Test 3 is worth 16%.
In most cases, test answers will be automatically marked, with marks awarded based on the correctness of the answer within the context of topics covered in unit. Questions may be worth different marks, with the marks shown in the test. If test answers are manually marked (e.g., explanation style questions), then marks will be awarded based on the correctness and clarity of the answer.
As results and solutions may be released shortly after the due date, late submissions are not accepted. Making no attempts before the due date will result in a score of 0.
- Discuss principles used to design secure cryptographic algorithms
- Explain the operation of attacks on cryptographic algorithms
2 Written Assessment
You will keep a journal throughout the unit that captures your workings, insights and reflections on each topic. For example, as you learn about a new cipher, your will record your own workings and examples in the journal, you will compare the cipher design to others, and you will explore possible attacks on that cipher (and/or explain why some attacks are unsuccessful).
The journal is expected to be maintained each week. Examples of content that may be included are:
- Photos of manual (paper) calculations for simple classical ciphers,
- Diagrams illustrating attacks on ciphers, with explanation of why they are (not) successful,
- Code segments that you used in testing a modern cipher,
- Explanations of difficulties you had in understanding a cipher and/or its relation to others,
- Links to and short summaries of websites/papers/software on ciphers and their attacks,
- Challenges encountered and insights gained from implementing and applying ciphers, i.e. in the Security Project.
You will have to maintain your journal such that there is evidence of regular contributions. Your journal must be created in a GitHub repository created using GitHub Classroom. As this is your own journal, you should not share with other students. The journal should use basic Markdown formatting (using just plaintext or uploading a Word document is insufficient). Details of creating the GitHub repository can be found on Moodle.
You are required to submit your journal early in the term (Draft Journal) so you can gain feedback on the suitability of your entries so far. The entire journal is then submitted towards the end of term (Final Journal).
Draft Journal due Week 4 Friday 4 April 2025 11:59 PM AEST; Final Journal due Week 10 Friday 23 May 2025 11:59 PM AEST
Draft Journal two weeks after submission; Final Journal on Certification of Grades day
The journal is an individual assessment worth 25% of the unit assessment. The Draft Journal, which contains only entries for the first several weeks, is worth 5%; the Final Journal, which contains entries for all weeks up until the deadline, is worth 20%.
Your journal will be assessed on:
- Quality of contributions. E.g., the entries are clear, correct and demonstrate understanding of the topics covered, including progressive learning/improvement over the weeks and reflections on learning.
- Novel insights. E.g., you provide insights or explanations that go beyond what is covered in the unit material.
- Regular, relevant, professional contributions. E.g., there are entries each week (as opposed to all added at the end of term), and those entries are relevant to the current topics in the unit.
The journal must be maintained in a private GitHub repository shared only with the Unit Coordinator. The journal should use basic Markdown formatting; using just plaintext or upload a Word document to GitHub is insufficient.
While the journal will be maintained on GitHub, on Moodle you must submit a ZIP of the journal as well as PDF of each weekly entry. This is necessary so that a permanent record of your contribution is available in Moodle (in case the online platform is not available in the future). Late penalties are calculated based on your final submission in Moodle, not activity in GitHub. Instructions for producing the ZIP and PDF files are provided in Moodle.
- Discuss principles used to design secure cryptographic algorithms
- Explain the operation of attacks on cryptographic algorithms
- Compare the strengths and weaknesses of different cryptographic algorithms and their implementations
3 Project (applied)
This project involves you developing and applying a set of cryptographic tools, as well as analysing security issues and attacks.
Some questions/parts will require you to investigate beyond what is covered in the unit lecture/tutors. You may need to read and summarise research papers, standards, technical reports, and websites. Some questions/parts may require you to write, deploy and/or use software to complete a task.
The project will be a mix of group work and individual work. You will be required to form a group and complete some tasks together. You will also be required to complete some tasks on your own. Aspects of the project, especially the software, may be discussed in class and on Microsoft Teams. Each group will have a Teams channel that must be used for group communication. The Unit Coordinator will facilitate/moderate discussion about the project (including the group Teams channel).
You will be required to use GitHub to track your software development and document your project. Therefore, you will need an account on GitHub. The use of an online collaborative software tracking tool will allow regular feedback on your progress and sharing of code when appropriate. The details of using GitHub repositories and sharing code will be specified on Moodle. While your software and documentation will be stored on GitHub, you will still be required to submit files on Moodle when the assessment is due (e.g., export a Zip of the repository and upload to Moodle). This is necessary so that a permanent record of your contribution is available in Moodle (in case the online platform is not available in the future).
You will be required to give a presentation about your project. The presentation will be an opportunity for verbal feedback on progress; you will have an opportunity to make improvements after the presentation. If you do not satisfactorily explain your contributions to the project in the initial presentation, then you may be asked to give another presentation after submission of the project.
Presentation in Week 11; Project due Week 13 Monday 9 June 2025 11:59 PM AEST
Certification of Grades day
The project will be marked based on the quality and technical depth of the solution(s), as well as the ability to collaborate with others to arrive at the solution. A detailed marking guide, with weights for each part, will be provided on Moodle.
A part of your mark will be for group work, and the remaining will be individual. Note that even for group work, each member of the group may receive different marks.
The presentation is a required for the project. The mark for your project will be based on a combination of your presentation, any written reports, collaborative tool data (e.g., GitHub logs), and submitted artefacts (e.g., code, data files). If you do not present, then you cannot score more than 17 marks out of 45 for the project.
- Compare the strengths and weaknesses of different cryptographic algorithms and their implementations
- Design secure information services using a variety of cryptographic algorithms.
As a CQUniversity student you are expected to act honestly in all aspects of your academic work.
Any assessable work undertaken or submitted for review or assessment must be your own work. Assessable work is any type of work you do to meet the assessment requirements in the unit, including draft work submitted for review and feedback and final work to be assessed.
When you use the ideas, words or data of others in your assessment, you must thoroughly and clearly acknowledge the source of this information by using the correct referencing style for your unit. Using others’ work without proper acknowledgement may be considered a form of intellectual dishonesty.
Participating honestly, respectfully, responsibly, and fairly in your university study ensures the CQUniversity qualification you earn will be valued as a true indication of your individual academic achievement and will continue to receive the respect and recognition it deserves.
As a student, you are responsible for reading and following CQUniversity’s policies, including the Student Academic Integrity Policy and Procedure. This policy sets out CQUniversity’s expectations of you to act with integrity, examples of academic integrity breaches to avoid, the processes used to address alleged breaches of academic integrity, and potential penalties.
What is a breach of academic integrity?
A breach of academic integrity includes but is not limited to plagiarism, self-plagiarism, collusion, cheating, contract cheating, and academic misconduct. The Student Academic Integrity Policy and Procedure defines what these terms mean and gives examples.
Why is academic integrity important?
A breach of academic integrity may result in one or more penalties, including suspension or even expulsion from the University. It can also have negative implications for student visas and future enrolment at CQUniversity or elsewhere. Students who engage in contract cheating also risk being blackmailed by contract cheating services.
Where can I get assistance?
For academic advice and guidance, the Academic Learning Centre (ALC) can support you in becoming confident in completing assessments with integrity and of high standard.
What can you do to act with integrity?
